<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.percentbar
{mso-style-name:percentbar;}
span.body
{mso-style-name:body;}
span.m-7998131626756526054m-9163358764285633796hoenzb
{mso-style-name:m_-7998131626756526054m_-9163358764285633796hoenzb;}
span.m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb
{mso-style-name:m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yiv9108844549hoenzb;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle27
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:638610619;
mso-list-template-ids:1123816914;}
@list l0:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:778917896;
mso-list-template-ids:36094502;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:982152066;
mso-list-type:hybrid;
mso-list-template-ids:1560604928 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l2:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3
{mso-list-id:1215970851;
mso-list-type:hybrid;
mso-list-template-ids:1560604928 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l3:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l4
{mso-list-id:2029527855;
mso-list-template-ids:415688696;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Dear Volker:<o:p></o:p></span></a></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">I will fact-check a few items here. One, you just mis-stated Spamhaus’ findings and methodology. Two, there’s
a reason why you don’t see these problems in your mailbox. It’s not because the problems don’t exist – it’s because you have a company taking care of the problem. <o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Three, you may not trust Spamhaus, but some of us here with experience disagree with you.
<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">One:<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">You claimed below that Spamhaus says that “93.3 percent of all domains registered under the .science TLD are malicious.
Spamhaus said no such thing. Spamhaus is saying that of the recent mail flow they received that contain .science domains, 93% of that email was spam. That is a measurement based on real-life observation and a well-described l methodology:
</span></span><a href="https://www.spamhaus.org/statistics/tlds/"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">https://www.spamhaus.org/statistics/tlds/</span></span><span style="mso-bookmark:_MailEndCompose"></span></a><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">
<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">There are 232,611 domains in the .science TLD right now. Spamhaus says that 61,418 mails containing .science domains
reached Spamhaus’ mail sensors recently, and 57,323 of those were spam – 93% of the .science domains that Spamhaus saw in use, and 26% of all the domains that exist in the .science TLD. Plus: a) Spamhaus’s sensors only see a certain percentage of all the
mail in the world, and b) these are recent stats…. more spam .science domains were found in the past but not counted there. So that under-states the problem in this TLD. Either way, these numbers are bad news. <o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Two:
<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">You don’t see much spam in your spam filters because your company, Key-Systems, employs a spam-fighting email service
company called Hornet Security. Hornet Security prevents spam, phishing attempts, and malware from even getting to your company (and your mailbox and filter). Hornet Security uses blocklists in its solution. I would not be surprised if Spamhaus was one
of them. <o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">DIG<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">;ANSWER<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">key-systems.net. 11665 IN MX 10 mx19a.antispameurope.com.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">antispameurope.com --> hornetsecurity.com
<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Three: You may not trust Spamhaus, but they are respected members of the anti-spam industry. Spamhaus’ data protects
three billion email boxes. They have worked as a trusted partner of law enforcement on some big cybercrime cases. I have had personal experience with their staff over the years. And I would not be surprised if the majority of the people on this working
group have their mail (and possibly networks) protected in part by Spamhaus’s IP and domain name blocklists.
<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">Other:<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">I don’t see what your questions about pricing have to do with the current discussion. Criminals certainly seem
to like cheap domains, but you know that ICANN does not regulate the prices that registrars charge.
<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">All best,<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">--Greg<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><o:p> </o:p></span></span></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org]
<b>On Behalf Of </b>Volker Greimann<br>
<b>Sent:</b> Tuesday, February 14, 2017 12:13 PM<br>
<b>To:</b> gnso-rds-pdp-wg@icann.org<br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg] Dangers of public whois<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">That old horse again?<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Here are some hard facts about the volume of abuse going on:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a href="https://www.spamhaus.org/statistics/tlds/">https://www.spamhaus.org/statistics/tlds/</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Right now, 93.3 percent of all domains registered under the .science TLD are malicious!<o:p></o:p></p>
</div>
</div>
</blockquote>
<p class="MsoNormal">Those statistics are only their perceived truth just like the audience at Trumps inauguration was the largest ever!
<br>
<br>
Their statistics are deeply flawed as they only look at a small part of domain names and disregard major pieces of the puzzle:<br>
According to nTLD stats, .science has 232,611 domains, yet the Spamhaus reports bases their badness rating on an arbitrary number of domains "seen". They even state that if a domain is not in the focus of their anti-abuse systems, it will not be counted as
seen. By ignoring the majority of domains in a TLD one can dream up any percentage one likes, apparently.
<br>
<br>
Look at the numbers for .top: Apparently <span class="body">400,469 domains are used maliciously. 400,469! That is a lot of abuse that I somehow have not heard about from any other source, never seen in my spam filters, etc.
</span><br>
<br>
But I will not dispute that there may be a large number of domains in that TLD may be used for abuse. Yet the report does not go into further detail? Could a contributing factor of "badness" be a low price, attracting the wrong kind of customer? How is this
badness distributed amongst registrars? They also do not detail how they decided a domain was malicious in the first place? Yet on the other hand they accuse registries and registrars of knowingly aiding and abetting criminals. Without providing proof. Or
even complaining to ICANN about them, apparently. I would assume that when you make such bold statements as Spamhaus does, they have the evidence to back them up...<br>
<br>
I trust these statistics by spamhaus less than anything coming out of the mouth of the orange menace. And that is saying something.
<br>
<br>
Best,<br>
Volker<br>
<br>
<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">>><span style="font-size:9.5pt">the question should be: Do you have a legally enforceable right to access that data and do with it whatever you please.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">At the moment, the answer to that is yes. And network owners also have a right to decide who they want to interact with. WHOIS is used as part of that determination. Not only is registrant data correlated with
past malicious registrants, but the age of the domain is also determined through WHOIS. Without this granularity, network owners will absolutely err on the side of blocking too much over too little. We already see this with residential ISPs blocking entire
TCP and UDP ports for their customer base, because the alternative is a level of abuse that takes the entire network down. Where is the "free and open Internet" when the Internet doesn't work anymore? Those are the battles that are being fought right now,
and pretending this isn't a problem is a "wall" on yalls part, not mine.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">Here is a list of all the ports that Comcast blocks for its users. This has nothing to do with freedom of speech and everything to do with the fact that Comcast's network will die if they don't do this. As
a consequence I can't send outbound TCP/25 SMTP anymore:</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a href="https://www.xfinity.com/support/internet/list-of-blocked-ports/"><span style="font-size:9.5pt">https://www.xfinity.com/support/internet/list-of-blocked-ports/</span></a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">And over-blocking is going to be a worse problem when granularity is taken away from network defenders. When Spamhaus decides an entire country's TLD has too much abuse, most network operators will agree, and
legitimate sites (like that country's government, companies, and media outlets) are an acceptable loss. You're going to see more of this, and that country's government has little recourse aside from cleaning up their entire TLD so network operators can be
convinced to remove the blocks. But since abuse-laden TLDs are usually that way due to lack of budget, it's more likely that the entire country will simply suffer harms instead.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I am really surprised at how little credence is being given to these problems.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Tue, Feb 14, 2017 at 9:41 AM, theo geurts <<a href="mailto:gtheo@xs4all.nl" target="_blank">gtheo@xs4all.nl</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<p><o:p> </o:p></p>
<p class="MsoNormal">Hi John, <br>
<br>
I agree we do not want to create a centralized registration and surveillance scheme.
<br>
<br>
Such a system would be subject to many regulations and fines from Data Regulators. If we do not execute privacy properly we are creating a system that will cost millions of dollars in fines alone. Tho that would actually answer the question are the costs of
RDS viable. The answer would be no. <br>
<br>
Theo <o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">On 14-2-2017 14:59, John Horton wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444">Nathalie and others,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444">I wanted to take a moment and explain why I'm strongly opposed to requiring email or other registration in order to view thin or thick details. For the reasons outlined below, I
think it's antithetical to the open and decentralized nature of the internet, and constitutes a form of internet surveillance. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444">First, putting aside repressive regimes, private networks and edge cases, one of the hallmark principles of the internet is that it's open; you don't have to register or justify
your need to access information on the internet. And, it's decentralized. Historically, its open nature has included not only being able to see a website, but also the registration details for the website's domain name. And, whatever governments may do (which
isn't the question here), there's no centralized internet surveillance or registration authority for internet users generally. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444">If we impose a scheme where there is a central organization with the authority to a) require registration and b) centrally control access, and c) (as has been proposed) require
the user to provide a reason for their access, that organization then also has the ability to d) make judgment calls about what reasons are valid and which are not and e) maintain data on who accessed what RDS data, for what reason, for how long and why. Note
also that at least one version of the EWG report said that f) the organization would be empowered to levy punitive measures against internet users who accessed more data than the RDS deems appropriate.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444">So: you have a system that surveils internet users who access some information and maintains data on their use of that data. Let's think about the following scenarios from the point
of view of openness, decentralization and civil liberties.<o:p></o:p></span></p>
</div>
<div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:0in;mso-list:l4 level1 lfo6">
<span style="font-family:"Arial",sans-serif">A journalist (or blogger) is writing an investigative article and wants to find out who is behind a domain name. If we require registration and disclosure of the reason, that in essence creates a situation where
the RDS de facto is monitoring that journalist and determining if their basis for conducting the investigation is worthy. It also allows the RDS the ability to monitor the journalist's use of the domain name registration data. This potentially chills free
speech. <o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:0in;mso-list:l4 level1 lfo6">
<span style="font-family:"Arial",sans-serif">Consider a political activist who wishes to expose corruption by an elected politician and wants to access RDS information to show, for example, conflicts of interests in the politician's business operations. Once
the political activist has to disclose who they are, let alone why they are accessing the information, that not only chills legitimate political activism but also potentially opens up a route for government abuse (e.g., if a government agency were able to
subpoena the list of who accessed RDS information for which domain names and why). <o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:0in;mso-list:l4 level1 lfo6">
<span style="font-family:"Arial",sans-serif">Academic researchers periodically review Whois/RDS data; requiring them to register before reviewing data and disclose why they are doing the research potentially empowers the RDS to monitor academic research and
determine its worthiness. <o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:0in;mso-list:l4 level1 lfo6">
<span style="font-family:"Arial",sans-serif">Imagine that a cybercrime network is under investigation (as they are wont to be); requiring law enforcement to register -- particularly if there is a log of which domain names they reviewed RDS for -- can potentially
compromise the investigation if that information is disclosed. Would registrants have the right to be informed every time that someone registered to review their RDS details? <o:p></o:p></span></li></ul>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#222222">For one central entity to possess that much power over internet users is something that I think we should avoid, and it's antithetical to the principles of openness and decentralization.
There are other well-known solutions to spam and inappropriate contacts; forcing all other legitimate activities to grind to a screeching halt -- particular under the umbrella of a surveillance scheme -- is a cure worse than the disease. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#222222"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#222222">I recognize and agree that we should try to find constructive solutions to this that require some compromise, and I'm grateful not only for the expertise that Stephanie and others
have brought to this group, but also that Benny and others have pointed out some of the problems with Whois details being inappropriately used (e.g., for spam). However, I wanted to outline my strong concerns about creating a centralized registration and surveillance
scheme over one subset of internet users as part of the solutions. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#222222"><o:p> </o:p></span></p>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#073763">John Horton<br>
President and CEO, LegitScript</span> <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#444444">Follow</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#0B5394">
</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Legit<span style="color:#0B5394">Script</span></span></b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">:
</span><a href="http://www.linkedin.com/company/legitscript-com" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#CC0000">LinkedIn</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> | </span><a href="https://www.facebook.com/LegitScript" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#6AA84F">Facebook</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">
| </span><a href="https://twitter.com/legitscript" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#674EA7">Twitter</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> | </span><a href="http://blog.legitscript.com" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Blog</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">
|<span style="color:#FF9900"> </span></span><a href="https://plus.google.com/112436813474708014933/posts" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Google+</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Tue, Feb 14, 2017 at 4:10 AM, nathalie coupet via gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div id="m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yui_3_16_0_ym19_1_1487072479779_39184">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">Hi Allison,<o:p></o:p></span></p>
</div>
<div id="m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yui_3_16_0_ym19_1_1487072479779_39184">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div id="m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yui_3_16_0_ym19_1_1487072479779_39184">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">Would you be able to carry out your investigations normally if access to WHOIS thick were restricted only by the need to enter an email? <o:p></o:p></span></p>
</div>
<div id="m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yui_3_16_0_ym19_1_1487072479779_39184">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div id="m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yui_3_16_0_ym19_1_1487072479779_39184">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">With regards to privacy by design, instead of pushing for the implementation of this concept inside the realm of WHOIS where it is foreign, since it is an engineering
concept, why not advocate for its implementation at the design level of the Internet, where it belongs? <o:p></o:p></span></p>
</div>
<div id="m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yui_3_16_0_ym19_1_1487072479779_39184">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif;color:#888888"><o:p> </o:p></span></p>
</div>
<div id="m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yui_3_16_0_ym19_1_1487072479779_39185">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif;color:#888888"> <o:p></o:p></span></p>
</div>
<div id="m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yui_3_16_0_ym19_1_1487072479779_39232">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif;color:#888888">Nathalie <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica",sans-serif;color:#888888"><o:p> </o:p></span></p>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">On Tuesday, February 14, 2017 12:38 AM, allison nixon <</span><a href="mailto:elsakoo@gmail.com" target="_blank"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">elsakoo@gmail.com</span></a><span style="font-size:10.0pt;font-family:"Arial",sans-serif">>
wrote:</span><span style="font-family:"Helvetica",sans-serif"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
<div>
<div id="m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yiv9108844549">
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">This car metaphor isn't complete without also stating that some car owners purchase them for the sole purpose of running over people!
<o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">Some car owners purchase fleets of cars to run over as many people as possible. Even though they re-use their name on every single vehicle registration, the subpeona
takes so long that the city can no longer automatically block the cars as they enter, and need to wait for them to run over a few people before they can do anything about it.<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><br>
This metaphor has obviously been tortured past the point of absurdity, I'll leave it alone now.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">I've mostly been lurking for the whole duration of this group, and please forgive me if I'm missing something massive here, but I get the impression that most people
here don't spend a lot of time doing investigations. But this is my life. If I needed a subpeona for every single historical lookup, pivot, and reverse search, I would get zero done due to a lack of legal authority. Many if not most of the people doing the
heavy lifting in anti-cybercrime efforts are private citizens with no government issued authority. It seems that the general expectation here is that limiting access to people with badges is OK, but I'm telling you there is a severe lack of those skillsets
and it will be years before we see widespread technical literacy among the police. Whatever system results, private citizens need a path for unrestricted and automated access. And if we want to talk protecting privacy, I think criminally motivated violations
of privacy are far more likely to affect everyone's day to day life right now, and automated WHOIS lookups are used heavily especially in anti-phishing and anti-spam operations.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">With the status quo, I can go on fishing expeditions through the WHOIS data and turn up hundreds of domains used for the same type of malicious activity, and predict
with a high accuracy which domains will be malicious before they are used for anything. It sometimes turns up domains owned by innocent people, and I doubt privacy minded people would like that, but the reality is I rarely ever encounter WHOIS data that is
convincing PII. It's almost all fake. And if it's not fake, it's a company's public contact info, or it's a foolish person who turned down WHOIS privacy protection, and will change their WHOIS as soon as the spam starts flowing.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">Have there been any studies on what percentage of WHOIS data is real and correct? Can we ever expect to have meaningful data when registrars are allowed to take Bitcoins
over Tor as payment? At what point does "privacy" become an empty argument when some of these Internet hosting/registrar companies clearly profit from facilitating abuse, and network defenders block entire TLDs due to the saturation of abuse?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">From my vantage point, I see great benefit from seeing patterns in the fake data submitted by fraudsters, and I see few harms from the privacy side of things, because
people seem to generally realize that "123 fake st" is a perfectly acceptable WHOIS entry.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">I also recognize this situation is completely absurd. Every aspect of this is surely an abuse of the original system. But it seems like building a pyramid from the
top down, restricting access to supposed "PII" that is unlikely to contain PII, to the detriment of legitimate efforts that also seek to enhance privacy by preventing criminal theft of private data like bank account numbers.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
<div id="m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yiv9108844549yqtfd25452">
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">On Mon, Feb 13, 2017 at 9:14 PM, Sam Lanfranco <</span><a href="mailto:sam@lanfranco.net" target="_blank"><span style="font-family:"Helvetica",sans-serif">sam@lanfranco.net</span></a><span style="font-family:"Helvetica",sans-serif">>
wrote:<o:p></o:p></span></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">I have to strongly agree with Alex that whatever the criteria are for thin data, they cannot include that thin data "is transitive" in some sort of bread crumb trail
manner.<br>
<br>
Everything is potentially transitive in that sense. I observe a vehicle but all I get is make, model and license plate, and in most jurisdictions that is all I get. It is the vehicle owner's "thin data". Of course I can hang around, see that the car has a baby
seat, witness a woman or man putting a child in the car, assume that she/he has legitimate access to the car, follow the car and assemble more personal information (lives at; works at; shops at; visits;) The license plate didn't facilitate that crumb train
discovery, but no license plate would hamper legitimate seeking of information about who owns the car (issuing a parking ticket, LEA investigation, etc.) . License plate is part of thin data with no gated access. Of course, this will change in the era of the
digital vehicle. Depending on security, and authorization, one will be able to just ask the car, and ask about a lot of things...like whose cell phone was in the passenger's seat last night, when I was supposed to be alone )-:<br>
<br>
There needs to be a similar balance (license plate but no owner's name unless wanted, like Sam's Curry Pizza Barn logo, phone number and website URL painted on the side).<br>
<br>
More Important, have we made progress (convergence) on the working principles that should be brought to bear in building a thin data set. A lot of time has been spent looking at good case and bad case scenarios. What operational principles have been distilled
from all these examples? What is the balance between thin data inclusion and exclusion, and design and technical solutions that can be used to prevent (for example) robotic harvesting? There is another frontier here, and that is what governments will do to
restrain or enable certain uses of thin data? While ICANN needs to be aware of what is going on there, that part is beyond ICANN's remit, but those policies will help shape some of the context within which ICANN deals with the thin data task.<br>
<br>
Sam L <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><br>
<br>
On 2017-02-14 1:23 AM, Deacon, Alex wrote:<o:p></o:p></span></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica",sans-serif">All,<br>
<br>
So it seems the debate has progressed from “thin data” to “thick data” (i.e. data that includes email). I know we are all super excited to talk about “thick data” but I don’t think we are there yet (are we? Hopefully I didn’t miss the party…)<br>
<br>
Focusing on thin data for the moment I struggle to understand how it is personal data. I do not believe it is. As for the odd logic proposed by some that the property of privacy is transitive (i.e. Because “thin data” can be used to link/point/discover
other data then “thin data” equals “personal data”) I just don’t buy it.<br>
<br>
I don’t disagree with much of what was expressed in this thread, however we must keep in mind that balance and proportionality are important concepts in many (all?) data privacy laws. Any arguments that imply that no such balance exists (or should exist)
is obstructive IMO.<br>
<br>
Alex<br>
<br>
<o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">On 2/13/17, 5:42 AM, <</span><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank"><span style="font-family:"Helvetica",sans-serif">gnso-rds-pdp-wg-bounces@icann
.org</span></a><span style="font-family:"Helvetica",sans-serif"> on behalf of </span>
<a href="mailto:michele@blacknight.com" target="_blank"><span style="font-family:"Helvetica",sans-serif">michele@blacknight.com</span></a><span style="font-family:"Helvetica",sans-serif">> wrote:<br>
<br>
I agree and I know from how I’ve used various email addresses that they are actively being harvested and spammed.<br>
Also it’s one of the biggest sources of complaints we get from our clients (registrants)<br>
It’s definitely not an “edge case”.<br>
Regards<br>
Michele<br>
--<br>
Mr Michele Neylon<br>
Blacknight Solutions<br>
Hosting, Colocation & Domains<br>
</span><a href="https://www.blacknight.com/" target="_blank"><span style="font-family:"Helvetica",sans-serif">https://www.blacknight.com/</span></a><span style="font-family:"Helvetica",sans-serif"><br>
</span><a href="http://blacknight.blog/" target="_blank"><span style="font-family:"Helvetica",sans-serif">http://blacknight.blog/</span></a><span style="font-family:"Helvetica",sans-serif"><br>
Intl. +353 (0) 59 9183072<br>
Direct Dial: +353 (0)59 9183090<br>
Social: </span><a href="http://mneylon.social/" target="_blank"><span style="font-family:"Helvetica",sans-serif">http://mneylon.social</span></a><span style="font-family:"Helvetica",sans-serif"><br>
Some thoughts: </span><a href="http://ceo.hosting/" target="_blank"><span style="font-family:"Helvetica",sans-serif">http://ceo.hosting/</span></a><span style="font-family:"Helvetica",sans-serif"><br>
----------------------------- --<br>
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty<br>
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845<br>
______________________________ _________________<br>
gnso-rds-pdp-wg mailing list<br>
</span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="font-family:"Helvetica",sans-serif">gnso-rds-pdp-wg@icann.org</span></a><span style="font-family:"Helvetica",sans-serif"><br>
</span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span style="font-family:"Helvetica",sans-serif">https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg</span></a><span style="font-family:"Helvetica",sans-serif"><br>
<br>
______________________________ _________________<br>
gnso-rds-pdp-wg mailing list<br>
</span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="font-family:"Helvetica",sans-serif">gnso-rds-pdp-wg@icann.org</span></a><span style="font-family:"Helvetica",sans-serif"><br>
</span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span style="font-family:"Helvetica",sans-serif">https://mm.icann.org/mailman/l istinfo/gnso-rds-pdp-wg</span></a><span style="font-family:"Helvetica",sans-serif"><o:p></o:p></span></p>
</div>
</div>
</blockquote>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="background:white"><span class="m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb"><span style="font-family:"Helvetica",sans-serif;color:#888888">--
</span></span><span style="font-family:"Helvetica",sans-serif;color:#888888"><br>
<span class="m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb">*----------------------------- ---------------*</span><br>
<span class="m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb">"It is a disgrace to be rich and honoured</span><br>
<span class="m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb">in an unjust state" -Confucius</span><br>
<span class="m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb">------------------------------ ----------------</span><br>
<span class="m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb">Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)</span><br>
<span class="m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb">Econ, York U., Toronto, Ontario, CANADA - M3J 1P3</span><br>
<span class="m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb">YorkU email:
</span></span><a href="mailto:Lanfran@Yorku.ca" target="_blank"><span style="font-family:"Helvetica",sans-serif">Lanfran@Yorku.ca</span></a><span class="m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb"><span style="font-family:"Helvetica",sans-serif;color:#888888">
Skype: slanfranco</span></span><span style="font-family:"Helvetica",sans-serif;color:#888888"><br>
<span class="m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb">blog:
</span></span><a href="http://samlanfranco.blogspot.com/" target="_blank"><span style="font-family:"Helvetica",sans-serif">http://samlanfranco.blogspot.c om</span></a><span style="font-family:"Helvetica",sans-serif;color:#888888"><br>
<span class="m-7998131626756526054m-9163358764285633796m3299425158225197531yiv9108844549hoenzb">Phone: 613 476-0429 cell: 416-816-2852</span></span><span style="font-family:"Helvetica",sans-serif">
<o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><br>
<br>
______________________________ _________________<br>
gnso-rds-pdp-wg mailing list<br>
</span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="font-family:"Helvetica",sans-serif">gnso-rds-pdp-wg@icann.org</span></a><span style="font-family:"Helvetica",sans-serif"><br>
</span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span style="font-family:"Helvetica",sans-serif">https://mm.icann.org/mailman/l istinfo/gnso-rds-pdp-wg</span></a><span style="font-family:"Helvetica",sans-serif"><o:p></o:p></span></p>
</div>
</div>
</blockquote>
</div>
</div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><br>
<br clear="all">
<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">--
<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">_________________________________<br>
Note to self: Pillage BEFORE burning.<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
<div id="m_-7998131626756526054m_-9163358764285633796m_3299425158225197531yqtfd09601">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica",sans-serif">_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
</span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="font-family:"Helvetica",sans-serif">gnso-rds-pdp-wg@icann.org</span></a><span style="font-family:"Helvetica",sans-serif"><br>
</span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span style="font-family:"Helvetica",sans-serif">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</span></a><span style="font-family:"Helvetica",sans-serif"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>gnso-rds-pdp-wg mailing list<o:p></o:p></pre>
<pre><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><o:p></o:p></pre>
<pre><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></pre>
</blockquote>
</div>
</div>
</div>
<p class="MsoNormal">_______________________________________________ gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a> <o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<p class="MsoNormal">_________________________________ Note to self: Pillage BEFORE burning.<o:p></o:p></p>
</div>
</div>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>gnso-rds-pdp-wg mailing list<o:p></o:p></pre>
<pre><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><o:p></o:p></pre>
<pre><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></pre>
</blockquote>
<pre>-- <o:p></o:p></pre>
<pre>Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Mit freundlichen Grüßen,<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Volker A. Greimann<o:p></o:p></pre>
<pre>- Rechtsabteilung -<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Key-Systems GmbH<o:p></o:p></pre>
<pre>Im Oberen Werk 1<o:p></o:p></pre>
<pre>66386 St. Ingbert<o:p></o:p></pre>
<pre>Tel.: +49 (0) 6894 - 9396 901<o:p></o:p></pre>
<pre>Fax.: +49 (0) 6894 - 9396 851<o:p></o:p></pre>
<pre>Email: <a href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Web: <a href="http://www.key-systems.net">www.key-systems.net</a> / <a href="http://www.RRPproxy.net">www.RRPproxy.net</a><o:p></o:p></pre>
<pre><a href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com">www.BrandShelter.com</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:<o:p></o:p></pre>
<pre><a href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a><o:p></o:p></pre>
<pre><a href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Geschäftsführer: Alexander Siffrin<o:p></o:p></pre>
<pre>Handelsregister Nr.: HR B 18835 - Saarbruecken <o:p></o:p></pre>
<pre>Umsatzsteuer ID.: DE211006534<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Member of the KEYDRIVE GROUP<o:p></o:p></pre>
<pre><a href="http://www.keydrive.lu">www.keydrive.lu</a> <o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>--------------------------------------------<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Should you have any further questions, please do not hesitate to contact us.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Best regards,<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Volker A. Greimann<o:p></o:p></pre>
<pre>- legal department -<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Key-Systems GmbH<o:p></o:p></pre>
<pre>Im Oberen Werk 1<o:p></o:p></pre>
<pre>66386 St. Ingbert<o:p></o:p></pre>
<pre>Tel.: +49 (0) 6894 - 9396 901<o:p></o:p></pre>
<pre>Fax.: +49 (0) 6894 - 9396 851<o:p></o:p></pre>
<pre>Email: <a href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Web: <a href="http://www.key-systems.net">www.key-systems.net</a> / <a href="http://www.RRPproxy.net">www.RRPproxy.net</a><o:p></o:p></pre>
<pre><a href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com">www.BrandShelter.com</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Follow us on Twitter or join our fan community on Facebook and stay updated:<o:p></o:p></pre>
<pre><a href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a><o:p></o:p></pre>
<pre><a href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>CEO: Alexander Siffrin<o:p></o:p></pre>
<pre>Registration No.: HR B 18835 - Saarbruecken <o:p></o:p></pre>
<pre>V.A.T. ID.: DE211006534<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Member of the KEYDRIVE GROUP<o:p></o:p></pre>
<pre><a href="http://www.keydrive.lu">www.keydrive.lu</a> <o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
</div>
</body>
</html>