[gnso-rds-pdp-wg] Dangers of public whois

Greg Shatan gregshatanipc at gmail.com
Fri Feb 10 19:11:57 UTC 2017 

Grimmway Farms.


*Greg Shatan *C: 917-816-6428
S: gsshatan
gregshatanipc at gmail.com

On Fri, Feb 10, 2017 at 2:05 PM, sam at lanfranco.net <sam at lanfranco.net>
wrote:

> Greg,
>
> Both real property and corporate information can sit behind proxy shields
> (numbered companies, lawyers, and nominal owners). Probably same for IP.
>
> The middle ground here might be proxy services (costed in) , as the
> default, and opt-out (with little or no reduction in costs) as an option.
> Within the law the "owner" should set the transparency level, not those who
> would like data access.
>
> Some owners want high disclosure, as part of their business plan. (Name a
> sports stadium). Some do not. Try to identify the largest produce farm in
> California
>
> The RDS task is now convergence, based on its flow of diversity of
> opinions, interests, and evidence. How do we get there from here, and how
> much longer should that take?
>
> Sam L
>
> Sent from Wisdom Pond
>
>
> -------- Original Message --------
> Subject: Re: [gnso-rds-pdp-wg] Dangers of public whois
> From: Greg Shatan
> To: sam at lanfranco.net
> CC: Volker Greimann ,RDS PDP WG
>
>
> Sam:
>
> To answer your question, here are some areas of "fat" disclosure that
> quickly come to mind:
>
> -- Real property ownership
> -- Intellectual property ownership (registration)
> -- Corporate contact information
>
> Development is only one of many goals that need to be kept in mind, and
> I'm not even sure it's an "official" one for ICANN.  Consumer trust and
> safety are clearly enhanced by public WHOIS/RDS access.  I believe that
> security, stability and resiliency are as well.
>
> If you have no purpose for access to WHOIS/RDS access, it's easy to say
> that "Anything other than a minimalist "thin" will be a source of endless
> pain, and for no gain."  First, we've already had thick access for a very
> long time, and I can certainly say there is plenty of "gain" from a lot of
> different purposes.  If there was no "pain," we probably wouldn't be having
> this conversation, but there are a number of ways to deal with that "pain"
> -- and we have to be as careful and fact-based about what the pain is as we
> are about the purposes for collection and disclosure are.
>
> Greg Shatan
>
>
> *Greg Shatan *C: 917-816-6428 <(917)%20816-6428>
> S: gsshatan
> gregshatanipc at gmail.com
>
> On Fri, Feb 10, 2017 at 12:34 PM, sam at lanfranco.net <sam at lanfranco.net>
> wrote:
>
>> This difference of opinion is the crucial fork in the road here. Name one
>> other sector, industry, or activity where "fat" disclosure takes place, or
>> where "thin" disclosure harmed development. Anything other than a
>> minimalist "thin" will be a source of endless pain, and for no gain.
>>
>> Sam L.
>>
>> Sent from my Huawei Mobile
>>
>>
>> -------- Original Message --------
>> Subject: Re: [gnso-rds-pdp-wg] Dangers of public whois
>> From: Volker Greimann
>> To: gnso-rds-pdp-wg at icann.org
>> CC:
>>
>>
>> This illustrates the basic difference of opinion:
>>
>> Proposal: By not allowing the flow of WHOIS data for anything but
>> purposes backed by legal rights to that information or required for the
>> technical operation of the internet
>>
>> 1) We will strengthen the rights to private data against anyone desiring
>> to abuse that data by claiming to have some ephemeral purpose to access
>> that data
>>
>> 2) The internet economy will likely not be affected
>>
>> 3) By defining restrictive access requirements, we will still enable
>> legitimate cases where access to such data is needed
>>
>> Best,
>>
>> Volker
>>
>> Am 10.02.2017 um 17:11 schrieb nathalie coupet via gnso-rds-pdp-wg:
>>
>> Proposal: By allowing the flow of WHOIS data to enable as many legitimate
>> activites as possible througout the root and main branches of the tree:
>> 1) we will strengthen the Internet by providing peripheral purposes that
>> protect the medium (consumer protection, research,...)
>> 2) we will protect the Internet economy as much as possible
>> 3) by increasing granularity, we can tackle edge cases at the edge.
>>
>> Nathalie
>>
>>
>> On Friday, February 10, 2017 11:01 AM, Victoria Sheckler
>> <vsheckler at riaa.com> <vsheckler at riaa.com> wrote:
>>
>>
>> We need to find balance and a constructive way to propose solutions, not
>> this endless back and forth of edge cases.
>>
>> -----Original Message-----
>> From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounce
>> s at icann.org] On Behalf Of benny at nordreg.se
>> Sent: Friday, February 10, 2017 4:44 AM
>> To: Volker Greimann <vgreimann at key-systems.net>
>> Cc: gnso-rds-pdp-wg at icann.org
>> Subject: Re: [gnso-rds-pdp-wg] Dangers of public whois
>>
>> +1 to Volker
>>
>> Spot on, we cant let the criminals endanger all innocents life by default
>> expose data as we do today
>>
>> --
>> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>>
>> Benny Samuelsen
>> Registry Manager - Domainexpert
>>
>> Nordreg AB - ICANN accredited registrar
>> IANA-ID: 638
>> Phone: +46.42197080 <+46%2042%2019%2070%2080>
>> Direct: +47.32260201 <+47%2032%2026%2002%2001>
>> Mobile: +47.40410200 <+47%20404%2010%20200>
>>
>> > On 10 Feb 2017, at 10:41, Volker Greimann <vgreimann at key-systems.net>
>> wrote:
>> >
>> >
>> >>
>> >> Pivoting off domain whois is my #1 valued resource in cybercrime
>> investigations.
>> > Judging from the amount of abuse and spam out there, it is also the #1
>> valued resource of spammers, cyber criminals, nigerian princes, domain
>> slammers ,etc etc.
>> >
>> > And that leads to the question: Is it really worth giving up the
>> private data of all registrants to whoever wants it just to catch a few bad
>> guys?
>> > And to answer that:  I'd rather see a few criminals uncaught if that
>> means the innocent majority will be that much less at risk to be victimized.
>> >
>> > Best,
>> > Volker
>> >
>> >
>> >>
>> >> On Thu, Feb 9, 2017 at 12:16 PM, benny at nordreg.se <benny at nordreg.se>
>> wrote:
>> >> Dnsservers, domainstatus, various dates, Registrar
>> >>
>> >> None of these data are personal data imo
>> >>
>> >> The only info you see in Whois are the contact ID the user have at
>> >> the registrar/ registry
>> >>
>> >>
>> >>
>> >> Sent from my iPhone
>> >>
>> >> On 9 Feb 2017, at 18:10, nathalie coupet <nathaliecoupet at yahoo.com>
>> wrote:
>> >>
>> >>> Benny,
>> >>>
>> >>> All personal info on personal domains are hidden by default. What are
>> the info that remain available for public view - after personal information
>> have been hidden by default - which still enable technical operability?
>> >>>
>> >>>
>> >>> Nathalie
>> >>>
>> >>>
>> >>> On Thursday, February 9, 2017 11:46 AM, "benny at nordreg.se" <
>> benny at nordreg.se> wrote:
>> >>>
>> >>>
>> >>> Maybe not but there are nothing who prevent us from trying to protect
>> people from there mistakes and stupidity and still be able to have certain
>> level of technical operability with whois data.
>> >>>
>> >>> A good example are .se which have a whois policy where all personal
>> info on personal domains are hidden by default. The registrant need to opt
>> out of the privacy actively by making a decision. That might be the way we
>> should think instead of what to do to hide data.
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>> >>>
>> >>>
>> >>> Benny Samuelsen
>> >>> Registry Manager - Domainexpert
>> >>>
>> >>> Nordreg AB - ICANN accredited registrar
>> >>> IANA-ID: 638
>> >>>
>> >>> Phone: +46.42197080 <+46%2042%2019%2070%2080>
>> >>> Direct: +47.32260201 <+47%2032%2026%2002%2001>
>> >>> Mobile: +47.40410200 <+47%20404%2010%20200>
>> >>>
>> >>> On 09/02/2017, 17:38, "gnso-rds-pdp-wg-bounces at icann.org on behalf
>> of Greg Aaron" <gnso-rds-pdp-wg-bounces at icann.org on behalf of
>> gca at icginc.com> wrote:
>> >>>
>> >>>    Is ICANN (or anyone else) responsible for protecting Spicer from
>> himself?  A lot of the articles about this subject point out that Spicer
>> was neglectful and occasionally incompetent.
>> >>>
>> >>>    Here are some facts to consider:
>> >>>    * Privacy protection was available and Spicer didn’t obtain it.
>> That was his choice.
>> >>>    * Spicer agreed to have his data published in WHOIS.  So that was
>> either OK with him, or he didn't read the terms of service in his domain
>> registration agreement.  Either way, it was his choice.
>> >>>    * Spicer tweeted out his own Twitter password.  He's responsible
>> for that.
>> >>>    * Spicer himself published his email address in many, many public
>> places over the years.  A simple Google search will tell you what his email
>> address was.
>> >>>    * Those data breaches that Volker mentions have nothing to do with
>> domain registration data.  They did not reveal domain registration data.
>> Domain registration data didn't allow hackers to penetrate Dropbox,
>> LinkedIn, and MySpace, and the other places where Spicer's credentials were
>> lost over the years.  Bad corporate security allowed those breaches to
>> happen.
>> >>>    * Spicer has a very different risk profile than the average
>> person.  He's been a prominent PR and political operative for many years
>> (and is now working for the most scrutinized entity in the world).  A key
>> tenet of risk assessment is that exceptional cases may not justify making
>> rules that affect everyone.
>> >>>
>> >>>    All best,
>> >>>    --Greg
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>    -----Original Message-----
>> >>>    From: gnso-rds-pdp-wg-bounces at icann.org [mailto:
>> gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Volker Greimann
>> >>>    Sent: Thursday, February 9, 2017 4:28 AM
>> >>>    To: gnso-rds-pdp-wg at icann.org
>> >>>    Subject: [gnso-rds-pdp-wg] Dangers of public whois
>> >>>
>> >>>    As we tend to get lost in the thick and nitty gritty from time to
>> time, this recent article should remind us what we are working for:
>> >>>
>> >>>    mashable.com/2017/02/07/sean-spicer-who-is
>> >>>
>> >>>    also here:
>> >>>
>> >>> http://domainnamewire.com/2017/02/08/sean-spicer-brings-attention-wh
>> >>> ois-privacy/
>> >>>
>> >>>    While it could not have hit a nicer guy, he completely and
>> accurately followed policy and look where it lead. Hi private address and
>> telephone number as well as email address known to the world, other domains
>> he registered for himself and his family published, etc. As his email
>> address was compromised in no less than three leaks (plus one honorable
>> mention on Wikileaks), and he recently tweeted his password, it may even be
>> possible to dig deeper.
>> >>>
>> >>>    I hope this helps remind folks that getting private data out of
>> the public view is a good thing.
>> >>>
>> >>>    --
>> >>>
>> >>>    Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>> >>>
>> >>>    Mit freundlichen Grüßen,
>> >>>
>> >>>    Volker A. Greimann
>> >>>    - Rechtsabteilung -
>> >>>
>> >>>    Key-Systems GmbH
>> >>>    Im Oberen Werk 1
>> >>>    66386 St. Ingbert
>> >>>    Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
>> >>>    Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
>> >>>    Email: vgreimann at key-systems.net
>> >>>
>> >>>    Web: www.key-systems.net / www.RRPproxy.net
>> >>> www.domaindiscount24.com / www.BrandShelter.com
>> >>>
>> >>>    Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
>> >>>    www.facebook.com/KeySystems
>> >>>    www.twitter.com/key_systems
>> >>>
>> >>>    Geschäftsführer: Alexander Siffrin
>> >>>    Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.:
>> >>> DE211006534
>> >>>
>> >>>    Member of the KEYDRIVE GROUP
>> >>>    www.keydrive.lu
>> >>>
>> >>>    Der Inhalt dieser Nachricht ist vertraulich und nur für den
>> angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe,
>> Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist
>> unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten
>> wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>> >>>
>> >>>    --------------------------------------------
>> >>>
>> >>>    Should you have any further questions, please do not hesitate to
>> contact us.
>> >>>
>> >>>    Best regards,
>> >>>
>> >>>    Volker A. Greimann
>> >>>    - legal department -
>> >>>
>> >>>    Key-Systems GmbH
>> >>>    Im Oberen Werk 1
>> >>>    66386 St. Ingbert
>> >>>    Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
>> >>>    Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
>> >>>    Email: vgreimann at key-systems.net
>> >>>
>> >>>    Web: www.key-systems.net / www.RRPproxy.net
>> >>> www.domaindiscount24.com / www.BrandShelter.com
>> >>>
>> >>>    Follow us on Twitter or join our fan community on Facebook and
>> stay updated:
>> >>>    www.facebook.com/KeySystems
>> >>>    www.twitter.com/key_systems
>> >>>
>> >>>    CEO: Alexander Siffrin
>> >>>    Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.:
>> >>> DE211006534
>> >>>
>> >>>    Member of the KEYDRIVE GROUP
>> >>>    www.keydrive.lu
>> >>>
>> >>>    This e-mail and its attachments is intended only for the person to
>> whom it is addressed. Furthermore it is not permitted to publish any
>> content of this email. You must not use, disclose, copy, print or rely on
>> this e-mail. If an addressing or transmission error has misdirected this
>> e-mail, kindly notify the author by replying to this e-mail or contacting
>> us by telephone.
>> >>>
>> >>>
>> >>>
>> >>>    _______________________________________________
>> >>>    gnso-rds-pdp-wg mailing list
>> >>>    gnso-rds-pdp-wg at icann.org
>> >>>    https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> >>>
>> >>>    _______________________________________________
>> >>>    gnso-rds-pdp-wg mailing list
>> >>>    gnso-rds-pdp-wg at icann.org
>> >>>    https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> >>>
>> >>> _______________________________________________
>> >>> gnso-rds-pdp-wg mailing list
>> >>> gnso-rds-pdp-wg at icann.org
>> >>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> >>>
>> >>>
>> >>
>> >> _______________________________________________
>> >> gnso-rds-pdp-wg mailing list
>> >> gnso-rds-pdp-wg at icann.org
>> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> >>
>> >>
>> >>
>> >> --
>> >> _________________________________
>> >> Note to self: Pillage BEFORE burning.
>> >>
>> >>
>> >> _______________________________________________
>> >> gnso-rds-pdp-wg mailing list
>> >>
>> >> gnso-rds-pdp-wg at icann.org
>> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>> >
>> > --
>> > Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>> >
>> > Mit freundlichen Grüßen,
>> >
>> > Volker A. Greimann
>> > - Rechtsabteilung -
>> >
>> > Key-Systems GmbH
>> > Im Oberen Werk 1
>> > 66386 St. Ingbert
>> > Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
>> > Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
>> > Email:
>> > vgreimann at key-systems.net
>> >
>> >
>> > Web:
>> > www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com /
>> > www.BrandShelter.com
>> >
>> >
>> > Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
>> >
>> > www.facebook.com/KeySystems
>> > www.twitter.com/key_systems
>> >
>> >
>> > Geschäftsführer: Alexander Siffrin
>> > Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.:
>> > DE211006534
>> >
>> > Member of the KEYDRIVE GROUP
>> >
>> > www.keydrive.lu
>> >
>> >
>> > Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen
>> Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder
>> Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese
>> Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per
>> E-Mail oder telefonisch in Verbindung zu setzen.
>> >
>> > --------------------------------------------
>> >
>> > Should you have any further questions, please do not hesitate to
>> contact us.
>> >
>> > Best regards,
>> >
>> > Volker A. Greimann
>> > - legal department -
>> >
>> > Key-Systems GmbH
>> > Im Oberen Werk 1
>> > 66386 St. Ingbert
>> > Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
>> > Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
>> > Email:
>> > vgreimann at key-systems.net
>> >
>> >
>> > Web:
>> > www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com /
>> > www.BrandShelter.com
>> >
>> >
>> > Follow us on Twitter or join our fan community on Facebook and stay
>> updated:
>> >
>> > www.facebook.com/KeySystems
>> > www.twitter.com/key_systems
>> >
>> >
>> > CEO: Alexander Siffrin
>> > Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534
>> >
>> > Member of the KEYDRIVE GROUP
>> >
>> > www.keydrive.lu
>> >
>> >
>> > This e-mail and its attachments is intended only for the person to whom
>> it is addressed. Furthermore it is not permitted to publish any content of
>> this email. You must not use, disclose, copy, print or rely on this e-mail.
>> If an addressing or transmission error has misdirected this e-mail, kindly
>> notify the author by replying to this e-mail or contacting us by telephone.
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > gnso-rds-pdp-wg mailing list
>> > gnso-rds-pdp-wg at icann.org
>> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>> --
>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>>
>> Mit freundlichen Grüßen,
>>
>> Volker A. Greimann
>> - Rechtsabteilung -
>>
>> Key-Systems GmbH
>> Im Oberen Werk 1
>> 66386 St. Ingbert
>> Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
>> Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
>> Email: vgreimann at key-systems.net
>>
>> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>>
>> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:www.facebook.com/KeySystemswww.twitter.com/key_systems
>>
>> Geschäftsführer: Alexander Siffrin
>> Handelsregister Nr.: HR B 18835 - Saarbruecken
>> Umsatzsteuer ID.: DE211006534
>>
>> Member of the KEYDRIVE GROUPwww.keydrive.lu
>>
>> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>>
>> --------------------------------------------
>>
>> Should you have any further questions, please do not hesitate to contact us.
>>
>> Best regards,
>>
>> Volker A. Greimann
>> - legal department -
>>
>> Key-Systems GmbH
>> Im Oberen Werk 1
>> 66386 St. Ingbert
>> Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
>> Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
>> Email: vgreimann at key-systems.net
>>
>> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>>
>> Follow us on Twitter or join our fan community on Facebook and stay updated:www.facebook.com/KeySystemswww.twitter.com/key_systems
>>
>> CEO: Alexander Siffrin
>> Registration No.: HR B 18835 - Saarbruecken
>> V.A.T. ID.: DE211006534
>>
>> Member of the KEYDRIVE GROUPwww.keydrive.lu
>>
>> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>>
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170210/d88347f2/attachment.html>

More information about the gnso-rds-pdp-wg mailing list