Thanks for making this point.  One of the risks to law abiding end users, who are not checking their domain registrations every day like big corporations do, is that identity theft will surely follow greater accuracy requirements.  Since many governments have failed to take ownership of the problem of ID theft (I can speak knowledgeably for Canada, but plenty of international work on this topic leads me to believe the matter is falling between stools elsewhere) we need to focus on this genuine risk to end users. Not much written about it, do we have a document we can add to our list so that we can digest a potential requirement?

Thanks for raising this, Stephanie. I do not have any reference documents to introduce but I agree it is a potential requirement we need to be addressing. In the case of ID theft, it is not only the individual whose data which has been stolen who is the victim, but the government too, albeit with different consequences. If the RDS collects what (in my view is) registrar-registrant contract information, any data breach would present a harm not only to the end-user, but also to the company whose customer's data has been stolen, perhaps for coercive purposes.

- Ayden



On Fri, Aug 5, 2016 3:52 PM, Stephanie Perrin stephanie.perrin@mail.utoronto.ca wrote:

Thanks for making this point. One of the risks to law abiding end users, who are not checking their domain registrations every day like big corporations do, is that identity theft will surely follow greater accuracy requirements. Since many governments have failed to take ownership of the problem of ID theft (I can speak knowledgeably for Canada, but plenty of international work on this topic leads me to believe the matter is falling between stools elsewhere) we need to focus on this genuine risk to end users. Not much written about it, do we have a document we can add to our list so that we can digest a potential requirement?


regards


Stephanie Perrin



On 2016-08-04 8:59, Mounier, Grégory wrote:

> Accurate and reliable WHOIS data helps crime attribution and can save precious investigation time (you can rule out wrong investigative leads).

> It raises the bar and makes it more difficult for criminals to abuse domain names. It pushes them to resort to more complex techniques such as ID theft to register domains for malicious purposes.

>

> In short, for LEA WHOIS is certainly not the silver bullet to attribute crime on line but it is an essential tool in the tool box of law enforcement.

>

> Best,

>

> Greg

>

>


_______________________________________________

gnso-rds-pdp-wg mailing list

gnso-rds-pdp-wg@icann.org

https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg




Ayden Férdeline
Statement of Interest