FW: [gnso-rap-dt] revised WHOIS note

["Mike Rodenbaugh" <icann@xxxxxxxxxxxxxx>]

Dear Greg, that "vote" was specifically subject to further comment on the
List, particularly so others not present in meeting could have a chance.
Also we were talking about the broader WHOIS 'rathole', which has always
focused upon accuracy and access.  We were not talking specifically about
proxy WHOIS services which are generally implemented at registration, and
are often abused.  Yes, I could have tried to carve it out then, but the
thought only came to me once I saw your email on paper (which also was
significantly different than the email we "voted" upon).

Thanks,
Mike 

-----Original Message-----
From: owner-gnso-rap-dt@xxxxxxxxx [mailto:owner-gnso-rap-dt@xxxxxxxxx] On
Behalf Of Greg Aaron
Sent: Wednesday, July 22, 2009 12:00 PM
To: 'Rod Rasmussen'; 'James M. Bladel'; 'Mike Rodenbaugh'; 'Neuman, Jeff'
Cc: gnso-rap-dt@xxxxxxxxx
Subject: RE: [gnso-rap-dt] revised WHOIS note


Dear guys:

The WG conducted a vote in Monday's meeting and arrived at a unanimous
consensus course of action.  (That the WG will a) leave WHOIS off its list
of registration abuses for major examination, research, and
recommendation-making, and b) will include examples and background in its
report when WHOIS issues are a factor in other abuse issues.)

On Tuesday Mike Rodenbaugh stated that he wanted to see an exception for
WHOIS proxy services (http://forum.icann.org/lists/gnso-rap-dt/msg00257.html
).  That departs from Monday's position.

So, I need to know if anyone would like to switch their vote.  If so please
indicate explicitly on the list by 22:00 UTC tomorrow so that the tally can
be accurately recorded in the note to Council.  Rod, Mike, and Roland, can
you confirm your positions -- do you agree with a and b as per
http://forum.icann.org/lists/gnso-rap-dt/msg00255.html ?  If not, please
describe.

All best,
--Greg



-----Original Message-----
From: Neuman, Jeff [mailto:Jeff.Neuman@xxxxxxxxxx]
Sent: Tuesday, July 21, 2009 11:44 PM
To: eckhaus jeff; Rod Rasmussen; James M. Bladel
Cc: Roland Perry; gnso-rap-dt@xxxxxxxxx
Subject: RE: [gnso-rap-dt] revised WHOIS note


I believe getting the data will be important, but as we have seen before,
once the data comes in, it can be sliced in a large number of ways depending
on the side you are on.  

One key point to note is that whether there is a link or not between proxy
services and criminal activity, there is certainly a strong perception in a
number of communities that there is a link and that standards should be
developed to come up with best practices to guide registrars operating proxy
or anonymous WHOIS services, especially as it relates to revealing the true
identity of the registrant when one perceives that that registrant has
wronged a third party.  They believe that so long as there is a predictable,
standardized process to retrieve that information, so they can pursue the
appropriate legal remedy, then may be adequate.  

I am not commenting on whether this is in the scope of this group or not (as
I have not recently read the charter), but just stating what others have
shared with me.

Jeffrey J. Neuman, Esq.: NeuStar, Inc.
Vice President, Law & Policy 


The information contained in this e-mail message is intended only for the
use of the recipient(s) named above and may contain confidential and/or
privileged information. If you are not the intended recipient you have
received this e-mail message in error and any review, dissemination,
distribution, or copying of this message is strictly prohibited. If you have
received this communication in error, please notify us immediately and
delete the original message.



-----Original Message-----
From: owner-gnso-rap-dt@xxxxxxxxx [mailto:owner-gnso-rap-dt@xxxxxxxxx]
On Behalf Of eckhaus jeff
Sent: Tuesday, July 21, 2009 7:13 PM
To: 'Rod Rasmussen'; James M. Bladel
Cc: Roland Perry; gnso-rap-dt@xxxxxxxxx
Subject: RE: [gnso-rap-dt] revised WHOIS note


Rod,

Could you provide the data and the findings to the group that you reference
regarding the studies by "Spamhaus, SURBL, Knujon, and several academic
anti-spam and ant-crime researchers" along with the methodology used.

I think the Working Group would like to see the quantifiable data and as a
registrar I would love to see the findings and details so that we can help
the community if there is a need here.



Thanks

Jeff





-----Original Message-----
From: owner-gnso-rap-dt@xxxxxxxxx [mailto:owner-gnso-rap-dt@xxxxxxxxx]
On Behalf Of Rod Rasmussen
Sent: Tuesday, July 21, 2009 3:37 PM
To: James M. Bladel
Cc: Roland Perry; gnso-rap-dt@xxxxxxxxx
Subject: Re: [gnso-rap-dt] revised WHOIS note


James,

Spamhaus, SURBL, Knujon, and several academic anti-spam and ant-crime
researchers have tied use of proxy registrations to criminal domain usage -
especially in the case of pharma and other high-volume spam.
The privacy services are also victimized in these cases, as the criminals do
not (conveniently) provide their real details.  By using the privacy service
though, they can avoid having to come up with randomized patterns for their
fake whois, as their criminal registration details are hidden in with
legitimate ones as far as the public can tell.  This has a negative impact
on those privacy registration services, as their reputation is impinged by
criminal behavior, so there is a natural incentive for those types of
services to do a better job screening applicants (I would point to GoDaddy
as a provider that does a good job keeping such actors out in general by the
way).  The question is (and this is asked and speculated on widely within
the security community) is whether there are some "fake", "complicit", or
"clueless" privacy services out there that facilitate such activities.  I'm
not sure about the status of that research - I'll ping some of my friends in
the anti-spam biz on that.

Rod

Rod Rasmussen
President and CTO
Internet Identity
1 (253) 590-4088

On Jul 21, 2009, at 3:16 PM, James M. Bladel wrote:

>
> But does this not present the paradox of a criminal entering 
> fraudulent WHOIS data, and then purchasing (or stealing) Proxy 
> Services to obscure that fraudulent data?
>
> Or, does this scenario presume that a (not very bright) criminal will 
> operate a fraudulent website, but enter their -valid- contact 
> information behind a Proxy service?  This is analogous to someone 
> burglarizing an darkened home, but leaving their wallet behind.
>
> My point in all of this is simply that I am not aware of any 
> quantifiable data that establishes a clear and conclusive link 
> implicating proxy / privacy services and criminal behaviors.  In fact, 
> the recent SSAC report seems to indicate that these services provide 
> some security benefits for registrants versus hijacking / compromised 
> accounts.
>
> Thanks--
>
>
> J.
>
>
>   -------- Original Message --------
> Subject: Re: [gnso-rap-dt] revised WHOIS note
> From: Roland Perry <roland@xxxxxxxxxxxxxxxxxxxxxxxx>
> Date: Tue, July 21, 2009 2:16 pm
> To: gnso-rap-dt@xxxxxxxxx
>
>
> In message
>
<20090721111333.9c1b16d3983f34082b49b9baf8cec04a.870be0e1f5.wbe@xxxxxxxx
c
> ureserver.net>, at 11:13:33 on Tue, 21 Jul 2009, James M. Bladel 
> <jbladel@xxxxxxxxxxx> writes
>
>> I guess I'm not clear on what is meant by "Abuse of WHOIS proxy 
>> services." Do you mean bad actors using fraudulent / stolen data to 
>> open these accounts, or compromised accounts?
>
> earlier Mike said:
>
> #particularly when registrars are providing the service and do not 
> #divulge underlying WHOIS info upon reasonable evidence of abuse, as 
> #clearly required by the RAA.
>
> Meanwhile, as someone who tries to help victims of e-crime, I find the 
> proxy-WHOIS is very often used to obscure the fraudster's details. I'm 
> aware that they might just be hiding false details, but shouldn't 
> registrars be doing more checks on such things? For example, where a 
> domain is paid for by a Credit Card, making available as default the 
> address details used to verify that payment.
> --
> Roland Perry
>
>