[gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]

allison nixon elsakoo at gmail.com
Thu Jun 8 15:25:43 UTC 2017 

it may be useful to more thoroughly explore how vendors use whois data in
their products. while one company was named over and over again, they are
by no means the only company that queries or uses whois data and focusing
on them greatly skews understanding of the utility of the dataset. a more
factual explanation of how the data is used might help put to bed the
conspiracy theories about how people imagine the data is used.

It would also help spell out what we are agreeing to give up when we learn
about entire classes of services that will be degraded as a result.

On Thu, Jun 8, 2017 at 11:16 AM, Gomes, Chuck via gnso-rds-pdp-wg <
gnso-rds-pdp-wg at icann.org> wrote:

> Jonathan makes some useful suggestions here.  We certainly should not
> single out companies or organizations in a derogatory manner, but that
> should not prevent us from asking questions about specific companies or
> organizations if those questions are not critical of them and are designed
> to help our understanding.
>
>
>
> Chuck
>
>
>
> *From:* gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-
> bounces at icann.org] *On Behalf Of *jonathan matkowsky
> *Sent:* Thursday, June 08, 2017 5:38 AM
> *To:* Stephanie Perrin <stephanie.perrin at mail.utoronto.ca>
> *Cc:* RDS PDP WG <gnso-rds-pdp-wg at icann.org>
> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Who is in charge? (was Re:
> Why the thin data is necessary)]
>
>
>
> I am not sure if calling a position you are advocating for naive is the
> same as calling you naive, but it isn't helpful for sure.  We need to all
> listen to each other when considering policy, and acknowledge the
> importance of all stakeholders and seek to understand their points of view.
>
>
>
> *We also need to try and build consensus*. We all have an obligation to
> ensure that policy development and decision-making processes will reflect *the
> public interest*, irrespective of personal interests and the interests of
> the entity to which we as individuals might owe our appointment.
>
>
> We all owe each other to behave in a professional manner and demonstrate *appropriate
> behavior*.
>
> ​ This includes acting in *good faith* with other participants.​  I want
> to say that
>
> ​while I am certain it was not intended, that
>
>  people
>
> ​will
>
>  react emotionally when you single out APWG without
>
> ​ necessarily​
>
> having any
>
> ​real need to
>
>  do so
>
> ​ for purposes of discussion​
>
> .
>
> ​ I know it upset me.​
>
> ​I think h
>
> ow data is "shared" within APWG, an international coalition unifying the
> global response to cybercrime across industry, government and
> law-enforcement sectors and NGO communities
>
> ​is ​
>
> a​
>
> different issue than sharing Whois data.
>
> ​  I would encourage everyone to consider whether singling out a company
> like has been done with DomainTools or APWG, is
>
> appropriate or like I believe,
>
> *foreseeably derails the consensus building efforts in violation of ICANN
> Expected Standards of Behavior*.​
>
>
>
> ​On a side note, a
>
>  threat researcher or analyst is not the equivalent of an investigator.
> So focusing on certifying investigators is irrelevant to any issue within
> the working group.
>
>
>
> Regards,
>
> Jonathan Matkowsky
>
>
>
>
>
>
>
> On Thu, Jun 8, 2017 at 11:55 AM, Stephanie Perrin <stephanie.perrin at mail.
> utoronto.ca> wrote:
>
> Calling me naive, ill informed etc.  does not actually answer the question
> folks.  It is, I am afraid, a valid question.  What criteria does an
> organization like APWG apply, when it admits members and shares data with
> them?  How do you ensure you are not sharing data with organizations who
> are going to misuse it?  that data of course is much more that what we are
> talking about with thin data, but I did actually work on this issue on
> successive versions of the anti-spam legislation.  Oddly enough, government
> lawyers examining the issue (mostly from the competition bureau who deal
> with criminal matters) never labelled me "naive".
>
> Folks, can we please try to be polite to one another on this list?  When I
> have questions like this, I often check with experts before I ask.  They
> don't call me naive, they answer my questions.
>
> Thanks again.
>
> Stephanie
>
>
>
> On 2017-06-08 01:54, Neil Schwartzman wrote:
>
> My experience differs slightly. They aren’t ignored. The presence of these
> .TLDs is a strong indicator of abuse which bears further investigation.
>
>
>
> To the point at hand: I believe the notion of certifying private
> cybercrime investigators to be painfully naive (do I ignore reports from
> someone without a Internet Investigator License? Do we disallow them access
> to data?), impractical in the developed world, and deeply chauvinistic,
> patronizing and exclusionary to our colleagues in emerging nations where
> capacity building is exactly what’s needed to deal with next-gen abuse.
>
>
>
>
>
> On Jun 8, 2017, at 2:36 AM, allison nixon <elsakoo at gmail.com> wrote:
>
>
>
> We're getting there. Entire top level domains are already ignored on many
> networks like .science, .xyz, .pw, .top, .club, et cetera
>
>
>
>
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>



-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170608/dc54147d/attachment.html>

More information about the gnso-rds-pdp-wg mailing list