<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>DPAs are law enforcement and will enforce the law of the land.
They do not have the option to pick and choose after May 25.</p>
<p>Maybe it is time for you and your colleagues to start looking at
other sources of information to ensure you can continue operation
efficiently once your currently chosen method becomes illegal.
Remember, you are a data processor too and what you do with that
data could very well paint a target on your backs that DPS may
have to deal with.</p>
<p>Best,</p>
<p>Volker<br>
</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">Am 15.02.2018 um 02:36 schrieb allison
nixon:<br>
</div>
<blockquote type="cite"
cite="mid:CACLR7wLexpWU9bYcO7myMtneZTEAHV539OuTg048-hxxODU9sA@mail.gmail.com">
<div dir="ltr">Hi everyone,
<div><br>
</div>
<div>I have already begun to hear unrest from my colleagues who
work in infosec and network operations about the degradation
of WHOIS, as registrars have already begun to act on their
own, stripping everything and blocking bulk queriers on
domains frequently used for attacks. Every day of additional
uncertainty equals an additional day of victimization.
<div><br>
</div>
<div>Why has no one approached the DPAs with the evidence of
security purposes for WHOIS? How much network degradation
will we tolerate before someone bothers to give them a
little hint? How many more judgments from the DPAs are we
going to read that display clear ignorance of all legitimate
cybersecurity purposes? Did no one see this coming?</div>
<div><br>
</div>
<div>Since we are talking about cost benefit analysis, here is
a quick one I just did that I would like to share with the
group. I did a quick look for the value of the domain
registration industry as a whole. Seems to be ~$4 billion.
The losses incurred by the WanaCry malware are estimated to
be at ~$8 billion. A single security incident destroying
value equal to double your entire industry. </div>
<div><br>
</div>
<div>In May 2017, the FBI stated that over three years the
"business email compromise" scams have topped ~$5 billion in
losses, which would be slightly more than one
domain-industry unit of value, and WHOIS is crucial to
fighting it.</div>
<div><br>
</div>
<div>source: <a
href="https://www.reuters.com/article/us-cyber-lloyds-report/global-cyber-attack-could-spur-53-billion-in-losses-lloyds-of-london-idUSKBN1A20AB"
moz-do-not-send="true">https://www.reuters.com/article/us-cyber-lloyds-report/global-cyber-attack-could-spur-53-billion-in-losses-lloyds-of-london-idUSKBN1A20AB</a></div>
<div>source: <a
href="https://cira.ca/factbook/domain-industry-data-and-canadian-Internet-trends/domain-name-industry"
moz-do-not-send="true">https://cira.ca/factbook/domain-industry-data-and-canadian-Internet-trends/domain-name-industry</a></div>
<div>source: <a
href="https://www.csoonline.com/article/3195010/security/bec-attacks-have-hit-thousands-top-5-billion-in-losses-globally.html"
moz-do-not-send="true">https://www.csoonline.com/article/3195010/security/bec-attacks-have-hit-thousands-top-5-billion-in-losses-globally.html</a></div>
<div><br>
</div>
<div>Remember, the whole point of GDPR is to force companies
to act with more social responsibility. <br>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Feb 14, 2018 at 6:08 PM, Rubens
Kuhl <span dir="ltr"><<a href="mailto:rubensk@nic.br"
target="_blank" moz-do-not-send="true">rubensk@nic.br</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div
style="word-wrap:break-word;line-break:after-white-space"><span
class=""><br>
<div><br>
<blockquote type="cite">
<div>On 14 Feb 2018, at 20:49, John Horton <<a
href="mailto:john.horton@legitscript.com"
target="_blank" moz-do-not-send="true">john.horton@legitscript.com</a>>
wrote:</div>
<br
class="m_-8827381183644565574Apple-interchange-newline">
<div>
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:#444444">Hmm,
well, perhaps it's because I work for a
company that processes quite a bit of data
with a combination of algorithms and some
human review, but I feel pretty confident that
there are ways to simplify that with magic
algorithms and forms. </div>
</div>
</div>
</blockquote>
</div>
<br>
<div><br>
</div>
</span>
<div>Magic algorithms are fine in pattern detection
because there is always a human review at some point or
the cost of error is low, like in raising an abuse case
that contains wording like supposedly", "allegedly" etc.
In this case, every false negative comes with a
tremendous liability. </div>
<div><br>
</div>
<div>Also, if machine-learning technology and deep pockets
for lawsuits become a requirement for being a registrar,
you can count on the number of registrars dropping to
single digits. </div>
<span class="HOEnZb"><font color="#888888">
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Rubens</div>
<div><br>
</div>
<div><br>
</div>
</font></span></div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a><br>
<a
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>
Note to self: Pillage BEFORE burning.</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</body>
</html>