[gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is backwards
Paul Keating
Paul at law.es
Thu Feb 15 14:09:42 UTC 2018
Chuck,
That said I really do like the idea of having interaction and participation
by the DPAs and even someone from Article 29 or other GDPR official groups.
Otherwise we continue to work in a vacuum.
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of
Chuck <consult at cgomes.com>
Date: Thursday, February 15, 2018 at 2:57 PM
To: 'Volker Greimann' <vgreimann at key-systems.net>,
<gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
backwards
> I¹d like to think that the ICANN community effort going on outside this WG
> will take note of the cybersecurity concerns that Allison raises as they try
> to finalize an interim solution to deal with the GDPR in the near term. Note
> this quote from Goren¹s latest blog that ICANN org is trying to find a
> balanced approach: ³This single, common interim model that is informed by
> input from across the ICANN community would seek to obtain compliance with
> both the GDPR and ICANN's contractual requirements related to registration
> directory services.² Here¹s the blog:
> https://www.icann.org/news/blog/data-protection-privacy-update-latest-developm
> ents
>
> Chuck
>
>
> From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of
> Volker Greimann
> Sent: Thursday, February 15, 2018 1:02 AM
> To: gnso-rds-pdp-wg at icann.org
> Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
> backwards
>
> DPAs are law enforcement and will enforce the law of the land. They do not
> have the option to pick and choose after May 25.
>
> Maybe it is time for you and your colleagues to start looking at other sources
> of information to ensure you can continue operation efficiently once your
> currently chosen method becomes illegal. Remember, you are a data processor
> too and what you do with that data could very well paint a target on your
> backs that DPS may have to deal with.
>
> Best,
>
> Volker
>
>
>
>
>
> Am 15.02.2018 um 02:36 schrieb allison nixon:
>>
>> Hi everyone,
>>
>>
>>
>> I have already begun to hear unrest from my colleagues who work in infosec
>> and network operations about the degradation of WHOIS, as registrars have
>> already begun to act on their own, stripping everything and blocking bulk
>> queriers on domains frequently used for attacks. Every day of additional
>> uncertainty equals an additional day of victimization.
>>
>>
>>
>> Why has no one approached the DPAs with the evidence of security purposes for
>> WHOIS? How much network degradation will we tolerate before someone bothers
>> to give them a little hint? How many more judgments from the DPAs are we
>> going to read that display clear ignorance of all legitimate cybersecurity
>> purposes? Did no one see this coming?
>>
>>
>>
>> Since we are talking about cost benefit analysis, here is a quick one I just
>> did that I would like to share with the group. I did a quick look for the
>> value of the domain registration industry as a whole. Seems to be ~$4
>> billion. The losses incurred by the WanaCry malware are estimated to be at
>> ~$8 billion. A single security incident destroying value equal to double your
>> entire industry.
>>
>>
>>
>> In May 2017, the FBI stated that over three years the "business email
>> compromise" scams have topped ~$5 billion in losses, which would be slightly
>> more than one domain-industry unit of value, and WHOIS is crucial to fighting
>> it.
>>
>>
>>
>> source:
>> https://www.reuters.com/article/us-cyber-lloyds-report/global-cyber-attack-co
>> uld-spur-53-billion-in-losses-lloyds-of-london-idUSKBN1A20AB
>>
>> source:
>> https://cira.ca/factbook/domain-industry-data-and-canadian-Internet-trends/do
>> main-name-industry
>>
>> source:
>> https://www.csoonline.com/article/3195010/security/bec-attacks-have-hit-thous
>> ands-top-5-billion-in-losses-globally.html
>>
>>
>>
>> Remember, the whole point of GDPR is to force companies to act with more
>> social responsibility.
>>
>>
>>
>> On Wed, Feb 14, 2018 at 6:08 PM, Rubens Kuhl <rubensk at nic.br> wrote:
>>>
>>>
>>>
>>>
>>>
>>>> On 14 Feb 2018, at 20:49, John Horton <john.horton at legitscript.com> wrote:
>>>>
>>>>
>>>> Hmm, well, perhaps it's because I work for a company that processes quite a
>>>> bit of data with a combination of algorithms and some human review, but I
>>>> feel pretty confident that there are ways to simplify that with magic
>>>> algorithms and forms.
>>>
>>>
>>>
>>>
>>> Magic algorithms are fine in pattern detection because there is always a
>>> human review at some point or the cost of error is low, like in raising an
>>> abuse case that contains wording like supposedly", "allegedly" etc. In this
>>> case, every false negative comes with a tremendous liability.
>>>
>>>
>>>
>>> Also, if machine-learning technology and deep pockets for lawsuits become a
>>> requirement for being a registrar, you can count on the number of registrars
>>> dropping to single digits.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Rubens
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>> --
>>
>> _________________________________
>> Note to self: Pillage BEFORE burning.
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________ gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180215/0115aa2a/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list