[gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]

Volker Greimann vgreimann at key-systems.net
Thu Jun 8 13:43:37 UTC 2017 

Hi Allison,
>
> -registrars complain about spam, but they so far haven't named a 
> single criminal gang that spams. But they harp over and over about 
> domaintools, who do not contribute to spam.
If we thought it would contribute to the discussion, we would name the 
spammers we have seen, although I personally do not know who is behind 
those mails we see. We are not investigators of such issues after all.

> -there are also the ridiculous arguments that the creation dates etc 
> in whois can possibly be abused, no evidence is provided.
A lot of the spam we see as registrars is tied to the creation date or 
renewal date of a domain name:
"Your domain is expiring, transfer now!"
"You registered this domain but it has not been listed with search 
engines yet!"
etc.

> -there are also the "legal" arguments where people are saying making 
> any data public is illegal now, but if this is true, can we look 
> forward to a total social media shutdown too? No one can reconcile 
> that simple logical inconsistency.
Any data being published is obvious nonsense. Data published by the data 
subjects themselves is also not problematic as long as they are aware of 
what they are doing. If I post my private information on my facebook 
profile, that is my choice and I clearly know what I am doing. If I give 
my hosting provider my address details without reading the registration 
agreement that I agree to, that is a totally different story.

> -apparently those meetings with the much-adored privacy commisioner 
> did not include any voices from those who worked in security.
If the needs of those that work in security means legal requirements 
have to be violated then there is a problem. If they can work within the 
legal requirements then there isn't.

> -we also have registrars attempting to "mansplain" spam and abuse to 
> people who work IN antispam and antiabuse
I thought that term means constantly interrupting the other party to 
"correct" them without giving them opportunity to finish? I wasn't aware 
that this can be done by email.
> -we have people complain about lack of privacy in whois when it's 
> already been proven that private people have many options to choose from
Just because there are alternative options that does not imply that the 
status quo is as it should or needs to be. Privacy officials have 
repeatedly told ICANN that the current WHOIS has significant issues and 
it is now time to address those issues.
>
> So these logical inconsistencies raise serious questions. Personally, 
> i am not so quick to accuse people of criminal motivations. After all, 
> i did check the numbers to see if any of the registrars participating 
> here have a disproportionate number of abusive customers. Thanks to 
> the existence of public whois, i did not observe anything indicating that.
I do not see any inconsistencies. Maybe it depends on the point of view 
and personal experience.
>
> Still, the logical inconsistencies raise many questions. Personally, 
> my theory is that the registrars dont want to spend money on running 
> whois servers. And they are bitter that aggregators make money from it 
> when they don't. That type of argument is logically consistent and is 
> something i can actually work with.
Whois servers cost next to nothing to maintain. It is the complaints of 
current or former customers why their current/old information is (still) 
out there even though they sold or deleted their domain or changed their 
data that cost time (=money). Having to explain to customers that the 
agreement that they didn't read included a reference to our obligation 
to publish their whois details and pass them on to the registry and 
escrow service costs time. And yes, even if that clause is seperated out 
and seperately agreement is required, most customers simply will not 
read it.
>
> I know youall are here to represent your company's interests, and this 
> is a serious fact worth considering. I know that some similar 
> monetization schemes already, and if you dont see the opportunity then 
> your registrar is probably missing out. The registrars that do this 
> not only make extra money, but the data is used to do anti-abuse work 
> for them for free so they can keep their customer base clean without 
> hiring anyone extra.
Well, my employment and my company's interests are not all that there is 
to me. I also firmly believe in consumer privacy and the right of each 
individual to the privacy of their own data.

Best,
Volker

>
>
>
>
> On Jun 8, 2017 4:56 AM, "Stephanie Perrin" 
> <stephanie.perrin at mail.utoronto.ca 
> <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>
>     Calling me naive, ill informed etc.  does not actually answer the
>     question folks.  It is, I am afraid, a valid question.  What
>     criteria does an organization like APWG apply, when it admits
>     members and shares data with them?  How do you ensure you are not
>     sharing data with organizations who are going to misuse it?  that
>     data of course is much more that what we are talking about with
>     thin data, but I did actually work on this issue on successive
>     versions of the anti-spam legislation.  Oddly enough, government
>     lawyers examining the issue (mostly from the competition bureau
>     who deal with criminal matters) never labelled me "naive".
>
>     Folks, can we please try to be polite to one another on this
>     list?  When I have questions like this, I often check with experts
>     before I ask.  They don't call me naive, they answer my questions.
>
>     Thanks again.
>
>     Stephanie
>
>
>     On 2017-06-08 01:54, Neil Schwartzman wrote:
>>     My experience differs slightly. They aren’t ignored. The presence
>>     of these .TLDs is a strong indicator of abuse which bears further
>>     investigation.
>>
>>     To the point at hand: I believe the notion of certifying private
>>     cybercrime investigators to be painfully naive (do I ignore
>>     reports from someone without a Internet Investigator License? Do
>>     we disallow them access to data?), impractical in the developed
>>     world, and deeply chauvinistic, patronizing and exclusionary to
>>     our colleagues in emerging nations where capacity building is
>>     exactly what’s needed to deal with next-gen abuse.
>>
>>
>>>     On Jun 8, 2017, at 2:36 AM, allison nixon <elsakoo at gmail.com
>>>     <mailto:elsakoo at gmail.com>> wrote:
>>>
>>>     We're getting there. Entire top level domains are already
>>>     ignored on many networks like .science, .xyz, .pw, .top, .club,
>>>     et cetera
>>
>>
>>
>>     _______________________________________________
>>     gnso-rds-pdp-wg mailing list
>>     gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>     https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>     <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
>     _______________________________________________
>     gnso-rds-pdp-wg mailing list
>     gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>     https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>     <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-- 
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann
- Rechtsabteilung -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann
- legal department -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems

CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170608/93609798/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list