[gnso-ff-pdp-may08] Rod Rasmussen Statement of Interest - Redux
- To: Fast Flux Workgroup <gnso-ff-pdp-May08@xxxxxxxxx>
- Subject: [gnso-ff-pdp-may08] Rod Rasmussen Statement of Interest - Redux
- From: Rod Rasmussen <rod.rasmussen@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Jul 2008 10:07:32 -0700
Apologies if some of you have this from before, but it appears it's
not in the "official" tally, so I don't want to get kicked out! I've
updated this for "financial interest" disclosure as well.
President and CTO, Internet Identity
Co-Chair, Anti-Phishing Working Group: Internet Policy Committee (APWG
Neither myself or my company have any ICANN/GNSO constituency
membership at this time - we're trying not to "pick sides" on these
abuse issues that affect all constituencies!
Statement of interest:
Both my company and the various industry organizations I am a leader
and/or active within (APWG, MAAWG, Digital Phish-net, AOTA) are very
concerned with the rapid rise in DNS manipulation techniques being
used by phishers and e-criminals to perpetuate fraud, crime, and wide
abuse across the Internet. Fast Flux, and various other types of DNS
"flux" techniques are being used by the largest proliferators of spam,
phishing, and other net abuse, and are tied to organized crime
elements throughout the world. The nature of these attacks makes
mitigation and prevention nearly impossible without the close
involvement of the domain registration community, and their use is
growing rapidly, with thousands of fraudulently registered domains in-
use daily utilizing them. We wish to engage this community to work on
policies to address these types of abuse in a manner that will be
highly effective, sustainable, and flexible enough to work as the
criminals change their tactics. At the same time, we realize that
there are drawbacks and costs associated with any new policy and those
need to be balanced to come up with solutions that work for all.
I am one of the principal partners of Internet Identity with a very
large (but non-majority) portion of its ownership, and am thus
materially impacted by the company's financial performance. Our
clients are primarily in the financial services and e-commerce sectors
and they and their customers are the victims of phishing and other
online crime attacks. A large percentage of these clients are
directly impacted by fast-flux based phishing attacks and part of the
work we are paid to perform on their behalf is mitigating the actual
attacks and working towards long-term solutions for these problems.
Successfully addressing these issues from a policy perspective is both
a potential financial gain and loss, as the benefits of our long-term
role would be to some extent offset by lost revenue "opportunities"
individual fast flux attacks present to our company's mitigation
service. Due to the nature of our work, many of our clients fall into
the Business and/or IP constituency area of the GNSO umbrella (and
several companies who employ us are members), but we also perform
substantial work for domain registrars, domain registries, and ISPs,
all of whom have membership within their respective GNSO constituencies.