<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Allison,<br>
</p>
<span style="font-size:12.8px"></span>
<blockquote
cite="mid:CACLR7w+XDpEesVdvdAYBF1kQF2NRB3MCVT4m9yAMD+1NXssGRQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">So put your contact address
as "123 fake st" and your phone number as "555-555-5555".
Make a fake email. No one is forcing you to disclose more
than you want to. And the only people who disclose too much
are doing so by mistake, not by coercion.</span></div>
</div>
</blockquote>
That would be providing incorrect whois data and can trigger an
investigation by ICANN and the registrar, if noticed. Not a good
idea. Let's not make the option to violate registration policy an
argument against protection of private data.<br>
<blockquote
cite="mid:CACLR7w+XDpEesVdvdAYBF1kQF2NRB3MCVT4m9yAMD+1NXssGRQ@mail.gmail.com"
type="cite">
<div dir="ltr"><span style="font-size:12.8px">Because when I
purchase something from Amazon, I need to give my credit card
number, address, zip, etc. Similarly, we do not get payment
details from the registrar, even though they require billing
address and zip code, which is a completely different dataset
than the zip codes in WHOIS data. WHOIS data is completely
arbitrary and not required to complete any transactions.</span></div>
</blockquote>
Ah, you misunderstood me. I meant that when I, a customer, get
ripped off by an Amazon marketplace seller, Amazon will in all
likelyhood not provide me with all data they have on the culprit.
Even the police may need a subpoena. <br>
<blockquote
cite="mid:CACLR7w+XDpEesVdvdAYBF1kQF2NRB3MCVT4m9yAMD+1NXssGRQ@mail.gmail.com"
type="cite">
<div dir="ltr"><span style="font-size:12.8px">Your comparisons
between anti-abuse and rent-a-cops further demonstrates your
disrespect. </span></div>
</blockquote>
Does it? Is that not the established term for all forms of security
services that is not empowered by the state? <br>
<blockquote
cite="mid:CACLR7w+XDpEesVdvdAYBF1kQF2NRB3MCVT4m9yAMD+1NXssGRQ@mail.gmail.com"
type="cite">
<div dir="ltr"><span style="font-size:12.8px">I am happy to allow
law enforcement to fully take over this work, but this field
has not matured enough yet, and the literacy just isn't there.</span></div>
</blockquote>
Sad, but true. My experience confirms this as well.<br>
<blockquote
cite="mid:CACLR7w+XDpEesVdvdAYBF1kQF2NRB3MCVT4m9yAMD+1NXssGRQ@mail.gmail.com"
type="cite">
<div dir="ltr"><span style="font-size:12.8px"> The skills,
experience, and power rests almost fully in the private
sector. This isn't some mall cop operation.</span></div>
</blockquote>
Don't knock on mall cops. They do important work too and are most
likely specialists for their limited area as well. <br>
<blockquote
cite="mid:CACLR7w+XDpEesVdvdAYBF1kQF2NRB3MCVT4m9yAMD+1NXssGRQ@mail.gmail.com"
type="cite">
<div dir="ltr"><span style="font-size:12.8px"> It's the last line
of defense between you and all manner of bad things happening
to you. You might not like that, and you probably don't want
to recognize that as legitimate, but it's reality. </span></div>
</blockquote>
I consider their work as legitimate, but they operate without any
official authority. The only authority they have is voluntarily
given based on their past work and their conduct. I think that this
is the important distinction to make: legitimate vs authorized.<span
style="font-size:12.8px"></span>
<blockquote
cite="mid:CACLR7w+XDpEesVdvdAYBF1kQF2NRB3MCVT4m9yAMD+1NXssGRQ@mail.gmail.com"
type="cite">
<div dir="ltr"><span style="font-size:12.8px">And it shows how bad
the situation is when an operation of this quality is still
the best and most used blocklist out there. When the volume of
abuse is so high that "due process" is, literally, a
mathematically impossible order. And despite all of those
flaws, their actions do more to protect privacy than anything
discussed in this working group.</span></div>
</blockquote>
There has to be some form of due process, anything else is anarchy.
<br>
<br>
Best,<br>
Volker<br>
<br>
<blockquote
cite="mid:CACLR7w+XDpEesVdvdAYBF1kQF2NRB3MCVT4m9yAMD+1NXssGRQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 14, 2017 at 1:03 PM, Volker
Greimann <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hi Allion,</p>
<p>to your first point: the right to privacy of ones own
data may be different where I live and where you live.
Suffice it to say that in our day-to-day business we get
eough complaints from customers who feel their rivacy
has been violated either by our putting their data out
for everyone to see or by customers of ours who provide
services that do the same. And we both agree that whois
privacy will not protect you 100%.</p>
<p>to your second point: why is requiring the same legal
standard for accessing data of customers of hosting
service providers, of ebay account holders, of Amazon
sellers and many other areas where the data is not
public suddenly not feasible for customers of domain
name registrars? Our privacy service gets regular
subpoenas for data of customers. Why is making that the
standard suddenly the end of the world?</p>
<p>And while I appreciate the good work that many like
John are doing on a private level, ultimately they are
not law enforcement and are not entitled to the same
level of access as law enforcement has just like a
rent-a-cop does not have the same law enforcement powers
a real cop has. <br>
</p>
<p>Re:Spamhaus: I have worked with them and while they
provide a valuable anti-spam service, some of their
methods or publications leave a lot to be desired. The
fact that they ofter outright refuse to provide evidence
of their claims, the fact that they outright lie to
ICANN compliance, and the fact that they bend numbers
anyway they need to fit their narrative do not help to
build trust and work with them as partners. I think they
provide a good service but ultimately they are
vigilantes and often overshoot their mark. This "study"
is one such instance where they present a result without
allowing the reader to look at the work that led to the
result. And that makes it worthless for peer review or
for basing anything on their results.<br>
</p>
<p>Best,</p>
<p>Volker</p>
<div>
<div class="h5">
<p><br>
</p>
<br>
<div class="m_2447512477303582408moz-cite-prefix">Am
14.02.2017 um 18:39 schrieb allison nixon:<br>
</div>
<blockquote type="cite">
<div dir="ltr">>><span
style="font-size:12.8px">Here you go with the
edge cases again.</span>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">The mother of
all edge cases is the main contention of this
entire working group. The theory that an
innocent domain registrant's privacy is either
"violated" or "not violated" and that this
somehow hinges on the privacy status of the
WHOIS data. This is absolutely a false
premise. If I want to find someone, and they
frequently use the Internet and aren't
extremely OPSEC-aware, I'm going to find them.
WHOIS privacy absolutely will not protect
them. </span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">Does anyone
believe this premise that also has experience
in investigations? I do not believe any such
person exists, because when you are
experienced in tracking people down, you will
know that this premise is factually untrue.</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">>></span><span
style="font-size:12.8px">Well it might be so,
but every singel person “claiming” they use
whois for investigation seems to lack the
understanding that they will get the access it
will just be a little harder to get the normal
misuse of whois info can be prevented but
looks like noen of you want that to happen</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">Is this an
assurance? Because the talk I see here is
about requiring paperwork like subpeonas and
search warrants and that isn't feasible both
from an investigation or automation standpoint
as well as the fact that the vast majority of
the anti-abuse community are not cops. There's
no sign whatsoever that there is consideration
towards anti-abuse.</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">>></span><span
style="font-size:12.8px">I trust these
statistics by spamhaus less than anything
coming out of the mouth of the orange menace.
And that is saying something.</span><span
style="font-size:12.8px"> </span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">You stand
alone in that opinion. Spamhaus is not perfect
but they are the most widely used blocklists
among network operators. The amount of harm
prevented by Spamhaus's block lists eclipses
the harm prevented by registrants receiving
WHOIS spam. It is like comparing the size of
the sun to the size of an ant. If you have
ever tried to operate from infrastructure
that's on Spamhaus's block lists, your access
to the Internet at large will be very poor
indeed.</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">How many of
you people actually have day to day experience
in fighting spam and preventing the massive
privacy invasions that happen on a daily basis
to innocent people? I am getting the feeling
that this group badly needs to gain some
perspective. WHOIS spam is a problem and is an
annoyance, privacy is important, but this
group keeps talking about WHOIS privacy and
completely ignoring the fact that by volume
such a scheme would cause great harms for
mostly imaginary gain. To me this shows a sign
that many of the arguments here are about
idealism without practical experience.</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 14, 2017 at
12:24 PM, <a moz-do-not-send="true"
href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:benny@nordreg.se"
target="_blank">benny@nordreg.se</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">Hi John<br>
<br>
None in the group can do that, just as little
as the opposite if we dont work together on
the needs, give and take on it, we will not
move forward.<br>
But the attitude which I see where the Status
Quo are the driver for the discussions are not
really productive…<br>
<br>
Everything can be changed with new privacy
laws coming in to force<br>
<span class="m_2447512477303582408im
m_2447512477303582408HOEnZb"><br>
<br>
<br>
--<br>
Med vänliga hälsningar / Kind Regards / Med
vennlig hilsen<br>
<br>
Benny Samuelsen<br>
Registry Manager - Domainexpert<br>
<br>
Nordreg AB - ICANN accredited registrar<br>
IANA-ID: 638<br>
Phone: <a moz-do-not-send="true"
href="tel:%2B46.42197080"
value="+4642197080" target="_blank">+46.42197080</a><br>
Direct: <a moz-do-not-send="true"
href="tel:%2B47.32260201"
value="+4732260201" target="_blank">+47.32260201</a><br>
Mobile: <a moz-do-not-send="true"
href="tel:%2B47.40410200"
value="+4740410200" target="_blank">+47.40410200</a><br>
<br>
</span><span class="m_2447512477303582408im
m_2447512477303582408HOEnZb">> On 14 Feb
2017, at 18:18, John Horton <<a
moz-do-not-send="true"
href="mailto:john.horton@legitscript.com"
target="_blank">john.horton@legitscript.com</a>>
wrote:<br>
><br>
> Hi Benny,<br>
><br>
> Let me try to dig into that a little
bit with a serious question. What assurance
do those of us engaged in cybercrime
investigation -- or not yet created
organizations that are legitimate -- have
that we would have the same level of access
in the future? Is it possible for this group
to make that assurance? To be sure, this
isn't my only concern or objection, but part
of what I'm trying to get at is: even if
those of us on this working group were to
agree that cybercrime-mitigation entities
should have the same access we have today,
what's to prevent a stricter regime from
changing the rules in the future? In other
words, if we create a system that empowers
one central organization to say that
Allison's reasons (for example) are valid
now, there's nothing to prevent that
organization from deciding to block her in
the future because they don't believe her
reasons for investigating cybercrime are
valid. Put another way, my concern isn't
that you personally or anyone on this group
wants to block cybercrime mitigation from
happening -- rather, I'm wondering how this
group could bind a future RDS 1, 5 or 10
years down the road not to change the
goalposts.<br>
><br>
> John Horton<br>
> President and CEO, LegitScript<br>
><br>
><br>
</span><span class="m_2447512477303582408im
m_2447512477303582408HOEnZb">> Follow
LegitScript: LinkedIn | Facebook |
Twitter | Blog | Google+<br>
><br>
><br>
><br>
</span>
<div class="m_2447512477303582408HOEnZb">
<div class="m_2447512477303582408h5">> On
Tue, Feb 14, 2017 at 9:05 AM, <a
moz-do-not-send="true"
href="mailto:benny@nordreg.se"
target="_blank">benny@nordreg.se</a>
<<a moz-do-not-send="true"
href="mailto:benny@nordreg.se"
target="_blank">benny@nordreg.se</a>>
wrote:<br>
> Well it might be so, but every singel
person “claiming” they use whois for
investigation seems to lack the
understanding that they will get the
access it will just be a little harder to
get the normal misuse of whois info can be
prevented but looks like noen of you want
that to happen...<br>
><br>
> --<br>
> Med vänliga hälsningar / Kind Regards
/ Med vennlig hilsen<br>
><br>
> Benny Samuelsen<br>
> Registry Manager - Domainexpert<br>
><br>
> Nordreg AB - ICANN accredited
registrar<br>
> IANA-ID: 638<br>
> Phone: <a moz-do-not-send="true"
href="tel:%2B46.42197080"
value="+4642197080" target="_blank">+46.42197080</a><br>
> Direct: <a moz-do-not-send="true"
href="tel:%2B47.32260201"
value="+4732260201" target="_blank">+47.32260201</a><br>
> Mobile: <a moz-do-not-send="true"
href="tel:%2B47.40410200"
value="+4740410200" target="_blank">+47.40410200</a><br>
><br>
> > On 14 Feb 2017, at 17:58,
allison nixon <<a
moz-do-not-send="true"
href="mailto:elsakoo@gmail.com"
target="_blank">elsakoo@gmail.com</a>>
wrote:<br>
> ><br>
> > Benny, dude, you just wrote
"Buhu my work will get harder", so please
don't complain about adult and mature
answers<br>
> ><br>
> > On Tue, Feb 14, 2017 at 11:56
AM, <a moz-do-not-send="true"
href="mailto:benny@nordreg.se"
target="_blank">benny@nordreg.se</a>
<<a moz-do-not-send="true"
href="mailto:benny@nordreg.se"
target="_blank">benny@nordreg.se</a>>
wrote:<br>
> > A very adult and mature answer…
with some nice baked in threats, funny its
only your kind of crimes which matter
apparantly… oh and the final on which
always are been draged out when there are
no more arguments, think about the one
child we can save…<br>
> ><br>
> > To answer your questions hidden
in the threats, yes you are part of the
better for all but that also means
everyone have to give and take to come to
a better solution.<br>
> > In you ignorance you completely
miss the point that by have all these data
public there are commited crimes every
minut by using those data nut hey what
does that matter as long as you business
can roll on… I guess those people will
thank you for you helpful insights…<br>
> ><br>
> > Welcome to the discussion<br>
> ><br>
> ><br>
> ><br>
> > --<br>
> > Med vänliga hälsningar / Kind
Regards / Med vennlig hilsen<br>
> ><br>
> > Benny Samuelsen<br>
> > Registry Manager - Domainexpert<br>
> ><br>
> > Nordreg AB - ICANN accredited
registrar<br>
> > IANA-ID: 638<br>
> > Phone: <a
moz-do-not-send="true"
href="tel:%2B46.42197080"
value="+4642197080" target="_blank">+46.42197080</a><br>
> > Direct: <a
moz-do-not-send="true"
href="tel:%2B47.32260201"
value="+4732260201" target="_blank">+47.32260201</a><br>
> > Mobile: <a
moz-do-not-send="true"
href="tel:%2B47.40410200"
value="+4740410200" target="_blank">+47.40410200</a><br>
> ><br>
> > > On 14 Feb 2017, at 17:29,
John Bambenek <<a
moz-do-not-send="true"
href="mailto:jcb@bambenekconsulting.com"
target="_blank">jcb@bambenekconsulting.com</a>>
wrote:<br>
> > ><br>
> > > Let me translate Allison's
comments in the light of your mockery.<br>
> > ><br>
> > > You're ideas of privacy are
patently absurd and your arrogance that
entire industries need to rewrite how they
do things to suit your effete and
fantastical notions is breathtaking. Your
mockery of people who investigate crime is
just icing on the cake. Its not a question
of looking past your own walls, its a
question of whether you religious fanatics
can acknowledge that other use cases are
valid (or are we not part of the "all" in
"better for all"). Are you really
suggesting preventing spam is a higher
priority than stopping human trafficking
online?<br>
> > ><br>
> > > If someone who had need of
privacy came to me for advice on
registering a domain name I would tell
them absolutely not to do it. Use blogspot
or any other mechanism that doesn't
involve a financial transaction to shield
your privacy. Creating paper trails is
always a poor life decision when OPSEC
matters. Anything less and I would stop
taking your concerns seriously.<br>
> > ><br>
> > > That said, we have a viable
compromise, its called whois privacy
protection. And it allows me to use risk
based decisions on how I treat traffic to
such domains.<br>
> > ><br>
> > > But if you wish to enable
criminals to better hide so they can steal
people's life savings, so they can
anonymously traffic in child exploitation
or to engage in sextortion against teenage
girls all because you can't handle a spam
filter, you can count me one that will
line up against you and very publicly
label you an enabler of child sexual
exploitation. Then I will go to Congress,
drag ICANN back under the Department of
Commerce and ensure some adult supervision
is had.<br>
> > ><br>
> > > Or you can calm the hell
down and knock it off with your attitude
and we can find a viable middle ground.
Totally your call.<br>
> > ><br>
> > > And if you are really
concerned about spammers, I help run
investigations against them too (using
whois data, in part) and could totally use
the help.<br>
> > ><br>
> > > Sent from my iPhone<br>
> > ><br>
> > >> On Feb 14, 2017, at
05:28, "<a moz-do-not-send="true"
href="mailto:benny@nordreg.se"
target="_blank">benny@nordreg.se</a>"
<<a moz-do-not-send="true"
href="mailto:benny@nordreg.se"
target="_blank">benny@nordreg.se</a>>
wrote:<br>
> > >><br>
> > >> So basicaly what you
say are… Buhu my work will get harder, let
all innocent registrants suffer from
spam/scam mail sprung out of the whois
data published, all those registrants who
get fake mails about renewing there domain
or buying fake SEO plans?<br>
> > >> How can anyone defend
that we have data published to get abused
just because some bad guys registrer
domains? And those of you who does will
still have access to the date just not in
the same easy way…<br>
> > >><br>
> > >> Sorry for my harsh tone
but I really don’t see why we cant look
past our own walls and find a solution
which are to the better for all..<br>
> > >><br>
> > >><br>
> > >> --<br>
> > >> Med vänliga hälsningar
/ Kind Regards / Med vennlig hilsen<br>
> > >><br>
> > >> Benny Samuelsen<br>
> > >> Registry Manager -
Domainexpert<br>
> > >><br>
> > >> Nordreg AB - ICANN
accredited registrar<br>
> > >> IANA-ID: 638<br>
> > >> Phone: <a
moz-do-not-send="true"
href="tel:%2B46.42197080"
value="+4642197080" target="_blank">+46.42197080</a><br>
> > >> Direct: <a
moz-do-not-send="true"
href="tel:%2B47.32260201"
value="+4732260201" target="_blank">+47.32260201</a><br>
> > >> Mobile: <a
moz-do-not-send="true"
href="tel:%2B47.40410200"
value="+4740410200" target="_blank">+47.40410200</a><br>
> > >><br>
> > >>> On 14 Feb 2017, at
06:38, allison nixon <<a
moz-do-not-send="true"
href="mailto:elsakoo@gmail.com"
target="_blank">elsakoo@gmail.com</a>>
wrote:<br>
> > >>><br>
> > >>> This car metaphor
isn't complete without also stating that
some car owners purchase them for the sole
purpose of running over people!<br>
> > >>><br>
> > >>> Some car owners
purchase fleets of cars to run over as
many people as possible. Even though they
re-use their name on every single vehicle
registration, the subpeona takes so long
that the city can no longer automatically
block the cars as they enter, and need to
wait for them to run over a few people
before they can do anything about it.<br>
> > >>><br>
> > >>> This metaphor has
obviously been tortured past the point of
absurdity, I'll leave it alone now.<br>
> > >>><br>
> > >>> I've mostly been
lurking for the whole duration of this
group, and please forgive me if I'm
missing something massive here, but I get
the impression that most people here don't
spend a lot of time doing investigations.
But this is my life. If I needed a
subpeona for every single historical
lookup, pivot, and reverse search, I would
get zero done due to a lack of legal
authority. Many if not most of the people
doing the heavy lifting in anti-cybercrime
efforts are private citizens with no
government issued authority. It seems that
the general expectation here is that
limiting access to people with badges is
OK, but I'm telling you there is a severe
lack of those skillsets and it will be
years before we see widespread technical
literacy among the police. Whatever system
results, private citizens need a path for
unrestricted and automated access. And if
we want to talk protecting privacy, I
think criminally motivated violations of
privacy are far more likely to affect
everyone's day to day life right now, and
automated WHOIS lookups are used heavily
especially in anti-phishing and anti-spam
operations.<br>
> > >>><br>
> > >>> With the status
quo, I can go on fishing expeditions
through the WHOIS data and turn up
hundreds of domains used for the same type
of malicious activity, and predict with a
high accuracy which domains will be
malicious before they are used for
anything. It sometimes turns up domains
owned by innocent people, and I doubt
privacy minded people would like that, but
the reality is I rarely ever encounter
WHOIS data that is convincing PII. It's
almost all fake. And if it's not fake,
it's a company's public contact info, or
it's a foolish person who turned down
WHOIS privacy protection, and will change
their WHOIS as soon as the spam starts
flowing.<br>
> > >>><br>
> > >>> Have there been any
studies on what percentage of WHOIS data
is real and correct? Can we ever expect to
have meaningful data when registrars are
allowed to take Bitcoins over Tor as
payment? At what point does "privacy"
become an empty argument when some of
these Internet hosting/registrar companies
clearly profit from facilitating abuse,
and network defenders block entire TLDs
due to the saturation of abuse?<br>
> > >>><br>
> > >>> From my vantage
point, I see great benefit from seeing
patterns in the fake data submitted by
fraudsters, and I see few harms from the
privacy side of things, because people
seem to generally realize that "123 fake
st" is a perfectly acceptable WHOIS entry.<br>
> > >>><br>
> > >>> I also recognize
this situation is completely absurd. Every
aspect of this is surely an abuse of the
original system. But it seems like
building a pyramid from the top down,
restricting access to supposed "PII" that
is unlikely to contain PII, to the
detriment of legitimate efforts that also
seek to enhance privacy by preventing
criminal theft of private data like bank
account numbers.<br>
> > >>><br>
> > >>><br>
> > >>> On Mon, Feb 13,
2017 at 9:14 PM, Sam Lanfranco <<a
moz-do-not-send="true"
href="mailto:sam@lanfranco.net"
target="_blank">sam@lanfranco.net</a>>
wrote:<br>
> > >>> I have to strongly
agree with Alex that whatever the criteria
are for thin data, they cannot include
that thin data "is transitive" in some
sort of bread crumb trail manner.<br>
> > >>><br>
> > >>> Everything is
potentially transitive in that sense. I
observe a vehicle but all I get is make,
model and license plate, and in most
jurisdictions that is all I get. It is the
vehicle owner's "thin data". Of course I
can hang around, see that the car has a
baby seat, witness a woman or man putting
a child in the car, assume that she/he has
legitimate access to the car, follow the
car and assemble more personal information
(lives at; works at; shops at; visits;)
The license plate didn't facilitate that
crumb train discovery, but no license
plate would hamper legitimate seeking of
information about who owns the car
(issuing a parking ticket, LEA
investigation, etc.) . License plate is
part of thin data with no gated access. Of
course, this will change in the era of the
digital vehicle. Depending on security,
and authorization, one will be able to
just ask the car, and ask about a lot of
things...like whose cell phone was in the
passenger's seat last night, when I was
supposed to be alone )-:<br>
> > >>><br>
> > >>> There needs to be a
similar balance (license plate but no
owner's name unless wanted, like Sam's
Curry Pizza Barn logo, phone number and
website URL painted on the side).<br>
> > >>><br>
> > >>> More Important,
have we made progress (convergence) on the
working principles that should be brought
to bear in building a thin data set. A lot
of time has been spent looking at good
case and bad case scenarios. What
operational principles have been distilled
from all these examples? What is the
balance between thin data inclusion and
exclusion, and design and technical
solutions that can be used to prevent (for
example) robotic harvesting? There is
another frontier here, and that is what
governments will do to restrain or enable
certain uses of thin data? While ICANN
needs to be aware of what is going on
there, that part is beyond ICANN's remit,
but those policies will help shape some of
the context within which ICANN deals with
the thin data task.<br>
> > >>><br>
> > >>> Sam L<br>
> > >>><br>
> > >>><br>
> > >>> On 2017-02-14 1:23
AM, Deacon, Alex wrote:<br>
> > >>> All,<br>
> > >>><br>
> > >>> So it seems the
debate has progressed from “thin data” to
“thick data” (i.e. data that includes
email). I know we are all super excited
to talk about “thick data” but I don’t
think we are there yet (are we? Hopefully
I didn’t miss the party…)<br>
> > >>><br>
> > >>> Focusing on thin
data for the moment I struggle to
understand how it is personal data. I do
not believe it is. As for the odd logic
proposed by some that the property of
privacy is transitive (i.e. Because “thin
data” can be used to link/point/discover
other data then “thin data” equals
“personal data”) I just don’t buy it.<br>
> > >>><br>
> > >>> I don’t disagree
with much of what was expressed in this
thread, however we must keep in mind that
balance and proportionality are important
concepts in many (all?) data privacy
laws. Any arguments that imply that no
such balance exists (or should exist) is
obstructive IMO.<br>
> > >>><br>
> > >>> Alex<br>
> > >>><br>
> > >>><br>
> > >>> On 2/13/17, 5:42
AM, <<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg-bounces@icann.org"
target="_blank">gnso-rds-pdp-wg-bounces@icann<wbr>.org</a>
on behalf of <a moz-do-not-send="true"
href="mailto:michele@blacknight.com"
target="_blank">michele@blacknight.com</a>>
wrote:<br>
> > >>><br>
> > >>> I agree and I
know from how I’ve used various email
addresses that they are actively being
harvested and spammed.<br>
> > >>> Also it’s
one of the biggest sources of complaints
we get from our clients (registrants)<br>
> > >>> It’s
definitely not an “edge case”.<br>
> > >>> Regards<br>
> > >>> Michele<br>
> > >>> --<br>
> > >>> Mr Michele
Neylon<br>
> > >>> Blacknight
Solutions<br>
> > >>> Hosting,
Colocation & Domains<br>
> > >>> <a
moz-do-not-send="true"
href="https://www.blacknight.com/"
rel="noreferrer" target="_blank">https://www.blacknight.com/</a><br>
> > >>> <a
moz-do-not-send="true"
href="http://blacknight.blog/"
rel="noreferrer" target="_blank">http://blacknight.blog/</a><br>
> > >>> Intl. <a
moz-do-not-send="true"
href="tel:+353%2059%20918%203072"
value="+353599183072" target="_blank">+353
(0) 59 9183072</a><br>
> > >>> Direct Dial:
+353 (0)59 9183090<br>
> > >>> Social: <a
moz-do-not-send="true"
href="http://mneylon.social"
rel="noreferrer" target="_blank">http://mneylon.social</a><br>
> > >>> Some thoughts: <a
moz-do-not-send="true"
href="http://ceo.hosting/"
rel="noreferrer" target="_blank">http://ceo.hosting/</a><br>
> > >>>
------------------------------<wbr>-<br>
> > >>> Blacknight
Internet Solutions Ltd, Unit
12A,Barrowside Business Park,Sleaty<br>
> > >>>
Road,Graiguecullen,Carlow,R93
X265,Ireland Company No.: 370845<br>
> > >>>
_____________________________<wbr>__________________<br>
> > >>> gnso-rds-pdp-wg
mailing list<br>
> > >>> <a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
> > >>> <a
moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
> > >>><br>
> > >>>
______________________________<wbr>_________________<br>
> > >>> gnso-rds-pdp-wg
mailing list<br>
> > >>> <a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
> > >>> <a
moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
> > >>><br>
> > >>> --<br>
> > >>>
*-----------------------------<wbr>---------------*<br>
> > >>> "It is a disgrace
to be rich and honoured<br>
> > >>> in an unjust state"
-Confucius<br>
> > >>>
------------------------------<wbr>----------------<br>
> > >>> Dr Sam Lanfranco
(Prof Emeritus & Senior Scholar)<br>
> > >>> Econ, York U.,
Toronto, Ontario, CANADA - M3J 1P3<br>
> > >>> YorkU email: <a
moz-do-not-send="true"
class="m_2447512477303582408moz-txt-link-abbreviated"
href="mailto:Lanfran@Yorku.ca"
target="_blank">Lanfran@Yorku.ca</a>
Skype: slanfranco<br>
> > >>> blog: <a
moz-do-not-send="true"
href="http://samlanfranco.blogspot.com"
rel="noreferrer" target="_blank">http://samlanfranco.blogspot.c<wbr>om</a><br>
> > >>> Phone: <a
moz-do-not-send="true"
href="tel:%28613%29%20476-0429"
value="+16134760429" target="_blank">613
476-0429</a> cell: <a
moz-do-not-send="true"
href="tel:%28416%29%20816-2852"
value="+14168162852" target="_blank">416-816-2852</a><br>
> > >>><br>
> > >>><br>
> > >>>
______________________________<wbr>_________________<br>
> > >>> gnso-rds-pdp-wg
mailing list<br>
> > >>> <a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
> > >>> <a
moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
> > >>><br>
> > >>><br>
> > >>><br>
> > >>> --<br>
> > >>>
______________________________<wbr>___<br>
> > >>> Note to self:
Pillage BEFORE burning.<br>
> > >><br>
> > >>
______________________________<wbr>_________________<br>
> > >> gnso-rds-pdp-wg mailing
list<br>
> > >> <a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
> > >> <a
moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > --<br>
> > ______________________________<wbr>___<br>
> > Note to self: Pillage BEFORE
burning.<br>
><br>
> ______________________________<wbr>_________________<br>
> gnso-rds-pdp-wg mailing list<br>
> <a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
> <a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
><br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_2447512477303582408gmail_signature"
data-smartmail="gmail_signature">______________________________<wbr>___<br>
Note to self: Pillage BEFORE burning.</div>
</div>
<br>
<fieldset
class="m_2447512477303582408mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
</div></div><pre class="m_2447512477303582408moz-signature" cols="72"><span class="HOEnZb"><font color="#888888">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a moz-do-not-send="true" href="tel:+49%206894%209396901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a></font></span><div><div class="h5">
Fax.: <a moz-do-not-send="true" href="tel:+49%206894%209396851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
------------------------------<wbr>--------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a moz-do-not-send="true" href="tel:+49%206894%209396901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a>
Fax.: <a moz-do-not-send="true" href="tel:+49%206894%209396851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a moz-do-not-send="true" class="m_2447512477303582408moz-txt-link-abbreviated" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</div></div></pre>
</div>
______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a moz-do-not-send="true" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a>
</blockquote></div>
<div>
</div>--
<div class="gmail_signature" data-smartmail="gmail_signature">_________________________________
Note to self: Pillage BEFORE burning.</div>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre></body></html>