[gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data
John Bambenek
jcb at bambenekconsulting.com
Thu Apr 27 20:37:27 UTC 2017
In your opinion, sure. Others would disagree. I would also agree that
gates increase in some cases risk, not decrease it.
For instance, how do I, as a consumer, verify the entity with an online
presence is who they say they are? Should we just deny consumers the
ability to investigate and protect themselves too because no gated
system that accepts everyone for that data could be considered anything
other than "data up for grabs with zero restrictions".
On 4/27/2017 3:27 PM, Ayden Férdeline wrote:
> “Data up for grabs with zero restrictions” is a good example of
> disproportionate disclosure.
>
> - Ayden
>
>
>> -------- Original Message --------
>> Subject: Re: [gnso-rds-pdp-wg] international law enforcement
>> association resolution regarding domain registration data
>> Local Time: 27 April 2017 5:37 PM
>> UTC Time: 27 April 2017 16:37
>> From: gnso-rds-pdp-wg at icann.org
>> To: gnso-rds-pdp-wg at icann.org
>>
>>
>> Below
>>
>>
>> On 4/27/2017 11:33 AM, theo geurts wrote:
>>> Paul, et al,
>>>
>>> The collection is not the issue.
>>>
>>> Article 6(1)(b) Directive provides that personal data may only be
>>> collected for specified, explicit and legitimate purposes and not
>>> further processed in a way incompatible with those purposes
>>> (articles 7 and 9 Wbp). Processing of personal data is allowed to a
>>> limited number of legitimate grounds, specified in Article 7
>>> Directive (Article 8 Wbp).
>>>
>>> Regardless if you buy socks online in the EU or a domain name,
>>> everyone collects data to fulfill a contract.
>>> Putting identifiable personal data in a public database aka WHOIS is
>>> way beyond the contract as we have zero means of protecting that
>>> data as it is up for grabs without zero restrictions.
>>>
>> And some would argue that having that data up for grabs with zero
>> restrictions is EXACTLY necessarily for the purpose of which it is
>> collected.
>>
>>
>>> The entire GDPR, or directives or Privacy Shield or WBP has a
>>> baseline of an adequate level of data protection. Now we can argue
>>> here all day, but having a zero level of data protection is NO data
>>> protection. So all arguements about consent, purpose suddenly do not
>>> apply.
>>>
>> Except they do. For instance, say, twitter. Business can and do
>> publish information of users without access restrictions. This exists
>> today.
>>
>>>
>>> This changes when we discuss gated access and an adequate level of
>>> data protection.
>>>
>>> We had several EU Data Commissioners weigh in during ICANN 58
>>> regarding the above, I am personally not going to argue with those
>>> guys.
>>>
>>> When we look at the fulfillment of the contract and purpose. What
>>> exactly does one need to register a domain name? Thin WHOIS
>>> Registries have a very successful track record in years and number
>>> of domain names that only a set of name servers is required, the
>>> domain name and the registration period.
>> There is an underlying implication that the purpose here is merely
>> what is necessary to have a domain and for a registry to collect
>> money. I would argue vehemently that is a quite narrow and
>> fundamentally inappropriate way to describe the purpose here.
>>
>>
>>>
>>> Thanks,
>>>
>>> Theo
>>>
>>>
>>> On 27-4-2017 17:05, Paul Keating wrote:
>>>> Ayden,
>>>>
>>>> Im sorry but you are mistaken in your predicate. The rule requires
>>>> that you have a purpose. In order to obtain consent the purpose
>>>> must be clearly stated (otherwise the consent is not valid). No
>>>> data processor can use the data outside of the scope of the
>>>> declared purpose and consent.
>>>>
>>>> Data controllers may collect and process personal data when any of
>>>> the following conditions are met:
>>>>
>>>>
>>>> For collecting personal data:
>>>>
>>>> Pursuant to the Wbp, a data controller may only collect personal
>>>> data if he has a purpose for this.
>>>>
>>>> The purpose must be:
>>>>
>>>> * specified
>>>> * explicit, and
>>>> * legitimate.
>>>>
>>>> A data controller may not collect data if he has not clearly
>>>> specified the purpose.
>>>>
>>>>
>>>> For processing personal data:
>>>>
>>>> *
>>>> the data subject has unambiguously given his prior consent thereto
>>>>
>>>> *
>>>> the processing is necessary for the performance of a contract
>>>> to which the data subject is party
>>>>
>>>> *
>>>> the processing is necessary in order to comply with a legal
>>>> obligation to which the data controller is subject
>>>>
>>>> *
>>>> the transfer is necessary in order to protect the vital
>>>> interests of the data subject
>>>>
>>>> *
>>>> the transfer is necessary or legally required in order to
>>>> protect an important public interest, oe
>>>>
>>>> * the processing is necessary for upholding the legitimate
>>>> interests of the data controller or of a third party to whom
>>>> the data is supplied, except where the interests or fundamental
>>>> rights and freedoms of the data subject, in particular the
>>>> right to protection of individual privacy, prevail.
>>>>
>>>> In addition, personal data may not be further processed in a way
>>>> incompatible with the purposes for which the data were originally
>>>> collected. Whether further processing is incompatible depends on
>>>> different circumstances, such as:
>>>>
>>>> *
>>>> the relationship between the purpose of the intended processing
>>>> and the purposes for which the data originally was obtained
>>>>
>>>> *
>>>> the nature of the data concerned
>>>>
>>>> *
>>>> the consequences of the intended processing for the data subject
>>>>
>>>> *
>>>> the manner in which the data have been obtained, and
>>>>
>>>> * the extent to which appropriate guarantees have been put in
>>>> place with respect to the data subject.
>>>>
>>>> Also, personal data may only be processed, where, given the
>>>> purposes for which they are collected or subsequently processed,
>>>> they are adequate, relevant and not excessive.
>>>>
>>>> Finally, the Wbp sets out strict rules in relation to sensitive
>>>> data. The main rule is that such data may not be processed, unless
>>>> the data subject has given his explicit consent to it. However,
>>>> there are exemptions to this rule which may apply in certain
>>>> circumstances.
>>>>
>>>>
>>>> *From: * <gnso-rds-pdp-wg-bounces at icann.org
>>>> <mailto:gnso-rds-pdp-wg-bounces at icann.org>> on behalf of Ayden
>>>> Férdeline <icann at ferdeline.com <mailto:icann at ferdeline.com>>
>>>> *Reply-To: * Ayden Férdeline <icann at ferdeline.com
>>>> <mailto:icann at ferdeline.com>>
>>>> *Date: * Thursday, April 27, 2017 at 2:47 PM
>>>> *To: * Michele Blacknight <michele at blacknight.com
>>>> <mailto:michele at blacknight.com>>
>>>> *Cc: * RDS PDP WG <gnso-rds-pdp-wg at icann.org
>>>> <mailto:gnso-rds-pdp-wg at icann.org>>
>>>> *Subject: * Re: [gnso-rds-pdp-wg] international law enforcement
>>>> association resolution regarding domain registration data
>>>>
>>>> Hi Michele,
>>>>
>>>> My understanding of the General Data Protection Regulation is
>>>> that a data controller must only process data in accordance
>>>> with six general principles, one of which is the purpose
>>>> limitation. Data can only processed to satisfy necessary,
>>>> proportionate, legitimate aims (with very few exceptions for
>>>> public interest, scientific, historical, or statistical
>>>> purposes). That a purpose is merely desirable may not satisfy
>>>> these aims. Consent is a freely given, specific, informed, and
>>>> unambiguous indication of the data subject’s wishes, but they
>>>> cannot be asked to consent to something which is unlawful to
>>>> collect in the place.
>>>>
>>>> Best wishes,
>>>>
>>>> Ayden Férdeline
>>>> linkedin.com/in/ferdeline <http://www.linkedin.com/in/ferdeline>
>>>>
>>>>
>>>>> -------- Original Message --------
>>>>> Subject: Re: [gnso-rds-pdp-wg] international law enforcement
>>>>> association resolution regarding domain registration data
>>>>> Local Time: 27 April 2017 1:18 PM
>>>>> UTC Time: 27 April 2017 12:18
>>>>> From: michele at blacknight.com <mailto:michele at blacknight.com>
>>>>> To: Ayden Férdeline <icann at ferdeline.com
>>>>> <mailto:icann at ferdeline.com>>
>>>>> RDS PDP WG <gnso-rds-pdp-wg at icann.org
>>>>> <mailto:gnso-rds-pdp-wg at icann.org>>
>>>>>
>>>>>
>>>>> Ayden
>>>>> Correct me if I'm wrong, but isn't the consent meant to be
>>>>> tied to a specific set of purposes?
>>>>>
>>>>> Regards
>>>>>
>>>>> Michele
>>>>>
>>>>> Mr Michele Neylon
>>>>> Blacknight Hosting & Domains
>>>>> http://www.blacknight.host/
>>>>> http://www.mneylon.social
>>>>> Sent from mobile so typos and brevity are normal
>>>>>
>>>>> On 27 Apr 2017, at 12:45, Ayden Férdeline <icann at ferdeline.com
>>>>> <mailto:icann at ferdeline.com>> wrote:
>>>>>
>>>>>> re: the repeated suggestion of “opt in registration for
>>>>>> public WHOIS”. It bears repeating what was said to us by the
>>>>>> Data Protection Commissioners in Copenhagen; consent is not a
>>>>>> waiver for disproportionate or unlawful processing. You
>>>>>> cannot ask a data subject to consent to something which is
>>>>>> unlawful.
>>>>>>
>>>>>> Ayden Férdeline
>>>>>> linkedin.com/in/ferdeline <http://www.linkedin.com/in/ferdeline>
>>>>>>
>>>>>>
>>>>>>> -------- Original Message --------
>>>>>>> Subject: Re: [gnso-rds-pdp-wg] international law enforcement
>>>>>>> association resolution regarding domain registration data
>>>>>>> Local Time: 27 April 2017 12:36 PM
>>>>>>> UTC Time: 27 April 2017 11:36
>>>>>>> From: Paul at law.es <mailto:Paul at law.es>
>>>>>>> To: Michele Neylon - Blacknight <michele at blacknight.com
>>>>>>> <mailto:michele at blacknight.com>>, Greg Shatan
>>>>>>> <gregshatanipc at gmail.com <mailto:gregshatanipc at gmail.com>>,
>>>>>>> Volker Greimann <vgreimann at key-systems.net
>>>>>>> <mailto:vgreimann at key-systems.net>>
>>>>>>> RDS PDP WG <gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>>
>>>>>>>
>>>>>>> "Privacy laws in one part of the world are a factor we need
>>>>>>> to be aware of, among other factors. “
>>>>>>>
>>>>>>> This seems to be the entire driving force behind considering
>>>>>>> a more restrictive (gated) access to WHOIS. If there are
>>>>>>> other reasons please let me know.
>>>>>>>
>>>>>>> Also, I have yet to see any legal authority that precludes:
>>>>>>>
>>>>>>> Opt in registration for public WHOIS
>>>>>>> For those not desiring a public WHOIS record, then the
>>>>>>> ability to use a recognized privacy service so as
>>>>>>> to “anchor" the registration of the domain
>>>>>>>
>>>>>>> If one does exist can someone point me to the link?
>>>>>>>
>>>>>>>
>>>>>>> A balancing of needs is important here. Seems to me that
>>>>>>> the competing interests here are not simply privacy vs.
>>>>>>> public access. There are the private interests of those who
>>>>>>> regularly use the current WHOIS data set for any variety of
>>>>>>> purposes including:
>>>>>>>
>>>>>>> Security research and prevention
>>>>>>> Law enforcement
>>>>>>> Highjacking recovery
>>>>>>> Private transactions (confirmation of current and historical
>>>>>>> ownership)
>>>>>>> Lending and financing transactions (confirmation of
>>>>>>> ownership to support security interests)
>>>>>>> Providing WHOIS and other data services to others
>>>>>>>
>>>>>>>
>>>>>>> Paul
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *From: *<gnso-rds-pdp-wg-bounces at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg-bounces at icann.org>> on behalf of
>>>>>>> Michele Blacknight <michele at blacknight.com
>>>>>>> <mailto:michele at blacknight.com>>
>>>>>>> *Date: *Thursday, April 27, 2017 at 9:21 AM
>>>>>>> *To: *Greg Shatan <gregshatanipc at gmail.com
>>>>>>> <mailto:gregshatanipc at gmail.com>>, Volker Greimann
>>>>>>> <vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>>
>>>>>>> *Cc: *RDS PDP WG <gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>>
>>>>>>> *Subject: *Re: [gnso-rds-pdp-wg] international law
>>>>>>> enforcement association resolution regarding domain
>>>>>>> registration data
>>>>>>>
>>>>>>> Greg
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> As a business owner I need to make sure that I’m not
>>>>>>> exposing myself or the company to unnecessary risk.
>>>>>>>
>>>>>>> While big corporations might be comfortable spending
>>>>>>> large amounts of money on “creative” tax arrangements
>>>>>>> that isn’t really an option for smaller companies like
>>>>>>> ourselves.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>>
>>>>>>> Michele
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Mr Michele Neylon
>>>>>>>
>>>>>>> Blacknight Solutions
>>>>>>>
>>>>>>> Hosting, Colocation & Domains
>>>>>>>
>>>>>>> https://www.blacknight.com/
>>>>>>>
>>>>>>> https://blacknight.blog/
>>>>>>>
>>>>>>> https://ceo.hosting/
>>>>>>>
>>>>>>> Intl. +353 (0) 59 9183072
>>>>>>>
>>>>>>> Direct Dial: +353 (0)59 9183090
>>>>>>>
>>>>>>> -------------------------------
>>>>>>>
>>>>>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside
>>>>>>> Business Park,Sleaty
>>>>>>>
>>>>>>> Road,Graiguecullen,Carlow,R93 X265,
>>>>>>>
>>>>>>> Ireland Company No.: 370845
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *From: *<gnso-rds-pdp-wg-bounces at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg-bounces at icann.org>> on behalf of
>>>>>>> Greg Shatan <gregshatanipc at gmail.com
>>>>>>> <mailto:gregshatanipc at gmail.com>>
>>>>>>> *Date: *Wednesday 26 April 2017 at 23:38
>>>>>>> *To: *Volker Greimann <vgreimann at key-systems.net
>>>>>>> <mailto:vgreimann at key-systems.net>>
>>>>>>> *Cc: *RDS PDP WG <gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>>
>>>>>>> *Subject: *Re: [gnso-rds-pdp-wg] international law
>>>>>>> enforcement association resolution regarding domain
>>>>>>> registration data
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> We also need to be very clear about the limits of the
>>>>>>> legal requirements of applicable law, and the various
>>>>>>> options available for dealing with the law. There's no
>>>>>>> need to overcomply. Indeed it would be quite
>>>>>>> unreasonable to do so.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Just as paying the lowest calculable income tax is
>>>>>>> perfectly legitimate, so is complying with the law in
>>>>>>> the least disruptive way possible.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Greg
>>>>>>>
>>>>>>>
>>>>>>> *Greg Shatan
>>>>>>> *C: 917-816-6428
>>>>>>> S: gsshatan
>>>>>>> Phone-to-Skype: 646-845-9428
>>>>>>> gregshatanipc at gmail.com <mailto:gregshatanipc at gmail.com>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Apr 26, 2017 at 1:06 PM, Volker Greimann
>>>>>>> <vgreimann at key-systems.net
>>>>>>> <mailto:vgreimann at key-systems.net>> wrote:
>>>>>>>
>>>>>>> I wish it were so simple. "Doing harm" is not
>>>>>>> necessary to be in violation with applicable law.
>>>>>>> Just like jaywalking, speeding on an empty road or
>>>>>>> crossing a red light carries a fine regardless of
>>>>>>> whether harm was done, privacy law too does not care
>>>>>>> about an actual harm.
>>>>>>>
>>>>>>> We need to be very clear about the legal
>>>>>>> requirements when we define the limits of what can
>>>>>>> be done with the data we collect, and by whom.
>>>>>>>
>>>>>>> Volker
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Am 26.04.2017 um 18:43 schrieb John Horton:
>>>>>>>
>>>>>>> Greg, well said. And Tim, well said. And I'll
>>>>>>> strongly +1 Michael Hammer as well. I agree with
>>>>>>> the "do no harm" philosophy -- I'm not convinced
>>>>>>> that some of the proposed changes (e.g., those
>>>>>>> outlined in the EWG report) wouldn't cause more
>>>>>>> harm than the existing, admittedly imperfect,
>>>>>>> system. As I've said before, the importance of
>>>>>>> tools like Reverse Whois isn't only direct --
>>>>>>> it's derivative as well. (If you enjoy the
>>>>>>> benefits of those of us who fight payment fraud,
>>>>>>> online abuse and other sorts of malfeasance, you
>>>>>>> have reverse Whois among other tools to thank.)
>>>>>>> Privacy laws in one part of the world are a
>>>>>>> factor we need to be aware of, among other factors.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Apr 26, 2017 at 9:07 AM nathalie coupet
>>>>>>> via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>> wrote:
>>>>>>>
>>>>>>> +1
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Nathalie
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wednesday, April 26, 2017 12:02 PM,
>>>>>>> Victoria Sheckler <vsheckler at riaa.com
>>>>>>> <mailto:vsheckler at riaa.com>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> +1
>>>>>>>
>>>>>>> Sent from my iPhone
>>>>>>>
>>>>>>>
>>>>>>> On Apr 26, 2017, at 8:56 AM, Greg Shatan
>>>>>>> <gregshatanipc at gmail.com
>>>>>>> <mailto:gregshatanipc at gmail.com>> wrote:
>>>>>>>
>>>>>>> Thanks for weighing in, Tim. Since this
>>>>>>> is a multi_stakeholder_ process,
>>>>>>> everyone is assumed to come in with a
>>>>>>> point of view, so don't be shy. At the
>>>>>>> same time, if stakeholders cling
>>>>>>> dogmatically to their points of view the
>>>>>>> multistakeholder model doesn't work.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> As for being out on a limb:
>>>>>>>
>>>>>>> * We haven't decided what data will be
>>>>>>> "private" and for which registrants
>>>>>>> (e.g., based on geography or entity
>>>>>>> status)
>>>>>>> * We haven't decided there will be
>>>>>>> "gated" access and what that might
>>>>>>> mean, both for policy and practicality
>>>>>>> * The question shouldn't be whether we
>>>>>>> will be "allowing third parties
>>>>>>> access to harvest, repackage and
>>>>>>> republish that data," but how we
>>>>>>> should allow this in a way that
>>>>>>> balances various concerns.
>>>>>>> Eliminating reverse Whois and other
>>>>>>> such services is not a goal of this
>>>>>>> Working Group.
>>>>>>>
>>>>>>> Our job should be to provide the
>>>>>>> greatest possible access to the best
>>>>>>> possible data, consistent with
>>>>>>> minimizing risk under reasonable
>>>>>>> interpretations of applicable law. We
>>>>>>> need to deal with existing and incoming
>>>>>>> privacy laws (and with other laws) as
>>>>>>> well, but not in a worshipful manner;
>>>>>>> instead it should be in a
>>>>>>> solution-oriented manner. This is not,
>>>>>>> after all, the Privacy Working Group.
>>>>>>> I'll +1 Michael Hammer: Rather than
>>>>>>> starting from a model of justifying
>>>>>>> everything and anything from a privacy
>>>>>>> perspective, I would suggest that it
>>>>>>> would be much more appropriate, other
>>>>>>> than technical changes such as moving
>>>>>>> towards using JSON, to require
>>>>>>> justification and consensus for any
>>>>>>> changes from the existing model(s) of WHOIS.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Finally, while our purpose is not to
>>>>>>> maintain anyone's economic interest,
>>>>>>> economic interests may well be aligned
>>>>>>> with policy interests. Assuming that
>>>>>>> economic interests are at odds with
>>>>>>> policy interests is just as dangerous as
>>>>>>> assuming that policy interests are
>>>>>>> served by maximizing economic interests.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Greg
>>>>>>>
>>>>>>>
>>>>>>> *Greg Shatan
>>>>>>> *C: 917-816-6428 <tel:%28917%29%20816-6428>
>>>>>>> S: gsshatan
>>>>>>> Phone-to-Skype: 646-845-9428
>>>>>>> <tel:%28646%29%20845-9428>
>>>>>>> gregshatanipc at gmail.com
>>>>>>> <mailto:gregshatanipc at gmail.com>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Apr 26, 2017 at 11:28 AM,
>>>>>>> Dotzero <dotzero at gmail.com
>>>>>>> <mailto:dotzero at gmail.com>> wrote:
>>>>>>>
>>>>>>> Adding to what Tim and Allison wrote.
>>>>>>>
>>>>>>> As a starting point, I've had an
>>>>>>> account with DomainTools in the past
>>>>>>> and will likely have one in the
>>>>>>> future, although I don't currently
>>>>>>> have one.
>>>>>>>
>>>>>>> There are other organizations and
>>>>>>> individuals which consume/aggregate
>>>>>>> whois data so I don't think that for
>>>>>>> the purposes of this discussion the
>>>>>>> focus should be on just DomainTools.
>>>>>>> I know researchers and academics who
>>>>>>> use this data to analyze all sorts
>>>>>>> of things. As has been pointed out,
>>>>>>> there are all sorts of folks staking
>>>>>>> out positions because of their
>>>>>>> economic (and other) interests
>>>>>>> without necessarily being
>>>>>>> transparent about those interests.
>>>>>>>
>>>>>>> It should be remembered that the
>>>>>>> Internet is an agglomeration of many
>>>>>>> networks and resources, some public
>>>>>>> and some private. At the same time,
>>>>>>> it is simply a bunch of technical
>>>>>>> standards that people and
>>>>>>> organizations have agreed to use to
>>>>>>> interact with each other. In many
>>>>>>> cases, the ultimate solution to
>>>>>>> abuse is to drop route. To the
>>>>>>> extent that good and granular
>>>>>>> information is not readily
>>>>>>> available, regular (innocent) users
>>>>>>> may suffer as owners and
>>>>>>> administrators of resources act to
>>>>>>> protect those resources and their
>>>>>>> legitimate users from abuse and
>>>>>>> maliciousness. The reality is that
>>>>>>> most users of the internet utilize a
>>>>>>> relatively small subset of all the
>>>>>>> resources out there. For some, a
>>>>>>> service like Facebook IS the Internet.
>>>>>>>
>>>>>>> It may also incite a tendency
>>>>>>> towards returning to a model of
>>>>>>> walled gardens. At various points I
>>>>>>> have heard discussions about the
>>>>>>> balkanization of the internet, with
>>>>>>> things like separate roots, etc.
>>>>>>> People should think very carefully
>>>>>>> about what they are asking for
>>>>>>> because they may not be happy with
>>>>>>> it if they actually get it.
>>>>>>>
>>>>>>> Rather than starting from a model of
>>>>>>> justifying everything and anything
>>>>>>> from a privacy perspective, I would
>>>>>>> suggest that it would be much more
>>>>>>> appropriate, other than technical
>>>>>>> changes such as moving towards using
>>>>>>> JSON, to require justification and
>>>>>>> consensus for any changes from the
>>>>>>> existing model(s) of WHOIS.
>>>>>>>
>>>>>>> Michael Hammer
>>>>>>>
>>>>>>> On Wed, Apr 26, 2017 at 10:27 AM,
>>>>>>> allison nixon <elsakoo at gmail.com
>>>>>>> <mailto:elsakoo at gmail.com>> wrote:
>>>>>>>
>>>>>>> Thank you for your email Tim.
>>>>>>>
>>>>>>> Full disclosure(because I
>>>>>>> believe in being transparent
>>>>>>> about this sort of thing), we do
>>>>>>> business with Domaintools and
>>>>>>> use their tools to consume whois
>>>>>>> data.
>>>>>>>
>>>>>>> "i'll close by saying I think
>>>>>>> Allison's point about economic
>>>>>>> value has merit. yes, the point
>>>>>>> of the WG is not to protect
>>>>>>> anyone's economic interest. I
>>>>>>> agree 100% with that statement
>>>>>>> and will disagree with anyone
>>>>>>> who thinks the future of
>>>>>>> DomainTools or other commercial
>>>>>>> service should have one iota of
>>>>>>> impact on this discussion."
>>>>>>>
>>>>>>> I will however disagree
>>>>>>> vehemently with you on this
>>>>>>> point. It is obvious that many
>>>>>>> of the arguments to cut off
>>>>>>> anonymous querying to WHOIS data
>>>>>>> are economically motivated.
>>>>>>> Financial concerns are cited
>>>>>>> numerous times in approved
>>>>>>> documents. I also believe the
>>>>>>> "vetting" process is likely to
>>>>>>> become a new revenue stream for
>>>>>>> someone as well. A revenue
>>>>>>> stream with HIGHLY questionable
>>>>>>> privacy value-add.
>>>>>>>
>>>>>>> Every dollar of income for the
>>>>>>> Domaintools company and others
>>>>>>> like it come from their clients,
>>>>>>> who see a multiplier of value
>>>>>>> from it. That means for every
>>>>>>> dollar spent on the entire whois
>>>>>>> aggregator industry means that a
>>>>>>> much larger amount of money is
>>>>>>> saved through prevented harms
>>>>>>> like fraud, abuse, and even fake
>>>>>>> medications which kill people.
>>>>>>>
>>>>>>> I think it is extremely
>>>>>>> important to identify what
>>>>>>> critical systems rely on whois
>>>>>>> (either directly or downstream),
>>>>>>> and determine if we are ready to
>>>>>>> give up the utility of these
>>>>>>> systems.
>>>>>>>
>>>>>>> We also need to identify the
>>>>>>> value of the ability to
>>>>>>> anonymously query whois and what
>>>>>>> that loss of privacy will mean
>>>>>>> as well. While I obviously do
>>>>>>> not make many queries
>>>>>>> anonymously(although our vendor
>>>>>>> has their own privacy policy), I
>>>>>>> understand this is important
>>>>>>> especially to those researching
>>>>>>> more dangerous actors. Why would
>>>>>>> $_COUNTRY dissidents want to
>>>>>>> query domains when their
>>>>>>> opponents would surely be
>>>>>>> hacking into the audit logs for
>>>>>>> this?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Apr 25, 2017 11:41 PM, "Chen,
>>>>>>> Tim" <tim at domaintools.com
>>>>>>> <mailto:tim at domaintools.com>> wrote:
>>>>>>>
>>>>>>> "And I hope more
>>>>>>> stakeholders in this
>>>>>>> multi-stakeholder process
>>>>>>> will come forward with their
>>>>>>> own perspectives, as they
>>>>>>> will differ from mine."
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> happy to do so. DomainTools
>>>>>>> is clearly a stakeholder in
>>>>>>> this debate. and we have a
>>>>>>> fair amount of experience
>>>>>>> around the challenges,
>>>>>>> benefits and risks of whois
>>>>>>> data aggregation at scale.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> from the beginning of this
>>>>>>> EWG/RDS idea we've stood
>>>>>>> down bc i didn't believe our
>>>>>>> opinion would be seen as
>>>>>>> objective-enough given our
>>>>>>> line of business. but it is
>>>>>>> apparent to me having
>>>>>>> followed this debate for
>>>>>>> many weeks now, that this is
>>>>>>> a working group of
>>>>>>> individuals who all bring
>>>>>>> their own biases into the
>>>>>>> debate. whether they care
>>>>>>> to admit that to themselves
>>>>>>> or not. so we might as well
>>>>>>> wade in too. bc I think our
>>>>>>> experience is very relevant
>>>>>>> to the discussion.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> i'll do my best to be as
>>>>>>> objective as I can, as a
>>>>>>> domain registrant myself and
>>>>>>> as an informed industry
>>>>>>> participant.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> since our experience is
>>>>>>> working with security minded
>>>>>>> organizations, that is the
>>>>>>> context with which I will
>>>>>>> comment.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> since this is an ICANN
>>>>>>> working group, I start with
>>>>>>> the ICANN mission statement
>>>>>>> around the security and
>>>>>>> stability of the DNS. I
>>>>>>> find myself wanting to fit
>>>>>>> this debate to that as the
>>>>>>> north star. i do not see
>>>>>>> the RDS as purpose driven to
>>>>>>> fit the GDPR or any
>>>>>>> region-specific legal
>>>>>>> resolution. but I do see
>>>>>>> those as important inputs to
>>>>>>> our discussion.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> from a security perspective,
>>>>>>> my experience is that the
>>>>>>> benefits of the current
>>>>>>> Whois model, taken with this
>>>>>>> lens, far outweigh the
>>>>>>> costs. again, I can only
>>>>>>> speak from my experience
>>>>>>> here at DomainTools, and
>>>>>>> obviously under the current
>>>>>>> Whois regime. This is not
>>>>>>> to say it cannot be
>>>>>>> improved. From a data
>>>>>>> accuracy perspective alone
>>>>>>> there is enormous room for
>>>>>>> improvement as I think we
>>>>>>> can all agree. every day I
>>>>>>> see the tangible benefits to
>>>>>>> security interests, which
>>>>>>> for the most part are "doing
>>>>>>> good", from the work that we
>>>>>>> do. when I compare that to
>>>>>>> the complaints that we get
>>>>>>> bc "my PII is visible in
>>>>>>> your data", it's not even
>>>>>>> close by my value barometer
>>>>>>> (which my differ from
>>>>>>> others'). this is relevant
>>>>>>> bc any future solution will
>>>>>>> be imperfect as I have
>>>>>>> mentioned before. as
>>>>>>> Allison and others point out
>>>>>>> we need to measure the harm
>>>>>>> done by any new system that
>>>>>>> may seek to solve one
>>>>>>> problem (privacy?) and
>>>>>>> inadvertently create many
>>>>>>> more. since this group is
>>>>>>> fond of analogies I'll
>>>>>>> contribute one from the
>>>>>>> medical oath (not sure if
>>>>>>> this is just U.S.) "first,
>>>>>>> do no harm".
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> i'll close by saying I think
>>>>>>> Allison's point about
>>>>>>> economic value has merit.
>>>>>>> yes, the point of the WG is
>>>>>>> not to protect anyone's
>>>>>>> economic interest. I agree
>>>>>>> 100% with that statement and
>>>>>>> will disagree with anyone
>>>>>>> who thinks the future of
>>>>>>> DomainTools or other
>>>>>>> commercial service should
>>>>>>> have one iota of impact on
>>>>>>> this discussion. but I also
>>>>>>> think "it's too expensive"
>>>>>>> or "it's too hard" are weak
>>>>>>> and dangerous excuses when
>>>>>>> dealing with an issue like
>>>>>>> this which has enormous and
>>>>>>> far reaching consequences
>>>>>>> for the very mission of
>>>>>>> ICANN around the security
>>>>>>> and stability of our internet.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Tim
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Apr 24, 2017 at 3:50
>>>>>>> PM, allison nixon
>>>>>>> <elsakoo at gmail.com
>>>>>>> <mailto:elsakoo at gmail.com>>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Thanks for the
>>>>>>> documentation in your
>>>>>>> earlier email. While I
>>>>>>> understand that's how
>>>>>>> things are supposed to
>>>>>>> work in theory, it's not
>>>>>>> implemented very widely,
>>>>>>> and unless there is
>>>>>>> enforcement, then it's
>>>>>>> unlikely to be useful at
>>>>>>> all.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "as a given, we put
>>>>>>> ourselves in a certain
>>>>>>> position in terms of the
>>>>>>> actions we can and
>>>>>>> cannot recommend. We can
>>>>>>> make similar statements
>>>>>>> focused on registry
>>>>>>> operators, registrars,
>>>>>>> or any other stakeholder
>>>>>>> in this space. If we all
>>>>>>> approach this WG's task
>>>>>>> with the goal of not
>>>>>>> changing anything, we're
>>>>>>> all just wasting our time."
>>>>>>>
>>>>>>> There are things that
>>>>>>> people would be willing
>>>>>>> to change about WHOIS.
>>>>>>> Changes purely relating
>>>>>>> to the data format would
>>>>>>> not be as controversial.
>>>>>>> Changing to that RDAP
>>>>>>> json format would
>>>>>>> probably be an agreeable
>>>>>>> point to most here.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> There are two different
>>>>>>> major points of
>>>>>>> contention here. The
>>>>>>> first is the data
>>>>>>> format, second is the
>>>>>>> creation of a new
>>>>>>> monopoly and ceding
>>>>>>> power to it. By monopoly
>>>>>>> I mean- who are the
>>>>>>> gatekeepers of "gated"
>>>>>>> access? Will it avoid
>>>>>>> all of the problems that
>>>>>>> monopolies are
>>>>>>> historically prone to?
>>>>>>> Who will pay them? It
>>>>>>> seems like a massive
>>>>>>> leap of faith to commit
>>>>>>> to this without knowing
>>>>>>> who we are making the
>>>>>>> commitment to.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "I do not believe it is
>>>>>>> this WG's responsibility
>>>>>>> to protect anyone's
>>>>>>>
>>>>>>> commercial services if
>>>>>>> those things are
>>>>>>> basically in response to
>>>>>>> deficiencies in the
>>>>>>> existing Whois protocol. "
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> From my understanding of
>>>>>>> past ICANN working
>>>>>>> groups, registrars have
>>>>>>> fought against issues
>>>>>>> that would have
>>>>>>> increased their costs.
>>>>>>> And the destruction of
>>>>>>> useful WHOIS results(or
>>>>>>> becoming beholden to
>>>>>>> some new monopoly) stand
>>>>>>> to incur far more costs
>>>>>>> for far larger
>>>>>>> industries. So this
>>>>>>> shouldn't surprise you.
>>>>>>> If those economic
>>>>>>> concerns are not valid
>>>>>>> then I question why the
>>>>>>> economic concerns of
>>>>>>> registrars are valid.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> If entire industries are
>>>>>>> built around a feature
>>>>>>> you would consider a
>>>>>>> "deficiency", then your
>>>>>>> opinion may solely be
>>>>>>> your own. And I hope
>>>>>>> more stakeholders in
>>>>>>> this multi-stakeholder
>>>>>>> process will come
>>>>>>> forward with their own
>>>>>>> perspectives, as they
>>>>>>> will differ from mine.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Not trying to hamstring
>>>>>>> the WG. Just asking if
>>>>>>> this is not something
>>>>>>> that has already been
>>>>>>> solved.."
>>>>>>>
>>>>>>> Hi Paul,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> It's an interesting
>>>>>>> thought. This document
>>>>>>> was recommended to me as
>>>>>>> one that was approved in
>>>>>>> the past by the working
>>>>>>> group that outlined what
>>>>>>> the resulting system
>>>>>>> might look like. I'm
>>>>>>> still learning and
>>>>>>> reading about these
>>>>>>> working groups and what
>>>>>>> they do, and this
>>>>>>> document is massive.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> https://www.icann.org/en/syste
>>>>>>> m/files/files/final-report-06j
>>>>>>> un14-en.pdf
>>>>>>> <https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> In the document, it
>>>>>>> says: /"Central to the
>>>>>>> remit of the EWG is the
>>>>>>> question of how to
>>>>>>> design a system that
>>>>>>> increases the accuracy
>>>>>>> of the data collected
>>>>>>> while also offering
>>>>>>> protections for those
>>>>>>> Registrants seeking to
>>>>>>> guard and maintain their
>>>>>>> privacy."/
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> One of the things I
>>>>>>> notice is that any talk
>>>>>>> about actually
>>>>>>> increasing accuracy of
>>>>>>> whois info- via
>>>>>>> enforcement- is
>>>>>>> vigorously opposed in
>>>>>>> this group, and it's
>>>>>>> merely assumed that
>>>>>>> people will supply
>>>>>>> better quality data
>>>>>>> under the new system.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Throughout the document
>>>>>>> it talks about use-cases
>>>>>>> and features (whois
>>>>>>> history, reverse query,
>>>>>>> etc), which are indeed
>>>>>>> identical to the
>>>>>>> features of the whois
>>>>>>> aggregators of current
>>>>>>> day. Such a system would
>>>>>>> replace them. Will the
>>>>>>> service quality be as good?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On page 63 it gets into
>>>>>>> thoughts on who would be
>>>>>>> "accredited" to access
>>>>>>> the gated whois data.
>>>>>>> Every proposed scenario
>>>>>>> seems to recognize the
>>>>>>> resulting system will
>>>>>>> need to handle a large
>>>>>>> query volume from a
>>>>>>> large number of people,
>>>>>>> and one proposes
>>>>>>> accrediting bodies which
>>>>>>> may accredit
>>>>>>> organizations which may
>>>>>>> accredit individuals. It
>>>>>>> even proposes an abuse
>>>>>>> handling system which is
>>>>>>> also reminiscent in
>>>>>>> structure to how abuse
>>>>>>> is handled currently in
>>>>>>> our domain name system.
>>>>>>> Many of these proposed
>>>>>>> schemes appear to mimic
>>>>>>> the ways that the
>>>>>>> hosting industry and
>>>>>>> registrar industry
>>>>>>> operate, so we can
>>>>>>> expect that the patterns
>>>>>>> of abuse will be equally
>>>>>>> frequent, especially if
>>>>>>> higher quality data is
>>>>>>> supplied.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> The proposed scenarios
>>>>>>> all paint a picture of
>>>>>>> "gated" access with very
>>>>>>> wide gates, while
>>>>>>> simultaneously
>>>>>>> representing to domain
>>>>>>> purchasers that their
>>>>>>> data is safe and privacy
>>>>>>> protected. And this is
>>>>>>> supposed to *reduce* the
>>>>>>> total number of privacy
>>>>>>> violations? This doesn't
>>>>>>> even appeal to me as a
>>>>>>> consumer of this data.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Whoever sets up this
>>>>>>> system also stands to
>>>>>>> inherit a lot of money
>>>>>>> from the
>>>>>>> soon-to-be-defunct whois
>>>>>>> aggregation industry.
>>>>>>> They would certainly win
>>>>>>> our contract, because we
>>>>>>> would have no choice.
>>>>>>> All domain reputation
>>>>>>> services, anti-spam,
>>>>>>> security research, etc,
>>>>>>> efforts will all need to
>>>>>>> pay up.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> After being supplied
>>>>>>> with the above document,
>>>>>>> I also saw a copy of a
>>>>>>> rebuttal written by a
>>>>>>> company that monitors
>>>>>>> abusive domains. I
>>>>>>> strongly agree with the
>>>>>>> sentiments in this
>>>>>>> document and I do not
>>>>>>> see evidence that those
>>>>>>> concerns have received
>>>>>>> fair consideration.
>>>>>>> While I do not see this
>>>>>>> new gatekeeper as an
>>>>>>> existential threat, I do
>>>>>>> see it as a likely
>>>>>>> degradation in the
>>>>>>> utility i do see from
>>>>>>> whois. To be clear, we
>>>>>>> do not do any business
>>>>>>> with this company.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> http://mm.icann.org/pipermail/
>>>>>>> input-to-ewg/attachments/20130
>>>>>>> 823/410038bb/LegitScriptCommen
>>>>>>> tsonICANNEWGWhoisReplacementSt
>>>>>>> ructure-0001.pdf
>>>>>>> <http://mm.icann.org/pipermail/input-to-ewg/attachments/20130823/410038bb/LegitScriptCommentsonICANNEWGWhoisReplacementStructure-0001.pdf>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I also found John
>>>>>>> Bambenek's point in a
>>>>>>> later thread to be
>>>>>>> interesting-
>>>>>>> concentrating WHOIS
>>>>>>> knowledge solely to one
>>>>>>> organization allows the
>>>>>>> country it resides in to
>>>>>>> use it to support its
>>>>>>> intelligence apparatus,
>>>>>>> for example monitoring
>>>>>>> when its espionage
>>>>>>> domains are queried for,
>>>>>>> and targeting
>>>>>>> researchers that query
>>>>>>> them (since anonymous
>>>>>>> querying will be
>>>>>>> revoked). Nation states
>>>>>>> already use domains in
>>>>>>> operations so this
>>>>>>> monopoly is a perfect
>>>>>>> strategic data
>>>>>>> reserve. The fact that
>>>>>>> this system is pushed by
>>>>>>> privacy advocates is
>>>>>>> indeed ironic.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> None of those concerns
>>>>>>> appear to have been
>>>>>>> addressed by this group
>>>>>>> in any serious capacity.
>>>>>>> Before the addition of
>>>>>>> new members, I don't
>>>>>>> think many people had
>>>>>>> the backgrounds or
>>>>>>> skillsets to even
>>>>>>> understand why they are
>>>>>>> a concern. But I think
>>>>>>> this is a discussion
>>>>>>> worth having at this
>>>>>>> point in time for this
>>>>>>> group.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Apr 24, 2017 at
>>>>>>> 1:50 PM, Andrew Sullivan
>>>>>>> <ajs at anvilwalrusden.com
>>>>>>> <mailto:ajs at anvilwalrusden.com>>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> On Mon, Apr 24, 2017
>>>>>>> at 07:25:47PM +0200,
>>>>>>> Paul Keating wrote:
>>>>>>> > Andrew,
>>>>>>> >
>>>>>>> > Thank you. That
>>>>>>> was helpful.
>>>>>>> >
>>>>>>> > ""Given this
>>>>>>> registrant, what other
>>>>>>> > domains are
>>>>>>> registered?" is a
>>>>>>> solved problem, and
>>>>>>> has been since the
>>>>>>> > early 2000s.2
>>>>>>> >
>>>>>>> > This is also
>>>>>>> traceable via
>>>>>>> alternative means
>>>>>>> such as consistencies in
>>>>>>> > various WHOIS
>>>>>>> fields such as
>>>>>>> email, address,
>>>>>>> name, etc.
>>>>>>>
>>>>>>> Well, sort of. The
>>>>>>> email, address, and
>>>>>>> name fields are _user_
>>>>>>> supplied. So they
>>>>>>> come from the other
>>>>>>> party to the
>>>>>>> transaction. The
>>>>>>> ROID is assigned by
>>>>>>> the registry
>>>>>>> itself. So once you
>>>>>>> have a match,
>>>>>>> you know that you
>>>>>>> are looking at the
>>>>>>> same object, only
>>>>>>> the same
>>>>>>> object, and all the
>>>>>>> same object(s).
>>>>>>>
>>>>>>> Email addresses in
>>>>>>> particular are
>>>>>>> guaranteed unique in
>>>>>>> the world at
>>>>>>> any given time
>>>>>>> (though not
>>>>>>> guaranteed as unique
>>>>>>> identifiers over
>>>>>>> time), so they may
>>>>>>> be useful for these
>>>>>>> purposes. Take it
>>>>>>> from someone
>>>>>>> named "Andrew
>>>>>>> Sullivan", however,
>>>>>>> that names are
>>>>>>> pretty useless as
>>>>>>> context-free
>>>>>>> identifiers :)
>>>>>>>
>>>>>>> > In reality finding
>>>>>>> out answers to
>>>>>>> questions such as
>>>>>>> > yours (above)
>>>>>>> requires
>>>>>>> investigation using
>>>>>>> a plethora of data.
>>>>>>>
>>>>>>> To be clear, finding
>>>>>>> out the answer to
>>>>>>> what I (meant to)
>>>>>>> pose(d)
>>>>>>> requires no plethora
>>>>>>> of data: it requires
>>>>>>> a single query and
>>>>>>> access to
>>>>>>> the right repository
>>>>>>> (the registry). In
>>>>>>> some theoretical
>>>>>>> system, the
>>>>>>> correct underlying
>>>>>>> database query would
>>>>>>> be something like this:
>>>>>>>
>>>>>>> SELECT
>>>>>>> domain_roid,
>>>>>>> domain_name FROM
>>>>>>> domains WHERE
>>>>>>> registrant_roid = ?;
>>>>>>>
>>>>>>> and you put the
>>>>>>> correct ROID in
>>>>>>> where the question
>>>>>>> mark is, and off
>>>>>>> you go. That will
>>>>>>> give you the list of
>>>>>>> all the domain
>>>>>>> names, and
>>>>>>> their relevant
>>>>>>> ROIDs, registered by
>>>>>>> a given registrant
>>>>>>> contact. At
>>>>>>> least one registry
>>>>>>> with which I am
>>>>>>> familiar once had a
>>>>>>> WHOIS feature
>>>>>>> that allowed
>>>>>>> something close to
>>>>>>> the above, only it
>>>>>>> would stop after
>>>>>>> some number of
>>>>>>> domains so as not to
>>>>>>> return too much
>>>>>>> data. I think the
>>>>>>> default was
>>>>>>> therefore LIMIT 50,
>>>>>>> but I also think the
>>>>>>> feature was
>>>>>>> eventually
>>>>>>> eliminated about the
>>>>>>> time that the ICANN
>>>>>>> community rejected
>>>>>>> IRIS as an answer to
>>>>>>> "the whois problem".
>>>>>>>
>>>>>>> What the above will
>>>>>>> of course not do is
>>>>>>> help you in the
>>>>>>> event Bob The
>>>>>>> Scammer has created
>>>>>>> dozens of different
>>>>>>> contacts for himself
>>>>>>> by (say)
>>>>>>> registering names
>>>>>>> through many
>>>>>>> different
>>>>>>> registrars. I do
>>>>>>> not believe
>>>>>>> that any registry is
>>>>>>> going to support
>>>>>>> such a use at least
>>>>>>> without
>>>>>>> access controls,
>>>>>>> because it can be
>>>>>>> expensive to answer
>>>>>>> such things.
>>>>>>> So, what you
>>>>>>> understood me to be
>>>>>>> asking, I think, is
>>>>>>> the question I
>>>>>>> did _not_ ask: given
>>>>>>> this human being or
>>>>>>> organization, what other
>>>>>>> domains are
>>>>>>> registered?" That
>>>>>>> does require a lot
>>>>>>> of different data,
>>>>>>> and it requires
>>>>>>> cross-organizational
>>>>>>> searches, and it
>>>>>>> requires sussing
>>>>>>> out when someone has
>>>>>>> lied also. Such
>>>>>>> research is, I
>>>>>>> agree, completely
>>>>>>> outside the scope of
>>>>>>> what any technical
>>>>>>> system will ever be
>>>>>>> able to
>>>>>>> offer reliably.
>>>>>>>
>>>>>>> > An entire
>>>>>>> > industry exists
>>>>>>> for this purpose and
>>>>>>> I don1t think we
>>>>>>> should be
>>>>>>> > considering
>>>>>>> replacing what has
>>>>>>> already been
>>>>>>> existing in the
>>>>>>> cyber security
>>>>>>> > marketplace.
>>>>>>>
>>>>>>> I do not believe it
>>>>>>> is this WG's
>>>>>>> responsibility to
>>>>>>> protect anyone's
>>>>>>> commercial services
>>>>>>> if those things are
>>>>>>> basically in response to
>>>>>>> deficiencies in the
>>>>>>> existing Whois
>>>>>>> protocol. In this
>>>>>>> case, however,
>>>>>>> that's not the
>>>>>>> problem. Linking
>>>>>>> data in multiple
>>>>>>> databases to a given
>>>>>>> real-world human
>>>>>>> being is hard even
>>>>>>> in systems without
>>>>>>> competition and
>>>>>>> multiple points of
>>>>>>> access. It's always
>>>>>>> going to require
>>>>>>> researchers
>>>>>>> for the domain name
>>>>>>> system.
>>>>>>>
>>>>>>> Best regards.
>>>>>>>
>>>>>>>
>>>>>>> A
>>>>>>>
>>>>>>> --
>>>>>>> Andrew Sullivan
>>>>>>> ajs at anvilwalrusden.com
>>>>>>> <mailto:ajs at anvilwalrusden.com>
>>>>>>> ______________________________
>>>>>>> _________________
>>>>>>> gnso-rds-pdp-wg
>>>>>>> mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>> https://mm.icann.org/mailman/l
>>>>>>> istinfo/gnso-rds-pdp-wg
>>>>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> ______________________________
>>>>>>> ___
>>>>>>> Note to self: Pillage
>>>>>>> BEFORE burning.
>>>>>>>
>>>>>>>
>>>>>>> ______________________________
>>>>>>> _________________
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>> https://mm.icann.org/mailman/l
>>>>>>> istinfo/gnso-rds-pdp-wg
>>>>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ______________________________
>>>>>>> _________________
>>>>>>>
>>>>>>>
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>> https://mm.icann.org/mailman/l
>>>>>>> istinfo/gnso-rds-pdp-wg
>>>>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ______________________________
>>>>>>> _________________
>>>>>>>
>>>>>>>
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>> https://mm.icann.org/mailman/
>>>>>>> listinfo/gnso-rds-pdp-wg
>>>>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>>
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>>
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>>
>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Mit freundlichen Grüßen,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Volker A. Greimann
>>>>>>>
>>>>>>> - Rechtsabteilung -
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Key-Systems GmbH
>>>>>>>
>>>>>>> Im Oberen Werk 1
>>>>>>>
>>>>>>> 66386 St. Ingbert
>>>>>>>
>>>>>>> Tel.: +49 (0) 6894 - 9396 901 <tel:+49%206894%209396901>
>>>>>>>
>>>>>>> Fax.: +49 (0) 6894 - 9396 851 <tel:+49%206894%209396851>
>>>>>>>
>>>>>>> Email: vgreimann at key-systems.net
>>>>>>> <mailto:vgreimann at key-systems.net>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Web: www.key-systems.net <http://www.key-systems.net> / www.RRPproxy.net <http://www.RRPproxy.net>
>>>>>>>
>>>>>>> www.domaindiscount24.com
>>>>>>> <http://www.domaindiscount24.com> / www.BrandShelter.com <http://www.BrandShelter.com>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
>>>>>>>
>>>>>>> www.facebook.com/KeySystems
>>>>>>> <http://www.facebook.com/KeySystems>
>>>>>>>
>>>>>>> www.twitter.com/key_systems
>>>>>>> <http://www.twitter.com/key_systems>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Geschäftsführer: Alexander Siffrin
>>>>>>>
>>>>>>> Handelsregister Nr.: HR B 18835 - Saarbruecken
>>>>>>>
>>>>>>> Umsatzsteuer ID.: DE211006534
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Member of the KEYDRIVE GROUP
>>>>>>>
>>>>>>> www.keydrive.lu <http://www.keydrive.lu>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --------------------------------------------
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Should you have any further questions, please do not hesitate to contact us.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Best regards,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Volker A. Greimann
>>>>>>>
>>>>>>> - legal department -
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Key-Systems GmbH
>>>>>>>
>>>>>>> Im Oberen Werk 1
>>>>>>>
>>>>>>> 66386 St. Ingbert
>>>>>>>
>>>>>>> Tel.: +49 (0) 6894 - 9396 901 <tel:+49%206894%209396901>
>>>>>>>
>>>>>>> Fax.: +49 (0) 6894 - 9396 851 <tel:+49%206894%209396851>
>>>>>>>
>>>>>>> Email: vgreimann at key-systems.net
>>>>>>> <mailto:vgreimann at key-systems.net>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Web: www.key-systems.net <http://www.key-systems.net> / www.RRPproxy.net <http://www.RRPproxy.net>
>>>>>>>
>>>>>>> www.domaindiscount24.com
>>>>>>> <http://www.domaindiscount24.com> / www.BrandShelter.com <http://www.BrandShelter.com>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Follow us on Twitter or join our fan community on Facebook and stay updated:
>>>>>>>
>>>>>>> www.facebook.com/KeySystems
>>>>>>> <http://www.facebook.com/KeySystems>
>>>>>>>
>>>>>>> www.twitter.com/key_systems
>>>>>>> <http://www.twitter.com/key_systems>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> CEO: Alexander Siffrin
>>>>>>>
>>>>>>> Registration No.: HR B 18835 - Saarbruecken
>>>>>>>
>>>>>>> V.A.T. ID.: DE211006534
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Member of the KEYDRIVE GROUP
>>>>>>>
>>>>>>> www.keydrive.lu <http://www.keydrive.lu>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.org
>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>>
>>>>>>
>>>>
>>>> _______________________________________________ gnso-rds-pdp-wg
>>>> mailing listgnso-rds-pdp-wg at icann.org
>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>>
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170427/4e720a69/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list