[Gnso-epdp-team] ICANN Org response to question re. use of WHOIS data by OCTO

Marika Konings marika.konings at icann.org
Mon Oct 22 10:35:59 UTC 2018

Dear EPDP Team,

Please find hereby the response of ICANN Org to the question in relation to use of WHOIS data by OCTO:

QUESTION: Further input is requested to explore how WHOIS was used before the Temp Spec was adopted, in OCTO's activities.  The original Org response does not address that issue. For example, did OCTO use WHOIS in its law enforcement training and outreach activities, or engagement with the cybersecurity community, or to facilitate or respond to large scale botnet attacks, such as Conficker or Avalanche? Individual members may follow up with the CTO for follow up questions, if available at ICANN63.

RESPONSE: Regarding the EPDP Team’s follow-up question on how OCTO used WHOIS data for training and outreach activities, prior to the effective date of the Temporary Specification, use of WhOIS data to identify the registrant and the technical data related to a domain name was part of the training materials. The training showed how one could use WHOIS data to attempt to contact a registrant or the hosting provider in cases of compromised machines, etc. Since the Temporary Specification became effective, the training no longer shows one how to use public WHOIS data to contact a registrant, instead as part of the training, a brief overview of where the policy discussions are and how people can get involved in the discussion is provided.

The EPDP Team’s follow-up question also asks how OCTO used WHOIS data for engagement with cybersecurity community, or to facilitate or respond to large scale botnet attacks, such as Conficker or Avalanche. Conficker, Andromeda and other large-scale actions are typically managed by the Law Enforcement agencies, not OCTO. OCTO’s role in those activities does not involve the use of personal data in WHOIS. Those Law Enforcement agencies would be better placed to discuss their operational procedures and the effect of the Temporary Specification on their operations.

The response will be posted here: https://community.icann.org/x/ahppBQ.

Best regards,

Caitlin, Berry and Marika

Marika Konings
Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings at icann.org<mailto:marika.konings at icann.org>

Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20181022/9bb1d13b/attachment.html>

More information about the Gnso-epdp-team mailing list