RE: [gnso-ff-pdp-may08] Confused and Frustrated about the process

["Mike Rodenbaugh" <icann@xxxxxxxxxxxxxx>]

Hi Marc,

You have a fundamental misunderstanding "that we are given some sort of
mandate to deal with 'fast flux'."  At this point, we have only been asked
to try to answer a range of basic questions that could drive development of
solutions.  In this group too many folks have been focusing on impacts of
various solutions, when we don't yet have a shared understanding of 'the
problem' much less an idea of the range of various potential solutions.  It
may be a different group that works on solutions, once the groundwork is
done.

Your contributions have been truly valuable, and I regret that the group is
working in a way that makes you uncomfortable.  I only hope you will keep at
it.  ICANN has been extremely frustrating at times for me, too, because it
takes so long and such a massive 'groupthink' to get anything changed, and
yet it is so obvious that change has long been needed to address abusive
domain registrations.  

Indeed, RAPID change is needed to deal with criminal fast flux activity.
Rod Rasmussen did a great job of summarizing why we are at this:  "First,
it's because the technique is doing significantly more harm than others in
the on-line crime space.  Second, it requires the actions of the domain
registration community to effectively mitigate through quick mitigation or
prevention."  

All we can do is keep up the good fight, within ICANN and outside of it, and
eventually there will be change for the better.

Thanks,
Mike R.



-----Original Message-----
From: owner-gnso-ff-pdp-may08@xxxxxxxxx
[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Marc Perkel
Sent: Friday, August 15, 2008 1:36 PM
To: Fast Flux Workgroup
Subject: [gnso-ff-pdp-may08] Confused and Frustrated about the process


I am somewhat confused and frustrated by the process and in part it's 
probably my fault. But I want to bring this up and see if I can get a 
better idea of what's going on.

I have not been part of these kind of groups before and feel like a very 
small fish in a big pond and I have a very limited understanding of the 
problems and politics within the ICANN community. And - being self 
employed I'm more used to just fixing things that working within a 
group. And I'm an engineering type - one of those who would rather work 
with computers than people - and working in a group isn't my strongest 
skill.

So - my understanding of the problem is that we are given some sort of 
mandate to deal with "fast flux". The reason behind it is that FF is 
used by criminals (but not exclusively by criminals) to cheat banks out 
of money. And I'm assuming that the victims of phishers are interested 
in putting a stop to the practice.

It seems however that the problem isn't FF in itself as there seems to 
be legit uses for the technology. And from what I understand is if we do 
just what we are told to do then the result is that we would have to 
return a verdict that we need a new mandate. And I would assume that 
then the "higher ups" for lack of a better term would tell us what they 
really want us to do.

Excuse me if I'm oversimplifying - but that how I deal with things.

However - as I understand it - the idea of looking into fast flux as it 
relates to fraud - that should be on the table as it is clearly implied. 
So my understanding is - and this is where I'm experiencing confusion - 
that there is an implied mandate to solve FF problems as it directly 
relates to fraud. If i'm wrong about this - please explain it to me.

I'm a tech - so if someone brings me a computer and asks me to fix the 
hard drive - and it turns out that the problem isn't the hard drive but 
the hard drive cable - I make the assumption that the customer really 
wants me to fix that hard drive cable because the real mandate is to 
make the computer work. However - someone else might return the computer 
unfixed stating that the hard drive is fine, or making the customer ask 
that the hard drive cable be repaired before we can continue.

So - in my way of thinking - and I think as a tech - that I interpret 
the mandate to be "figure out how to stop the fraud where FF is part of 
the problem". So even if we determine that "stopping FF" isn't the 
answer, that we shouldn't just stop there. We should come up with 
solutions, or rather "ideas for solutions that should be further 
investigated" so that at least if they kick the ball back to us they 
have a better idea of what to ask for.

Another issue I have in working with a group of people is that I think 
differently and I solve problems differently than most people do. Most 
people start at the beginning and work their way to the end. If they get 
stuck in the middle they stop and the problem doesn't get solved. That 
is what I see happening here. That we can reach the solution phase if we 
haven't defined the problem.

I'm not someone who accepts that limitation. What I do in cases like 
this is to start looking at solutions and then think about the effect 
the solution has. If the solution tends to solve the problem then I 
might have accomplished the mission even if I don't completely 
understand what I'm fixing.

As an example. I've often been called upon to repair electronic 
equipment that I have absolutely not training or experience fixing. In 
fact in many cases I don't even know how to operate the equipment that 
I'm trying to fix. I'm just told that it's broken and it's my job to 
make it work again.

So I open the machine up and I smell burnt electronics. So I look around 
and I see parts burnt. So I replace the burnt parts with new parts and 
ask someone who knows what the machine does to turn it on and tell me if 
it's working. They try it out, it works, I'm declared a genius, and I 
walk away with a check. And that's how I made a living back when I was 
19 years old. My job wasn't to understand the problem, nor was it to be 
trained and competent. My job was to make the machine work.

The point here is that if I has limited myself to the requirements of 
experience and training then I wouldn't have ben able to attempt the repair.

OK - getting to the point. If I were not part of this group and I were a 
consultant hired to just fix this then I would be doing things in a 
different order than this group is doing it. I would be looking at 
possible solutions as a way of defining the problem. Sometimes if you 
get stuck in the middle you have to work back from the end.

For example - the TTL limiting idea - we have (I think) already 
determined that to be mostly not the solution in that we can identify 
collateral damage. It kill all legitimate use of FF that might be used 
for free speech. So - without determining what the problem is, we know 
what the solution is not.

What do we agree on? I think that we all agree that FF is bad when it is 
used to steal money from banks and peoples accounts (phishing in 
general). So - if we can agree that the folks who want us to look at FF 
are really mean they want to stop FF in connection with phishing, then 
we have a problem that we can then try to solve.

So - if we can present ideas as either solutions or pieces of solutions 
that can help to inhibit fraud and that do not have any effect on free 
speech or other unintended consequences then it seems to me that it's 
worth putting something together to at least return something useful 
that could at least perhaps define the problem and give other something 
to work with for the next step. And there are ideas on the table for 
solutions that are promising that haven't been sufficiently discussed 
because the group is locked into a sequential process and is stuck at a 
place before the solution phase.

I see it as putting together a picture puzzle. You dump the pieces on 
the table and the first thing you do is find any two pieces that fit 
together. There is no order to the process. Eventually it all fits. But 
if you start with the upper left corner and limit yourself to doing it 
sequentially then it's much harder to solve. I look at this problem in a 
similar way. Maybe we can't build the puzzle, but we can put a few 
pieces together,

I personally do not see the FF problem as it relates specifically to 
fraud as a very hard problem to solve. I think the issue of 
distinguishing between FF phishing and FF free speech is trivial and can 
be accomplished with no false positives at all while taking a huge bite 
(possibly 90%+) out of FF used for phishing. It seems to me that if I 
were in control of everything that it would only take a couple weeks at 
best to code something up that would work. But I'm not in control of 
everything and I'm working within a process that include a lot of things 
that I'm not good at and I'm feeling awkward in this environment.

So - some of this is just venting - but I've always looked at my part of 
the process as being one of the people who figures out the solution part 
as my way of making a contribution to the process. And I'm needing some 
advice as to how to be part of a group and accomplish something useful. 
I feel like a TV repairman who is called to do a home service call and 
there's no TV to fix.

Thanks in advance for your understanding and advice.