LE/Ops Sec community input- section 3.18 2013 RAA
Dear All, As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2. Best regards, Marika ____________________________ For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars. There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended. Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It¹s a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars¹ obligations as they are currently provided by 3.18. If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies¹ own brands are used by criminals in association with criminal or malicious activity). The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity. Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information.
Marika This is helpful. I would have some issues with an over-simplification of this, however. While taking down domain names that are _solely_ registered for abusive purposes is not an issue for me personally, we have to be very careful. A lot of domain name abuse involves hacking and compromises of CMS without the registrant's knowledge. We (Blacknight) receive reports from Google and most of the security companies about website and server exploits and take action to remove the threat. We will attempt to work with our clients, but will also suspend access to websites etc., should we feel that it is warranted. However, the actual volume of purely malicious domain names that we deal with is negligible. If we receive 100 valid "abuse'' reports only about 1% of them would relate to malicious registrations. The most common vectors we see are things like Wordpress and Joomla CMS being hacked, exploited etc., for the distribution of spam, malware, phishing etc., With respect to who submits reports to us, the vast majority are security companies etc., In the last 10 years we've been contacted by law enforcement / consumer agencies less than 10 times. The issue around LEA reports has been discussed at length in relation to the RAA negotiations and I'd be very wary about opening it up again. Of course we are a small registrar and hosting company, but any policy that ICANN comes up with in this regard should not have a detrimental impact on small businesses that are not causing issues for the DNS ecosystem. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Marika Konings Sent: Monday, June 9, 2014 7:33 PM To: gnso-ppsai-pdp-wg@icann.org Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Dear All, As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2. Best regards, Marika ____________________________ For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars. There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended. Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It's a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars' obligations as they are currently provided by 3.18. If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies' own brands are used by criminals in association with criminal or malicious activity). The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity. Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information.
Hereby please find two additional comments that were received in relation to this topic from law enforcement: 1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required. 2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug Best regards, Marika From: Marika Konings <marika.konings@icann.org> Date: Monday 9 June 2014 20:32 To: "gnso-ppsai-pdp-wg@icann.org" <gnso-ppsai-pdp-wg@icann.org> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Dear All, As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2. Best regards, Marika ____________________________ For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars. There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended. Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It¹s a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars¹ obligations as they are currently provided by 3.18. If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies¹ own brands are used by criminals in association with criminal or malicious activity). The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity. Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information.
Tx Marika, but are there any names associated with these comments - people we can reach out to explore their ideas and comments further? Best, Kathy :
Hereby please find two additional comments that were received in relation to this topic from law enforcement:
1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required.
2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug
Best regards,
Marika
From: Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> Date: Monday 9 June 2014 20:32 To: "gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Dear All,
As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2.
Best regards,
Marika
____________________________
For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars.
There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended.
Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It's a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars' obligations as they are currently provided by 3.18.
If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies' own brands are used by criminals in association with criminal or malicious activity).
The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity.
Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information.
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
--- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
Hi Kathy, Comment #1 was sent by Terri Stumme of the DEA. Comment #2 was sent by Daniel Burke of the FDA. I've suggested to my colleagues in the SSR team that they share the information about the PPSAI F2F meeting in London with their LE/Ops Sec contacts so that if some of the representatives are available they could join the discussions there. Best regards, Marika From: Kathy Kleiman <kathy@kathykleiman.com> Date: Friday 13 June 2014 14:22 To: "gnso-ppsai-pdp-wg@icann.org" <gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Tx Marika, but are there any names associated with these comments - people we can reach out to explore their ideas and comments further? Best, Kathy :
Hereby please find two additional comments that were received in relation to this topic from law enforcement:
1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required.
2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug
Best regards,
Marika
From: Marika Konings <marika.konings@icann.org> Date: Monday 9 June 2014 20:32 To: "gnso-ppsai-pdp-wg@icann.org" <gnso-ppsai-pdp-wg@icann.org> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Dear All,
As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2.
Best regards,
Marika
____________________________
For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars.
There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended.
Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It¹s a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars¹ obligations as they are currently provided by 3.18.
If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies¹ own brands are used by criminals in association with criminal or malicious activity).
The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity.
Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information.
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-ppsai-pd p-wg
<http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus <http://www.avast.com/> protection is active.
Great, tx you Marika. Appreciate the information. Quick question, in addition to the outreach to LE, have you reached out to data protection commissioners and their staffs, particularly in the UK as they will be right there in London. As the Whois Review Team recommended, we should reach out to all sides! Best and tx, Katy :
Hi Kathy,
Comment #1 was sent by Terri Stumme of the DEA. Comment #2 was sent by Daniel Burke of the FDA. I've suggested to my colleagues in the SSR team that they share the information about the PPSAI F2F meeting in London with their LE/Ops Sec contacts so that if some of the representatives are available they could join the discussions there.
Best regards,
Marika
From: Kathy Kleiman <kathy@kathykleiman.com <mailto:kathy@kathykleiman.com>> Date: Friday 13 June 2014 14:22 To: "gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Tx Marika, but are there any names associated with these comments - people we can reach out to explore their ideas and comments further? Best, Kathy :
Hereby please find two additional comments that were received in relation to this topic from law enforcement:
1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required.
2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug
Best regards,
Marika
From: Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> Date: Monday 9 June 2014 20:32 To: "gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Dear All,
As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2.
Best regards,
Marika
____________________________
For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars.
There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended.
Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It's a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars' obligations as they are currently provided by 3.18.
If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies' own brands are used by criminals in association with criminal or malicious activity).
The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity.
Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information.
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
------------------------------------------------------------------------ <http://www.avast.com/>
This email is free from viruses and malware because avast! Antivirus <http://www.avast.com/> protection is active.
--- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
Hi Kathy, We spoke to our SSR colleagues in relation to the request from the WG on section 3.18 and as a result of your comments suggested they inform their community of the meeting so that further questions / comments could possibly be discussed during the meeting. We haven't done any further outreach as that wasn't the objective of our brief (or at least as I had understood it), but please note that the schedule is publicly posted and the information about the meeting can be shared with anyone interested as it is an open session (see http://london50.icann.org/en/schedule/wed-ppsai). I do know that the GNSO schedule of meetings has also been shared with the GAC so possibly the message has already spread further than just the WG. Best regards, Marika From: Kathy Kleiman <kathy@kathykleiman.com> Date: Monday 16 June 2014 13:48 To: Marika Konings <marika.konings@icann.org>, "gnso-ppsai-pdp-wg@icann.org" <gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Great, tx you Marika. Appreciate the information. Quick question, in addition to the outreach to LE, have you reached out to data protection commissioners and their staffs, particularly in the UK as they will be right there in London. As the Whois Review Team recommended, we should reach out to all sides! Best and tx, Katy :
Hi Kathy,
Comment #1 was sent by Terri Stumme of the DEA. Comment #2 was sent by Daniel Burke of the FDA. I've suggested to my colleagues in the SSR team that they share the information about the PPSAI F2F meeting in London with their LE/Ops Sec contacts so that if some of the representatives are available they could join the discussions there.
Best regards,
Marika
From: Kathy Kleiman <kathy@kathykleiman.com> Date: Friday 13 June 2014 14:22 To: "gnso-ppsai-pdp-wg@icann.org" <gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Tx Marika, but are there any names associated with these comments - people we can reach out to explore their ideas and comments further? Best, Kathy :
Hereby please find two additional comments that were received in relation to this topic from law enforcement:
1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required.
2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug
Best regards,
Marika
From: Marika Konings <marika.konings@icann.org> Date: Monday 9 June 2014 20:32 To: "gnso-ppsai-pdp-wg@icann.org" <gnso-ppsai-pdp-wg@icann.org> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Dear All,
As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2.
Best regards,
Marika
____________________________
For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars.
There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended.
Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It¹s a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars¹ obligations as they are currently provided by 3.18.
If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies¹ own brands are used by criminals in association with criminal or malicious activity).
The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity.
Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information.
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-ppsai-p dp-wg
<http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus <http://www.avast.com/> protection is active.
<http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus <http://www.avast.com/> protection is active.
If I remember correctly the last time this type of request/interest came up, the GAC made it clear that any such outreach should come through them. Perhaps best to direct the request to the GAC. From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Monday, June 16, 2014 7:49 AM To: Marika Konings; gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Great, tx you Marika. Appreciate the information. Quick question, in addition to the outreach to LE, have you reached out to data protection commissioners and their staffs, particularly in the UK as they will be right there in London. As the Whois Review Team recommended, we should reach out to all sides! Best and tx, Katy : Hi Kathy, Comment #1 was sent by Terri Stumme of the DEA. Comment #2 was sent by Daniel Burke of the FDA. I've suggested to my colleagues in the SSR team that they share the information about the PPSAI F2F meeting in London with their LE/Ops Sec contacts so that if some of the representatives are available they could join the discussions there. Best regards, Marika From: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Friday 13 June 2014 14:22 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Tx Marika, but are there any names associated with these comments - people we can reach out to explore their ideas and comments further? Best, Kathy : Hereby please find two additional comments that were received in relation to this topic from law enforcement: 1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required. 2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug Best regards, Marika From: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Date: Monday 9 June 2014 20:32 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Dear All, As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2. Best regards, Marika ____________________________ For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars. There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended. Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It's a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars' obligations as they are currently provided by 3.18. If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies' own brands are used by criminals in association with criminal or malicious activity). The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity. Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg ________________________________ [http://static.avast.com/emails/avast-mail-stamp.png]<http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus<http://www.avast.com/> protection is active. ________________________________ [http://static.avast.com/emails/avast-mail-stamp.png]<http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus<http://www.avast.com/> protection is active.
Die Kristina, I find it hard to rely on the GAC on such matters, especially given the experience with the RAA negotiations where many GAC members neglected to check witth their local data protection officers about the suggestions of the LEAs. Having talked with a number of GAC members it seemed they simply did not have the time to check with all institutions and branches in time. I therefore support any direct outreach. Best, Volker Am 16.06.2014 15:31, schrieb Rosette, Kristina:
If I remember correctly the last time this type of request/interest came up, the GAC made it clear that any such outreach should come through them. Perhaps best to direct the request to the GAC.
*From:*gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] *On Behalf Of *Kathy Kleiman *Sent:* Monday, June 16, 2014 7:49 AM *To:* Marika Konings; gnso-ppsai-pdp-wg@icann.org *Subject:* Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Great, tx you Marika. Appreciate the information. Quick question, in addition to the outreach to LE, have you reached out to data protection commissioners and their staffs, particularly in the UK as they will be right there in London. As the Whois Review Team recommended, we should reach out to all sides! Best and tx, Katy
:
Hi Kathy,
Comment #1 was sent by Terri Stumme of the DEA. Comment #2 was sent by Daniel Burke of the FDA. I've suggested to my colleagues in the SSR team that they share the information about the PPSAI F2F meeting in London with their LE/Ops Sec contacts so that if some of the representatives are available they could join the discussions there.
Best regards,
Marika
*From: *Kathy Kleiman <kathy@kathykleiman.com <mailto:kathy@kathykleiman.com>> *Date: *Friday 13 June 2014 14:22 *To: *"gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> *Subject: *Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Tx Marika, but are there any names associated with these comments - people we can reach out to explore their ideas and comments further? Best, Kathy :
Hereby please find two additional comments that were received in relation to this topic from law enforcement:
1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required.
2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug
Best regards,
Marika
*From: *Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> *Date: *Monday 9 June 2014 20:32 *To: *"gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> *Subject: *[Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Dear All,
As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2.
Best regards,
Marika
____________________________
For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars.
There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended.
Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It's a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars' obligations as they are currently provided by 3.18.
If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies' own brands are used by criminals in association with criminal or malicious activity).
The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity.
Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information.
_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
------------------------------------------------------------------------
This email is free from viruses and malware because avast! Antivirus <http://www.avast.com/> protection is active.
------------------------------------------------------------------------
This email is free from viruses and malware because avast! Antivirus <http://www.avast.com/> protection is active.
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
I'm not suggesting that we rely on the GAC for the specific input. I'm saying that the GAC should be advised that the PPSAI WG seeks the input of data protection officers (if that's what we agree we want) and request the assistance of the relevant GAC members in facilitating that interaction (or, in the alternative, tell us that the contact should be made directly). From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Volker Greimann Sent: Monday, June 16, 2014 9:35 AM To: gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Die Kristina, I find it hard to rely on the GAC on such matters, especially given the experience with the RAA negotiations where many GAC members neglected to check witth their local data protection officers about the suggestions of the LEAs. Having talked with a number of GAC members it seemed they simply did not have the time to check with all institutions and branches in time. I therefore support any direct outreach. Best, Volker Am 16.06.2014 15:31, schrieb Rosette, Kristina: If I remember correctly the last time this type of request/interest came up, the GAC made it clear that any such outreach should come through them. Perhaps best to direct the request to the GAC. From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Monday, June 16, 2014 7:49 AM To: Marika Konings; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Great, tx you Marika. Appreciate the information. Quick question, in addition to the outreach to LE, have you reached out to data protection commissioners and their staffs, particularly in the UK as they will be right there in London. As the Whois Review Team recommended, we should reach out to all sides! Best and tx, Katy : Hi Kathy, Comment #1 was sent by Terri Stumme of the DEA. Comment #2 was sent by Daniel Burke of the FDA. I've suggested to my colleagues in the SSR team that they share the information about the PPSAI F2F meeting in London with their LE/Ops Sec contacts so that if some of the representatives are available they could join the discussions there. Best regards, Marika From: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Friday 13 June 2014 14:22 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Tx Marika, but are there any names associated with these comments - people we can reach out to explore their ideas and comments further? Best, Kathy : Hereby please find two additional comments that were received in relation to this topic from law enforcement: 1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required. 2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug Best regards, Marika From: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Date: Monday 9 June 2014 20:32 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Dear All, As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2. Best regards, Marika ____________________________ For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars. There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended. Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It's a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars' obligations as they are currently provided by 3.18. If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies' own brands are used by criminals in association with criminal or malicious activity). The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity. Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg ________________________________ [http://static.avast.com/emails/avast-mail-stamp.png]<http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus<http://www.avast.com/> protection is active. ________________________________ [http://static.avast.com/emails/avast-mail-stamp.png]<http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus<http://www.avast.com/> protection is active. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
I don't know if this is true for all countries, but I'm aware that in several countries, LE officials are *required* (I'm not sure if it's by formal policy or informal convention) to check with or go through their GAC (e.g., get clearance) in order to participate in working groups. John Horton President, LegitScript *Follow LegitScript*: LinkedIn <http://www.linkedin.com/company/legitscript-com> | Facebook <https://www.facebook.com/LegitScript> | Twitter <https://twitter.com/legitscript> | YouTube <https://www.youtube.com/user/LegitScript> | *Blog <http://blog.legitscript.com>* | Google+ <https://plus.google.com/112436813474708014933/posts> On Mon, Jun 16, 2014 at 6:39 AM, Rosette, Kristina <krosette@cov.com> wrote:
I’m not suggesting that we rely on the GAC for the specific input. I’m saying that the GAC should be advised that the PPSAI WG seeks the input of data protection officers (if that’s what we agree we want) and request the assistance of the relevant GAC members in facilitating that interaction (or, in the alternative, tell us that the contact should be made directly).
*From:* gnso-ppsai-pdp-wg-bounces@icann.org [mailto: gnso-ppsai-pdp-wg-bounces@icann.org] *On Behalf Of *Volker Greimann *Sent:* Monday, June 16, 2014 9:35 AM *To:* gnso-ppsai-pdp-wg@icann.org
*Subject:* Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Die Kristina,
I find it hard to rely on the GAC on such matters, especially given the experience with the RAA negotiations where many GAC members neglected to check witth their local data protection officers about the suggestions of the LEAs. Having talked with a number of GAC members it seemed they simply did not have the time to check with all institutions and branches in time.
I therefore support any direct outreach.
Best,
Volker
Am 16.06.2014 15:31, schrieb Rosette, Kristina:
If I remember correctly the last time this type of request/interest came up, the GAC made it clear that any such outreach should come through them. Perhaps best to direct the request to the GAC.
*From:* gnso-ppsai-pdp-wg-bounces@icann.org [ mailto:gnso-ppsai-pdp-wg-bounces@icann.org <gnso-ppsai-pdp-wg-bounces@icann.org>] *On Behalf Of *Kathy Kleiman *Sent:* Monday, June 16, 2014 7:49 AM *To:* Marika Konings; gnso-ppsai-pdp-wg@icann.org *Subject:* Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Great, tx you Marika. Appreciate the information. Quick question, in addition to the outreach to LE, have you reached out to data protection commissioners and their staffs, particularly in the UK as they will be right there in London. As the Whois Review Team recommended, we should reach out to all sides! Best and tx, Katy
:
Hi Kathy,
Comment #1 was sent by Terri Stumme of the DEA. Comment #2 was sent by Daniel Burke of the FDA. I've suggested to my colleagues in the SSR team that they share the information about the PPSAI F2F meeting in London with their LE/Ops Sec contacts so that if some of the representatives are available they could join the discussions there.
Best regards,
Marika
*From: *Kathy Kleiman <kathy@kathykleiman.com> *Date: *Friday 13 June 2014 14:22 *To: *"gnso-ppsai-pdp-wg@icann.org" <gnso-ppsai-pdp-wg@icann.org> *Subject: *Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Tx Marika, but are there any names associated with these comments - people we can reach out to explore their ideas and comments further? Best, Kathy :
Hereby please find two additional comments that were received in relation to this topic from law enforcement:
1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required.
2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug
Best regards,
Marika
*From: *Marika Konings <marika.konings@icann.org> *Date: *Monday 9 June 2014 20:32 *To: *"gnso-ppsai-pdp-wg@icann.org" <gnso-ppsai-pdp-wg@icann.org> *Subject: *[Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Dear All,
As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2.
Best regards,
Marika
____________________________
For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars.
There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended.
Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It’s a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars’ obligations as they are currently provided by 3.18.
If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies’ own brands are used by criminals in association with criminal or malicious activity).
The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity.
Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information.
_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
------------------------------
This email is free from viruses and malware because avast! Antivirus <http://www.avast.com/> protection is active.
------------------------------
This email is free from viruses and malware because avast! Antivirus <http://www.avast.com/> protection is active.
_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
DPCs aren’t LEA ☺ -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of John Horton Sent: Monday, June 16, 2014 9:46 AM To: Rosette, Kristina Cc: gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA I don't know if this is true for all countries, but I'm aware that in several countries, LE officials are *required* (I'm not sure if it's by formal policy or informal convention) to check with or go through their GAC (e.g., get clearance) in order to participate in working groups. John Horton President, LegitScript [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257d...] Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com> | Google+<https://plus.google.com/112436813474708014933/posts> On Mon, Jun 16, 2014 at 6:39 AM, Rosette, Kristina <krosette@cov.com<mailto:krosette@cov.com>> wrote: I’m not suggesting that we rely on the GAC for the specific input. I’m saying that the GAC should be advised that the PPSAI WG seeks the input of data protection officers (if that’s what we agree we want) and request the assistance of the relevant GAC members in facilitating that interaction (or, in the alternative, tell us that the contact should be made directly). From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org>] On Behalf Of Volker Greimann Sent: Monday, June 16, 2014 9:35 AM To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Die Kristina, I find it hard to rely on the GAC on such matters, especially given the experience with the RAA negotiations where many GAC members neglected to check witth their local data protection officers about the suggestions of the LEAs. Having talked with a number of GAC members it seemed they simply did not have the time to check with all institutions and branches in time. I therefore support any direct outreach. Best, Volker Am 16.06.2014 15:31, schrieb Rosette, Kristina: If I remember correctly the last time this type of request/interest came up, the GAC made it clear that any such outreach should come through them. Perhaps best to direct the request to the GAC. From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Monday, June 16, 2014 7:49 AM To: Marika Konings; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Great, tx you Marika. Appreciate the information. Quick question, in addition to the outreach to LE, have you reached out to data protection commissioners and their staffs, particularly in the UK as they will be right there in London. As the Whois Review Team recommended, we should reach out to all sides! Best and tx, Katy : Hi Kathy, Comment #1 was sent by Terri Stumme of the DEA. Comment #2 was sent by Daniel Burke of the FDA. I've suggested to my colleagues in the SSR team that they share the information about the PPSAI F2F meeting in London with their LE/Ops Sec contacts so that if some of the representatives are available they could join the discussions there. Best regards, Marika From: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Friday 13 June 2014 14:22 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Tx Marika, but are there any names associated with these comments - people we can reach out to explore their ideas and comments further? Best, Kathy : Hereby please find two additional comments that were received in relation to this topic from law enforcement: 1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required. 2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug Best regards, Marika From: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Date: Monday 9 June 2014 20:32 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Dear All, As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2. Best regards, Marika ____________________________ For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars. There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended. Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It’s a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars’ obligations as they are currently provided by 3.18. If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies’ own brands are used by criminals in association with criminal or malicious activity). The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity. Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg ________________________________ [http://static.avast.com/emails/avast-mail-stamp.png]<http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus<http://www.avast.com/> protection is active. ________________________________ [http://static.avast.com/emails/avast-mail-stamp.png]<http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus<http://www.avast.com/> protection is active. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
I think the suggestion is that perhaps DPC and LEA would operate under the same set of rules, under these circumstances. Kiran Malancharuvil Internet Policy Counselor MarkMonitor 415-419-9138 (m) Sent from my mobile, please excuse any typos. On Jun 16, 2014, at 7:41 AM, "Michele Neylon - Blacknight" <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: DPCs aren’t LEA :) -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of John Horton Sent: Monday, June 16, 2014 9:46 AM To: Rosette, Kristina Cc: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA I don't know if this is true for all countries, but I'm aware that in several countries, LE officials are *required* (I'm not sure if it's by formal policy or informal convention) to check with or go through their GAC (e.g., get clearance) in order to participate in working groups. John Horton President, LegitScript [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257d...] Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com> | Google+<https://plus.google.com/112436813474708014933/posts> On Mon, Jun 16, 2014 at 6:39 AM, Rosette, Kristina <krosette@cov.com<mailto:krosette@cov.com>> wrote: I’m not suggesting that we rely on the GAC for the specific input. I’m saying that the GAC should be advised that the PPSAI WG seeks the input of data protection officers (if that’s what we agree we want) and request the assistance of the relevant GAC members in facilitating that interaction (or, in the alternative, tell us that the contact should be made directly). From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org>] On Behalf Of Volker Greimann Sent: Monday, June 16, 2014 9:35 AM To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Die Kristina, I find it hard to rely on the GAC on such matters, especially given the experience with the RAA negotiations where many GAC members neglected to check witth their local data protection officers about the suggestions of the LEAs. Having talked with a number of GAC members it seemed they simply did not have the time to check with all institutions and branches in time. I therefore support any direct outreach. Best, Volker Am 16.06.2014 15:31, schrieb Rosette, Kristina: If I remember correctly the last time this type of request/interest came up, the GAC made it clear that any such outreach should come through them. Perhaps best to direct the request to the GAC. From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Monday, June 16, 2014 7:49 AM To: Marika Konings; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Great, tx you Marika. Appreciate the information. Quick question, in addition to the outreach to LE, have you reached out to data protection commissioners and their staffs, particularly in the UK as they will be right there in London. As the Whois Review Team recommended, we should reach out to all sides! Best and tx, Katy : Hi Kathy, Comment #1 was sent by Terri Stumme of the DEA. Comment #2 was sent by Daniel Burke of the FDA. I've suggested to my colleagues in the SSR team that they share the information about the PPSAI F2F meeting in London with their LE/Ops Sec contacts so that if some of the representatives are available they could join the discussions there. Best regards, Marika From: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Friday 13 June 2014 14:22 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Tx Marika, but are there any names associated with these comments - people we can reach out to explore their ideas and comments further? Best, Kathy : Hereby please find two additional comments that were received in relation to this topic from law enforcement: 1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required. 2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug Best regards, Marika From: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Date: Monday 9 June 2014 20:32 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA Dear All, As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2. Best regards, Marika ____________________________ For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars. There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended. Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It’s a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars’ obligations as they are currently provided by 3.18. If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies’ own brands are used by criminals in association with criminal or malicious activity). The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity. Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg ________________________________ [http://static.avast.com/emails/avast-mail-stamp.png]<http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus<http://www.avast.com/> protection is active. ________________________________ [http://static.avast.com/emails/avast-mail-stamp.png]<http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus<http://www.avast.com/> protection is active. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
DPCs are independent Officers of Parliament in most cases. In any case, they must preserve their independence from the government agencies whom they investigate. For this reason, you may want to consider informing the GAC that you wish to invite them, expressly stating that you will be making invitations. Countries may vary considerably in how they intersect with their DPCs. A complete list of DPCs appears on the website of the International Data Commissioners Conference, I believe, but this link on the Canadian site has a pretty complete list https://www.priv.gc.ca/resource/int/index_e.asp. Stephanie Perrin On 14-06-16 10:40 AM, Michele Neylon - Blacknight wrote:
DPCs aren't LEA J
--
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Domains
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland Company No.: 370845
*From:*gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] *On Behalf Of *John Horton *Sent:* Monday, June 16, 2014 9:46 AM *To:* Rosette, Kristina *Cc:* gnso-ppsai-pdp-wg@icann.org *Subject:* Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
I don't know if this is true for all countries, but I'm aware that in several countries, LE officials are *required* (I'm not sure if it's by formal policy or informal convention) to check with or go through their GAC (e.g., get clearance) in order to participate in working groups.
John Horton President, LegitScript
*Follow****Legit**Script*: LinkedIn <http://www.linkedin.com/company/legitscript-com> | Facebook <https://www.facebook.com/LegitScript> | Twitter <https://twitter.com/legitscript> | YouTube <https://www.youtube.com/user/LegitScript> | _Blog <http://blog.legitscript.com>_ |Google+ <https://plus.google.com/112436813474708014933/posts>
On Mon, Jun 16, 2014 at 6:39 AM, Rosette, Kristina <krosette@cov.com <mailto:krosette@cov.com>> wrote:
I'm not suggesting that we rely on the GAC for the specific input. I'm saying that the GAC should be advised that the PPSAI WG seeks the input of data protection officers (if that's what we agree we want) and request the assistance of the relevant GAC members in facilitating that interaction (or, in the alternative, tell us that the contact should be made directly).
*From:*gnso-ppsai-pdp-wg-bounces@icann.org <mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org <mailto:gnso-ppsai-pdp-wg-bounces@icann.org>] *On Behalf Of *Volker Greimann *Sent:* Monday, June 16, 2014 9:35 AM *To:* gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>
*Subject:* Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Die Kristina,
I find it hard to rely on the GAC on such matters, especially given the experience with the RAA negotiations where many GAC members neglected to check witth their local data protection officers about the suggestions of the LEAs. Having talked with a number of GAC members it seemed they simply did not have the time to check with all institutions and branches in time.
I therefore support any direct outreach.
Best,
Volker
Am 16.06.2014 15:31, schrieb Rosette, Kristina:
If I remember correctly the last time this type of request/interest came up, the GAC made it clear that any such outreach should come through them. Perhaps best to direct the request to the GAC.
*From:*gnso-ppsai-pdp-wg-bounces@icann.org <mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] *On Behalf Of *Kathy Kleiman *Sent:* Monday, June 16, 2014 7:49 AM *To:* Marika Konings; gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org> *Subject:* Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Great, tx you Marika. Appreciate the information. Quick question, in addition to the outreach to LE, have you reached out to data protection commissioners and their staffs, particularly in the UK as they will be right there in London. As the Whois Review Team recommended, we should reach out to all sides! Best and tx, Katy
:
Hi Kathy,
Comment #1 was sent by Terri Stumme of the DEA. Comment #2 was sent by Daniel Burke of the FDA. I've suggested to my colleagues in the SSR team that they share the information about the PPSAI F2F meeting in London with their LE/Ops Sec contacts so that if some of the representatives are available they could join the discussions there.
Best regards,
Marika
*From: *Kathy Kleiman <kathy@kathykleiman.com <mailto:kathy@kathykleiman.com>> *Date: *Friday 13 June 2014 14:22 *To: *"gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> *Subject: *Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Tx Marika, but are there any names associated with these comments - people we can reach out to explore their ideas and comments further? Best, Kathy :
Hereby please find two additional comments that were received in relation to this topic from law enforcement:
1. Privacy/proxy service providers should absolutely be held to the same standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2 . Privacy/Proxy services attract those individuals who utilize the Internet to conduct criminal activity; therefore, it is imperative that these P/P entities are accredited and held to the same standards to that of Registrars, and that ICANN have mechanisms in place to enforce action expeditiously when required.
2. Proxy/privacy providers should absolutely be bound by a similar provision to RAA 3.18. The simple answer is in my experience, criminal activity on the internet is flourishing because of the ability to be anonymous. Although there are very legitimate uses for such services, they absolutely attract and cater to criminal conduct on all fronts, not just illegal online drug
Best regards,
Marika
*From: *Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> *Date: *Monday 9 June 2014 20:32 *To: *"gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> *Subject: *[Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Dear All,
As requested a couple of meetings ago, please find below some feedback received from our Security Stability Resiliency Team colleagues from the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is being reviewed by the WG in the context of question D-2.
Best regards,
Marika
____________________________
For domains that are tied to malware or tied directly to brand mis-use associated with malicious or criminal activity, almost all registrars have no problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies have difficulty only with a handful of registrars.
There are cases in which some registrars provide a standard response back to the agencies to the effect that they should contact the hosting provider since the registrar does "not have the ability to oversee what data are being transmitted through its site". If the hosting provider stops providing its services, the criminals can simply move to a new hosting provider. Suspending the domain itself has value for the LE agencies for several reasons, not least of which some providers unmask the private Whois information when the domain is suspended.
Agencies encounter p/p domains used for malicious or criminal activity in ranges that go from small batches (i.e., associated with scams where fraudsters target hundreds or thousands of investors or phishing victims and generate millions in losses, however only a few domains are created) to large numbers where thousands of users are victimized in several countries. Making the privacy/proxy services accountable with a provision similar to 3.18 of the 2013 RAA would add another layer of protection to help contain and mitigate the harm caused to consumers on a global scale. It's a consumer protection issue, however any such new obligation to make p/p providers accountable with regards to abuse and reports of abuse, should not, in any way whatsoever, dilute contractually or in practice the registrars' obligations as they are currently provided by 3.18.
If an agency presents to a registrar or p/p provider evidence that there is criminal or malicious activity that is harming users or has the potential to harm users (such as spamming, spreading malware or distributing child abuse material), the registrar or p/p provider should suspend that domain and unmask the Whois. The agencies are not requesting subscriber information. The agencies are reporting abuse of the DNS that implies violations of the registration agreement between the registrars and the registrants, and that also imply violations of the agreement between the p/p providers and their customers (including all cases of criminal and malicious activity as well as those cases in which the LE agencies' own brands are used by criminals in association with criminal or malicious activity).
The burden should not be higher on the agencies than it was on the registrant to register the domain (e.g., obtaining a court order to have a domain suspended). Since the victims are located in several different countries, it is *very* difficult to obtain any kind of legal process to effect takedown. Both registrars and p/p providers must have adequate provisions in their agreements with their customers that allow them to take action - on a contractual basis - and suspend domain names when there is malicious or criminal activity.
Additionally, for those cases in which registrars and p/p providers can verify the evidence provided by the LE agencies that there is indeed criminal or malicious activity involving domain names that they sponsor, there should be no territorial restrictions for LE agencies to submit reports to them, regardless of whether they are in the same or in a different country as the registrar or p/p provider. In these cases, registrars and p/p providers should simply enforce their own agreements with their registrants/customers and suspend the domain names accordingly and unmask the Whois information.
_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
------------------------------------------------------------------------
This email is free from viruses and malware because avast! Antivirus <http://www.avast.com/> protection is active.
------------------------------------------------------------------------
This email is free from viruses and malware because avast! Antivirus <http://www.avast.com/> protection is active.
_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org>
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.:+49 (0) 6894 - 9396 901 <tel:%2B49%20%280%29%206894%20-%209396%20901>
Fax.:+49 (0) 6894 - 9396 851 <tel:%2B49%20%280%29%206894%20-%209396%20851>
Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>
Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
www.twitter.com/key_systems <http://www.twitter.com/key_systems>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu <http://www.keydrive.lu>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.:+49 (0) 6894 - 9396 901 <tel:%2B49%20%280%29%206894%20-%209396%20901>
Fax.:+49 (0) 6894 - 9396 851 <tel:%2B49%20%280%29%206894%20-%209396%20851>
Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>
Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
www.twitter.com/key_systems <http://www.twitter.com/key_systems>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu <http://www.keydrive.lu>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
participants (8)
-
John Horton -
Kathy Kleiman -
Kiran Malancharuvil -
Marika Konings -
Michele Neylon - Blacknight -
Rosette, Kristina -
Stephanie Perrin -
Volker Greimann