Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch Govcert procedure

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Dr. Dierker and all sgb members,

  Good point and well put.  And I believe if only one example which
has already been provided, is enough.  As with a roach infestation,
if you find one, you better know there are many, many more you
have not yet seen.

Hugh Dierker wrote:

>    David,
>
>   I concur with your desire for some quantitative empirical data. But
> what happens if it is akin to proving a negative, or there simply is
> not the data?  Should we just give up or commission 100 studies?
>   I think we have to move forward with some examples and analysis of
> known risks.
>
>   Eric
>
>
> "Fares, David" <DFares@xxxxxxxxxxxx> wrote:
>   Dan,
>
> Could you please point us to a quantitative analysis on the extent of
> the problems that you mention we know about? We always ask governments
>
> not to make policy in a vacuum but based on sound evidence. There have
>
> been many references to problems but we need to quantify them so that
> we
> can make informed policy decisions.
>
> David
>
> -----Original Message-----
> From: owner-gnso-acc-sgb@xxxxxxxxx
> [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
> On Behalf Of Dan Krimm
> Sent: Tuesday, May 15, 2007 4:10 PM
> To: gnso-acc-sgb@xxxxxxxxx; gnso-whois-wg@xxxxxxxxx
> Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch Govcert
> procedure
>
> Since this stuff is all under the radar (data mining companies do not
> want
> to betray their sources, both for "trade secret" reasons as well as
> negative branding for both them and their sources), I imagine it's
> much
> more difficult to find evidence, because so much effort is being put
> into
> hiding it from the general public.
>
> As for Tim's suggestion that this may be less of an issue moving
> forward,
> how about some evidence of *that* while we're at it? How do we know
> that
> the "various forms of preventive measures" are in fact effective (and
> if
> they are today, will remain so tomorrow)?
>
> Eric's point about the distinction between "private enterprise ad hoc
> procedures" and "standardization and required protocols" is a lucid
> one.
> Market forces have their ups and downs, and voluntary behavior may not
>
> be
> entirely reliable over the long run.
>
> Who has the burden of proof here? I would suggest it ought to be on
> those
> claiming everything is A-O-K, since we know there have been problems
> in
> the
> past.
>
> Dan
>
>
>
> At 6:26 AM -0700 5/15/07, Hugh Dierker wrote:
> >I really want the whois wrapped up tight in the cloak of privacy. But
>
> this
> >is a really good point. Is there empirical data to support claims of
> >misuse?
> >
> >Eric
> >
> >Christopher Gibson wrote:
> >
> >Steve makes a good point. While there have been many comments
> indicating
> >legitimate use of WHOIS services, several comments have raised the
> >theoretical prospect that access to WHOIS data might result in its
> misuse
> >(the GAC principles on WHOIS services echo this concern). Can anyone
> >provide any data showing that such misuse has actually taken place on
>
> any
> >significant scale? I note that the GAC recommended that further study
>
> be
> >made on this point (i.e., how WHOIS data is used and misused). Misuse
>
> of
> >WHOIS data (quite apart from any potential privacy/data protection
> law
> >concerns) could be an overstated concern.
> >
> >Chris Gibson
> >
> >-----Original Message-----
> >From: owner-gnso-whois-wg@xxxxxxxxx
> [mailto:owner-gnso-whois-wg@xxxxxxxxx]
> >On Behalf Of Metalitz, Steven
> >Sent: Monday, May 14, 2007 4:05 PM
> >To: robin@xxxxxxxxxxxxx; jwkckid1@xxxxxxxxxxxxx
> >Cc: gnso-acc-sgb@xxxxxxxxx; gnso-whois-wg@xxxxxxxxx
> >Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch Govcert
> procedure
> >
> >Of course, the FTC's own study showed the opposite of what EPIC
> stated
> >-- that Whois is not a significant contributor of e-mail addresses
> for
> >spamming purposes.
> >http://www.ftc.gov/bcp/conline/pubs/alerts/spamalrt.shtm Another
> study
> >by the Center for Democracy and Technology reached the same
> conclusion.
> >See http://www.cdt.org/speech/spam/030319spamreport.shtml {"We tested
>
> >how much spam would be received to an address provided in the WHOIS
> >database. Contrary to our expectations, just one spam e-mail was
> >generated in the six months that our project was operational.") And
> the
> >other testimony presented to Congress at the hearing where EPIC
> >testified is well worth reviewing, including the statements of the
> >Federal Trade Commission about how they rely upon access to Whois
> data
> >to enforce laws that protect consumer privacy, and on how consumer
> >access to Whois data also assists the FTC in its consumer and privacy
>
> >protection mission. See
> >http://financialservices.house.gov/media/pdf/071806eh.pdf (All the
> >hearing testimony is compiled at
> >http://financialservices.house.g
> v/archive/hearings.asp@formmode=detail
> &
> >hearing=491.html)
> >
> >Steve Metalitz
> >
> >-----Original Message-----
> >From: owner-gnso-whois-wg@xxxxxxxxx
> >[mailto:owner-gnso-whois-wg@xxxxxxxxx] On Behalf Of Robin Gross
> >Sent: Sunday, May 13, 2007 2:00 PM
> >To: jwkckid1@xxxxxxxxxxxxx
> >Cc: gnso-acc-sgb@xxxxxxxxx; gnso-whois-wg@xxxxxxxxx
> >Subject: Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch Govcert
> procedure
> >
> >Indeed. Let's not forget that in 2006, the US Federal Trade
> Commission
> >stated that online data mining is the number one crime in the United
> >States. Privacy experts at EPIC, testified before US Congress that
> >databases such as whois are among the most significant contributors
> to
> >this problem:
> >http://www.epic.org/privacy/whois/phishing_test.pdf
> >
> >
> >
> >jwkckid1@xxxxxxxxxxxxx wrote:
> >
> >>Dan and all,
> >>
> >> To sum up what you seem to ge getting at is that allowing
> >>banks regardless of which one ergo blanket access, is a bad
> >>and possibly a dangerous idea. And I amongst a growing number
> >>or knowledgable consumers, registrants, and even LEA's, agree.
> >>In fact according to the DOJ fraud, misuse, and other financial
> >>illegal scheme's by banks, financial institutions, and auditing
> >>firms has more than doubled sense 2002.
> >>
> >>-----Original Message-----
> >>
> >>
> >>>From: Dan Krimm
> >>>Sent: May 11, 2007 11:20 PM
> >>>To: gnso-acc-sgb@xxxxxxxxx
> >>>Cc: gnso-whois-wg@xxxxxxxxx
> >>>Subject: Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch Govcert
> >procedure
> >>>
> >>>Hope,
> >>>
> >>>I am not saying that phishing is not a problem that needs to be
> dealt
> >with.
> >>>I am simply saying that it should be dealt with in a measured way
> and
> >with
> >>>proper controls. And, that there are other serious problems that
> crop
> >up
> >>>
> >>>
> >>Regards,
> >>
> >>Jeffrey A. Williams
> >>Spokesman for INEGroup LLA. - (Over 134k members/stakeholders
> strong!)
> >>"Obedience of the law is the greatest freedom" -
> >> Abraham Lincoln
> >>
> >>"Credit should go with the performance of duty and not with what is
> >very
> >>often the accident of glory" - Theodore Roosevelt
> >>
> >>"If the probability be called P; the injury, L; and the burden, B;
> >liability
> >>depends upon whether B is less than L multiplied by
> >>P: i.e., whether B is less than PL."
> >>United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
> >>===============================================================
> >>Updated 1/26/04
> >>CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
> >div. of
> >>Information Network Eng. INEG. INC.
> >>ABA member in good standing member ID 01257402 E-Mail
> >jwkckid1@xxxxxxxxxxxxx
> >>Registered Email addr with the USPS Contact Number: 214-244-4827
> >>
> >>
> >>
> >>Regards,
> >>
> >>Jeffrey A. Williams
> >>Spokesman for INEGroup LLA. - (Over 134k members/stakeholders
> strong!)
> >>"Obedience of the law is the greatest freedom" -
> >> Abraham Lincoln
> >>
> >>"Credit should go with the performance of duty and not with what is
> >very
> >>often the accident of glory" - Theodore Roosevelt
> >>
> >>"If the probability be called P; the injury, L; and the burden, B;
> >liability
> >>depends upon whether B is less than L multiplied by
> >>P: i.e., whether B is less than PL."
> >>United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
> >>===============================================================
> >>Updated 1/26/04
> >>CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
> >div. of
> >>Information Network Eng. INEG. INC.
> >>ABA member in good standing member ID 01257402 E-Mail
> >jwkckid1@xxxxxxxxxxxxx
> >>Registered Email addr with the USPS Contact Number: 214-244-4827
> >>
> >>
> >>
> >>gnso-acc-sgb@xxxxxxxxx
> >>
> >>
> >>
> >>>when the method of dealing with it is not measured and does not
> have
> >proper
> >>>controls.
> >>>
> >>>Secondly, our deliberations here are about more than just banks,
> even
> >if
> >>>Palmer's suggestion was constrained to banks.
> >>>
> >>>My comment about consumers versus customers is about the fact that
> >giving
> >>>blanket access to banks for all Whois data provides access to
>

Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827