<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I am off target?<br>
</p>
I think I am very on target since the very start of this WG trying
to bridge data protection and fighting abuse. <br>
<br>
Theo <br>
<div class="moz-cite-prefix">On 13-2-2018 21:56, Chen, Tim wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+dThxcJApo0kmFgshhw5jMNYAe3AW8f4NNFVkOgeWRFLTotXg@mail.gmail.com">
<div dir="ltr">Theo - this comment is off target on many levels
and takes us well outside of Whois. The #1 abuse-driving
issue is cheap domains, due to pricing schemes and business
models of registrars and registries. Bad actors target COM bc
it's popular and well-known. Lots of tools we need to fight
abuse, Whois is but one. But a powerful one.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 13, 2018 at 9:56 AM, Theo
Geurts <span dir="ltr"><<a href="mailto:gtheo@xs4all.nl"
target="_blank" moz-do-not-send="true">gtheo@xs4all.nl</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>John, <br>
</p>
<p>I think some of us are still mystified that there are
no "huge" issues in 147 million ccTLDs while there seems
to be "huge" issues with 181 million gTLDs ,25% of them
using privacy proxy services. <br>
</p>
<p>Personally I am more mystified why we keep on relying
on WHOIS to combat such issues while the abuse rate goes
up in the gTLD space each year. Perhaps time to come up
with something better? It looks like we rather patch up
the boat sinking deeper down each year, as opposed to
create a new sea worthy vessel. <br>
</p>
<p>Theo <br>
</p>
<p><br>
</p>
<br>
<div class="m_1474105995103284821moz-cite-prefix">On
13-2-2018 18:43, John Horton via gnso-rds-pdp-wg wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:#444444">I
am mystified as to why some people in this group
don't recognize that while (that's US for "whilst,"
for my European friends!) legitimate business may do
that -- and indeed, may be required to in Ireland
and Japan and a few other countries, a) there is no
requirement in other locations to do so, and b) the
bad actors either don't publish it or put falsified
information on their website...but the Whois record,
whether accurate or falsified (and sometimes even
with privacy protection) is helpful in anti-money
laundering, consumer protection, certification, anti
abuse and trust and safety. Let's all acknowledge
that we live in a world where there are many, many
legitimate e-commerce businesses but many illicit
ones as well! Our solutions have to accommodate for
all of the above. </div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="m_1474105995103284821gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr"><font
face="arial,
helvetica, sans-serif"
color="#073763">John
Horton<br>
President and CEO,
LegitScript</font>
<div><img
src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ"
moz-do-not-send="true" height="36" width="96"><br>
<div>
<p
style="margin:0.0px
0.0px 0.0px
0.0px;font:12.0px
Helvetica"><br>
</p>
<p
style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><b><font
color="#444444">Follow</font><font color="#0b5394"> </font><font
color="#000000">Legit</font><font
color="#0b5394">Script</font></b>: <a
href="http://www.linkedin.com/company/legitscript-com"
style="color:rgb(17,85,204)" target="_blank" moz-do-not-send="true"><font
color="#cc0000">LinkedIn</font></a> | <a
href="https://www.facebook.com/LegitScript"
style="color:rgb(17,85,204)" target="_blank" moz-do-not-send="true"><font
color="#6aa84f">Facebook</font></a> | <a
href="https://twitter.com/legitscript"
style="color:rgb(17,85,204)" target="_blank" moz-do-not-send="true"><font
color="#674ea7">Twitter</font></a> | <font color="#ff9900"><u><a
href="http://blog.legitscript.com/"
style="color:rgb(17,85,204)" target="_blank" moz-do-not-send="true">Blog</a></u></font> |<font
color="#ff9900"> <a
href="http://go.legitscript.com/Subscription-Management.html"
style="color:rgb(17,85,204)"
target="_blank" moz-do-not-send="true"><font color="#ff9900">Newsletter</font></a></font><br>
</p>
<p
style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><font
color="#ff9900"><br>
</font></p>
<p
style="text-align:left;margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><font
color="#ff9900"><img
src="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png"
moz-do-not-send="true" height="96" width="46"><img
src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ"
moz-do-not-send="true" height="96" width="47"><br>
</font></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Tue, Feb 13, 2018 at 9:33
AM, Volker Greimann <span dir="ltr"><<a
href="mailto:vgreimann@key-systems.net"
target="_blank" moz-do-not-send="true">vgreimann@key-systems.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>John, if businesses want to publish their
information, they should do it on their
website, as they are legally required to (at
least over here). No need for whois for that.
So that purpose is out the window already.</p>
<span class="m_1474105995103284821HOEnZb"><font
color="#888888">
<p>Volker<br>
</p>
</font></span>
<div>
<div class="m_1474105995103284821h5"> <br>
<div
class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">Am
13.02.2018 um 18:07 schrieb John Bambenek
via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite">
<p>No it doesn't because there are large
incentives for institution and
individuals to continue to publish
information. Businesses, for instance,
WANT to be contacted. If you want mail
delivered, certain best practices are
imposed.</p>
<p>If consent is not the solution, YOU are
deciding what the rest of the world can
and cannot do with their data. Who
exactly made ICANN the arbiter of what I
can do with my data? <br>
</p>
<br>
<div
class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">On
2/13/2018 11:04 AM, Volker Greimann
wrote:<br>
</div>
<blockquote type="cite">
<p>I am not sure you want that, because
that means completely dark whois. <br>
</p>
<p>I'd prefer an approach where we do
not need to rely on consent (but can
still offer it as an option). The hard
bit is finding the right principles of
who gets access to what and how even
when there is no consent. <br>
</p>
<p>Consent is not the solution.<br>
</p>
<br>
<div
class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">Am
13.02.2018 um 18:00 schrieb John
Bambenek via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite">
<p>Ok, so you agree with my in
principle and we're just haggling
over the details now. Flip a coin
for all I care, opt-in/opt-out and
move forward.</p>
<p>So let's do that. When can we
implement?<br>
</p>
<br>
<div
class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">On
2/13/2018 10:58 AM, Volker Greimann
wrote:<br>
</div>
<blockquote type="cite">
<p>You are still looking at the
wrong end of the horse. Privacy is
not the choice, it is the default.
Divulging data is the choice.<br>
</p>
<br>
<div
class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">Am
13.02.2018 um 17:57 schrieb John
Bambenek via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite">
<p>Exactly right. As far as I'm
concerned if we made privacy a
free choice, make the fields
optional for all I care, and
whatever they do make is
public... we have solved this
problem.</p>
<p>People who ACTUALLY protect
society against privacy threats
have the data to do their jobs,
consumers who want privacy have
a free option for it, and
registrars can be in compliance
with the law.<br>
</p>
<br>
<div
class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">On
2/13/2018 10:54 AM, DANIEL
NANGHAKA wrote:<br>
</div>
<blockquote type="cite">This is
just an example but there is a
lot of damage that can be caused
with data being exposed. In our
case we have phone numbers,
addresses, emails which is
required to verification.
<div><br>
</div>
<div>This takes us to issue of
consent.<br>
<br>
On Tuesday, February 13, 2018,
John Bambenek via
gnso-rds-pdp-wg <<a
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000"
bgcolor="#FFFFFF">
<p>Let's be honest here,
we're talking about
phone numbers and email
addresses. The threat
model is RADICALLY
different with the data
we are talking about.<br>
</p>
<br>
<div>On 2/13/2018 10:45
AM, Stephanie Perrin
wrote:<br>
</div>
<blockquote type="cite">
<p>Undeterred by the
fact that noone has
responded to my last
post, I offer the
following update to
the Equifax breach to
further illustrate my
point. As many
companies have found
out, you don't find
out what you've got
till it's gone.....a
further reason for
data minimization and
short retention
periods.<br>
</p>
<div>
<table cellspacing="0"
cellpadding="0"
height="107"
width="787"
border="0">
<tbody>
<tr>
<th
nowrap="nowrap"
valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th
nowrap="nowrap"
valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th
nowrap="nowrap"
valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th
nowrap="nowrap"
valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th
nowrap="nowrap"
valign="BASELINE" align="RIGHT">To: </th>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<font face="Times New
Roman"><font
size="3"><a
href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/"
target="_blank"
moz-do-not-send="true">http://www.theregister.co.uk/2<wbr>018/02/13/equifax_security_bre<wbr>ach_bad/</a><br>
<br>
<br>
<b>Equifax hack
worse than
previously
thought: Biz
kissed goodbye
to card expiry
dates, tax IDs
etc</b><br>
Pwned credit-score
biz quietly admits
more info lost<br>
By Iain Thomson in
San Francisco 13
Feb 2018 at 02:13<br>
<br>
Last year, Equifax
admitted <br>
<a
href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/"
target="_blank"
moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2017/09/07/143m_american_equif<wbr>ax_customers_exposed/</a><br>
hackers stole
sensitive personal
records on 145
million Americans
and hundreds of
thousands in the
UK <br>
<a
href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/"
target="_blank"
moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2017/10/10/equifax_uk_records_<wbr>update/</a><br>
and Canada.<br>
<br>
The outfit already
said cyber-crooks
"primarily" took
names, social
security numbers,
birth dates, home
addresses,
credit-score
dispute forms,
and, in some
instances, credit
card numbers and
driver license
numbers. Now the
credit-checking
giant reckons the
intruders snatched
even more
information from
its databases.<br>
<br>
According to
documents provided
by Equifax to the
US Senate Banking
Committee, <br>
and <u>revealed
this month by
Senator
Elizabeth Warren
(D-MA)</u>, <br>
<a
href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc"
target="_blank"
moz-do-not-send="true">https://apnews.com/2a51e3e5f9a<wbr>945978df4ad96246b8ecc</a><br>
the attackers also
grabbed taxpayer
identification
numbers, phone
numbers, email
addresses, and
credit card expiry
dates belonging to
some Equifax
customers.<br>
<br>
Like social
security numbers,
taxpayer ID
numbers are useful
for fraudsters
seeking to steal
people's
identities or
their tax rebates,
and the expiry
dates are
similarly useful
for online crooks
when linked with
credit card
numbers and other
personal
information.<br>
<br>
<br>
<b>Contradictory</b><br>
<br>
"As your company
continues to issue
incomplete,
confusing and
contradictory
statements and
hide information
from Congress and
the public, it is
clear that five
months after the
breach was
publicly
announced, Equifax
has yet to answer
this simple
question in full:
what was the
precise extent of
the breach?"
Warren fumed in a
missive late last
week.<br>
<a
href="https://www.warren.senate.gov/?p=press_release&id=2317"
target="_blank"
moz-do-not-send="true">https://www.warren.senate.gov/<wbr>?p=press_release&id=2317</a><br>
<br>
Equifax
spokeswoman
Meredith Griffanti
stressed to The
Register today
that the extra
information
snatched by
hackers, as
revealed by
Senator Warren,
belonged to "some"
Equifax customers.
In other words,
not everyone had
their phone
numbers, email
addresses, and so
on, slurped by
crooks just some.
How much is some?
Equifax isn't
saying, hence
Warren's (and
everyone else's)
growing
frustration.<br>
<br>
The senator is a
cosponsor of the <u>proposed
Data Breach
Prevention and
Compensation
Act, </u><br>
<a
href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/"
target="_blank"
moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2018/01/10/credit_reporting_ag<wbr>encies_fines/</a><br>
which, if passed,
would impose
computer security
regulations on
credit reporting
agencies, with
mandatory fines
that would have
led to Equifax
coughing up $1.5bn
for its IT
blunder.<br>
<br>
Some regulation or
punishment is
obviously needed.<br>
<br>
No senior Equifax
executives were
fired over the
attack instead the
CEO, CSO and CIO
were all allowed
to retire with
multi-million
dollar golden
parachutes. The US
government's
Consumer Financial
Protection Bureau
promised a full
investigation into
the Equifax
affair, and then
gave up. On
February 7, an
open letter [PDF]
<br>
<a
href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf"
target="_blank"
moz-do-not-send="true">https://www.schatz.senate.gov/<wbr>imo/media/doc/CFPB%20Equifax%2<wbr>0Letter%202-7-18.pdf</a><br>
from 32 senators
to the bureau
asked why the
probe was dropped,
and the gang has
yet to receive a
response. ®<br>
</font></font></div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre cols="72">--
--
John Bambenek</pre>
</div>
</blockquote>
</div>
<br>
<br>
-- <br>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div> <br>
Regards <br>
Nanghaka
Daniel K.<br>
<span
style="font-size:small">Executive
Director -
ILICIT Africa
/ Chair -
FOSSFA /
Community Lead
- ISOC Uganda
Chapter /
Geo4Africa
Lead /
Organising
Team -
FOSS4G2018</span><br>
Mobile <a
href="tel:+256%20772%20898298"
value="+256772898298" target="_blank" moz-do-not-send="true">+256 772
898298</a>
(Uganda)<br>
</div>
<div>Skype:
daniel.nanghaka<br>
</div>
<div><br>
</div>
<div>------------------------------<wbr>-----------
<i><span>"Working
for Africa" </span></i>------------------------------<wbr>-----------<br>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</blockquote>
<br>
<pre class="m_1474105995103284821m_7852888369965585211moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset
class="m_1474105995103284821m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<br>
<fieldset
class="m_1474105995103284821m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="m_1474105995103284821m_7852888369965585211moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset
class="m_1474105995103284821m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<br>
<fieldset
class="m_1474105995103284821m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="m_1474105995103284821m_7852888369965585211moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset
class="m_1474105995103284821m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a><br>
<a
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset
class="m_1474105995103284821mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a><br>
<a
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>