<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#444444">I am mystified as to why some people in this group don't recognize that while (that's US for "whilst," for my European friends!) legitimate business may do that -- and indeed, may be required to in Ireland and Japan and a few other countries, a) there is no requirement in other locations to do so, and b) the bad actors either don't publish it or put falsified information on their website...but the Whois record, whether accurate or falsified (and sometimes even with privacy protection) is helpful in anti-money laundering, consumer protection, certification, anti abuse and trust and safety. Let's all acknowledge that we live in a world where there are many, many legitimate e-commerce businesses but many illicit ones as well! Our solutions have to accommodate for all of the above. </div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><font color="#073763" face="arial, helvetica, sans-serif">John Horton<br>President and CEO, LegitScript</font><div><img src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" width="96" height="36"><br><div><p style="margin:0.0px 0.0px 0.0px 0.0px;font:12.0px Helvetica"><br></p><p style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><b><font color="#444444">Follow</font><font color="#0b5394"> </font><font color="#000000">Legit</font><font color="#0b5394">Script</font></b>: <a href="http://www.linkedin.com/company/legitscript-com" style="color:rgb(17,85,204)" target="_blank"><font color="#cc0000">LinkedIn</font></a> | <a href="https://www.facebook.com/LegitScript" style="color:rgb(17,85,204)" target="_blank"><font color="#6aa84f">Facebook</font></a> | <a href="https://twitter.com/legitscript" style="color:rgb(17,85,204)" target="_blank"><font color="#674ea7">Twitter</font></a> | <font color="#ff9900"><u><a href="http://blog.legitscript.com/" style="color:rgb(17,85,204)" target="_blank">Blog</a></u></font> |<font color="#ff9900"> <a href="http://go.legitscript.com/Subscription-Management.html" style="color:rgb(17,85,204)" target="_blank"><font color="#ff9900">Newsletter</font></a></font><br></p><p style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><font color="#ff9900"><br></font></p><p style="text-align:left;margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><font color="#ff9900"><img src="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" width="46" height="96"><img src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" width="47" height="96"><br></font></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Feb 13, 2018 at 9:33 AM, Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>John, if businesses want to publish their information, they
should do it on their website, as they are legally required to (at
least over here). No need for whois for that. So that purpose is
out the window already.</p><span class="HOEnZb"><font color="#888888">
<p>Volker<br>
</p></font></span><div><div class="h5">
<br>
<div class="m_7852888369965585211moz-cite-prefix">Am 13.02.2018 um 18:07 schrieb John
Bambenek via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite">
<p>No it doesn't because there are large incentives for
institution and individuals to continue to publish information.
Businesses, for instance, WANT to be contacted. If you want mail
delivered, certain best practices are imposed.</p>
<p>If consent is not the solution, YOU are deciding what the rest
of the world can and cannot do with their data. Who exactly made
ICANN the arbiter of what I can do with my data? <br>
</p>
<br>
<div class="m_7852888369965585211moz-cite-prefix">On 2/13/2018 11:04 AM, Volker
Greimann wrote:<br>
</div>
<blockquote type="cite">
<p>I am not sure you want that, because that means completely
dark whois. <br>
</p>
<p>I'd prefer an approach where we do not need to rely on
consent (but can still offer it as an option). The hard bit is
finding the right principles of who gets access to what and
how even when there is no consent. <br>
</p>
<p>Consent is not the solution.<br>
</p>
<br>
<div class="m_7852888369965585211moz-cite-prefix">Am 13.02.2018 um 18:00 schrieb John
Bambenek via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite">
<p>Ok, so you agree with my in principle and we're just
haggling over the details now. Flip a coin for all I care,
opt-in/opt-out and move forward.</p>
<p>So let's do that. When can we implement?<br>
</p>
<br>
<div class="m_7852888369965585211moz-cite-prefix">On 2/13/2018 10:58 AM, Volker
Greimann wrote:<br>
</div>
<blockquote type="cite">
<p>You are still looking at the wrong end of the horse.
Privacy is not the choice, it is the default. Divulging
data is the choice.<br>
</p>
<br>
<div class="m_7852888369965585211moz-cite-prefix">Am 13.02.2018 um 17:57 schrieb
John Bambenek via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite">
<p>Exactly right. As far as I'm concerned if we made
privacy a free choice, make the fields optional for all
I care, and whatever they do make is public... we have
solved this problem.</p>
<p>People who ACTUALLY protect society against privacy
threats have the data to do their jobs, consumers who
want privacy have a free option for it, and registrars
can be in compliance with the law.<br>
</p>
<br>
<div class="m_7852888369965585211moz-cite-prefix">On 2/13/2018 10:54 AM, DANIEL
NANGHAKA wrote:<br>
</div>
<blockquote type="cite">This
is just an example but there is a lot of damage that can
be caused with data being exposed. In our case we have
phone numbers, addresses, emails which is required to
verification.
<div><br>
</div>
<div>This takes us to issue of consent.<br>
<br>
On Tuesday, February 13, 2018, John Bambenek via
gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Let's be honest here, we're talking about phone
numbers and email addresses. The threat model is
RADICALLY different with the data we are talking
about.<br>
</p>
<br>
<div>On 2/13/2018 10:45 AM, Stephanie Perrin
wrote:<br>
</div>
<blockquote type="cite">
<p>Undeterred by the fact that noone has
responded to my last post, I offer the
following update to the Equifax breach to
further illustrate my point. As many
companies have found out, you don't find out
what you've got till it's gone.....a further
reason for data minimization and short
retention periods.<br>
</p>
<div>
<table cellspacing="0" cellpadding="0" height="107" width="787" border="0">
<tbody>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT">To: </th>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<font face="Times New Roman"><font size="3"><a href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/" target="_blank">http://www.theregister.co.uk/2<wbr>018/02/13/equifax_security_bre<wbr>ach_bad/</a><br>
<br>
<br>
<b>Equifax hack worse than previously
thought: Biz kissed goodbye to card
expiry dates, tax IDs etc</b><br>
Pwned credit-score biz quietly admits more
info lost<br>
By Iain Thomson in San Francisco 13 Feb
2018 at 02:13<br>
<br>
Last year, Equifax admitted <br>
<a href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/" target="_blank">https://www.theregister.co.uk/<wbr>2017/09/07/143m_american_equif<wbr>ax_customers_exposed/</a><br>
hackers stole sensitive personal records
on 145 million Americans and hundreds of
thousands in the UK <br>
<a href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/" target="_blank">https://www.theregister.co.uk/<wbr>2017/10/10/equifax_uk_records_<wbr>update/</a><br>
and Canada.<br>
<br>
The outfit already said cyber-crooks
"primarily" took names, social security
numbers, birth dates, home addresses,
credit-score dispute forms, and, in some
instances, credit card numbers and driver
license numbers. Now the credit-checking
giant reckons the intruders snatched even
more information from its databases.<br>
<br>
According to documents provided by Equifax
to the US Senate Banking Committee, <br>
and <u>revealed this month by Senator
Elizabeth Warren (D-MA)</u>, <br>
<a href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc" target="_blank">https://apnews.com/2a51e3e5f9a<wbr>945978df4ad96246b8ecc</a><br>
the attackers also grabbed taxpayer
identification numbers, phone numbers,
email addresses, and credit card expiry
dates belonging to some Equifax customers.<br>
<br>
Like social security numbers, taxpayer ID
numbers are useful for fraudsters seeking
to steal people's identities or their tax
rebates, and the expiry dates are
similarly useful for online crooks when
linked with credit card numbers and other
personal information.<br>
<br>
<br>
<b>Contradictory</b><br>
<br>
"As your company continues to issue
incomplete, confusing and contradictory
statements and hide information from
Congress and the public, it is clear that
five months after the breach was publicly
announced, Equifax has yet to answer this
simple question in full: what was the
precise extent of the breach?" Warren
fumed in a missive late last week.<br>
<a href="https://www.warren.senate.gov/?p=press_release&id=2317" target="_blank">https://www.warren.senate.gov/<wbr>?p=press_release&id=2317</a><br>
<br>
Equifax spokeswoman Meredith Griffanti
stressed to The Register today that the
extra information snatched by hackers, as
revealed by Senator Warren, belonged to
"some" Equifax customers. In other words,
not everyone had their phone numbers,
email addresses, and so on, slurped by
crooks just some. How much is some?
Equifax isn't saying, hence Warren's (and
everyone else's) growing frustration.<br>
<br>
The senator is a cosponsor of the <u>proposed
Data Breach Prevention and Compensation
Act, </u><br>
<a href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/" target="_blank">https://www.theregister.co.uk/<wbr>2018/01/10/credit_reporting_ag<wbr>encies_fines/</a><br>
which, if passed, would impose computer
security regulations on credit reporting
agencies, with mandatory fines that would
have led to Equifax coughing up $1.5bn for
its IT blunder.<br>
<br>
Some regulation or punishment is obviously
needed.<br>
<br>
No senior Equifax executives were fired
over the attack instead the CEO, CSO and
CIO were all allowed to retire with
multi-million dollar golden parachutes.
The US government's Consumer Financial
Protection Bureau promised a full
investigation into the Equifax affair, and
then gave up. On February 7, an open
letter [PDF] <br>
<a href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf" target="_blank">https://www.schatz.senate.gov/<wbr>imo/media/doc/CFPB%20Equifax%2<wbr>0Letter%202-7-18.pdf</a><br>
from 32 senators to the bureau asked why
the probe was dropped, and the gang has
yet to receive a response. ®<br>
</font></font></div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre cols="72">--
--
John Bambenek</pre>
</div>
</blockquote>
</div>
<br>
<br>
-- <br>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div> <br>
Regards <br>
Nanghaka Daniel K.<br>
<span style="font-size:small">Executive
Director - ILICIT Africa /
Chair - FOSSFA / Community
Lead - ISOC Uganda Chapter /
Geo4Africa Lead / Organising
Team - FOSS4G2018</span><br>
Mobile <a href="tel:+256%20772%20898298" value="+256772898298" target="_blank">+256 772 898298</a> (Uganda)<br>
</div>
<div>Skype: daniel.nanghaka<br>
</div>
<div><br>
</div>
<div>------------------------------<wbr>-----------
<i><span>"Working for Africa" </span></i>------------------------------<wbr>-----------<br>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</blockquote>
<br>
<pre class="m_7852888369965585211moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset class="m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<br>
<fieldset class="m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="m_7852888369965585211moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset class="m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<br>
<fieldset class="m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="m_7852888369965585211moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset class="m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div></div></div>
<br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>