<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div>Paraphrasing a person I know.</div><div><br></div><div>The more data input the better as long as it is carefully considered.</div><div><br></div><div>I do NOT like the idea of relying on ICANN to receive input provided via their interacting with a third party. I would prefer to obtain the unfiltered data.</div><div><br></div><div>Paul</div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Chuck <<a href="mailto:consult@cgomes.com">consult@cgomes.com</a>> on behalf of Chuck <<a href="mailto:consult@cgomes.com">consult@cgomes.com</a>><br><span style="font-weight:bold">Date: </span> Thursday, February 15, 2018 at 3:56 PM<br><span style="font-weight:bold">To: </span> Paul Keating <<a href="mailto:paul@law.es">paul@law.es</a>>, 'Volker Greimann' <<a href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>>, <<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>><br><span style="font-weight:bold">Subject: </span> RE: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is backwards<br></div><div><br></div><blockquote id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style="BORDER-LEFT: #b5c4df 5 solid; PADDING:0 0 0 5; MARGIN:0 0 0 5;"><div xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"><meta name="Generator" content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--><div lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal"><span style="color:windowtext">Apparently, ICANN org has been interacting with DPAs regarding a possible interim solution, so maybe we will get some helpful input from those efforts. Note Stephanie’s suggestion that we could submit questions to the DP experts that participated in our public meeting last year.<o:p></o:p></span></p><p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p><p class="MsoNormal"><span style="color:windowtext">Chuck<o:p></o:p></span></p><p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p><div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span style="color:windowtext"> Paul Keating [<a href="mailto:Paul@law.es">mailto:Paul@law.es</a>] <br><b>Sent:</b> Thursday, February 15, 2018 6:10 AM<br><b>To:</b> Chuck <<a href="mailto:consult@cgomes.com">consult@cgomes.com</a>>; 'Volker Greimann' <<a href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>>; <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br><b>Subject:</b> Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is backwards<o:p></o:p></span></p></div></div><p class="MsoNormal"><o:p> </o:p></p><div><p class="MsoNormal"><span style="font-size:10.5pt">Chuck,<o:p></o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:10.5pt"><o:p> </o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:10.5pt">That said I really do like the idea of having interaction and participation by the DPAs and even someone from Article 29 or other GDPR official groups. Otherwise we continue to work in a vacuum.<o:p></o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:10.5pt"><o:p> </o:p></span></p></div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b>From: </b>gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a>> on behalf of Chuck <<a href="mailto:consult@cgomes.com">consult@cgomes.com</a>><br><b>Date: </b>Thursday, February 15, 2018 at 2:57 PM<br><b>To: </b>'Volker Greimann' <<a href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>>, <<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>><br><b>Subject: </b>Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is backwards<o:p></o:p></p></div><div><p class="MsoNormal"><span style="font-size:10.5pt"><o:p> </o:p></span></p></div><blockquote style="border:none;border-left:solid #B5C4DF 4.5pt;padding:0in 0in 0in 4.0pt;margin-left:3.75pt;margin-right:0in" id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE"><div><div><p class="MsoNormal"><span style="color:windowtext">I’d like to think that the ICANN community effort going on outside this WG will take note of the cybersecurity concerns that Allison raises as they try to finalize an interim solution to deal with the GDPR in the near term. Note this quote from Goren’s latest blog that ICANN org is trying to find a balanced approach: “</span><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:#333333;background:white">This single, common interim model that is informed by input from across the </span>ICANN<span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:#333333;background:white"> community would seek to obtain compliance with both the GDPR and </span>ICANN<span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:#333333;background:white">'s contractual requirements related to registration directory services.</span><span style="color:windowtext">” Here’s the blog: <a href="https://www.icann.org/news/blog/data-protection-privacy-update-latest-developments">https://www.icann.org/news/blog/data-protection-privacy-update-latest-developments</a> </span><o:p></o:p></p><p class="MsoNormal"><span style="color:windowtext"> </span><o:p></o:p></p><p class="MsoNormal"><span style="color:windowtext">Chuck</span><o:p></o:p></p><p class="MsoNormal"><span style="color:windowtext"> </span><o:p></o:p></p><div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span style="color:windowtext"> gnso-rds-pdp-wg [<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>] <b>On Behalf Of </b>Volker Greimann<br><b>Sent:</b> Thursday, February 15, 2018 1:02 AM<br><b>To:</b> <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br><b>Subject:</b> Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is backwards</span><o:p></o:p></p></div></div><p class="MsoNormal"> <o:p></o:p></p><p><span style="font-size:10.5pt;color:black">DPAs are law enforcement and will enforce the law of the land. They do not have the option to pick and choose after May 25.<o:p></o:p></span></p><p><span style="font-size:10.5pt;color:black">Maybe it is time for you and your colleagues to start looking at other sources of information to ensure you can continue operation efficiently once your currently chosen method becomes illegal. Remember, you are a data processor too and what you do with that data could very well paint a target on your backs that DPS may have to deal with.<o:p></o:p></span></p><p><span style="font-size:10.5pt;color:black">Best,<o:p></o:p></span></p><p><span style="font-size:10.5pt;color:black">Volker<o:p></o:p></span></p><p><span style="font-size:10.5pt;color:black"> <o:p></o:p></span></p><p class="MsoNormal"> <o:p></o:p></p><div><p class="MsoNormal">Am 15.02.2018 um 02:36 schrieb allison nixon:<o:p></o:p></p></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p class="MsoNormal">Hi everyone, <o:p></o:p></p><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal">I have already begun to hear unrest from my colleagues who work in infosec and network operations about the degradation of WHOIS, as registrars have already begun to act on their own, stripping everything and blocking bulk queriers on domains frequently used for attacks. Every day of additional uncertainty equals an additional day of victimization. <o:p></o:p></p><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal">Why has no one approached the DPAs with the evidence of security purposes for WHOIS? How much network degradation will we tolerate before someone bothers to give them a little hint? How many more judgments from the DPAs are we going to read that display clear ignorance of all legitimate cybersecurity purposes? Did no one see this coming?<o:p></o:p></p></div><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal">Since we are talking about cost benefit analysis, here is a quick one I just did that I would like to share with the group. I did a quick look for the value of the domain registration industry as a whole. Seems to be ~$4 billion. The losses incurred by the WanaCry malware are estimated to be at ~$8 billion. A single security incident destroying value equal to double your entire industry. <o:p></o:p></p></div><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal">In May 2017, the FBI stated that over three years the "business email compromise" scams have topped ~$5 billion in losses, which would be slightly more than one domain-industry unit of value, and WHOIS is crucial to fighting it.<o:p></o:p></p></div><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal">source: <a href="https://www.reuters.com/article/us-cyber-lloyds-report/global-cyber-attack-could-spur-53-billion-in-losses-lloyds-of-london-idUSKBN1A20AB">https://www.reuters.com/article/us-cyber-lloyds-report/global-cyber-attack-could-spur-53-billion-in-losses-lloyds-of-london-idUSKBN1A20AB</a><o:p></o:p></p></div><div><p class="MsoNormal">source: <a href="https://cira.ca/factbook/domain-industry-data-and-canadian-Internet-trends/domain-name-industry">https://cira.ca/factbook/domain-industry-data-and-canadian-Internet-trends/domain-name-industry</a><o:p></o:p></p></div><div><p class="MsoNormal">source: <a href="https://www.csoonline.com/article/3195010/security/bec-attacks-have-hit-thousands-top-5-billion-in-losses-globally.html">https://www.csoonline.com/article/3195010/security/bec-attacks-have-hit-thousands-top-5-billion-in-losses-globally.html</a><o:p></o:p></p></div><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal">Remember, the whole point of GDPR is to force companies to act with more social responsibility. <o:p></o:p></p></div></div></div><div><p class="MsoNormal"> <o:p></o:p></p><div><p class="MsoNormal">On Wed, Feb 14, 2018 at 6:08 PM, Rubens Kuhl <<a href="mailto:rubensk@nic.br" target="_blank">rubensk@nic.br</a>> wrote:<o:p></o:p></p><blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt"><div><p class="MsoNormal"> <o:p></o:p></p><div><p class="MsoNormal"><br><br><br><o:p></o:p></p><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p class="MsoNormal">On 14 Feb 2018, at 20:49, John Horton <<a href="mailto:john.horton@legitscript.com" target="_blank">john.horton@legitscript.com</a>> wrote:<o:p></o:p></p></div><p class="MsoNormal"> <o:p></o:p></p><div><div><div><p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444">Hmm, well, perhaps it's because I work for a company that processes quite a bit of data with a combination of algorithms and some human review, but I feel pretty confident that there are ways to simplify that with magic algorithms and forms. </span><o:p></o:p></p></div></div></div></blockquote></div><p class="MsoNormal"> <o:p></o:p></p><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal">Magic algorithms are fine in pattern detection because there is always a human review at some point or the cost of error is low, like in raising an abuse case that contains wording like supposedly", "allegedly" etc. In this case, every false negative comes with a tremendous liability. <o:p></o:p></p></div><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal">Also, if machine-learning technology and deep pockets for lawsuits become a requirement for being a registrar, you can count on the number of registrars dropping to single digits. <o:p></o:p></p></div><div><p class="MsoNormal"><span style="color:#888888"> </span><o:p></o:p></p></div><div><p class="MsoNormal"><span style="color:#888888"> </span><o:p></o:p></p></div><div><p class="MsoNormal"><span style="color:#888888"> </span><o:p></o:p></p></div><div><p class="MsoNormal"><span style="color:#888888">Rubens</span><o:p></o:p></p></div><div><p class="MsoNormal"><span style="color:#888888"> </span><o:p></o:p></p></div><div><p class="MsoNormal"><span style="color:#888888"> </span><o:p></o:p></p></div></div><p class="MsoNormal"><br>_______________________________________________<br>gnso-rds-pdp-wg mailing list<br><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></p></blockquote></div><p class="MsoNormal"><br><br clear="all"><o:p></o:p></p><div><p class="MsoNormal"> <o:p></o:p></p></div><p class="MsoNormal">-- <o:p></o:p></p><div><p class="MsoNormal">_________________________________<br>Note to self: Pillage BEFORE burning.<o:p></o:p></p></div></div><p class="MsoNormal"><br><br><br><br><o:p></o:p></p><pre>_______________________________________________<o:p></o:p></pre><pre>gnso-rds-pdp-wg mailing list<o:p></o:p></pre><pre><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><o:p></o:p></pre><pre><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></pre></blockquote><p class="MsoNormal"> <o:p></o:p></p></div></div><p class="MsoNormal"><span style="font-size:10.5pt">_______________________________________________ gnso-rds-pdp-wg mailing list <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></span></p></blockquote></div></div></div></blockquote></span></body></html>