[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP

John Bambenek jcb at bambenekconsulting.com
Wed Feb 21 14:22:23 UTC 2018 

Often when we send in abuse reports to registries, those abuse reports are forwarded to criminals whole and entire with our names and contact information. That has lead to immediate attacks on the complaintant. For instance, some have been swatted (spoofed calls to police to generate and armed response where they kick in doors guns drawn). This has become so common place, many people either have stopped abuse complaints all together or use aliases to talk to registries. 

In a gated RDS, you will need to know exactly who we are and inherently know what we are looking at. Considering the history of the exact class of people who will have access to that information, what will YOU do to protect OUR privacy and security? Or can we expect now even our RDS queries will be forwarded to criminals also?

The problem with “you people will figure it out” is that often, registries will take a hostile approach to “us”. If you (as a class) were willing to partner with us, genuinely, I bet we COULD accomplish the mission without RDS. The problem is the history is that at best we get neutrality, but far too often providers have instead, in effect, partnered with the criminals and that has resorted in far worse attacks on OUR privacy and security. 

J

--
John Bambenek

> On Feb 21, 2018, at 00:54, Volker Greimann <vgreimann at key-systems.net> wrote:
> 
> We expect there will be privacy AND security. You are clever people, you will figure something out on how to deliver your services without requiring the violation of the privacy of all registrants. 
> Volker
> 
>> Am 16.02.2018 um 18:53 schrieb allison nixon:
>> How do you guys expect to have privacy without security?
>> 
>>> On Fri, Feb 16, 2018 at 7:09 AM, Michele Neylon - Blacknight <michele at blacknight.com> wrote:
>>> It’s an interesting read, but it has several flaws.
>>> 
>>> It refers to registrars solely and ignores registries.
>>> 
>>> It also makes it sound like issues around whois are “new”, which we all know isn’t true.
>>> 
>>> The comments about IP addresses make it sound like it’s a theoretical concern, yet there is case law eg:
>>> 
>>> https://www.irishtimes.com/business/technology/european-court-of-justice-rules-ip-addresses-are-personal-data-1.2835704
>>> 
>>>  
>>> 
>>>  
>>> 
>>>  
>>> 
>>> --
>>> 
>>> Mr Michele Neylon
>>> 
>>> Blacknight Solutions
>>> 
>>> Hosting, Colocation & Domains
>>> 
>>> https://www.blacknight.com/
>>> 
>>> http://blacknight.blog/
>>> 
>>> Intl. +353 (0) 59  9183072
>>> 
>>> Direct Dial: +353 (0)59 9183090
>>> 
>>> Personal blog: https://michele.blog/
>>> 
>>> Some thoughts: https://ceo.hosting/
>>> 
>>> -------------------------------
>>> 
>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>>> 
>>> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
>>> 
>>> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of Dotzero <dotzero at gmail.com>
>>> Date: Friday 16 February 2018 at 00:07
>>> To: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
>>> Subject: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>> 
>>>  
>>> 
>>> 
>>> https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-weaken-security/
>>> 
>>> Michael Hammer
>>> 
>>> 
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> 
>> 
>> 
>> -- 
>> _________________________________
>> Note to self: Pillage BEFORE burning.
>> 
>> 
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> 
> -- 
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
> 
> Mit freundlichen Grüßen,
> 
> Volker A. Greimann
> - Rechtsabteilung -
> 
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email: vgreimann at key-systems.net
> 
> Web: www.key-systems.net / www.RRPproxy.net
> www.domaindiscount24.com / www.BrandShelter.com
> 
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> www.facebook.com/KeySystems
> www.twitter.com/key_systems
> 
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken 
> Umsatzsteuer ID.: DE211006534
> 
> Member of the KEYDRIVE GROUP
> www.keydrive.lu 
> 
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
> 
> --------------------------------------------
> 
> Should you have any further questions, please do not hesitate to contact us.
> 
> Best regards,
> 
> Volker A. Greimann
> - legal department -
> 
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email: vgreimann at key-systems.net
> 
> Web: www.key-systems.net / www.RRPproxy.net
> www.domaindiscount24.com / www.BrandShelter.com
> 
> Follow us on Twitter or join our fan community on Facebook and stay updated:
> www.facebook.com/KeySystems
> www.twitter.com/key_systems
> 
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken 
> V.A.T. ID.: DE211006534
> 
> Member of the KEYDRIVE GROUP
> www.keydrive.lu 
> 
> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
> 
> 
> 
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180221/cf125547/attachment.html>

More information about the gnso-rds-pdp-wg mailing list