<div dir="ltr">Thanks everyone for sharing these useful articles. Would love to meet Krebs some day.<div><br></div><div>As Rod mentioned, WHOIS often being the first point of research in many LEA investigations, and though whilst it might not always be the ultimate 'smoking gun' piece of evidence presented in court, the importance of WHOIS data in the initial stages of an investigation must not be underplayed.</div><div><br></div><div>Another observation I'd make is that with things like malware, online pharmacies and threat to life scenarios where WHOIS data can be crucial, we're often dealing with what I call 'crime in action'. The quicker you can build a holistic understanding of the threat, the more impactive your action can be - and the fewer people that get harmed.</div><div><br></div><div>The current level of access to WHOIS definitely supports 'timely' investigation which can make a huge difference in such cases, and as we get further down the track on this PDP, I think its important to note this element in our deliberations.</div><div><br></div><div>Keep up the great work.</div><div><br></div><div>Nick</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"></div><div dir="ltr"><div><b><span></span><span></span>Nick Shorey BA(Hons) MSc.</b></div><div>Senior Policy Advisor | Global Internet Governance</div><div>Department for Culture, Media & Sport</div><div>HM Government | United Kingdom</div><div><br></div><div>Email: <a href="mailto:nick.shorey@culture.gov.uk" target="_blank">nick.shorey@culture.gov.uk</a></div><div>Tel: +44 (0)7741 256 320</div><div>Skype: nick.shorey</div><div>Twitter: @nickshorey</div><div>LinkedIn: <a href="http://www.linkedin.com/in/nicklinkedin" target="_blank">www.linkedin.com/in/nicklinkedin</a></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On 21 July 2016 at 00:28, Greg Shatan <span dir="ltr"><<a href="mailto:gregshatanipc@gmail.com" target="_blank">gregshatanipc@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">While we're at it, Krebs also covered a case that I worked on in its early stages: <a href="http://krebsonsecurity.com/2016/07/serial-swatter-stalker-and-doxer-mir-islam-gets-just-1-year-in-jail/" target="_blank">http://krebsonsecurity.com/2016/07/serial-swatter-stalker-and-doxer-mir-islam-gets-just-1-year-in-jail/</a>. One of my clients had sensitive information (a credit report, illegally acquired, along with social security number, bank account information, etc., etc.) exposed on a website run by Mir Islam; a number of other people had credit reports and other information posted. Through a combination of Whois (both ccTLD and gTLD) and Zone File information and other available information, we were able to get the site taken offline, but not before significant distress and potential for damage occurred. The site went back up (and quicklydown) several more times, as shadier and shadier web hosts were used. The FBI and Secret Service quickly got involved, and further work shifted to them, thought we were kept informed (to the extent possible) of their activities in shutting this operation down. I didn't realize until I read the Krebs article how much other tortious and criminal activity this person and his colleagues were involved in.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">During this case, I had to research the potential consequences of an adult changing their social security number (it's not easy, but it can be done). The consequences are not pretty, because your credit history, medical history and a lot of other information is tied to your social security number. When you change a social security number, none of that transfers over, so you have to go through a lot of steps to put your life back together. Ultimately, the solution seemed worse than the problem, especially since we were able to get the site taken down so quickly.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Greg</div></div><div class="gmail_extra"><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"></p><div style="font-size:12.8px"><table border="0" cellspacing="0" cellpadding="0" width="800" style="width:600pt"><tbody><tr><td width="8" style="width:6pt;padding:0in"><br></td><td style="padding:0in"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><br></p></td></tr></tbody></table></div><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><font size="2" face="Calibri"><span style="font-size:11pt"><u></u> </span></font></p><table border="0" cellspacing="0" cellpadding="0" width="800" style="width:600.0pt">
<tbody><tr>
<td width="100" valign="top" style="width:75.0pt;padding:0in 0in 0in 0in">
<p><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:#1f497d"></span><img src="https://docs.google.com/uc?export=download&id=0B90h5wcghspFRXc1T05BaVZVbjg&revid=0B90h5wcghspFUEtGZS9IQ1F4cXp3WTcrSnZFRjhwQjlCZTN3PQ"><br></p>
</td>
<td width="8" style="width:6.0pt;padding:0in 0in 0in 0in">
<p><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:#1f497d"> </span></p>
</td>
<td style="padding:0in 0in 0in 0in">
<p><b><span style="font-size:8.5pt;font-family:"Arial","sans-serif";color:#002e62">Gregory
S. Shatan | Partner<br>
</span></b><span style="font-size:7.5pt;font-family:"Arial","sans-serif";color:black">McCARTER & ENGLISH, LLP<br>
<br>
245 Park Avenue, 27th Floor | New York, New York 10167<br>
T: <a href="tel:212-609-6873" value="+12126096873" target="_blank">212-609-6873</a><br>
C: <a href="tel:917-816-6428" value="+19178166428" target="_blank">917-816-6428</a><br>
F: <a href="tel:212-416-7613" value="+12124167613" target="_blank">212-416-7613</a><br>
<a href="mailto:gshatan@mccarter.com" target="_blank"><span style="color:#225599">gshatan@mccarter.com</span></a> |
<a href="http://www.mccarter.com/" target="_blank"><span style="color:#225599">www.mccarter.com</span></a>
<br>
<br>
</span><span style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#777777">BOSTON | HARTFORD | STAMFORD | NEW YORK |
NEWARK <br>
EAST BRUNSWICK | PHILADELPHIA | WILMINGTON | WASHINGTON, DC</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:#1f497d"></span></p>
</td>
</tr>
</tbody></table></div></div></div></div></div></div></div></div></div><div><div class="h5">
<br><div class="gmail_quote">On Wed, Jul 20, 2016 at 3:35 PM, Terri Stumme <span dir="ltr"><<a href="mailto:terri.stumme@legitscript.com" target="_blank">terri.stumme@legitscript.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:georgia,serif;font-size:small">I would like to weigh in here and recommend, because we all have so much extra time, that you take a few minutes to read the following article (there are many others) and Wikipedia bio related to Paul LeRoux, specifically, please read Section 3, RX Limited in the Wikipedia bio. It is important to point out that Paul LeRoux's company, ABSystems was an ICANN accredited registrar. Not only was he running one of the largest Internet pharmacy networks, he was the SPAM king and responsible for much (not all) of the Internet pharmacy spam everyone has likely received at some point in time. It is also important to point out that -- there are others!</div><div class="gmail_default" style="font-family:georgia,serif;font-size:small"><br></div><div class="gmail_default" style="font-family:georgia,serif;font-size:small"><a href="https://news.vice.com/article/paul-le-roux-joseph-hunter-rambo-the-dea-meth-and-cocaine" target="_blank"></a>(<a href="https://news.vice.com/article/paul-e-roux-joseph-hunter-rambo-the-dea-meth-and-cocaine" target="_blank">https://news.vice.com/article/paul-e-roux-joseph-hunter-rambo-the-dea-meth-and-cocaine</a>)</div><div class="gmail_default" style="font-family:georgia,serif;font-size:small"><a href="https://en.wikipedia.org/wiki/Paul_Le_Roux" target="_blank"></a>(<a href="https://en.wikipedia.org/wiki/Paul-Le_Roux" target="_blank">https://en.wikipedia.org/wiki/Paul-Le_Roux</a>)</div><div class="gmail_default" style="font-family:georgia,serif;font-size:small"><br></div><div class="gmail_default" style="font-family:georgia,serif;font-size:small">Background: This DEA case began with the investigation of LeRoux's online pharmacy business (I worked at DEA for 16-1/2 years, ten of which I spent working in the Internet pharmacy investigations section). The RX Limited network was comprised of approximately 25,000 domain names, and this investigation, as well as all Internet pharmacy investigations, begin with collecting WHOIS and DNS information for the domain names. Typically there are several individuals and organizations involved in the operation of an online pharmacy network, and typically there are hundreds of domain names affiliated with the network. WHOIS information is critical to the investigation, and is utilized to map out the network and identify domain name ownership. Even if bogus WHOIS information is utilized, it is still pertinent -- perhaps the same bogus information is given for more than one domain name. We then know that those domain names with the same bogus information are likely part of the same network.</div><div class="gmail_default" style="font-family:georgia,serif;font-size:small"><br></div><div class="gmail_default" style="font-family:georgia,serif;font-size:small">Over the years, there have been several requests from ICANN and registrars for LE to provide case examples. I cannot tell you the number of times I wish I were able to talk about this particular case. The reality is that talking about ongoing investigations, and even certain aspects of closed investigations is forbidden. There is a trust factor that must be considered here -- we are not making this stuff up -- it's real, and there is very dangerous criminal activity happening facilitated via the Internet, and whatever we need to do to curb this activity should be the goal of any upstanding, moral, law-abiding individual (organization).</div><div class="gmail_default" style="font-family:georgia,serif;font-size:small"><br></div><div class="gmail_default" style="font-family:georgia,serif;font-size:small">I do not claim to have all the answers here, nor how we get to where we need to be, but I firmly believe that open, unrestricted access to WHOIS information that includes no fewer data points than what is currently available, is absolutely critical.<br></div><div class="gmail_default" style="font-family:georgia,serif;font-size:small"><br></div><div class="gmail_extra"><div><div><br><div class="gmail_quote">On Wed, Jul 20, 2016 at 12:04 AM, Mark Svancarek via gnso-rds-pdp-wg <span dir="ltr"><<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Here’s one that was used during a criminal investigation though it was found by non-law-enforcement people.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="http://thinkprogress.org/justice/2015/06/20/3672201/alleged-dylann-roof-racist-manifesto-revealed/" target="_blank">http://thinkprogress.org/justice/2015/06/20/3672201/alleged-dylann-roof-racist-manifesto-revealed/</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><a name="m_-5786202095474220245_m_-8159019314153622291_m_4762267710339249907__MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></a></p>
<span></span>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Rod Rasmussen [mailto:<a href="mailto:rrasmussen@infoblox.com" target="_blank">rrasmussen@infoblox.com</a>]
<br>
<b>Sent:</b> Tuesday, July 19, 2016 5:25 PM<br>
<b>To:</b> Mounier, Grégory <<a href="mailto:gregory.mounier@europol.europa.eu" target="_blank">gregory.mounier@europol.europa.eu</a>><br>
<b>Cc:</b> Chuck Gomes <<a href="mailto:cgomes@verisign.com" target="_blank">cgomes@verisign.com</a>>; Mark Svancarek <<a href="mailto:marksv@microsoft.com" target="_blank">marksv@microsoft.com</a>>; Andrew Sullivan <<a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a>>; <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg] @EXT WHOIS info and investigation<u></u><u></u></span></p>
</div>
</div><div><div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Krebs is always a great read - really knows his stuff technically and as a journalist. If you liked this, check out his book Spam Nation for a whole history of this and some of the main actors behind it throughout most of the last ten
years.<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">This is a fairly typical OSINT (Open Source Intelligence) type of investigation. You’d think criminal “masterminds” wouldn’t use horrible operational security practices like using their same personal information on social media accounts,
malicious and personal domain registrations, embedded in malcode, or in e-mails. Yet they do every day and this is a major source of cybersecurity professionals being able to track down all manner of undesirable Internet activities from services abuse to
flat-out illegal acts in most if not all jurisdictions.<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">A couple of additional things to note.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">1) Law enforcement had nothing to do with this particular story/investigation. This is true for most cybersecurity operational activity and investigations - it’s largely a private-sector affair with security companies of various flavors
looking at the malware, spam, malvertizing, etc. that crosses their paths. From that starting point they try to figure out things like what else is tied to it (so I can block or kill it), or “who’s doing this”, or “what are they really up to?”<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">2) There are a lot of “established” service providers around the world that have heavy levels of abuse on them over a very long time. It is really hard at times to separate “bad guys” from “incompetent” or “uncaring" operators. Collection
of data like this can lead to connections between various activities that can put a much better color on their hats.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">3) To then bring charges that could actually affect a subject’s life though, any and all of this kind of research is merely a starting point that the police then use to inform a much more traditional investigation that involves formal records
requests, court-ordered actions like search warrants or wiretaps, etc. so they can develop court admissible evidence. A whois query result is not evidence, and no one gets thrown in jail for having a dodgy domain registered in their name.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Cheers,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Rod<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Jul 19, 2016, at 3:03 PM, Mounier, Grégory <<a href="mailto:gregory.mounier@europol.europa.eu" target="_blank">gregory.mounier@europol.europa.eu</a>> wrote:<u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Dear all,<span> </span><br>
<br>
Here is a nice example of how WHOIS information is used to investigate unlawful activities:<br>
<br>
<a href="http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/" target="_blank">http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/</a><br>
<br>
Greg</span><strong><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><u></u><u></u></span></strong></p>
<div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"> </span></b><u></u><u></u></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From:</span></b><span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"> </span></span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a><span> </span>on
behalf of Gomes, Chuck<br>
<b>Sent:</b><span> </span>18 July 2016 20:26:34<br>
<b>To:</b><span> </span>'Mark Svancarek'; 'Andrew Sullivan';<span> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b><span> </span>Re: [gnso-rds-pdp-wg] An important technical consideration about nature of the service (was Re: The overflowing list )</span><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Thanks Mark.<br>
<br>
Chuck<br>
<br>
-----Original Message-----<br>
From: Mark Svancarek [<a href="mailto:marksv@microsoft.com" target="_blank">mailto:marksv@microsoft.com</a>]<span> </span><br>
Sent: Monday, July 18, 2016 1:40 PM<br>
To: Gomes, Chuck; 'Andrew Sullivan';<span> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
Subject: RE: [gnso-rds-pdp-wg] An important technical consideration about nature of the service (was Re: The overflowing list )<br>
<br>
I'll take a stab at it. <span> </span><br>
I've also asked our IP/Brand people and digital crimes people to help me document how Microsoft uses WhoIs data today, but not ETA when that will be ready.<br>
<br>
-----Original Message-----<br>
From:<span> </span><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a><span> </span>[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
On Behalf Of Gomes, Chuck<br>
Sent: Saturday, July 16, 2016 6:29 AM<br>
To: 'Andrew Sullivan' <<a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a>>;<span> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
Subject: Re: [gnso-rds-pdp-wg] An important technical consideration about nature of the service (was Re: The overflowing list )<br>
<br>
Any volunteers to develop Andrew's suggestions into use cases?<br>
<br>
Chuck<br>
<br>
-----Original Message-----<br>
From:<span> </span><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a><span> </span>[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
On Behalf Of Andrew Sullivan<br>
Sent: Saturday, July 16, 2016 1:00 AM<br>
To:<span> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
Subject: [gnso-rds-pdp-wg] An important technical consideration about nature of the service (was Re: The overflowing list )<br>
<br>
Thanks, Stephanie, for the quick issue list. There's one thing that I want to draw out here so that we can keep it foremost when thinking of<br>
issues:<br>
<br>
On Sat, Jul 16, 2016 at 12:05:10AM -0400, Stephanie Perrin wrote:<br>
<br>
> * Where the RDS (whether a central database or federated or completely<br>
> disaggregated) resides becomes important for law enforcement access.<br>
<br>
This "where data resides" issue is bound to vex us, no matter what kind of policy we come up with. But it's really important to keep in mind that the different styles of system design will yield very different properties.<br>
<br>
In the taxonomy I offered before<br>
(<a href="https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmm.icann.org%2fpipermail%2fgnso-rds-pdp-wg%2f2016-June%2f000951.html&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=d3d1ttF1Z5Kn9M1VZ1RKPFSppMzJHpCaIKM1LHynBBQ%3d" target="_blank">https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmm.icann.org%2fpipermail%2fgnso-rds-pdp-wg%2f2016-June%2f000951.html&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=d3d1ttF1Z5Kn9M1VZ1RKPFSppMzJHpCaIKM1LHynBBQ%3d</a>),<br>
models I and V have a clear since answer to, "Where does the data reside?" because they have a single database backing them up. In models II-IV, however, the answer to, "Where does the data reside?" is actually not entirely meaningful. There are multiple
places where the data are, and for data with respect to any given domain name each datum might be in a different place. (Indeed, part of the design of RDAP is precisely to make such arrangements easier to deal with.)<br>
<br>
It is therefore better to try to find a way, consistent with all of the various requirements documents, to answer some other questions.<br>
I think these might be helpful in building use cases:<br>
<br>
1. For any given datum, who has control of and access to the datum?<br>
<br>
2. For any given datum, what are the conditions under which the<br>
datum ought to be accessible?<br>
<br>
3. For any given set of related data, how can it be accessed?<br>
<br>
Notice that answering (3) will provides use cases for data access, whereas (1) and (2) provide for limit conditions on how and when use cases might be apply.<br>
<br>
I hope these framing questions are helpful in figuring out which use cases we can bring to bear on requirements.<br>
<br>
Best regards,<br>
<br>
A<br>
<br>
--<br>
Andrew Sullivan<br>
<a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a><br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d" target="_blank">https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d</a><br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d" target="_blank">https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d</a><br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">*******************<br>
<br>
DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained
in it.<br>
Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.<br>
<br>
******************* _______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
</span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">gnso-rds-pdp-wg@icann.org</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
</span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</span></a><u></u><u></u></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</div>
</div></div></div>
</div>
<br>_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br><br clear="all"><div><br></div></div></div><span><font color="#888888">-- <br><div data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font size="2"><span style="background-color:rgb(159,197,232)"><i>Terri Stumme</i></span></font><div><font size="2"><span style="background-color:rgb(159,197,232)"><i>Investigative Analyst</i></span></font></div></div></div></div></div></div></div>
</font></span></div></div>
<br>_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>