[PC-NCSG] Fwd: Re: [NCUC-DISCUSS] Draft comments on Misuse of Whois Study - timely

Amr Elsadr aelsadr
Sat Jan 18 18:01:17 EET 2014


Has the NCUC-EC made its final appointments to the NCSG-PC? In any case, I second Avri?s request for support of this statement by this committee. I apologise for the short notice, and I feel I have some responsibility to bear on this. Until very recently, I was mistakenly under the impression that we had another week to submit this statement.

Thanks.

Amr


On Jan 18, 2014, at 4:39 PM, Avri Doria <avri at acm.org> wrote:

> 
> Any chance we can endorse this as well in the few hours left?
> 
> I would just send a last minute note endorsing the NCUC statement once it was made, assuming it is made.  i think i can still call myself alternate chair.  Or the NCSg chair can send the note.
> 
> "The NCSG-PC endorse the reply statement submitted by the NCUC url-here."
> 
> 
> 
> At this point I would need to hear at least one voice from each of the constituencies with no objections to feel free to do this.
> 
> avri
> 
> 
> -------- Original Message --------
> Subject: 	Re: [NCUC-DISCUSS] Draft comments on Misuse of Whois Study -
> timely
> Date: 	Sat, 18 Jan 2014 16:31:38 +0100
> From: 	Amr Elsadr <aelsadr at egyptig.org>
> To: 	William Drake <wjdrake at gmail.com>
> CC: 	NCUC EC <ncuc-ec at lists.ncuc.org>, "ncuc-discuss at lists.ncuc.org"
> <ncuc-discuss at lists.ncuc.org>
> 
> 
> 
> Hi Bill and all,
> 
> I have gone through the study as well as attended the webinar with the
> researchers who performed it and find that Kathy?s comments are spot on.
> The statistical significance she (and the report) mention were found to
> be with a 95% confidence rate, which is the standard accepted confidence
> of an accurate study based on quantitative analysis.
> 
> I am happy to endorse this statement and am grateful to Kathy for taking
> the time to draft it.
> 
> Thanks Kathy.
> 
> Amr
> 
> On Jan 18, 2014, at 2:57 PM, William Drake <wjdrake at gmail.com
> <mailto:wjdrake at gmail.com>> wrote:
> 
>> Hi Folks
>> 
>> As Kathy has indicated, the timeline on this is rather short, 11:59pm
>> UTC today, and she?s asking that it be approved as a NCUC statement in
>> the (probably likely) event it can?t be at the NCSG level in time.
>> The challenge here is that, per previous, we have not for some time
>> had the NCUC policy committee called for in our dated bylaws to
>> approve constituency-level statements. So the way we?ve done such
>> things in recent years is pretty much rough consensus after hearing
>> from as many folks as possible in the time frame?certainly elected
>> (EC) or appointed (NCSG PC) representatives, and regular members as
>> well.  Admittedly, this is not quite a satisfactory approach given
>> that NCUC is now much bigger and more diverse when that model set it,
>> but in lieu of a formal PC a broader and virtual PC is what we have to
>> work with at the moment.
>> 
>> So, it?d be really helpful if we could hear back either way from
>> whoever?s online and can get their head around this in the next few hours.
>> 
>> Thanks
>> 
>> Bill
>> 
>> 
>> On Jan 16, 2014, at 11:52 PM, Kathy Kleiman <Kathy at kathykleiman.com
>> <mailto:Kathy at kathykleiman.com>> wrote:
>> 
>>> Hi All,
>>> I need your help. There is an amazing study done by two researchers
>>> (a PhD and an almost-PhD) at Carnegie Melon University.  They tested
>>> the hypothesis of whether "public access to WHOIS data leads to a
>>> measurable degree of misuse of certain kinds of gTLD domain name
>>> Registrant identity and contact information."  They did both a
>>> descriptive study (surveys of law enforcement and privacy people,
>>> registrants and registrars) and an experimental study (registering
>>> domain names with no other traceable source and seeing how much spam,
>>> and unsolicited phone calls and emails they received).
>>> 
>>> They found what we have been telling ICANN for years: "there is a
>>> statistically significant occurrence of WHOIS misue affecting
>>> Registrants' email addresses, postal addresses, and phone numbers,
>>> published in Whois."
>>> 
>>> Great and let's tell them so! I've drafted some comments that not
>>> only support the findings (and review the great effort dedicated to
>>> the study), but also draw on abuse cases we have discussed and shared
>>> from the NCUC over many years, including political persecution,
>>> chilling effects, anti-competitive activity, and stalking.
>>> 
>>> Since these are Reply Comments, it is traditional to not only share
>>> your own views, but comment on those of others.  Our views are, in
>>> many way, close to those of ALAC on this issue. ALAC's comments note
>>> that the Study's results "align with individual experience of
>>> At-Large constituents" and also research ALAC has done.  So the
>>> noncommercial and individual registrant groups are aligned on this
>>> issue - and that is key.
>>> 
>>> Below and attached please find the draft comments. Please feel free
>>> to send me edits with Track Changes (if you use the attached file).
>>> To avoid a flood on the list, feel free to share small edits with me
>>> privately.  Big edits and changes are probably up for discussion.
>>> DEADLINE: SATURDAY (but I am judging my son's debate team, so
>>> tomorrow if possible).
>>> 
>>> Best and tx,
>>> Kathy
>>> 
>>> *[DRAFT] Comments of the Noncommercial Users Constituency of ICANN*
>>> *Study on Whois Misuse*
>>> *Due: January 18, 2014*
>>> 
>>> The Noncommercial Users Constituency of ICANN submits this document
>>> in response to the call for public comments on the*/Study on Whois
>>> Misuse/*posted on the ICANN website. We respectfully submit that this
>>> Study is a very important one for ICANN and for the GNSO policy work
>>> ahead.
>>> 
>>> We note that the study seems thorough and professionally done. Its
>>> named researchers were Dr. Nicolas Christin and Nektarios Leontiadis.
>>> Dr. Christin received his PhD in Computer Science from the University
>>> of Virginia, and is an Assistant Research Professor of Electrical and
>>> Computer Engineering at Carnegie Mellon University.Nektarios
>>> Leontiadis is a PhD candidate at Carnegie Mellon University, in the
>>> department of Engineering and Public Policy, with research focused on
>>> the economic modeling of online crime. Both are affiliated with
>>> CMU?s/CyLab/security lab.
>>> 
>>> This study stayed close and tight to the Terms of Reference set out
>>> for it --terms set and designed by members of the GNSO and approved
>>> by the GNSO Council.
>>> 
>>> The key question of the study was:/Does public access to
>>> WHOIS-published data lead to a measurable degree of misuse?/The
>>> answer was an unequivocal yes:
>>> 
>>> The main finding of the descriptive study is that there is
>>> a*statistically significant occurrence of WHOIS misuse affecting
>>> Registrants? email addresses, postal addresses, and phone numbers,
>>> published in WHOIS*when registering domains in these gTLDs.*Overall,
>>> we find that 44% of Registrants experience one or more of these types
>>> of WHOIS misuse.*[Emphasis added, WHOIS Misuse Study, p. 6]
>>> 
>>> We appreciate the extensive efforts the CMU team undertook to test
>>> the hypothesis it was given by ICANN and the GNSO.First, it conducted
>>> a descriptive study reaching out to Experts, Registrants and
>>> Registries/Registrars. Specifically, the team surveyed a ?diverse
>>> group of experts in the fields of security and privacy affiliated
>>> with research institutes, academia, law enforcement agencies,
>>> Internet Service Providers (ISPs), and national data protection
>>> commissioners.? [Study, p. 13]
>>> 
>>> The team surveyed Registrants for a ?better understanding of their
>>> direct experiences with Whois misuse? and found that 43.9% reported
>>> ?some kind of misuse of their WHOIS information,? including/postal
>>> address misuse, email address misuse/and/phone number misuse/tied to
>>> the Whois data, as well as/Identity theft, unauthorized intrusion to
>>> servers/and/blackmail/to which publicly-published Whois data may have
>>> been a contributing factor.
>>> 
>>> Then the team surveyed Registrars and Registries about Whois
>>> harvesting attacks, and the deployment and effectiveness of WHOIS
>>> anti-harvesting techniques.
>>> 
>>> Second and perhaps most interestingly, the CMU team conducted its own
>>> experimental study in which they registered a set of domain names in
>>> the top five gTLDs through a representative set of Registrars, with
>>> unique Registrant identities. Over the course of six months, they
>>> tracked emails, voicemails and postal mail received by the
>>> registrants of these experimental domain names. The purpose of the
>>> study was to eliminate ?any extraneous variables,? e.g. the
>>> publication of a postal address in both the Whois and an outside
>>> directory.
>>> 
>>> The conclusions of the study are Striking ? and answer questions
>>> floating in the GNSO for over a decade./Yes, there is abuse of
>>> publicly-published Whois data. Yes, that abuse is statistically
>>> significant./We share again the main finding of the Study for
>>> additional review in this comment period:
>>> 
>>> The main finding of the descriptive study is that there is a
>>> statistically significant occurrence of WHOIS misuse affecting
>>> Registrants? email addresses, postal addresses, and phone numbers,
>>> published in WHOIS when registering domains in these gTLDs.Overall,
>>> we find that 44% of Registrants experience one or more of these types
>>> of WHOIS misuse.[Emphasis added, WHOIS Misuse Study, p. 6]
>>> 
>>> We thank CMU for the extensive efforts it devoted to this study, and
>>> the extra efforts made and extra time spent to expand studies to
>>> include more experts from Latin America and overall go above and
>>> beyond the requirements for arounded and complete study.
>>> 
>>> _Reply to Other Commenters:_
>>> 
>>> *ALAC Comments:*
>>> ALAC published the following comment in their comments: ?We note the
>>> study has returned findings that align with individual experience of
>>> At-Large constituents plus the evidence of widespread occurrence has
>>> validated similar research undertaken by At-Large connected researchers.?
>>> 
>>> We note that NCUC, too, has directly experienced deeply concerning
>>> misuses of WHOIS data. In particular, attorneys in NCUC have directly
>>> experienced and directly worked with clients who have experienced:
>>> 
>>> -Stalking, for which the Whois was the only published source for the
>>> location of an online, home-based business by which an ex-spouse
>>> found his wife and stalked her.
>>> -Political persecution, by which Whois data was used not only to
>>> track dissenters (some located in the US and protected by the First
>>> Amendment), but also their families located in the countries about
>>> whose corruption the websites were devoted (and who were not
>>> similarly protected);
>>> -Chilling effects, by which Whois data was used to track down and
>>> intimidate or silence those who have a different political, religious
>>> or moral view;
>>> 
>>> -Anticompetitive activity ? by which competitors used Whois data to
>>> track down entrepreneurs and small businesses owners and seek to
>>> intimidate them to set businesses plans and services aside.
>>> 
>>> We further share with ALAC the deep concern that ?WHOIS misuse is
>>> factual and widespread, as the evidence from 44% of sampled
>>> registrants across the several domains attest.?We further agree that
>>> thisposes a ?continued threat? to the ?security and confidence in the
>>> use of the Internet, [and] the public interest demands measures to
>>> address and abate its impact.?ALAC
>>> Comments,http://forum.icann.org/lists/comments-whois-misuse-27nov13/msg00006.html
>>> 
>>> We have the evidence, and measures must now be taken to protect
>>> Registrants, and the speech, work, expression, hobbies, research,
>>> business, education and communication they conduct using their domain
>>> names.
>>> 
>>> Respectfully submitted,
>>> 
>>> [if approved]
>>> 
>>> NONCOMMERCIAL USERS CONSTITUENCY
>>> 
>>> <NCUC DRAFT Comments - Misuse of Whois
>>> Study.docx>_______________________________________________
>>> Ncuc-discuss mailing list
>>> Ncuc-discuss at lists.ncuc.org <mailto:Ncuc-discuss at lists.ncuc.org>
>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>> 
>> ***********************************************
>> William J. Drake
>> International Fellow & Lecturer
>>  Media Change & Innovation Division, IPMZ
>>  University of Zurich, Switzerland
>> Chair, Noncommercial Users Constituency,
>>  ICANN, www.ncuc.org <http://www.ncuc.org/>
>> william.drake at uzh.ch <mailto:william.drake at uzh.ch> (direct),
>> wjdrake at gmail.com <mailto:wjdrake at gmail.com> (lists),
>> www.williamdrake.org <http://www.williamdrake.org/>
>> ***********************************************
>> 
>> _______________________________________________
>> Ncuc-discuss mailing list
>> Ncuc-discuss at lists.ncuc.org <mailto:Ncuc-discuss at lists.ncuc.org>
>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
> 
> 
> 
> <Attached Message Part.txt>_______________________________________________
> PC-NCSG mailing list
> PC-NCSG at ipjustice.org
> http://mailman.ipjustice.org/listinfo/pc-ncsg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ipjustice.org/pipermail/pc-ncsg/attachments/20140118/2edffb44/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NCUC DRAFT Comments - Misuse of Whois Study.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 16547 bytes
Desc: not available
URL: <http://mailman.ipjustice.org/pipermail/pc-ncsg/attachments/20140118/2edffb44/attachment-0001.docx>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ipjustice.org/pipermail/pc-ncsg/attachments/20140118/2edffb44/attachment-0003.html>



More information about the NCSG-PC mailing list