[gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]

benny at nordreg.se benny at nordreg.se
Thu Jun 8 06:50:03 UTC 2017 

> To the point at hand: I believe the notion of certifying private cybercrime investigators to be painfully naive (do I ignore reports from someone without a Internet Investigator License? Do we disallow them access to data?), impractical in the developed world, and deeply chauvinistic, patronizing and exclusionary to our colleagues in emerging nations where capacity building is exactly what’s needed to deal with next-gen abuse.

A contractual relationship, call it accredited or whatever you want to call it, could be allowed better access to data for investigation. That would imo be a better solution than todays practise were the data are flowing freely to all kind of purposes which often are used in a non respect full manner if you look at the disclaimer all registrars have in there whois output. 

I find it interesting that there are people here on this list who defend a practise which clearly violate disclaimers in whois conditions for use of data and in the same sentence call them self good guys, that is kind of ironic.

This is the standard disclaimer I am referring too. 

"# NOTE: All queries and IP addresses are logged.
#
# By submitting a WHOIS query, you agree to abide by the following
# terms of use: You agree to (a) use the retrieved data only for lawful
# purposes and (b) not use the retrieved data to:
# (1) allow, enable, or otherwise support the transmission of mass
# unsolicited, commercial advertising or solicitations via direct mail,
# e-mail, telephone, or facsimile; or (2) enable high volume, automated,
# electronic processes that apply to “registrar" or its information systems.
# The compilation, repackaging, dissemination or other use of this data
# is expressly prohibited without the prior written consent of “registrar".
#
# The data in “registrar" WHOIS database is provided by”registrar" for
# information purposes only, and to assist persons in obtaining
# information about or related to a domain name registration record.

I have never given, Domaintools or other services like that, a written consent for repackaging the data to there system, just as an example.

I do see there can be complications in a model with contractual relationships but its all about knowing who you give data too and who you can go to if there are problems in there use of the data. It’s not a perfect model but a more correct way of threatening data exchange were the collectors (registrars) are under a contractual obligation and can be responsible for how the data are used.

--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen
Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197080
Direct: +47.32260201
Mobile: +47.40410200

> On 8 Jun 2017, at 07:54, Neil Schwartzman <neil at cauce.org> wrote:
> 
> My experience differs slightly. They aren’t ignored. The presence of these .TLDs is a strong indicator of abuse which bears further investigation.
> 
> To the point at hand: I believe the notion of certifying private cybercrime investigators to be painfully naive (do I ignore reports from someone without a Internet Investigator License? Do we disallow them access to data?), impractical in the developed world, and deeply chauvinistic, patronizing and exclusionary to our colleagues in emerging nations where capacity building is exactly what’s needed to deal with next-gen abuse.
> 
> 
>> On Jun 8, 2017, at 2:36 AM, allison nixon <elsakoo at gmail.com> wrote:
>> 
>> We're getting there. Entire top level domains are already ignored on many networks like .science, .xyz, .pw, .top, .club, et cetera
> 
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list