[Gnso-epdp-team] Data enrichment companies

Hadia Abdelsalam Mokhtar EL miniawi Hadia at tra.gov.eg
Wed Dec 11 13:53:51 UTC 2019

Those exposed 1.2 billion people are the Internet end users whom the ALAC  is trying to protect. Who is accountable for this exposure, who is responsible for the server which is causing the damage?

From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces at icann.org] On Behalf Of Volker Greimann
Sent: Tuesday, December 10, 2019 8:00 PM
To: gnso-epdp-team at icann.org
Subject: Re: [Gnso-epdp-team] Data enrichment companies

Still waiting for Facebook to publish a verified whois of their account holders ;-)


Am 09.12.2019 um 09:46 schrieb Ayden Férdeline:
I don't want to disagree with someone from my own stakeholder group, but I don't understand how this is a "quick solution to the SSAD problem"? These services contain names, emails, and LinkedIn URLs - I don't see how these are substitutes for the data elements in Whois. And how are you even meant to know who to search for in one of these third-party services, absent the name of a registrant? These third-party services that pull in random data sets should be reigned in, not what we recommend others turn to locate/trace a registrant.

Ayden Férdeline

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, December 9, 2019 3:44 AM, Mueller, Milton L <milton at gatech.edu><mailto:milton at gatech.edu> wrote:

I am wondering how many of the people involved in EPDP are familiar with data enrichment companies such as People Data Labs.
If you're not you may be amazed at how vast is the number of people encompassed in their records, and how many data points are aggregated in them. As we battle mightily over how much disclosure of measly Whois records we will allow and under what circumstances, it might be useful to take a look at this article, https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/

There you will see a storehouse of names, email addresses, phone numbers, social media profile information and physical addresses for 1.2 billion people, all available for subscribers to this service and - in this bizarre case - all of it exposed to anyone with the right IP address due to a configuration error of an Elasticsearch server.

 Based on my exposure to these data enrichment services, I think we may have found a quick solution to the SSAD problem. One could conclude that we don't need one at all, because any serious requestor can get a ton of data about virtually anyone on the internet - automatically, instantly - by using one of these services.

1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook<https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/>
On October 16, 2019 Bob Diachenko and Vinny Troia discovered a wide-open Elasticsearch server containing an unprecedented 4 billion user accounts spanning more than 4 terabytes of data.. A total count of unique people across all data sets reached more than 1.2 billion people, making this one of the largest data leaks from a single source organization in history.

I'll leave you all with that thought. See you Tuesday.

Dr Milton L Mueller, Professor

School of Public Policy

Georgia Institute of Technology

Internet Governance Project<https://internetgovernance.org>


Gnso-epdp-team mailing list

Gnso-epdp-team at icann.org<mailto:Gnso-epdp-team at icann.org>



By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Volker A. Greimann
General Counsel and Policy Manager

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net<http://www.key-systems.net>

Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835
CEO: Alexander Siffrin

Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20191211/5ff1fef2/attachment-0001.html>

More information about the Gnso-epdp-team mailing list