Hello Everybody, In this week, was noticed a site “*nomesbrasil.com <http://nomesbrasil.com>” in Brazil. * *The site show *personal data of Brazilian citizens, such as full name and the registration of individual (number which may indicate the financial situation). This site violated the Marco Civil of Internet and the Consumer Protection Code. The the Ministry of Justice notified the goddady provider to seek information about this domain name. The penalties for irregularities may reach $ 7.2 million. This site (“*nomesbrasil.com <http://nomesbrasil.com>”) *use of domain names for illegal and abusive activities. However, Nomesbrasil.com is hosted in United States by GoDaddy.com, LLC. jQuery was not found on the site. More details can be found in Section server. http://sitemacro.com/www/pt/nomesbrasil.com#server-properties-section http://sitemacro.com/www/pt/nomesbrasil.com http://www.tribunadabahia.com.br/2015/05/06/invasao-de-privacidade-generaliz... http://www.procon.sc.gov.br/index.php/outros-destaques/766-ministerio-da-jus... The databases with personal information of citizens collected illegally are common and used by criminals for various types of fraud. They can buy things in other names, get some kind of credit. Unfortunately, it is not difficult, being in possession of the data, practicing criminal actions. The person (who had the stolen data) could end up with a debt. But usually criminals have no significant credit without the signature of the person. The Ministry of Justice wants to know who is responsible for this site. How to make sure the IP address? How to protect the personal data of citizens of sites that hide to avoid any legal penalties? Is a cyber war of personal data control? Do you believe that they can find the responsible of this site? Best Regards, Alyne Andrade. President of the IBDI http://www.ibdi.org.br/site/ https://www.facebook.com/groups/ibdi.grupo/?fref=ts
This is a great example of what we discussed at some length in the Experts Working Group. The question is, does a criminal actually put accurate information in the WHOIS? Can Godaddy actually check the information provided, and still charge only 15$ US for two years registration? If greater accuracy is required, will fraudsters simply steal someone else's accurate data? What data is really useful for prosecution, the WHOIS data or the registration data which the registrar has? Even the financial data held by Godaddy could be the financial data from a stolen credit card, unless there is some control registrars can use to stop that. Stephanie Perrin On 2015-05-09 13:38, Alyne Andrade wrote:
Hello Everybody,
In this week, was noticed a site “*nomesbrasil.com <http://nomesbrasil.com>” in Brazil. *
**
*The site show *personal data ofBrazilian citizens, such as full name and the registration of individual (number which may indicate the financial situation).
This site violated the Marco Civil of Internet and the Consumer Protection Code. The the Ministryof Justicenotified the goddady provider to seek information about this domain name.Thepenalties for irregularities may reach $ 7.2 million.
This site (“*nomesbrasil.com <http://nomesbrasil.com>”) *use of domain names for illegal and abusive activities.
However, Nomesbrasil.comis hosted in United States by GoDaddy.com, LLC. jQuery was not found on the site. More details can be found in Section server.
http://sitemacro.com/www/pt/nomesbrasil.com#server-properties-section
http://sitemacro.com/www/pt/nomesbrasil.com
http://www.tribunadabahia.com.br/2015/05/06/invasao-de-privacidade-generaliz...
http://www.procon.sc.gov.br/index.php/outros-destaques/766-ministerio-da-jus...
Thedatabases with personal information of citizens collected illegally are common and used by criminals for various types of fraud. They can buy things in other names, get some kind of credit. Unfortunately, it is not difficult, being in possession of the data, practicing criminal actions. The person (who had the stolen data) could end up with a debt. But usually criminals have no significant credit without the signature of the person.
The Ministry of Justicewants to know who is responsible for this site.
How to make suretheIPaddress?
How to protectthe personal data of citizens of sites that hide to avoid any legal penalties?
Is a cyber warof personaldata control?
Do you believe thatthey can find the responsible of this site?
Best Regards,
Alyne Andrade.
President of the IBDI http://www.ibdi.org.br/site/
https://www.facebook.com/groups/ibdi.grupo/?fref=ts
_______________________________________________ Whois-iag-volunteers mailing list Whois-iag-volunteers@icann.org https://mm.icann.org/mailman/listinfo/whois-iag-volunteers
Hi Alyne: The situation you outlined happens more often than we care to acknowledge. The first problem arise from the terms for registration of a domain name. The current Registrar Accreditation Agreement compels registrars to gather and post - either on a website of via a simple web service call to a specific port - a lot of what is considered personal data as part of the publicly available WHOIS record a lot of what is considered personal data. There is no rule that prevent a third party from harvesting this information and making it all available elsewhere for a different purpose. We know this practice conflicts with national laws pertaining privacy and personal data protection but ICANN in its wisdom continues to insist on promoting unless there is a waiver granted. That Brasil did not get the same response from Godaddy as say the US government to contrast is not surprising. They will tell you it is difficult to get all upset about stuff that is entirely legal in the U.S. Contrast that to allegations of violation of IP and they tend to respond to express 'takedowns' requests from US government agencies in the blink of an eye. And without due process; any judicial intervention. The practice also allows so-called privacy/proxy registrations which obscures the provident owner of a domain name. If your set of domain names at issue here are registered by proxy or is shielded as a privacy one, it is very difficult to finally determine the name of the domain name owner. This aside, some developments are in train which you might find of interest. The Expert Working Group on gTLD Directory Service (EWG) spent 2 years dealing with these issues and has made some recommendations for ICANN to consider for a new generation of Registration Data Service, formerly WHOIS. See the report here: https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf There are currently two WGs looking at issues pertaining that you might find useful; the PPSAI and IAG-WHOIS Conflicts. The PPSAI just published its initial report. You can see it here: https://www.icann.org/public-comments/ppsai-initial-2015-05-05-en I have served on all three groups mentioned here. Anyway I can assist in helping better understanding of the problem I'd be happy to help. Best, -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Sat, May 9, 2015 at 12:38 PM, Alyne Andrade <alyne.ibdi@gmail.com> wrote:
Hello Everybody,
In this week, was noticed a site “*nomesbrasil.com <http://nomesbrasil.com>” in Brazil. *
*The site show *personal data of Brazilian citizens, such as full name and the registration of individual (number which may indicate the financial situation).
This site violated the Marco Civil of Internet and the Consumer Protection Code. The the Ministry of Justice notified the goddady provider to seek information about this domain name. The penalties for irregularities may reach $ 7.2 million.
This site (“*nomesbrasil.com <http://nomesbrasil.com>”) *use of domain names for illegal and abusive activities.
However, Nomesbrasil.com is hosted in United States by GoDaddy.com, LLC. jQuery was not found on the site. More details can be found in Section server.
http://sitemacro.com/www/pt/nomesbrasil.com#server-properties-section
http://sitemacro.com/www/pt/nomesbrasil.com
http://www.tribunadabahia.com.br/2015/05/06/invasao-de-privacidade-generaliz...
http://www.procon.sc.gov.br/index.php/outros-destaques/766-ministerio-da-jus...
The databases with personal information of citizens collected illegally are common and used by criminals for various types of fraud. They can buy things in other names, get some kind of credit. Unfortunately, it is not difficult, being in possession of the data, practicing criminal actions. The person (who had the stolen data) could end up with a debt. But usually criminals have no significant credit without the signature of the person.
The Ministry of Justice wants to know who is responsible for this site.
How to make sure the IP address?
How to protect the personal data of citizens of sites that hide to avoid any legal penalties?
Is a cyber war of personal data control?
Do you believe that they can find the responsible of this site?
Best Regards,
Alyne Andrade.
President of the IBDI http://www.ibdi.org.br/site/
https://www.facebook.com/groups/ibdi.grupo/?fref=ts
_______________________________________________ Whois-iag-volunteers mailing list Whois-iag-volunteers@icann.org https://mm.icann.org/mailman/listinfo/whois-iag-volunteers
Unfortunately, it is common practice for criminals. The address informed by the site <nomesbrasil.com> does not match the correct address, how to find the owner of the website? How to make sure that the IP address matches the correct information (physical address, country)? A valid credit card has helped locate the owner? And when the credit card is stolen, what are the chances of finding responsible? Were the working group able to advance what aspects as data protection, privacy and use of false data to commit crimes (fraud, pedophilia, terrorism, deep web, intellectual property)? I'll read the material. Thank you. Best Regards, Alyne Andrade. 2015-05-10 20:17 GMT-03:00 Carlton Samuels <carlton.samuels@gmail.com>:
Hi Alyne: The situation you outlined happens more often than we care to acknowledge. The first problem arise from the terms for registration of a domain name. The current Registrar Accreditation Agreement compels registrars to gather and post - either on a website of via a simple web service call to a specific port - a lot of what is considered personal data as part of the publicly available WHOIS record a lot of what is considered personal data. There is no rule that prevent a third party from harvesting this information and making it all available elsewhere for a different purpose. We know this practice conflicts with national laws pertaining privacy and personal data protection but ICANN in its wisdom continues to insist on promoting unless there is a waiver granted.
That Brasil did not get the same response from Godaddy as say the US government to contrast is not surprising. They will tell you it is difficult to get all upset about stuff that is entirely legal in the U.S. Contrast that to allegations of violation of IP and they tend to respond to express 'takedowns' requests from US government agencies in the blink of an eye. And without due process; any judicial intervention.
The practice also allows so-called privacy/proxy registrations which obscures the provident owner of a domain name. If your set of domain names at issue here are registered by proxy or is shielded as a privacy one, it is very difficult to finally determine the name of the domain name owner. This aside, some developments are in train which you might find of interest.
The Expert Working Group on gTLD Directory Service (EWG) spent 2 years dealing with these issues and has made some recommendations for ICANN to consider for a new generation of Registration Data Service, formerly WHOIS. See the report here: https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf
There are currently two WGs looking at issues pertaining that you might find useful; the PPSAI and IAG-WHOIS Conflicts. The PPSAI just published its initial report. You can see it here: https://www.icann.org/public-comments/ppsai-initial-2015-05-05-en
I have served on all three groups mentioned here. Anyway I can assist in helping better understanding of the problem I'd be happy to help.
Best, -Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Sat, May 9, 2015 at 12:38 PM, Alyne Andrade <alyne.ibdi@gmail.com> wrote:
Hello Everybody,
In this week, was noticed a site “*nomesbrasil.com <http://nomesbrasil.com>” in Brazil. *
*The site show *personal data of Brazilian citizens, such as full name and the registration of individual (number which may indicate the financial situation).
This site violated the Marco Civil of Internet and the Consumer Protection Code. The the Ministry of Justice notified the goddady provider to seek information about this domain name. The penalties for irregularities may reach $ 7.2 million.
This site (“*nomesbrasil.com <http://nomesbrasil.com>”) *use of domain names for illegal and abusive activities.
However, Nomesbrasil.com is hosted in United States by GoDaddy.com, LLC. jQuery was not found on the site. More details can be found in Section server.
http://sitemacro.com/www/pt/nomesbrasil.com#server-properties-section
http://sitemacro.com/www/pt/nomesbrasil.com
http://www.tribunadabahia.com.br/2015/05/06/invasao-de-privacidade-generaliz...
http://www.procon.sc.gov.br/index.php/outros-destaques/766-ministerio-da-jus...
The databases with personal information of citizens collected illegally are common and used by criminals for various types of fraud. They can buy things in other names, get some kind of credit. Unfortunately, it is not difficult, being in possession of the data, practicing criminal actions. The person (who had the stolen data) could end up with a debt. But usually criminals have no significant credit without the signature of the person.
The Ministry of Justice wants to know who is responsible for this site.
How to make sure the IP address?
How to protect the personal data of citizens of sites that hide to avoid any legal penalties?
Is a cyber war of personal data control?
Do you believe that they can find the responsible of this site?
Best Regards,
Alyne Andrade.
President of the IBDI http://www.ibdi.org.br/site/
https://www.facebook.com/groups/ibdi.grupo/?fref=ts
_______________________________________________ Whois-iag-volunteers mailing list Whois-iag-volunteers@icann.org https://mm.icann.org/mailman/listinfo/whois-iag-volunteers
With respect I don’t think that this falls within the remit of the WG and I suggest that you contact the registrar of the domain for any further information. -James From: whois-iag-volunteers-bounces@icann.org [mailto:whois-iag-volunteers-bounces@icann.org] On Behalf Of Alyne Andrade Sent: Monday, May 11, 2015 8:02 PM To: Carlton Samuels Cc: whois-iag-volunteers@icann.org Subject: Re: [IAG-WHOIS conflicts] News from Brazil Unfortunately, it is common practice for criminals. The address informed by the site <nomesbrasil.com<http://nomesbrasil.com>> does not match the correct address, how to find the owner of the website? How to make sure that the IP address matches the correct information (physical address, country)? A valid credit card has helped locate the owner? And when the credit card is stolen, what are the chances of finding responsible? Were the working group able to advance what aspects as data protection, privacy and use of false data to commit crimes (fraud, pedophilia, terrorism, deep web, intellectual property)? I'll read the material. Thank you. Best Regards, Alyne Andrade. 2015-05-10 20:17 GMT-03:00 Carlton Samuels <carlton.samuels@gmail.com<mailto:carlton.samuels@gmail.com>>: Hi Alyne: The situation you outlined happens more often than we care to acknowledge. The first problem arise from the terms for registration of a domain name. The current Registrar Accreditation Agreement compels registrars to gather and post - either on a website of via a simple web service call to a specific port - a lot of what is considered personal data as part of the publicly available WHOIS record a lot of what is considered personal data. There is no rule that prevent a third party from harvesting this information and making it all available elsewhere for a different purpose. We know this practice conflicts with national laws pertaining privacy and personal data protection but ICANN in its wisdom continues to insist on promoting unless there is a waiver granted. That Brasil did not get the same response from Godaddy as say the US government to contrast is not surprising. They will tell you it is difficult to get all upset about stuff that is entirely legal in the U.S. Contrast that to allegations of violation of IP and they tend to respond to express 'takedowns' requests from US government agencies in the blink of an eye. And without due process; any judicial intervention. The practice also allows so-called privacy/proxy registrations which obscures the provident owner of a domain name. If your set of domain names at issue here are registered by proxy or is shielded as a privacy one, it is very difficult to finally determine the name of the domain name owner. This aside, some developments are in train which you might find of interest. The Expert Working Group on gTLD Directory Service (EWG) spent 2 years dealing with these issues and has made some recommendations for ICANN to consider for a new generation of Registration Data Service, formerly WHOIS. See the report here: https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf There are currently two WGs looking at issues pertaining that you might find useful; the PPSAI and IAG-WHOIS Conflicts. The PPSAI just published its initial report. You can see it here: https://www.icann.org/public-comments/ppsai-initial-2015-05-05-en I have served on all three groups mentioned here. Anyway I can assist in helping better understanding of the problem I'd be happy to help. Best, -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799<tel:876-818-1799> Strategy, Planning, Governance, Assessment & Turnaround ============================= On Sat, May 9, 2015 at 12:38 PM, Alyne Andrade <alyne.ibdi@gmail.com<mailto:alyne.ibdi@gmail.com>> wrote: Hello Everybody, In this week, was noticed a site “nomesbrasil.com<http://nomesbrasil.com>” in Brazil. The site show personal data of Brazilian citizens, such as full name and the registration of individual (number which may indicate the financial situation). This site violated the Marco Civil of Internet and the Consumer Protection Code. The the Ministry of Justice notified the goddady provider to seek information about this domain name. The penalties for irregularities may reach $ 7.2 million. This site (“nomesbrasil.com<http://nomesbrasil.com>”) use of domain names for illegal and abusive activities. However, Nomesbrasil.com is hosted in United States by GoDaddy.com, LLC. jQuery was not found on the site. More details can be found in Section server. http://sitemacro.com/www/pt/nomesbrasil.com#server-properties-section http://sitemacro.com/www/pt/nomesbrasil.com http://www.tribunadabahia.com.br/2015/05/06/invasao-de-privacidade-generaliz... http://www.procon.sc.gov.br/index.php/outros-destaques/766-ministerio-da-jus... The databases with personal information of citizens collected illegally are common and used by criminals for various types of fraud. They can buy things in other names, get some kind of credit. Unfortunately, it is not difficult, being in possession of the data, practicing criminal actions. The person (who had the stolen data) could end up with a debt. But usually criminals have no significant credit without the signature of the person. The Ministry of Justice wants to know who is responsible for this site. How to make sure the IP address? How to protect the personal data of citizens of sites that hide to avoid any legal penalties? Is a cyber war of personal data control? Do you believe that they can find the responsible of this site? Best Regards, Alyne Andrade. President of the IBDI http://www.ibdi.org.br/site/ https://www.facebook.com/groups/ibdi.grupo/?fref=ts _______________________________________________ Whois-iag-volunteers mailing list Whois-iag-volunteers@icann.org<mailto:Whois-iag-volunteers@icann.org> https://mm.icann.org/mailman/listinfo/whois-iag-volunteers
I also agree that this may not be within the scope this WG. That said, it may be good to note that there is little or noting that the registrar can do in getting the information you seek. It's just beyond the scope of their data collection. All the best. Regards sent from Google nexus 4 kindly excuse brevity and typos. On 11 May 2015 20:45, "James Gannon" <james@cyberinvasion.net> wrote:
With respect I don’t think that this falls within the remit of the WG and I suggest that you contact the registrar of the domain for any further information.
-James
*From:* whois-iag-volunteers-bounces@icann.org [mailto: whois-iag-volunteers-bounces@icann.org] *On Behalf Of *Alyne Andrade *Sent:* Monday, May 11, 2015 8:02 PM *To:* Carlton Samuels *Cc:* whois-iag-volunteers@icann.org *Subject:* Re: [IAG-WHOIS conflicts] News from Brazil
Unfortunately, it is common practice for criminals.
The address informed by the site <nomesbrasil.com> does not match the correct address, how to find the owner of the website?
How to make sure that the IP address matches the correct information (physical address, country)?
A valid credit card has helped locate the owner?
And when the credit card is stolen, what are the chances of finding responsible?
Were the working group able to advance what aspects as data protection, privacy and use of false data to commit crimes (fraud, pedophilia, terrorism, deep web, intellectual property)?
I'll read the material. Thank you.
Best Regards,
Alyne Andrade.
2015-05-10 20:17 GMT-03:00 Carlton Samuels <carlton.samuels@gmail.com>:
Hi Alyne:
The situation you outlined happens more often than we care to acknowledge. The first problem arise from the terms for registration of a domain name. The current Registrar Accreditation Agreement compels registrars to gather and post - either on a website of via a simple web service call to a specific port - a lot of what is considered personal data as part of the publicly available WHOIS record a lot of what is considered personal data. There is no rule that prevent a third party from harvesting this information and making it all available elsewhere for a different purpose. We know this practice conflicts with national laws pertaining privacy and personal data protection but ICANN in its wisdom continues to insist on promoting unless there is a waiver granted.
That Brasil did not get the same response from Godaddy as say the US government to contrast is not surprising. They will tell you it is difficult to get all upset about stuff that is entirely legal in the U.S. Contrast that to allegations of violation of IP and they tend to respond to express 'takedowns' requests from US government agencies in the blink of an eye. And without due process; any judicial intervention.
The practice also allows so-called privacy/proxy registrations which obscures the provident owner of a domain name. If your set of domain names at issue here are registered by proxy or is shielded as a privacy one, it is very difficult to finally determine the name of the domain name owner. This aside, some developments are in train which you might find of interest.
The Expert Working Group on gTLD Directory Service (EWG) spent 2 years dealing with these issues and has made some recommendations for ICANN to consider for a new generation of Registration Data Service, formerly WHOIS. See the report here: https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf
There are currently two WGs looking at issues pertaining that you might find useful; the PPSAI and IAG-WHOIS Conflicts. The PPSAI just published its initial report. You can see it here: https://www.icann.org/public-comments/ppsai-initial-2015-05-05-en
I have served on all three groups mentioned here. Anyway I can assist in helping better understanding of the problem I'd be happy to help.
Best,
-Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
On Sat, May 9, 2015 at 12:38 PM, Alyne Andrade <alyne.ibdi@gmail.com> wrote:
Hello Everybody,
In this week, was noticed a site “*nomesbrasil.com <http://nomesbrasil.com>” in Brazil. *
*The site show *personal data of Brazilian citizens, such as full name and the registration of individual (number which may indicate the financial situation).
This site violated the Marco Civil of Internet and the Consumer Protection Code. The the Ministry of Justice notified the goddady provider to seek information about this domain name. The penalties for irregularities may reach $ 7.2 million.
This site (“*nomesbrasil.com <http://nomesbrasil.com>”) *use of domain names for illegal and abusive activities.
However, Nomesbrasil.com is hosted in United States by GoDaddy.com, LLC. jQuery was not found on the site. More details can be found in Section server.
http://sitemacro.com/www/pt/nomesbrasil.com#server-properties-section
http://sitemacro.com/www/pt/nomesbrasil.com
http://www.tribunadabahia.com.br/2015/05/06/invasao-de-privacidade-generaliz...
http://www.procon.sc.gov.br/index.php/outros-destaques/766-ministerio-da-jus...
The databases with personal information of citizens collected illegally are common and used by criminals for various types of fraud. They can buy things in other names, get some kind of credit. Unfortunately, it is not difficult, being in possession of the data, practicing criminal actions. The person (who had the stolen data) could end up with a debt. But usually criminals have no significant credit without the signature of the person.
The Ministry of Justice wants to know who is responsible for this site.
How to make sure the IP address?
How to protect the personal data of citizens of sites that hide to avoid any legal penalties?
Is a cyber war of personal data control?
Do you believe that they can find the responsible of this site?
Best Regards,
Alyne Andrade.
President of the IBDI http://www.ibdi.org.br/site/
https://www.facebook.com/groups/ibdi.grupo/?fref=ts
_______________________________________________ Whois-iag-volunteers mailing list Whois-iag-volunteers@icann.org https://mm.icann.org/mailman/listinfo/whois-iag-volunteers
_______________________________________________ Whois-iag-volunteers mailing list Whois-iag-volunteers@icann.org https://mm.icann.org/mailman/listinfo/whois-iag-volunteers
participants (5)
-
Alyne Andrade -
Carlton Samuels -
James Gannon -
Seun Ojedeji -
Stephanie Perrin