ICANN ICANN Email List Archives


<<< Chronological Index >>>    <<< Thread Index >>>

Anti-Phishing Working Group comments in ICANN WHOIS

  • To: whois-comments-2007@xxxxxxxxx
  • Subject: Anti-Phishing Working Group comments in ICANN WHOIS
  • From: laura.mather@xxxxxxxxxxxxxxxx
  • Date: Fri, 19 Oct 2007 13:57:37 -0700 (PDT)

The Anti-Phishing Working Group (APWG) recognizes that there are
significant concerns about the state of the WHOIS system.  We acknowledge
that there are many groups that are disturbed by the lack of privacy
protection in the current system.  The APWG hopes that a solution can be
found that addresses the concerns of the privacy advocates while
maintaining access for the organizations that are combating Internet fraud
and other types of infringements.
 While the OPoC proposal has some merit, there are certain aspects to the
current document that may be detrimental to the fight against phishing. 
Examples of these are:
 -           Full access to unpublished records: antiphishing
organizations use WHOIS data to detect and investigate suspected phishing
sites and would need continued access to this data to maintain the
current level of security of consumers on the Internet.  It should be
noted that while law enforcement is definitely involved in the
identification and prosecution of the phishers, it is the brand owners
themselves and third party antiphishing organizations that do most of the
work to get phish sites shut down.  Therefore, access to this data by law
enforcement is necessary, but it is also necessary to give access to the
antiphishing organizations.
 -           Reveal and remedy time frames: the time frame of action of a
phish site averages less than 10 hours in most cases. This includes
investigating the site and working with the site owner, ISP, registrar,
or registry to mitigate the problem.  Therefore, the time frame for
revealing and remedying a site being used for fraudulent purposes would
need to be very short (a few hours).  This is especially true if a lack
of response from the OPoC means contacting the registrar which incurs
more time.
  The APWG would be interested in participating in additional groups or
studies that are commenced as a result of the current initiative.  Thank
you for your consideration of these points.

Laura Mather
Managing Director of Operational Policy
Anti-Phishing Working Group

<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy