Hello All, Attached is the Public Whois information associated with the following domain names seized by the US Department of Justice, see https://www.justice.gov/opa/pr/justice-department-disrupts-russian-intellige... You will see that most of these domain names appear to have been using a privacy/proxy service. Best regards, Michael

And for a third point of view on this, it doesn't matter for purposes of implementing the policy if P/P services are sometimes/often/never used by bad actors or are a good/bad idea. The existential question of whether or not P/P services should allowed is not in scope for the IRT. I hope that the IRT can get back on track and identify, with a basis beyond opinion or a desire to relitigate old issues lost during the PDP, anything that may need a fresh policy look due to changes in the technology, law, etc. since the policy was adopted. Best, Paul From: Owen Smigelski via Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl@icann.org> Sent: Thursday, October 17, 2024 12:01 PM To: PPSAI IRT members, including observers <gdd-gnso-ppsai-impl@icann.org> Cc: michael palage.com <michael@palage.com>; Owen Smigelski <owen.smigelski@namecheap.com> Subject: [Gdd-gnso-ppsai-impl] Re: Factual Data for Our Consideration I would like to highlight that this is anecdotal observations and not factual data. This is a very small subset of the likely hundred+ million domain names that use privacy/proxy services for legitimate purposes, including palage.com<http://palage.com/>. The article also repeatedly highlights how the FBI thanked private partners who worked with the FBI to address this issue: "This seizure is part of a coordinated response with our private sector partners to dismantle the infrastructure that cyber espionage actors use to attack U.S. and international targets," said U.S. Attorney Ismail J. Ramsey for the Northern District of California. "We thank all of our private-sector partners for their diligence in analyzing, publicizing, and combating the threat posed by these illicit state-coordinated actions in the Northern District of California, across the United States, and around the world." Again, I cannot comment on any involvement of Namecheap in this matter, but it appears that the FBI does not have any concerns with the use of privacy/proxy services for the seized domains. I am not sure what this intervention means to show. Are you implying that the bad actors only did the bad stuff because they were able to use a privacy or proxy service? On Oct 17, 2024, at 09:46, michael palage.com via Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org>> wrote: CAUTION: This email originated from outside the organization. Do not click links unless you can confirm the sender and know the content is safe. Hello All, Attached is the Public Whois information associated with the following domain names seized by the US Department of Justice, seehttps://www.justice.gov/opa/pr/justice-department-disrupts-russian-intellige... You will see that most of these domain names appear to have been using a privacy/proxy service. Best regards, Michael <Whois-Records.pdf>_______________________________________________ Gdd-gnso-ppsai-impl mailing list -- gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org> To unsubscribe send an email to gdd-gnso-ppsai-impl-leave@icann.org<mailto:gdd-gnso-ppsai-impl-leave@icann.org> _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. This email originated from outside the firm. Please use caution.

Hello Owen and Paul, First, I want to address Owen's statement that my previous email included "anecdotal observations." When the US Department of Justice seized over 40 domain names involved in a Russian Intelligence spear-phishing effort and then issued a press release. I do not believe that DoJ seizes domain names on "anecdotal observations." After reading that press release, I decided to do "research" and query the public Whois/RDDS information with each domain to document that information. As indicated in that PDF document, most of those domains where registered to your employer, NameCheap, and indicated an address with a Privacy/Proxy service also associated with NameCheap. I believe we should be able to agree on these "facts." While Owen referred to the New York Times article as a hack, I actually would encourage all IRT members to read it, see https://www.nytimes.com/2024/10/09/business/iceland-online-disinformation-id... I respect that you cannot comment on an ongoing investigation or legal proceeding. However, I "assume" based on the press release that NameCheap cooperated with the DoJ/FBI. While that was the right thing to do, it was also a smart thing to do. Now, I do want to address you and other Registrars' statements about his being just a handful of names. I would appreciate if the Contracting Parties could provide a number on want percentage of 362 million domain name registered do they view as being involved with criminal or harmful activity is acceptable? So while, 40 domain names did not cross your threshold, how about 300,000 domain names? ICANN recently credited an ICANN-accredited Registrar over $57,000 in connection with over 300,000 names that were registered using fraudulent credit cards, see https://www.icann.org/en/system/files/correspondence/weinstein-to-palage-07o.... I know the Registries and Registrars are collectively working on this problem as it does not appear to be a one-off problem but a more systemic one. Perhaps one of the Registries or Registrars on the IRT could reach out and ask if these 300,000 names were registered using a privacy/proxy service. If we could confirm this "fact." Hopefully we could all agree that it would be something material regarding the concerns about the use of proxy/privacy services in connection with DNS Abuse. This is the final response to Owen's email. Thanks for the heads-up regarding PALAGE.COM. I do not recall opting for that setting. Roger, as a GoDaddy customer, perhaps you can shed some light on how that status changed. I do not recall knowingly making this change. I think this topic deserves further discussion if, as Volker stated on today's call, some registrars default all registrations to privacy/proxy. Owen you will be happy to know public Whois/RDDS in connection PALAGE.COM is now available just like it was before. Turning to Paul's intervention. I think we are in agreement that the focus of the IRT needs to be about implementation. But as myself, Alan, Steve and others have tried to articulate, there have been a lot of material changes since this original PDP began almost 13 years ago. This sub-group is trying to convey these factual changes and bring them to the attention of the GNSO Council. And the reason for this is crucial and I hope that you please forward this email to the GNSO Council to bring this to their attention. Recital 111 to NIS 2.0 included the following text, "TLD name registries and entities providing domain name registration services should establish policies and procedures to collect and maintain accurate and complete domain name registration data, as well as to prevent and correct inaccurate registration data, in accordance with Union data protection law. Those policies and procedures should take into account, to the extent possible, the standards developed by the multi-stakeholder governance structures at international level." (emphasis added). Elena Plexida from ICANN Org, in briefing the Registrars and Registry about NIS 2.0, expressed frustration about what the term "to the extent possible" means. I think we have a front-row seat to how that language in NIS 2.0 will be interpreted. My personal hope is that we, as an IRT, can recognize some of the changes that have happened over the past 13 years and communicate this to the GNSO Council to get proper guidance. While that is my hope, I believe the more likely outcome is the contracting parties that constitute over half of the active membership in this IRT will block any changes that might lead to additional operating costs. Now if the IRT, GNSO Council, and ICANN decide not to address some of the issues that Steve, Alan, myself and others have properly raised, whether on procedural or substantive grounds, I can live with that. I just want the record to reflect that fact. Because this decision can then be communicated to the Cooperation Group, so that if they are ever confronted with a situation to interpret Recital 111 in connection with this subject matter, they will have the proper information to make their determination. Best regards, Michael From: Paul McGrady <paul@elstermcgrady.com> Sent: Thursday, October 17, 2024 3:05 PM To: PPSAI IRT members, including observers <gdd-gnso-ppsai-impl@icann.org> Cc: michael palage.com <michael@palage.com>; Owen Smigelski <owen.smigelski@namecheap.com> Subject: RE: [Gdd-gnso-ppsai-impl] Re: Factual Data for Our Consideration And for a third point of view on this, it doesn't matter for purposes of implementing the policy if P/P services are sometimes/often/never used by bad actors or are a good/bad idea. The existential question of whether or not P/P services should allowed is not in scope for the IRT. I hope that the IRT can get back on track and identify, with a basis beyond opinion or a desire to relitigate old issues lost during the PDP, anything that may need a fresh policy look due to changes in the technology, law, etc. since the policy was adopted. Best, Paul From: Owen Smigelski via Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org>> Sent: Thursday, October 17, 2024 12:01 PM To: PPSAI IRT members, including observers <gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org>> Cc: michael palage.com <michael@palage.com<mailto:michael@palage.com>>; Owen Smigelski <owen.smigelski@namecheap.com<mailto:owen.smigelski@namecheap.com>> Subject: [Gdd-gnso-ppsai-impl] Re: Factual Data for Our Consideration I would like to highlight that this is anecdotal observations and not factual data. This is a very small subset of the likely hundred+ million domain names that use privacy/proxy services for legitimate purposes, including palage.com<http://palage.com/>. The article also repeatedly highlights how the FBI thanked private partners who worked with the FBI to address this issue: "This seizure is part of a coordinated response with our private sector partners to dismantle the infrastructure that cyber espionage actors use to attack U.S. and international targets," said U.S. Attorney Ismail J. Ramsey for the Northern District of California. "We thank all of our private-sector partners for their diligence in analyzing, publicizing, and combating the threat posed by these illicit state-coordinated actions in the Northern District of California, across the United States, and around the world." Again, I cannot comment on any involvement of Namecheap in this matter, but it appears that the FBI does not have any concerns with the use of privacy/proxy services for the seized domains. I am not sure what this intervention means to show. Are you implying that the bad actors only did the bad stuff because they were able to use a privacy or proxy service? On Oct 17, 2024, at 09:46, michael palage.com via Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org>> wrote: CAUTION: This email originated from outside the organization. Do not click links unless you can confirm the sender and know the content is safe. Hello All, Attached is the Public Whois information associated with the following domain names seized by the US Department of Justice, seehttps://www.justice.gov/opa/pr/justice-department-disrupts-russian-intellige... You will see that most of these domain names appear to have been using a privacy/proxy service. Best regards, Michael <Whois-Records.pdf>_______________________________________________ Gdd-gnso-ppsai-impl mailing list -- gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org> To unsubscribe send an email to gdd-gnso-ppsai-impl-leave@icann.org<mailto:gdd-gnso-ppsai-impl-leave@icann.org> _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. This email originated from outside the firm. Please use caution.

Hi all, I don't think we should forward individual emails to the GNSO council. If we started doing that... Michael is right when he states the NIS2 recitals recommend following the ICANN moldel with regard to the verification processes and policies. This is why I have been saying all along that the output of the PPSAI-WG should be updated to take into account all the good work that the ICANN community has done in the intervening years. The recital also means that it considers the ICANN processes and policies as a good model, and as NIS2 applies equally to PP service providers, we should ensure that these providers have to comply with the same processes and policies with regard to verification and disclosure that applies to contracted parties. No more, no less. I agree it will be "interesting" (as in: "may you live in interesting times") to see how each country will interpret NIS2 in slightly different but valid ways, how courts will interpret those interpretations and how we as providers of registration services will be expected to work within these varying concepts. But those should not be the concern of our work. Regulation is one thing, ICAN policy another. There is no need to create policy for what is already regulated. And finally, as to the quality of the NYT article that reads liike an NYP article: Just count how many times they felt the need to include references to the penis museum Regus (a virtual office provider) in the article compared with how many times they acknowledge that the address is in fact a virtual office site shared by thousands of companies. "Oh, how risqué! It is slightly sexual!"! Quality journalism indeed. Pulitzer-worthy, I am sure... Sincerely, Volker Greimann General Counsel & Head of Policy and Compliance - Online Division volker.greimann@centralnic.com Office: +49-172-6367025 Web: www.teaminternet.com Team Internet Group PLC (AIM:TIG). Registered Office: 4th Floor, Saddlers House, 44 Gutter Lane, London, United Kingdom, EC2V 6BR. Team Internet is a company registered in England and Wales with the company number 8576358. ________________________________ From: michael palage.com via Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl@icann.org> Sent: 18 October 2024 12:31 AM To: Paul McGrady <paul@elstermcgrady.com>; PPSAI IRT members, including observers <gdd-gnso-ppsai-impl@icann.org>; Elena Plexida <elena.plexida@icann.org> Cc: Owen Smigelski <owen.smigelski@namecheap.com>; michael palage.com <michael@palage.com> Subject: [Gdd-gnso-ppsai-impl] Re: Factual Data for Our Consideration Hello Owen and Paul, First, I want to address Owen’s statement that my previous email included “anecdotal observations.” When the US Department of Justice seized over 40 domain names involved in a Russian Intelligence spear-phishing effort and then issued a press release. I do not believe that DoJ seizes domain names on “anecdotal observations.” After reading that press release, I decided to do “research” and query the public Whois/RDDS information with each domain to document that information. As indicated in that PDF document, most of those domains where registered to your employer, NameCheap, and indicated an address with a Privacy/Proxy service also associated with NameCheap. I believe we should be able to agree on these “facts.” While Owen referred to the New York Times article as a hack, I actually would encourage all IRT members to read it, see https://www.nytimes.com/2024/10/09/business/iceland-online-disinformation-id... I respect that you cannot comment on an ongoing investigation or legal proceeding. However, I “assume” based on the press release that NameCheap cooperated with the DoJ/FBI. While that was the right thing to do, it was also a smart thing to do. Now, I do want to address you and other Registrars' statements about his being just a handful of names. I would appreciate if the Contracting Parties could provide a number on want percentage of 362 million domain name registered do they view as being involved with criminal or harmful activity is acceptable? So while, 40 domain names did not cross your threshold, how about 300,000 domain names? ICANN recently credited an ICANN-accredited Registrar over $57,000 in connection with over 300,000 names that were registered using fraudulent credit cards, see https://www.icann.org/en/system/files/correspondence/weinstein-to-palage-07o.... I know the Registries and Registrars are collectively working on this problem as it does not appear to be a one-off problem but a more systemic one. Perhaps one of the Registries or Registrars on the IRT could reach out and ask if these 300,000 names were registered using a privacy/proxy service. If we could confirm this “fact.” Hopefully we could all agree that it would be something material regarding the concerns about the use of proxy/privacy services in connection with DNS Abuse. This is the final response to Owen’s email. Thanks for the heads-up regarding PALAGE.COM. I do not recall opting for that setting. Roger, as a GoDaddy customer, perhaps you can shed some light on how that status changed. I do not recall knowingly making this change. I think this topic deserves further discussion if, as Volker stated on today’s call, some registrars default all registrations to privacy/proxy. Owen you will be happy to know public Whois/RDDS in connection PALAGE.COM is now available just like it was before. Turning to Paul’s intervention. I think we are in agreement that the focus of the IRT needs to be about implementation. But as myself, Alan, Steve and others have tried to articulate, there have been a lot of material changes since this original PDP began almost 13 years ago. This sub-group is trying to convey these factual changes and bring them to the attention of the GNSO Council. And the reason for this is crucial and I hope that you please forward this email to the GNSO Council to bring this to their attention. Recital 111 to NIS 2.0 included the following text, “TLD name registries and entities providing domain name registration services should establish policies and procedures to collect and maintain accurate and complete domain name registration data, as well as to prevent and correct inaccurate registration data, in accordance with Union data protection law. Those policies and procedures should take into account, to the extent possible, the standards developed by the multi-stakeholder governance structures at international level.” (emphasis added). Elena Plexida from ICANN Org, in briefing the Registrars and Registry about NIS 2.0, expressed frustration about what the term “to the extent possible" means. I think we have a front-row seat to how that language in NIS 2.0 will be interpreted. My personal hope is that we, as an IRT, can recognize some of the changes that have happened over the past 13 years and communicate this to the GNSO Council to get proper guidance. While that is my hope, I believe the more likely outcome is the contracting parties that constitute over half of the active membership in this IRT will block any changes that might lead to additional operating costs. Now if the IRT, GNSO Council, and ICANN decide not to address some of the issues that Steve, Alan, myself and others have properly raised, whether on procedural or substantive grounds, I can live with that. I just want the record to reflect that fact. Because this decision can then be communicated to the Cooperation Group, so that if they are ever confronted with a situation to interpret Recital 111 in connection with this subject matter, they will have the proper information to make their determination. Best regards, Michael From: Paul McGrady <paul@elstermcgrady.com> Sent: Thursday, October 17, 2024 3:05 PM To: PPSAI IRT members, including observers <gdd-gnso-ppsai-impl@icann.org> Cc: michael palage.com <michael@palage.com>; Owen Smigelski <owen.smigelski@namecheap.com> Subject: RE: [Gdd-gnso-ppsai-impl] Re: Factual Data for Our Consideration And for a third point of view on this, it doesn’t matter for purposes of implementing the policy if P/P services are sometimes/often/never used by bad actors or are a good/bad idea. The existential question of whether or not P/P services should allowed is not in scope for the IRT. I hope that the IRT can get back on track and identify, with a basis beyond opinion or a desire to relitigate old issues lost during the PDP, anything that may need a fresh policy look due to changes in the technology, law, etc. since the policy was adopted. Best, Paul From: Owen Smigelski via Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org>> Sent: Thursday, October 17, 2024 12:01 PM To: PPSAI IRT members, including observers <gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org>> Cc: michael palage.com <michael@palage.com<mailto:michael@palage.com>>; Owen Smigelski <owen.smigelski@namecheap.com<mailto:owen.smigelski@namecheap.com>> Subject: [Gdd-gnso-ppsai-impl] Re: Factual Data for Our Consideration I would like to highlight that this is anecdotal observations and not factual data. This is a very small subset of the likely hundred+ million domain names that use privacy/proxy services for legitimate purposes, including palage.com<http://palage.com/>. The article also repeatedly highlights how the FBI thanked private partners who worked with the FBI to address this issue: “This seizure is part of a coordinated response with our private sector partners to dismantle the infrastructure that cyber espionage actors use to attack U.S. and international targets,” said U.S. Attorney Ismail J. Ramsey for the Northern District of California. “We thank all of our private-sector partners for their diligence in analyzing, publicizing, and combating the threat posed by these illicit state-coordinated actions in the Northern District of California, across the United States, and around the world.” Again, I cannot comment on any involvement of Namecheap in this matter, but it appears that the FBI does not have any concerns with the use of privacy/proxy services for the seized domains. I am not sure what this intervention means to show. Are you implying that the bad actors only did the bad stuff because they were able to use a privacy or proxy service? On Oct 17, 2024, at 09:46, michael palage.com via Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org>> wrote: CAUTION: This email originated from outside the organization. Do not click links unless you can confirm the sender and know the content is safe. Hello All, Attached is the Public Whois information associated with the following domain names seized by the US Department of Justice, seehttps://www.justice.gov/opa/pr/justice-department-disrupts-russian-intellige... You will see that most of these domain names appear to have been using a privacy/proxy service. Best regards, Michael <Whois-Records.pdf>_______________________________________________ Gdd-gnso-ppsai-impl mailing list -- gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org> To unsubscribe send an email to gdd-gnso-ppsai-impl-leave@icann.org<mailto:gdd-gnso-ppsai-impl-leave@icann.org> _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. This email originated from outside the firm. Please use caution.

Owen, When I was re-reading my previous email, I realized that I should have said "sponsored by your employer" instead of "registered to your employer" as the Whois/RDDS records indicated. My apologizes for any confusion. However, I then thought about our IRT discussions about the inexact definition of privacy and proxy services. Could you shed any light on whether these domain names were registered to a NameCheap proxy service and then licensed to the beneficial user, or were these domains associated with a privacy service? I believe Dennis made reference to having privacy and proxy services present during our ICANN81 session. If I heard Dennis correctly, could ICANN Org please share any information on who these privacy/proxy servicers will be? Have a nice weekend. Best regards, Michael From: michael palage.com Sent: Thursday, October 17, 2024 6:31 PM To: Paul McGrady <paul@elstermcgrady.com>; PPSAI IRT members, including observers <gdd-gnso-ppsai-impl@icann.org>; Elena Plexida <elena.plexida@icann.org> Cc: Owen Smigelski <owen.smigelski@namecheap.com> Subject: RE: [Gdd-gnso-ppsai-impl] Re: Factual Data for Our Consideration Hello Owen and Paul, First, I want to address Owen's statement that my previous email included "anecdotal observations." When the US Department of Justice seized over 40 domain names involved in a Russian Intelligence spear-phishing effort and then issued a press release. I do not believe that DoJ seizes domain names on "anecdotal observations." After reading that press release, I decided to do "research" and query the public Whois/RDDS information with each domain to document that information. As indicated in that PDF document, most of those domains where registered to your employer, NameCheap, and indicated an address with a Privacy/Proxy service also associated with NameCheap. I believe we should be able to agree on these "facts." While Owen referred to the New York Times article as a hack, I actually would encourage all IRT members to read it, see https://www.nytimes.com/2024/10/09/business/iceland-online-disinformation-id... I respect that you cannot comment on an ongoing investigation or legal proceeding. However, I "assume" based on the press release that NameCheap cooperated with the DoJ/FBI. While that was the right thing to do, it was also a smart thing to do. Now, I do want to address you and other Registrars' statements about his being just a handful of names. I would appreciate if the Contracting Parties could provide a number on want percentage of 362 million domain name registered do they view as being involved with criminal or harmful activity is acceptable? So while, 40 domain names did not cross your threshold, how about 300,000 domain names? ICANN recently credited an ICANN-accredited Registrar over $57,000 in connection with over 300,000 names that were registered using fraudulent credit cards, see https://www.icann.org/en/system/files/correspondence/weinstein-to-palage-07o.... I know the Registries and Registrars are collectively working on this problem as it does not appear to be a one-off problem but a more systemic one. Perhaps one of the Registries or Registrars on the IRT could reach out and ask if these 300,000 names were registered using a privacy/proxy service. If we could confirm this "fact." Hopefully we could all agree that it would be something material regarding the concerns about the use of proxy/privacy services in connection with DNS Abuse. This is the final response to Owen's email. Thanks for the heads-up regarding PALAGE.COM. I do not recall opting for that setting. Roger, as a GoDaddy customer, perhaps you can shed some light on how that status changed. I do not recall knowingly making this change. I think this topic deserves further discussion if, as Volker stated on today's call, some registrars default all registrations to privacy/proxy. Owen you will be happy to know public Whois/RDDS in connection PALAGE.COM is now available just like it was before. Turning to Paul's intervention. I think we are in agreement that the focus of the IRT needs to be about implementation. But as myself, Alan, Steve and others have tried to articulate, there have been a lot of material changes since this original PDP began almost 13 years ago. This sub-group is trying to convey these factual changes and bring them to the attention of the GNSO Council. And the reason for this is crucial and I hope that you please forward this email to the GNSO Council to bring this to their attention. Recital 111 to NIS 2.0 included the following text, "TLD name registries and entities providing domain name registration services should establish policies and procedures to collect and maintain accurate and complete domain name registration data, as well as to prevent and correct inaccurate registration data, in accordance with Union data protection law. Those policies and procedures should take into account, to the extent possible, the standards developed by the multi-stakeholder governance structures at international level." (emphasis added). Elena Plexida from ICANN Org, in briefing the Registrars and Registry about NIS 2.0, expressed frustration about what the term "to the extent possible" means. I think we have a front-row seat to how that language in NIS 2.0 will be interpreted. My personal hope is that we, as an IRT, can recognize some of the changes that have happened over the past 13 years and communicate this to the GNSO Council to get proper guidance. While that is my hope, I believe the more likely outcome is the contracting parties that constitute over half of the active membership in this IRT will block any changes that might lead to additional operating costs. Now if the IRT, GNSO Council, and ICANN decide not to address some of the issues that Steve, Alan, myself and others have properly raised, whether on procedural or substantive grounds, I can live with that. I just want the record to reflect that fact. Because this decision can then be communicated to the Cooperation Group, so that if they are ever confronted with a situation to interpret Recital 111 in connection with this subject matter, they will have the proper information to make their determination. Best regards, Michael From: Paul McGrady <paul@elstermcgrady.com<mailto:paul@elstermcgrady.com>> Sent: Thursday, October 17, 2024 3:05 PM To: PPSAI IRT members, including observers <gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org>> Cc: michael palage.com <michael@palage.com<mailto:michael@palage.com>>; Owen Smigelski <owen.smigelski@namecheap.com<mailto:owen.smigelski@namecheap.com>> Subject: RE: [Gdd-gnso-ppsai-impl] Re: Factual Data for Our Consideration And for a third point of view on this, it doesn't matter for purposes of implementing the policy if P/P services are sometimes/often/never used by bad actors or are a good/bad idea. The existential question of whether or not P/P services should allowed is not in scope for the IRT. I hope that the IRT can get back on track and identify, with a basis beyond opinion or a desire to relitigate old issues lost during the PDP, anything that may need a fresh policy look due to changes in the technology, law, etc. since the policy was adopted. Best, Paul From: Owen Smigelski via Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org>> Sent: Thursday, October 17, 2024 12:01 PM To: PPSAI IRT members, including observers <gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org>> Cc: michael palage.com <michael@palage.com<mailto:michael@palage.com>>; Owen Smigelski <owen.smigelski@namecheap.com<mailto:owen.smigelski@namecheap.com>> Subject: [Gdd-gnso-ppsai-impl] Re: Factual Data for Our Consideration I would like to highlight that this is anecdotal observations and not factual data. This is a very small subset of the likely hundred+ million domain names that use privacy/proxy services for legitimate purposes, including palage.com<http://palage.com/>. The article also repeatedly highlights how the FBI thanked private partners who worked with the FBI to address this issue: "This seizure is part of a coordinated response with our private sector partners to dismantle the infrastructure that cyber espionage actors use to attack U.S. and international targets," said U.S. Attorney Ismail J. Ramsey for the Northern District of California. "We thank all of our private-sector partners for their diligence in analyzing, publicizing, and combating the threat posed by these illicit state-coordinated actions in the Northern District of California, across the United States, and around the world." Again, I cannot comment on any involvement of Namecheap in this matter, but it appears that the FBI does not have any concerns with the use of privacy/proxy services for the seized domains. I am not sure what this intervention means to show. Are you implying that the bad actors only did the bad stuff because they were able to use a privacy or proxy service? On Oct 17, 2024, at 09:46, michael palage.com via Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org>> wrote: CAUTION: This email originated from outside the organization. Do not click links unless you can confirm the sender and know the content is safe. Hello All, Attached is the Public Whois information associated with the following domain names seized by the US Department of Justice, seehttps://www.justice.gov/opa/pr/justice-department-disrupts-russian-intellige... You will see that most of these domain names appear to have been using a privacy/proxy service. Best regards, Michael <Whois-Records.pdf>_______________________________________________ Gdd-gnso-ppsai-impl mailing list -- gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org> To unsubscribe send an email to gdd-gnso-ppsai-impl-leave@icann.org<mailto:gdd-gnso-ppsai-impl-leave@icann.org> _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. This email originated from outside the firm. Please use caution.