[gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]

[allison nixon]

On Wed, Jun 07, 2017 at 10:55:19AM -0400, Stephanie Perrin wrote:
> These are excellent questions.  I would add an additional one:  why are
> private cybercrime investigators not accredited?  How can the global
public
> trust them, or perhaps why?

There's even more deep misunderstandings afoot. There's also the implicit
idea that "private cybercrime investigators" are default untrustworthy, and
ICANN is by default trustworthy.

If you ever entered your data into a web form, you are trusting these "private
cybercrime investigators", and if you truly believe they are not
trustworthy, you are free to minimize what you share.

If ICANN is going to be entrusted with heaps of PII, "private cybercrime
investigators" will be employed to protect that data. Maybe even some of
the same people that are telling you it's a bad idea to collect it.

Second, ICANN has a consistently bad track record when it comes to inaction
in the face of known abuse. Not only is WHOIS accuracy the butt of jokes,
but some "bulletproof" registrars remain accredited long after they are
outed, and entire TLDs are infamous. And we're supposed to believe that
ICANN will suddenly start getting proactive about abuse. WHOIS is one of
the few tools that can be used to hold ICANN accountable!

There is also the deep misunderstanding that there is any accreditation
scheme that will produce the results you hope for without destroying the
utility of this. Unless this is merely ritualistic box checking, in which
case the misunderstanding is on me.

Another deep misunderstanding- the idea that the data is sensitive enough
to warrant this. People in the security community go through
"accreditation" to become private investigators or to get security
clearance, but to imagine WHOIS data on par with classified data or PI's
records is silly. If we're going to go through that, we better get the IP
and billing address too. The actual sensitive PII.

Andrew's point about voluntary interconnection is spot on. Networks are far
from perfect. ICANN won't save you, and neither will the government. The
Internet is NOT a safe place, and will not be made safer by blinding
people.

>>its role in IANA registries will simply be usurped by others, and
>>people will ignore the ICANN registrars and registries and everything
>>like that.  I certainly hope we never get there, because it would be
>>really painful and bad for the Internet

We're getting there. Entire top level domains are already ignored on many
networks like .science, .xyz, .pw, .top, .club, et cetera. These products
are becoming worthless to legitimate buyers due to abuse. "private
cybercrime investigators" are the people bringing these facts to light, and
the proper response is not to act with suspicion and demand that they fill
out more paperwork, but maybe think about why operators want to block vast
swaths of namespace and how much that reflects declining trust in ICANN
accredited entities.



On Wed, Jun 7, 2017 at 12:53 PM, Andrew Sullivan <ajs at anvilwalrusden.com>
wrote:

> Hi,
>
> On Wed, Jun 07, 2017 at 10:55:19AM -0400, Stephanie Perrin wrote:
> > These are excellent questions.  I would add an additional one:  why are
> > private cybercrime investigators not accredited?  How can the global
> public
> > trust them, or perhaps why?
>
> The above question implies a deep misunderstanding of the nature of
> the Internet.
>
> As Phill Hallam-Baker[1] said once, "On the Internet, you are so not
> in charge for every value of 'you'."  The reason that Internet private
> cybercrime investigators are not accredited is the same reason that
> Internet policy people are not accredited, Internet technical
> contributors are not accredited, Internet e-commerce site operators
> are not accredited, and Internet private fans of dressing up as furry
> creatures are not accredited.  In a network of networks, there is no
> centre of control because there is _no centre_.  Since there is no
> centre of control on the Internet, accreditation in the generic
> sense above is completely meaningless.
>
> The way things on the Internet work is _voluntary_ interconnection,
> which means that you're a "private cybercrime investigator" if people
> who have real legal authority in real legal jurisdictions decide to
> rely on and work with your investigations.  You're an ISP if people
> decide to use your service provisioning to connect to the Internet.
> And so on.
>
> The idea that there is anyone in a position to accredit someone else
> for a generic Internet job completely misses the way the Internet
> actually functions.  ICANN today can accredit registrars and
> registries (and therefore make policies about RDS) because people
> agree to let ICANN do this, because it's doing it now and it's hard to
> change that.  But if ICANN proves to be too useless for the rest of
> the Internet (because, to take an imaginary case, the community around
> ICANN thinks it is Boss of da Internetz and so can make rules that
> break operational reality without any apparent operational benefit),
> then its role in IANA registries will simply be usurped by others, and
> people will ignore the ICANN registrars and registries and everything
> like that.  I certainly hope we never get there, because it would be
> really painful and bad for the Internet.  But it is certainly
> possible.  ICANN has no power independent of the agreement of everyone
> to use the ICANN policies for the IANA DNS root.  Ask MySpace or the
> authors of Gopher whether there are any permanent favourites on the
> Internet.
>
> Best regards,
>
> A
>
> [1] of all people
>
> --
> Andrew Sullivan
> ajs at anvilwalrusden.com
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>



-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170607/8355314c/attachment-0001.html>