Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch Govcert procedure

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Wout and all sgb members,

  From reports I have received, the main concern of abuse is regarding
ID theft attempts and law firm harassment.  Ergo, allowing greater
third party access to Whois data in any form or in any manner.  Spam
comes in as the third place concern.

Natris, Wout de wrote:

> Dead all,
>
> Unfortunately I have to express that it is true, as Jeff Williams states
> for LEA's in general, that most of my colleague anti-spam enforcers are
> not heard in this discussion. Unfortunately most of them have never
> fined a spammer or ever handled a complaint. So when I explained to them
> in 2006 what the effects of the closing down of Whois databases would be
> I received blank weary stares, because they simply did not know what I
> was talking about. None had ever seen Whois data or knew why it is
> important to them.
>
> Believe me, that there has not been many expression of interest from law
> enforcement agencies does not mean that it is not important to have
> access. Some countries are on the verge of coming into action others are
> becoming aware of the acuteness of the problem. Interest will change in
> the coming years.
>
> The reason OPTA is in the middle of this discussion I have explained in
> my e-mail yesterday. We work with the data base on a daily bases.
>
> Regards,
>
> Wout de Natris
>
> -----Oorspronkelijk bericht-----
> Van: owner-gnso-acc-sgb@xxxxxxxxx [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
> Namens Jeff Williams
> Verzonden: zondag 13 mei 2007 7:08
> Aan: Palmer Hamilton
> CC: Dan Krimm; gnso-acc-sgb@xxxxxxxxx; gnso-whois-wg@xxxxxxxxx
> Onderwerp: Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch Govcert
> procedure
>
> Palmer and all,
>
>   LEA's have limited resources for a number of reasons.  Some of these
> reasons are a matter of how LEA's utilize the resources they have, some
> are as a result of poor or less than optimum budget procedures, and some
> are simply due to arbitrary of subjective budget allocation.
> However having or not having enough resources is not a good reason for
> not doing the job LEA's are supposed to do.
>
>   I myself have spent a number of years working with various law
> enforcement agencies both international and domestic, as a member of
> MIS, and still do to a much less degree.  I have relatives whom work for
> the FBI and INTERPOL as well as intelligence agencies in various parts
> of the world.  And at no time was their ever a need expressed for access
> to private data in Whois, nor even any need expressed for ANY access to
> Whois data at any time that I can recall.
>
>   Banks have and do on nearly a regular basis put consumers at risk on a
> global basis as recent legal cases have shown.  Many banks whom are
> federally insured are not by any means regularly examined as some
> lawyers whom represent the financial/banking industry like to contend so
> as to propagate confidence in the financial/banking service industry for
> the general every day consumer.  Bank examiner fraud is becoming a
> growing concern in the U.S. senate see:
> http://www.washingtonpost.com/wp-dyn/articles/A14012-2004Jun3.html
> Note: there are literally hundreds of other examples.
> And in Canada see:
> http://www.gov.calgary.ab.ca/citybeat/public/2000/04/release.20000405_07
> 1454_6653_0
>
> So Palmer, to say that banks are examined on any basis is not really
> sufficient evidence, ergo hearsay, to engender confidence or any form or
> feeling of safety by or for consumers in and of itself.
>
> Palmer Hamilton wrote:
>
> >
> > Dan,
> >
> > The problem is a practical one.  Law enforcement has limited
> resources.
> > We might wish that were not the case, but it is, and, realistically,
> > it will always be the case.  Law enforcement, as I set out in my
> > earlier emails to Milton, expects banks to do the legwork before it
> will act.
> > Maybe it should be otherwise, but this is not the case nor will it
> > ever be the case.  In various roles, both in government and working on
>
> > the side of government, I have spent years working on the side of law
> > enforcement.  I think it is fair to say that law enforcement's
> > approach is virtually an immutable law of nature.  And frankly from
> > law enforcement's standpoint, it must set priorities given its limited
>
> > resources.
> >
> > If banks do not have access to the necessary information, internet
> > users and consumers will be put at much greater risk.  It would be
> > nice to think that banks and consumers could simply lodge a complaint
> > and that the complaint would be immediately acted upon.  But this will
>
> > never happen.  Law enforcement has too much on its plate.  My banks
> > can give you page after page of examples to corroborate this.  And
> > remember for every hour that passes, millions can be lost, including
> life savings.
> >
> > Please take another look at the example in my email to Milton
> > involving the local police in a foreign jurisdiction that finally
> > agreed to act, but only after the bank had exhausted all avenues and
> > done all the legwork.  Realistically, absent bank access to the local
> > address, it is unknown how many innocent consumers would have suffered
>
> > losses before this fraudulent website was ever closed down.
> >
> > You are right that this is a question of balance.  And I would argue
> > that consumer protection needs to be prominently considered, not
> > dismissed as unfortunate collateral damage.
> >
> > Banks are closely regulated and monitored entities with public
> > responsibilities.  Those responsibilities are examined regularly by
> > bank examiners.  As a result, I would submit, consumer protection
> > ought to prevail in light of the protections from a privacy standpoint
>
> > in the existing regulatory structure.
> >
> > Palmer
> >
> > -----Original Message-----
> > From: owner-gnso-acc-sgb@xxxxxxxxx
> > [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
> > On Behalf Of Dan Krimm
> > Sent: Friday, May 11, 2007 3:43 PM
> > To: gnso-acc-sgb@xxxxxxxxx
> > Cc: gnso-whois-wg@xxxxxxxxx
> > Subject: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch Govcert procedure
> >
> > Palmer,
> >
> > If I may step in here (and shift this discussion over to the Subgroup
> > B list where it properly belongs):
> >
> > At 1:44 PM -0500 5/11/07, Palmer Hamilton wrote:
> >
> > >Just having the IP address and registrar is not sufficient.  For
> > >example, one of my banks had a case in which it had to use local
> > >police
> >
> > >in a foreign country to visit the physical address of the website
> > >owner
> >
> > >to get the site taken down.  The bank had tried to get the registrar
> > >to
> >
> > >shut it down without success.  The bank had also tried to stop the
> > >site
> >
> > >with the administrative contact, the technical contact, the abuse
> > >contact, and the website owner, all with no success.  The registrar
> > >was
> >
> > >also not interested in working with the local police, but the local
> > >police agreed to assist AFTED the bank provided the police the full
> > >WHOIS information plus a synopsis of its takedown efforts.
> >
> > So the question here is, when the bank is involved in valid efforts
> > that require access to Whois data that is designated as private there
> > certainly should be a process for that data to be engaged in the
> > process, so what should that process be?  No one is suggesting that
> > the bank never get any such information whatsoever.  But some of us
> > are suggesting that private entities should not get direct access to
> > the Whois data, but rather get information from formally accountable
> > LEAs who have direct access.
> >
> > It doesn't mean that private agents cannot contribute to the
> > investigation process, but that private agents need only be given what
>
> > they need in a particular context rather than being given the full
> > range of powers granted to publicly-accountable law enforcement.  And,
>
> > that LEAs be responsible for providing appropriate information to
> > private agents that are participating in investigation processes.
> > Once such a policy is well-defined, it is possible to build
> > technological systems that adhere to those policies and operate
> > efficiently without unnecessary human intervention.
> >
> > And if ICANN jurisdiction is insufficient to resolve all structure
> > issues, that still may not be ICANN's responsibility to solve.
> >
> > At some point public law enforcement must step up to the plate to do
> > what needs to be done.  ICANN cannot solve all the world's public
> > problems on its own, or even those problems that may relate
> > tangentially to the technical operation of the Internet.  ICANN is not
>
> > a proper venue to determine and conduct public governance activities,
> > or to authorize private execution of public governance.
> >
> > >Having said this, the Dutch model could ultimately help fill a void
> > >on the international level by leveraging international pressure on
> > >recalcitrant governments.  But again, this is not really an
> > >alternative
> >
> > >to what we are doing in Subgroup B, as I understand it.
> >
> > What exactly are we doing in subgroup B as you understand it?
> >
> > As I understand it, we are trying to reach some consensus on what GNSO
>
> > should recommend to the ICANN Board with regard to determining to whom
>
> > and how direct access to private Whois data under the OPoC paradigm
> > should be granted (by registries and/or registrars).  This does not
> > speak to indirect access through authorized/certified LEAs.
> >
> > I have no expectation (or illusion) that what we come up with here
> > will create a perfect world.  It will certainly continue to be
> > systematically imperfect from a privacy protection standpoint.  If you
>
> > are hoping to find perfection, then that is undoubtedly beyond the
> > scope of this WG or Subgroup B.
> >
> > We are not in a position to dictate a comprehensive and airtight
> > resolution to the full complexity of issues here.  So at least *that*
> > is
> > *not* what we are doing here.
> >
> > Dan
>
> Regards,
>
> --
> Jeffrey A. Williams
> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
> "Obedience of the law is the greatest freedom" -
>    Abraham Lincoln
>
> "Credit should go with the performance of duty and not with what is very
> often the accident of glory" - Theodore Roosevelt
>
> "If the probability be called P; the injury, L; and the burden, B;
> liability depends upon whether B is less than L multiplied by
> P: i.e., whether B is less than PL."
> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
> ===============================================================
> Updated 1/26/04
> CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div.
> of Information Network Eng.  INEG. INC.
> ABA member in good standing member ID 01257402 E-Mail
> jwkckid1@xxxxxxxxxxxxx  Registered Email addr with the USPS Contact
> Number: 214-244-4827
>
> +++++++++++++++++++++++++++++++++++++++++++++
> Disclaimer
> Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is 
> beschermd door een beroepsgeheim.
> Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm 
> van verspreiding, vermenigvuldiging
> of ander gebruik ervan niet is toegestaan.
> Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, 
> verzoeken wij u ons daarvan
> direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail 
> mailto:mail@xxxxxxx en het bericht te vernietigen.
> Dit e-mailbericht is uitsluitend gecontroleerd op virussen.
> OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en 
> juistheid van dit bericht en er kunnen
> geen rechten aan worden ontleend.
>
> This e-mail message may contain confidential information or information 
> protected by professional privilege.
> If it is not intended for you, you should be aware that any distribution, 
> copying or other form of use of
> this message is not permitted.
> If it has apparently reached you by mistake, we urge you to notify us by 
> phone +31 70 315 3500
> or e-mail mailto:mail@xxxxxxx and destroy the message immediately.
> This e-mail message has only been checked for viruses.
> The accuracy, relevance, timeliness or completeness of the information 
> provided cannot be guaranteed.
> OPTA expressly disclaims any responsibility in relation to the information in 
> this e-mail message.
> No rights can be derived from this message.

Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827