Thanks Dick. I think you and Greg have made the point that intelligence services are generally not so quick to share their data with the dog catcher. However, if you are going to offer offline tutorials, may we beg a digest of those tutorials for the list? It is hard to get good information on these actual practices. Some of the legislative and policy initiatives in western democracies to share data between investigative agencies, not to mention further investment in big data techniques for profiling without disclosure (not the technical term but I am sure you know what I am referring to) would lead one to conclude that such data sharing is well in hand.

Totally agree, Stephanie. There has to be oversight of these practices; it simply is not good enough for intelligence agencies to be Judge, Jury, Executioner, and Court Stenographer — and expect to be trusted, blindly, that they behave in an ethical and appropriate manner.

I would like to hear more from those in the intelligence communities around their internal ethical controls, what oversight governs what data is collected and how it is used, and how, say, WHOIS records are being blended together with other data sources to identify someone.

- Ayden



On Fri, Aug 5, 2016 3:58 PM, Stephanie Perrin stephanie.perrin@mail.utoronto.ca wrote:

Thanks Dick.� I think you and Greg have made the point that intelligence services are generally not so quick to share their data with the dog catcher.� However, if you are going to offer offline tutorials, may we beg a digest of those tutorials for the list?� It is hard to get good information on these actual practices.� Some of the legislative and policy initiatives in western democracies to share data between investigative agencies, not to mention further investment in big data techniques for profiling without disclosure (not the technical term but I am sure you know what I am referring to) would lead one to conclude that such data sharing is well in hand.

Best regards

stephanie perrin


On 2016-08-05 5:49, Richard Leaning wrote:
Hi Rob,

Not sure where to start on this response, i will try and keep it short.

Am not sure that by speaking to one ex FBI agent and couple of Police officers in Sheffield is a true reflection of the Global LEA position on this WG. It concerns me greatly that you take this view.

Its a big +1 to Greg Mounier, Greg Aaron and Terri.

As an ex Senior Detective from the UK having just retired last year after 30 years service, spending the last 7 years or so involved investigating Cyber crime Nationally and Internationally within SOCA, NCA and then EC3 (European Cyber Crime Centre - Europol) am more than happy to spend some time with you outside this group to explain the difference between the Intelligence services and LEA.

Also as am now be working for RIPE NCC (a RIR) as a Consultant am also happy at the same time, explain to you about the RIPE Database.

Kind Regards

Dick

Richard Leaning
External Relations
RIPE NCC





On 4 Aug 2016, at 21:20, Rob Golding <rob.golding@astutium.com> wrote:


note that:
Any customer of an RIR has its contact data published in RIR WHOIS

Which is of course no different to saying "Any customer of a Registry (aka Registrar) has it's contact data published"

And in practice it's _most_ customers of _most_ RIRs - lots of the lookups for certain regions just-don�t-work (tm) and with the amount of 'funkiness' that goes on with IPv4 routing post-runout, what details you see on an IP lookup at an RIR has little-to-no bearing now on who is actually using it
- what you're able to see is "who should be (directly or indirectly) paying the RIRs fees"


Yet IP Whois will usually only yield the webhost or the IS. How is having to ask them for the data any different from having to ask the registrar. 

I would say it's not any different at all in effect, but may be less likely to yield a response due to the limited "policy" capabilities when it comes to "unregulated" industries.


Are LEAs lobbying for webhost and internet subscriber public whois?

I feel I should suggest that they can probably just extract the data from the NSA or GCHQ or their-local-equivalent, so no need to make it "public"  ;)


I will be interested in learning however law enforcement manages to do its job without this needed and useful data 

The caveats being that "useful" is subjective and "needed" depends on circumstances. 

I don't see anyone suggesting that there shouldn�t be methods in place so that Law Enforcement can do their job.

I do however think that the concept of punishing everyone because there are a very small %age of "bad actors" is, in a civilised society, not even remotely appropriate.

Rob


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg


      

      

      

      
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

    

    

  

      

    

  





    

Ayden Férdeline
Statement of Interest