RE: [gnso-acc-sgb] Bank question

["Palmer Hamilton" <PalmerHamilton@xxxxxxxxxxx>]

Dan,

The proposal relating to governmentally-chartered financial institutions
is intended to relate to the banking sector.  The rationale for such
treatment is that a significant portion of financial fraud on internet
users and consumers is done through fruadulent websites claiming to be
those of banks.  Further, this sector is easily defined and delineated
in a way that is not so easily accomplished in other sectors.  Finally,
this is a sector that is already subject to regular governmental
examination.

Without immediate access to WHOIS data, fraudulent websites will be left
up for much longer periods of time.  This translates to direct losses
for those involved.  Every hour can entail millions of dollars.  Life
savings can be lost. 

I would agree that a uniform approach might be theoretically ideal, but
this may not be achieved.  If it is not achieved, then it is absolutely
essential that internet users and consumers are protected from financial
fraud.  This is why we are advancing this approach.

Now, let me address the second aspect of your email.  In most countries
of the world, banks must receive a governmental charter to operate.  (As
noted, our proposal would only apply to those banks that are
governmentally chartered.)  In many countries, depositors receive
deposit insurance of some form.  Governments sometimes provide a
financial safety net for such deposit insurance funds.  Thus,
governments view banks as playing a special role in society, and, in
order to play that role, they are required to undergo close scrutiny in
the form of regular bank examinations.  Our proposal envisions that one
of the functions that would be performed in the future during such
examinations would be supervision of the access that this proposal would
permit.  Your specific questions about the mechanics of the supervision
are certainly valid issues that would have to be developed.  For
example, the bank regulators could withhold further access for
impermissible use of the data.  Regulators also have various tools they
can apply to banks acting improperly.  They can assess civil money
penalties.  They can issue cease & desist orders.  They can order
restitution in certain cases.

In other words, this sector of the economy is quite distinct from other
sectors in terms of the extent of governmental supervision and the
control that regulators have in dealing with players within this sector.

Palmer 

-----Original Message-----
From: owner-gnso-acc-sgb@xxxxxxxxx [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
On Behalf Of Dan Krimm
Sent: Friday, May 11, 2007 12:49 AM
To: gnso-acc-sgb@xxxxxxxxx
Subject: [gnso-acc-sgb] Bank question

A couple questions for Palmer too.


 (1) I want to make sure I understand the scope of the Bank proposal
properly.

Is this presented as a comprehensive proposal for coordinating all
access to private Whois data (including by LEAs), or only within the
banking sector?

If the latter, then there still needs to be a solution for the rest of
the world.  It may be simpler to have a single solution than fragmented
solutions.


 (2) How does the "governmental monitoring" actually work to ensure that
all certification for access is appropriate (and any violations of
appropriateness are penalized and enforced)?  What would penalties be
for improper granting of access, and how would they be imposed?

Again, if there is no significant penalty for misuse in practice, the
constraint may as well not be there.


Dan