[gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical
Terri Stumme
terri.stumme at legitscript.com
Tue Aug 9 15:31:41 UTC 2016
Ayden,
I respect your opinion regarding transparency; I cannot and do not speak to
the methodologies of other law enforcement and/or government jurisdictions,
and I am not attempting to be persuasive -- my statement speaks to the
reality of my experience, and the rules and regulations in place that I
was, and am required to abide by. There are laws and regulations governing
law enforcement and intelligence agencies, and the appropriately appointed
governing bodies perform oversight and enforce compliance of both law
enforcement and intelligence agencies.
If law enforcement and intelligence agencies had the special privileges and
immense powers you presume they do, the many challenges they face in
fighting cybercrime would not be an issue, and the need for LE to be a part
of, and participate in the ICANN stakeholder community would, therefore, be
unnecessary.
On Mon, Aug 8, 2016 at 8:13 AM, Ayden Férdeline <icann at ferdeline.com> wrote:
> Terri,
>
>
> Law enforcement investigative methodologies are not typically divulged,
> for obvious reasons; there are several approaches to cyber investigations,
> and depending on the type of criminal activity, different methodologies
> utilized. There is domain name Whois and IP Whois -- both critical first
> steps.
>
>
> I do not find this line of reasoning particularly persuasive. Transparency
> in how these bodies operate is hugely important, because law enforcement
> and intelligence agencies are entrusted with special privileges and immense
> powers. The citizenry can only hold these bodies to account when the public
> has sufficient access to information as to how they are operating.
>
> - Ayden
>
>
>
> On Thu, Aug 4, 2016 4:09 PM, Terri Stumme terri.stumme at legitscript.com
> wrote:
>
>> Law enforcement investigative methodologies are not typically divulged,
>> for obvious reasons; there are several approaches to cyber investigations,
>> and depending on the type of criminal activity, different methodologies
>> utilized. There is domain name Whois and IP Whois -- both critical first
>> steps.
>>
>>
>> On Thu, Aug 4, 2016 at 10:49 AM, Volker Greimann <
>> vgreimann at key-systems.net> wrote:
>>
>> I think we are forging ahead into territories reserved for future times,
>> but when that time comes, I will be interested in learning however law
>> enforcement manages to do its job without this needed and useful data in
>> areas where it is not public, such as web hosting, twitter, forum posts,
>> etc.
>>
>> Best,
>>
>> Volker
>>
>> Am 04.08.2016 um 16:31 schrieb Terri Stumme:
>>
>> Absolutely, Greg. The 2009 law enforcement recommendations regarding
>> amendments to the RAA addressed Whois data, specifically the need for
>> validating registrant information. The reason this recommendation was
>> included in the recommendations is because LE utilizes the data in cyber
>> investigations. There are many transcripts related to this issue, and LE
>> has conveyed to the ICANN community on several occasions the importance of
>> Whois data, and how LE utilizes the data in cyber investigations.
>>
>>
>>
>>
>>
>> On Thu, Aug 4, 2016 at 8:59 AM, Mounier, Grégory <
>> gregory.mounier at europol.europa.eu> wrote:
>>
>> Dear Rob,
>>
>> Thanks for sharing the outcome of your chat with ex-FBI and UK LEA
>> agents. I feel that I need to step in to provide a different perspective
>> than the one you just gave on the law enforcement use of the WHOIS. It
>> might be a matter of interpretation but the views expressed by your
>> interlocutors are not shared by my colleagues working throughout European
>> police cyber divisions.
>>
>> If European cyber investigators are obviously all aware of the fact that
>> WHOIS registration data can sometime be inaccurate and not up-to-date
>> (ICANN compliance reported that for the first quarter of 2015, WHOIS
>> inaccuracy comprised 74.0 % of complaints), in 90% of cases they will start
>> their investigations with a WHOIS lookup. This is really the first step.
>>
>> Despite the lack of accuracy, WHOIS information is useful in so many
>> different ways. One of the first them is to make correlations and link
>> pieces of information obtained through other means than from the WHOIS.
>> This was the point I tried to make on Tuesday during the conference call.
>>
>> Accurate and reliable WHOIS data helps crime attribution and can save
>> precious investigation time (you can rule out wrong investigative leads).
>> It raises the bar and makes it more difficult for criminals to abuse
>> domain names. It pushes them to resort to more complex techniques such as
>> ID theft to register domains for malicious purposes.
>>
>> In short, for LEA WHOIS is certainly not the silver bullet to attribute
>> crime on line but it is an essential tool in the tool box of law
>> enforcement.
>>
>> Best,
>>
>> Greg
>>
>>
>> -----Original Message-----
>> From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounce
>> s at icann.org] On Behalf Of Rob Golding
>> Sent: 04 August 2016 01:46
>> To: RDS PDP WG
>> Subject: Re: [gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and
>> Theoretical
>>
>> >> Theoretical
>> >> ===========
>> >> We have seen a couple of proposed use cases that seem to be ideas
>> >> that people have for useful or harmful ways that RDS can be used, but
>> >> that do not exist today (at least not that anyone can fully
>> >> document).
>> >>
>> >> For example, there seems to be a desire to use the RDS as a way to
>> >> issue warrants for information about registrants. While this may be
>> >> useful, this is not possible today (even with RDAP, I note).
>>
>> It not only is possible today, it's also "common" (although thankfully
>> not frequent)
>>
>> Registrars get served warrants for details about registrants, and the
>> _only_ information from WHOIS that's "needed" or used for such cases is the
>> name of the Registrar.
>>
>> I had the pleasure of meeting Chris Tarbell, ex-FBI Cyber Crime, at
>> HostingCon last week - asked about WHOIS/domain data he said "we dont use
>> it"
>>
>> Last year at the UKNOF event in Sheffield I spent quite some time talking
>> with some amazing people from the UK CyberCrime departments - asked the
>> same questions, they confirmed that although whois _might_ be looked at to
>> see if it matches _data they already have_ for confirmation, it's not used
>> or relied on.
>>
>> Which beggars the question, should "LawEnforcement" use cases even be
>> part of the discussions ?
>>
>> Rob
>> --
>> Rob Golding rob.golding at astutium.com
>> Astutium Ltd, Number One Poultry, London. EC2R 8JR
>>
>> * domains * hosting * vps * servers * cloud * backups *
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> *******************
>>
>> DISCLAIMER : This message is sent in confidence and is only intended for
>> the named recipient. If you receive this message by mistake, you may not
>> use, copy, distribute or forward this message, or any part of its contents
>> or rely upon the information contained in it.
>> Please notify the sender immediately by e-mail and delete the relevant
>> e-mails from any computer. This message does not constitute a commitment by
>> Europol unless otherwise indicated.
>>
>> *******************
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>>
>> --
>> *Terri Stumme*
>> *Investigative Analyst*
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>> --
>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>>
>> Mit freundlichen Grüßen,
>>
>> Volker A. Greimann
>> - Rechtsabteilung -
>>
>> Key-Systems GmbH
>> Im Oberen Werk 1
>> 66386 St. Ingbert
>> Tel.: +49 (0) 6894 - 9396 901
>> Fax.: +49 (0) 6894 - 9396 851
>> Email: vgreimann at key-systems.net
>>
>> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>>
>> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:www.facebook.com/KeySystemswww.twitter.com/key_systems
>>
>> Geschäftsführer: Alexander Siffrin
>> Handelsregister Nr.: HR B 18835 - Saarbruecken
>> Umsatzsteuer ID.: DE211006534
>>
>> Member of the KEYDRIVE GROUPwww.keydrive.lu
>>
>> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>>
>> --------------------------------------------
>>
>> Should you have any further questions, please do not hesitate to contact us.
>>
>> Best regards,
>>
>> Volker A. Greimann
>> - legal department -
>>
>> Key-Systems GmbH
>> Im Oberen Werk 1
>> 66386 St. Ingbert
>> Tel.: +49 (0) 6894 - 9396 901
>> Fax.: +49 (0) 6894 - 9396 851
>> Email: vgreimann at key-systems.net
>>
>> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>>
>> Follow us on Twitter or join our fan community on Facebook and stay updated:www.facebook.com/KeySystemswww.twitter.com/key_systems
>>
>> CEO: Alexander Siffrin
>> Registration No.: HR B 18835 - Saarbruecken
>> V.A.T. ID.: DE211006534
>>
>> Member of the KEYDRIVE GROUPwww.keydrive.lu
>>
>> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>>
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>>
>> --
>> *Terri Stumme*
>> *Investigative Analyst*
>>
>
>
> Ayden Férdeline
> Statement of Interest
> <https://community.icann.org/display/gnsosoi/Ayden+Férdeline+SOI>
>
--
*Terri Stumme*
*Investigative Analyst*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160809/4d2405c6/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list