<div dir="ltr">I access WHOIS data and derivatives through various portals and I do not assume that my queries are truly anonymous, but I trust the companies I do business with far more than the companies I query against.<div><br></div><div>If we accept gated access as a solution, we need convincing proof, not empty promises.</div><div><br></div><div>-The gated access cannot have an inferior user interface compared to current tools</div><div>-The gated access cannot have an inferior dataset<br></div><div>-The gated access cannot cost more money<br></div><div>-The gated access cannot expose defenders to risk from the same registrants/registrars attacking them</div><div>-The gated access cannot be designed such that corrupt registrars or jurisdictions can obstruct</div><div>-The gated access cannot block us from secondary processing necessary to defend our networks</div><div><br></div><div>The gated system is supposed to replicate in a closed system what the open system has accomplished naturally. This is an exceedingly difficult task, and the price of failure is high. </div><div><br></div><div>If we close the WHOIS system, and start collecting personal data from people with the new understanding that it is closed, and if the gated system utterly fails, we may not have the option of ever re-opening it.</div><div><br></div><div>-----------------------------------------------------------------</div><div><br></div><div>also +1 for using WHOIS data to differentiate between abused infrastructure and criminal infrastructure. Does anyone remember in 2014 when the legitimate DNS provider No-IP lost all its domains due to a court order? That is exactly what happens when someone can't differentiate. It probably isn't a coincidence that before the incident, <a href="http://noip.com">noip.com</a> was behind WHOIS privacy, and after the incident, the company's address and contact info is in the WHOIS. These are significant risks for an unreachable property owner- they can lose their property. </div><div><br></div><div>Users need to be educated about all the risks so they can weigh them in a manner that makes the most sense for their situation. It's not just junk mail.</div><div><br></div><div>What happened to No-IP is more rare nowadays because investigators can differentiate. Some here have argued that court orders should be required to obtain WHOIS data. While I appreciate your faith in our government, I can say from a realistic standpoint that once someone has sunk the massive time and money to get a court order, they aren't going to ask for WHOIS data. They're going to raid the datacenter and get all customers' data, and kitchen sink. There are many historical examples of this, all stem from inability to differentiate a criminal from their neighbors in the early stages. This is less of a problem than it used to be. Making infrastructure opaque brings us back to those days.</div><div><br></div><div>People attempting to engage in privacy activism need to understand these histories because there is a serious risk of unintended consequences. Privacy isn't a zero sum game, but it can be if the rulemakers don't understand how the game works.</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 29, 2017 at 11:00 AM, Paul Keating <span dir="ltr"><<a href="mailto:paul@law.es" target="_blank">paul@law.es</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The biggest issues i have with gating are centered around inconsistency and the loss of anonymity on the part of the requesting party. I can see a compromise in which gating is acceptable with the requirement that the conditions/standards applied for gating are neutral as to the requesting party and are laid out in concrete so as to not change.<br>
<br>
Sent from my iPad<br>
<div class="HOEnZb"><div class="h5"><br>
> On 28 Jun 2017, at 12:31, "<a href="mailto:benny@nordreg.se">benny@nordreg.se</a>" <<a href="mailto:benny@nordreg.se">benny@nordreg.se</a>> wrote:<br>
><br>
> I don’t want to start a long discussion on this topic, but only point out that a gated access designed right will not stop any of you from doing the same work as I see it.<br>
> --<br>
> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen<br>
><br>
> Benny Samuelsen<br>
> Registry Manager - Domainexpert<br>
><br>
> Nordreg AB - ICANN accredited registrar<br>
> IANA-ID: 638<br>
> Phone: <a href="tel:%2B46.42197080" value="+4642197080">+46.42197080</a><br>
> Direct: <a href="tel:%2B47.32260201" value="+4732260201">+47.32260201</a><br>
> Mobile: <a href="tel:%2B47.40410200" value="+4740410200">+47.40410200</a><br>
><br>
>> On 28 Jun 2017, at 13:26, <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a> wrote:<br>
>><br>
>> Thanks for chiming in and largely that was my point. I understand that several people have concerns about the privacy of registrants in whois. What I don't feel gets sufficient appreciation is that having access to whois data helps investigate and PREVENT large security and privacy risks. For instance, the recent malware outbreak that started in Ukraine (Petya/NotPetya). I can be more explicit on that when its over.<br>
>><br>
>> --<br>
>> John Bambenek<br>
>><br>
>>> On Jun 28, 2017, at 06:18, Rod Rasmussen <<a href="mailto:rod@rodrasmussen.com">rod@rodrasmussen.com</a>> wrote:<br>
>>><br>
>>> Thanks John - and let me point out that the authors are here at the meeting in JNB. :-)<br>
>>><br>
>>> Feel free to ping Greg or I on particular aspects of the report - especially if you’re here at the meeting and have some questions. One thing I can assure you having done the lions’ share of the data “crunching” is that whois was an invaluable part of being able to deliver various stats, classify fraudulent domains vs. compromised ones, and determine providers of subdomain reselling services to name a few. It was necessary to really make sense out of a lot of this data to deliver value to the community around how these activities are affecting various parties in the ecosystem.<br>
>>><br>
>>> Greg did a short post in CircleID on this as well: <a href="http://www.circleid.com/posts/20170627_phishing_the_worst_of_times_in_the_dns/" rel="noreferrer" target="_blank">http://www.circleid.com/posts/<wbr>20170627_phishing_the_worst_<wbr>of_times_in_the_dns/</a><br>
>>><br>
>>> Cheers,<br>
>>><br>
>>> Rod<br>
>>><br>
>>>> On Jun 27, 2017, at 9:42 AM, John Bambenek via gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>> wrote:<br>
>>>><br>
>>>> <a href="http://docs.apwg.org/reports/APWG_Global_Phishing_Report_2015-2016.pdf" rel="noreferrer" target="_blank">http://docs.apwg.org/reports/<wbr>APWG_Global_Phishing_Report_<wbr>2015-2016.pdf</a><br>
>>>><br>
>>>> Relevant to our discussions.<br>
>>>><br>
>>>> --<br>
>>>> --<br>
>>>><br>
>>>> John Bambenek<br>
>>>><br>
>>>> ______________________________<wbr>_________________<br>
>>>> gnso-rds-pdp-wg mailing list<br>
>>>> <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
>>>> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
>>><br>
>><br>
>> ______________________________<wbr>_________________<br>
>> gnso-rds-pdp-wg mailing list<br>
>> <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
>> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
><br>
> ______________________________<wbr>_________________<br>
> gnso-rds-pdp-wg mailing list<br>
> <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>Note to self: Pillage BEFORE burning.</div>
</div>