[gnso-rds-pdp-wg] Dangers of public whois

nathalie coupet nathaliecoupet at yahoo.com
Sat Feb 18 20:44:53 UTC 2017 

I was holding my breath to see what the reaction would be. +2 to Theo!

Sent from my iPhone

> On Feb 18, 2017, at 2:10 PM, Rod Rasmussen <rrasmussen at infoblox.com> wrote:
> 
> I cannot PLUS ONE this comment enough - thank you Theo!
> 
> One thing that I would like to point out that we covered in the EWG and I think is one of many keys to solving many of the issues exposed here but is missing from this current debate is the concept that we do not have to come up with a “one size fits all” solution.  For example, there are different requirements under privacy law for business entities vs. private individuals, there are different amounts of information people and businesses may want to provide to various parties both publicly and privately, and those of us who deal with abuse and domain reputation can make different decisions on actions (blocking, take-down, LE involvement, etc.) based on what is occurring and what is published in an RDS.  Everyone in the ecosystem already does this with the current whois system, but inconsistently, with varying degrees of knowledge, and without formal “rules of the road”.  I think it would be helpful for everyone, no matter what your primary issues are to keep this in mind, as it allows you to better conceive solutions to the myriad issues we have to address.  Make the system flexible to accommodate different kinds of use cases and desires for “transparency” around domain ownership, contactabilty, and accountability.
> 
> Cheers,
> 
> Rod
> 
> 
> Rod Rasmussen
> VP, Cybersecurity
> Infoblox
> 
>> On Feb 17, 2017, at 1:09 PM, theo geurts <gtheo at xs4all.nl> wrote:
>> 
>> Mark,
>> 
>> Thank you for your comment. I think you are nailing the problem here; this is very good IMO.
>> 
>> "and the need to mitigate them does not eliminate the need to have public data."
>> 
>> This is the issue here. That data should have never been public if we look at the EU GDPR and many other data privacy laws around the globe, and this is what causes Registries and Registrars having massive problems regarding complying with the law.
>> 
>> So we with the RDS we are starting from scratch. So and I think this is KEY here, how do we ensure privacy and yet make sure we can still effectively combat abuse.
>> 
>> Speaking personally, I think privacy is very important, and I do not like the fact my personal data is being processed all over the place by shady folks.
>> As a Registrar, I find it very important that we should not go backward in fighting abuse. For the simple reason, abuse costs us money, and we should never be in a situation that it becomes harder to battle child porn, or taking down terrorists, or sinkhole botnets.
>> 
>> So what we cannot do is ignore all these privacy laws. That would be insane as we would be piling up in tons of fines here.
>> We do not want to reduce effectiveness regarding abuse because that is costing money also. And to be clear here, the registrants will be soaking it all up one way or another.
>> 
>> So my take on this is, we make sure that we move on and address BOTH issues and this is our task as a WG. Our task is to solve these problems as we start from scratch with RDS. We learned our lessons from the current WHOIS, now we need to make sure that we can avoid all these pitfalls within RDS.
>> 
>> Thank you for making it this far.
>> 
>> Have a good weekend,
>> 
>> Theo
>> Registrar
>> 
>> 
> 
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list