[gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data
Paul Keating
Paul at law.es
Thu Apr 27 14:54:27 UTC 2017
Thanks Chuck,
We found this very helpful in the IGO.NGO WG that is just now wrapping up.
From: "Gomes, Chuck" <cgomes at verisign.com>
Date: Thursday, April 27, 2017 at 3:14 PM
To: Paul Keating <paul at law.es>, "gregshatanipc at gmail.com"
<gregshatanipc at gmail.com>, "vgreimann at key-systems.net"
<vgreimann at key-systems.net>
Cc: "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
Subject: RE: [gnso-rds-pdp-wg] international law enforcement association
resolution regarding domain registration data
> We as a WG have not requested funds for a legal expert, but I don’t know what
> staff has built into the Draft FY18 budget.
>
> Marika – Did the Policy Team build any funds into the Draft FY18 budget for
> legal experts?
>
> Note that this is a very time sensitive issue because the comment period on
> the Draft FY18 Operating Plan and Budget ends tomorrow.
>
> Lisa/Marika/Amr – Please prepare a draft comment on the Budget that the
> Leadership Team or me as Chair could send on Friday in this regard. If funds
> have not been proposed for such expenses, I think we should at a minimum raise
> the issue in the public comment forum even if there is not time to propose
> specific details.
>
> Chuck
>
>
> From: gnso-rds-pdp-wg-bounces at icann.org
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Paul Keating
> Sent: Thursday, April 27, 2017 7:55 AM
> To: Greg Shatan <gregshatanipc at gmail.com>; Volker Greimann
> <vgreimann at key-systems.net>
> Cc: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
> Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] international law enforcement
> association resolution regarding domain registration data
>
>
> Has the WG requested funds to retain a legal expert to educate us on the
> actual laws at issue?
>
>
>
> From: <gnso-rds-pdp-wg-bounces at icann.org> on behalf of Greg Shatan
> <gregshatanipc at gmail.com>
> Date: Thursday, April 27, 2017 at 12:38 AM
> To: Volker Greimann <vgreimann at key-systems.net>
> Cc: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
> Subject: Re: [gnso-rds-pdp-wg] international law enforcement association
> resolution regarding domain registration data
>
>
>>
>> We also need to be very clear about the limits of the legal requirements of
>> applicable law, and the various options available for dealing with the law.
>> There's no need to overcomply. Indeed it would be quite unreasonable to do
>> so.
>>
>>
>>
>> Just as paying the lowest calculable income tax is perfectly legitimate, so
>> is complying with the law in the least disruptive way possible.
>>
>>
>>
>> Greg
>>
>>
>> Greg Shatan
>> C: 917-816-6428
>> S: gsshatan
>> Phone-to-Skype: 646-845-9428
>> gregshatanipc at gmail.com <mailto:gregshatanipc at gmail.com>
>>
>>
>>
>> On Wed, Apr 26, 2017 at 1:06 PM, Volker Greimann <vgreimann at key-systems.net>
>> wrote:
>>>
>>> I wish it were so simple. "Doing harm" is not necessary to be in violation
>>> with applicable law. Just like jaywalking, speeding on an empty road or
>>> crossing a red light carries a fine regardless of whether harm was done,
>>> privacy law too does not care about an actual harm.
>>>
>>> We need to be very clear about the legal requirements when we define the
>>> limits of what can be done with the data we collect, and by whom.
>>>
>>> Volker
>>>
>>>
>>>
>>> Am 26.04.2017 um 18:43 schrieb John Horton:
>>>>
>>>> Greg, well said. And Tim, well said. And I'll strongly +1 Michael Hammer as
>>>> well. I agree with the "do no harm" philosophy -- I'm not convinced that
>>>> some of the proposed changes (e.g., those outlined in the EWG report)
>>>> wouldn't cause more harm than the existing, admittedly imperfect, system.
>>>> As I've said before, the importance of tools like Reverse Whois isn't only
>>>> direct -- it's derivative as well. (If you enjoy the benefits of those of
>>>> us who fight payment fraud, online abuse and other sorts of malfeasance,
>>>> you have reverse Whois among other tools to thank.) Privacy laws in one
>>>> part of the world are a factor we need to be aware of, among other factors.
>>>>
>>>>
>>>>
>>>> On Wed, Apr 26, 2017 at 9:07 AM nathalie coupet via gnso-rds-pdp-wg
>>>> <gnso-rds-pdp-wg at icann.org> wrote:
>>>>>
>>>>> +1
>>>>>
>>>>>
>>>>>
>>>>> Nathalie
>>>>>
>>>>>
>>>>>
>>>>> On Wednesday, April 26, 2017 12:02 PM, Victoria Sheckler
>>>>> <vsheckler at riaa.com> wrote:
>>>>>
>>>>>
>>>>> +1
>>>>>
>>>>> Sent from my iPhone
>>>>>
>>>>>
>>>>> On Apr 26, 2017, at 8:56 AM, Greg Shatan <gregshatanipc at gmail.com> wrote:
>>>>>
>>>>>> Thanks for weighing in, Tim. Since this is a multistakeholder process,
>>>>>> everyone is assumed to come in with a point of view, so don't be shy. At
>>>>>> the same time, if stakeholders cling dogmatically to their points of view
>>>>>> the multistakeholder model doesn't work.
>>>>>>
>>>>>>
>>>>>>
>>>>>> As for being out on a limb:
>>>>>> * We haven't decided what data will be "private" and for which
>>>>>> registrants (e.g., based on geography or entity status)
>>>>>> * We haven't decided there will be "gated" access and what that might
>>>>>> mean, both for policy and practicality
>>>>>> * The question shouldn't be whether we will be "allowing third parties
>>>>>> access to harvest, repackage and republish that data," but how we should
>>>>>> allow this in a way that balances various concerns. Eliminating reverse
>>>>>> Whois and other such services is not a goal of this Working Group.
>>>>>> Our job should be to provide the greatest possible access to the best
>>>>>> possible data, consistent with minimizing risk under reasonable
>>>>>> interpretations of applicable law. We need to deal with existing and
>>>>>> incoming privacy laws (and with other laws) as well, but not in a
>>>>>> worshipful manner; instead it should be in a solution-oriented manner.
>>>>>> This is not, after all, the Privacy Working Group. I'll +1 Michael
>>>>>> Hammer: Rather than starting from a model of justifying everything and
>>>>>> anything from a privacy perspective, I would suggest that it would be
>>>>>> much more appropriate, other than technical changes such as moving
>>>>>> towards using JSON, to require justification and consensus for any
>>>>>> changes from the existing model(s) of WHOIS.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Finally, while our purpose is not to maintain anyone's economic interest,
>>>>>> economic interests may well be aligned with policy interests. Assuming
>>>>>> that economic interests are at odds with policy interests is just as
>>>>>> dangerous as assuming that policy interests are served by maximizing
>>>>>> economic interests.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Greg
>>>>>
>>>>>>
>>>>>> Greg Shatan
>>>>>> C: 917-816-6428 <tel:(917)%20816-6428>
>>>>>> S: gsshatan
>>>>>> Phone-to-Skype: 646-845-9428 <tel:(646)%20845-9428>
>>>>>> gregshatanipc at gmail.com <mailto:gregshatanipc at gmail.com>
>>>>>>
>>>>>
>>>>>> On Wed, Apr 26, 2017 at 11:28 AM, Dotzero <dotzero at gmail.com> wrote:
>>>>>
>>>>>>> Adding to what Tim and Allison wrote.
>>>>>>> As a starting point, I've had an account with DomainTools in the past
>>>>>>> and will likely have one in the future, although I don't currently have
>>>>>>> one.
>>>>>>>
>>>>>>> There are other organizations and individuals which consume/aggregate
>>>>>>> whois data so I don't think that for the purposes of this discussion the
>>>>>>> focus should be on just DomainTools. I know researchers and academics
>>>>>>> who use this data to analyze all sorts of things. As has been pointed
>>>>>>> out, there are all sorts of folks staking out positions because of their
>>>>>>> economic (and other) interests without necessarily being transparent
>>>>>>> about those interests.
>>>>>>> It should be remembered that the Internet is an agglomeration of many
>>>>>>> networks and resources, some public and some private. At the same time,
>>>>>>> it is simply a bunch of technical standards that people and
>>>>>>> organizations have agreed to use to interact with each other. In many
>>>>>>> cases, the ultimate solution to abuse is to drop route. To the extent
>>>>>>> that good and granular information is not readily available, regular
>>>>>>> (innocent) users may suffer as owners and administrators of resources
>>>>>>> act to protect those resources and their legitimate users from abuse and
>>>>>>> maliciousness. The reality is that most users of the internet utilize a
>>>>>>> relatively small subset of all the resources out there. For some, a
>>>>>>> service like Facebook IS the Internet.
>>>>>>>
>>>>>>> It may also incite a tendency towards returning to a model of walled
>>>>>>> gardens. At various points I have heard discussions about the
>>>>>>> balkanization of the internet, with things like separate roots, etc.
>>>>>>> People should think very carefully about what they are asking for
>>>>>>> because they may not be happy with it if they actually get it.
>>>>>>> Rather than starting from a model of justifying everything and anything
>>>>>>> from a privacy perspective, I would suggest that it would be much more
>>>>>>> appropriate, other than technical changes such as moving towards using
>>>>>>> JSON, to require justification and consensus for any changes from the
>>>>>>> existing model(s) of WHOIS.
>>>>>>> Michael Hammer
>>>>>
>>>>>>> On Wed, Apr 26, 2017 at 10:27 AM, allison nixon <elsakoo at gmail.com>
>>>>>>> wrote:
>>>>>
>>>>>>> Thank you for your email Tim.
>>>>>>>
>>>>>>> Full disclosure(because I believe in being transparent about this sort
>>>>>>> of thing), we do business with Domaintools and use their tools to
>>>>>>> consume whois data.
>>>>>>>
>>>>>>> "i'll close by saying I think Allison's point about economic value has
>>>>>>> merit. yes, the point of the WG is not to protect anyone's economic
>>>>>>> interest. I agree 100% with that statement and will disagree with
>>>>>>> anyone who thinks the future of DomainTools or other commercial service
>>>>>>> should have one iota of impact on this discussion."
>>>>>>>
>>>>>>> I will however disagree vehemently with you on this point. It is obvious
>>>>>>> that many of the arguments to cut off anonymous querying to WHOIS data
>>>>>>> are economically motivated. Financial concerns are cited numerous times
>>>>>>> in approved documents. I also believe the "vetting" process is likely to
>>>>>>> become a new revenue stream for someone as well. A revenue stream with
>>>>>>> HIGHLY questionable privacy value-add.
>>>>>>>
>>>>>>> Every dollar of income for the Domaintools company and others like it
>>>>>>> come from their clients, who see a multiplier of value from it. That
>>>>>>> means for every dollar spent on the entire whois aggregator industry
>>>>>>> means that a much larger amount of money is saved through prevented
>>>>>>> harms like fraud, abuse, and even fake medications which kill people.
>>>>>>>
>>>>>>> I think it is extremely important to identify what critical systems rely
>>>>>>> on whois (either directly or downstream), and determine if we are ready
>>>>>>> to give up the utility of these systems.
>>>>>>>
>>>>>>> We also need to identify the value of the ability to anonymously query
>>>>>>> whois and what that loss of privacy will mean as well. While I obviously
>>>>>>> do not make many queries anonymously(although our vendor has their own
>>>>>>> privacy policy), I understand this is important especially to those
>>>>>>> researching more dangerous actors. Why would $_COUNTRY dissidents want
>>>>>>> to query domains when their opponents would surely be hacking into the
>>>>>>> audit logs for this?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Apr 25, 2017 11:41 PM, "Chen, Tim" <tim at domaintools.com> wrote:
>>>>>>>
>>>>>>> "And I hope more stakeholders in this multi-stakeholder process will
>>>>>>> come forward with their own perspectives, as they will differ from
>>>>>>> mine."
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> happy to do so. DomainTools is clearly a stakeholder in this debate.
>>>>>>> and we have a fair amount of experience around the challenges, benefits
>>>>>>> and risks of whois data aggregation at scale.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> from the beginning of this EWG/RDS idea we've stood down bc i didn't
>>>>>>> believe our opinion would be seen as objective-enough given our line of
>>>>>>> business. but it is apparent to me having followed this debate for many
>>>>>>> weeks now, that this is a working group of individuals who all bring
>>>>>>> their own biases into the debate. whether they care to admit that to
>>>>>>> themselves or not. so we might as well wade in too. bc I think our
>>>>>>> experience is very relevant to the discussion.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> i'll do my best to be as objective as I can, as a domain registrant
>>>>>>> myself and as an informed industry participant.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> since our experience is working with security minded organizations, that
>>>>>>> is the context with which I will comment.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> since this is an ICANN working group, I start with the ICANN mission
>>>>>>> statement around the security and stability of the DNS. I find myself
>>>>>>> wanting to fit this debate to that as the north star. i do not see the
>>>>>>> RDS as purpose driven to fit the GDPR or any region-specific legal
>>>>>>> resolution. but I do see those as important inputs to our discussion.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> from a security perspective, my experience is that the benefits of the
>>>>>>> current Whois model, taken with this lens, far outweigh the costs.
>>>>>>> again, I can only speak from my experience here at DomainTools, and
>>>>>>> obviously under the current Whois regime. This is not to say it cannot
>>>>>>> be improved. From a data accuracy perspective alone there is enormous
>>>>>>> room for improvement as I think we can all agree. every day I see the
>>>>>>> tangible benefits to security interests, which for the most part are
>>>>>>> "doing good", from the work that we do. when I compare that to the
>>>>>>> complaints that we get bc "my PII is visible in your data", it's not
>>>>>>> even close by my value barometer (which my differ from others'). this
>>>>>>> is relevant bc any future solution will be imperfect as I have mentioned
>>>>>>> before. as Allison and others point out we need to measure the harm
>>>>>>> done by any new system that may seek to solve one problem (privacy?) and
>>>>>>> inadvertently create many more. since this group is fond of analogies
>>>>>>> I'll contribute one from the medical oath (not sure if this is just
>>>>>>> U.S.) "first, do no harm".
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> i'll close by saying I think Allison's point about economic value has
>>>>>>> merit. yes, the point of the WG is not to protect anyone's economic
>>>>>>> interest. I agree 100% with that statement and will disagree with
>>>>>>> anyone who thinks the future of DomainTools or other commercial service
>>>>>>> should have one iota of impact on this discussion. but I also think
>>>>>>> "it's too expensive" or "it's too hard" are weak and dangerous excuses
>>>>>>> when dealing with an issue like this which has enormous and far reaching
>>>>>>> consequences for the very mission of ICANN around the security and
>>>>>>> stability of our internet.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Tim
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Apr 24, 2017 at 3:50 PM, allison nixon <elsakoo at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Thanks for the documentation in your earlier email. While I understand
>>>>>>> that's how things are supposed to work in theory, it's not implemented
>>>>>>> very widely, and unless there is enforcement, then it's unlikely to be
>>>>>>> useful at all.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "as a given, we put ourselves in a certain position in terms of the
>>>>>>> actions we can and cannot recommend. We can make similar statements
>>>>>>> focused on registry operators, registrars, or any other stakeholder in
>>>>>>> this space. If we all approach this WG's task with the goal of not
>>>>>>> changing anything, we're all just wasting our time."
>>>>>>>
>>>>>>> There are things that people would be willing to change about WHOIS.
>>>>>>> Changes purely relating to the data format would not be as
>>>>>>> controversial. Changing to that RDAP json format would probably be an
>>>>>>> agreeable point to most here.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> There are two different major points of contention here. The first is
>>>>>>> the data format, second is the creation of a new monopoly and ceding
>>>>>>> power to it. By monopoly I mean- who are the gatekeepers of "gated"
>>>>>>> access? Will it avoid all of the problems that monopolies are
>>>>>>> historically prone to? Who will pay them? It seems like a massive leap
>>>>>>> of faith to commit to this without knowing who we are making the
>>>>>>> commitment to.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "I do not believe it is this WG's responsibility to protect anyone's
>>>>>>> commercial services if those things are basically in response to
>>>>>>> deficiencies in the existing Whois protocol. "
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> From my understanding of past ICANN working groups, registrars have
>>>>>>> fought against issues that would have increased their costs. And the
>>>>>>> destruction of useful WHOIS results(or becoming beholden to some new
>>>>>>> monopoly) stand to incur far more costs for far larger industries. So
>>>>>>> this shouldn't surprise you. If those economic concerns are not valid
>>>>>>> then I question why the economic concerns of registrars are valid.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> If entire industries are built around a feature you would consider a
>>>>>>> "deficiency", then your opinion may solely be your own. And I hope more
>>>>>>> stakeholders in this multi-stakeholder process will come forward with
>>>>>>> their own perspectives, as they will differ from mine.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Not trying to hamstring the WG. Just asking if this is not something
>>>>>>> that has already been solved.."
>>>>>>>
>>>>>>> Hi Paul,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> It's an interesting thought. This document was recommended to me as one
>>>>>>> that was approved in the past by the working group that outlined what
>>>>>>> the resulting system might look like. I'm still learning and reading
>>>>>>> about these working groups and what they do, and this document is
>>>>>>> massive.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> https://www.icann.org/en/syste m/files/files/final-report-06j
>>>>>>> un14-en.pdf
>>>>>>> <https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> In the document, it says: "Central to the remit of the EWG is the
>>>>>>> question of how to design a system that increases the accuracy of the
>>>>>>> data collected while also offering protections for those Registrants
>>>>>>> seeking to guard and maintain their privacy."
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> One of the things I notice is that any talk about actually increasing
>>>>>>> accuracy of whois info- via enforcement- is vigorously opposed in this
>>>>>>> group, and it's merely assumed that people will supply better quality
>>>>>>> data under the new system.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Throughout the document it talks about use-cases and features (whois
>>>>>>> history, reverse query, etc), which are indeed identical to the features
>>>>>>> of the whois aggregators of current day. Such a system would replace
>>>>>>> them. Will the service quality be as good?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On page 63 it gets into thoughts on who would be "accredited" to access
>>>>>>> the gated whois data. Every proposed scenario seems to recognize the
>>>>>>> resulting system will need to handle a large query volume from a large
>>>>>>> number of people, and one proposes accrediting bodies which may accredit
>>>>>>> organizations which may accredit individuals. It even proposes an abuse
>>>>>>> handling system which is also reminiscent in structure to how abuse is
>>>>>>> handled currently in our domain name system. Many of these proposed
>>>>>>> schemes appear to mimic the ways that the hosting industry and registrar
>>>>>>> industry operate, so we can expect that the patterns of abuse will be
>>>>>>> equally frequent, especially if higher quality data is supplied.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> The proposed scenarios all paint a picture of "gated" access with very
>>>>>>> wide gates, while simultaneously representing to domain purchasers that
>>>>>>> their data is safe and privacy protected. And this is supposed to
>>>>>>> *reduce* the total number of privacy violations? This doesn't even
>>>>>>> appeal to me as a consumer of this data.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Whoever sets up this system also stands to inherit a lot of money from
>>>>>>> the soon-to-be-defunct whois aggregation industry. They would certainly
>>>>>>> win our contract, because we would have no choice. All domain reputation
>>>>>>> services, anti-spam, security research, etc, efforts will all need to
>>>>>>> pay up.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> After being supplied with the above document, I also saw a copy of a
>>>>>>> rebuttal written by a company that monitors abusive domains. I strongly
>>>>>>> agree with the sentiments in this document and I do not see evidence
>>>>>>> that those concerns have received fair consideration. While I do not see
>>>>>>> this new gatekeeper as an existential threat, I do see it as a likely
>>>>>>> degradation in the utility i do see from whois. To be clear, we do not
>>>>>>> do any business with this company.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> http://mm.icann.org/pipermail/ input-to-ewg/attachments/20130
>>>>>>> 823/410038bb/LegitScriptCommen tsonICANNEWGWhoisReplacementSt
>>>>>>> ructure-0001.pdf
>>>>>>> <http://mm.icann.org/pipermail/input-to-ewg/attachments/20130823/410038b
>>>>>>> b/LegitScriptCommentsonICANNEWGWhoisReplacementStructure-0001.pdf>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I also found John Bambenek's point in a later thread to be interesting-
>>>>>>> concentrating WHOIS knowledge solely to one organization allows the
>>>>>>> country it resides in to use it to support its intelligence apparatus,
>>>>>>> for example monitoring when its espionage domains are queried for, and
>>>>>>> targeting researchers that query them (since anonymous querying will be
>>>>>>> revoked). Nation states already use domains in operations so this
>>>>>>> monopoly is a perfect strategic data reserve. The fact that this system
>>>>>>> is pushed by privacy advocates is indeed ironic.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> None of those concerns appear to have been addressed by this group in
>>>>>>> any serious capacity. Before the addition of new members, I don't think
>>>>>>> many people had the backgrounds or skillsets to even understand why they
>>>>>>> are a concern. But I think this is a discussion worth having at this
>>>>>>> point in time for this group.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Apr 24, 2017 at 1:50 PM, Andrew Sullivan
>>>>>>> <ajs at anvilwalrusden.com> wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> On Mon, Apr 24, 2017 at 07:25:47PM +0200, Paul Keating wrote:
>>>>>>>> > Andrew,
>>>>>>>> >
>>>>>>>> > Thank you. That was helpful.
>>>>>>>> >
>>>>>>>> > ""Given this registrant, what other
>>>>>>>> > domains are registered?" is a solved problem, and has been since the
>>>>>>>> > early 2000s.²
>>>>>>>> >
>>>>>>>> > This is also traceable via alternative means such as consistencies in
>>>>>>>> > various WHOIS fields such as email, address, name, etc.
>>>>>>>
>>>>>>> Well, sort of. The email, address, and name fields are _user_
>>>>>>> supplied. So they come from the other party to the transaction. The
>>>>>>> ROID is assigned by the registry itself. So once you have a match,
>>>>>>> you know that you are looking at the same object, only the same
>>>>>>> object, and all the same object(s).
>>>>>>>
>>>>>>> Email addresses in particular are guaranteed unique in the world at
>>>>>>> any given time (though not guaranteed as unique identifiers over
>>>>>>> time), so they may be useful for these purposes. Take it from someone
>>>>>>> named "Andrew Sullivan", however, that names are pretty useless as
>>>>>>> context-free identifiers :)
>>>>>>>
>>>>>>>> > In reality finding out answers to questions such as
>>>>>>>> > yours (above) requires investigation using a plethora of data.
>>>>>>>
>>>>>>> To be clear, finding out the answer to what I (meant to) pose(d)
>>>>>>> requires no plethora of data: it requires a single query and access to
>>>>>>> the right repository (the registry). In some theoretical system, the
>>>>>>> correct underlying database query would be something like this:
>>>>>>>
>>>>>>> SELECT domain_roid, domain_name FROM domains WHERE registrant_roid =
>>>>>>> ?;
>>>>>>>
>>>>>>> and you put the correct ROID in where the question mark is, and off
>>>>>>> you go. That will give you the list of all the domain names, and
>>>>>>> their relevant ROIDs, registered by a given registrant contact. At
>>>>>>> least one registry with which I am familiar once had a WHOIS feature
>>>>>>> that allowed something close to the above, only it would stop after
>>>>>>> some number of domains so as not to return too much data. I think the
>>>>>>> default was therefore LIMIT 50, but I also think the feature was
>>>>>>> eventually eliminated about the time that the ICANN community rejected
>>>>>>> IRIS as an answer to "the whois problem".
>>>>>>>
>>>>>>> What the above will of course not do is help you in the event Bob The
>>>>>>> Scammer has created dozens of different contacts for himself by (say)
>>>>>>> registering names through many different registrars. I do not believe
>>>>>>> that any registry is going to support such a use at least without
>>>>>>> access controls, because it can be expensive to answer such things.
>>>>>>> So, what you understood me to be asking, I think, is the question I
>>>>>>> did _not_ ask: given this human being or organization, what other
>>>>>>> domains are registered?" That does require a lot of different data,
>>>>>>> and it requires cross-organizational searches, and it requires sussing
>>>>>>> out when someone has lied also. Such research is, I agree, completely
>>>>>>> outside the scope of what any technical system will ever be able to
>>>>>>> offer reliably.
>>>>>>>
>>>>>>>> > An entire
>>>>>>>> > industry exists for this purpose and I don¹t think we should be
>>>>>>>> > considering replacing what has already been existing in the cyber
>>>>>>>> security
>>>>>>>> > marketplace.
>>>>>>>
>>>>>>> I do not believe it is this WG's responsibility to protect anyone's
>>>>>>> commercial services if those things are basically in response to
>>>>>>> deficiencies in the existing Whois protocol. In this case, however,
>>>>>>> that's not the problem. Linking data in multiple databases to a given
>>>>>>> real-world human being is hard even in systems without competition and
>>>>>>> multiple points of access. It's always going to require researchers
>>>>>>> for the domain name system.
>>>>>>>
>>>>>>> Best regards.
>>>>>>>
>>>>>>>
>>>>>>> A
>>>>>>>
>>>>>>> --
>>>>>>> Andrew Sullivan
>>>>>>> ajs at anvilwalrusden.com
>>>>>>> ______________________________ _________________
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> https://mm.icann.org/mailman/l istinfo/gnso-rds-pdp-wg
>>>>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> ______________________________ ___
>>>>>>> Note to self: Pillage BEFORE burning.
>>>>>>>
>>>>>>> ______________________________ _________________
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> https://mm.icann.org/mailman/l istinfo/gnso-rds-pdp-wg
>>>>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>>>>
>>>>>>>
>>>>>
>>>>>>> ______________________________ _________________
>>>>>
>>>>>>>
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> https://mm.icann.org/mailman/l istinfo/gnso-rds-pdp-wg
>>>>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ______________________________ _________________
>>>>>
>>>>>>>
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
>>>>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>>
>>>>>> _______________________________________________
>>>>>> gnso-rds-pdp-wg mailing list
>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>
>>>>> _______________________________________________
>>>>> gnso-rds-pdp-wg mailing list
>>>>> gnso-rds-pdp-wg at icann.org
>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>
>>>>> _______________________________________________
>>>>> gnso-rds-pdp-wg mailing list
>>>>> gnso-rds-pdp-wg at icann.org
>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>
>>>>
>>>> _______________________________________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp
>>>> -wg
>>>
>>>
>>> --
>>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>>>
>>> Mit freundlichen Grüßen,
>>>
>>> Volker A. Greimann
>>> - Rechtsabteilung -
>>>
>>> Key-Systems GmbH
>>> Im Oberen Werk 1
>>> 66386 St. Ingbert
>>> Tel.: +49 (0) 6894 - 9396 901 <tel:+49%206894%209396901>
>>> Fax.: +49 (0) 6894 - 9396 851 <tel:+49%206894%209396851>
>>> Email: vgreimann at key-systems.net
>>>
>>> Web: www.key-systems.net <http://www.key-systems.net> / www.RRPproxy.net
>>> <http://www.RRPproxy.net> www.domaindiscount24.com
>>> <http://www.domaindiscount24.com> / www.BrandShelter.com
>>> <http://www.BrandShelter.com>
>>>
>>> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
>>> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
>>> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
>>>
>>> Geschäftsführer: Alexander Siffrin
>>> Handelsregister Nr.: HR B 18835 - Saarbruecken
>>> Umsatzsteuer ID.: DE211006534
>>>
>>> Member of the KEYDRIVE GROUP
>>> www.keydrive.lu <http://www.keydrive.lu>
>>>
>>> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen
>>> Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder
>>> Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese
>>> Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per
>>> E-Mail oder telefonisch in Verbindung zu setzen.
>>>
>>> --------------------------------------------
>>>
>>> Should you have any further questions, please do not hesitate to contact us.
>>>
>>> Best regards,
>>>
>>> Volker A. Greimann
>>> - legal department -
>>>
>>> Key-Systems GmbH
>>> Im Oberen Werk 1
>>> 66386 St. Ingbert
>>> Tel.: +49 (0) 6894 - 9396 901 <tel:+49%206894%209396901>
>>> Fax.: +49 (0) 6894 - 9396 851 <tel:+49%206894%209396851>
>>> Email: vgreimann at key-systems.net
>>>
>>> Web: www.key-systems.net <http://www.key-systems.net> / www.RRPproxy.net
>>> <http://www.RRPproxy.net> www.domaindiscount24.com
>>> <http://www.domaindiscount24.com> / www.BrandShelter.com
>>> <http://www.BrandShelter.com>
>>>
>>> Follow us on Twitter or join our fan community on Facebook and stay updated:
>>> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
>>> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
>>>
>>> CEO: Alexander Siffrin
>>> Registration No.: HR B 18835 - Saarbruecken
>>> V.A.T. ID.: DE211006534
>>>
>>> Member of the KEYDRIVE GROUP
>>> www.keydrive.lu <http://www.keydrive.lu>
>>>
>>> This e-mail and its attachments is intended only for the person to whom it
>>> is addressed. Furthermore it is not permitted to publish any content of this
>>> email. You must not use, disclose, copy, print or rely on this e-mail. If an
>>> addressing or transmission error has misdirected this e-mail, kindly notify
>>> the author by replying to this e-mail or contacting us by telephone.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>> _______________________________________________ gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170427/62b51bba/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list