[gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data
Paul Keating
Paul at law.es
Thu Apr 27 14:56:42 UTC 2017
+201�
From: <gnso-rds-pdp-wg-bounces at icann.org> on behalf of John Bambenek via
gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org>
Reply-To: John Bambenek <jcb at bambenekconsulting.com>
Date: Thursday, April 27, 2017 at 3:11 PM
To: Ayden Férdeline <icann at ferdeline.com>
Cc: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] international law enforcement association
resolution regarding domain registration data
> Re:
>
> "Data can only processed to satisfy necessary, proportionate, legitimate
> aims..."
>
> Many of us would argue having ungated ownership information fits squarely in
> both ICANN's security and stability mandate AND more importantly it is very
> much in the public interest. For instance, this:
>
> https://mobile.nytimes.com/2017/04/24/world/europe/macron-russian-hacking.html
>
> Individuals, allegedly associated with Russian intelligence, registered
> domains and used them specifically to target En Marche's use of office 365.
> This was caught because today its possible to detect registrations based on
> keywords (for instance, with DomainTools). Using registrant information it was
> possible to find all the domains associated with this individual and
> preemptively take protective measures. I should note the registrant used
> demonstrably false registrant information (an address that doesn't exist, for
> one) showing that even with accuracy rules, registries do not appear to be
> taking even basic steps beyond "the email didn't bounce" steps to ensure
> accuracy even when automated and trivial tools would detect such things. This
> is why I don't want to give up on "authoritative" yet.
>
> If you are concerned about a Le Pen presidency brought on by Russian
> manipulation, on behalf of the security community, let me say "you're
> welcome".
>
> The conversations with data protection authorities have thus far, from my
> observations, been unbalanced due to lack of our participation. We can have
> both privacy and security.
>
> When they (and for that matter, their parliaments) are made aware of the
> consequences of this particular path, I am sure adjustments will be made.
> Throwing everything behind a gate means we not only are much more inhibited to
> protect our client networks, we are much less able to deal with potential
> propaganda and election manipulation. Even if we had enough access behind the
> gate, there is no way we'd have enough functionality and even if we did, we
> would be exposing those researchers who do this work by creating audit logs
> that certainly will be accessible to a hostile intelligence agency.
>
> In the balance of harms between "some spam" and election manipulation, I think
> I know where public policy will end up.
>
> That said, I still think I could defend keeping this information the way it is
> today and justify it under appropriate and permissible purpose.
>
> Sent from my iPhone
>
> On Apr 27, 2017, at 07:47, Ayden Férdeline <icann at ferdeline.com> wrote:
>
>> Data can only processed to satisfy necessary, proportionate, legitimate aim
> _______________________________________________ gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170427/21631676/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list