[gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and Theoretical

Ayden Férdeline icann at ferdeline.com
Mon Aug 8 13:55:25 UTC 2016 

Hi Elaine,
Thank you for preparing this use case. I just wanted to respond to this
statement in the story:
The registrant data is made anonymous (names removed and replaced with a number)
for this analysis because the analyst is interested in the broad effect of the
promo and personal information is not necessary to answer the questions posed.
In the scenario you described, the data is anonymised, but it is not
deindividualised, because the sum of the data you are retaining can be used to
connect this data back to one specific person or entity, which indeed you are
doing. In consequence, while some data elements have been stripped back, it
would be very easy for a malicious actor to identify a person or group of
vulnerable persons which may be registering domain names.
There are other ethical considerations here too. Knowing how registrants behave
can be used to employ incentives to encourage or discourage behaviour, which
could potentially be used to chill speech. For example, if the WHOIS output was
blended with another data source and one was to know that X (i.e. a disabled war
veteran) is registering a number of domain names related to Y (i.e. historical
civil rights activists he/she admired), the registrar could create disincentives
for registering such domain names by creating a conditionality (i.e. anyone
living in country Z registering domain names likely related to Y is shown a
premium charge of 500%). Because good business analysts are able to identify
hidden correlations which we cannot predict today in our use cases, there is the
danger that the incentives which are created will be problematic or not
sufficiently transparent. In addition, there is the danger that bots will
infiltrate the RDS and identify vacant, high-value domain names for the purposes
of cybersquatting, spamming, or impersonation, by picking up on the same
patterns that legitimate registrants are following.
Best wishes,
Ayden





On Sun, Aug 7, 2016 11:39 PM, Elaine Pruis elaine at donuts.email wrote:
Hi, Attached is a whois use case describing an analysis of bulk whois data. This is one version of hundreds of ways analysts use the data to understand
trends across the industry.
On Mon, Aug 1, 2016 at 8:44 PM, Gomes, Chuck < cgomes at verisign.com > wrote:
Feel free to prepare one Elaine but please get it done this week.



Chuck



From: gnso-rds-pdp-wg-bounces at icann. org [mailto: gnso-rds-pdp-wg- bounces at icann.org ] On Behalf Of Elaine Pruis
Sent: Monday, August 01, 2016 1:28 PM
Cc: RDS PDP WG


Subject: Re: [gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and Theoretical



Apologies for missing the core of this discussion while I was on a long holiday.



For the use cases published at https://community.icann. org/display/NGRDSTRWMO/RDS+ PDP+WG+Example+Use+Cases

I see a major omission, whois used for business intelligence. Is there someone
actively working on that?
Is it too late for me to contribute?

Thanks





On Sun, Jul 31, 2016 at 9:47 PM, Mark Svancarek via gnso-rds-pdp-wg < gnso-rds-pdp-wg at icann.org > wrote:

+1





From: gnso-rds-pdp-wg-bounces at icann. org [mailto: gnso-rds-pdp-wg- bounces at icann.org ] On Behalf Of Farell Folly
Sent: Wednesday, July 27, 2016 6:42 AM
To: Shane Kerr < shane at time-travellers.org >
Cc: RDS PDP WG < gnso-rds-pdp-wg at icann.org >
Subject: Re: [gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and Theoretical



+1 Shane

Best Regards
@__f_f__
about.me/farell
______________________________ __.
Mail sent from my mobile phone. Excuse for brievety.

Le 27 juil. 2016 13:27, "Shane Kerr" < shane at time-travellers.org > a écrit :

All,

[ Apologies for the length. I need get back to my actual job, so don't
have time to make this shorter. ]

I propose that:

* We should have a way to reject some use cases
* Part of that motivation should be whether it is actually needed for
DNS

This is not important now, but it will be at some point. It might be
helpful to keep this in mind as we work on use cases.

------------------------------ ------------------------------ ---------

My thinking is that we have three basic types of use cases:

Primary
=======
These use cases are necessary to actually be able to use the DNS
itself. There are very few of these - almost all around configuring
data that is needed for the DNS protocol to work.

For example, you can get a domain in NL.EU.ORG with only an e-mail
address, and this is not published anywhere. (Even the e-mail address
is not strictly necessary. One could set up a system based strictly on
login to a web page.)

The recent thought-experiment (aborted because it is not in our
work plan) about finding the minimum set of data needed to run the DNS
would have been a good start for defining these use cases.

Incidental
==========
The vast majority of use cases that we see today exist only as an
artifact of the way that WHOIS works.

A long time ago a system was established that publishes certain
information; without much thought about the long-term impact of the
setup. Over the years people have found all kinds of creative, useful,
and nefarious things to do with this information. However, storing or
accessing this information has very little or nothing to do with
actually making DNS work.

For example, the DNS protocol certainly does not care what my fax
number is, but anyone who looks up my domain name will see it. (Don't
worry, I won't be doxed! I don't have a fax because this isn't 1986.)
Likewise DNS software doesn't care when a domain was created. And so on.

The use cases here include using RDS to track down criminals, research
trademark disputes, create mass-mailing portfolios, looking for domain
drop dates, and most of what people actually use WHOIS for today.

Note that I definitely include technical uses that are outside of the
needs of the DNS protocol itself. So, for example, having a way to
contact a DNS operator when something is wrong falls into this category.

Theoretical
===========
We have seen a couple of proposed use cases that seem to be ideas that
people have for useful or harmful ways that RDS can be used, but that
do not exist today (at least not that anyone can fully document).

For example, there seems to be a desire to use the RDS as a way to
issue warrants for information about registrants. While this may be
useful, this is not possible today (even with RDAP, I note). Likewise
concerns about using RDS to generate to generate lists of political
enemies probably fits into this category.

------------------------------ ------------------------------ ---------

Discussion
==========

I bring this up because eventually we should be able reject certain use
cases. (As an NCUC member, I expect to push back hard against a lot of
use cases defined for business or law-enforcement purposes.)

I think that what I called "primary" use cases have to be accommodated.
I think there may be some disagreement about the details, but these
should be relatively easy to come to consensus on.

On the other hand, I think that both what I called "incidental" and
"theoretical" use cases need to be motivated more strongly.

There will probably be a natural tendency to prioritize existing uses
of WHOIS - what I call "incidental" - because someone has some
existing processes that depend on these. I think that this is wrong,
and that any use of WHOIS outside of what is needed by DNS needs to be
equally-well motivated.

That's about it.

Cheers,

--
Shane

______________________________ _________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg


______________________________ _________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg







--





Elaine Pruis , Vice President, Operations
Donuts Inc.
10500 NE 8th Street, Suite 350, Bellevue Washington, 98004, U.S.A. | Telephone: 509.899.3161









--


Elaine Pruis , Vice President, Operations
Donuts Inc.
10500 NE 8th Street, Suite 350, Bellevue Washington, 98004, U.S.A. | Telephone:
509.899.3161





Ayden Férdeline Statement of Interest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160808/ef6137a7/attachment.html>

More information about the gnso-rds-pdp-wg mailing list