[gnso-rds-pdp-wg] WSGR Final Memorandum
Theo Geurts
gtheo at xs4all.nl
Fri Sep 29 08:14:31 UTC 2017
Got it, thanks,
Just a risk analysis where a TLD is often involved in abuse, the domain
names in that TLD get a higher risk score if privacy services are also
present for that domain name. I read that some anti-spam systems block
certain new gTLDs entirely, I guess the risk score went through the roof.
The reason for drilling down on this a little more was due to this
recent report, and I somewhat misread or failed to understand how the
risk score is being calculated.
https://www.icann.org/en/system/files/files/sadag-final-09aug17-en.pdf
This report mentions: The usage of Privacy or Proxy Services by itself
is not a reliable indicator of abuse.
Thanks again,
Theo
Again it is clear now, thanks all.
On 28-9-2017 20:50, Dotzero wrote:
> To add to what Allison has indicated, websites do analysis of these
> sorts of datapoints for evaluating transactions for fraud and
> potential abuse. For example, signups form domains that have private
> registrations have a very high propensity to be related to abuse.
> Signups and visits to our websites from IP addresses belonging to
> hosting providers have an even higher correlation with abuse (how many
> endusers browse the web from severs in datacenters?).
>
> This is not police action, it is organizations protecting themselves,
> their other users and the internet at large from abusive activity.
>
> Michael Hammer
>
> On Thu, Sep 28, 2017 at 2:33 PM, allison nixon <elsakoo at gmail.com
> <mailto:elsakoo at gmail.com>> wrote:
>
> Reputation is based on a lot of different points not just contents
> of WHOIS data. If the .EU TLD can keep its customer base clean,
> there isn't much need for WHOIS data for the most part, however
> this group doesn't make policy for ccTLDs. For other TLDs that
> this group does recommend policy for, for example, .XYZ, which
> boasts a greater-than-90-percent rate of maliciousness, any
> legitimate domain in that space will need some other points of
> reputation to make up for that. WHOIS is part of that, including
> the age, and actual contact details.
>
> That said, WHOIS data is an important part of tracing ownership
> and it can have consequences for the registrant.
>
> Recently we had to deal with a ccTLD of .ir that was being used to
> control large botnets. The current and historical WHOIS data
> showed signs that a legitimate registrant's account was stolen to
> do this. Thus, when the complaint was sent to the registrar, the
> registrant was not accused of running botnets, but instead the
> registrar was alerted to an abuse of the service and they could
> take action accordingly. If the ownership of this domain could not
> be traced, and if there were not skilled investigators on the
> other end, would the registrant have been in danger of going to an
> Iranian prison?
>
> It turns out, the ccTLD of .ir was specifically chosen because the
> criminals thought the poor international relations would hamper
> law enforcement action. However WHOIS and the transparency it
> provides allowed people to discover the truth and prevent serious
> problems. By locking up WHOIS behind court orders, these
> cross-border issues will become worse.
>
> Also, to be clear since a lot of people can't seem to tell the
> difference, everything we did was well within the bounds of civil
> action, we weren't "pretending to be the police" or any of the
> other things people in this group accuse security companies of
> doing when they deal with malware. Any member of the public can
> file an abuse complaint.
>
>
>
>
>
> On Thu, Sep 28, 2017 at 2:10 PM, theo geurts <gtheo at xs4all.nl
> <mailto:gtheo at xs4all.nl>> wrote:
>
> Allison,
>
> Does this problem also exsist with TLDs like .EU, .NL, .DE,
> .FR just to name a few ccTLDs?
>
> Curious,
>
> Theo
>
>
> On 28-9-2017 19:42, allison nixon wrote:
>> >> So, I can see a day that if privacy advocates and/or EU
>> legislation fears prevent such a Best Practice as proper
>> WHOIS records, the service providers will simply choose
>> practices, such as 'you cannot access our service unless you
>> have public whois information available'.
>>
>> It's already happening. Try sending an e-mail using a domain
>> behind WHOIS privacy. Some anti-spam systems drop it straight
>> in the garbage because WHOIS privacy is already a negative
>> reputation point. If WHOIS gets shut down, I fully expect
>> groups like Spamhaus, M3AAWG, APWG, etc, to publish a set of
>> guidelines that registrants need to abide by in order to send
>> mail, or be accessible by people behind corporate firewalls
>> that block based on reputation. ICANN must understand that
>> they are at risk of losing relevancy if they want to take
>> this hardline approach, because if a law breaks the continued
>> functioning of a network, the network will route around it.
>>
>> Look at the "cookies" EU law. Did that actually stop any
>> websites from using cookies? No, it just created a popup that
>> no one reads but everyone clicks through to visit the
>> website. Because breaking cookies breaks websites.
>>
>>
>> >>Some of us have real jobs too..
>>
>> which is the main reason why i can't spend 8 hours every day
>> watching this group, unlike some people here who have been
>> active in this group for years now.
>>
>>
>>
>> My response to Chuck's email earlier, I bolded the responses
>> and tagged the start and end of my replies for clarity:
>>
>> "independent answers to the same questions we asked the
>> European data protection experts earlier in the year"
>> [Chuck Gomes] That was a request from WG members who felt
>> that the DP experts might be biased. The questions were
>> developed by the WG. There were two primary reasons for
>> using the same questions: 1) both groups would be
>> responding to the same questions and therefore make it
>> easy to compare; 2) the questions were approved by the WG.
>>
>>
>> *<allison>I don't think anyone accused the DP experts of
>> being biased. The objection was that the questions themselves
>> were biased. The words "phishing" and "spam" and "malware"
>> never once appeared in this entire document, despite being
>> major core issues. The only abuse issues that were focused on
>> were in relation to intellectual property violation and
>> harassment of women, both of which are not the major issues
>> most of us deal with on a daily basis(not to belittle them
>> but they are generally not the reason why we are here today).
>> The word "fraud" was mentioned once in a question and then
>> never directly addressed in the response.*
>> *
>> *
>> *Additionally, my entire industry was grossly misrepresented
>> in question #6. None of us operate with police powers, and
>> none of us pretend to have any. When we submit a complaint to
>> a registrar about one of their customers breaking the law,
>> the illegality of the act provides necessary justification
>> for the registrar to drop the customer without a refund. This
>> is not prosecution of a crime, and claiming it is such is a
>> lie. Evidence of breaking the law is necessary because
>> registrars aren't just going to take down any customer we say
>> we don't like. I wholly object to the entire line they
>> continued on about cybersecurity companies and "quasi-police
>> powers", because the question never differentiated between
>> civil and criminal actions and it was therefore misleading. *
>> *
>> *
>> *None of the questions addressed the issues that registrants
>> have where their WHOIS and other reputation points affect the
>> de-facto functionality of a domain, for example a domain's
>> functionality is hampered when it is on blocklists. Or if
>> someone sends a complaint against the domain and has no tools
>> to differentiate the registrant from the criminal (as
>> registrar accounts are often hacked), then the incorrect
>> accusation can also affect the operability of the domain as
>> it is mistakenly taken down in confusion. None of the
>> questions ask about conflicts between GDPR and basic
>> network-level-functionality of domains.*
>> *
>> *
>> *Also, none of the questions ask if a free no-obligation
>> alternative (whois privacy protect) enhances the validity of
>> consent given for making WHOIS records public. </allison>*
>>
>> So we weren't allowed to ask questions of these legal
>> experts? You know, they can't magically divine all
>> legitimate use cases. The session with the EU data
>> protection experts earlier this year is the exact same
>> one we objected to because anti abuse use cases got
>> exactly zero representation. So why choose that exact set
>> of questions again especially since an entire group of
>> people have joined the group afterwards(actually, due to
>> this specific problem of lack of representation)? And
>> then label it "final", really.
>> [Chuck Gomes] We didn’t ask them to consider use cases
>> except as they were relevant to the questions we asked;
>> that is our job and we prepared a list of those a long
>> time ago. We asked them to focus on their understanding
>> of European Data Protection law. Our WG has a good mix
>> of people that use RDS data for different uses.
>>
>> *<allison>And his answers are borderline useless. The
>> scenarios presented were extremely poor, and not reflecting
>> today's Internet and the problems network operators face. For
>> example, when he writes "This means that the term 'vital
>> interest' is to be interpreted as referring to an
>> individual’s life, health, safety, or other such interest
>> that is essential to their physical wellbeing", he goes on to
>> talk about IP violations, the rights of a child, the economic
>> interests of a search engine, finally concluding "we believe
>> that the **conditions for using the 'legitimate interests'
>> legal basis would not be satisfied".*
>> *
>> *
>> *That's a complete misrepresentation of the interests at
>> stake here. The issue at hand is not the economic interests
>> of one company nor about mere copyright infringement. The
>> WHOIS data resource is used to combat all types of fraud,
>> international espionage, rigging of elections, and so many
>> hostile attacks. Some of these attacks, especially DDOS,
>> frequently threaten basic functionality of the Internet. It
>> has an international strategic value and promotes lawful
>> behavior far more than it hurts. It's used to create cleaner,
>> safer networks. There are countless documented instances
>> where WHOIS played a key role and where the replacement
>> system would have allowed the malicious behavior to continue.
>> All of these facts have been conveniently left out of the
>> question, and since the lawyer can't be expected to know all
>> this, he has no choice but to conclude that the legitimate
>> interests provided are too weak. </allison>*
>>
>>
>> Havent gone through it yet, will do so as i get time.
>> Expecting to see the same result one can expect when one
>> doesn't represent entire groups of constituencies.
>> [Chuck Gomes] What do you mean by representing ‘entire
>> groups of constituencies’? Do you represent an entire
>> constituency? Are you aware of any constituencies who
>> are not represented in the WG? If so, please encourage
>> them to participate.
>>
>>
>> *<allison>Dozens of people joined this mailing list after
>> numerous events demonstrated that this working group did not
>> consider the overall well being of the Internet, and had a
>> completely skewed idea of the problems the Internet faces
>> today. People were outraged that this group was going in the
>> direction it was going, ignoring how the Internet actually
>> works. The fact that these questions were chosen- and the
>> fact that the new membership(especially those that joined
>> after the questions were initially asked) were not given any
>> opportunity to provide input on questions to the lawyer- does
>> not reflect well on the leadership of this working group.
>> Even when the original questions were created, as far as I
>> can tell, only people physically present at that meeting had
>> any chance to provide input. For those of us with jobs in
>> operations, being ever-present for this working group is
>> impossible, and none of us have the stamina that some of the
>> people here have, because we are busy working. *
>> *
>> *
>> *At its most charitable interpretation, the choice of these
>> specific questions could be an innocent oversight or
>> miscommunication. At its least charitable, it looks like
>> ICANN's money was wasted on a procedural trick to keep facts
>> out of the conversation and continue to push a narrow agenda.*
>> *
>> *
>> *People from numerous unrelated Internet companies and law
>> firms flooded this group earlier this year once sunshine was
>> shed on this group's activities. Maybe that's important.
>> Please take it seriously. </allison>*
>>
>>
>>
>>
>>
>>
>>
>> On Wed, Sep 27, 2017 at 6:22 PM, Michael Peddemors
>> <michael at linuxmagic.com <mailto:michael at linuxmagic.com>> wrote:
>>
>> IMHO, If ICANN cannot figure out how to make a proper
>> functioning WHOIS policy, we have to remember that the
>> community at large will, and then simply, ICANN will
>> loose relevance on this issue.
>>
>> No one passed a law that a mail server had to have a
>> functioning PTR record, (well yes, some international
>> spam legislations clearly spelled out the need for
>> clearly specifying the operator) but if you want to send
>> email today, functionally you need a PTR record.
>>
>> Only problem is, that often it is the biggest players
>> that set those standards, and it is the role of
>> organizations like ICANN to level the field, and make
>> sure that directions aren't dictated by the biggest
>> players on the block, and never more so in a world of
>> consolidation and cloud providers.
>>
>> I think it was Yahoo that was one of the first big
>> players to simply not accept connections from IP(s) with
>> no PTR, and I know we were one of the early adopters to
>> that strategy..
>>
>> So, I can see a day that if privacy advocates and/or EU
>> legislation fears prevent such a Best Practice as proper
>> WHOIS records, the service providers will simply choose
>> practices, such as 'you cannot access our service unless
>> you have public whois information available'.
>>
>> It would be far better if ICANN can understand the
>> importance of that need, and make a statement that
>> everyone can get behind and point to, that levels that
>> field, in 'spite' of possible contradictory privacy
>> information.
>>
>> Let's just simple keep these two conversations separate,
>> one should NOT affect the other, this isn't a privacy vs
>> information publishing standards issue, we can have both.
>>
>> (And again, I assert that simply 'informed consent' can
>> always deal with any situations where they conflict)
>>
>> -- Michael --
>>
>> PS, my concern is that this lengthy wrangling prevents
>> real work from getting done, and the participants who are
>> integral to this conversation will fall by the way side,
>> and the lobbyist's will simply wear them down ..
>>
>> Some of us have real jobs too..
>>
>>
>> On 17-09-27 02:58 PM, John Bambenek via gnso-rds-pdp-wg
>> wrote:
>>
>> A simple policy proscription would be, for instance,
>> to say under US law if you get a domain under the
>> control of a US registrar, we need you to consent to
>> full disclosure. Don't like it, pick a European
>> ccTLD. I don't advocate that, mind you, but that's
>> the kind of policy balkanization could produce.
>>
>> j
>>
>>
>> On 09/27/2017 04:31 PM, Paul Keating wrote:
>>
>> I am failing to understand how such a
>> walled-garden approach will solve anything.
>>
>> 1.EU <http://1.EU> registrars/registries would
>> still have to deal with GDPR.
>>
>> 2.Registrars are not aided by the distinction
>> since they would still end up with EU customers
>> and EU registrant data.
>>
>> PRK
>>
>> From: <gnso-rds-pdp-wg-bounces at icann.org
>> <mailto:gnso-rds-pdp-wg-bounces at icann.org>
>> <mailto:gnso-rds-pdp-wg-bounces at icann.org
>> <mailto:gnso-rds-pdp-wg-bounces at icann.org>>> on
>> behalf of jonathan matkowsky
>> <jonathan.matkowsky at riskiq.net
>> <mailto:jonathan.matkowsky at riskiq.net>
>> <mailto:jonathan.matkowsky at riskiq.net
>> <mailto:jonathan.matkowsky at riskiq.net>>>
>> Date: Wednesday, September 27, 2017 at 11:03 PM
>> To: Rubens Kuhl <rubensk at nic.br
>> <mailto:rubensk at nic.br> <mailto:rubensk at nic.br
>> <mailto:rubensk at nic.br>>>
>> Cc: RDS PDP WG <gnso-rds-pdp-wg at icann.org
>> <mailto:gnso-rds-pdp-wg at icann.org>
>> <mailto:gnso-rds-pdp-wg at icann.org
>> <mailto:gnso-rds-pdp-wg at icann.org>>>
>> Subject: Re: [gnso-rds-pdp-wg] WSGR Final Memorandum
>>
>> Assuming for argument's sake that's true
>> without taking any
>> position as I'm still catching up from a week
>> ago, I'm not sure
>> this should be dismissed without
>> consideration as a possibility,
>> although obviously not by any stretch of the
>> imagination ideal -->
>> non-EU registrars block EU registrants, and
>> registries contract
>> with non-EU registrars.
>>
>> On Tue, Sep 26, 2017 at 8:25 PM, Rubens Kuhl
>> <rubensk at nic.br <mailto:rubensk at nic.br>
>> <mailto:rubensk at nic.br
>> <mailto:rubensk at nic.br>>> wrote:
>>
>>
>> On Sep 26, 2017, at 7:17 PM, John Horton
>> <john.horton at legitscript.com
>> <mailto:john.horton at legitscript.com>
>> <mailto:john.horton at legitscript.com
>> <mailto:john.horton at legitscript.com>>> wrote:
>>
>> Much of this problem goes away if we
>> all agree that EU-based
>> registrars should henceforth only be
>> allowed to accept
>> registrants in the EU. Aside from the
>> effect on EU
>> registrars' revenue, what's the
>> logical argument against that
>> from a policy perspective?
>>
>> After all, isn't the purpose of the
>> GDPR to protect _EU
>> residents_?
>>
>>
>> That's correct, but the conclusion is
>> not. Non-EU registrars
>> are also subject to GDPR if targeting EU
>> customers, which
>> could be as simple as providing services
>> in EU languages and
>> accepting registration transactions from
>> the EU.
>> So, for the problem to go away non-EU
>> registrars would need to
>> block EU registrants, and registries
>> would only be able to
>> enter contracts with non-EU registrars.
>>
>> So EU users would either be happy using
>> numeric IP addresses,
>> or develop a naming system of their own.
>> Then we would have
>> balkanisation, this time actually
>> including the original balkans.
>>
>>
>> Rubens
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> <mailto:gnso-rds-pdp-wg at icann.org>
>> <mailto:gnso-rds-pdp-wg at icann.org
>> <mailto:gnso-rds-pdp-wg at icann.org>>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>>
>>
>>
>>
>> *******************************************************************
>> This message was sent from RiskIQ, and is
>> intended only for the
>> designated recipient(s). It may contain
>> confidential or
>> proprietary information and may be subject to
>> confidentiality
>> protections. If you are not a designated
>> recipient, you may not
>> review, copy or distribute this message. If
>> you receive this in
>> error, please notify the sender by reply
>> e-mail and delete this
>> message. Thank
>> you.*******************************************************************_______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> <mailto:gnso-rds-pdp-wg at icann.org>
>> <mailto:gnso-rds-pdp-wg at icann.org
>> <mailto:gnso-rds-pdp-wg at icann.org>>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> <mailto:gnso-rds-pdp-wg at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> <mailto:gnso-rds-pdp-wg at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>>
>>
>> --
>> "Catch the Magic of Linux..."
>> ------------------------------------------------------------------------
>> Michael Peddemors, President/CEO LinuxMagic Inc.
>> Visit us at http://www.linuxmagic.com @linuxmagic
>> ------------------------------------------------------------------------
>> A Wizard IT Company - For More Info http://www.wizard.ca
>> "LinuxMagic" a Registered TradeMark of Wizard Tower
>> TechnoServices Ltd.
>> ------------------------------------------------------------------------
>> 604-682-0300 <tel:604-682-0300> Beautiful British
>> Columbia, Canada
>>
>> This email and any electronic data contained are
>> confidential and intended
>> solely for the use of the individual or entity to which
>> they are addressed.
>> Please note that any views or opinions presented in this
>> email are solely
>> those of the author and are not intended to represent
>> those of the company.
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>>
>>
>> --
>> _________________________________
>> Note to self: Pillage BEFORE burning.
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170929/37512a70/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list