<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!--[if gte mso 9]>
<xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:PixelsPerInch>96</o:PixelsPerInch>
</o:OfficeDocumentSettings>
</xml>
<![endif]-->
<style type="text/css">* a:hover{cursor:pointer;}</style>
<style>body {-webkit-animation:bugfix infinite 1s;}@-webkit-keyframes bugfix {from {position:relative;}to {position:relative;}}</style>
</head>
<body style="word-wrap:normal; word-break:break-word;">
<style>a {word-wrap:normal;word-break:break-word;}.background-contain {background-size:contain;}@media only screen and (max-width:600px) {.container {-webkit-text-size-adjust:none !important;}.container,.palm-one-whole {width:100% !important;min-width:100% !important;}.palm-one-half {width:50% !important;min-width:50% !important;box-sizing:border-box;}blockquote .container,blockquote .container div,blockquote .container table {width:auto !important;min-width:0 !important;position:relative !important;}img {max-width:100%;}.border-outer,.border-middle,.border-inner,.inner,[title="separator"] {width:100% !important;}.innercell {padding:8px !important;}.palm-block {display:block !important;}td.palm-one-whole {display:inline-block !important;padding:0;}td.palm-one-whole:first-child:not(:only-child) {margin-bottom:16px;}td.hostname {padding-top:3px !important;}}@media only screen and (min-width:601px) {.preview-card {max-width:600px !important;}}@media only screen and (min-device-width :320px) and (max-device-width :568px),only screen and (min-device-width :768px) and (max-device-width :1024px),only screen and (max-device-width:640px),only screen and (max-device-width:667px),only screen and (max-width:480px){.container {width:100% !important;min-width:100% !important;}.p,.small,li,font[size="2"],font[size="3"] {font-size:1em !important;}}@media only screen and (min-device-width :320px) and (max-device-width :568px),only screen and (min-device-width :768px) and (max-device-width :1024px),only screen and (min-device-width :1224px) {.message-wrapper {padding-top:6px;}.apple-only[style] {display:block !important;max-height:none !important;line-height:normal !important;overflow:visible !important;height:auto !important;width:100% !important;position:relative !important;}.no-apple {display:none !important;}form {font-size:inherit;}input[type="text"] {height:43px;padding-left:4px !important;}button:hover {cursor:pointer;}}@media only screen and (min-device-width :1224px) {.apple-mail-form {display:block !important;background-color:white !important;}}* [office365] .outlook-com-hidden {display:none !important;}* [office365] .outlook-com-button {display:block;}* [office365] .outlook-com-only {display:block !important;max-height:none !important;line-height:normal !important;overflow:visible !important;height:auto !important;width:100% !important;position:relative !important;}</style>
<!--[if (gte mso 9)|(IE)]>
<style>a,body {font-family:'Calibri',Arial,sans-serif;}img {border:none !important;-ms-interpolation-mode:bicubic;}td {mso-line-height-rule:exactly !important;}.mso-card-inner table {border-collapse:collapse !important;mso-table-lspace:0pt;mso-table-rspace:0pt;vertical-align:top;}.outlook-com-only {display:none !important;font-size:0 !important;}#mso-one-whole {width:100% !important;}.border-outer,.border-middle,.border-inner {border:none !important;}.border-middle,.border-inner {width:100% !important;}.mso-border-outer,.mso-border-middle,.mso-border-inner {padding:1px;}.mso-border-outer {background-color:rgb(245,255,255);}.mso-border-middle {background-color:rgb(223,246,255);}.mso-border-inner {background-color:rgb(153,176,225);}</style>
<![endif]-->
<table class="container" lang="container" border="0" cellpadding="0" cellspacing="0" valign="top" style="width:100%; margin-top:6px;">
<tr>
<td valign="top" class="message-wrapper" style="line-height: 1.31; color: #222; font-family: arial, sans-serif;">
<!--[if mso]><table border="0" cellpadding="0" cellspacing="0" valign="top" style="border-collapse:separate;"><tr><td valign="top"><![endif]-->
<div><span lang="EN-GB"><font>Greg,</font></span></div><div><br></div><div>I am disappointed
that Europol seems to be advocating that personal information be processed in a
manner inconsistent with European law.</div><div><br></div><div>I fully appreciate
that, in order to allow Europol to collect sensitive information from the
Member States in the pursuit of investigations, your agency is exempt from some
of the general provisions on data processing. You are permitted to directly
retrieve and process information obtained from publicly-available sources, but
the promotional literature on the Europol website suggests Europol agents
searching for publicly-available ‘terror manuals’ or criminals claiming credit
for attacks. There is no indication that this includes Europol trawling through
things like WHOIS records to identify the administrator of a website, something
far less sinister. And if the RDS evolves into something very different from
what it is today – perhaps not open to any and everyone to query, or federated into a
single data store – my understanding is that the routing of information from a
private party to Europol would be subject to European data protection controls
and safeguards.</div><div><br></div><div>The very
specific exemptions that Europol has received in order to carry out its work
simply do not call for Europol to advocate for a lower standard of privacy
protection for European residents in privately-owned or publicly-accessible
sources of information.</div><div><br></div><div>There is no
doubt that effective police work requires top intelligence, but equally as
important is the employment of sound data protection safeguards which strike an
appropriate balance between the interests of freedom and security.</div><div><br></div><div>Just my
$0.02.</div><div><br></div><div>- Ayden</div><img align="left" width="0" height="0" style="border:0; width:0px; height:0px;" src="https://app.mixmax.com/api/track/v2/PsCAAXCzeb1f72NwN/i02bj5SZulGblRmclZGQu5WYjlmI/icmcv5ibuF2YpB0Z31CckBXLzRmct82cudmI/ic0VgAFRQByUEJlI?sc=false" alt="">
<!--[if mso]></td></tr></table><![endif]-->
</td>
</tr>
</table>
<div>
<div>
<p data-m-apply-default-font="true"><br></p>
<div class="gmail_extra">
<p data-m-apply-default-font="true"><br></p>
<div class="gmail_quote">
On Thu, Aug 4, 2016 1:59 PM, <span dir="ltr"> <a href="mailto:" target="_blank"></a></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<p>Dear Rob, </p><p><br></p><p>Thanks for sharing the outcome of your chat with ex-FBI and UK LEA agents. I feel that I need to step in to provide a different perspective than the one you just gave on the law enforcement use of the WHOIS. It might be a matter of interpretation but the views expressed by your interlocutors are not shared by my colleagues working throughout European police cyber divisions. </p><p><br></p><p>If European cyber investigators are obviously all aware of the fact that WHOIS registration data can sometime be inaccurate and not up-to-date (ICANN compliance reported that for the first quarter of 2015, WHOIS inaccuracy comprised 74.0 % of complaints), in 90% of cases they will start their investigations with a WHOIS lookup. This is really the first step. </p><p><br></p><p>Despite the lack of accuracy, WHOIS information is useful in so many different ways. One of the first them is to make correlations and link pieces of information obtained through other means than from the WHOIS. This was the point I tried to make on Tuesday during the conference call. </p><p><br></p><p>Accurate and reliable WHOIS data helps crime attribution and can save precious investigation time (you can rule out wrong investigative leads). </p><p>It raises the bar and makes it more difficult for criminals to abuse domain names. It pushes them to resort to more complex techniques such as ID theft to register domains for malicious purposes.</p><p><br></p><p>In short, for LEA WHOIS is certainly not the silver bullet to attribute crime on line but it is an essential tool in the tool box of law enforcement.</p><p><br></p><p>Best, </p><p><br></p><p>Greg</p><p><br></p><p><br></p><p>-----Original Message-----</p><p>From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Rob Golding</p><p>Sent: 04 August 2016 01:46</p><p>To: RDS PDP WG</p><p>Subject: Re: [gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and Theoretical</p><p><br></p><p>>> Theoretical</p><p>>> ===========</p><p>>> We have seen a couple of proposed use cases that seem to be ideas </p><p>>> that people have for useful or harmful ways that RDS can be used, but </p><p>>> that do not exist today (at least not that anyone can fully </p><p>>> document).</p><p>>> </p><p>>> For example, there seems to be a desire to use the RDS as a way to </p><p>>> issue warrants for information about registrants. While this may be </p><p>>> useful, this is not possible today (even with RDAP, I note).</p><p><br></p><p>It not only is possible today, it's also "common" (although thankfully not frequent)</p><p><br></p><p>Registrars get served warrants for details about registrants, and the _only_ information from WHOIS that's "needed" or used for such cases is the name of the Registrar.</p><p><br></p><p>I had the pleasure of meeting Chris Tarbell, ex-FBI Cyber Crime, at HostingCon last week - asked about WHOIS/domain data he said "we dont use it"</p><p><br></p><p>Last year at the UKNOF event in Sheffield I spent quite some time talking with some amazing people from the UK CyberCrime departments - asked the same questions, they confirmed that although whois _might_ be looked at to see if it matches _data they already have_ for confirmation, it's not used or relied on.</p><p><br></p><p>Which beggars the question, should "LawEnforcement" use cases even be part of the discussions ?</p><p><br></p><p>Rob</p><p>--</p><p>Rob Golding rob.golding@astutium.com</p><p>Astutium Ltd, Number One Poultry, London. EC2R 8JR</p><p><br></p><p>* domains * hosting * vps * servers * cloud * backups * _______________________________________________</p><p>gnso-rds-pdp-wg mailing list</p><p>gnso-rds-pdp-wg@icann.org</p><p>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</p><p>*******************</p><p><br></p><p>DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.</p><p>Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.</p><p><br></p><p>*******************</p><p><br></p><p>_______________________________________________</p><p>gnso-rds-pdp-wg mailing list</p><p>gnso-rds-pdp-wg@icann.org</p><p>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</p><p><br></p>
</blockquote>
</div>
</div>
</div>
</div>
<br><br><div>Ayden Férdeline</div><div><a href="https://community.icann.org/display/gnsosoi/Ayden+Férdeline+SOI" style="background-color: white;">Statement of Interest</a></div>
</body>
</html>