[registration-issues-wg] [CPWG] Urgent EPDP question

Seun Ojedeji seun.ojedeji at gmail.com
Mon Oct 15 10:44:55 UTC 2018


Hello Derek,

Indeed, one can only postulate scenarios like the one you've rightly stated
but getting data to back that up isn't a project that will have an end

Cheers!

On Mon, Oct 15, 2018 at 11:36 AM Derek Smythe <derek at aa419.org> wrote:

> We used to see a lot of complaints along the lines of "X you have in
> your database also has this domain now" (with WHOIS details and
> sometimes how the were scammed by them). It's become noticeable that
> we no longer see these type of reports even though the complaints
> continue.
>
> We also used to see consumer groups fighting abuse using it a lot. On
> general tech forums, when somebody has a query regarding the validity
> of say an online shop, they'd look at WHOIS. In turn the average Joe
> would know somebody that can assist him with queries and would use it.
>
> So either directly or indirectly, end users used it a lot.
>
> Derek Smythe
> Artists Against 419
> http://www.aa419.org
>
> On 2018/10/15 12:17, Michele Neylon - Blacknight wrote:
> > So I'd personally love to know how many "end users" actually check whois
> data.
> > Any of you got *any* data on that?
> >
> >
> > --
> > Mr Michele Neylon
> > Blacknight Solutions
> > Hosting, Colocation & Domains
> > https://www.blacknight.com/
> > https://blacknight.blog/
> > Intl. +353 (0) 59  9183072
> > Direct Dial: +353 (0)59 9183090
> > Personal blog: https://michele.blog/
> > Some thoughts: https://ceo.hosting/
> > -------------------------------
> > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
> Park,Sleaty
> > Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
> >
> > On 15/10/2018, 08:21, "registration-issues-wg on behalf of Hadia
> Abdelsalam Mokhtar EL miniawi" <
> registration-issues-wg-bounces at atlarge-lists.icann.org on behalf of
> Hadia at tra.gov.eg> wrote:
> >
> >     So far it seems that we have an agreement on the differentiation
> between natural and legal persons for the benefit of the end users.
> >
> >     Kindest Regards
> >     Hadia
> >
> >     -----Original Message-----
> >     From: registration-issues-wg [mailto:
> registration-issues-wg-bounces at atlarge-lists.icann.org] On Behalf Of
> Derek Smythe
> >     Sent: Monday, October 15, 2018 9:16 AM
> >     To: registration-issues-wg at atlarge-lists.icann.org
> >     Subject: Re: [registration-issues-wg] [CPWG] Urgent EPDP question
> >
> >     Yes, agreed 100%.
> >
> >     Contracted parties should treat Legal Persons differently from
> Natural
> >     Persons.
> >
> >     We are essentially asking consumers to sign a blank check/cheque when
> >     they try and deal with a new business that's GDPR protected as they
> >     can't do any form of due diligence in reality. This makes any
> consumer
> >     a potential target to loss of privacy, fraud and more.
> >
> >     The only argument should really be as to whether this extends to all
> >     Natural Persons or just those of the EU.
> >
> >     We need to consider a major concern here is the abuse of domains. How
> >     do we protect or mitigate? This is what keeps us all safer. Law
> >     enforcement simply cannot do it all as is a matter of record. Nor
> will
> >     litigation for numerous reasons.
> >
> >     We also need to ask what happens is a domain claims to be a natural
> >     person, but is used for a company? We most certainly have malicious
> >     "Interpol", "United Nations" clone domains out there registered to
> >     natural persons. And fictitious companies. Even a registrant name
> "Bar
> >     Clay" used for a fake bank. This needs to be addressed as well as we
> >     are guaranteed to see abuse of the definitions here.
> >
> >     > (As you may note if you looked at the RDS-WHOIS2 report,
> registrars under the 2013 RAA must do some validation of contact
> information for new an transfered domains, but none to simple renewal. so
> there are currently 140,000,000 domains without verified information (5
> years after the 2013 RAA came into force) and there is no requirement to
> ever validate their information - so unspecified time frames can last a
> LONG time.)
> >
> >     I believe we see the most abuse at the start of the domain's life
> >     cycle and the chance of abuse declines over time. This has most
> >     certainly been my experience in advance fee fraud. So we can be
> >     somewhat flexible on older established domains.
> >
> >     A bigger danger is registrars that have not signed the RAA 2013 and
> >     still bound under older versions of the RAA. I discovered one
> >     recently, much abused.
> >
> >     A potential loophole is in private domain resales. We encounter
> >     situations where the new owner simply changes the emails and not the
> >     other details, then starts abusing that domain. This is also used as
> a
> >     stepping stone to purchase new domains at the original registrar.
> >
> >
> >     Something to chew on, three years old but still as valid as ever:
> >
> >
> http://www.securityskeptic.com/2015/07/how-to-register-a-gtld-domain-name-without-disclosing-personal-data.html
> >
> >     Obviously there is a risk in displaying Legal Persons details. But if
> >     they can't protect themselves, how can they be expected to protect
> >     those they deal with? A simple explanation page to each registrant
> >     email would be simpler than trying to fix later where we're heading
> to.
> >
> >     Derek Smythe
> >     Artists Against 419
> >     http://www.aa419.org
> >
> >
> >     On 2018/10/15 03:12, Alan Greenberg wrote:
> >     > Here is a question that we need an answer on no later than Tuesday
> >     > morning.
> >     >
> >     > GDPR requires the information related to Natural Persons be
> protected
> >     > (for those resident in Europe) be protected. GDPR does not apply to
> >     > Legal Persons (ie companies).
> >     >
> >     > ICANN's Temporary Spec allows contracted parties to treat all
> >     > registrant alike and subject to GDPR.
> >     >
> >     > The EPDP Charter includes questions about whether contracted
> parties
> >     > may or must treat Legal Persons differently from Natural Persons.
> >     >
> >     > The GAC, BC and IPC have made strong statements about the need to
> >     > restrict GDPS to Natural Persons. The contracted parties are
> pushing
> >     > back - strongly. The words vary, but in essence what they are
> saying
> >     > ranges from there should be no constraint on them to yes, they may
> >     > differentiate but with an unspecified time-frame.  (As you may
> note if
> >     > you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA
> >     > must do some validation of contact information for new an
> transfered
> >     > domains, but none to simple renewal. so there are currently
> >     > 140,000,000 domains without verified information (5 years after the
> >     > 2013 RAA came into force) and there is no requirement to ever
> validate
> >     > their information - so unspecified time frames can last a LONG
> time.)
> >     >
> >     > I personally feel that it is essential that we should differentiate
> >     > between legal persons and natural persons, just as GDPR and other
> >     > privacy legislation does.
> >     >
> >     > Comments?
> >     >
> >     > Alan
> >     >
> >     > _______________________________________________
> >     > CPWG mailing list
> >     > CPWG at icann.org
> >     > https://mm.icann.org/mailman/listinfo/cpwg
> >     > _______________________________________________
> >     > registration-issues-wg mailing list
> >     > registration-issues-wg at atlarge-lists.icann.org
> >     > https://mm.icann.org/mailman/listinfo/registration-issues-wg
> >     >
> >     _______________________________________________
> >     registration-issues-wg mailing list
> >     registration-issues-wg at atlarge-lists.icann.org
> >     https://mm.icann.org/mailman/listinfo/registration-issues-wg
> >     _______________________________________________
> >     registration-issues-wg mailing list
> >     registration-issues-wg at atlarge-lists.icann.org
> >     https://mm.icann.org/mailman/listinfo/registration-issues-wg
> >
> >
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>


-- 
------------------------------------------------------------------------





*Seun Ojedeji,Federal University Oye-Ekitiweb:      http://www.fuoye.edu.ng
<http://www.fuoye.edu.ng> Mobile: +2348035233535**alt email:
<http://goog_1872880453>seun.ojedeji at fuoye.edu.ng
<seun.ojedeji at fuoye.edu.ng>*

Bringing another down does not take you up - think about your action!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/registration-issues-wg/attachments/20181015/6aed83cb/attachment-0001.html>


More information about the registration-issues-wg mailing list