[gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]

Gomes, Chuck cgomes at verisign.com
Thu Jun 8 15:16:35 UTC 2017 

Jonathan makes some useful suggestions here.  We certainly should not single out companies or organizations in a derogatory manner, but that should not prevent us from asking questions about specific companies or organizations if those questions are not critical of them and are designed to help our understanding.



Chuck



From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of jonathan matkowsky
Sent: Thursday, June 08, 2017 5:38 AM
To: Stephanie Perrin <stephanie.perrin at mail.utoronto.ca>
Cc: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]



I am not sure if calling a position you are advocating for naive is the same as calling you naive, but it isn't helpful for sure.  We need to all listen to each other when considering policy, and acknowledge the importance of all stakeholders and seek to understand their points of view.



We also need to try and build consensus. We all have an obligation to ensure that policy development and decision-making processes will reflect the public interest, irrespective of personal interests and the interests of the entity to which we as individuals might owe our appointment.


We all owe each other to behave in a professional manner and demonstrate appropriate behavior.

​ This includes acting in good faith with other participants.​  I want to say that

​while I am certain it was not intended, that

 people

​will

 react emotionally when you single out APWG without

​ necessarily​

having any

​real need to

 do so

​ for purposes of discussion​

.

​ I know it upset me.​

​I think h

ow data is "shared" within APWG, an international coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors and NGO communities

​is ​

a​

different issue than sharing Whois data.

​  I would encourage everyone to consider whether singling out a company like has been done with DomainTools or APWG, is

appropriate or like I believe,

foreseeably derails the consensus building efforts in violation of ICANN Expected Standards of Behavior.​



​On a side note, a

 threat researcher or analyst is not the equivalent of an investigator.  So focusing on certifying investigators is irrelevant to any issue within the working group.



Regards,

Jonathan Matkowsky







On Thu, Jun 8, 2017 at 11:55 AM, Stephanie Perrin <stephanie.perrin at mail.utoronto.ca<mailto:stephanie.perrin at mail.utoronto.ca>> wrote:

   Calling me naive, ill informed etc.  does not actually answer the question folks.  It is, I am afraid, a valid question.  What criteria does an organization like APWG apply, when it admits members and shares data with them?  How do you ensure you are not sharing data with organizations who are going to misuse it?  that data of course is much more that what we are talking about with thin data, but I did actually work on this issue on successive versions of the anti-spam legislation.  Oddly enough, government lawyers examining the issue (mostly from the competition bureau who deal with criminal matters) never labelled me "naive".

   Folks, can we please try to be polite to one another on this list?  When I have questions like this, I often check with experts before I ask.  They don't call me naive, they answer my questions.

   Thanks again.

   Stephanie



   On 2017-06-08 01:54, Neil Schwartzman wrote:

      My experience differs slightly. They aren’t ignored. The presence of these .TLDs is a strong indicator of abuse which bears further investigation.



      To the point at hand: I believe the notion of certifying private cybercrime investigators to be painfully naive (do I ignore reports from someone without a Internet Investigator License? Do we disallow them access to data?), impractical in the developed world, and deeply chauvinistic, patronizing and exclusionary to our colleagues in emerging nations where capacity building is exactly what’s needed to deal with next-gen abuse.





         On Jun 8, 2017, at 2:36 AM, allison nixon <elsakoo at gmail.com<mailto:elsakoo at gmail.com>> wrote:



         We're getting there. Entire top level domains are already ignored on many networks like .science, .xyz, .pw, .top, .club, et cetera





      _______________________________________________
      gnso-rds-pdp-wg mailing list
      gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
      https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg




   _______________________________________________
   gnso-rds-pdp-wg mailing list
   gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
   https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170608/d0a3b1db/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list