[RDS-WHOIS2-RT] Comments about the Subgroup Report of Privacy/Proxy Services

Tue Jun 5 15:05:32 UTC 2018

Hi Volker,

I really don’t want to have such communication in the future.

2) from my perspective, it is also an assumption.

3) I’d suggest you to comment on something you have knowledge or really work on. How do you know the modus operandi behind the scene? And what’s your rational for such guess? As long as there is a loophole, the criminals will grasp it and exploit it. No state would be the lucky one. Bulletproof hosting service is not new anymore, I’m here talking P/P service could be abused as such service.

Lili

From: Volker Greimann [mailto:vgreimann at key-systems.net]
Sent: Tuesday, 5 June, 2018 10:41 PM
To: SUN Lili <L.SUN at interpol.int>
Cc: rds-whois2-rt at icann.org
Subject: Re: [RDS-WHOIS2-RT] Comments about the Subgroup Report of Privacy/Proxy Services

Hi Lili,

1) I have no issue with noting that while the contactibility levels of privacy protected data (or of data redacted due to GDPR, for that matter) is difficult to measure, the obligation of privacy service providers to validate certain data fields and to verify one other field in the same manner as required by registrars adequately ensures sufficient contactibility is maintained, provided there obligations are adhered to, which we should expect.

2) The legacy should be of little concern. This has been debated at length in the RAA 2013 negotiations and in other fora, but the gist of the matter is that abuse is more of an issue with newer domains, most of which are now registered under the 2013 RAA, whereas the domain names registered before that time have a significantly reduced risk of being registered for abusive purposes. And even if there is an issue, the registrant can now also be contacted by the registrar abuse contact which was also introduced through the 2013 RAA as an additional means to enable third parties to contact the registrant by means of the registrar. So even if it takes until the sun dies to digest the legacy, this should be a mnor issue.

3) This is an issue with extraterritoriality and the application and enforcement of national laws across borders. Good luck to Chinese authorities in enforcing their laws against foreign nationals that are not breaking their local laws and who will likely never come to China. I thought that is what your great cyberwall was for? ICANN has no role to play in this issue.

Best,

Volker

Am 05.06.2018 um 16:27 schrieb SUN Lili:
Hi Volker,

Thank you for your response.

For 1), if it is very hard to measure, then we should point it out, for the common sense is that the reliable information is there, just being protected from public access. LEAs are required court order issued by competent authority to have access to the information according to current PPSAI framework.

For 2), my concern is how many years will it take to digest the legacy.

For 3), my case study is only one example among many. Based on the business model, the content hosted could be anything, phishing, malware distributing, etc. Even the content is relating to porn or gambling, it is defined as illegal according to Chinese legislation. It’s Chinese authorities responsibility to take them down if there are victims of China.

Regards,
Lili

From: RDS-WHOIS2-RT [mailto:rds-whois2-rt-bounces at icann.org] On Behalf Of Volker Greimann
Sent: Tuesday, 5 June, 2018 7:31 PM
To: rds-whois2-rt at icann.org<mailto:rds-whois2-rt at icann.org>
Subject: Re: [RDS-WHOIS2-RT] Comments about the Subgroup Report of Privacy/Proxy Services

Hi Lili,

thank you for your comments.

1) The question of reliability levels of data behind a privacy shield is very hard to measure, as no mechanism exists to properly conduct a study without violating the terms of the service. Possibly, an indication of reliability levels could be obtained from UDRP providers as they regularly deal with cases where the privacy service removes itself on the occurrence of a complaint, and therefore might have data on the reliability of the revealed data, however even then this sample would be skewed as most domains using whois privacy services are unlikely to be targets in a UDRP.

2) We assume that will be the case as touching all those existing customers is a near impossible task.

3) I reviewed your document, but I disagree with the assumptions therein. There was no indication or evidence of illegal use that I could determine. Porn and gambling, while distasteful are not necessarily illegal. So someone used a privacy service and registered a bunch of domains to serve such content to China. So what? Also, the fact that the redirect changed after a short while may point to the domains being parked with the incoming traffic being sold to the highest bidder, who at the time may have been a provider of such services.

I can see no abuse of a privacy service here.

Volker

Am 03.06.2018 um 05:21 schrieb SUN Lili:
Dear Privacy & Proxy subgroup members,

I went through the draft report of this subgroup on wiki page (https://community.icann.org/pages/viewpage.action?pageId=71604717) and step in with my concerns:

1.      To the Data Accuracy subgroup, the Whois accuracy of domain names that utilize Privacy and Proxy Services is invisible. And Volker also mentioned that this will be dealt with in the Privacy & Proxy subgroup. As such, I strongly support Susan’s comments on “6 Conducting periodic due diligence checks on customer contact information” and “8 Providing clear and unambiguous guidance on the rights and responsibilities of registered name holders, and how those should be managed in the privacy/proxy environment.” There is no reason for a customer who chose P/P service thus been protected from responsibilities.

2.      There is no indication about the legacy domain names that utilize P/P Services before the provider been accredited. Will it be a similar situation as Grandfathered domains?

3.      Like the example I gave during the 2nd F2F meeting, if there is not enough regulation and overseeing in place, P/P service is very likely to be abused. To be clear, I elaborated the example in a word document (see attached). Do we really need this kind of fake prosperity of domain industry?

A response from this subgroup is much appreciated.

Thanks,
Lili

***************************************************************************************************
This message, and any attachment contained, are confidential and subject of legal privilege. It may be used solely for the designated police/justice purpose and by the individual or entity to whom it is addressed. The information is not to be disseminated to another agency or third party without the author’s consent, and must not be retained longer than is necessary for the fulfilment of the purpose for which the information is to be used. All practicable steps shall be taken by the recipients to ensure that information is protected against unauthorised access or processing. INTERPOL reserves the right to enquire about the use of the information provided.
If you are not the intended recipient, be advised that you have received this message in error. In such a case, you should not print it, copy it, make any use of it or disclose it, but please notify us immediately and delete the message from any computer.
*************************************************************************************************

_______________________________________________

RDS-WHOIS2-RT mailing list

RDS-WHOIS2-RT at icann.org<mailto:RDS-WHOIS2-RT at icann.org>

https://mm.icann.org/mailman/listinfo/rds-whois2-rt

--

Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann

- Rechtsabteilung -

Key-Systems GmbH

Im Oberen Werk 1

66386 St. Ingbert

Tel.: +49 (0) 6894 - 9396 901

Fax.: +49 (0) 6894 - 9396 851

Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>

Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>

www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:

www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>

www.twitter.com/key_systems<http://www.twitter.com/key_systems>

Geschäftsführer: Alexander Siffrin

Handelsregister Nr.: HR B 18835 - Saarbruecken

Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP

www.keydrive.lu<http://www.keydrive.lu>

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann

- legal department -

Key-Systems GmbH

Im Oberen Werk 1

66386 St. Ingbert

Tel.: +49 (0) 6894 - 9396 901

Fax.: +49 (0) 6894 - 9396 851

Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>

Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>

www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>

Follow us on Twitter or join our fan community on Facebook and stay updated:

www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>

www.twitter.com/key_systems<http://www.twitter.com/key_systems>

CEO: Alexander Siffrin

Registration No.: HR B 18835 - Saarbruecken

V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP

www.keydrive.lu<http://www.keydrive.lu>

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

--