ICANN ICANN Email List Archives

[gnso-acc-sgb]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-acc-sgb] Additional Proposal

  • To: Margie Milam <Margie.Milam@xxxxxxxxxxxxxxx>
  • Subject: Re: [gnso-acc-sgb] Additional Proposal
  • From: Ross Rader <ross@xxxxxxxxxx>
  • Date: Wed, 16 May 2007 10:08:34 -0400

Margie Milam wrote:
The value of these services is evident from the marketplace that has
arisen to fill the need and the numerous financial institutions that
have subscribed to these services. Security Companies (both public and
private) have devoted significant resources in monitoring, detecting and
responding to phishing, and taking down fraudulent web-sites, and use
WHOIS for this purpose. Banks don't generally desire to spend the
research and development resources necessary to keep up with the
sophisticated phishers and often turn to security companies to assist
them.

You missed my point. I was pointing out that the value of the services that these firms provide is not contingent on continued unfettered access to whois data.


Relying on IP addresses alone does not provide all of the information
necessary to identify domain name phishes because if you shut down one
IP address, they just set up additional ip addresses to host the
fraudulent sites.   The only way to effectively shut down domain based
phishes is to deal with it at the registrar level because the registrar
has the information that can identify the culprit.

That's a bit circular. a) IP addresses are less disposable than domains, b) most domain based phishes actually use a domain name that belongs to the culprit (most piggyback on a third party domain that has been captured due to some technical insecurity) and c) identifying the culprit doesn't shut down the phish.




Please note that the problem is not just phishing, although phishing is significant. The problem extends to all kinds of intellectual property abuse, including the sale of counterfeits, such as counterfeit drugs. Because law enforcement is ill-equiped and under-resourced, much of the work falls to the brand holders, many of whom use service providers, to protect their consumers from illegal online-activities.

That's a pretty broad brush. Isn't it actually the case that enforcement is primarily the responsibility of the IP holder and that law enforcement agency will typically focus on higher value, higher yield activities than focusing on specific intellectual property protection cases?


And while slightly off-topic, I'll also point out that its more often the case that the general public needs protection from your corporate clients than the other way around - which is one of the primary reasons why enhanced privacy for individuals is so important.

-ross



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy