RE: [gnso-acc-sgb] Additional Proposal

["Margie Milam" <Margie.Milam@xxxxxxxxxxxxxxx>]

The value of these services is evident from the marketplace that has
arisen to fill the need and the numerous financial institutions that
have subscribed to these services.  Security Companies (both public and
private) have devoted significant resources in monitoring, detecting and
responding to phishing, and taking down fraudulent web-sites, and use
WHOIS for this purpose.  Banks don't generally desire to spend the
research and development resources necessary to keep up with the
sophisticated phishers and often turn to security companies to assist
them.    

Consumers benefit when a fraudulent site is taken down in hours instead
of days because of services like these. 

Relying on IP addresses alone does not provide all of the information
necessary to identify domain name phishes because if you shut down one
IP address, they just set up additional ip addresses to host the
fraudulent sites.   The only way to effectively shut down domain based
phishes is to deal with it at the registrar level because the registrar
has the information that can identify the culprit.

Please note that the problem is not just phishing, although phishing is
significant. The problem extends to all kinds of intellectual property
abuse, including the sale of counterfeits, such as counterfeit drugs.
Because law enforcement is ill-equiped and under-resourced, much of the
work falls to the brand holders, many of whom use service providers, to
protect their consumers from illegal online-activities.

Margie   



-----Original Message-----
From: Ross Rader [mailto:ross@xxxxxxxxxx] 
Sent: Tuesday, May 15, 2007 2:50 PM
To: Margie Milam
Cc: gnso-acc-sgb@xxxxxxxxx
Subject: Re: [gnso-acc-sgb] Additional Proposal

Margie Milam wrote:
> We can certainly come up with parameters to identify who is a
legitimate
> service provider for the context of the access -- but the fact remains
> that service providers provide an important function in the
anti-fraud,
> brand protection arena that merits discussion and access.  The bulk
> access agreement can address abuse and termination rights by those
that
> don't comply with the terms of the agreement.

Yet no one is able convincingly demonstrate the connection between the 
value of the services that these parties (and others) provide, and 
continued unfettered access to whois.

It is a bit of a logical jump to state that successfully fighting the 
brand protection fight is predicated on unlimited access to my customer 
data when in fact, most forms of IP protection, network abuse, phishing 
investigation, etc. are all differing means to investigate the internet 
resources that an individual or individual is using. 100% of this use 
requires an IP address and some form of access to network resources (via

an ISP, hosting company etc.). Having ready access to domain 
registration customer information isn't wholly useful - although it may 
be partially useful. If it is only partially useful, then perhaps its 
reasonable to expect that its only partially available?

In the real world, the existence of private investigators doesn't 
warrant the publication of Just because we have private investigators 
doesn't warrant the publication of unlisted telephone numbers.

-r