Derek... might I suggest you consider joining the ALAC WHOIS-WG see https://st.icann.org/alac/index.cgi?at_large_policy_working_groups And https://st.icann.org/gnso-liaison/index.cgi?whois_policy As your contribution and opinions would be most useful in assisting them with their revitalizing policy work... Kindest regards, Cheryl Langdon-Orr (CLO) -----Original Message----- From: alac-bounces@atlarge-lists.icann.org [mailto:alac-bounces@atlarge-lists.icann.org] On Behalf Of Derek Smythe Sent: Saturday, 23 February 2008 3:44 AM To: alac@atlarge-lists.icann.org Subject: Re: [At-Large] Whois privacy Hi all The strangest is that by law, the regulators of many countries specifically require all businesses to publish details regarding themselves on their website if they have one. Many do not, many have no other contact mechanism than a webform. However many of these sites have private registrations. This is a red flag. Remember not all criminals are just spammers and phishers. We also see websites selling non-existent goods, websites set up to act as escrow sites for the non-existent goods and websites pretending to be courier companies that will transport the non existent goods. The same gangs will also set up job scam sites where moneymules will be recruited. We see fake lotteries, fake banks, fake lawyers, even the United Nations, FBI, CIA and Interpol spoofed in other types of scams. These domains are registered with stolen credit card details, by Western Union or other untraceable means. Many of them are in fact hosted on fastflux networks. As such, not to distract from the seriousness of spamming and phishing websites, there are other types of criminal abuse of the internet. In fact many times the same parties are behind these scams as in spam, however each scam type is serving a different purpose and are just part of one larger machine to defraud victims. The biggest problem is that cyber criminals are the early adopters of new technology, privacy protection being no exception. This causes a major problem for the contemplated legitimate users of privacy protection in this case and is one of the reasons why we will most likely remain in a stalemate situation regarding whois privacy. Many registrars are reluctant to act on reports of fake whois and fraud. However fake whois and fraud is discussed in http://www.icann.org/announcements/advisory-03apr03.htm, deliberate fake whois details are also discussed in http://www.icann.org/announcements/advisory-10may02.htm Registrars and indeed the ICANN perspective is that this is a LEA issue and tend to pass the buck, forgetting we have fake whois issue. I have yet to see a criminal website set up with real and valid details, whois details included. At AA419 we have seen domains registered by innocent victims of identity theft, their details appearing in whois details for a domain they are not even aware of. Americans appear to be good prey! These details were not obtained via whois lookups, many of them do not even know how to register a domain. They would have been unaware of compromised credit cards and personal information, were it not for their details appearing in a domain registration. Reality is I am a great supporter of whois privacy. However, to make this work, we would first need to fix the current system and the problem of thousands of fake domain registrations flowing into the system, define mechanisms for dealing with fake whois, enforce immediate domain cancellations where we have clear proof criminal activity and setup the mechanisms to deal with these domains in a timely manner - remember two weeks or 15 days is a lifetime for a scam domain and not appropriate. We also need to identify mechanisms to deal with private registrations where such domains are used for criminal activity. We also need mechanisms to be able to contact the privacy provider themselves. We needs mechanisms to effectively escalate details of criminals activity worldwide. Only once we have this problem under control, can we actually proceed to whois privacy. Without this, we have a house without a foundation. The other aspect of this issue is that the methods used to defraud innocent people are changing daily, being dynamic is the nature of the internet. On the other hand policy makers are simply not dynamic enough. As far as I know, no country condones theft - stealing a victim's money here in this case. Why then should there be a problem formulating policy in this regard. Regards Derek Smythe http://www.aa419.org Jeffrey A. Williams wrote:
Bill and all my friends,
..... .....
Any and all ligitimate businesses or individuals should be very concerned regarding their privacy regarding personal information due to stalkers, ID thieves ect... This would include protecting their personal information from even LEA's. See for example:http://www.eff.org/blog and most especially from other businesses with well known online business recognition such as Google or LEA's such as the FBI, in some instances...
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org At-Large Official Site: http://www.alac.icann.org ALAC Independent: http://www.icannalac.org