<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Which is why I have stated repeatedly, vigorsly, and consistently
whois privacy SHOULD be FREE. Let the CONSUMER make that choice,
not a bunch of mostly American and European guys telling the world
how they need to do business. I don't care if MY number is out
there. So the question is, why create a system that prevents me
from sharing MY OWN information as I see fit?<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 11:01 AM, Chris Pelling
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:774783650.616.1518541278491.JavaMail.zimbra@netearth.net">
<div style="font-family: Arial; font-size: 12pt; color: #000000">
<div>So was mine in the UK, and ICANN keeping or requiring ANY
retention of data for long periods of time IMHO is
dangerous. </div>
<div>Equifax dropped the ball here, and a lot (you and I both
plus god know really how many others) have had their personal
data stolen.</div>
<div>I dont want my telephone number to be out in the wild, nor
any of my other details quite frankly.</div>
<div><br>
</div>
<div data-marker="__SIG_PRE__">Kind regards,<br>
<br>
Chris</div>
<br>
<hr id="zwchr" data-marker="__DIVIDER__">
<div data-marker="__HEADERS__"><b>From: </b>"John Bambenek"
<a class="moz-txt-link-rfc2396E" href="mailto:jcb@bambenekconsulting.com"><jcb@bambenekconsulting.com></a><br>
<b>To: </b>"Chris Pelling" <a class="moz-txt-link-rfc2396E" href="mailto:chris@netearth.net"><chris@netearth.net></a>,
"gnso-rds-pdp-wg" <a class="moz-txt-link-rfc2396E" href="mailto:gnso-rds-pdp-wg@icann.org"><gnso-rds-pdp-wg@icann.org></a><br>
<b>Sent: </b>Tuesday, 13 February, 2018 16:54:29<br>
<b>Subject: </b>Re: [gnso-rds-pdp-wg] Fwd: Equifax hack worse
than previously thought: Biz kissed goodbye to card expiry
dates, tax IDs etc<br>
</div>
<br>
<div data-marker="__QUOTED_TEXT__">
<p>My personal data WAS stolen in the Equifax breach. People
can do real fraud with that. My point is that having my
address, phone number and email his radically different
risks than financial information. That is the only point I
was making.<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 10:52 AM, Chris
Pelling wrote:<br>
</div>
<blockquote
cite="mid:1415844100.525.1518540749465.JavaMail.zimbra@netearth.net">
<div style="font-family: Arial; font-size: 12pt; color:
#000000;" data-mce-style="font-family: Arial; font-size:
12pt; color: #000000;">
<div>Please don't diss valid points John - I am sure if
your personal information was stolen in this attack and
they had your SSN/TIN, credit card number and expiry
date, you would be singing a different tune.</div>
<div><br>
</div>
<div>Kind regards,<br>
<br>
Chris</div>
<br>
<hr id="zwchr">
<div><b>From: </b>"gnso-rds-pdp-wg" <a
class="moz-txt-link-rfc2396E"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank" moz-do-not-send="true"><gnso-rds-pdp-wg@icann.org></a><br>
<b>To: </b>"gnso-rds-pdp-wg" <a
class="moz-txt-link-rfc2396E"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank" moz-do-not-send="true"><gnso-rds-pdp-wg@icann.org></a><br>
<b>Sent: </b>Tuesday, 13 February, 2018 16:48:27<br>
<b>Subject: </b>Re: [gnso-rds-pdp-wg] Fwd: Equifax hack
worse than previously thought: Biz kissed goodbye to
card expiry dates, tax IDs etc<br>
</div>
<br>
<div>
<p>Let's be honest here, we're talking about phone
numbers and email addresses. The threat model is
RADICALLY different with the data we are talking
about.<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 10:45 AM,
Stephanie Perrin wrote:<br>
</div>
<blockquote
cite="mid:719df73e-bbbd-f0d5-db38-1b8648f75811@mail.utoronto.ca">
<p>Undeterred by the fact that noone has responded to
my last post, I offer the following update to the
Equifax breach to further illustrate my point. As
many companies have found out, you don't find out
what you've got till it's gone.....a further reason
for data minimization and short retention periods.<br>
</p>
<div class="moz-forward-container">
<table class="moz-email-headers-table"
cellspacing="0" cellpadding="0" width="787"
border="0">
<tbody>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT">To: </th>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<span style="font-family: 'Times New Roman';"
data-mce-style="font-family: 'Times New Roman';"><span
style="font-size: medium;"
data-mce-style="font-size: medium;"><a
class="moz-txt-link-freetext"
href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/"
target="_blank" moz-do-not-send="true">http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/</a><br>
<br>
<br>
<b>Equifax hack worse than previously thought:
Biz kissed goodbye to card expiry dates, tax
IDs etc</b><br>
Pwned credit-score biz quietly admits more info
lost<br>
By Iain Thomson in San Francisco 13 Feb 2018 at
02:13<br>
<br>
Last year, Equifax admitted <br>
<a class="moz-txt-link-freetext"
href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/</a><br>
hackers stole sensitive personal records on 145
million Americans and hundreds of thousands in
the UK <br>
<a class="moz-txt-link-freetext"
href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/</a><br>
and Canada.<br>
<br>
The outfit already said cyber-crooks "primarily"
took names, social security numbers, birth
dates, home addresses, credit-score dispute
forms, and, in some instances, credit card
numbers and driver license numbers. Now the
credit-checking giant reckons the intruders
snatched even more information from its
databases.<br>
<br>
According to documents provided by Equifax to
the US Senate Banking Committee, <br>
and <span style="text-decoration: underline;"
data-mce-style="text-decoration: underline;">revealed
this month by Senator Elizabeth Warren (D-MA)</span>,
<br>
<a class="moz-txt-link-freetext"
href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc"
target="_blank" moz-do-not-send="true">https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc</a><br>
the attackers also grabbed taxpayer
identification numbers, phone numbers, email
addresses, and credit card expiry dates
belonging to some Equifax customers.<br>
<br>
Like social security numbers, taxpayer ID
numbers are useful for fraudsters seeking to
steal people's identities or their tax rebates,
and the expiry dates are similarly useful for
online crooks when linked with credit card
numbers and other personal information.<br>
<br>
<br>
<b>Contradictory</b><br>
<br>
"As your company continues to issue incomplete,
confusing and contradictory statements and hide
information from Congress and the public, it is
clear that five months after the breach was
publicly announced, Equifax has yet to answer
this simple question in full: what was the
precise extent of the breach?" Warren fumed in a
missive late last week.<br>
<a class="moz-txt-link-freetext"
href="https://www.warren.senate.gov/?p=press_release&id=2317"
target="_blank" moz-do-not-send="true">https://www.warren.senate.gov/?p=press_release&id=2317</a><br>
<br>
Equifax spokeswoman Meredith Griffanti stressed
to The Register today that the extra information
snatched by hackers, as revealed by Senator
Warren, belonged to "some" Equifax customers. In
other words, not everyone had their phone
numbers, email addresses, and so on, slurped by
crooks just some. How much is some? Equifax
isn't saying, hence Warren's (and everyone
else's) growing frustration.<br>
<br>
The senator is a cosponsor of the <span
style="text-decoration: underline;"
data-mce-style="text-decoration: underline;">proposed
Data Breach Prevention and Compensation Act, </span><br>
<a class="moz-txt-link-freetext"
href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/</a><br>
which, if passed, would impose computer security
regulations on credit reporting agencies, with
mandatory fines that would have led to Equifax
coughing up $1.5bn for its IT blunder.<br>
<br>
Some regulation or punishment is obviously
needed.<br>
<br>
No senior Equifax executives were fired over the
attack instead the CEO, CSO and CIO were all
allowed to retire with multi-million dollar
golden parachutes. The US government's Consumer
Financial Protection Bureau promised a full
investigation into the Equifax affair, and then
gave up. On February 7, an open letter [PDF] <br>
<a class="moz-txt-link-freetext"
href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf"
target="_blank" moz-do-not-send="true">https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf</a><br>
from 32 senators to the bureau asked why the
probe was dropped, and the gang has yet to
receive a response. ®<br>
</span></span></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature">--
--
John Bambenek</pre>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a class="moz-txt-link-abbreviated"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a><br>
<a class="moz-txt-link-freetext"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature">--
--
John Bambenek</pre>
<br>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
John Bambenek</pre>
</body>
</html>