<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Yet even with universally accepted crimes, details and
interpretations may vary between jurisdictions. <br>
</p>
<p>Taking this unsavory example we have on the table now, there is
variation in the interpretation of what constitutes such material.
Does animated or drawn imagery count? Japan seems not to think so?
Do simple nudes (such as your own childrens bathing pictures)
count? Is a third party (for example a service provider) even
allowed to investigate complaints that such content is present
(Not in Germany!). <br>
</p>
<p>In the end, there is a legal process in place for complaints and
investigations that law enforcement can and should follow. The
legal rights and obligations or law enforcements and the
protections of data rights that exist are there for a reason. <br>
</p>
<p>Volker<br>
</p>
<br>
<div class="moz-cite-prefix">Am 27.07.2016 um 14:48 schrieb
Stephanie Perrin:<br>
</div>
<blockquote
cite="mid:d2598e08-f5b9-befd-e317-d67e582d9819@mail.utoronto.ca"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p><font size="+1"><font face="Lucida Grande">Some crimes are
recognized nearly universally, and child abuse is one, we
have signed treaties have we not? I think that is a good
reason to use this example, but we must remember that ICANN
is not in the business of analyzing content on websites, (or
setting policy for same) it is in the business of assisting
in the execution of lawful orders to take down a website
when served. I realize this seems like a quibble, but it
seems to me it is an important one. As opposed to other
crimes that might not be universally recognized (eg hate
speech, political speech that is banned in only one country)
an order for an action in the matter of child abuse would be
universally accepted. ICANN would also be in the business of
setting policy with respect to assisting in the
investigation of the offence with a view to providing
information useful to criminal prosecution. However, as the
data commissioners have pointed out in their correspondence
with ICANN (see Article 29 letters re RAA) they should not
be in the business of compelling illegal data retention just
in case a registrant might commit a crime. </font></font><br>
</p>
Stephanie Perrin<br>
<div class="moz-cite-prefix">On 2016-07-27 1:32, David Cake wrote:<br>
</div>
<blockquote
cite="mid:FEE2407E-AEFD-40C1-B250-DFECA2D6F613@davecake.net"
type="cite">
<blockquote type="cite">
<pre wrap="">On 26 Jul 2016, at 11:25 PM, Mounier, Grégory <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:gregory.mounier@europol.europa.eu"><gregory.mounier@europol.europa.eu></a> wrote:
Dear David,
Thank you very much for your constructive comments. These are indeed not "compromised websites" as in "stolen domains" but regular domains, registered for illegal purpose. I have amended the use case accordingly.
</pre>
</blockquote>
<pre wrap=""> Thank you for clarifying. The two cases are very different in terms of how they should interact with the RDS and domain name system generally.
</pre>
<blockquote type="cite">
<pre wrap="">Now, I am not sure I understand your point about "designing a case to appear urgent and emotive". It just happens that EC3 has 3 different teams of cyber investigators: one is working on intrusion/malwares/botnets, the second one on online payment fraud and the second one on online child sexual exploitation and distribution of CAM. I asked each teams to give me examples of cases they were currently working on and in which they used WHOIS data. So far I have received this one and I thought that it was illustrative of the use made of WHOIS information in criminal investigations so I decided to share it with the group. I will certainly get some more examples from the malware team and I'll share them too.
</pre>
</blockquote>
<pre wrap=""> Thank you for clarifying the origin.
FWIW, I’m unsure whether we should simply treat it as clearly illegal material, that is illegal across multiple jurisdictions, or specifically address child abuse material as something that poses unique challenges. If the latter, I would probably want slightly more info, such as, is this material that is clearly illegal across most jurisdictions such as material on the INTERPOL list, or only in some jurisdictions.
</pre>
<blockquote type="cite">
<pre wrap="">These are real use cases and not scenarios: I have checked the urls today and the websites are is still online as we speak. And yes, I do have colleagues (1/3 of EC3's work force) working every day on online child abuse cases because this is a major problem in our digitalised and connected societies.
But if the group decides that we should not mention content or give context because it could make the use cases "emotive" then I am happy to simply talk about "illegal activities". But then we should not mention Turkey either.
</pre>
</blockquote>
<pre wrap=""> If you think the specific nature of the material involved is significant to the approach we should take (and it may be) then that should be clear in the use case.
David
</pre>
<blockquote type="cite">
<pre wrap="">Looking forward to continuing the discussion.
Kind regards,
Greg
-----Original Message-----
From: David Cake [<a moz-do-not-send="true" class="moz-txt-link-freetext" href="mailto:dave@davecake.net">mailto:dave@davecake.net</a>]
Sent: 26 July 2016 09:32
To: Mounier, Grégory
Cc: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
Subject: Re: [gnso-rds-pdp-wg] @EXT Use case - LEA
At a first glance, this seems contradictory. You state that the web sites are compromised - then assume that not just some WHOIS data is valid, but enough of it to find cross-correlations. If the domains were compromised, this would be meaningless - a linked email address would just indicate that multiple sites belonging to the same original person were compromised at the same time, presumably by compromise of a shared host or shared controlling organisation, and its rare that sites are compromised unless its entirely done by via DNS mechanisms, in which case we could probably deal with that issue (stolen domains) without bringing content into it.
So your use case assumes that the sites were not compromised, but registered for illegal purpose, which is an entirely different situation. This seems like a poorly constructed use case to me, in that while it seems designed to appear very urgent and emotive by focussing on content that no one would support, the actual DNS scenario we are trying to address here is very unclear.
David
</pre>
<blockquote type="cite">
<pre wrap="">On 26 Jul 2016, at 6:25 AM, Mounier, Grégory <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:gregory.mounier@europol.europa.eu"><gregory.mounier@europol.europa.eu></a> wrote:
Dear all,
Please find attached a use case which shows how accurate WHOIS information, combined with other types of evidence, can help attributing crime online.
Regards,
Greg
*******************
DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
*******************
<EUROPOL-Use_case_-_Compromised_websites_distributing_child_abuse_material_-_PDP_NG_RDS_WHOIS.pdf>_______________________________________________
gnso-rds-pdp-wg mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a>
</pre>
</blockquote>
<pre wrap="">*******************
DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.
*******************
</pre>
</blockquote>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</body>
</html>