Re: Comment by Members from the NCSG on the “Study on Whois Privacy & Proxy Service Abuse” Commissioned by ICANN
Plus me! Thanks! On Nov 13, 2013, at 2:42 PM, Amr Elsadr wrote: > Hello, > > The below statement was drafted by members of the NCSG as feedback to the > final report of the Study on Whois Privacy & Proxy Abuse, and has received > endorsement from the following members of the NCSG: > > Kathy Kleiman > Milton Mueller > Wendy Seltzer > William Drake > Edward Morris > Joy Liddicoat > Maria Farrell > Avri Doria > Amr Elsadr > > > Comment by Members from the NCSG on the “Study on Whois Privacy & Proxy > Service Abuse” Commissioned by ICANN > > The members of the Non-Commercial Stakeholder Group of the GNSO indicated > below have reviewed the findings published by the Study on Whois Privacy & > Proxy Service Abuse. We are submitting the feedback below in response to the > study and its findings: > > As per the scope and definition of the study set by ICANN and agreed upon by > the different members of the community who drafted its terms of reference > found at > http://gnso.icann.org/issues/whois/whois-proxy-abuse-study-18may10-en.pdf, > the scope of the research and hypothesis testing was “To focus on study > goals, this sample will be composed exclusively of domains involved in > illegal or harmful Internet communication, as documented by organizations > that routinely track, investigate, and/or remediate various kinds of > activities”. > > In choosing to test the validity of a second hypothesis comparing the use of > privacy/proxy services between lawful and illegal activity on the Internet, > the research team went beyond the scope and mandate of the study as defined > by the terms of reference. We find this decision to be highly questionable, > and request an explanation as to how and why this occurred. > > Furthermore, we find that the selection of the study group, especially in > WP6, was problematic in achieving its intended goal of comparing domain name > registrations between lawful and illegal activity on the Internet. > > This selection was described as follows: “The categories have been chosen to > approximately mirror the criminal and harmful sites studied in some of the > other work packages. However, these categories do not necessarily reflect > overall usage of privacy or proxy services by the totality of all lawful and > harmless websites.” Note also that WP6's focus on lawful activities was > beyond the scope of study described on page 32 of section 12. > > Further, the diversity of the study group included in WP6 excluded a number > of potential users of Whois privacy and proxy users whose results would have > been more generalizable. Examples of excluded organizations include but are > not limited to human rights organizations, minority rights organizations, > religious organizations, political groups, as well as activist groups > (political and others). > > Thus, the second hypothesis is invalid: “The percentage of domain names used > to conduct illegal or harmful Internet activities that are registered via > privacy or proxy services is significantly greater than the percentage of > domain names used for lawful Internet activities that employ privacy or proxy > services”. This hypothesis was far beyond the scope of the study, and its > results might have still been significantly different had the sampling of the > study group, particularly that in WP6, been broadened to include lawful > activities in the human rights and minority speech and activity area outlined > in the paragraph above. > > We believe that excluding these activities from WP6 makes it difficult to > generalize the findings of the study beyond the sample selected to be > researched. We feel that this is a clear example of how avoidable errors in > judgment could be made when going beyond the scope outlined in the terms of > reference of the study. > > We highlight the finding of the limited role of DNS Whois in the countering > of unlawful activity outlined in section 3 of the study, particularly in > combating violations of criminal law (as opposed to civil law). Simply put, > other forms of tracing are better and the study provides a context for the > limited role of Whois in cybercrime. > > Insightful comments of the report include: > “Webpage 'take down' is achieved by communicating with someone who can > suspend the web hosting and/or with someone who has sufficient access to the > website to make the necessary changes.” and > > “The hosting company can often be identified by looking up IP addresses in > the appropriate Regional Internet Registry (RIR) Whois system rather than the > domain name Whois system which we consider here.” > > We find that the choice to quantify accessibility of registrants using phone > numbers listed in the Whois database is highly questionable and deeply > problematic. This concern was addressed at length as part of the final > negotiations over the new Registrar Accreditation Agreement (RAA), during > which registrars received the requirement to validate one field, and there > was a clear discussion as to whether it would be via telephone or email. > During these discussions, many registrars expressed that validation of email > addresses was the far less-invasive, less-sensitive, much more responsible > piece of data to validate for their registrants/customers. > > This was found to be especially true for registrants in the U.S., where the > majority of the study sample of the research conducted was selected. Had the > researchers attempted to contact registrants using email addresses listed in > the Whois database, the results would have most likely been significantly > different. > > Finally, a very important emphasis should be made for the purpose of future > policy development; that in validating a hypothesis that “A significant > percentage of the domain names used to conduct illegal or harmful Internet > activities are registered via privacy or proxy services to obscure the > perpetrator's identity”, the meaning of significant percentage should not be > misinterpreted as the majority. In this context, the meaning of significant > percentage is referring to the statistical significance in the quantitative > analysis performed. The fact that this is not equal in meaning to stating > that the majority of the domain names used to conduct illegal or harmful > Internet activities are registered via privacy or proxy services to obscure > the perpetrator’s identity is evident in the table on page 45/section 16 of > the report. > > In fact, this table shows remarkable findings, including: > - that the the range of percentages of usage of privacy and proxy services > in domain names registered maliciously was LOW and BELOW 50% in EVERY CASE > BUT ONE > > - Less than a third of known bad actors in child abuse image-related > activities use proxy registration services. > - and one one set of “bad actors” is over 50% (with 54.8% for unlicensed > pharmacies, the highest percentage of use of proxy/privacy services in the > study, and the ONLY one over 50%). We further note that not all countries > required licensing of pharmacies in the same way, so the classification may > well include legitimate pharmacies in non-Western countries. > > Overall, it is important in making the distinction in this case between what > is statistically significant and what is a majority of use, and that one > should not be misinterpreted to refer to the other in meaning. > > In conclusion, scientific approaches and empirical data, properly done and in > keeping with the scope of the ICANN-Community defined Terms of Reference, may > be useful in supporting policy analysis and the policy decision-making > process. However, the methodology used here means that these research > findings are fundamentally flawed, show bias and are therefore not a safe > basis for policy development. While we appreciate the efforts of the research > team on the work done in an effort of producing the final report, we > respectfully but strongly submit that the results of this study do not > provide the necessary insight to support policy decisions at this time, and > require more Whois privacy and proxy service abuse research to be conducted. > > We hope future studies will refrain from deviating from the terms of > reference as set by the community, whether this involves the scope of the > hypothesis or the samples selected to conduct the research. As is, the > findings of this study are hardly conclusive and cannot be found to be > generalizable for the purpose of policy development. We hope to see more of > this type of initiative in the future, and would be willing to contribute in > any way we can. > > NCSG members who support this statement include: > > Kathy Kleiman > Milton Mueller > Wendy Seltzer > William Drake > Edward Morris > Joy Liddicoat > Maria Farrell > Avri Doria > Robin Gross > Amr Elsadr > Attachment:
signature.asc
|