<div dir="ltr"><div><div>To add to what Allison has indicated, websites do analysis of these sorts of datapoints for evaluating transactions for fraud and potential abuse. For example, signups form domains that have private registrations have a very high propensity to be related to abuse. Signups and visits to our websites from IP addresses belonging to hosting providers have an even higher correlation with abuse (how many endusers browse the web from severs in datacenters?).<br><br></div>This is not police action, it is organizations protecting themselves, their other users and the internet at large from abusive activity.<br><br></div>Michael Hammer<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 28, 2017 at 2:33 PM, allison nixon <span dir="ltr"><<a href="mailto:elsakoo@gmail.com" target="_blank">elsakoo@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Reputation is based on a lot of different points not just contents of WHOIS data. If the .EU TLD can keep its customer base clean, there isn't much need for WHOIS data for the most part, however this group doesn't make policy for ccTLDs. For other TLDs that this group does recommend policy for, for example, .XYZ, which boasts a greater-than-90-percent rate of maliciousness, any legitimate domain in that space will need some other points of reputation to make up for that. WHOIS is part of that, including the age, and actual contact details.<div><br></div><div>That said, WHOIS data is an important part of tracing ownership and it can have consequences for the registrant.<br><div><div><br></div><div>Recently we had to deal with a ccTLD of .ir that was being used to control large botnets. The current and historical WHOIS data showed signs that a legitimate registrant's account was stolen to do this. Thus, when the complaint was sent to the registrar, the registrant was not accused of running botnets, but instead the registrar was alerted to an abuse of the service and they could take action accordingly. If the ownership of this domain could not be traced, and if there were not skilled investigators on the other end, would the registrant have been in danger of going to an Iranian prison? </div><div><br></div><div>It turns out, the ccTLD of .ir was specifically chosen because the criminals thought the poor international relations would hamper law enforcement action. However WHOIS and the transparency it provides allowed people to discover the truth and prevent serious problems. By locking up WHOIS behind court orders, these cross-border issues will become worse.</div><div><br></div><div>Also, to be clear since a lot of people can't seem to tell the difference, everything we did was well within the bounds of civil action, we weren't "pretending to be the police" or any of the other things people in this group accuse security companies of doing when they deal with malware. Any member of the public can file an abuse complaint.</div><div><br></div><div><br></div><div><br></div><div><br></div></div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 28, 2017 at 2:10 PM, theo geurts <span dir="ltr"><<a href="mailto:gtheo@xs4all.nl" target="_blank">gtheo@xs4all.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Allison, <br>
</p>
<p>Does this problem also exsist with TLDs like .EU, .NL, .DE, .FR
just to name a few ccTLDs?</p>
<p>Curious, <br>
</p>
<p>Theo <br>
</p><div><div class="m_-3822653643895831728h5">
<br>
<div class="m_-3822653643895831728m_-8357489614026739257moz-cite-prefix">On 28-9-2017 19:42, allison nixon
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>>> So, I can see a day that if privacy advocates
and/or EU legislation fears prevent such a Best Practice as
proper WHOIS records, the service providers will simply choose
practices, such as 'you cannot access our service unless you
have public whois information available'.<br>
</div>
<div><br>
</div>
<div>It's already happening. Try sending an e-mail using a
domain behind WHOIS privacy. Some anti-spam systems drop it
straight in the garbage because WHOIS privacy is already a
negative reputation point. If WHOIS gets shut down, I fully
expect groups like Spamhaus, M3AAWG, APWG, etc, to publish a
set of guidelines that registrants need to abide by in order
to send mail, or be accessible by people behind corporate
firewalls that block based on reputation. ICANN must
understand that they are at risk of losing relevancy if they
want to take this hardline approach, because if a law breaks
the continued functioning of a network, the network will route
around it.</div>
<div><br>
</div>
<div>Look at the "cookies" EU law. Did that actually stop any
websites from using cookies? No, it just created a popup that
no one reads but everyone clicks through to visit the website.
Because breaking cookies breaks websites. </div>
<div><br>
</div>
<div><br>
</div>
<div>>>Some of us have real jobs too..</div>
<div><br>
</div>
<div>which is the main reason why i can't spend 8 hours every
day watching this group, unlike some people here who have been
active in this group for years now. </div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>My response to Chuck's email earlier, I bolded the
responses and tagged the start and end of my replies for
clarity:</div>
<div><br>
</div>
<div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">"independent answers to
the same questions we asked the European data protection
experts earlier in the year"<br>
[Chuck Gomes] That was a request from WG members who felt
that the DP experts might be biased. The questions were
developed by the WG. There were two primary reasons for
using the same questions: 1) both groups would be responding
to the same questions and therefore make it easy to compare;
2) the questions were approved by the WG.</blockquote>
<div><br>
</div>
<div><b><allison>I don't think anyone accused the DP
experts of being biased. The objection was that the
questions themselves were biased. The words "phishing" and
"spam" and "malware" never once appeared in this entire
document, despite being major core issues. The only abuse
issues that were focused on were in relation to
intellectual property violation and harassment of women,
both of which are not the major issues most of us deal
with on a daily basis(not to belittle them but they are
generally not the reason why we are here today). The word
"fraud" was mentioned once in a question and then never
directly addressed in the response.</b></div>
<div><b><br>
</b></div>
<div><b>Additionally, my entire industry was grossly
misrepresented in question #6. None of us operate with
police powers, and none of us pretend to have any. When we
submit a complaint to a registrar about one of their
customers breaking the law, the illegality of the act
provides necessary justification for the registrar to drop
the customer without a refund. This is not prosecution of
a crime, and claiming it is such is a lie. Evidence of
breaking the law is necessary because registrars aren't
just going to take down any customer we say we don't like.
I wholly object to the entire line they continued on about
cybersecurity companies and "quasi-police powers", because
the question never differentiated between civil and
criminal actions and it was therefore misleading. </b></div>
<div><b><br>
</b></div>
<div><b>None of the questions addressed the issues that
registrants have where their WHOIS and other reputation
points affect the de-facto functionality of a domain, for
example a domain's functionality is hampered when it is on
blocklists. Or if someone sends a complaint against the
domain and has no tools to differentiate the registrant
from the criminal (as registrar accounts are often
hacked), then the incorrect accusation can also affect the
operability of the domain as it is mistakenly taken down
in confusion. None of the questions ask about conflicts
between GDPR and basic network-level-functionality of
domains.</b></div>
<div><b><br>
</b></div>
<div><b>Also, none of the questions ask if a free
no-obligation alternative (whois privacy protect) enhances
the validity of consent given for making WHOIS records
public. </allison></b></div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">So we weren't allowed to
ask questions of these legal experts? You know, they can't
magically divine all legitimate use cases. The session with
the EU data protection experts earlier this year is the
exact same one we objected to because anti abuse use cases
got exactly zero representation. So why choose that exact
set of questions again especially since an entire group of
people have joined the group afterwards(actually, due to
this specific problem of lack of representation)? And then
label it "final", really.<br>
[Chuck Gomes] We didn’t ask them to consider use cases
except as they were relevant to the questions we asked; that
is our job and we prepared a list of those a long time ago.
We asked them to focus on their understanding of European
Data Protection law. Our WG has a good mix of people that
use RDS data for different uses.</blockquote>
<div> </div>
<div><b><allison>And his answers are borderline useless.
The scenarios presented were extremely poor, and not
reflecting today's Internet and the problems network
operators face. For example, when he writes "This means
that the term 'vital interest' is to be interpreted as
referring to an individual’s life, health, safety, or
other such interest that is essential to their physical
wellbeing", he goes on to talk about IP violations, the
rights of a child, the economic interests of a search
engine, finally concluding "we believe that the </b><b>conditions
for using the 'legitimate interests' legal basis would not
be satisfied".</b></div>
<div><b><br>
</b></div>
<div><b>That's a complete misrepresentation of the interests
at stake here. The issue at hand is not the economic
interests of one company nor about mere copyright
infringement. The WHOIS data resource is used to combat
all types of fraud, international espionage, rigging of
elections, and so many hostile attacks. Some of these
attacks, especially DDOS, frequently threaten basic
functionality of the Internet. It has an international
strategic value and promotes lawful behavior far more than
it hurts. It's used to create cleaner, safer networks.
There are countless documented instances where WHOIS
played a key role and where the replacement system would
have allowed the malicious behavior to continue. All of
these facts have been conveniently left out of the
question, and since the lawyer can't be expected to know
all this, he has no choice but to conclude that the
legitimate interests provided are too weak.
</allison></b></div>
<div><br>
</div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Havent gone through it
yet, will do so as i get time. Expecting to see the same
result one can expect when one doesn't represent entire
groups of constituencies.<br>
[Chuck Gomes] What do you mean by representing ‘entire
groups of constituencies’? Do you represent an entire
constituency? Are you aware of any constituencies who are
not represented in the WG? If so, please encourage them to
participate.</blockquote>
</div>
<div><br>
</div>
<div><b><allison>Dozens of people joined this mailing list
after numerous events demonstrated that this working group
did not consider the overall well being of the Internet, and
had a completely skewed idea of the problems the Internet
faces today. People were outraged that this group was going
in the direction it was going, ignoring how the Internet
actually works. The fact that these questions were chosen-
and the fact that the new membership(especially those that
joined after the questions were initially asked) were not
given any opportunity to provide input on questions to the
lawyer- does not reflect well on the leadership of this
working group. Even when the original questions were
created, as far as I can tell, only people physically
present at that meeting had any chance to provide input. For
those of us with jobs in operations, being ever-present for
this working group is impossible, and none of us have the
stamina that some of the people here have, because we are
busy working. </b></div>
<div><b><br>
</b></div>
<div><b>At its most charitable interpretation, the choice of
these specific questions could be an innocent oversight or
miscommunication. At its least charitable, it looks like
ICANN's money was wasted on a procedural trick to keep facts
out of the conversation and continue to push a narrow
agenda.</b></div>
<div><b><br>
</b></div>
<div><b>People from numerous unrelated Internet companies and
law firms flooded this group earlier this year once sunshine
was shed on this group's activities. Maybe that's important.
Please take it seriously. </allison></b></div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Sep 27, 2017 at 6:22 PM,
Michael Peddemors <span dir="ltr"><<a href="mailto:michael@linuxmagic.com" target="_blank">michael@linuxmagic.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">IMHO, If
ICANN cannot figure out how to make a proper functioning
WHOIS policy, we have to remember that the community at
large will, and then simply, ICANN will loose relevance on
this issue.<br>
<br>
No one passed a law that a mail server had to have a
functioning PTR record, (well yes, some international spam
legislations clearly spelled out the need for clearly
specifying the operator) but if you want to send email
today, functionally you need a PTR record.<br>
<br>
Only problem is, that often it is the biggest players that
set those standards, and it is the role of organizations
like ICANN to level the field, and make sure that directions
aren't dictated by the biggest players on the block, and
never more so in a world of consolidation and cloud
providers.<br>
<br>
I think it was Yahoo that was one of the first big players
to simply not accept connections from IP(s) with no PTR, and
I know we were one of the early adopters to that strategy..<br>
<br>
So, I can see a day that if privacy advocates and/or EU
legislation fears prevent such a Best Practice as proper
WHOIS records, the service providers will simply choose
practices, such as 'you cannot access our service unless you
have public whois information available'.<br>
<br>
It would be far better if ICANN can understand the
importance of that need, and make a statement that everyone
can get behind and point to, that levels that field, in
'spite' of possible contradictory privacy information.<br>
<br>
Let's just simple keep these two conversations separate, one
should NOT affect the other, this isn't a privacy vs
information publishing standards issue, we can have both.<br>
<br>
(And again, I assert that simply 'informed consent' can
always deal with any situations where they conflict)<br>
<br>
-- Michael --<br>
<br>
PS, my concern is that this lengthy wrangling prevents real
work from getting done, and the participants who are
integral to this conversation will fall by the way side, and
the lobbyist's will simply wear them down ..<br>
<br>
Some of us have real jobs too..<span><br>
<br>
<br>
On 17-09-27 02:58 PM, John Bambenek via gnso-rds-pdp-wg
wrote:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
A simple policy proscription would be, for instance, to
say under US law if you get a domain under the control
of a US registrar, we need you to consent to full
disclosure. Don't like it, pick a European ccTLD. I
don't advocate that, mind you, but that's the kind of
policy balkanization could produce.<br>
<br>
j<br>
<br>
<br>
On 09/27/2017 04:31 PM, Paul Keating wrote:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
I am failing to understand how such a walled-garden
approach will solve anything.<br>
<br>
</span><a href="http://1.EU" rel="noreferrer" target="_blank">1.EU</a>
registrars/registries would still have to deal with
GDPR.<br>
<br>
2.Registrars are not aided by the distinction since they
would still end up with EU customers and EU registrant
data.<br>
<br>
PRK<br>
<br>
From: <<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann<wbr>.org</a>
<mailto:<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounce<wbr>s@icann.org</a>>>
on behalf of jonathan matkowsky <<a href="mailto:jonathan.matkowsky@riskiq.net" target="_blank">jonathan.matkowsky@riskiq.net</a>
<mailto:<a href="mailto:jonathan.matkowsky@riskiq.net" target="_blank">jonathan.matkowsky@ris<wbr>kiq.net</a>>><span><br>
Date: Wednesday, September 27, 2017 at 11:03 PM<br>
</span>
To: Rubens Kuhl <<a href="mailto:rubensk@nic.br" target="_blank">rubensk@nic.br</a>
<mailto:<a href="mailto:rubensk@nic.br" target="_blank">rubensk@nic.br</a>>><br>
Cc: RDS PDP WG <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<mailto:<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.<wbr>org</a>>><span><br>
Subject: Re: [gnso-rds-pdp-wg] WSGR Final Memorandum<br>
<br>
Assuming for argument's sake that's true without
taking any<br>
position as I'm still catching up from a week ago,
I'm not sure<br>
this should be dismissed without consideration as
a possibility,<br>
although obviously not by any stretch of the
imagination ideal --><br>
non-EU registrars block EU registrants, and
registries contract<br>
with non-EU registrars.<br>
<br>
On Tue, Sep 26, 2017 at 8:25 PM, Rubens Kuhl <<a href="mailto:rubensk@nic.br" target="_blank">rubensk@nic.br</a><br>
</span>
<mailto:<a href="mailto:rubensk@nic.br" target="_blank">rubensk@nic.br</a>>>
wrote:<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
On Sep 26, 2017, at 7:17 PM, John Horton<br>
<<a href="mailto:john.horton@legitscript.com" target="_blank">john.horton@legitscript.com</a><br>
</span><span>
<mailto:<a href="mailto:john.horton@legitscript.com" target="_blank">john.horton@legitscrip<wbr>t.com</a>>>
wrote:<br>
<br>
Much of this problem goes away if we all
agree that EU-based<br>
registrars should henceforth only be allowed
to accept<br>
registrants in the EU. Aside from the effect
on EU<br>
registrars' revenue, what's the logical
argument against that<br>
from a policy perspective?<br>
<br>
</span>
After all, isn't the purpose of the GDPR to
protect _EU<br>
residents_?<br>
</blockquote>
<span>
<br>
That's correct, but the conclusion is not.
Non-EU registrars<br>
are also subject to GDPR if targeting EU
customers, which<br>
could be as simple as providing services in EU
languages and<br>
accepting registration transactions from the
EU.<br>
So, for the problem to go away non-EU
registrars would need to<br>
block EU registrants, and registries would
only be able to<br>
enter contracts with non-EU registrars.<br>
<br>
So EU users would either be happy using
numeric IP addresses,<br>
or develop a naming system of their own. Then
we would have<br>
balkanisation, this time actually including
the original balkans.<br>
<br>
<br>
Rubens<br>
<br>
<br>
<br>
<br>
<br>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
</span>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<mailto:<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.<wbr>org</a>><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><span><br>
<<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a>><br>
<br>
<br>
<br>
******************************<wbr>******************************<wbr>*******<br>
This message was sent from RiskIQ, and is intended
only for the<br>
designated recipient(s). It may contain
confidential or<br>
proprietary information and may be subject to
confidentiality<br>
protections. If you are not a designated
recipient, you may not<br>
review, copy or distribute this message. If you
receive this in<br>
error, please notify the sender by reply e-mail
and delete this<br>
message. Thank<br>
you.**************************<wbr>******************************<wbr>***********___________________<wbr>____________________________<br>
gnso-rds-pdp-wg mailing list <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
</span>
<mailto:<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.<wbr>org</a>><span><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
<br>
<br>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</span></blockquote>
<br>
<br>
<br>
<span>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
<br>
</span></blockquote>
<br>
<br>
<br>
-- <br>
"Catch the Magic of Linux..."<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
Michael Peddemors, President/CEO LinuxMagic Inc.<br>
Visit us at <a href="http://www.linuxmagic.com" rel="noreferrer" target="_blank">http://www.linuxmagic.com</a>
@linuxmagic<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
A Wizard IT Company - For More Info <a href="http://www.wizard.ca" rel="noreferrer" target="_blank">http://www.wizard.ca</a><br>
"LinuxMagic" a Registered TradeMark of Wizard Tower
TechnoServices Ltd.<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
<a href="tel:604-682-0300" value="+16046820300" target="_blank">604-682-0300</a> Beautiful
British Columbia, Canada<br>
<br>
This email and any electronic data contained are
confidential and intended<br>
solely for the use of the individual or entity to which they
are addressed.<br>
Please note that any views or opinions presented in this
email are solely<br>
those of the author and are not intended to represent those
of the company.
<div class="m_-3822653643895831728m_-8357489614026739257HOEnZb">
<div class="m_-3822653643895831728m_-8357489614026739257h5"><br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_-3822653643895831728m_-8357489614026739257gmail_signature" data-smartmail="gmail_signature">______________________________<wbr>___<br>
Note to self: Pillage BEFORE burning.</div>
</div>
<br>
<fieldset class="m_-3822653643895831728m_-8357489614026739257mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_-3822653643895831728m_-8357489614026739257moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_-3822653643895831728m_-8357489614026739257moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_-3822653643895831728gmail_signature" data-smartmail="gmail_signature">______________________________<wbr>___<br>Note to self: Pillage BEFORE burning.</div>
</div>
</div></div><br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>