<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>The thing with private data is that it is amazing what you can
legitimately and illegitimately do with it. You can correlate,
investigate, use, abuse it in any shape or form, but at the end of
the day, the question should be: Do you have a legally enforceable
right to access that data and do with it whatever you please. Many
jurisdictions have decided that the protection of the individual
weighs heavier than any potentially beneficial uses. <br>
</p>
<p>And if you have a right to access the data, you will still be
able to do so.</p>
<p>Best,</p>
<p>Volker<br>
</p>
<br>
<div class="moz-cite-prefix">Am 14.02.2017 um 13:10 schrieb nathalie
coupet via gnso-rds-pdp-wg:<br>
</div>
<blockquote
cite="mid:1352841039.5696042.1487074222217@mail.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande, sans-serif;font-size:16px">
<div id="yui_3_16_0_ym19_1_1487072479779_39184"><span>Hi
Allison,</span></div>
<div id="yui_3_16_0_ym19_1_1487072479779_39184"><span><br>
</span></div>
<div id="yui_3_16_0_ym19_1_1487072479779_39184" dir="ltr"><span
id="yui_3_16_0_ym19_1_1487072479779_39362">Would you be able
to carry out your investigations normally if access to WHOIS
thick were restricted only by the need to enter an email? </span></div>
<div id="yui_3_16_0_ym19_1_1487072479779_39184" dir="ltr"><span><br>
</span></div>
<div id="yui_3_16_0_ym19_1_1487072479779_39184" dir="ltr">With
regards to privacy by design, instead of pushing for the
implementation of this concept inside the realm of WHOIS where
it is foreign, since it is an engineering concept, why not
advocate for its implementation at the design level of the
Internet, where it belongs? </div>
<div id="yui_3_16_0_ym19_1_1487072479779_39184" dir="ltr"><br>
</div>
<div id="yui_3_16_0_ym19_1_1487072479779_39185"> </div>
<div class="signature"
id="yui_3_16_0_ym19_1_1487072479779_39232">Nathalie </div>
<div class="qtdSeparateBR"><br>
<br>
</div>
<div class="yahoo_quoted" style="display: block;">
<div style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, sans-serif; font-size:
16px;">
<div style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, sans-serif; font-size:
16px;">
<div dir="ltr"><font face="Arial" size="2"> On Tuesday,
February 14, 2017 12:38 AM, allison nixon
<a class="moz-txt-link-rfc2396E" href="mailto:elsakoo@gmail.com"><elsakoo@gmail.com></a> wrote:<br>
</font></div>
<br>
<br>
<div class="y_msg_container">
<div id="yiv9108844549">
<div>
<div dir="ltr">This car metaphor isn't complete
without also stating that some car owners purchase
them for the sole purpose of running over people!
<div>
<div><br clear="none">
</div>
<div>Some car owners purchase fleets of cars to
run over as many people as possible. Even
though they re-use their name on every single
vehicle registration, the subpeona takes so
long that the city can no longer automatically
block the cars as they enter, and need to wait
for them to run over a few people before they
can do anything about it.</div>
</div>
<div><br clear="none">
This metaphor has obviously been tortured past
the point of absurdity, I'll leave it alone now.</div>
<div><br clear="none">
</div>
<div>I've mostly been lurking for the whole
duration of this group, and please forgive me if
I'm missing something massive here, but I get
the impression that most people here don't spend
a lot of time doing investigations. But this is
my life. If I needed a subpeona for every single
historical lookup, pivot, and reverse search, I
would get zero done due to a lack of legal
authority. Many if not most of the people doing
the heavy lifting in anti-cybercrime efforts are
private citizens with no government issued
authority. It seems that the general expectation
here is that limiting access to people with
badges is OK, but I'm telling you there is a
severe lack of those skillsets and it will be
years before we see widespread technical
literacy among the police. Whatever system
results, private citizens need a path for
unrestricted and automated access. And if we
want to talk protecting privacy, I think
criminally motivated violations of privacy are
far more likely to affect everyone's day to day
life right now, and automated WHOIS lookups are
used heavily especially in anti-phishing and
anti-spam operations.</div>
<div><br clear="none">
</div>
<div>With the status quo, I can go on fishing
expeditions through the WHOIS data and turn up
hundreds of domains used for the same type of
malicious activity, and predict with a high
accuracy which domains will be malicious before
they are used for anything. It sometimes turns
up domains owned by innocent people, and I doubt
privacy minded people would like that, but the
reality is I rarely ever encounter WHOIS data
that is convincing PII. It's almost all fake.
And if it's not fake, it's a company's public
contact info, or it's a foolish person who
turned down WHOIS privacy protection, and will
change their WHOIS as soon as the spam starts
flowing.</div>
<div><br clear="none">
</div>
<div>Have there been any studies on what
percentage of WHOIS data is real and correct?
Can we ever expect to have meaningful data when
registrars are allowed to take Bitcoins over Tor
as payment? At what point does "privacy" become
an empty argument when some of these Internet
hosting/registrar companies clearly profit from
facilitating abuse, and network defenders block
entire TLDs due to the saturation of abuse?</div>
<div><br clear="none">
</div>
<div>From my vantage point, I see great benefit
from seeing patterns in the fake data submitted
by fraudsters, and I see few harms from the
privacy side of things, because people seem to
generally realize that "123 fake st" is a
perfectly acceptable WHOIS entry.</div>
<div><br clear="none">
</div>
<div>I also recognize this situation is completely
absurd. Every aspect of this is surely an abuse
of the original system. But it seems like
building a pyramid from the top down,
restricting access to supposed "PII" that is
unlikely to contain PII, to the detriment of
legitimate efforts that also seek to enhance
privacy by preventing criminal theft of private
data like bank account numbers.</div>
<div><br clear="none">
</div>
</div>
<div class="yiv9108844549gmail_extra"><br
clear="none">
<div class="yiv9108844549yqt3115795380"
id="yiv9108844549yqtfd25452">
<div class="yiv9108844549gmail_quote">On Mon,
Feb 13, 2017 at 9:14 PM, Sam Lanfranco <span
dir="ltr"><<a moz-do-not-send="true"
rel="nofollow" shape="rect"
ymailto="mailto:sam@lanfranco.net"
target="_blank"
href="mailto:sam@lanfranco.net">sam@lanfranco.net</a>></span>
wrote:<br clear="none">
<blockquote class="yiv9108844549gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex;">I have to
strongly agree with Alex that whatever the
criteria are for thin data, they cannot
include that thin data "is transitive" in
some sort of bread crumb trail manner.<br
clear="none">
<br clear="none">
Everything is potentially transitive in that
sense. I observe a vehicle but all I get is
make, model and license plate, and in most
jurisdictions that is all I get. It is the
vehicle owner's "thin data". Of course I can
hang around, see that the car has a baby
seat, witness a woman or man putting a child
in the car, assume that she/he has
legitimate access to the car, follow the car
and assemble more personal information
(lives at; works at; shops at; visits;) The
license plate didn't facilitate that crumb
train discovery, but no license plate would
hamper legitimate seeking of information
about who owns the car (issuing a parking
ticket, LEA investigation, etc.) . License
plate is part of thin data with no gated
access. Of course, this will change in the
era of the digital vehicle. Depending on
security, and authorization, one will be
able to just ask the car, and ask about a
lot of things...like whose cell phone was in
the passenger's seat last night, when I was
supposed to be alone )-:<br clear="none">
<br clear="none">
There needs to be a similar balance (license
plate but no owner's name unless wanted,
like Sam's Curry Pizza Barn logo, phone
number and website URL painted on the side).<br
clear="none">
<br clear="none">
More Important, have we made progress
(convergence) on the working principles that
should be brought to bear in building a thin
data set. A lot of time has been spent
looking at good case and bad case scenarios.
What operational principles have been
distilled from all these examples? What is
the balance between thin data inclusion and
exclusion, and design and technical
solutions that can be used to prevent (for
example) robotic harvesting? There is
another frontier here, and that is what
governments will do to restrain or enable
certain uses of thin data? While ICANN needs
to be aware of what is going on there, that
part is beyond ICANN's remit, but those
policies will help shape some of the context
within which ICANN deals with the thin data
task.<br clear="none">
<br clear="none">
Sam L
<div class="yiv9108844549HOEnZb">
<div class="yiv9108844549h5"><br
clear="none">
<br clear="none">
On 2017-02-14 1:23 AM, Deacon, Alex
wrote:<br clear="none">
<blockquote
class="yiv9108844549gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex;">
All,<br clear="none">
<br clear="none">
So it seems the debate has progressed
from “thin data” to “thick data” (i.e.
data that includes email). I know we
are all super excited to talk about
“thick data” but I don’t think we are
there yet (are we? Hopefully I didn’t
miss the party…)<br clear="none">
<br clear="none">
Focusing on thin data for the moment I
struggle to understand how it is
personal data. I do not believe it
is. As for the odd logic proposed
by some that the property of privacy
is transitive (i.e. Because “thin
data” can be used to
link/point/discover other data then
“thin data” equals “personal data”) I
just don’t buy it.<br clear="none">
<br clear="none">
I don’t disagree with much of what was
expressed in this thread, however we
must keep in mind that balance and
proportionality are important concepts
in many (all?) data privacy laws.
Any arguments that imply that no such
balance exists (or should exist) is
obstructive IMO.<br clear="none">
<br clear="none">
Alex<br clear="none">
<br clear="none">
<br clear="none">
On 2/13/17, 5:42 AM, <<a
moz-do-not-send="true"
rel="nofollow" shape="rect"
ymailto="mailto:gnso-rds-pdp-wg-bounces@icann.org"
target="_blank"
href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann
.org</a> on behalf of <a
moz-do-not-send="true"
rel="nofollow" shape="rect"
ymailto="mailto:michele@blacknight.com"
target="_blank"
href="mailto:michele@blacknight.com">michele@blacknight.com</a>>
wrote:<br clear="none">
<br clear="none">
I agree and I know from how I’ve
used various email addresses that they
are actively being harvested and
spammed.<br clear="none">
Also it’s one of the biggest
sources of complaints we get from our
clients (registrants)<br clear="none">
It’s definitely not an “edge
case”.<br clear="none">
Regards<br clear="none">
Michele<br clear="none">
--<br clear="none">
Mr Michele Neylon<br clear="none">
Blacknight Solutions<br
clear="none">
Hosting, Colocation & Domains<br
clear="none">
<a moz-do-not-send="true"
rel="nofollow" shape="rect"
target="_blank"
href="https://www.blacknight.com/">https://www.blacknight.com/</a><br
clear="none">
<a moz-do-not-send="true"
rel="nofollow" shape="rect"
target="_blank"
href="http://blacknight.blog/">http://blacknight.blog/</a><br
clear="none">
Intl. <a moz-do-not-send="true"
rel="nofollow" shape="rect" href="">+353
(0) 59 9183072</a><br clear="none">
Direct Dial: <a
moz-do-not-send="true"
rel="nofollow" shape="rect" href="">+353
(0)59 9183090</a><br clear="none">
Social: <a
moz-do-not-send="true"
rel="nofollow" shape="rect"
target="_blank"
href="http://mneylon.social/">http://mneylon.social</a><br
clear="none">
Some thoughts: <a
moz-do-not-send="true"
rel="nofollow" shape="rect"
target="_blank"
href="http://ceo.hosting/">http://ceo.hosting/</a><br
clear="none">
----------------------------- --<br
clear="none">
Blacknight Internet Solutions
Ltd, Unit 12A,Barrowside Business
Park,Sleaty<br clear="none">
Road,Graiguecullen,Carlow,R93
X265,Ireland Company No.: 370845<br
clear="none">
______________________________
_________________<br clear="none">
gnso-rds-pdp-wg mailing list<br
clear="none">
<a moz-do-not-send="true"
rel="nofollow" shape="rect"
ymailto="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br
clear="none">
<a moz-do-not-send="true"
rel="nofollow" shape="rect"
target="_blank"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/
listinfo/gnso-rds-pdp-wg</a><br
clear="none">
<br clear="none">
______________________________
_________________<br clear="none">
gnso-rds-pdp-wg mailing list<br
clear="none">
<a moz-do-not-send="true"
rel="nofollow" shape="rect"
ymailto="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br
clear="none">
<a moz-do-not-send="true"
rel="nofollow" shape="rect"
target="_blank"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/l
istinfo/gnso-rds-pdp-wg</a><br
clear="none">
</blockquote>
<br clear="none">
</div>
</div>
<span class="yiv9108844549HOEnZb"><font
color="#888888">
-- <br clear="none">
*-----------------------------
---------------*<br clear="none">
"It is a disgrace to be rich and
honoured<br clear="none">
in an unjust state" -Confucius<br
clear="none">
------------------------------
----------------<br clear="none">
Dr Sam Lanfranco (Prof Emeritus &
Senior Scholar)<br clear="none">
Econ, York U., Toronto, Ontario, CANADA
- M3J 1P3<br clear="none">
YorkU email: <a class="moz-txt-link-abbreviated" href="mailto:Lanfran@Yorku.ca">Lanfran@Yorku.ca</a> Skype:
slanfranco<br clear="none">
blog: <a moz-do-not-send="true"
rel="nofollow" shape="rect"
target="_blank"
href="http://samlanfranco.blogspot.com/">http://samlanfranco.blogspot.c
om</a><br clear="none">
Phone: <a moz-do-not-send="true"
rel="nofollow" shape="rect" href="">613
476-0429</a> cell: <a
moz-do-not-send="true" rel="nofollow"
shape="rect" href="">416-816-2852</a></font></span>
<div class="yiv9108844549HOEnZb">
<div class="yiv9108844549h5"><br
clear="none">
<br clear="none">
______________________________
_________________<br clear="none">
gnso-rds-pdp-wg mailing list<br
clear="none">
<a moz-do-not-send="true" rel="nofollow"
shape="rect"
ymailto="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br
clear="none">
<a moz-do-not-send="true" rel="nofollow"
shape="rect" target="_blank"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/l
istinfo/gnso-rds-pdp-wg</a></div>
</div>
</blockquote>
</div>
</div>
<br clear="none">
<br clear="all">
<div><br clear="none">
</div>
-- <br clear="none">
<div class="yiv9108844549gmail_signature">_________________________________<br
clear="none">
Note to self: Pillage BEFORE burning.</div>
<div class="yiv9108844549yqt3115795380"
id="yiv9108844549yqtfd22628">
</div>
</div>
</div>
</div>
<br>
<div class="yqt3115795380" id="yqtfd09601">_______________________________________________<br
clear="none">
gnso-rds-pdp-wg mailing list<br clear="none">
<a moz-do-not-send="true" shape="rect"
ymailto="mailto:gnso-rds-pdp-wg@icann.org"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br
clear="none">
<a moz-do-not-send="true" shape="rect"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></div>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</body>
</html>