RE: [gnso-whois-wg] Draft outcomes report v 1.6

[Dan Krimm <dan@xxxxxxxxxxxxxxxx>]

GAC may or may not be interested in additional information, however this
report provides compelling evidence of real harm resulting from
unrestricted access to email addresses from the Whois database, namely spam
can be increased to those addresses by up to four orders of magnitude
(roughly ten thousand times the rate).

I believe this is enough to establish harm worth taking significant action
to ameliorate.  It may be that there is additional harm as well, but that
would merely add to the motivation to act to protect privacy.  This study
is sufficient for us to take privacy protection seriously.

Clearly the Whois database is being mined *at least* for email addresses by
parties that are not using them exclusively (if at all) for legitimate
crime investigations or other legitimate purposes.  These parties are
themselves engaging in activities that are illegal in many jurisdictions,
or at least passing on the information to enable those who are doing so.

Anyone who cares about actually reducing spam (and thus helping to obstruct
the often malevolent purposes of spammers, such as phishing and delivering
malware) should favor placing effective restrictions on access to Whois
data.

I can see no empirical argument against this, at this point.

Dan



At 9:16 AM -0400 8/9/07, Suzanne Sene wrote:
>although i am not speaking formally on behalf of the gac, i would like
>to weigh in as one gac member regarding the gac's recommendation that a
>study be conducted -- the ssac study would not represent a full response
>to the gac's request, as it only addresses one aspect of the request.
>thanks, suz.
>
>
>Suzanne R. Sene
>Senior Policy Advisor
>NTIA/OIA
>202-482-3167 (ph)
>202-482-1865 (fax)
>
>>>> "David W. Maher" <dmaher@xxxxxxx> 8/8/2007 11:01 PM >>>
>I disagree strongly with this statement.
>
>At 05:32 PM 8/8/2007, Metalitz, Steven wrote:
>>Regarding lines 689-691, it occurs to me that there is considerable
>>support, and perhaps even agreement (though I am sure not unanimity),
>>for the following statement: "OPOC implementation should wait until a
>>viable and broadly supported mechanism for access under this section
>has
>>been developed."
>
>There is no need for further study as proposed in the following:
>
>"I would also call attention to the GAC proposal for a study  to
>"gather
>information on gTLD registrations and registrants and how Whois data
>is
>used and misused."  This should also be listed as a topic for further
>study in Section 8."
>
>The study is now available at:
><http://sanjuan2007.icann.org/files/sanjuan/ssac-whois-study-25Jun2007.pdf>http://sanjuan2007.icann.org/files/sanjuan/ssac-whois-study-25Jun2007.pdf.
>
>
>
>David W. Maher
>Senior Vice President - Law & Policy
>Public Interest Registry
>1775 Wiehle Ave, #102A
>Reston, VA 20190  USA
>(v) +1-312-876-8055
>(f)  +1-312-876-7934
>http://www.pir.org
>
>CONFIDENTIALITY NOTE:
>This e-mail and any attachments are confidential and may be protected
>by legal privilege. If you are not the intended recipient, be aware
>that any disclosure, copying, distribution or use of this e-mail or
>any attachment is prohibited. If you have received this e-mail in
>error, please notify us immediately by returning it to the sender and
>deleting this copy from your system. Thank you for your cooperation.