<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!--[if gte mso 9]>
<xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:PixelsPerInch>96</o:PixelsPerInch>
</o:OfficeDocumentSettings>
</xml>
<![endif]-->
<style type="text/css">* a:hover{cursor:pointer;}</style>
<style>body {-webkit-animation:bugfix infinite 1s;}@-webkit-keyframes bugfix {from {position:relative;}to {position:relative;}}</style>
</head>
<body style="word-wrap:normal; word-break:break-word;">
<style>a {word-wrap:normal;word-break:break-word;}.background-contain {background-size:contain;}@media only screen and (max-width:600px) {.container {-webkit-text-size-adjust:none !important;}.container,.palm-one-whole {width:100% !important;min-width:100% !important;}.palm-one-half {width:50% !important;min-width:50% !important;box-sizing:border-box;}blockquote .container,blockquote .container div,blockquote .container table {width:auto !important;min-width:0 !important;position:relative !important;}img {max-width:100%;}.border-outer,.border-middle,.border-inner,.inner,[title="separator"] {width:100% !important;}.innercell {padding:8px !important;}.palm-block {display:block !important;}td.palm-one-whole {display:inline-block !important;padding:0;}td.palm-one-whole:first-child:not(:only-child) {margin-bottom:16px;}td.hostname {padding-top:3px !important;}}@media only screen and (min-width:601px) {.preview-card {max-width:600px !important;}}@media only screen and (min-device-width :320px) and (max-device-width :568px),only screen and (min-device-width :768px) and (max-device-width :1024px),only screen and (max-device-width:640px),only screen and (max-device-width:667px),only screen and (max-width:480px){.container {width:100% !important;min-width:100% !important;}.p,.small,li,font[size="2"],font[size="3"] {font-size:1em !important;}}@media only screen and (min-device-width :320px) and (max-device-width :568px),only screen and (min-device-width :768px) and (max-device-width :1024px),only screen and (min-device-width :1224px) {.message-wrapper {padding-top:6px;}.apple-only[style] {display:block !important;max-height:none !important;line-height:normal !important;overflow:visible !important;height:auto !important;width:100% !important;position:relative !important;}.no-apple {display:none !important;}form {font-size:inherit;}input[type="text"] {height:43px;padding-left:4px !important;}button:hover {cursor:pointer;}}@media only screen and (min-device-width :1224px) {.apple-mail-form {display:block !important;background-color:white !important;}}* [office365] .outlook-com-hidden {display:none !important;}* [office365] .outlook-com-button {display:block;}* [office365] .outlook-com-only {display:block !important;max-height:none !important;line-height:normal !important;overflow:visible !important;height:auto !important;width:100% !important;position:relative !important;}</style>
<!--[if (gte mso 9)|(IE)]>
<style>a,body {font-family:'Calibri',Arial,sans-serif;}img {border:none !important;-ms-interpolation-mode:bicubic;}td {mso-line-height-rule:exactly !important;}.mso-card-inner table {border-collapse:collapse !important;mso-table-lspace:0pt;mso-table-rspace:0pt;vertical-align:top;}.outlook-com-only {display:none !important;font-size:0 !important;}#mso-one-whole {width:100% !important;}.border-outer,.border-middle,.border-inner {border:none !important;}.border-middle,.border-inner {width:100% !important;}.mso-border-outer,.mso-border-middle,.mso-border-inner {padding:1px;}.mso-border-outer {background-color:rgb(245,255,255);}.mso-border-middle {background-color:rgb(223,246,255);}.mso-border-inner {background-color:rgb(153,176,225);}</style>
<![endif]-->
<table class="container" lang="container" border="0" cellpadding="0" cellspacing="0" valign="top" style="width:100%; margin-top:6px;">
<tr>
<td valign="top" class="message-wrapper" style="line-height: 1.31; color: #222; font-family: arial, sans-serif;">
<!--[if mso]><table border="0" cellpadding="0" cellspacing="0" valign="top" style="border-collapse:separate;"><tr><td valign="top"><![endif]-->
<div>Thanks for sharing this, Nick.</div><div><br></div><blockquote style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex; padding-top: 0px; padding-bottom: 0px;"><div>Use case: Governments use the WHOIS to investigate with 'crimes in action', and the current level of access enables them to mitigate threats in a timely manner.</div></blockquote><div><br></div><div>Governments have ample mechanisms through which they can obtain information about a domain name registrant. I would put forward that sensitive, personally-identifiable information should only be released to State actors as a result of a judicial order where due process has been followed. </div><div><font><br></font></div><div>- Ayden</div><img align="left" width="0" height="0" style="border:0; width:0px; height:0px;" src="https://app.mixmax.com/api/track/v2/Xf5dr2v0NO2WhUOz5/i02bj5SZulGblRmclZGQu5WYjlmI/icmcv5ibuF2YpB0Z31CckBXLzRmct82cudmI/?sc=false" alt="">
<!--[if mso]></td></tr></table><![endif]-->
</td>
</tr>
</table>
<div>
<div>
<p data-m-apply-default-font="true"><br></p>
<div class="gmail_extra">
<p data-m-apply-default-font="true"><br></p>
<div class="gmail_quote">
On Mon, Jul 25, 2016 5:27 PM, Nick Shorey <span dir="ltr"> <a href="mailto:nick.shorey@culture.gov.uk" target="_blank">nick.shorey@culture.gov.uk</a></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<div dir="ltr">Yep certainly wouldn't want to jump the gun Volker.<div><br></div><div>Use case: Governments use the WHOIS to investigate with 'crimes in action', and the current level of access enables them to mitigate threats in a timely manner.</div><div><br></div><div>=)</div><div><br></div><div>Nick</div></div><div><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"></div><div dir="ltr"><div><b><span></span><span></span>Nick Shorey BA(Hons) MSc.</b></div><div>Senior Policy Advisor | Global Internet Governance</div><div>Department for Culture, Media & Sport</div><div>HM Government | United Kingdom</div><div><br></div><div>Email: <a href="mailto:nick.shorey@culture.gov.uk" target="_blank">nick.shorey@culture.gov.uk</a></div><div>Tel: +44 (0)7741 256 320</div><div>Skype: nick.shorey</div><div>Twitter: @nickshorey</div><div>LinkedIn: <a href="http://www.linkedin.com/in/nicklinkedin" target="_blank">www.linkedin.com/in/nicklinkedin</a></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div>On 25 July 2016 at 12:45, Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span> wrote:<br><blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>I think we are jumping the gun again. Let's rather focus on the
use cases and how they should be structured. <br>
</p><div><div>
<br>
<div>Am 25.07.2016 um 12:59 schrieb Nick
Shorey:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Thanks everyone for sharing these useful articles.
Would love to meet Krebs some day.
<div><br>
</div>
<div>As Rod mentioned, WHOIS often being the first point of
research in many LEA investigations, and though whilst it
might not always be the ultimate 'smoking gun' piece of
evidence presented in court, the importance of WHOIS data in
the initial stages of an investigation must not be
underplayed.</div>
<div><br>
</div>
<div>Another observation I'd make is that with things like
malware, online pharmacies and threat to life scenarios where
WHOIS data can be crucial, we're often dealing with what I
call 'crime in action'. The quicker you can build a holistic
understanding of the threat, the more impactive your action
can be - and the fewer people that get harmed.</div>
<div><br>
</div>
<div>The current level of access to WHOIS definitely supports
'timely' investigation which can make a huge difference in
such cases, and as we get further down the track on this PDP,
I think its important to note this element in our
deliberations.</div>
<div><br>
</div>
<div>Keep up the great work.</div>
<div><br>
</div>
<div>Nick</div>
</div>
<div><br clear="all">
<div>
<div data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><b><span></span><span></span>Nick
Shorey
BA(Hons) MSc.</b></div>
<div>Senior
Policy Advisor
| Global
Internet
Governance</div>
<div>Department
for Culture,
Media &
Sport</div>
<div>HM
Government |
United Kingdom</div>
<div><br>
</div>
<div>Email: <a href="mailto:nick.shorey@culture.gov.uk" target="_blank">nick.shorey@culture.gov.uk</a></div>
<div>Tel: +44
(0)7741 256
320</div>
<div>Skype:
nick.shorey</div>
<div>Twitter:
@nickshorey</div>
<div>LinkedIn:
<a href="http://www.linkedin.com/in/nicklinkedin" target="_blank">www.linkedin.com/in/nicklinkedin</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div>On 21 July 2016 at 00:28, Greg Shatan <span dir="ltr"><<a href="mailto:gregshatanipc@gmail.com" target="_blank">gregshatanipc@gmail.com</a>></span>
wrote:<br>
<blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div style="font-family:verdana,sans-serif">While we're at
it, Krebs also covered a case that I worked on in its
early stages: <a href="http://krebsonsecurity.com/2016/07/serial-swatter-stalker-and-doxer-mir-islam-gets-just-1-year-in-jail/" target="_blank">http://krebsonsecurity.com/2016/07/serial-swatter-stalker-and-doxer-mir-islam-gets-just-1-year-in-jail/</a>.
One of my clients had sensitive information (a credit
report, illegally acquired, along with social security
number, bank account information, etc., etc.) exposed on
a website run by Mir Islam; a number of other people had
credit reports and other information posted. Through a
combination of Whois (both ccTLD and gTLD) and Zone File
information and other available information, we were
able to get the site taken offline, but not before
significant distress and potential for damage occurred.
The site went back up (and quicklydown) several more
times, as shadier and shadier web hosts were used. The
FBI and Secret Service quickly got involved, and further
work shifted to them, thought we were kept informed (to
the extent possible) of their activities in shutting
this operation down. I didn't realize until I read the
Krebs article how much other tortious and criminal
activity this person and his colleagues were involved
in.</div>
<div style="font-family:verdana,sans-serif"><br>
</div>
<div style="font-family:verdana,sans-serif">During this case,
I had to research the potential consequences of an adult
changing their social security number (it's not easy,
but it can be done). The consequences are not pretty,
because your credit history, medical history and a lot
of other information is tied to your social security
number. When you change a social security number, none
of that transfers over, so you have to go through a lot
of steps to put your life back together. Ultimately,
the solution seemed worse than the problem, especially
since we were able to get the site taken down so
quickly.</div>
<div style="font-family:verdana,sans-serif"><br>
</div>
<div style="font-family:verdana,sans-serif">Greg</div>
</div>
<div><br clear="all">
<div>
<div data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div style="font-size:12.8px">
<table style="width:600pt" border="0" cellpadding="0" cellspacing="0" width="800">
<tbody>
<tr>
<td style="width:6pt;padding:0in" width="8"><br>
</td>
<td style="padding:0in">
<p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><br>
</p>
</td>
</tr>
</tbody>
</table>
</div>
<p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><font face="Calibri" size="2" style="font-size: 1em;"><span style="font-size:11pt"> </span></font></p>
<table style="width:600.0pt" border="0" cellpadding="0" cellspacing="0" width="800">
<tbody>
<tr>
<td style="width:75.0pt;padding:0in 0in 0in 0in" valign="top" width="100">
<p><span></span><img src="https://docs.google.com/uc?export=download&id=0B90h5wcghspFRXc1T05BaVZVbjg&revid=0B90h5wcghspFUEtGZS9IQ1F4cXp3WTcrSnZFRjhwQjlCZTN3PQ"><br>
</p>
</td>
<td style="width:6.0pt;padding:0in 0in 0in 0in" width="8">
<p><span> </span></p>
</td>
<td style="padding:0in 0in 0in 0in">
<p><b><span style="font-size:8.5pt;font-family:"Arial","sans-serif";color:#002e62">Gregory
S. Shatan | Partner<br>
</span></b><span style="font-size:7.5pt;font-family:"Arial","sans-serif";color:black">McCARTER
& ENGLISH, LLP<br>
<br>
245 Park Avenue, 27th
Floor | New York, New York
10167<br>
T: <a href="tel:212-609-6873" value="+12126096873" target="_blank">212-609-6873</a><br>
C: <a href="tel:917-816-6428" value="+19178166428" target="_blank">917-816-6428</a><br>
F: <a href="tel:212-416-7613" value="+12124167613" target="_blank">212-416-7613</a><br>
<a href="mailto:gshatan@mccarter.com" target="_blank"><span style="color:#225599">gshatan@mccarter.com</span></a> |
<a href="http://www.mccarter.com/" target="_blank"><span style="color:#225599">www.mccarter.com</span></a>
<br>
<br>
</span><span style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#777777">BOSTON |
HARTFORD | STAMFORD | NEW
YORK | NEWARK <br>
EAST BRUNSWICK |
PHILADELPHIA | WILMINGTON |
WASHINGTON, DC</span><span></span></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<br>
<div>On Wed, Jul 20, 2016 at 3:35
PM, Terri Stumme <span dir="ltr"><<a href="mailto:terri.stumme@legitscript.com" target="_blank">terri.stumme@legitscript.com</a>></span>
wrote:<br>
<blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div style="font-family:georgia,serif;font-size:small">I
would like to weigh in here and recommend,
because we all have so much extra time, that
you take a few minutes to read the following
article (there are many others) and Wikipedia
bio related to Paul LeRoux, specifically,
please read Section 3, RX Limited in the
Wikipedia bio. It is important to point out
that Paul LeRoux's company, ABSystems was an
ICANN accredited registrar. Not only was he
running one of the largest Internet pharmacy
networks, he was the SPAM king and responsible
for much (not all) of the Internet pharmacy
spam everyone has likely received at some
point in time. It is also important to point
out that -- there are others!</div>
<div style="font-family:georgia,serif;font-size:small"><br>
</div>
<div style="font-family:georgia,serif;font-size:small">(<a href="https://news.vice.com/article/paul-e-roux-joseph-hunter-rambo-the-dea-meth-and-cocaine" target="_blank">https://news.vice.com/article/paul-e-roux-joseph-hunter-rambo-the-dea-meth-and-cocaine</a>)</div>
<div style="font-family:georgia,serif;font-size:small">(<a href="https://en.wikipedia.org/wiki/Paul-Le_Roux" target="_blank">https://en.wikipedia.org/wiki/Paul-Le_Roux</a>)</div>
<div style="font-family:georgia,serif;font-size:small"><br>
</div>
<div style="font-family:georgia,serif;font-size:small">Background:
This DEA case began with the investigation of
LeRoux's online pharmacy business (I worked at
DEA for 16-1/2 years, ten of which I spent
working in the Internet pharmacy
investigations section). The RX Limited
network was comprised of approximately 25,000
domain names, and this investigation, as well
as all Internet pharmacy investigations, begin
with collecting WHOIS and DNS information for
the domain names. Typically there are several
individuals and organizations involved in the
operation of an online pharmacy network, and
typically there are hundreds of domain names
affiliated with the network. WHOIS information
is critical to the investigation, and is
utilized to map out the network and identify
domain name ownership. Even if bogus WHOIS
information is utilized, it is still pertinent
-- perhaps the same bogus information is given
for more than one domain name. We then know
that those domain names with the same bogus
information are likely part of the same
network.</div>
<div style="font-family:georgia,serif;font-size:small"><br>
</div>
<div style="font-family:georgia,serif;font-size:small">Over
the years, there have been several requests
from ICANN and registrars for LE to provide
case examples. I cannot tell you the number of
times I wish I were able to talk about this
particular case. The reality is that talking
about ongoing investigations, and even certain
aspects of closed investigations is forbidden.
There is a trust factor that must be
considered here -- we are not making this
stuff up -- it's real, and there is very
dangerous criminal activity happening
facilitated via the Internet, and whatever we
need to do to curb this activity should be the
goal of any upstanding, moral, law-abiding
individual (organization).</div>
<div style="font-family:georgia,serif;font-size:small"><br>
</div>
<div style="font-family:georgia,serif;font-size:small">I
do not claim to have all the answers here, nor
how we get to where we need to be, but I
firmly believe that open, unrestricted access
to WHOIS information that includes no fewer
data points than what is currently available,
is absolutely critical.<br>
</div>
<div style="font-family:georgia,serif;font-size:small"><br>
</div>
<div>
<div>
<div><br>
<div>On Wed, Jul 20,
2016 at 12:04 AM, Mark Svancarek via
gnso-rds-pdp-wg <span dir="ltr"><<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>></span>
wrote:<br>
<blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Here’s
one that was used during a
criminal investigation though
it was found by
non-law-enforcement people.</span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="http://thinkprogress.org/justice/2015/06/20/3672201/alleged-dylann-roof-racist-manifesto-revealed/" target="_blank">http://thinkprogress.org/justice/2015/06/20/3672201/alleged-dylann-roof-racist-manifesto-revealed/</a></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p>
<p><a name="m_-4347374077623813855_m_-5786202095474220245_m_-8159019314153622291_m_4762267710339249907__MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></a></p>
<span></span>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Rod
Rasmussen [mailto:<a href="mailto:rrasmussen@infoblox.com" target="_blank">rrasmussen@infoblox.com</a>]
<br>
<b>Sent:</b> Tuesday, July
19, 2016 5:25 PM<br>
<b>To:</b> Mounier,
Grégory <<a href="mailto:gregory.mounier@europol.europa.eu" target="_blank">gregory.mounier@europol.europa.eu</a>><br>
<b>Cc:</b> Chuck Gomes
<<a href="mailto:cgomes@verisign.com" target="_blank">cgomes@verisign.com</a>>;
Mark Svancarek <<a href="mailto:marksv@microsoft.com" target="_blank">marksv@microsoft.com</a>>;
Andrew Sullivan <<a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a>>;
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b> Re:
[gnso-rds-pdp-wg] @EXT
WHOIS info and
investigation</span></p>
</div>
</div>
<div>
<div>
<p> </p>
<p>Krebs
is always a great read -
really knows his stuff
technically and as a
journalist. If you liked
this, check out his book
Spam Nation for a whole
history of this and some of
the main actors behind it
throughout most of the last
ten years.</p>
<div>
<p> </p>
</div>
<div>
<p>This is
a fairly typical OSINT
(Open Source Intelligence)
type of investigation.
You’d think criminal
“masterminds” wouldn’t use
horrible operational
security practices like
using their same personal
information on social
media accounts, malicious
and personal domain
registrations, embedded in
malcode, or in e-mails.
Yet they do every day and
this is a major source of
cybersecurity
professionals being able
to track down all manner
of undesirable Internet
activities from services
abuse to flat-out illegal
acts in most if not all
jurisdictions.</p>
<div>
<p> </p>
</div>
<div>
<p>A
couple of additional
things to note.</p>
</div>
<div>
<p> </p>
</div>
<div>
<p>1)
Law enforcement had
nothing to do with this
particular
story/investigation.
This is true for most
cybersecurity
operational activity and
investigations - it’s
largely a private-sector
affair with security
companies of various
flavors looking at the
malware, spam,
malvertizing, etc. that
crosses their paths.
From that starting point
they try to figure out
things like what else is
tied to it (so I can
block or kill it), or
“who’s doing this”, or
“what are they really up
to?”</p>
</div>
<div>
<p> </p>
</div>
<div>
<p>2)
There are a lot of
“established” service
providers around the
world that have heavy
levels of abuse on them
over a very long time.
It is really hard at
times to separate “bad
guys” from “incompetent”
or “uncaring"
operators. Collection
of data like this can
lead to connections
between various
activities that can put
a much better color on
their hats.</p>
</div>
<div>
<p> </p>
</div>
<div>
<p>3) To
then bring charges that
could actually affect a
subject’s life though,
any and all of this kind
of research is merely a
starting point that the
police then use to
inform a much more
traditional
investigation that
involves formal records
requests, court-ordered
actions like search
warrants or wiretaps,
etc. so they can develop
court admissible
evidence. A whois query
result is not evidence,
and no one gets thrown
in jail for having a
dodgy domain registered
in their name.</p>
</div>
<div>
<p> </p>
</div>
<div>
<p>Cheers,</p>
</div>
<div>
<p> </p>
</div>
<div>
<p>Rod</p>
<div>
<p> </p>
<div>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p>On
Jul 19, 2016,
at 3:03 PM,
Mounier,
Grégory <<a href="mailto:gregory.mounier@europol.europa.eu" target="_blank">gregory.mounier@europol.europa.eu</a>>
wrote:</p>
</div>
<p> </p>
<div>
<div>
<p style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Dear
all,<span> </span><br>
<br>
Here is a nice
example of how
WHOIS
information is
used to
investigate
unlawful
activities:<br>
<br>
<a href="http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/" target="_blank">http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/</a><br>
<br>
Greg</span><strong><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"></span></strong></p>
<div>
<p><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"> </span></b></p>
</div>
<div style="text-align:center" align="center"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">
<hr align="center" size="2" width="100%">
</span></div>
<p style="margin-bottom:12.0pt"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From:</span></b><span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"> </span></span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a><span> </span>on
behalf of
Gomes, Chuck<br>
<b>Sent:</b><span> </span>18
July 2016
20:26:34<br>
<b>To:</b><span> </span>'Mark
Svancarek';
'Andrew
Sullivan';<span> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b><span> </span>Re:
[gnso-rds-pdp-wg] An important technical consideration about nature of
the service
(was Re: The
overflowing
list )</span><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"></span></p>
</div>
<div>
<p><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Thanks
Mark.<br>
<br>
Chuck<br>
<br>
-----Original
Message-----<br>
From: Mark
Svancarek [<a href="mailto:marksv@microsoft.com" target="_blank">mailto:marksv@microsoft.com</a>]<span> </span><br>
Sent: Monday,
July 18, 2016
1:40 PM<br>
To: Gomes,
Chuck; 'Andrew
Sullivan';<span> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
Subject: RE:
[gnso-rds-pdp-wg]
An important
technical
consideration
about nature
of the service
(was Re: The
overflowing
list )<br>
<br>
I'll take a
stab at it. <span> </span><br>
I've also
asked our
IP/Brand
people and
digital crimes
people to help
me document
how Microsoft
uses WhoIs
data today,
but not ETA
when that will
be ready.<br>
<br>
-----Original
Message-----<br>
From:<span> </span><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a><span> </span>[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
On Behalf Of
Gomes, Chuck<br>
Sent:
Saturday, July
16, 2016 6:29
AM<br>
To: 'Andrew
Sullivan' <<a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a>>;<span> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
Subject: Re:
[gnso-rds-pdp-wg]
An important
technical
consideration
about nature
of the service
(was Re: The
overflowing
list )<br>
<br>
Any volunteers
to develop
Andrew's
suggestions
into use
cases?<br>
<br>
Chuck<br>
<br>
-----Original
Message-----<br>
From:<span> </span><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a><span> </span>[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
On Behalf Of
Andrew
Sullivan<br>
Sent:
Saturday, July
16, 2016 1:00
AM<br>
To:<span> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
Subject:
[gnso-rds-pdp-wg]
An important
technical
consideration
about nature
of the service
(was Re: The
overflowing
list )<br>
<br>
Thanks,
Stephanie, for
the quick
issue list.
There's one
thing that I
want to draw
out here so
that we can
keep it
foremost when
thinking of<br>
issues:<br>
<br>
On Sat, Jul
16, 2016 at
12:05:10AM
-0400,
Stephanie
Perrin wrote:<br>
<br>
> * Where
the RDS
(whether a
central
database or
federated or
completely<br>
>
disaggregated)
resides
becomes
important for
law
enforcement
access.<br>
<br>
This "where
data resides"
issue is bound
to vex us, no
matter what
kind of policy
we come up
with. But
it's really
important to
keep in mind
that the
different
styles of
system design
will yield
very different
properties.<br>
<br>
In the
taxonomy I
offered before<br>
(<a href="https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmm.icann.org%2fpipermail%2fgnso-rds-pdp-wg%2f2016-June%2f000951.html&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=d3d1ttF1Z5Kn9M1VZ1RKPFSppMzJHpCaIKM1LHynBBQ%3d" target="_blank">https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmm.icann.org%2fpipermail%2fgnso-rds-pdp-wg%2f2016-June%2f000951.html&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=d3d1ttF1Z5Kn9M1VZ1RKPFSppMzJHpCaIKM1LHynBBQ%3d</a>),<br>
models I and V
have a clear
since answer
to, "Where
does the data
reside?"
because they
have a single
database
backing them
up. In models
II-IV,
however, the
answer to,
"Where does
the data
reside?" is
actually not
entirely
meaningful.
There are
multiple
places where
the data are,
and for data
with respect
to any given
domain name
each datum
might be in a
different
place.
(Indeed, part
of the design
of RDAP is
precisely to
make such
arrangements
easier to deal
with.)<br>
<br>
It is
therefore
better to try
to find a way,
consistent
with all of
the various
requirements
documents, to
answer some
other
questions.<br>
I think these
might be
helpful in
building use
cases:<br>
<br>
1. For
any given
datum, who has
control of and
access to the
datum?<br>
<br>
2. For
any given
datum, what
are the
conditions
under which
the<br>
datum
ought to be
accessible?<br>
<br>
3. For
any given set
of related
data, how can
it be
accessed?<br>
<br>
Notice that
answering (3)
will provides
use cases for
data access,
whereas (1)
and (2)
provide for
limit
conditions on
how and when
use cases
might be
apply.<br>
<br>
I hope these
framing
questions are
helpful in
figuring out
which use
cases we can
bring to bear
on
requirements.<br>
<br>
Best regards,<br>
<br>
A<br>
<br>
--<br>
Andrew
Sullivan<br>
<a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a><br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d" target="_blank">https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d</a><br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d" target="_blank">https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d</a><br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></span></p>
</div>
<p><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">*******************<br>
<br>
DISCLAIMER :
This message
is sent in
confidence and
is only
intended for
the named
recipient. If
you receive
this message
by mistake,
you may not
use, copy,
distribute or
forward this
message, or
any part of
its contents
or rely upon
the
information
contained in
it.<br>
Please notify
the sender
immediately by
e-mail and
delete the
relevant
e-mails from
any computer.
This message
does not
constitute a
commitment by
Europol unless
otherwise
indicated.<br>
<br>
******************* _______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
</span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">gnso-rds-pdp-wg@icann.org</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
</span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</span></a></p>
</div>
</blockquote>
</div>
<p> </p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">-- <br>
<div data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font size="2" style="font-size: 1em;"><span style="background-color:rgb(159,197,232)"><i>Terri Stumme</i></span></font>
<div><font size="2" style="font-size: 1em;"><span style="background-color:rgb(159,197,232)"><i>Investigative
Analyst</i></span></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</font></span></div>
</div>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div></div><pre cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a>
Fax.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a>
Fax.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</div>
<br>_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>
</blockquote>
</div>
</div>
</div>
</div>
<br><br><div>Ayden Férdeline</div><div><a href="https://community.icann.org/display/gnsosoi/Ayden+Férdeline+SOI" style="background-color: white;">Statement of Interest</a></div>
</body>
</html>