[gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and Theoretical

Elaine Pruis elaine at donuts.email
Mon Aug 8 17:30:49 UTC 2016 

HI Ayden,
Thanks for sharing your thoughts. Generally researchers are obliged by
their contracts to use the data only in the way prescribed in the work plan
of the project they've been hired to perform.  Good contracts also prevent
the use of confidential information outside the scope of the work.
 I'd like to note that the behavior you've described could be performed by
anyone with access to registration data; if a registrar wanted to find a
correlation and charge 500% more as you've described, they've got that data
in house.



On Mon, Aug 8, 2016 at 6:55 AM, Ayden Férdeline <icann at ferdeline.com> wrote:

> Hi Elaine,
>
> Thank you for preparing this use case. I just wanted to respond to this
> statement in the story:
>
> The registrant data is made anonymous (names removed and replaced with a
> number) for this analysis because the analyst is interested in the broad
> effect of the promo and personal information is not necessary to answer the
> questions posed.
>
>
> In the scenario you described, the data is anonymised, but it is not
> deindividualised, because the sum of the data you are retaining can be used
> to connect this data back to one specific person or entity, which indeed
> you are doing. In consequence, while some data elements have been stripped
> back, it would be very easy for a malicious actor to identify a person or
> group of vulnerable persons which may be registering domain names.
>
> There are other ethical considerations here too. Knowing how registrants
> behave can be used to employ incentives to encourage or discourage
> behaviour, which could potentially be used to chill speech. For example, if
> the WHOIS output was blended with another data source and one was to know
> that X (i.e. a disabled war veteran) is registering a number of domain
> names related to Y (i.e. historical civil rights activists he/she admired),
> the registrar could create disincentives for registering such domain names
> by creating a conditionality (i.e. anyone living in country Z registering
> domain names likely related to Y is shown a premium charge of 500%).
> Because good business analysts are able to identify hidden correlations
> which we cannot predict today in our use cases, there is the danger that
> the incentives which are created will be problematic or not sufficiently
> transparent. In addition, there is the danger that bots will infiltrate the
> RDS and identify vacant, high-value domain names for the purposes of
> cybersquatting, spamming, or impersonation, by picking up on the same
> patterns that legitimate registrants are following.
>
> Best wishes,
>
> Ayden
>
>
>
> On Sun, Aug 7, 2016 11:39 PM, Elaine Pruis elaine at donuts.email wrote:
>
>> Hi,
>> Attached is a whois use case describing an analysis of bulk whois data.
>> This is one version of hundreds of ways analysts use the data to
>> understand trends across the industry.
>>
>> On Mon, Aug 1, 2016 at 8:44 PM, Gomes, Chuck <cgomes at verisign.com> wrote:
>>
>> Feel free to prepare one Elaine but please get it done this week.
>>
>>
>>
>> Chuck
>>
>>
>>
>> *From:* gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounce
>> s at icann.org] *On Behalf Of *Elaine Pruis
>> *Sent:* Monday, August 01, 2016 1:28 PM
>> *Cc:* RDS PDP WG
>>
>> *Subject:* Re: [gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and
>> Theoretical
>>
>>
>>
>> Apologies for missing the core of this discussion while I was on a long
>> holiday.
>>
>>
>>
>> For the use cases published at https://community.icann.org
>> /display/NGRDSTRWMO/RDS+PDP+WG+Example+Use+Cases
>>
>> I see a major omission, whois used for business intelligence. Is there
>> someone actively working on that?
>> Is it too late for me to contribute?
>>
>> Thanks
>>
>>
>>
>>
>>
>> On Sun, Jul 31, 2016 at 9:47 PM, Mark Svancarek via gnso-rds-pdp-wg <
>> gnso-rds-pdp-wg at icann.org> wrote:
>>
>> +1
>>
>>
>>
>>
>>
>> *From:* gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounce
>> s at icann.org] *On Behalf Of *Farell Folly
>> *Sent:* Wednesday, July 27, 2016 6:42 AM
>> *To:* Shane Kerr <shane at time-travellers.org>
>> *Cc:* RDS PDP WG <gnso-rds-pdp-wg at icann.org>
>> *Subject:* Re: [gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and
>> Theoretical
>>
>>
>>
>> +1 Shane
>>
>> Best Regards
>> @__f_f__
>> about.me/farell
>> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fabout.me%2ffarell&data=01%7c01%7cmarksv%40microsoft.com%7c8803fe64384b45c6343808d3b623e7df%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=n5cM7an1Vm0hVu2%2fAjB4Nj%2f32BEl%2fCCyxHH3LPHoDwk%3d>
>> ________________________________.
>> Mail sent from my mobile phone. Excuse for brievety.
>>
>> Le 27 juil. 2016 13:27, "Shane Kerr" <shane at time-travellers.org> a
>> écrit :
>>
>> All,
>>
>> [ Apologies for the length. I need get back to my actual job, so don't
>>   have time to make this shorter. ]
>>
>> I propose that:
>>
>> * We should have a way to reject some use cases
>> * Part of that motivation should be whether it is actually needed for
>>   DNS
>>
>> This is not important now, but it will be at some point. It might be
>> helpful to keep this in mind as we work on use cases.
>>
>> ---------------------------------------------------------------------
>>
>> My thinking is that we have three basic types of use cases:
>>
>> Primary
>> =======
>> These use cases are necessary to actually be able to use the DNS
>> itself. There are very few of these - almost all around configuring
>> data that is needed for the DNS protocol to work.
>>
>> For example, you can get a domain in NL.EU.ORG
>> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fNL.EU.ORG&data=01%7c01%7cmarksv%40microsoft.com%7c8803fe64384b45c6343808d3b623e7df%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ZElr58dP2yDpvFLzbd61QAyBeTsU2LULOldb36mp40U%3d>
>> with only an e-mail
>> address, and this is not published anywhere. (Even the e-mail address
>> is not strictly necessary. One could set up a system based strictly on
>> login to a web page.)
>>
>> The recent thought-experiment (aborted because it is not in our
>> work plan) about finding the minimum set of data needed to run the DNS
>> would have been a good start for defining these use cases.
>>
>> Incidental
>> ==========
>> The vast majority of use cases that we see today exist only as an
>> artifact of the way that WHOIS works.
>>
>> A long time ago a system was established that publishes certain
>> information; without much thought about the long-term impact of the
>> setup. Over the years people have found all kinds of creative, useful,
>> and nefarious things to do with this information. However, storing or
>> accessing this information has very little or nothing to do with
>> actually making DNS work.
>>
>> For example, the DNS protocol certainly does not care what my fax
>> number is, but anyone who looks up my domain name will see it. (Don't
>> worry, I won't be doxed! I don't have a fax because this isn't 1986.)
>> Likewise DNS software doesn't care when a domain was created. And so on.
>>
>> The use cases here include using RDS to track down criminals, research
>> trademark disputes, create mass-mailing portfolios, looking for domain
>> drop dates, and most of what people actually use WHOIS for today.
>>
>> Note that I definitely include technical uses that are outside of the
>> needs of the DNS protocol itself. So, for example, having a way to
>> contact a DNS operator when something is wrong falls into this category.
>>
>> Theoretical
>> ===========
>> We have seen a couple of proposed use cases that seem to be ideas that
>> people have for useful or harmful ways that RDS can be used, but that
>> do not exist today (at least not that anyone can fully document).
>>
>> For example, there seems to be a desire to use the RDS as a way to
>> issue warrants for information about registrants. While this may be
>> useful, this is not possible today (even with RDAP, I note). Likewise
>> concerns about using RDS to generate to generate lists of political
>> enemies probably fits into this category.
>>
>> ---------------------------------------------------------------------
>>
>> Discussion
>> ==========
>>
>> I bring this up because eventually we should be able reject certain use
>> cases. (As an NCUC member, I expect to push back hard against a lot of
>> use cases defined for business or law-enforcement purposes.)
>>
>> I think that what I called "primary" use cases have to be accommodated.
>> I think there may be some disagreement about the details, but these
>> should be relatively easy to come to consensus on.
>>
>> On the other hand, I think that both what I called "incidental" and
>> "theoretical" use cases need to be motivated more strongly.
>>
>> There will probably be a natural tendency to prioritize existing uses
>> of WHOIS - what I call "incidental" - because someone has some
>> existing processes that depend on these. I think that this is wrong,
>> and that any use of WHOIS outside of what is needed by DNS needs to be
>> equally-well motivated.
>>
>> That's about it.
>>
>> Cheers,
>>
>> --
>> Shane
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c8803fe64384b45c6343808d3b623e7df%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=jpg5JCbmalQRfVEnLKaOK35tjTHQPmTdDOsY2Kj7Clw%3d>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>>
>>
>> --
>>
>>
>>
>> [image: Donuts Inc.] <http://www.donuts.domains>
>>
>> *Elaine Pruis*, Vice President, Operations
>> *Donuts Inc. <http://www.donuts.domains>*
>> 10500 NE 8th Street, Suite 350, Bellevue Washington, 98004, U.S.A. |
>> Telephone: 509.899.3161
>> [image: Twitter] <https://twitter.com/DonutsInc>[image: Facebook]
>> <https://www.facebook.com/donutstlds>[image: Linked In]
>> <http://www.linkedin.com/company/donuts-inc->
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>>
>> [image: Donuts Inc.] <http://www.donuts.domains>
>> *Elaine Pruis*, Vice President, Operations
>> *Donuts Inc. <http://www.donuts.domains>*
>> 10500 NE 8th Street, Suite 350, Bellevue Washington, 98004, U.S.A. |
>> Telephone: 509.899.3161
>> [image: Twitter] <https://twitter.com/DonutsInc>[image: Facebook]
>> <https://www.facebook.com/donutstlds>[image: Linked In]
>> <http://www.linkedin.com/company/donuts-inc->
>>
>>
>>
>>
>
>
> Ayden Férdeline
> Statement of Interest
> <https://community.icann.org/display/gnsosoi/Ayden+Férdeline+SOI>
>



-- 


[image: Donuts Inc.] <http://www.donuts.domains>
*Elaine Pruis*, Vice President, Operations
*Donuts Inc. <http://www.donuts.domains>*
10500 NE 8th Street, Suite 350, Bellevue Washington, 98004, U.S.A. |
Telephone: 509.899.3161
[image: Twitter] <https://twitter.com/DonutsInc>[image: Facebook]
<https://www.facebook.com/donutstlds>[image: Linked In]
<http://www.linkedin.com/company/donuts-inc->
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160808/d062e419/attachment.html>

More information about the gnso-rds-pdp-wg mailing list