[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP

John Horton john.horton at legitscript.com
Fri Feb 16 23:28:57 UTC 2018 

Sara,

Let's take it offline. I'll drop you a note separately. Thanks,

John Horton
President and CEO, LegitScript


*Follow LegitScript*: LinkedIn
<http://www.linkedin.com/company/legitscript-com>  |  Facebook
<https://www.facebook.com/LegitScript>  |  Twitter
<https://twitter.com/legitscript>  |  *Blog <http://blog.legitscript.com/>*
  |  Newsletter <http://go.legitscript.com/Subscription-Management.html>




On Fri, Feb 16, 2018 at 2:22 PM, Sara Bockey <sbockey at godaddy.com> wrote:

> John,
>
>
>
> We have been very consistent in explaining that actions to combat abuse of
> our Port43 system are unrelated to GDPR.
>
>
>
> Not only is our decision to mask customer information in Port43 completely
> unrelated to GDPR, but it results directly from attacks by third parties
> who harvest and sell our customers’ personal information. Given the
> onslaught of spam and robo-calls our customers have been receiving
> – often within minutes of registering a domain name—we felt that action was
> required, if not overdue.
>
>
>
> WHOIS information is still very much available for any & all domain
> names via our web-based WHOIS tool, and legitimate users have been granted
> expanded access to Port43. However, bulk access by anonymous users is no
> longer supported.
>
>
>
> I also note that during this entire process, we have kept ICANN informed
> of both the attacks on our Port43 systems as well as our efforts to
> mitigate them. Our actions are justified and to imply otherwise is not only
> inaccurate but does nothing to move this PDP forward.
>
>
>
> I am happy to take this offline if further clarification is needed.
>
>
>
> Sara
>
>
>
> *sara bockey*
>
> *sr. policy manager | **Go**Daddy™*
>
> *sbockey at godaddy.com* <sbockey at godaddy.com>*  480-366-3616
> <(480)%20366-3616>*
>
> *skype: sbockey*
>
>
>
> *This email message and any attachments hereto is intended for use only by
> the addressee(s) named herein and may contain confidential information. If
> you have received this email in error, please immediately notify the sender
> and permanently delete the original and any copy of this message and its
> attachments.*
>
>
>
>
>
> *From: *gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of
> John Horton via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org>
> *Reply-To: *John Horton <john.horton at legitscript.com>
> *Date: *Friday, February 16, 2018 at 11:54 AM
> *To: *"benny at nordreg.se" <benny at nordreg.se>
> *Cc: *RDS PDP WG <gnso-rds-pdp-wg at icann.org>
> *Subject: *Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and
> GDRP
>
>
>
> I think quite a bit in this WG and certainly in the prior privacy/proxy
> PDP, and absolutely what we're seeing with GoDaddy. To make sure I'm being
> clear about what I mean, GoDaddy isn't only redacting Whois information
> (via Port 43) where it's an EU natural citizen or natural resident. The
> information is being redacted for....everyone. All registrants. There's
> simply no justification for that.
>
>
>
> I predict you'd see (I'm not speaking for anyone here, just me) a real
> willingness on the security and compliance community's part to compromise
> and support a system where, IF a registrant is an EU natural person (yes, I
> know we need to define it accurately -- citizen, resident, we can get
> granular later) then...hey, let's set up a system in involving redaction of
> some fields, access to those fields in legitimate cases, etc. I want to
> support registrars' compliance with the GDPR. But we're seeing the
> registrar community say: We want to apply this globally. To all domain name
> registrations. Doesn't matter if the registrant is the intended beneficiary
> of the new law, or in scope, or not. We're going to just change global
> policy.
>
>
>
> I think that viewpoint has been pretty repeatedly represented in this
> working group, but I'd love to hear from registrars that would support a
> more targeted solution where only the intended beneficiaries of the GDPR
> (that is, in-scope registrants) are covered under the policy.
>
>
> John Horton
> President and CEO, LegitScript
>
> [image:
> https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ]
>
>
>
> *Follow* *Legit**Script*: LinkedIn
> <http://www.linkedin.com/company/legitscript-com>  |  Facebook
> <https://www.facebook.com/LegitScript>  |  Twitter
> <https://twitter.com/legitscript>  |  Blog <http://blog.legitscript.com/>
>   |  Newsletter <http://go.legitscript.com/Subscription-Management.html>
>
>
>
> [image:
> https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png][image:
> https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ]
>
>
>
> On Fri, Feb 16, 2018 at 10:44 AM, benny at nordreg.se <benny at nordreg.se>
> wrote:
>
> Please refer to where registrars have been unwilling to explore this
> option?
>
>
>
> --
> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>
> Benny Samuelsen
> Registry Manager - Domainexpert
>
> Nordreg AB - ICANN accredited registrar
> IANA-ID: 638
> Phone: +46.42197000
> Direct: +47.32260201
> Mobile: +47.40410200
>
> > On 16 Feb 2018, at 19:38, John Horton via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
> >
> > Just imagine how much of all of this could be avoided if registrars were
> willing to agree to a commercial/individual distinction.
> >
> > John Horton
> > President and CEO, LegitScript
> >
> >
> > Follow LegitScript: LinkedIn  |  Facebook  |  Twitter  |  Blog  |
> Newsletter
> >
> >
> >
>
> > On Fri, Feb 16, 2018 at 10:33 AM, John Bambenek via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
> > GDPR taken to its logical extreme very well could require us to abandon
> IP reputation and to emptying our firewalls. I mean, no consumer authorized
> me to process their IP just by attacking me, right?
> >
> > Privacy absolutism is not the answer unless you basically want to
> mandate the internet backbone be converted to tor.
> >
> > --
> > John Bambenek
> >
> > On Feb 16, 2018, at 06:09, Michele Neylon - Blacknight <
> michele at blacknight.com> wrote:
> >
> >> It’s an interesting read, but it has several flaws.
> >>
> >> It refers to registrars solely and ignores registries.
> >>
> >> It also makes it sound like issues around whois are “new”, which we all
> know isn’t true.
> >>
> >> The comments about IP addresses make it sound like it’s a theoretical
> concern, yet there is case law eg:
> >>
> >> https://www.irishtimes.com/business/technology/european-
> court-of-justice-rules-ip-addresses-are-personal-data-1.2835704
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >>
> >> Mr Michele Neylon
> >>
> >> Blacknight Solutions
> >>
> >> Hosting, Colocation & Domains
> >>
> >> https://www.blacknight.com/
> >>
> >> http://blacknight.blog/
> >>
> >> Intl. +353 (0) 59 9183072 <%2B353%20%280%29%2059%20%209183072>
> >>
> >> Direct Dial: +353 (0)59 9183090
> >>
> >> Personal blog: https://michele.blog/
> >>
> >> Some thoughts: https://ceo.hosting/
> >>
> >> -------------------------------
> >>
> >> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
> Park,Sleaty
> >>
> >> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
> >>
> >> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of
> Dotzero <dotzero at gmail.com>
> >> Date: Friday 16 February 2018 at 00:07
> >> To: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
> >> Subject: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
> >>
> >>
> >>
> >>
> >> https://krebsonsecurity.com/2018/02/new-eu-privacy-law-
> may-weaken-security/
> >>
> >> Michael Hammer
> >>
> >> _______________________________________________
> >> gnso-rds-pdp-wg mailing list
> >> gnso-rds-pdp-wg at icann.org
> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> >
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> >
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180216/af100b3f/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list