<html>
<body>
Ayden, you are correct about the overwhelming length of this chain, and I
rarely step into them, but your post has left me with little
choice.<br><br>
Specifically, it is your use of the word "misappropriated"
which, in my mind, sets a tone which will make our job in this PDP
impossible.<br><br>
By the same logic, crows and ravens misappropriate twigs to dig for food,
chimpanzees misappropriate stones to crack nuts, and elephants
misappropriate branches to swat flies. In all cases, that was not what
the twig or stone or branch was originally designed for, but we generally
credit such innovative use of tools as signs of intelligence. <br><br>
At the other end of the spectrum, us humans have clearly misappropriated
the web, a tool originally conceived and developed to meet the demand for
automatic information-sharing between scientists in universities and
institutes around the world when we started using it for Facebook or
Youtube or electronic commerce.<br><br>
We are creatures that perceive a need and find a solution. You may
support a particular use or curse it, that is your prerogative. But
because you do not support a use does not make it less appropriate than
one you do support.<br><br>
In the specific case of trademark infringement that you mention, Whois is
explicitly cited in the Uniform Domain Name Dispute Resolution Policy, a
formal ICANN policy adopted over 17 years ago. How much more appropriate
can a usage be in relation to ICANN and the DNS?<br><br>
If we can ever get to the end of this process, we may choose to allow or
disallow specific uses, regardless of their lineage. But let's not
mis-characterize how we got here.<br><br>
Alan<br><br>
<br><br>
At 19/02/2017 07:51 PM, Ayden Férdeline wrote:<br><br>
<blockquote type=cite class=cite cite="">This email chain has become
overwhelming in length, so my apologies if I am misinterpreting the
recent direction of the discussion.<br><br>
From what you describe, Steve, of “settled expectations” over 15-20
years, WHOIS is a classic case of path dependency; it was a feature of
the Internet that was designed in different conditions for different
purposes and has been misappropriated by other parties because it was the
closest thing to a form of global identification of website owners that
could be offered in an Internet that lacked other tools to answer such a
question. I think we both understand how this came to be; what I do not
understand (or, rather, find difficult to accept) is the argument for why
it must continue.<br>
<br>
I accept that open-access WHOIS may, to a limited extent, facilitate
accountability online. My understanding of the concern of trademark
holders is that they need a mechanism of enforcing their trademark rights
against parties who register domain names which in their view infringe
upon their mark(s). Without WHOIS there is a perception that there is no
means of initiating a process against the party which is perceived as
misusing a trademark. Please correct me if I am mistaken or the concern
is broader. There are also arguments that law enforcement and private
investigators use WHOIS in their investigations.<br><br>
At the same time, in order to have such a system in place to facilitate
contact with the very, very small minority of domain name registrants
whose domain names infringe upon the trademark/IP rights of others, or
engage in abusive activities, we expose the sensitive personal data of
<i>all</i> domain name registrants to three categories of real and
significant abuse. These categories include: 1) unsolicited mass
communication, 2) individual solicitation and harassment, and 3) the
suppression of free speech. To the first point, we already know that
entities are harvesting WHOIS records and using this information to spam
others with marketing literature. To the second point, WHOIS has been
used to dox and swat vulnerable persons, and to commit identify fraud,
among other nefarious activities. To the third point, the lack of
anonymity in the WHOIS service quashes the free expression of thought,
because speakers have no protection from retaliation. These are all very
significant privacy issues which need to be addressed, and should have
been addressed long ago, so I take strong objection to the comment,
Steve, that privacy advocates “have been crying wolf on this issue for
more than a decade”. The entire burden of ending the problematic,
pre-existing default of open access to WHOIS records has been placed on
privacy advocates, while proponents of open access have the luxury of
reaping the benefits of inertia from our lack of consensus for
change.<br><br>
Best wishes,<br><br>
Ayden Férdeline<br>
<a href="http://www.linkedin.com/in/ferdeline">
linkedin.com/in/ferdeline</a><br><br>
<br>
<blockquote type=cite class=cite cite="">-------- Original Message
--------<br>
Subject: Re: [gnso-rds-pdp-wg] Dangers of public whois<br>
Local Time: 19 February 2017 9:40 PM<br>
UTC Time: 19 February 2017 21:40<br>
From: met@msk.com<br>
To: 'theo geurts' <gtheo@xs4all.nl>, nathalie coupet
<nathaliecoupet@yahoo.com>, gnso-rds-pdp-wg@icann.org
<gnso-rds-pdp-wg@icann.org>, rrasmussen@infoblox.com
<rrasmussen@infoblox.com><br><br>
<br>
Let me offer a +3/4 to the chain below. The following are my
personal views.<br><br>
<br><br>
I don’ t have any fundamental disagreement with Theo’s take on
this. Yes, if we (or the original designers of the current RDS) had
ready access to time machines, it would certainly have been designed
quite differently. <br><br>
<br><br>
But over 15-20 years, settled expectations have been built up that
contact data for domain name registrants will be available to the public
without significant restrictions. People in many fields have come
to rely on this as an element that promotes transparency, and thus
accountability, for activities on the Internet. Everyone recognizes
that it is a highly flawed tool for advancing this goal, but nonetheless
it is a tool many people rely on, and many of them would be very unhappy
if an organization like ICANN --- still unknown to the vast majority of
Internet users – were somehow to take it away for them. <br><br>
<br><br>
So if we are to move to a new system that will deprive people (entirely
or to a great extent) of this tool, then this needs to be accompanied by
some clear explanations of why it is absolutely necessary to do so, and
how what will replace it will give members of the general public not
just anti-abuse specialists, law enforcement andd yes even intellectual
property interests --- at least some part of the transparency they have
come to associate with the existing system. <br><br>
<br><br>
And personally, I don’t think that enactment of the GDPR comes close
by itself to providing that explanation. T; The new regulation
does not strike me as a quantum leap beyond the EU data protection
framework that has been in place for more than 20 years, almost as long
as Whois itself. Ever since at least 2002 in Shanghai and 2003 in
Montreal we have been hearing at ICANN about the impending train wreck
when Whois collides with the data protection authorities. Those who
have been crying wolf on this issue for more than a decade will have to
take that into account in crafting the narrative that will be needed to
explain a change of the magnitude we are discussing. <br><br>
<br><br>
<img src="cid:7.1.0.9.2.20170219200306.10053680@mcgill.ca.1" width=124 height=41 alt="image001">
<br><br>
<b>Steven J. Metalitz </b>|<b> Partner, through his professional
corporation</b><br><br>
T: 202.355.7902 | <a href="mailto:met@msk.com">met@msk.com</a><br><br>
<b>Mitchell Silberberg & Knupp</b> <b>LLP</b> |
<a href="http://www.msk.com/"><b>www.msk.com</a></b><br><br>
1818 N Street NW, 8th Floor, Washington, DC 20036<br><br>
<br><br>
<b><u>THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY
FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS.</u>
THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS
PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN
INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE,
DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY
PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE,
AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM.
THANK YOU.</b><br>
<br>
<br><br>
<b>From:</b> gnso-rds-pdp-wg-bounces@icann.org
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" eudora="autourl">
mailto:gnso-rds-pdp-wg-bounces@icann.org</a>] <b>On Behalf Of </b>theo
geurts<br>
<b>Sent:</b> Saturday, February 18, 2017 4:24 PM<br>
<b>To:</b> nathalie coupet; gnso-rds-pdp-wg@icann.org;
rrasmussen@infoblox.com<br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg] Dangers of public whois<br><br>
<br><br>
<br>
Hi Rod, Thanks, Nathalie,<br><br>
@Rod<br>
That is good info, and I agree this is something we need to keep in mind
<br>
when we get to that stage, but yes as a WG that should compass
us.<br><br>
And even though we should not get ahead of ourselves, but regarding <br>
solutions, having front row seats assisting LEA's and Intelligence <br>
agencies as a Registrar in several high-profile investigations like <br>
terrorism, IS, bounty kill lists and a lot more, I am pretty sure we as
<br>
a WG can honor the principle that privacy is a human right as laid out
<br>
by the UN, and yet make sure, we have the technical solutions. I think
<br>
creating the technical solutions is the least of our worries. Engineers
<br>
can code a solution for everything; we just need lawyers and privacy
<br>
guidelines to help us out. So perhaps we cannot show you X as it is <br>
personal data we can show you A and how A is involved in tons of <br>
criminal activities and map out an entire botnet...<br><br>
<br>
Have a good weekend or what is left of it.<br><br>
Theo<br><br>
<br><br>
<br><br>
<br><br>
<br><br>
<br>
On 18-2-2017 21:44, nathalie coupet via gnso-rds-pdp-wg wrote:<br>
> I was holding my breath to see what the reaction would be. +2 to
Theo!<br>
><br>
> Sent from my iPhone<br>
><br>
>> On Feb 18, 2017, at 2:10 PM, Rod Rasmussen
<<a href="mailto:rrasmussen@infoblox.com">rrasmussen@infoblox.com</a>
> wrote:<br>
>><br>
>> I cannot PLUS ONE this comment enough - thank you Theo!<br>
>><br>
>> One thing that I would like to point out that we covered in the
EWG and I think is one of many keys to solving many of the issues exposed
here but is missing from this current debate is the concept that we do
not have to come up with a “one size fits all” solution. For example,
there are different requirements under privacy law for business entities
vs. private individuals, there are different amounts of information
people and businesses may want to provide to various parties both
publicly and privately, and those of us who deal with abuse and domain
reputation can make different decisions on actions (blocking, take-down,
LE involvement, etc.) based on what is occurring and what is published in
an RDS. Everyone in the ecosystem already does this with the current
whois system, but inconsistently, with varying degrees of knowledge, and
without formal “rules of the road”. I think it would be helpful for
everyone, no matter what your primary issues are to keep this in mind, as
it allows you to better conceive solutions to the myriad issues we have
to address. Make the system flexible to accommodate different kinds of
use cases and desires for “transparency” around domain ownership,
contactabilty, and accountability.<br>
>><br>
>> Cheers,<br>
>><br>
>> Rod<br>
>><br>
>><br>
>> Rod Rasmussen<br>
>> VP, Cybersecurity<br>
>> Infoblox<br>
>><br>
>>> On Feb 17, 2017, at 1:09 PM, theo geurts
<<a href="mailto:gtheo@xs4all.nl">gtheo@xs4all.nl</a>> wrote:<br>
>>><br>
>>> Mark,<br>
>>><br>
>>> Thank you for your comment. I think you are nailing the
problem here; this is very good IMO.<br>
>>><br>
>>> "and the need to mitigate them does not eliminate the
need to have public data."<br>
>>><br>
>>> This is the issue here. That data should have never been
public if we look at the EU GDPR and many other data privacy laws around
the globe, and this is what causes Registries and Registrars having
massive problems regarding complying with the law.<br>
>>><br>
>>> So we with the RDS we are starting from scratch. So and I
think this is KEY here, how do we ensure privacy and yet make sure we can
still effectively combat abuse.<br>
>>><br>
>>> Speaking personally, I think privacy is very important, and
I do not like the fact my personal data is being processed all over the
place by shady folks.<br>
>>> As a Registrar, I find it very important that we should not
go backward in fighting abuse. For the simple reason, abuse costs us
money, and we should never be in a situation that it becomes harder to
battle child porn, or taking down terrorists, or sinkhole botnets.<br>
>>><br>
>>> So what we cannot do is ignore all these privacy laws. That
would be insane as we would be piling up in tons of fines here.<br>
>>> We do not want to reduce effectiveness regarding abuse
because that is costing money also. And to be clear here, the registrants
will be soaking it all up one way or another.<br>
>>><br>
>>> So my take on this is, we make sure that we move on and
address BOTH issues and this is our task as a WG. Our task is to solve
these problems as we start from scratch with RDS. We learned our lessons
from the current WHOIS, now we need to make sure that we can avoid all
these pitfalls within RDS.<br>
>>><br>
>>> Thank you for making it this far.<br>
>>><br>
>>> Have a good weekend,<br>
>>><br>
>>> Theo<br>
>>> Registrar<br>
>>><br>
>>><br>
>> _______________________________________________<br>
>> gnso-rds-pdp-wg mailing list<br>
>>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<br>
>>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
> _______________________________________________<br>
> gnso-rds-pdp-wg mailing list<br>
>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<br>
>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br><br>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</blockquote><br>
Content-Type: image/gif; name="image001.gif"<br>
Content-ID: <image001.gif@01D28ACC.3941F0F0><br>
Content-Disposition: inline; filename="image001.gif"<br>
X-Microsoft-Exchange-Diagnostics:<br>
<x-tab> </x-tab>
1;DM5PR03MB2714;9:tdxAx8xMQgAx4Gs73KhKeeJnhdSFoLZJMqy0YExEjtN2QkxAv647qbRT/F0l0Hnn/nKhfAMU+S8FwA4Ppi+jeVAD0cFy/LRIp4ZusIbBQNvhPwZU2SLSvpvc4/43gF5d50LnfFbFPNVZpF8+K99EP/PMi0mZp6osCFogHjFvH2QeIEaPdX2I2NgcFeUQbqlb2+g5b+MjyNvWdFCAxfspAEicufgrStlS4iDd+DV39XodbLV65S+ZeK3qyxwZE2s390sAmmVOVxz9Edm2rvvrbKDcmb3w4qfsWCMWyqarANW6Fr+7+AgTh/Ntx5XaGo0/ONNpxnfKQWIOqvHG7G+oRyh2QQqrUV41wCfZf0BsClTIGI/FSPZzrcwBOcoF9U5LbIkJQY+SkF9yO/6a0euTAtY06UD7WT78U/j9WWoNwiy5Cs7HBPFn/lJUxca7+sGR<br>
X-Microsoft-Antispam-Mailbox-Delivery:<br>
<x-tab> </x-tab>
ex:0;auth:0;dest:I;ENG:(20160514016)(520000050)(520002050)(750028);<br>
<br>
<br>
Content-Type: text/plain; charset="us-ascii"<br>
Content-Transfer-Encoding: 7bit<br>
Content-Disposition: inline<br>
X-Microsoft-Exchange-Diagnostics:<br>
<x-tab> </x-tab>
1;DM5PR03MB2714;9:tdxAx8xMQgAx4Gs73KhKeeJnhdSFoLZJMqy0YExEjtN2QkxAv647qbRT/F0l0Hnn/nKhfAMU+S8FwA4Ppi+jeVAD0cFy/LRIp4ZusIbBQNvhPwZU2SLSvpvc4/43gF5d50LnfFbFPNVZpF8+K99EP/PMi0mZp6osCFogHjFvH2QeIEaPdX2I2NgcFeUQbqlb2+g5b+MjyNvWdFCAxfspAEicufgrStlS4iDd+DV39XodbLV65S+ZeK3qyxwZE2s390sAmmVOVxz9Edm2rvvrbKDcmb3w4qfsWCMWyqarANW6Fr+7+AgTh/Ntx5XaGo0/ONNpxnfKQWIOqvHG7G+oRyh2QQqrUV41wCfZf0BsClTIGI/FSPZzrcwBOcoF9U5LbIkJQY+SkF9yO/6a0euTAtY06UD7WT78U/j9WWoNwiy5Cs7HBPFn/lJUxca7+sGR<br>
X-Microsoft-Antispam-Mailbox-Delivery:<br>
<x-tab> </x-tab>
ex:0;auth:0;dest:I;ENG:(20160514016)(520000050)(520002050)(750028);<br>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
gnso-rds-pdp-wg@icann.org<br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></blockquote>
</body>
</html>