[gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]
Michele Neylon - Blacknight
michele at blacknight.com
Thu Jun 8 15:15:30 UTC 2017
Fabricio, Susan, Scott and Carlton were also involved. I’m not sure if I’ve overlooked anyone else who is still involved via this PDP.
The EWG basically took over our lives for the better part of 18 months.
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
http://blacknight.blog/
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
From: <gnso-rds-pdp-wg-bounces at icann.org> on behalf of John Horton <john.horton at legitscript.com>
Date: Thursday 8 June 2017 at 16:10
To: Chuck Gomes <cgomes at verisign.com>
Cc: "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]
That's a good point, Chuck. I think the EWG final report should indeed be required reading (long though it is). I very much appreciate the work of the group, which I know took a long time, was extremely (in my view) thoughtful, and was the product of not only hard work, but compromise -- I know that Michele N., Rod and Stephanie from this group were part of the group and spent a lot of time on it.
That said, and with full respect and appreciation for the EWG's work, I strongly oppose the EWG report, and for those who want to know the reasons (and are willing to slog through a critical analysis of it), I encourage you to review my 2013 letter<http://mm.icann.org/pipermail/input-to-ewg/attachments/20130823/410038bb/LegitScriptCommentsonICANNEWGWhoisReplacementStructure-0001.pdf> to the EWG, which admittedly was based on the Initial Report (not Final Report), but all of my reasons still hold as the Final Report still contained, generally at least, the same elements even if the wording changed a bit. We don't have to accept the EWG report, and my personal view is that it should be rejected by our group because:
1. It shifts from an “open by default” to a “closed by default” system whereby only certain Internet users would be granted private access to gTLD domain name registration information;
2. Empowers one organization to determine what constitutes legitimate use of WHOIS data, and to track, monitor and audit requests and use of such records (and penalize those who fail to comply);
3. Grants monopoly power of all WHOIS data to the ARDS, including the attendant power to determine prices and restrict or prohibit access;
4. Stifles future innovation and competition involving existing and potential future uses of gTLD registration data, to the extent permitted by applicable regulations (including the EU GDPR);
5. Prohibits lay Internet users from accessing and using WHOIS information, in many instances activity which may improve the security and stability of the Internet for the benefit of all;
6. Limits cybersecurity and other organizations’ ability to investigate Internet crime and support legitimate business interests (e.g., in the payments sector for compliance purposes); and, among other reasons,
7. Violates the 2009 ICANN Affirmation Of Commitments and exceeds the scope of the EWG’s mandate as directed by the ICANN CEO and Board of Directors.
In my view, those are sound reasons, and there may well be others. I'm not entirely sure when the right time is for us to formally reject the EWG report, but I for one will strongly be in favor of soundly and strongly rejecting it.
John Horton
President and CEO, LegitScript
[https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ]
Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | Blog<http://blog.legitscript.com> | Google+<https://plus.google.com/112436813474708014933/posts>
[https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png][https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ]
On Thu, Jun 8, 2017 at 7:52 AM, Gomes, Chuck via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>> wrote:
Neil,
Have you read the Expert Working Group (EWG) Report? If not, it is prerequisite reading for this WG because the ICANN Board tasked us as a WG with using it as a starting point for our work. It can be found here: https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf .
I encourage you to note the composition of the EWG that is described starting on page 164. In my opinion the group consisted of some extremely qualified people with lots of different areas of expertise. That said, you may still think they were naïve in recommending a gated access solution, but you should at least be aware that they put an incredible amount of time and effort into their work and their final report provides essential information for our WG to consider.
Our WG does not have to accept the EWG recommendations but we certainly need to seriously evaluate them and have sound reasons for rejecting them.
Chuck
From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org>] On Behalf Of Neil Schwartzman
Sent: Thursday, June 08, 2017 8:18 AM
To: ICANN RDS <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]
On Jun 8, 2017, at 11:38 AM, jonathan matkowsky <jonathan.matkowsky at riskiq.net<mailto:jonathan.matkowsky at riskiq.net>> wrote:
On a side note, a threat researcher or analyst is not the equivalent of an investigator. So focusing on certifying investigators is irrelevant to any issue within the working group.
You are correct Jonathan, if you mean ‘law enforcement investigators’. In some companies, the term is used synonymously with threat researcher. In that context, "certifying investigators, researchers and analysts is irrelevant to any issue within the working group.” would be more apropos.
That said gated access needs some sort of parsing model. which is why I object to it in any form.
On Jun 8, 2017, at 10:55 AM, Stephanie Perrin <stephanie.perrin at mail.utoronto.ca<mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
What criteria does an organization like APWG apply, when it admits members and shares data with them?
http://apwg.org/membership/membership/
Example of some, but far from all, security initiatives include APWG.org, M3AAWG and FIRST.org (this latter with very stringent criteria, they do onsite visits of CERTs and SIRTs, etcetera). Membership is subject to proprietary internal regulation specific to these organizations, and may be determined by a vote by existing members, ongoing reviews, etcetera.
The type of data exchanged in almost all cases is deeper on the order of a magnitude than WHOIS data in terms of sensitivity, it may involve materials, discussions of techniques, that would provide benefit to the adversary were they know (or known that we know), or disrupt legal initiatives being prepared, or even live law enforcement cases.
What happens when trust is breached? The member in question is removed.
Simply because someone passes accreditation doesn’t make them impervious to engaging in future abuse; the most recent case being an analyst with the NSA who leaked top secret documents to the press. I know someone who is currently in the process of being accredited for such a job, it is at minimum an 18-month process. Perhaps more. I’ve not spoken to her in a while. Furthermore, Mr. Snowden, I believe, did not have such accreditation, as an outside contractor. So there’s that, too.
N.B.: not all researchers, investigators, and analysts are members of companies or organizations that maintain membership to these groups. Many are professionals without credentials. Many companies are not members. Their abuse ops teams operate without credentials. They access WHOIS constantly to protect their networks, and those of others, for example, feeding the anti-spam mechanisms protecting u of T’s mail systems.
When I have questions like this, I often check with experts before I ask. They don't call me naive, they answer my questions
The phrase "I believe the notion of certifying private cybercrime investigators to be painfully naive” said nothing about you personally; I spoke to the concept, nothing more. you can choose to take personal umbrage but it was not meant in that manner.
we need a system that is slightly more organized and less open to anti-competitive behaviour than the club-of-folks-who-know-each-other under which we are operating now.
I agree when you said "Folks, can we please try to be polite to one another on this list? “, after all, calling the security research industry anti-competitive isn’t impolite. [for non-english speakers, the use of the word “impolite" was intended to be ironic].
I do not believe we need anything more than what we have now. WHOIS access is working extremely well.
Neil Schwartzman
Executive Director
Coalition Against Unsolicited Commercial Email
http://cauce.org
Tel : (303) 800-6345<tel:(303)%20800-6345>
Twitter : @cauce
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170608/12da4924/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list