[PC-NCSG] Fwd: Re: [NCUC-DISCUSS] Draft comments on Misuse of Whois Study - timely
Avri Doria
avri
Sat Jan 18 18:25:23 EET 2014
Note on not having enough time for a proper call.
This was only brought up on the NCUC list. While I check the NCSG lists
every few hours, in the most infrequent case, I tend to check the NCUC
discuss list every few days as I don't expect to see it as the policy
discussion list and I have to prioritize things I am committed to do,
over those where I have no responsibilities.
I am sure I ought to check the NCUC list more often.
avri
On 18-Jan-14 11:11, Avri Doria wrote:
> Hi,
>
> No, they haven't as far as i know. I was one of the 2013 NCUC
> appointees, and may still be until repaced. Nuno is listed as the
> remaining NCUC, he replaced Mary when she went into the staff. So it
> would be good to hear from him
>
> For NPOC, it would be good to have Marie Laure or Rudy to agree. Not
> enough time to do a timed call at this point.
>
> avri
>
>
> On 18-Jan-14 11:01, Amr Elsadr wrote:
>> Has the NCUC-EC made its final appointments to the NCSG-PC? In any case,
>> I second Avri?s request for support of this statement by this committee.
>> I apologise for the short notice, and I feel I have some responsibility
>> to bear on this. Until very recently, I was mistakenly under the
>> impression that we had another week to submit this statement.
>>
>> Thanks.
>>
>> Amr
>>
>>
>>
>>
>> On Jan 18, 2014, at 4:39 PM, Avri Doria <avri at acm.org
>> <mailto:avri at acm.org>> wrote:
>>
>>>
>>> Any chance we can endorse this as well in the few hours left?
>>>
>>> I would just send a last minute note endorsing the NCUC statement once
>>> it was made, assuming it is made. i think i can still call myself
>>> alternate chair. Or the NCSg chair can send the note.
>>>
>>> "The NCSG-PC endorse the reply statement submitted by the NCUC
>>> url-here."
>>>
>>>
>>>
>>> At this point I would need to hear at least one voice from each of the
>>> constituencies with no objections to feel free to do this.
>>>
>>> avri
>>>
>>>
>>> -------- Original Message --------
>>> Subject:Re: [NCUC-DISCUSS] Draft comments on Misuse of Whois Study -
>>> timely
>>> Date:Sat, 18 Jan 2014 16:31:38 +0100
>>> From:Amr Elsadr <aelsadr at egyptig.org <mailto:aelsadr at egyptig.org>>
>>> To:William Drake <wjdrake at gmail.com <mailto:wjdrake at gmail.com>>
>>> CC:NCUC EC <ncuc-ec at lists.ncuc.org <mailto:ncuc-ec at lists.ncuc.org>>,
>>> "ncuc-discuss at lists.ncuc.org <mailto:ncuc-discuss at lists.ncuc.org>"
>>> <ncuc-discuss at lists.ncuc.org <mailto:ncuc-discuss at lists.ncuc.org>>
>>>
>>>
>>>
>>> Hi Bill and all,
>>>
>>> I have gone through the study as well as attended the webinar with the
>>> researchers who performed it and find that Kathy?s comments are spot on.
>>> The statistical significance she (and the report) mention were found to
>>> be with a 95% confidence rate, which is the standard accepted confidence
>>> of an accurate study based on quantitative analysis.
>>>
>>> I am happy to endorse this statement and am grateful to Kathy for taking
>>> the time to draft it.
>>>
>>> Thanks Kathy.
>>>
>>> Amr
>>>
>>> On Jan 18, 2014, at 2:57 PM, William Drake <wjdrake at gmail.com
>>> <mailto:wjdrake at gmail.com>
>>> <mailto:wjdrake at gmail.com>> wrote:
>>>
>>>> Hi Folks
>>>>
>>>> As Kathy has indicated, the timeline on this is rather short, 11:59pm
>>>> UTC today, and she?s asking that it be approved as a NCUC statement in
>>>> the (probably likely) event it can?t be at the NCSG level in time.
>>>> The challenge here is that, per previous, we have not for some time
>>>> had the NCUC policy committee called for in our dated bylaws to
>>>> approve constituency-level statements. So the way we?ve done such
>>>> things in recent years is pretty much rough consensus after hearing
>>>> from as many folks as possible in the time frame?certainly elected
>>>> (EC) or appointed (NCSG PC) representatives, and regular members as
>>>> well. Admittedly, this is not quite a satisfactory approach given
>>>> that NCUC is now much bigger and more diverse when that model set it,
>>>> but in lieu of a formal PC a broader and virtual PC is what we have to
>>>> work with at the moment.
>>>>
>>>> So, it?d be really helpful if we could hear back either way from
>>>> whoever?s online and can get their head around this in the next few
>>>> hours.
>>>>
>>>> Thanks
>>>>
>>>> Bill
>>>>
>>>>
>>>> On Jan 16, 2014, at 11:52 PM, Kathy Kleiman <Kathy at kathykleiman.com
>>>> <mailto:Kathy at kathykleiman.com>
>>>> <mailto:Kathy at kathykleiman.com>> wrote:
>>>>
>>>>> Hi All,
>>>>> I need your help. There is an amazing study done by two researchers
>>>>> (a PhD and an almost-PhD) at Carnegie Melon University. They tested
>>>>> the hypothesis of whether "public access to WHOIS data leads to a
>>>>> measurable degree of misuse of certain kinds of gTLD domain name
>>>>> Registrant identity and contact information." They did both a
>>>>> descriptive study (surveys of law enforcement and privacy people,
>>>>> registrants and registrars) and an experimental study (registering
>>>>> domain names with no other traceable source and seeing how much spam,
>>>>> and unsolicited phone calls and emails they received).
>>>>>
>>>>> They found what we have been telling ICANN for years: "there is a
>>>>> statistically significant occurrence of WHOIS misue affecting
>>>>> Registrants' email addresses, postal addresses, and phone numbers,
>>>>> published in Whois."
>>>>>
>>>>> Great and let's tell them so! I've drafted some comments that not
>>>>> only support the findings (and review the great effort dedicated to
>>>>> the study), but also draw on abuse cases we have discussed and shared
>>>>> from the NCUC over many years, including political persecution,
>>>>> chilling effects, anti-competitive activity, and stalking.
>>>>>
>>>>> Since these are Reply Comments, it is traditional to not only share
>>>>> your own views, but comment on those of others. Our views are, in
>>>>> many way, close to those of ALAC on this issue. ALAC's comments note
>>>>> that the Study's results "align with individual experience of
>>>>> At-Large constituents" and also research ALAC has done. So the
>>>>> noncommercial and individual registrant groups are aligned on this
>>>>> issue - and that is key.
>>>>>
>>>>> Below and attached please find the draft comments. Please feel free
>>>>> to send me edits with Track Changes (if you use the attached file).
>>>>> To avoid a flood on the list, feel free to share small edits with me
>>>>> privately. Big edits and changes are probably up for discussion.
>>>>> DEADLINE: SATURDAY (but I am judging my son's debate team, so
>>>>> tomorrow if possible).
>>>>>
>>>>> Best and tx,
>>>>> Kathy
>>>>>
>>>>> *[DRAFT] Comments of the Noncommercial Users Constituency of ICANN*
>>>>> *Study on Whois Misuse*
>>>>> *Due: January 18, 2014*
>>>>>
>>>>> The Noncommercial Users Constituency of ICANN submits this document
>>>>> in response to the call for public comments on the*/Study on Whois
>>>>> Misuse/*posted on the ICANN website. We respectfully submit that this
>>>>> Study is a very important one for ICANN and for the GNSO policy work
>>>>> ahead.
>>>>>
>>>>> We note that the study seems thorough and professionally done. Its
>>>>> named researchers were Dr. Nicolas Christin and Nektarios Leontiadis.
>>>>> Dr. Christin received his PhD in Computer Science from the University
>>>>> of Virginia, and is an Assistant Research Professor of Electrical and
>>>>> Computer Engineering at Carnegie Mellon University.Nektarios
>>>>> Leontiadis is a PhD candidate at Carnegie Mellon University, in the
>>>>> department of Engineering and Public Policy, with research focused on
>>>>> the economic modeling of online crime. Both are affiliated with
>>>>> CMU?s/CyLab/security lab.
>>>>>
>>>>> This study stayed close and tight to the Terms of Reference set out
>>>>> for it --terms set and designed by members of the GNSO and approved
>>>>> by the GNSO Council.
>>>>>
>>>>> The key question of the study was:/Does public access to
>>>>> WHOIS-published data lead to a measurable degree of misuse?/The
>>>>> answer was an unequivocal yes:
>>>>>
>>>>> The main finding of the descriptive study is that there is
>>>>> a*statistically significant occurrence of WHOIS misuse affecting
>>>>> Registrants? email addresses, postal addresses, and phone numbers,
>>>>> published in WHOIS*when registering domains in these gTLDs.*Overall,
>>>>> we find that 44% of Registrants experience one or more of these types
>>>>> of WHOIS misuse.*[Emphasis added, WHOIS Misuse Study, p. 6]
>>>>>
>>>>> We appreciate the extensive efforts the CMU team undertook to test
>>>>> the hypothesis it was given by ICANN and the GNSO.First, it conducted
>>>>> a descriptive study reaching out to Experts, Registrants and
>>>>> Registries/Registrars. Specifically, the team surveyed a ?diverse
>>>>> group of experts in the fields of security and privacy affiliated
>>>>> with research institutes, academia, law enforcement agencies,
>>>>> Internet Service Providers (ISPs), and national data protection
>>>>> commissioners.? [Study, p. 13]
>>>>>
>>>>> The team surveyed Registrants for a ?better understanding of their
>>>>> direct experiences with Whois misuse? and found that 43.9% reported
>>>>> ?some kind of misuse of their WHOIS information,? including/postal
>>>>> address misuse, email address misuse/and/phone number misuse/tied to
>>>>> the Whois data, as well as/Identity theft, unauthorized intrusion to
>>>>> servers/and/blackmail/to which publicly-published Whois data may have
>>>>> been a contributing factor.
>>>>>
>>>>> Then the team surveyed Registrars and Registries about Whois
>>>>> harvesting attacks, and the deployment and effectiveness of WHOIS
>>>>> anti-harvesting techniques.
>>>>>
>>>>> Second and perhaps most interestingly, the CMU team conducted its own
>>>>> experimental study in which they registered a set of domain names in
>>>>> the top five gTLDs through a representative set of Registrars, with
>>>>> unique Registrant identities. Over the course of six months, they
>>>>> tracked emails, voicemails and postal mail received by the
>>>>> registrants of these experimental domain names. The purpose of the
>>>>> study was to eliminate ?any extraneous variables,? e.g. the
>>>>> publication of a postal address in both the Whois and an outside
>>>>> directory.
>>>>>
>>>>> The conclusions of the study are Striking ? and answer questions
>>>>> floating in the GNSO for over a decade./Yes, there is abuse of
>>>>> publicly-published Whois data. Yes, that abuse is statistically
>>>>> significant./We share again the main finding of the Study for
>>>>> additional review in this comment period:
>>>>>
>>>>> The main finding of the descriptive study is that there is a
>>>>> statistically significant occurrence of WHOIS misuse affecting
>>>>> Registrants? email addresses, postal addresses, and phone numbers,
>>>>> published in WHOIS when registering domains in these gTLDs.Overall,
>>>>> we find that 44% of Registrants experience one or more of these types
>>>>> of WHOIS misuse.[Emphasis added, WHOIS Misuse Study, p. 6]
>>>>>
>>>>> We thank CMU for the extensive efforts it devoted to this study, and
>>>>> the extra efforts made and extra time spent to expand studies to
>>>>> include more experts from Latin America and overall go above and
>>>>> beyond the requirements for arounded and complete study.
>>>>>
>>>>> _Reply to Other Commenters:_
>>>>>
>>>>> *ALAC Comments:*
>>>>> ALAC published the following comment in their comments: ?We note the
>>>>> study has returned findings that align with individual experience of
>>>>> At-Large constituents plus the evidence of widespread occurrence has
>>>>> validated similar research undertaken by At-Large connected
>>>>> researchers.?
>>>>>
>>>>> We note that NCUC, too, has directly experienced deeply concerning
>>>>> misuses of WHOIS data. In particular, attorneys in NCUC have directly
>>>>> experienced and directly worked with clients who have experienced:
>>>>>
>>>>> -Stalking, for which the Whois was the only published source for the
>>>>> location of an online, home-based business by which an ex-spouse
>>>>> found his wife and stalked her.
>>>>> -Political persecution, by which Whois data was used not only to
>>>>> track dissenters (some located in the US and protected by the First
>>>>> Amendment), but also their families located in the countries about
>>>>> whose corruption the websites were devoted (and who were not
>>>>> similarly protected);
>>>>> -Chilling effects, by which Whois data was used to track down and
>>>>> intimidate or silence those who have a different political, religious
>>>>> or moral view;
>>>>>
>>>>> -Anticompetitive activity ? by which competitors used Whois data to
>>>>> track down entrepreneurs and small businesses owners and seek to
>>>>> intimidate them to set businesses plans and services aside.
>>>>>
>>>>> We further share with ALAC the deep concern that ?WHOIS misuse is
>>>>> factual and widespread, as the evidence from 44% of sampled
>>>>> registrants across the several domains attest.?We further agree that
>>>>> thisposes a ?continued threat? to the ?security and confidence in the
>>>>> use of the Internet, [and] the public interest demands measures to
>>>>> address and abate its impact.?ALAC
>>>>> Comments,http://forum.icann.org/lists/comments-whois-misuse-27nov13/msg00006.html
>>>>>
>>>>>
>>>>> We have the evidence, and measures must now be taken to protect
>>>>> Registrants, and the speech, work, expression, hobbies, research,
>>>>> business, education and communication they conduct using their domain
>>>>> names.
>>>>>
>>>>> Respectfully submitted,
>>>>>
>>>>> [if approved]
>>>>>
>>>>> NONCOMMERCIAL USERS CONSTITUENCY
>>>>>
>>>>> <NCUC DRAFT Comments - Misuse of Whois
>>>>> Study.docx>_______________________________________________
>>>>> Ncuc-discuss mailing list
>>>>> Ncuc-discuss at lists.ncuc.org
>>>>> <mailto:Ncuc-discuss at lists.ncuc.org><mailto:Ncuc-discuss at lists.ncuc.org>
>>>>>
>>>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>>>>
>>>> ***********************************************
>>>> William J. Drake
>>>> International Fellow & Lecturer
>>>> Media Change & Innovation Division, IPMZ
>>>> University of Zurich, Switzerland
>>>> Chair, Noncommercial Users Constituency,
>>>> ICANN,www.ncuc.org <http://www.ncuc.org/><http://www.ncuc.org/>
>>>> william.drake at uzh.ch
>>>> <mailto:william.drake at uzh.ch><mailto:william.drake at uzh.ch> (direct),
>>>> wjdrake at gmail.com
>>>> <mailto:wjdrake at gmail.com><mailto:wjdrake at gmail.com> (lists),
>>>> www.williamdrake.org
>>>> <http://www.williamdrake.org/><http://www.williamdrake.org/>
>>>> ***********************************************
>>>>
>>>> _______________________________________________
>>>> Ncuc-discuss mailing list
>>>> Ncuc-discuss at lists.ncuc.org
>>>> <mailto:Ncuc-discuss at lists.ncuc.org><mailto:Ncuc-discuss at lists.ncuc.org>
>>>>
>>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>>>
>>>
>>>
>>> <Attached Message
>>> Part.txt>_______________________________________________
>>> PC-NCSG mailing list
>>> PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>>
>
> _______________________________________________
> PC-NCSG mailing list
> PC-NCSG at ipjustice.org
> http://mailman.ipjustice.org/listinfo/pc-ncsg
>
>
More information about the NCSG-PC
mailing list