<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Define "crimes in action" and "threats", but with place yourself
in the shoes of your Turkish counterparts while doing so. Still
feel that same level of access is warranted?</p>
<p>Volker<br>
</p>
<br>
<div class="moz-cite-prefix">Am 25.07.2016 um 18:27 schrieb Nick
Shorey:<br>
</div>
<blockquote
cite="mid:CACrcH9o+6x1Tr+b39bV+Qv8ap09tBGj3AmxhBebf8Vs3k+HjNQ@mail.gmail.com"
type="cite">
<div dir="ltr">Yep certainly wouldn't want to jump the gun Volker.
<div><br>
</div>
<div>Use case: Governments use the WHOIS to investigate with
'crimes in action', and the current level of access enables
them to mitigate threats in a timely manner.</div>
<div><br>
</div>
<div>=)</div>
<div><br>
</div>
<div>Nick</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><b><span></span><span></span>Nick
Shorey
BA(Hons) MSc.</b></div>
<div>Senior
Policy Advisor
| Global
Internet
Governance</div>
<div>Department
for Culture,
Media &
Sport</div>
<div>HM
Government |
United Kingdom</div>
<div><br>
</div>
<div>Email: <a
moz-do-not-send="true" href="mailto:nick.shorey@culture.gov.uk"
target="_blank">nick.shorey@culture.gov.uk</a></div>
<div>Tel: +44
(0)7741 256
320</div>
<div>Skype:
nick.shorey</div>
<div>Twitter:
@nickshorey</div>
<div>LinkedIn:
<a
moz-do-not-send="true"
href="http://www.linkedin.com/in/nicklinkedin" target="_blank">www.linkedin.com/in/nicklinkedin</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On 25 July 2016 at 12:45, Volker
Greimann <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>I think we are jumping the gun again. Let's rather
focus on the use cases and how they should be
structured. <br>
</p>
<div>
<div class="h5"> <br>
<div>Am 25.07.2016 um 12:59 schrieb Nick Shorey:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Thanks everyone for sharing these
useful articles. Would love to meet Krebs some
day.
<div><br>
</div>
<div>As Rod mentioned, WHOIS often being the first
point of research in many LEA investigations,
and though whilst it might not always be the
ultimate 'smoking gun' piece of evidence
presented in court, the importance of WHOIS data
in the initial stages of an investigation must
not be underplayed.</div>
<div><br>
</div>
<div>Another observation I'd make is that with
things like malware, online pharmacies and
threat to life scenarios where WHOIS data can be
crucial, we're often dealing with what I call
'crime in action'. The quicker you can build a
holistic understanding of the threat, the more
impactive your action can be - and the fewer
people that get harmed.</div>
<div><br>
</div>
<div>The current level of access to WHOIS
definitely supports 'timely' investigation which
can make a huge difference in such cases, and as
we get further down the track on this PDP, I
think its important to note this element in our
deliberations.</div>
<div><br>
</div>
<div>Keep up the great work.</div>
<div><br>
</div>
<div>Nick</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><b><span></span><span></span>Nick
Shorey
BA(Hons) MSc.</b></div>
<div>Senior
Policy Advisor
| Global
Internet
Governance</div>
<div>Department
for Culture,
Media &
Sport</div>
<div>HM
Government |
United Kingdom</div>
<div><br>
</div>
<div>Email: <a
moz-do-not-send="true" href="mailto:nick.shorey@culture.gov.uk"
target="_blank">nick.shorey@culture.gov.uk</a></div>
<div>Tel: +44
(0)7741 256
320</div>
<div>Skype:
nick.shorey</div>
<div>Twitter:
@nickshorey</div>
<div>LinkedIn:
<a
moz-do-not-send="true"
href="http://www.linkedin.com/in/nicklinkedin" target="_blank">www.linkedin.com/in/nicklinkedin</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On 21 July 2016 at 00:28,
Greg Shatan <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:gregshatanipc@gmail.com"
target="_blank">gregshatanipc@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">
<div class="gmail_default"
style="font-family:verdana,sans-serif">While
we're at it, Krebs also covered a case
that I worked on in its early stages: <a
moz-do-not-send="true"
href="http://krebsonsecurity.com/2016/07/serial-swatter-stalker-and-doxer-mir-islam-gets-just-1-year-in-jail/"
target="_blank">http://krebsonsecurity.com/2016/07/serial-swatter-stalker-and-doxer-mir-islam-gets-just-1-year-in-jail/</a>.
One of my clients had sensitive
information (a credit report, illegally
acquired, along with social security
number, bank account information, etc.,
etc.) exposed on a website run by Mir
Islam; a number of other people had credit
reports and other information posted.
Through a combination of Whois (both ccTLD
and gTLD) and Zone File information and
other available information, we were able
to get the site taken offline, but not
before significant distress and potential
for damage occurred. The site went back
up (and quicklydown) several more times,
as shadier and shadier web hosts were
used. The FBI and Secret Service quickly
got involved, and further work shifted to
them, thought we were kept informed (to
the extent possible) of their activities
in shutting this operation down. I didn't
realize until I read the Krebs article how
much other tortious and criminal activity
this person and his colleagues were
involved in.</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif"><br>
</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif">During
this case, I had to research the potential
consequences of an adult changing their
social security number (it's not easy, but
it can be done). The consequences are not
pretty, because your credit history,
medical history and a lot of other
information is tied to your social
security number. When you change a social
security number, none of that transfers
over, so you have to go through a lot of
steps to put your life back together.
Ultimately, the solution seemed worse than
the problem, especially since we were able
to get the site taken down so quickly.</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif"><br>
</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif">Greg</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div
style="font-size:12.8px">
<table
style="width:600pt"
border="0"
cellpadding="0"
cellspacing="0"
width="800">
<tbody>
<tr>
<td
style="width:6pt;padding:0in"
width="8"><br>
</td>
<td
style="padding:0in">
<p
style="margin:0in
0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><br>
</p>
</td>
</tr>
</tbody>
</table>
</div>
<p style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><font
face="Calibri"
size="2"><span
style="font-size:11pt"> </span></font></p>
<table
style="width:600.0pt"
border="0"
cellpadding="0"
cellspacing="0"
width="800">
<tbody>
<tr>
<td
style="width:75.0pt;padding:0in
0in 0in 0in"
valign="top"
width="100">
<p><span></span><img
moz-do-not-send="true"
src="https://docs.google.com/uc?export=download&id=0B90h5wcghspFRXc1T05BaVZVbjg&revid=0B90h5wcghspFUEtGZS9IQ1F4cXp3WTcrSnZFRjhwQjlCZTN3PQ"><br>
</p>
</td>
<td
style="width:6.0pt;padding:0in
0in 0in 0in"
width="8">
<p><span> </span></p>
</td>
<td
style="padding:0in
0in 0in 0in">
<p><b><span
style="font-size:8.5pt;font-family:"Arial","sans-serif";color:#002e62">Gregory
S. Shatan |
Partner<br>
</span></b><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:black">McCARTER
& ENGLISH,
LLP<br>
<br>
245 Park
Avenue, 27th
Floor | New
York, New York
10167<br>
T: <a
moz-do-not-send="true"
href="tel:212-609-6873" value="+12126096873" target="_blank">212-609-6873</a><br>
C: <a
moz-do-not-send="true"
href="tel:917-816-6428" value="+19178166428" target="_blank">917-816-6428</a><br>
F: <a
moz-do-not-send="true"
href="tel:212-416-7613" value="+12124167613" target="_blank">212-416-7613</a><br>
<a
moz-do-not-send="true"
href="mailto:gshatan@mccarter.com" target="_blank"><span
style="color:#225599">gshatan@mccarter.com</span></a> |
<a
moz-do-not-send="true"
href="http://www.mccarter.com/" target="_blank"><span
style="color:#225599">www.mccarter.com</span></a>
<br>
<br>
</span><span
style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#777777">BOSTON |
HARTFORD |
STAMFORD | NEW
YORK | NEWARK
<br>
EAST BRUNSWICK
|
PHILADELPHIA |
WILMINGTON |
WASHINGTON, DC</span><span></span></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div> <br>
<div class="gmail_quote">On Wed, Jul 20,
2016 at 3:35 PM, Terri Stumme <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:terri.stumme@legitscript.com"
target="_blank">terri.stumme@legitscript.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">
<div class="gmail_default"
style="font-family:georgia,serif;font-size:small">I
would like to weigh in here and
recommend, because we all have
so much extra time, that you
take a few minutes to read the
following article (there are
many others) and Wikipedia bio
related to Paul LeRoux,
specifically, please read
Section 3, RX Limited in the
Wikipedia bio. It is important
to point out that Paul LeRoux's
company, ABSystems was an ICANN
accredited registrar. Not only
was he running one of the
largest Internet pharmacy
networks, he was the SPAM king
and responsible for much (not
all) of the Internet pharmacy
spam everyone has likely
received at some point in time.
It is also important to point
out that -- there are others!</div>
<div class="gmail_default"
style="font-family:georgia,serif;font-size:small"><br>
</div>
<div class="gmail_default"
style="font-family:georgia,serif;font-size:small">(<a
moz-do-not-send="true"
href="https://news.vice.com/article/paul-e-roux-joseph-hunter-rambo-the-dea-meth-and-cocaine"
target="_blank">https://news.vice.com/article/paul-e-roux-joseph-hunter-rambo-the-dea-meth-and-cocaine</a>)</div>
<div class="gmail_default"
style="font-family:georgia,serif;font-size:small">(<a
moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/Paul-Le_Roux"
target="_blank">https://en.wikipedia.org/wiki/Paul-Le_Roux</a>)</div>
<div class="gmail_default"
style="font-family:georgia,serif;font-size:small"><br>
</div>
<div class="gmail_default"
style="font-family:georgia,serif;font-size:small">Background:
This DEA case began with the
investigation of LeRoux's online
pharmacy business (I worked at
DEA for 16-1/2 years, ten of
which I spent working in the
Internet pharmacy investigations
section). The RX Limited network
was comprised of approximately
25,000 domain names, and this
investigation, as well as all
Internet pharmacy
investigations, begin with
collecting WHOIS and DNS
information for the domain
names. Typically there are
several individuals and
organizations involved in the
operation of an online pharmacy
network, and typically there are
hundreds of domain names
affiliated with the network.
WHOIS information is critical to
the investigation, and is
utilized to map out the network
and identify domain name
ownership. Even if bogus WHOIS
information is utilized, it is
still pertinent -- perhaps the
same bogus information is given
for more than one domain name.
We then know that those domain
names with the same bogus
information are likely part of
the same network.</div>
<div class="gmail_default"
style="font-family:georgia,serif;font-size:small"><br>
</div>
<div class="gmail_default"
style="font-family:georgia,serif;font-size:small">Over
the years, there have been
several requests from ICANN and
registrars for LE to provide
case examples. I cannot tell you
the number of times I wish I
were able to talk about this
particular case. The reality is
that talking about ongoing
investigations, and even certain
aspects of closed investigations
is forbidden. There is a trust
factor that must be considered
here -- we are not making this
stuff up -- it's real, and there
is very dangerous criminal
activity happening facilitated
via the Internet, and whatever
we need to do to curb this
activity should be the goal of
any upstanding, moral,
law-abiding individual
(organization).</div>
<div class="gmail_default"
style="font-family:georgia,serif;font-size:small"><br>
</div>
<div class="gmail_default"
style="font-family:georgia,serif;font-size:small">I
do not claim to have all the
answers here, nor how we get to
where we need to be, but I
firmly believe that open,
unrestricted access to WHOIS
information that includes no
fewer data points than what is
currently available, is
absolutely critical.<br>
</div>
<div class="gmail_default"
style="font-family:georgia,serif;font-size:small"><br>
</div>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote">On
Wed, Jul 20, 2016 at 12:04
AM, Mark Svancarek via
gnso-rds-pdp-wg <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div link="blue"
vlink="purple"
lang="EN-US">
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Here’s
one that was
used during a
criminal
investigation
though it was
found by
non-law-enforcement
people.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a
moz-do-not-send="true"
href="http://thinkprogress.org/justice/2015/06/20/3672201/alleged-dylann-roof-racist-manifesto-revealed/"
target="_blank">http://thinkprogress.org/justice/2015/06/20/3672201/alleged-dylann-roof-racist-manifesto-revealed/</a></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p>
<p class="MsoNormal"><a
moz-do-not-send="true"
name="m_-4347374077623813855_m_-5786202095474220245_m_-8159019314153622291_m_4762267710339249907__MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></a></p>
<span></span>
<div>
<div
style="border:none;border-top:solid
#e1e1e1
1.0pt;padding:3.0pt
0in 0in 0in">
<p
class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Rod
Rasmussen
[mailto:<a
moz-do-not-send="true"
href="mailto:rrasmussen@infoblox.com" target="_blank">rrasmussen@infoblox.com</a>]
<br>
<b>Sent:</b>
Tuesday, July
19, 2016 5:25
PM<br>
<b>To:</b>
Mounier,
Grégory <<a
moz-do-not-send="true" href="mailto:gregory.mounier@europol.europa.eu"
target="_blank">gregory.mounier@europol.europa.eu</a>><br>
<b>Cc:</b>
Chuck Gomes
<<a
moz-do-not-send="true"
href="mailto:cgomes@verisign.com" target="_blank">cgomes@verisign.com</a>>;
Mark Svancarek
<<a
moz-do-not-send="true"
href="mailto:marksv@microsoft.com" target="_blank">marksv@microsoft.com</a>>;
Andrew
Sullivan <<a
moz-do-not-send="true" href="mailto:ajs@anvilwalrusden.com"
target="_blank">ajs@anvilwalrusden.com</a>>;
<a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b>
Re:
[gnso-rds-pdp-wg]
@EXT WHOIS
info and
investigation</span></p>
</div>
</div>
<div>
<div>
<p
class="MsoNormal"> </p>
<p
class="MsoNormal">Krebs
is always a
great read -
really knows
his stuff
technically
and as a
journalist.
If you liked
this, check
out his book
Spam Nation
for a whole
history of
this and some
of the main
actors behind
it throughout
most of the
last ten
years.</p>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">This
is a fairly
typical OSINT
(Open Source
Intelligence)
type of
investigation.
You’d think
criminal
“masterminds”
wouldn’t use
horrible
operational
security
practices like
using their
same personal
information on
social media
accounts,
malicious and
personal
domain
registrations,
embedded in
malcode, or in
e-mails. Yet
they do every
day and this
is a major
source of
cybersecurity
professionals
being able to
track down all
manner of
undesirable
Internet
activities
from services
abuse to
flat-out
illegal acts
in most if not
all
jurisdictions.</p>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">A
couple of
additional
things to
note.</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">1)
Law
enforcement
had nothing to
do with this
particular
story/investigation.
This is true
for most
cybersecurity
operational
activity and
investigations
- it’s largely
a
private-sector
affair with
security
companies of
various
flavors
looking at the
malware, spam,
malvertizing,
etc. that
crosses their
paths. From
that starting
point they try
to figure out
things like
what else is
tied to it (so
I can block or
kill it), or
“who’s doing
this”, or
“what are they
really up to?”</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">2)
There are a
lot of
“established”
service
providers
around the
world that
have heavy
levels of
abuse on them
over a very
long time. It
is really hard
at times to
separate “bad
guys” from
“incompetent”
or “uncaring"
operators.
Collection of
data like this
can lead to
connections
between
various
activities
that can put a
much better
color on their
hats.</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">3)
To then bring
charges that
could actually
affect a
subject’s life
though, any
and all of
this kind of
research is
merely a
starting point
that the
police then
use to inform
a much more
traditional
investigation
that involves
formal records
requests,
court-ordered
actions like
search
warrants or
wiretaps, etc.
so they can
develop court
admissible
evidence. A
whois query
result is not
evidence, and
no one gets
thrown in jail
for having a
dodgy domain
registered in
their name.</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">Cheers,</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">Rod</p>
<div>
<p
class="MsoNormal"> </p>
<div>
<div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p
class="MsoNormal">On
Jul 19, 2016,
at 3:03 PM,
Mounier,
Grégory <<a
moz-do-not-send="true" href="mailto:gregory.mounier@europol.europa.eu"
target="_blank">gregory.mounier@europol.europa.eu</a>>
wrote:</p>
</div>
<p
class="MsoNormal"> </p>
<div>
<div>
<p
class="MsoNormal"
style="margin-bottom:12.0pt"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Dear
all,<span> </span><br>
<br>
Here is a nice
example of how
WHOIS
information is
used to
investigate
unlawful
activities:<br>
<br>
<a
moz-do-not-send="true"
href="http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/"
target="_blank">http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/</a><br>
<br>
Greg</span><strong><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"></span></strong></p>
<div>
<p
class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif"> </span></b></p>
</div>
<div
class="MsoNormal"
style="text-align:center" align="center"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif">
<hr
align="center"
size="2"
width="100%">
</span></div>
<p
class="MsoNormal"
style="margin-bottom:12.0pt"><b><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From:</span></b><span><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif"> </span></span><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a><span> </span>on
behalf of
Gomes, Chuck<br>
<b>Sent:</b><span> </span>18
July 2016
20:26:34<br>
<b>To:</b><span> </span>'Mark
Svancarek';
'Andrew
Sullivan';<span> </span><a
moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b><span> </span>Re:
[gnso-rds-pdp-wg] An important technical consideration about nature of
the service
(was Re: The
overflowing
list )</span><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"></span></p>
</div>
<div>
<p
class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Thanks
Mark.<br>
<br>
Chuck<br>
<br>
-----Original
Message-----<br>
From: Mark
Svancarek [<a
moz-do-not-send="true" href="mailto:marksv@microsoft.com"
target="_blank">mailto:marksv@microsoft.com</a>]<span> </span><br>
Sent: Monday,
July 18, 2016
1:40 PM<br>
To: Gomes,
Chuck; 'Andrew
Sullivan';<span> </span><a
moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
Subject: RE:
[gnso-rds-pdp-wg]
An important
technical
consideration
about nature
of the service
(was Re: The
overflowing
list )<br>
<br>
I'll take a
stab at it. <span> </span><br>
I've also
asked our
IP/Brand
people and
digital crimes
people to help
me document
how Microsoft
uses WhoIs
data today,
but not ETA
when that will
be ready.<br>
<br>
-----Original
Message-----<br>
From:<span> </span><a
moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg-bounces@icann.org"
target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a><span> </span>[<a
moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg-bounces@icann.org"
target="_blank">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
On Behalf Of
Gomes, Chuck<br>
Sent:
Saturday, July
16, 2016 6:29
AM<br>
To: 'Andrew
Sullivan' <<a
moz-do-not-send="true" href="mailto:ajs@anvilwalrusden.com"
target="_blank">ajs@anvilwalrusden.com</a>>;<span> </span><a
moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
Subject: Re:
[gnso-rds-pdp-wg]
An important
technical
consideration
about nature
of the service
(was Re: The
overflowing
list )<br>
<br>
Any volunteers
to develop
Andrew's
suggestions
into use
cases?<br>
<br>
Chuck<br>
<br>
-----Original
Message-----<br>
From:<span> </span><a
moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg-bounces@icann.org"
target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a><span> </span>[<a
moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg-bounces@icann.org"
target="_blank">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
On Behalf Of
Andrew
Sullivan<br>
Sent:
Saturday, July
16, 2016 1:00
AM<br>
To:<span> </span><a
moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
Subject:
[gnso-rds-pdp-wg]
An important
technical
consideration
about nature
of the service
(was Re: The
overflowing
list )<br>
<br>
Thanks,
Stephanie, for
the quick
issue list.
There's one
thing that I
want to draw
out here so
that we can
keep it
foremost when
thinking of<br>
issues:<br>
<br>
On Sat, Jul
16, 2016 at
12:05:10AM
-0400,
Stephanie
Perrin wrote:<br>
<br>
> * Where
the RDS
(whether a
central
database or
federated or
completely<br>
>
disaggregated)
resides
becomes
important for
law
enforcement
access.<br>
<br>
This "where
data resides"
issue is bound
to vex us, no
matter what
kind of policy
we come up
with. But
it's really
important to
keep in mind
that the
different
styles of
system design
will yield
very different
properties.<br>
<br>
In the
taxonomy I
offered before<br>
(<a
moz-do-not-send="true"
href="https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmm.icann.org%2fpipermail%2fgnso-rds-pdp-wg%2f2016-June%2f000951.html&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=d3d1ttF1Z5Kn9M1VZ1RKPFSppMzJHpCaIKM1LHynBBQ%3d"
target="_blank">https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmm.icann.org%2fpipermail%2fgnso-rds-pdp-wg%2f2016-June%2f000951.html&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=d3d1ttF1Z5Kn9M1VZ1RKPFSppMzJHpCaIKM1LHynBBQ%3d</a>),<br>
models I and V
have a clear
since answer
to, "Where
does the data
reside?"
because they
have a single
database
backing them
up. In models
II-IV,
however, the
answer to,
"Where does
the data
reside?" is
actually not
entirely
meaningful.
There are
multiple
places where
the data are,
and for data
with respect
to any given
domain name
each datum
might be in a
different
place.
(Indeed, part
of the design
of RDAP is
precisely to
make such
arrangements
easier to deal
with.)<br>
<br>
It is
therefore
better to try
to find a way,
consistent
with all of
the various
requirements
documents, to
answer some
other
questions.<br>
I think these
might be
helpful in
building use
cases:<br>
<br>
1. For
any given
datum, who has
control of and
access to the
datum?<br>
<br>
2. For
any given
datum, what
are the
conditions
under which
the<br>
datum
ought to be
accessible?<br>
<br>
3. For
any given set
of related
data, how can
it be
accessed?<br>
<br>
Notice that
answering (3)
will provides
use cases for
data access,
whereas (1)
and (2)
provide for
limit
conditions on
how and when
use cases
might be
apply.<br>
<br>
I hope these
framing
questions are
helpful in
figuring out
which use
cases we can
bring to bear
on
requirements.<br>
<br>
Best regards,<br>
<br>
A<br>
<br>
--<br>
Andrew
Sullivan<br>
<a
moz-do-not-send="true"
href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a><br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a
moz-do-not-send="true"
href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d"
target="_blank">https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d</a><br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a
moz-do-not-send="true"
href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d"
target="_blank">https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d</a><br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a
moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></span></p>
</div>
<p
class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif">*******************<br>
<br>
DISCLAIMER :
This message
is sent in
confidence and
is only
intended for
the named
recipient. If
you receive
this message
by mistake,
you may not
use, copy,
distribute or
forward this
message, or
any part of
its contents
or rely upon
the
information
contained in
it.<br>
Please notify
the sender
immediately by
e-mail and
delete the
relevant
e-mails from
any computer.
This message
does not
constitute a
commitment by
Europol unless
otherwise
indicated.<br>
<br>
******************* _______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
</span><a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif">gnso-rds-pdp-wg@icann.org</span></a><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
</span><a
moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</span></a></p>
</div>
</blockquote>
</div>
<p
class="MsoNormal"> </p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing
list<br>
<a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a
moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer"
target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">-- <br>
<div
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font
size="2"><span
style="background-color:rgb(159,197,232)"><i>Terri Stumme</i></span></font>
<div><font
size="2"><span
style="background-color:rgb(159,197,232)"><i>Investigative Analyst</i></span></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</font></span></div>
</div>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
gnso-rds-pdp-wg mailing list
<a moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a moz-do-not-send="true" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div>
</div>
<pre cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a moz-do-not-send="true" href="tel:%2B49%20%280%29%206894%20-%209396%20901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a>
Fax.: <a moz-do-not-send="true" href="tel:%2B49%20%280%29%206894%20-%209396%20851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a moz-do-not-send="true" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a moz-do-not-send="true" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a moz-do-not-send="true" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a moz-do-not-send="true" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a moz-do-not-send="true" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a moz-do-not-send="true" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a moz-do-not-send="true" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a moz-do-not-send="true" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a moz-do-not-send="true" href="tel:%2B49%20%280%29%206894%20-%209396%20901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a>
Fax.: <a moz-do-not-send="true" href="tel:%2B49%20%280%29%206894%20-%209396%20851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a moz-do-not-send="true" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a moz-do-not-send="true" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a moz-do-not-send="true" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a moz-do-not-send="true" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a moz-do-not-send="true" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a moz-do-not-send="true" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a moz-do-not-send="true" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a moz-do-not-send="true" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</div>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</body>
</html>