Fw: [gnso-acc-sgb] Report for today

["Palmer Hamilton" <PalmerHamilton@xxxxxxxxxxx>]

-----Original Message-----
From: Palmer Hamilton
To: 'hdierker2204@xxxxxxxxx' <hdierker2204@xxxxxxxxx>
Sent: Thu May 24 10:07:01 2007
Subject: Re: [gnso-acc-sgb] Report for today

Eric,

I realize that Phillip is appropriately concerned that the email list not be 
used to resolve personal situations, but in this instance I think we need to 
get to the bottom of it.  I think it proves precisely my point about the need 
for WHOIS data.

You were phished, and B of A wants the site taken down.  If you will supply the 
underlying URL it will expediate B of A's ability to get the site taken down.  

B of A says with WHOIS data that it can get a site down in roughly a day and a 
half.  If this data is taken away, customers will be vulnerable to long delays.

As I mentioned to you, sopisticated consumers may not be fooled.  You are a 
case in point.  Unfortunately, many consumers lack your sopistication and 
phishing of this sort works all too often.

Thus, I hope Phillip will forgive me for addressing this very specific case, 
but it proves my general policy point.  Banks need access to protect consumers.


-----Original Message-----
From: Hugh Dierker <hdierker2204@xxxxxxxxx>
To: Palmer Hamilton; dan@xxxxxxxxxxxxxxxx <dan@xxxxxxxxxxxxxxxx>; 
gnso-acc-sgb@xxxxxxxxx <gnso-acc-sgb@xxxxxxxxx>
Sent: Thu May 24 08:49:00 2007
Subject: Re: [gnso-acc-sgb] Report for today

Here is the data from a spam I received from whom it says.  I have no 
connection with this institution.
 
<http://us.f529.mail.yahoo.com/ym/ShowLetter?MsgId=3066_6873947_66315_1941_3681_0_55456_10570_4241701953&Idx=33&YY=31291&y5beta=yes&y5beta=yes&inc=25&order=down&sort=date&pos=1&view=a&head=b&box=Inbox#attachments>
  Fwd: Bank of America alert : Sign-in Error : Verify Your Account Information
 
        "Alert@xxxxxxxxxxxxxxxxx" <Onlinebanking@xxxxxxxxxxxxxxxxxxxxxxx>       
Date:    Wed, 23 May 2007 06:52:18 -0600        
 
Somehow the policing is down here for this Titan of an institution. Either this 
is spam from the bank or this is an example of them not policing their own 
domain name.
 
In any case it gives pause to consider allowing "banks" ready access.
 
Eric


Palmer Hamilton <PalmerHamilton@xxxxxxxxxxx> wrote:

        Dan,
        
        Let me address why the consumer is at risk as well as the bank.
        
        First, not all risk is off loaded to the bank.  There can be 
circumstances where the consumer can be held liable.
        
        Second, in the case of identity theft, the consumer certainly 
experiences the serious and often devastating adverse consequences.  Anyone who 
has been the victim of ID theft can easily speak to this.  It is fine for us to 
talk about these issues in the abstract, but talk to a victim of ID theft, and 
he or she will likely not be too impressed some of the arguments we have been 
hearing.
        
        So, yes, banks do have an interest in limiiting their exposure, but 
that interest coincides with the interest of the consumer.  And, yes, there are 
unfortunately circumstances where life savings can be wiped out.  This isn't 
rhetoric.  This is unfortunate reality.
        
        I would submit that good public policy requires a careful balancing of 
interests.  When this is done, I think it is clear that a construct exists that 
will protect the consumer and protect the privacy concerns being expressed.  I 
fear that our subgroup does not seem to be engaged in this serious work.  
Instead, we seem to be holding fast to positions without exploring creative 
constructs that protect multiple interests.
        
        To totally ignore the risk to the consumer, it seems to me, in order to 
uphold the theoretical, is neither wise nor justifiable.
        
        
        -----Original Message-----
        From: owner-gnso-acc-sgb@xxxxxxxxx <owner-gnso-acc-sgb@xxxxxxxxx>
        To: gnso-acc-sgb@xxxxxxxxx <gnso-acc-sgb@xxxxxxxxx>
        Sent: Wed May 23 20:36:29 2007
        Subject: Re: [gnso-acc-sgb] Report for tomorrow
        
        At 5:34 PM -0700 5/23/07, Hugh Dierker wrote:
        
        >The concept that private IP concerns are interested in the data to 
protect
        >consumers is very interesting and I think requires some thought.
        
        
        One should not overstate this case.  For one example, as I understand it
        most credit card companies limit liability to customers if they report
        false charges promptly.  (And then they will change the credit card 
number,
        etc.)
        
        This off-loads risk from customer to the financial institutions 
directly.
        Thus in those cases the greatest damage is not to consumers but to the
        financial institutions.
        
        This is not to discount the interests of financial institutions, as they
        definitely have legitimate interests.  But for example talking about
        "consumers' life savings" rather than "financial institutions' profit
        margins" has a rather different ring to it.
        
        I'm all for supporting consumers' real interests in contexts where that
        makes sense, but I am rather less patient with rhetoric that holds up
        consumers as proxies for the interests of very wealthy legal persons.
        
        (Also: did you really mean "IP" above or "ID"?  I don't see *any*
        connection between "intellectual property" interests and consumer
        interests, while the financial institution arguments are more common 
and on
        the surface more plausible.)
        
        -----
        
        One other point, with regard to access types:
        
        I personally don't see any reason that anyone, even LEAs, would ever 
need
        "bulk access" to Whois data (which I interpret as the ability to 
download a
        registrar's entire Whois database in a single integrated lump -- this 
would
        be Type 3 access according to Milton's definition, if I understand
        correctly).
        
        Why would anyone ever need more than ongoing query access (as long as
        queries can sometimes entail multiple domains, such as "all domains for 
a
        particular registrant")?
        
        I would suggest that there may be no compelling case that warrants true
        bulk access to Whois data.
        
        Dan
        
        PS -- I believe Milton is going to revise the interim SGB report, so 
until
        we receive that I will endeavor to refrain from a whole lot of further
        comment.  I think it would be useful for us to proceed as much as 
possible
        from the outcome of our call today.
        


________________________________

Pinpoint customers 
<http://us.rd.yahoo.com/evt=48250/*http://searchmarketing.yahoo.com/arp/sponsoredsearch_v9.php?o=US2226&cmp=Yahoo&ctv=AprNI&s=Y&s2=EM&b=50>
 who are looking for what you sell.