[registration-issues-wg] [CPWG] Urgent EPDP question

Seun Ojedeji seun.ojedeji at gmail.com
Mon Oct 15 10:32:28 UTC 2018


On Mon, Oct 15, 2018 at 11:17 AM Michele Neylon - Blacknight <
michele at blacknight.com> wrote:

> So I'd personally love to know how many "end users" actually check whois
> data.
> Any of you got *any* data on that?
>

SO: It will be interesting to know if there is such data and more
importantly whether it will be reliable. I would expect that most typical
end user that uses whois wears some form of other hat; like I use it but
its also because I wear technical hat.

Cheers!

>
>
> --
> Mr Michele Neylon
> Blacknight Solutions
> Hosting, Colocation & Domains
> https://www.blacknight.com/
> https://blacknight.blog/
> Intl. +353 (0) 59  9183072
> Direct Dial: +353 (0)59 9183090
> Personal blog: https://michele.blog/
> Some thoughts: https://ceo.hosting/
> -------------------------------
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
>
> On 15/10/2018, 08:21, "registration-issues-wg on behalf of Hadia
> Abdelsalam Mokhtar EL miniawi" <
> registration-issues-wg-bounces at atlarge-lists.icann.org on behalf of
> Hadia at tra.gov.eg> wrote:
>
>     So far it seems that we have an agreement on the differentiation
> between natural and legal persons for the benefit of the end users.
>
>     Kindest Regards
>     Hadia
>
>     -----Original Message-----
>     From: registration-issues-wg [mailto:
> registration-issues-wg-bounces at atlarge-lists.icann.org] On Behalf Of
> Derek Smythe
>     Sent: Monday, October 15, 2018 9:16 AM
>     To: registration-issues-wg at atlarge-lists.icann.org
>     Subject: Re: [registration-issues-wg] [CPWG] Urgent EPDP question
>
>     Yes, agreed 100%.
>
>     Contracted parties should treat Legal Persons differently from Natural
>     Persons.
>
>     We are essentially asking consumers to sign a blank check/cheque when
>     they try and deal with a new business that's GDPR protected as they
>     can't do any form of due diligence in reality. This makes any consumer
>     a potential target to loss of privacy, fraud and more.
>
>     The only argument should really be as to whether this extends to all
>     Natural Persons or just those of the EU.
>
>     We need to consider a major concern here is the abuse of domains. How
>     do we protect or mitigate? This is what keeps us all safer. Law
>     enforcement simply cannot do it all as is a matter of record. Nor will
>     litigation for numerous reasons.
>
>     We also need to ask what happens is a domain claims to be a natural
>     person, but is used for a company? We most certainly have malicious
>     "Interpol", "United Nations" clone domains out there registered to
>     natural persons. And fictitious companies. Even a registrant name "Bar
>     Clay" used for a fake bank. This needs to be addressed as well as we
>     are guaranteed to see abuse of the definitions here.
>
>     > (As you may note if you looked at the RDS-WHOIS2 report, registrars
> under the 2013 RAA must do some validation of contact information for new
> an transfered domains, but none to simple renewal. so there are currently
> 140,000,000 domains without verified information (5 years after the 2013
> RAA came into force) and there is no requirement to ever validate their
> information - so unspecified time frames can last a LONG time.)
>
>     I believe we see the most abuse at the start of the domain's life
>     cycle and the chance of abuse declines over time. This has most
>     certainly been my experience in advance fee fraud. So we can be
>     somewhat flexible on older established domains.
>
>     A bigger danger is registrars that have not signed the RAA 2013 and
>     still bound under older versions of the RAA. I discovered one
>     recently, much abused.
>
>     A potential loophole is in private domain resales. We encounter
>     situations where the new owner simply changes the emails and not the
>     other details, then starts abusing that domain. This is also used as a
>     stepping stone to purchase new domains at the original registrar.
>
>
>     Something to chew on, three years old but still as valid as ever:
>
>
> http://www.securityskeptic.com/2015/07/how-to-register-a-gtld-domain-name-without-disclosing-personal-data.html
>
>     Obviously there is a risk in displaying Legal Persons details. But if
>     they can't protect themselves, how can they be expected to protect
>     those they deal with? A simple explanation page to each registrant
>     email would be simpler than trying to fix later where we're heading to.
>
>     Derek Smythe
>     Artists Against 419
>     http://www.aa419.org
>
>
>     On 2018/10/15 03:12, Alan Greenberg wrote:
>     > Here is a question that we need an answer on no later than Tuesday
>     > morning.
>     >
>     > GDPR requires the information related to Natural Persons be protected
>     > (for those resident in Europe) be protected. GDPR does not apply to
>     > Legal Persons (ie companies).
>     >
>     > ICANN's Temporary Spec allows contracted parties to treat all
>     > registrant alike and subject to GDPR.
>     >
>     > The EPDP Charter includes questions about whether contracted parties
>     > may or must treat Legal Persons differently from Natural Persons.
>     >
>     > The GAC, BC and IPC have made strong statements about the need to
>     > restrict GDPS to Natural Persons. The contracted parties are pushing
>     > back - strongly. The words vary, but in essence what they are saying
>     > ranges from there should be no constraint on them to yes, they may
>     > differentiate but with an unspecified time-frame.  (As you may note
> if
>     > you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA
>     > must do some validation of contact information for new an transfered
>     > domains, but none to simple renewal. so there are currently
>     > 140,000,000 domains without verified information (5 years after the
>     > 2013 RAA came into force) and there is no requirement to ever
> validate
>     > their information - so unspecified time frames can last a LONG time.)
>     >
>     > I personally feel that it is essential that we should differentiate
>     > between legal persons and natural persons, just as GDPR and other
>     > privacy legislation does.
>     >
>     > Comments?
>     >
>     > Alan
>     >
>     > _______________________________________________
>     > CPWG mailing list
>     > CPWG at icann.org
>     > https://mm.icann.org/mailman/listinfo/cpwg
>     > _______________________________________________
>     > registration-issues-wg mailing list
>     > registration-issues-wg at atlarge-lists.icann.org
>     > https://mm.icann.org/mailman/listinfo/registration-issues-wg
>     >
>     _______________________________________________
>     registration-issues-wg mailing list
>     registration-issues-wg at atlarge-lists.icann.org
>     https://mm.icann.org/mailman/listinfo/registration-issues-wg
>     _______________________________________________
>     registration-issues-wg mailing list
>     registration-issues-wg at atlarge-lists.icann.org
>     https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
>
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>


-- 
------------------------------------------------------------------------





*Seun Ojedeji,Federal University Oye-Ekitiweb:      http://www.fuoye.edu.ng
<http://www.fuoye.edu.ng> Mobile: +2348035233535**alt email:
<http://goog_1872880453>seun.ojedeji at fuoye.edu.ng
<seun.ojedeji at fuoye.edu.ng>*

Bringing another down does not take you up - think about your action!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/registration-issues-wg/attachments/20181015/6263b1f2/attachment-0001.html>


More information about the registration-issues-wg mailing list