<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!--[if gte mso 9]>
<xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:PixelsPerInch>96</o:PixelsPerInch>
</o:OfficeDocumentSettings>
</xml>
<![endif]-->
<style type="text/css">* a:hover{cursor:pointer;}</style>
<style>body {-webkit-animation:bugfix infinite 1s;}@-webkit-keyframes bugfix {from {position:relative;}to {position:relative;}}</style>
</head>
<body style="word-wrap:normal; word-break:break-word;">
<style>a {word-wrap:normal;word-break:break-word;}.background-contain {background-size:contain;}@media only screen and (max-width:600px) {.container {-webkit-text-size-adjust:none !important;}.container,.palm-one-whole {width:100% !important;min-width:100% !important;}.palm-one-half {width:50% !important;min-width:50% !important;box-sizing:border-box;}blockquote .container,blockquote .container div,blockquote .container table {width:auto !important;min-width:0 !important;position:relative !important;}img {max-width:100%;}.border-outer,.border-middle,.border-inner,.inner,[title="separator"] {width:100% !important;}.innercell {padding:8px !important;}.palm-block {display:block !important;}td.palm-one-whole {display:inline-block !important;padding:0;}td.palm-one-whole:first-child:not(:only-child) {margin-bottom:16px;}td.hostname {padding-top:3px !important;}}@media only screen and (min-width:601px) {.preview-card {max-width:600px !important;}}@media only screen and (min-device-width :320px) and (max-device-width :568px),only screen and (min-device-width :768px) and (max-device-width :1024px),only screen and (max-device-width:640px),only screen and (max-device-width:667px),only screen and (max-width:480px){.container {width:100% !important;min-width:100% !important;}.p,.small,li,font[size="2"],font[size="3"] {font-size:1em !important;}}@media only screen and (min-device-width :320px) and (max-device-width :568px),only screen and (min-device-width :768px) and (max-device-width :1024px),only screen and (min-device-width :1224px) {.message-wrapper {padding-top:6px;}.apple-only[style] {display:block !important;max-height:none !important;line-height:normal !important;overflow:visible !important;height:auto !important;width:100% !important;position:relative !important;}.no-apple {display:none !important;}form {font-size:inherit;}input[type="text"] {height:43px;padding-left:4px !important;}button:hover {cursor:pointer;}}@media only screen and (min-device-width :1224px) {.apple-mail-form {display:block !important;background-color:white !important;}}* [office365] .outlook-com-hidden {display:none !important;}* [office365] .outlook-com-button {display:block;}* [office365] .outlook-com-only {display:block !important;max-height:none !important;line-height:normal !important;overflow:visible !important;height:auto !important;width:100% !important;position:relative !important;}</style>
<!--[if (gte mso 9)|(IE)]>
<style>a,body {font-family:'Calibri',Arial,sans-serif;}img {border:none !important;-ms-interpolation-mode:bicubic;}td {mso-line-height-rule:exactly !important;}.mso-card-inner table {border-collapse:collapse !important;mso-table-lspace:0pt;mso-table-rspace:0pt;vertical-align:top;}.outlook-com-only {display:none !important;font-size:0 !important;}#mso-one-whole {width:100% !important;}.border-outer,.border-middle,.border-inner {border:none !important;}.border-middle,.border-inner {width:100% !important;}.mso-border-outer,.mso-border-middle,.mso-border-inner {padding:1px;}.mso-border-outer {background-color:rgb(245,255,255);}.mso-border-middle {background-color:rgb(223,246,255);}.mso-border-inner {background-color:rgb(153,176,225);}</style>
<![endif]-->
<table class="container" lang="container" border="0" cellpadding="0" cellspacing="0" valign="top" style="width:100%; margin-top:6px;">
<tr>
<td valign="top" class="message-wrapper" style="line-height: 1.31; color: #222; font-family: arial, sans-serif;">
<!--[if mso]><table border="0" cellpadding="0" cellspacing="0" valign="top" style="border-collapse:separate;"><tr><td valign="top"><![endif]-->
<div><span lang="EN-GB"><font>Terri,</font></span></div><div><span lang="EN-GB"> </span></div><blockquote style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex; padding-top: 0px; padding-bottom: 0px;"><div style="background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;"><font>Law enforcement investigative methodologies are not typically
divulged, for obvious reasons; there are several approaches to cyber
investigations, and depending on the type of criminal activity, different
methodologies utilized. There is domain name Whois and IP Whois -- both
critical first steps.</font></div></blockquote><div><span lang="EN-GB"> </span></div><div><span lang="EN-GB">I do not
find this line of reasoning particularly persuasive. Transparency in how these
bodies operate is hugely important, because law enforcement and intelligence
agencies are entrusted with special privileges and immense powers. The
citizenry can only hold these bodies to account when the public has sufficient
access to information as to how they are operating.</span></div><div><span lang="EN-GB"> </span></div><div><span lang="EN-GB">- Ayden</span></div><img align="left" width="0" height="0" style="border:0; width:0px; height:0px;" src="https://app.mixmax.com/api/track/v2/DPpk7JIqte0X8kEI5/i02bj5SZulGblRmclZGQu5WYjlmI/icmcv5ibuF2YpB0Z31CckBXLzRmct82cudmI/?sc=false" alt="">
<!--[if mso]></td></tr></table><![endif]-->
</td>
</tr>
</table>
<div>
<div>
<p data-m-apply-default-font="true"><br></p>
<div class="gmail_extra">
<p data-m-apply-default-font="true"><br></p>
<div class="gmail_quote">
On Thu, Aug 4, 2016 4:09 PM, Terri Stumme <span dir="ltr"> <a href="mailto:terri.stumme@legitscript.com" target="_blank">terri.stumme@legitscript.com</a></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<div dir="ltr"><div style="font-family:georgia,serif;font-size:small">Law enforcement investigative methodologies are not typically divulged, for obvious reasons; there are several approaches to cyber investigations, and depending on the type of criminal activity, different methodologies utilized. There is domain name Whois and IP Whois -- both critical first steps.</div><div style="font-family:georgia,serif;font-size:small"><br></div></div><div><br><div>On Thu, Aug 4, 2016 at 10:49 AM, Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span> wrote:<br><blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>I think we are forging ahead into territories reserved for future
times, but when that time comes, I will be interested in learning
however law enforcement manages to do its job without this needed
and useful data in areas where it is not public, such as web
hosting, twitter, forum posts, etc. <br>
</p>
<p>Best,</p>
<p>Volker<br>
</p><div><div>
<br>
<div>Am 04.08.2016 um 16:31 schrieb Terri
Stumme:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div style="font-family:georgia,serif;font-size:small">Absolutely,
Greg. The 2009 law enforcement recommendations regarding
amendments to the RAA addressed Whois data, specifically the
need for validating registrant information. The reason this
recommendation was included in the recommendations is because
LE utilizes the data in cyber investigations. There are many
transcripts related to this issue, and LE has conveyed to the
ICANN community on several occasions the importance of Whois
data, and how LE utilizes the data in cyber investigations.</div>
<div style="font-family:georgia,serif;font-size:small"><br>
</div>
<div style="font-family:georgia,serif;font-size:small"><br>
</div>
<div style="font-family:georgia,serif;font-size:small"><br>
</div>
<div style="font-family:georgia,serif;font-size:small"><br>
</div>
</div>
<div><br>
<div>On Thu, Aug 4, 2016 at 8:59 AM,
Mounier, Grégory <span dir="ltr"><<a href="mailto:gregory.mounier@europol.europa.eu" target="_blank">gregory.mounier@europol.<wbr>europa.eu</a>></span>
wrote:<br>
<blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear Rob,<br>
<br>
Thanks for sharing the outcome of your chat with ex-FBI and
UK LEA agents. I feel that I need to step in to provide a
different perspective than the one you just gave on the law
enforcement use of the WHOIS. It might be a matter of
interpretation but the views expressed by your interlocutors
are not shared by my colleagues working throughout European
police cyber divisions.<br>
<br>
If European cyber investigators are obviously all aware of
the fact that WHOIS registration data can sometime be
inaccurate and not up-to-date (ICANN compliance reported
that for the first quarter of 2015, WHOIS inaccuracy
comprised 74.0 % of complaints), in 90% of cases they will
start their investigations with a WHOIS lookup. This is
really the first step.<br>
<br>
Despite the lack of accuracy, WHOIS information is useful in
so many different ways. One of the first them is to make
correlations and link pieces of information obtained through
other means than from the WHOIS. This was the point I tried
to make on Tuesday during the conference call.<br>
<br>
Accurate and reliable WHOIS data helps crime attribution and
can save precious investigation time (you can rule out wrong
investigative leads).<br>
It raises the bar and makes it more difficult for criminals
to abuse domain names. It pushes them to resort to more
complex techniques such as ID theft to register domains for
malicious purposes.<br>
<br>
In short, for LEA WHOIS is certainly not the silver bullet
to attribute crime on line but it is an essential tool in
the tool box of law enforcement.<br>
<br>
Best,<br>
<br>
Greg<br>
<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.<wbr>org</a>
[mailto:<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounce<wbr>s@icann.org</a>]
On Behalf Of Rob Golding<br>
Sent: 04 August 2016 01:46<br>
To: RDS PDP WG<br>
Subject: Re: [gnso-rds-pdp-wg] Use cases: Fundamental,
Incidental, and Theoretical<br>
<br>
>> Theoretical<br>
>> ===========<br>
>> We have seen a couple of proposed use cases that
seem to be ideas<br>
>> that people have for useful or harmful ways that
RDS can be used, but<br>
>> that do not exist today (at least not that anyone
can fully<br>
>> document).<br>
>><br>
>> For example, there seems to be a desire to use the
RDS as a way to<br>
>> issue warrants for information about registrants.
While this may be<br>
>> useful, this is not possible today (even with RDAP,
I note).<br>
<br>
It not only is possible today, it's also "common" (although
thankfully not frequent)<br>
<br>
Registrars get served warrants for details about
registrants, and the _only_ information from WHOIS that's
"needed" or used for such cases is the name of the
Registrar.<br>
<br>
I had the pleasure of meeting Chris Tarbell, ex-FBI Cyber
Crime, at HostingCon last week - asked about WHOIS/domain
data he said "we dont use it"<br>
<br>
Last year at the UKNOF event in Sheffield I spent quite some
time talking with some amazing people from the UK CyberCrime
departments - asked the same questions, they confirmed that
although whois _might_ be looked at to see if it matches
_data they already have_ for confirmation, it's not used or
relied on.<br>
<br>
Which beggars the question, should "LawEnforcement" use
cases even be part of the discussions ?<br>
<br>
Rob<br>
--<br>
Rob Golding <a href="mailto:rob.golding@astutium.com" target="_blank">rob.golding@astutium.com</a><br>
Astutium Ltd, Number One Poultry, London. EC2R 8JR<br>
<br>
* domains * hosting * vps * servers * cloud * backups *
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
*******************<br>
<br>
DISCLAIMER : This message is sent in confidence and is only
intended for the named recipient. If you receive this
message by mistake, you may not use, copy, distribute or
forward this message, or any part of its contents or rely
upon the information contained in it.<br>
Please notify the sender immediately by e-mail and delete
the relevant e-mails from any computer. This message does
not constitute a commitment by Europol unless otherwise
indicated.<br>
<br>
*******************<br>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font size="2" style="font-size: 1em;"><span style="background-color:rgb(159,197,232)"><i>Terri
Stumme</i></span></font>
<div><font size="2" style="font-size: 1em;"><span style="background-color:rgb(159,197,232)"><i>Investigative
Analyst</i></span></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div></div><pre cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a>
Fax.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
------------------------------<wbr>--------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a>
Fax.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</div>
<br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font size="2" style="font-size: 1em;"><span style="background-color:rgb(159,197,232)"><i>Terri Stumme</i></span></font><div><font size="2" style="font-size: 1em;"><span style="background-color:rgb(159,197,232)"><i>Investigative Analyst</i></span></font></div></div></div></div></div></div></div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
<br><br><div>Ayden Férdeline</div><div><a href="https://community.icann.org/display/gnsosoi/Ayden+Férdeline+SOI" style="background-color: white;">Statement of Interest</a></div>
</body>
</html>