Re: [NA-Discuss] Domain-name abuse proliferates
Great. So how do we get support for this?
-------- Original Message -------- Subject: Re: [NA-Discuss] Domain-name abuse proliferates From: Danny Younger <dannyyounger@yahoo.com> Date: Tue, September 15, 2009 10:33 am To: Dharma Dailey <dharma@ethoswireless.com>, Garth Bruen at KnujOn <gbruen@knujon.com> Cc: NA Discuss <na-discuss@atlarge-lists.icann.org> Hi Garth, I have also proposed an almost identical solution in a submission to an earlier WHOIS Task Force entitled "the Natural Persons Proposal" -- you can find a synopsis of it here: http://gnso.icann.org/mailing-lists/archives/ga/msg06282.html -- danny -- --- On Tue, 9/15/09, Garth Bruen at KnujOn <gbruen@knujon.com> wrote:
From: Garth Bruen at KnujOn <gbruen@knujon.com> Subject: Re: [NA-Discuss] Domain-name abuse proliferates To: "Dharma Dailey" <dharma@ethoswireless.com> Cc: "NA Discuss" <na-discuss@atlarge-lists.icann.org> Date: Tuesday, September 15, 2009, 10:24 AM Dharma,
There's a simple fix that I've proposed many times, and one that is currently in use in Canada and other countries among some ccTLDs. This fix would preserve privacy for individuals, allow for freedom of expression, reduce fraud, help law enforcement, and address issues that pain brand holders.
Most illicit, spammed, fraudulent domains are used for commercial purposes, e.i., they sell something. .CA has very strict privacy rules concerning the disclosure of whois - but only for individuals. Domains engaged in commercial traffic or conducting transactions cannot have private Whois. Personal, informational sites found engaging commercial traffic could be immediately suspended. Likewise, commercial domains with missing or fake whois would also be terminated.
This system would instantly preclude all software piracy sites, fake pharmacies, knockoff goods, phony lending institutions, fake health care companies, and cybersquatting. Obviously it does not address all domain-related crime but the items I just listed constitute 90% of the problem.
We often hear that "Europe cares more about privacy that America", this is a red herring. As an American I cherish my privacy. In Germany or France you cannot have a pharmacy or bank with secret ownership. Corporations must publicly disclose their ownership and location in lots of publicly accessable documents, on their websites, etc...
The bulk of domain-related fraud is committed by industry insiders often with deep connections to the Registrars. So much of the non-product spam we process promotes domains being sold in bulk at auctions. The spam pumps up the perceived value of the domain and benefits the Registrar holding the auction. This is why Registrars do not want Whois reform. And why I constant get creepy messages telling me to shut up.
Consider this. How many domains does a multi-million dollar company buy? 1 maybe 2. Maybe one for each gTLD and ccTLD, that's still less than 300. The average spam campaign uses 5 to 10 thousand domains. Because a domain name can be anything and the processing is really minimal, they're not very expensive. This means a Registrar has to make money either by adding services to a domain sale(like hosting, email, advertising, web design), OR by selling large amounts of domain names and hopefully increasing the price of those domains in the process.
-Garth
------------------------------------- Collect, analyze, enforce, repeat...
Garth Bruen gbruen@knujon.com http://www.knujon.com http://www.linkedin.com/pub/4/149/724
Tentative Presentations: Global Cyber Security Expo http://cyberexpo.memphis.edu/
-------- Original Message -------- Subject: Re: [NA-Discuss] Domain-name abuse proliferates From: Dharma Dailey <dharma@ethoswireless.com> Date: Tue, September 15, 2009 9:42 am To: Bret Fausett <bfausett@internet.law.pro> Cc: NA Discuss <na-discuss@atlarge-lists.icann.org> It seems that two important interests for internet users are at odds in domain registration- freedom of expression and protection from criminals. Is this really the case? If so, how could you ever value one more than the other? Is there some sort of matrix that lists possible reforms in relations to their impact on both of these fronts such as a catalog of methods of verification, how each might impact freedom of expression alongside how they might impact cyber criminals? For example, if we could weigh the likelihood that criminal activity would diminish by x percent from a 24 hour delay in getting a domain registration completed versus the harm to a concerned public having to wait a day to get their ProtectFlufferNutterSandwichsNow.com, then we can have a substantive debate on whether that reform is worth the effort. A few cyber- criminals will be able to circumvent anything, just as people with a burning issue will find a way to speak regardless of the consequences. But it's hard to make sense of the trade offs in the abstract. -dharma On Sep 15, 2009, at 12:25 AM, Bret Fausett wrote:
I would not support any proposal that imposes delay on the ability of an individual to register a domain name. One of the strengths of the Internet is the speed with which users can publish and speak. You see this especially around newsworthy events, where minutes after something important or interesting has happened, people are registering domain names and using the traffic that flows in to say something.
A postal verification process would add an incremental accuracy gain while burdening the ability to speak and react in real time to world events -- and the "bad guys" would subvert it anyway.
-- Bret
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica... Visit the NARALO online at http://www.naralo.org ------
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
Garth Bruen at KnujOn wrote:
Great. So how do we get support for this?
We discuss it and endorse it (or some modified version of it) as a NARALO position (together of a detailed account of how the status quo damages the public good). At that point we submit it to ALAC, which will then do one of three things: 1) Endorse it as-is 2) Endorse it after ALAC modifications 3) Choose not to endorse it, or to not deal with it. If ALAC chooses (2) or (3) we can choose to submit this request ourselves as a NARALO statement. We may also find that we may be able to attract support for this within the business and non commercial constituencies of GNSO. I have indicated to the ALAC Chair our interest in this issue, an she has responded that ALAC and other regions share our concerns. It is possible that our initiative may achieve global support, which will make ICANN rejection of it more difficult. - Evan
Not wanting to splash cold water on this effort, but I need to point out that at the direction of the Board and with significant input from the GAC and parts of the GNSO, we have started the (slow?) process of doing a number of studies regarding whois. We are not likely to see formal action on any of the traditional whois-related issues until at least some of those studies are done. Please note that I am not advocating doing nothing, just telling you how I am reading the tea-leaves. Alan At 15/09/2009 10:43 AM, Evan Leibovitch wrote:
Garth Bruen at KnujOn wrote:
Great. So how do we get support for this?
We discuss it and endorse it (or some modified version of it) as a NARALO position (together of a detailed account of how the status quo damages the public good).
At that point we submit it to ALAC, which will then do one of three things:
1) Endorse it as-is 2) Endorse it after ALAC modifications 3) Choose not to endorse it, or to not deal with it.
If ALAC chooses (2) or (3) we can choose to submit this request ourselves as a NARALO statement. We may also find that we may be able to attract support for this within the business and non commercial constituencies of GNSO.
I have indicated to the ALAC Chair our interest in this issue, an she has responded that ALAC and other regions share our concerns. It is possible that our initiative may achieve global support, which will make ICANN rejection of it more difficult.
- Evan
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
What about requesting to have a certification key in order to register domains? -ed On Tue, Sep 15, 2009 at 10:59 AM, Alan Greenberg <alan.greenberg@mcgill.ca>wrote:
Not wanting to splash cold water on this effort, but I need to point out that at the direction of the Board and with significant input from the GAC and parts of the GNSO, we have started the (slow?) process of doing a number of studies regarding whois.
We are not likely to see formal action on any of the traditional whois-related issues until at least some of those studies are done.
Please note that I am not advocating doing nothing, just telling you how I am reading the tea-leaves.
Alan
At 15/09/2009 10:43 AM, Evan Leibovitch wrote:
Garth Bruen at KnujOn wrote:
Great. So how do we get support for this?
We discuss it and endorse it (or some modified version of it) as a NARALO position (together of a detailed account of how the status quo damages the public good).
At that point we submit it to ALAC, which will then do one of three things:
1) Endorse it as-is 2) Endorse it after ALAC modifications 3) Choose not to endorse it, or to not deal with it.
If ALAC chooses (2) or (3) we can choose to submit this request ourselves as a NARALO statement. We may also find that we may be able to attract support for this within the business and non commercial constituencies of GNSO.
I have indicated to the ALAC Chair our interest in this issue, an she has responded that ALAC and other regions share our concerns. It is possible that our initiative may achieve global support, which will make ICANN rejection of it more difficult.
- Evan
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org
http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org
http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
-- NOTICE: The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If you have received this communication by error, please notify us immediately by e-mail, and delete the original message.
Re: "Great. So how do we get support for this?" In a nutshell, Advisory Committees are supposed to report their findings and recommendations to the Board. The SSAC does a fine job of this. All of their documents detail an investigative effort, a documentation of their findings and ultimately lead up to a series of recommendations. Unfortunately, ALAC processes at the present moment are not sufficiently robust (which is why no one ever takes the ALAC seriously). In view of this sad reality, one solution is to bypass the ALAC completely and join a GNSO constituency (perhaps the BC) so that the matter may be formally raised through the constituency process. Your second choice is to channel your request to the GNSO by way of the NomCom appointees or perhaps by way of whomever the Board selects as NCSG placeholder councilors. Your third choice is to affiliate yourself with whatever law enforcement group is working on WHOIS recommendations with the hope that such recommendations will be forwarded by way of the GAC. Finally, you can write directly to the ICANN CEO and Chairman of the Board.
participants (5)
-
Alan Greenberg -
Danny Younger -
Eduardo Diaz -
Evan Leibovitch -
Garth Bruen at KnujOn