<div>Thanks for this input, Volker. I agree. Making the RDS vulnerable to one group means making it vulnerable to all. It is not going to fly to have gated access to data only for law enforcement from country X, Y, or Z — and it is not possible to, say, limit access to law enforcement in general. Limiting access to data is a policy requirement; it requires designing a system which is not secure in the first place and then overlaying some kind of policy on top of it to limit access to authorised parties. Anyone who has read a newspaper over the last year will know that data breaches are not unheard of.<br></div><div><br></div><div>- Ayden</div><div class="protonmail_signature_block"><div><br></div></div><blockquote class="protonmail_quote" type="cite"><div>-------- Original Message --------<br></div><div>Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical<br></div><div>Local Time: August 22, 2016 8:19 AM<br></div><div>UTC Time: August 22, 2016 7:19 AM<br></div><div>From: vgreimann@key-systems.net<br></div><div>To: gnso-rds-pdp-wg@icann.org<br></div><div><br></div><div>
<br></div><p>For me the issue looks different: Even if we trusted "our
friendly neighborhood LEAs" with all the data they can carry, we
probably do not feels the same about the LEAs operated by other
states. Data they I might be glad to hand over to interpol or
German LEAs, I would rather see deleted than accept the slightest
risk of it falling into the hands of Turkish LEAs or worse, like
of a fully fledged torture state. So we cannot look at the best
possible cases, where LEAs are so well regulated that the risk of
abuse is minimized. Our approach (once we get to it) has to be
resilient enough to prevent access bad anyone who would abuse it,
while using the access routes we create for the good guys. So
while I appreciate the discussions of how well regulated some LEAs
are, this is not the standard we need to consider. <br></p><p>Simply put: Anything that can be abused, will be abuse. We
therefore need to model our approach on the worst possible actors,
not the best. <br></p><div>Best,<br></div><div>
<br></div><div>
Volker<br></div><div>
<br></div><div>
<br></div><div class="moz-cite-prefix">Am 20.08.2016 um 01:08 schrieb
Stephanie Perrin:<br></div><blockquote type="cite"><p><span style="font-size:undefinedpx" class="size"><span style="font-family:Lucida Grande" class="font">Gentlemen, with
great respect, I think you are being a bit hard on Ayden
here. If, as our next-gen rep here on the group, he were not
questioning authority, I might be afraid he had somehow
"missed the memo". I think the tone has become a bit
accusatory on both sides and we should de-escalate. I agree
that we must be exceedingly careful about putting words in
each others mouths. However, questioning the efficacy of
oversight of police data protection compliance is fair game
in my view and in the view of most privacy scholars (Korff,
Brown, Bennett and Raab, Anderson etc.). Diana Alonso Blass
(who came to ICANN in 2003 or 04 representing the Article 29
Working Party) and now of Eurojust speaks regularly on some
of these issues at the data protection commissioners' annual
conference and at CPDP and there can be heated debate.
Oversight of law enforcement, particularly cross border law
enforcement, is difficult just as the actual law enforcement
is difficult. There are many reasons for this:</span></span><br></p><ul><li><span style="font-size:undefinedpx" class="size"><span style="font-family:Lucida Grande" class="font">law enforcement
authorities have (legitimate) exemptions under data
protection law for collection use and disclosure, making
it easy to accidently abuse that discretion </span></span><br></li><li><span style="font-size:undefinedpx" class="size"><span style="font-family:Lucida Grande" class="font">Data protection
authorities frequently choose to direct enforcement
actions in other areas, given the constant shortage of
resources and the publicity (reaching political uproar at
times) that can come with enforcement against police</span></span><br></li><li><span style="font-size:undefinedpx" class="size"><span style="font-family:Lucida Grande" class="font">governments often
take a dim view of data protection commissioners who go
after the police (I can cite examples if you wish but I
realize noone wants to read an article on the difficulties
of dp oversight of law enforcement</span></span><br></li></ul><p><span style="font-size:undefinedpx" class="size"><span style="font-family:Lucida Grande" class="font">Some of the European
DP authorities testified in the 2014 inquiry into NSA
surveillance....I realize this is about intelligence, but
certainly Europol and cybercrime were mentioned. <a href="http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A7-2014-0139+0+DOC+PDF+V0//EN" class="moz-txt-link-freetext" rel="noreferrer">http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A7-2014-0139+0+DOC+PDF+V0//EN</a>.
Given the global nature of law enforcement in our subject
area, and the perceived failure of certain instruments such
as the Cybercrime treaty, and the general shock and outrage
expressed during the inquiry I just cited, particularly over
cross border data sharing, I think it is reasonable to
question assertions of compliance with data protection law.
You will find the list of witnesses in the appendix. Jacob
Kohnstamm was one of them, as was Peter Hustinx, and let me
finally remind you of my favorite quote from Kohnstamm</span>
<span style="font-family:Lucida Grande" class="font">'s 2012 letter to Crocker: </span></span><br></p><p><br></p><p style="margin-left:36.0pt;line-height:200%" class="MsoNormal"><span lang="EN-US">“The Working Party strongly objects to the
introduction of data retention by means of a contract issued
by a private corporation in order to facilitate (public) law
enforcement.<span style="mso-spacerun:yes"> </span>If there
is a pressing social need for specific collections of personal
data to be available for law enforcement, and the proposed
data retention is proportionate to the legitimate aim pursued,
it is up to national governments to introduce legislation that
meets the demands of article 8 of the European Convention on
Human Rights and article 17 of the International Covenant on
civil and Political rights”. <span style="mso-spacerun:yes"> </span>(Kohnstamm
to Crocker and Atallah, 26 September 2012).</span><br></p><p><span style="font-family:Lucida Grande" class="font"><span style="font-size:undefinedpx" class="size">The bottom line here is
that civil society correctly has questions about the efficacy
of oversight. Please don't take it personally, it is not
meant that way. It is our job to question. I would agree that
Europol has an excellent oversight regime, in comparative
terms, (I wish we had it in North America) but that does not
mean it works all the time. While we are not here to criticize
particular countries or regions, please admit the idea of
criticism in general. It is important. </span></span><br></p><p><span style="font-family:Lucida Grande" class="font"><span style="font-size:undefinedpx" class="size">Stephanie Perrin</span></span><br></p><div><br></div><div class="moz-cite-prefix">On 2016-08-18 18:55, Gomes, Chuck
wrote:<br></div><blockquote type="cite"><div class="WordSection1"><p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Ayden,</span></span></span><br></p><p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span><br></p><p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">I
appreciate your frequent contributions because you share
some important concerns. But I want to communicate some
concerns I have about how you are doing that. Please see
my comments below.</span></span></span><br></p><p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span><br></p><p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Chuck</span></span></span><br></p><p class="MsoNormal"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span><br></p><p class="MsoNormal"><b><span style="font-family:Tahoma, sans-serif" class="font"><span style="font-size:10pt" class="size">From:</span></span></b><span style="font-family:Tahoma, sans-serif" class="font"><span style="font-size:10pt" class="size">
<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" class="moz-txt-link-abbreviated">gnso-rds-pdp-wg-bounces@icann.org</a>
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" class="moz-txt-link-freetext">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
<b>On Behalf Of </b>Ayden Férdeline<br>
<b>Sent:</b> Thursday, August 18, 2016 4:48 PM<br>
<b>To:</b> Mounier, Grégory<br>
<b>Cc:</b> RDS PDP WG<br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg] @EXT: RE: Use cases:
Fundamental, Incidental, and Theoretical</span></span></p><p class="MsoNormal"> <br></p><div><div><p class="MsoNormal">Hi Greg, <br></p></div><div><p class="MsoNormal"> <br></p></div><div><p class="MsoNormal">I don’t mean to sound provocative,
however I would like to make sure I am interpreting your
comments correctly. Please see inline below. <br></p></div><div><p class="MsoNormal"> <br></p></div><div><p class="MsoNormal">Thanks, <br></p></div><div><p class="MsoNormal"> <br></p></div><div><p class="MsoNormal">Ayden<br></p></div><div><p class="MsoNormal"> <br></p></div></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p class="MsoNormal">-------- Original Message --------<br></p></div><div><p class="MsoNormal">Subject: @EXT: RE: Use cases:
Fundamental, Incidental, and Theoretical<br></p></div><div><p class="MsoNormal">Local Time: August 18, 2016 7:00 PM<br></p></div><div><p class="MsoNormal">UTC Time: August 18, 2016 6:00 PM<br></p></div><div><p class="MsoNormal">From: <a href="mailto:gregory.mounier@europol.europa.eu">gregory.mounier@europol.europa.eu</a><br></p></div><div><p class="MsoNormal">To: <a href="mailto:gregshatanipc@gmail.com">gregshatanipc@gmail.com</a><br></p></div><div><p class="MsoNormal"><a href="mailto:icann@ferdeline.com,gnso-rds-pdp-wg@icann.org">icann@ferdeline.com,gnso-rds-pdp-wg@icann.org</a><br></p></div><div><p class="MsoNormal"> <br></p></div><div><p class="MsoNormal"> <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Yes
Greg: </span></span></span></span><span class="font"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font">unlike
what Ayden seems to imply: </span></span></span><br></p><p style="text-indent:-.25in" class="MsoListParagraph"><span class="font"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Symbol" class="font">·</span></span></span><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-size:7pt" class="size"> </span></span></span><span class="font"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font">Europol
is not advocating that personal information be
processed in a manner inconsistent with European
law;</span></span></span><br></p></div></blockquote><div><p class="MsoNormal">I am pleased to hear this. However, it
the <a title="https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Comments/2014/14-04-17_EDPS_letter_to_ICANN_EN.pdf" href="https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Comments/2014/14-04-17_EDPS_letter_to_ICANN_EN.pdf" rel="noreferrer">
opinion</a> of the European Commission’s own Data
Protection Supervisor that the data retention requirements
contained with the 2013 RAA and the Draft Specification
“continue to fall short of compliance with European data
protection law.” You have built a use case around how the
WHOIS protocol operates today, which itself contains data
sourced from registrars through practices which are
inconsistent with the privacy laws of many (all?) EU
Member States.<br></p><p class="MsoNormal"><b><i><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">[Chuck
Gomes] Greg did not say that the 2013 RAA is
compliant with European law; he only said Europol
is.</span></span></span></i></b><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"></span></span></span><br></p></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p style="text-indent:-.25in" class="MsoListParagraph"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Symbol" class="font"><span style="font-size:11pt" class="size">·</span></span></span></span><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-size:7pt" class="size"> </span></span></span><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Europol
access and processing of WHOIS information is in
line with European Data protection rules;</span></span></span></span><br></p></div></blockquote><div><p class="MsoNormal">I am glad that this is the case. Could
you please expand upon how, under what circumstances, and
how frequently Europol currently retrieves WHOIS records?<br></p><p class="MsoNormal"><b><i><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">[Chuck
Gomes] This is a terribly broad request and one that
I suspect may be very difficult to respond to.
Europol is not the topic of discussion . Insight
they can provide will be helpful when we deliberate
just like your insights. In all cases we will do
our best to validate information we use.</span></span></span></i></b><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"></span></span></span><br></p></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p style="text-indent:-.25in" class="MsoListParagraph"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Symbol" class="font"><span style="font-size:11pt" class="size">·</span></span></span></span><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-size:7pt" class="size"> </span></span></span><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Europol
does not “trawl” the WHOIS;</span></span></span></span><br></p></div></blockquote><div><p class="MsoNormal">Are you saying, then, that you do not
find the WHOIS protocol useful in solving crime? If you
are not collecting its records in bulk, I would suggest
that we revise your use case of 25 July to reflect this
reality. <br></p><p class="MsoNormal"><b><i><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">[Chuck
Gomes] He did not say that. I encourage you to
avoid adding to what he said.</span></span></span></i></b><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"></span></span></span><br></p></div><div><p class="MsoNormal"> <br></p></div><div><p class="MsoNormal">We should remove the reference to
“Python DNS scripts or domain tool API” being utilised to
identify connections between DNS information and
potentially troublesome websites, and replace it with
something which respects the right to, say, due process. <br></p><p class="MsoNormal"><b><i><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">[Chuck
Gomes] Please remember that our objective is not to
create perfect use cases.</span></span></span></i></b><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"></span></span></span><br></p></div><div><p class="MsoNormal"> <br></p></div><div><p class="MsoNormal">After all, illegal content like child
abuse material (which you flagged in your use case) is
just that – illegal. Illegal material should be dealt with
in a legal manner. You should not be advocating for the
circumvention of the rule of law; to do so is a direct
violation of the human rights standards that Europol has
committed itself to upholding.<br></p><p class="MsoNormal"><b><i><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">[Chuck
Gomes] Who is advocating for the “</span></span></span></i></b>the
circumvention of the rule of law<b><i><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">”?
I think that the implication you make here is
inappropriate.</span></span></span></i></b><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"></span></span></span><br></p></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p style="text-indent:-.25in" class="MsoListParagraph"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Symbol" class="font"><span style="font-size:11pt" class="size">·</span></span></span></span><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-size:7pt" class="size"> </span></span></span><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Europol
is indeed subject to one of the most stringent data
protection framework in the LEA world. </span></span></span></span><br></p></div></blockquote><div><p class="MsoNormal">Whether that is reality or rhetoric, I
do not know. My gut feeling is that Europol’s data
protection provisions are comprehensive in theory, but
critically undermined by procedural weakness. One example
that comes to mind: the Europol Joint Supervisory Body is
the independent body which supposedly monitors your
adherence to data protection rules. However, it has no
powers of enforcement, it can only “make any complaints it
deems necessary to the Director” of Europol.<br></p><p class="MsoNormal"><b><i><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">[Chuck
Gomes] I think it best if you avoid criticizing
specific organizations and stick to issues.</span></span></span></i></b><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"></span></span></span><br></p></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">I’ll
stop here because this is only partially relevant to
this PDP.</span></span></span></span><br></p></div></blockquote><div><p class="MsoNormal">My understanding has been that some
politicians in the EU have been reluctant to expand
Europol’s remit/mandate, given concerns around
effectiveness and a perceived democratic deficit, so it is
fascinating to me to see Europol working to expand its
powers and data collection abilities in working groups
such as this one.<br></p><p class="MsoNormal"><b><i><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">[Chuck
Gomes] Once again I think you are concluding more
than is reasonable and also don’t find you comment
here constructive.</span></span></span></i></b><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"></span></span></span><br></p></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Best</span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Greg</span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><b><span style="font-family:Tahoma, sans-serif" class="font"><span style="font-size:10pt" class="size">From:</span></span></b></span><span class="size"><span style="font-family:Tahoma, sans-serif" class="font"><span style="font-size:10pt" class="size">
Greg Shatan [<a href="mailto:gregshatanipc@gmail.com">mailto:gregshatanipc@gmail.com</a>]
</span></span></span><span style="font-family:Tahoma, sans-serif" class="font"><span style="font-size:10pt" class="size"><br>
<span class="size"><b>Sent:</b> 18 August 2016 19:49</span><br>
<span class="size"><b>To:</b> Mounier, Grégory</span><br>
<span class="size"><b>Cc:</b> Ayden Férdeline; RDS PDP
WG</span><br>
<span class="size"><b>Subject:</b> Re:
[gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental,
Incidental, and Theoretical</span></span></span></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p><div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Verdana, sans-serif" class="font">Greg,</span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Verdana, sans-serif" class="font"> </span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Verdana, sans-serif" class="font">For
the rest of us who may not be so well informed,
is there something more we should understand and
take into account in considering this particular
back-and-forth?</span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Verdana, sans-serif" class="font"> </span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Verdana, sans-serif" class="font">Thanks!</span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Verdana, sans-serif" class="font"> </span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Verdana, sans-serif" class="font">Greg
Shatan</span></span><br></p></div></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">On
Thu, Aug 18, 2016 at 1:45 PM, Mounier, Grégory <<a href="mailto:gregory.mounier@europol.europa.eu">gregory.mounier@europol.europa.eu</a>>
wrote:<br></p><div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Dear
Ayden, </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">I
objected because some of your statements
were misinformed so I thought that I should
help and clarify. But it seems that you are
very well informed and that you don’t need
further explanations </span></span></span></span><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Wingdings" class="font"><span style="font-size:11pt" class="size">J</span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Best
regards, </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Greg</span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><b><span style="font-family:Tahoma, sans-serif" class="font"><span style="font-size:10pt" class="size">From:</span></span></b></span><span class="size"><span style="font-family:Tahoma, sans-serif" class="font"><span style="font-size:10pt" class="size">
Ayden Férdeline [mailto:<a href="mailto:icann@ferdeline.com">icann@ferdeline.com</a>]
</span></span></span><span style="font-family:Tahoma, sans-serif" class="font"><span style="font-size:10pt" class="size"><br>
<span class="size"><b>Sent:</b> 18 August 2016
19:27</span><br>
<span class="size"><b>To:</b> Mounier, Grégory</span><br>
<span class="size"><b>Cc:</b> Rob Golding; RDS
PDP WG</span><br>
<span class="size"><b>Subject:</b> Re: @EXT:
RE: [gnso-rds-pdp-wg] Use cases:
Fundamental, Incidental, and Theoretical</span></span></span></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">Thank
you for the response, Greg. I did not mean to
suggest that Europol was <b>wholly</b>exempt
from European data protection regulations,
because it is not. In my original message, I
wrote: <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><i>"...your
agency is exempt from <b>some</b> of the
general provisions on data processing." </i><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">I
have bolded the word ‘some’ on this occasion
for emphasis. When I wrote that Europol had
exemptions from <b>some</b>of the general
provisions on data processing, I was referring
to the Europol Council Decision as published
in the Official Journal of the European Union
on 15 May 2009. I am sure you are intimately
familiar with this document, as you cited it
in your email to me today as providing the
“basis for Europol to establish and maintain
cooperative relations with Union or Community
institutions, bodies, offices and agencies;
third States and organisations; private
parties and private persons in so far as it is
relevant to the performance of its tasks.” <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">Aside
from this, this decision contains data
processing rules which were, to quote you
again in your email, "tailor-made" for
Europol, and is complemented by a set of
implementation guidelines which privilege
Europol with the ability to process personal
data “for the purpose of prevention,
investigation, detection and prosecution of
criminal offences or the execution of criminal
penalties” in a manner that would not be
permitted of other stakeholders.<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">Given
this, I'm unsure as to why you found my
comments so objectionable, but I hope this
email has brought about some more clarity. If
not, I am happy to expand upon my thoughts.<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">Thanks,<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div><div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">Ayden
<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">--------
Original Message --------<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">Subject:
@EXT: RE: [gnso-rds-pdp-wg] Use cases:
Fundamental, Incidental, and Theoretical<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">Local
Time: August 18, 2016 5:54 PM<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">UTC
Time: August 18, 2016 4:54 PM<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">From:
<a href="mailto:gregory.mounier@europol.europa.eu">gregory.mounier@europol.europa.eu</a><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">To:
<a href="mailto:icann@ferdeline.com">icann@ferdeline.com</a><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><a href="mailto:rob.golding@astutium.com,gnso-rds-pdp-wg@icann.org">rob.golding@astutium.com,gnso-rds-pdp-wg@icann.org</a><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Dear
Ayden, </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Thank
you very much for sharing your concerns
and apologies for the late response, I
was away from the office.</span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">I
am not sure how you got the perception
that Europol was “trawling” through
WHOIS records or that Europol was
“exempt from some of the general
provisions on data processing” or even
that our legal framework limited the
ability of Europol staff to process data
from publicly available sources related
to “terror manuals” or “criminals
claiming credit for attacks”.</span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">In
fact, I can assure you that <u>Europol
is not exempted from the general
provisions on data protection</u>.
European data protection legislation has
been implemented in the organisation
with the aim of creating a legal
framework which balances the fundamental
interests of freedom and security. The
tailor-made set of rules provides
Europol with one of the strongest, most
robust data protection framework in the
world of law enforcement.</span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"> <br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">As
far as data exchange inside the EU is
concerned, Art.22-25 of Europol Council
Decision (ECD) provides a basis for
Europol to establish and maintain
cooperative relations with Union or
Community institutions, bodies, offices
and agencies; third States and
organisations; private parties and
private persons in so far as it is
relevant to the performance of its
tasks.</span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Europol
exchanges personal data only with third
parties which have an adequate level of
data protection. The prior data
protection assessment of the third party
involves a check on the necessary data
protection legislation and
confidentiality rules in place and in
practice. The list of the third
countries with which Europol has
established an operational agreement is
published on our website. </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">In
addition, Europol can receive
information from private parties such as
companies, business associations or
non-profit organisations. As with any
transfer of personal data, this process
is subject to data protection controls.
</span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Last
but not least, in line with the
respective provisions of the ECD,
Europol can also retrieve and process
data, including personal data, from
publicly available sources, such as
media and public data and commercial
intelligence providers, in accordance
with the data protection framework.</span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">I
hope that I could clarify some of the
issues you raised. </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Kind
regards, </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Greg</span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><span style="color:rgb(31, 73, 125)" class="colour"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span></span><br></p><div><div style="border:none;border-top:solid
#B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="size"><b><span style="font-family:Tahoma, sans-serif" class="font"><span style="font-size:10pt" class="size">From:</span></span></b></span><span class="size"><span style="font-family:Tahoma, sans-serif" class="font"><span style="font-size:10pt" class="size">
Ayden Férdeline [<a href="mailto:icann@ferdeline.com">mailto:icann@ferdeline.com</a>]
</span></span></span><span style="font-family:Tahoma, sans-serif" class="font"><span style="font-size:10pt" class="size"><br>
<span class="size"><b>Sent:</b> 08
August 2016 14:11</span><br>
<span class="size"><b>To:</b> Mounier,
Grégory</span><br>
<span class="size"><b>Cc:</b> Rob
Golding; RDS PDP WG</span><br>
<span class="size"><b>Subject:</b> Re:
[gnso-rds-pdp-wg] @EXT: RE: Use
cases: Fundamental, Incidental, and
Theoretical</span></span></span></p></div></div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p><table width="100%" cellspacing="0" cellpadding="0" border="0" style="width:100.0%" class="MsoNormalTable"><tbody><tr><td valign="top" style="padding:0in 0in 0in 0in"><table cellspacing="0" cellpadding="0" border="0" class="MsoNormalTable"><tbody><tr><td valign="top" style="padding:0in 0in 0in
0in"><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font">Greg,</span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font"> </span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font">I
am disappointed that
Europol seems to be
advocating that
personal information
be processed in a
manner inconsistent
with European law.</span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font"> </span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font">I
fully appreciate that,
in order to allow
Europol to collect
sensitive information
from the Member States
in the pursuit of
investigations, your
agency is exempt from
some of the general
provisions on data
processing. You are
permitted to directly
retrieve and process
information obtained
from
publicly-available
sources, but the
promotional literature
on the Europol website
suggests Europol
agents searching for
publicly-available
‘terror manuals’ or
criminals claiming
credit for attacks.
There is no indication
that this includes
Europol trawling
through things like
WHOIS records to
identify the
administrator of a
website, something far
less sinister. And if
the RDS evolves into
something very
different from what it
is today – perhaps not
open to any and
everyone to query, or
federated into a
single data store – my
understanding is that
the routing of
information from a
private party to
Europol would be
subject to European
data protection
controls and
safeguards.</span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font"> </span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font">The
very specific
exemptions that
Europol has received
in order to carry out
its work simply do not
call for Europol to
advocate for a lower
standard of privacy
protection for
European residents in
privately-owned or
publicly-accessible
sources of
information.</span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font"> </span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font">There
is no doubt that
effective police work
requires top
intelligence, but
equally as important
is the employment of
sound data protection
safeguards which
strike an appropriate
balance between the
interests of freedom
and security.</span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font"> </span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font">Just
my $0.02.</span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font"> </span></span><br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><span class="font"><span style="font-family:Calibri, sans-serif" class="font">-
Ayden</span></span><br></p></div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><img align="left" src="https://app.mixmax.com/api/track/v2/PsCAAXCzeb1f72NwN/i02bj5SZulGblRmclZGQu5WYjlmI/ISdl5SYw9mc1VmLs9GcvJXdlBkcllmb19WbukncvdWZydmI/gI5J3bnl6wydEIsIXZp5Wdv1kI?sc=false"><br></p></td></tr></tbody></table></td></tr></tbody></table><div><div><p> <br></p><div><p> <br></p><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">On
Thu, Aug 4, 2016 1:59 PM, wrote:<br></p><p>Dear Rob, <br></p><p> <br></p><p>Thanks for sharing the outcome of
your chat with ex-FBI and UK LEA
agents. I feel that I need to step
in to provide a different
perspective than the one you just
gave on the law enforcement use of
the WHOIS. It might be a matter of
interpretation but the views
expressed by your interlocutors are
not shared by my colleagues working
throughout European police cyber
divisions. <br></p><p> <br></p><p>If European cyber investigators are
obviously all aware of the fact that
WHOIS registration data can sometime
be inaccurate and not up-to-date
(ICANN compliance reported that for
the first quarter of 2015, WHOIS
inaccuracy comprised 74.0 % of
complaints), in 90% of cases they
will start their investigations with
a WHOIS lookup. This is really the
first step. <br></p><p> <br></p><p>Despite the lack of accuracy, WHOIS
information is useful in so many
different ways. One of the first
them is to make correlations and
link pieces of information obtained
through other means than from the
WHOIS. This was the point I tried to
make on Tuesday during the
conference call. <br></p><p> <br></p><p>Accurate and reliable WHOIS data
helps crime attribution and can save
precious investigation time (you can
rule out wrong investigative leads).
<br></p><p>It raises the bar and makes it more
difficult for criminals to abuse
domain names. It pushes them to
resort to more complex techniques
such as ID theft to register domains
for malicious purposes.<br></p><p> <br></p><p>In short, for LEA WHOIS is
certainly not the silver bullet to
attribute crime on line but it is an
essential tool in the tool box of
law enforcement.<br></p><p> <br></p><p>Best, <br></p><p> <br></p><p>Greg<br></p><p> <br></p><p> <br></p><p>-----Original Message-----<br></p><p>From: <a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a>
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
On Behalf Of Rob Golding<br></p><p>Sent: 04 August 2016 01:46<br></p><p>To: RDS PDP WG<br></p><p>Subject: Re: [gnso-rds-pdp-wg] Use
cases: Fundamental, Incidental, and
Theoretical<br></p><p> <br></p><p>>> Theoretical<br></p><p>>> ===========<br></p><p>>> We have seen a couple of
proposed use cases that seem to be
ideas <br></p><p>>> that people have for
useful or harmful ways that RDS can
be used, but <br></p><p>>> that do not exist today
(at least not that anyone can fully
<br></p><p>>> document).<br></p><p>>> <br></p><p>>> For example, there seems
to be a desire to use the RDS as a
way to <br></p><p>>> issue warrants for
information about registrants. While
this may be <br></p><p>>> useful, this is not
possible today (even with RDAP, I
note).<br></p><p> <br></p><p>It not only is possible today, it's
also "common" (although thankfully
not frequent)<br></p><p> <br></p><p>Registrars get served warrants for
details about registrants, and the
_only_ information from WHOIS that's
"needed" or used for such cases is
the name of the Registrar.<br></p><p> <br></p><p>I had the pleasure of meeting Chris
Tarbell, ex-FBI Cyber Crime, at
HostingCon last week - asked about
WHOIS/domain data he said "we dont
use it"<br></p><p> <br></p><p>Last year at the UKNOF event in
Sheffield I spent quite some time
talking with some amazing people
from the UK CyberCrime departments -
asked the same questions, they
confirmed that although whois
_might_ be looked at to see if it
matches _data they already have_ for
confirmation, it's not used or
relied on.<br></p><p> <br></p><p>Which beggars the question, should
"LawEnforcement" use cases even be
part of the discussions ?<br></p><p> <br></p><p>Rob<br></p><p>--<br></p><p>Rob Golding <a href="mailto:rob.golding@astutium.com">rob.golding@astutium.com</a><br></p><p>Astutium Ltd, Number One Poultry,
London. EC2R 8JR<br></p><p> <br></p><p>* domains * hosting * vps * servers
* cloud * backups *
_______________________________________________<br></p><p>gnso-rds-pdp-wg mailing list<br></p><p><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br></p><p><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></p><p>*******************<br></p><p> <br></p><p>DISCLAIMER : This message is sent
in confidence and is only intended
for the named recipient. If you
receive this message by mistake, you
may not use, copy, distribute or
forward this message, or any part of
its contents or rely upon the
information contained in it.<br></p><p>Please notify the sender
immediately by e-mail and delete the
relevant e-mails from any computer.
This message does not constitute a
commitment by Europol unless
otherwise indicated.<br></p><p> <br></p><p>*******************<br></p><p> <br></p><p>_______________________________________________<br></p><p>gnso-rds-pdp-wg mailing list<br></p><p><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br></p><p><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></p><p> <br></p></div></div></div></div><p style="mso-margin-top-alt:auto;margin-bottom:12.0pt" class="MsoNormal"> <br></p><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">Ayden
Férdeline<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"><a href="https://community.icann.org/display/gnsosoi/Ayden+F%E9rdeline+SOI" rel="noreferrer"><span class="font"><span style="background-color: white" class="highlight"><span style="font-family:Calibri, sans-serif" class="font">Statement
of Interest</span></span></span></a><br></p></div></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">*******************<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">DISCLAIMER
: This message is sent in confidence and is
only intended for the named recipient. If
you receive this message by mistake, you may
not use, copy, distribute or forward this
message, or any part of its contents or rely
upon the information contained in it.<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">Please
notify the sender immediately by e-mail and
delete the relevant e-mails from any
computer. This message does not constitute a
commitment by Europol unless otherwise
indicated.<br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal">*******************
<br></p></div></blockquote><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div></div><div><p class="MsoNormal">*******************<br></p></div><div><p class="MsoNormal"> <br></p></div><div><p class="MsoNormal">DISCLAIMER : This message is
sent in confidence and is only intended for the
named recipient. If you receive this message by
mistake, you may not use, copy, distribute or
forward this message, or any part of its
contents or rely upon the information contained
in it.<br></p></div><div><p class="MsoNormal">Please notify the sender
immediately by e-mail and delete the relevant
e-mails from any computer. This message does not
constitute a commitment by Europol unless
otherwise indicated.<br></p></div><div><p class="MsoNormal"> <br></p></div><div><p class="MsoNormal">*******************<br></p></div></div><div><p class="MsoNormal"> <br></p></div><div><p class="MsoNormal">_______________________________________________<br></p></div><div><p class="MsoNormal">gnso-rds-pdp-wg mailing list<br></p></div><div><p class="MsoNormal"><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br></p></div><div><p class="MsoNormal"><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></p></div></div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" class="MsoNormal"> <br></p></div></div><div><p class="MsoNormal">*******************<br></p></div><div><p class="MsoNormal"> <br></p></div><div><p class="MsoNormal">DISCLAIMER : This message is sent in
confidence and is only intended for the named recipient.
If you receive this message by mistake, you may not use,
copy, distribute or forward this message, or any part of
its contents or rely upon the information contained in
it.<br></p></div><div><p class="MsoNormal">Please notify the sender immediately
by e-mail and delete the relevant e-mails from any
computer. This message does not constitute a commitment
by Europol unless otherwise indicated.<br></p></div><div><p class="MsoNormal"> <br></p></div><div><p class="MsoNormal">******************* <br></p></div></blockquote><div><p class="MsoNormal"> <br></p></div></div><div><br></div><div><br></div><pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" class="moz-txt-link-abbreviated">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" class="moz-txt-link-freetext" rel="noreferrer">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></pre></blockquote><div><br></div><div><br></div><div><br></div><pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" class="moz-txt-link-abbreviated">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" class="moz-txt-link-freetext" rel="noreferrer">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></pre></blockquote><div><br></div><pre cols="72" class="moz-signature">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a href="mailto:vgreimann@key-systems.net" class="moz-txt-link-abbreviated">vgreimann@key-systems.net</a>
Web: <a href="http://www.key-systems.net" class="moz-txt-link-abbreviated" rel="noreferrer">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" class="moz-txt-link-abbreviated" rel="noreferrer">www.RRPproxy.net</a>
<a href="http://www.domaindiscount24.com" class="moz-txt-link-abbreviated" rel="noreferrer">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" class="moz-txt-link-abbreviated" rel="noreferrer">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a href="http://www.facebook.com/KeySystems" class="moz-txt-link-abbreviated" rel="noreferrer">www.facebook.com/KeySystems</a>
<a href="http://www.twitter.com/key_systems" class="moz-txt-link-abbreviated" rel="noreferrer">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a href="http://www.keydrive.lu" class="moz-txt-link-abbreviated" rel="noreferrer">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a href="mailto:vgreimann@key-systems.net" class="moz-txt-link-abbreviated">vgreimann@key-systems.net</a>
Web: <a href="http://www.key-systems.net" class="moz-txt-link-abbreviated" rel="noreferrer">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" class="moz-txt-link-abbreviated" rel="noreferrer">www.RRPproxy.net</a>
<a href="http://www.domaindiscount24.com" class="moz-txt-link-abbreviated" rel="noreferrer">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" class="moz-txt-link-abbreviated" rel="noreferrer">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a href="http://www.facebook.com/KeySystems" class="moz-txt-link-abbreviated" rel="noreferrer">www.facebook.com/KeySystems</a>
<a href="http://www.twitter.com/key_systems" class="moz-txt-link-abbreviated" rel="noreferrer">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a href="http://www.keydrive.lu" class="moz-txt-link-abbreviated" rel="noreferrer">www.keydrive.lu</a>This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
<br></pre></blockquote><div><br></div>