<div dir="ltr">There is a different between attributing motives to one another and recognizing competing interests in particular groups of stakeholders as a whole. The only way to protect the public interest or to build consensus for that matter, is to recognize competing interests that exist. <br><br>As an example, if I were in a room full of judges, and recognized that a judge that issues a bad decision in a court has an interest in avoiding access to public court records to avoid exposing deficiencies to careful public scrutiny does not mean that I am attributing a motive to any particular judge present if I were trying to recognize the interest in public access to court documents. It's a constructive argument to recognize this competing interest in favor of access to public records and it doesn't mean I would be attributing a motive to any particular judge present. The same is true with what I wrote below.<br><br>As another example, if there are reasons why registrars and registries may see RDS as an economic opportunity, that would be an important thing to acknowledge to safeguard the public interest. We would not want privacy concerns to be used as a cover. This does not mean that I would be pointing fingers at any specific registrar or registry to explore whether this possibility exists. It is very constructive for purposes of safeguarding the public to explore that question if it were true. For example, do registars or registries have an incentive to try and sell their contact data and protect it from competitors? Does RDS create an economic opportunity? These are important questions to ask in order to safeguard the public and balance competing interests, and it definitely doesn't mean I have any specific registrar or registry in mind by asking these questions.<div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small"><br></div><div class="gmail_extra"><div class="gmail_quote">On Thu, Jun 8, 2017 at 6:23 PM, Gomes, Chuck <span dir="ltr"><<a href="mailto:cgomes@verisign.com" target="_blank">cgomes@verisign.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div class="gmail-m_8131858795156812241WordSection1">
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif">I don’t think it is helpful or fair to attribute motives to one another, nor is it constructive.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif">Chuck<u></u><u></u></span></p>
<p class="MsoNormal"><a name="m_8131858795156812241__MailEndCompose"><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></a></p>
<span></span>
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"> <a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.<wbr>org</a> [mailto:<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-<wbr>bounces@icann.org</a>]
<b>On Behalf Of </b>jonathan matkowsky<br>
<b>Sent:</b> Thursday, June 08, 2017 5:00 AM<br>
<b>To:</b> John Bambenek <<a href="mailto:jcb@bambenekconsulting.com" target="_blank">jcb@bambenekconsulting.com</a>><br>
<b>Cc:</b> ICANN RDS <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>><br>
<b>Subject:</b> [EXTERNAL] Re: [gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:Tahoma,sans-serif">Yes, it does seem that there are competing interests here. Privacy enthusiasts who are trying to champion a guaranteed right to anonymity or complete privacy online over efficient availability
of information and freedom of access to the public Internet on the one hand. And it seems that registrars also have a competing interest in placing barriers to access at the registrar level because it creates for transparency, and holding them to public account.
Access prevents misconduct by registrars so they have a competing interest in avoiding exposing deficiencies to careful public scrutiny. <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:Tahoma,sans-serif"><u></u> <u></u></span></p>
</div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Jonathan Matkowsky<u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Thu, Jun 8, 2017 at 11:40 AM, John Bambenek via gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>> wrote:<u></u><u></u></p>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal">I find it telling the only actual entity that is named when we talk about whois scraping is domaintools, not actual spammers.<br>
<br>
To me that means you are MORE concerned about people who are investigating abuse than the actual people causing the abuse. That is why I am not really interested in gated access to anything besides some obvious other reasons (there simply is no way to build
it, it will break things, it will make all the abuse worse).<br>
<br>
You have convinced me and others that the first step when you create gated rds is to kick out security researchers and the anti-abuse industry. I mean why else did we burn a few hundred emails and weeks and thin data, for crying out loud?<br>
<br>
Based on the specific arguments made here it is clear to some the problem is not spam or abuse, the problem is there are those who fight it and it causes a bunch of headaches for the wrong people.<br>
<br>
J<br>
<br>
--<br>
John Bambenek<br>
<br>
On Jun 8, 2017, at 07:50, "<a href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>" <<a href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>> wrote:<br>
<br>
>> To the point at hand: I believe the notion of certifying private cybercrime investigators to be painfully naive (do I ignore reports from someone without a Internet Investigator License? Do we disallow them access to data?), impractical in the developed
world, and deeply chauvinistic, patronizing and exclusionary to our colleagues in emerging nations where capacity building is exactly what’s needed to deal with next-gen abuse.<br>
><br>
> A contractual relationship, call it accredited or whatever you want to call it, could be allowed better access to data for investigation. That would imo be a better solution than todays practise were the data are flowing freely to all kind of purposes which
often are used in a non respect full manner if you look at the disclaimer all registrars have in there whois output.<br>
><br>
> I find it interesting that there are people here on this list who defend a practise which clearly violate disclaimers in whois conditions for use of data and in the same sentence call them self good guys, that is kind of ironic.<br>
><br>
> This is the standard disclaimer I am referring too.<br>
><br>
> "# NOTE: All queries and IP addresses are logged.<br>
> #<br>
> # By submitting a WHOIS query, you agree to abide by the following<br>
> # terms of use: You agree to (a) use the retrieved data only for lawful<br>
> # purposes and (b) not use the retrieved data to:<br>
> # (1) allow, enable, or otherwise support the transmission of mass<br>
> # unsolicited, commercial advertising or solicitations via direct mail,<br>
> # e-mail, telephone, or facsimile; or (2) enable high volume, automated,<br>
> # electronic processes that apply to “registrar" or its information systems.<br>
> # The compilation, repackaging, dissemination or other use of this data<br>
> # is expressly prohibited without the prior written consent of “registrar".<br>
> #<br>
> # The data in “registrar" WHOIS database is provided by”registrar" for<br>
> # information purposes only, and to assist persons in obtaining<br>
> # information about or related to a domain name registration record.<br>
><br>
> I have never given, Domaintools or other services like that, a written consent for repackaging the data to there system, just as an example.<br>
><br>
> I do see there can be complications in a model with contractual relationships but its all about knowing who you give data too and who you can go to if there are problems in there use of the data. It’s not a perfect model but a more correct way of threatening
data exchange were the collectors (registrars) are under a contractual obligation and can be responsible for how the data are used.<br>
><br>
> --<br>
> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen<br>
><br>
> Benny Samuelsen<br>
> Registry Manager - Domainexpert<br>
><br>
> Nordreg AB - ICANN accredited registrar<br>
> IANA-ID: 638<br>
> Phone: <a href="tel:%2B46.42197080" target="_blank">+46.42197080</a><br>
> Direct: <a href="tel:%2B47.32260201" target="_blank">+47.32260201</a><br>
> Mobile: <a href="tel:%2B47.40410200" target="_blank">+47.40410200</a><br>
><br>
>> On 8 Jun 2017, at 07:54, Neil Schwartzman <<a href="mailto:neil@cauce.org" target="_blank">neil@cauce.org</a>> wrote:<br>
>><br>
>> My experience differs slightly. They aren’t ignored. The presence of these .TLDs is a strong indicator of abuse which bears further investigation.<br>
>><br>
>> To the point at hand: I believe the notion of certifying private cybercrime investigators to be painfully naive (do I ignore reports from someone without a Internet Investigator License? Do we disallow them access to data?), impractical in the developed
world, and deeply chauvinistic, patronizing and exclusionary to our colleagues in emerging nations where capacity building is exactly what’s needed to deal with next-gen abuse.<br>
>><br>
>><br>
>>> On Jun 8, 2017, at 2:36 AM, allison nixon <<a href="mailto:elsakoo@gmail.com" target="_blank">elsakoo@gmail.com</a>> wrote:<br>
>>><br>
>>> We're getting there. Entire top level domains are already ignored on many networks like .science, .xyz, .pw, .top, .club, et cetera<br>
>><br>
>> ______________________________<wbr>_________________<br>
>> gnso-rds-pdp-wg mailing list<br>
>> <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
>> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">
https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
><br>
> ______________________________<wbr>_________________<br>
> gnso-rds-pdp-wg mailing list<br>
> <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">
https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</div>
</blockquote></div><br></div></div>