[PC-NCSG] [] Draft comments on Misuse of Whois Study - timely
Avri Doria
avri
Sun Jan 19 01:17:26 EET 2014
Hi,
Well NCUC has submitted
http://forum.icann.org/lists/comments-whois-misuse-27nov13/msg00012.html
But I still have not heard from anyone in NPOC.
I have less than hour left.
Though I am fine with submitting late.
Or not submitting at all if that is the upshot of this last minute 'process'
avri
On 18-Jan-14 15:05, avri doria wrote:
> Hi
>
> Well if NCUC send this in, it will be safe to assume NCUC supports it.
> But I still feel I need at least one of the npoc members to endorse the
> ncsg-pc endorsement since we do not have enough time for the 'speak now
> or we will assume support' consensus process.
>
> I haven't seen one yet unless I missed it.
>
> avri
>
> Sent from a T-Mobile 4G LTE Device
>
>
> -------- Original message --------
> From: William Drake
> Date:01/18/2014 14:35 (GMT-05:00)
> To: Avri Doria
> Cc: NCSG-Policy Policy NCSG-Policy
> Subject: Re: [PC-NCSG] [NCUC-DISCUSS] Draft comments on Misuse of Whois
> Study - timely
>
> Hi Avri
>
> There?s been a lot of comm on this...NCUC has been working to get a full
> slate of volunteers to fill all open slots. We are almost there and
> will then convene an EC meeting to approve them. So until then yes
> please you and Nuno are still the reps to NCSG PC. By end of month this
> should be fixed.
>
> Thanks
>
> Bill
>
> On Jan 18, 2014, at 5:11 PM, Avri Doria <avri at ACM.ORG> wrote:
>
> > Hi,
> >
> > No, they haven't as far as i know. I was one of the 2013 NCUC
> appointees, and may still be until repaced. Nuno is listed as the
> remaining NCUC, he replaced Mary when she went into the staff. So it
> would be good to hear from him
> >
> > For NPOC, it would be good to have Marie Laure or Rudy to agree. Not
> enough time to do a timed call at this point.
> >
> > avri
> >
> >
> > On 18-Jan-14 11:01, Amr Elsadr wrote:
> >> Has the NCUC-EC made its final appointments to the NCSG-PC? In any case,
> >> I second Avri?s request for support of this statement by this committee.
> >> I apologise for the short notice, and I feel I have some responsibility
> >> to bear on this. Until very recently, I was mistakenly under the
> >> impression that we had another week to submit this statement.
> >>
> >> Thanks.
> >>
> >> Amr
> >>
> >>
> >>
> >>
> >> On Jan 18, 2014, at 4:39 PM, Avri Doria <avri at acm.org
> >> <mailto:avri at acm.org>> wrote:
> >>
> >>>
> >>> Any chance we can endorse this as well in the few hours left?
> >>>
> >>> I would just send a last minute note endorsing the NCUC statement once
> >>> it was made, assuming it is made. i think i can still call myself
> >>> alternate chair. Or the NCSg chair can send the note.
> >>>
> >>> "The NCSG-PC endorse the reply statement submitted by the NCUC
> url-here."
> >>>
> >>>
> >>>
> >>> At this point I would need to hear at least one voice from each of the
> >>> constituencies with no objections to feel free to do this.
> >>>
> >>> avri
> >>>
> >>>
> >>> -------- Original Message --------
> >>> Subject:Re: [NCUC-DISCUSS] Draft comments on Misuse of Whois Study -
> >>> timely
> >>> Date:Sat, 18 Jan 2014 16:31:38 +0100
> >>> From:Amr Elsadr <aelsadr at egyptig.org <mailto:aelsadr at egyptig.org>>
> >>> To:William Drake <wjdrake at gmail.com <mailto:wjdrake at gmail.com>>
> >>> CC:NCUC EC <ncuc-ec at lists.ncuc.org <mailto:ncuc-ec at lists.ncuc.org>>,
> >>> "ncuc-discuss at lists.ncuc.org <mailto:ncuc-discuss at lists.ncuc.org>"
> >>> <ncuc-discuss at lists.ncuc.org <mailto:ncuc-discuss at lists.ncuc.org>>
> >>>
> >>>
> >>>
> >>> Hi Bill and all,
> >>>
> >>> I have gone through the study as well as attended the webinar with the
> >>> researchers who performed it and find that Kathy?s comments are
> spot on.
> >>> The statistical significance she (and the report) mention were found to
> >>> be with a 95% confidence rate, which is the standard accepted
> confidence
> >>> of an accurate study based on quantitative analysis.
> >>>
> >>> I am happy to endorse this statement and am grateful to Kathy for
> taking
> >>> the time to draft it.
> >>>
> >>> Thanks Kathy.
> >>>
> >>> Amr
> >>>
> >>> On Jan 18, 2014, at 2:57 PM, William Drake <wjdrake at gmail.com
> >>> <mailto:wjdrake at gmail.com>
> >>> <mailto:wjdrake at gmail.com>> wrote:
> >>>
> >>>> Hi Folks
> >>>>
> >>>> As Kathy has indicated, the timeline on this is rather short, 11:59pm
> >>>> UTC today, and she?s asking that it be approved as a NCUC statement in
> >>>> the (probably likely) event it can?t be at the NCSG level in time.
> >>>> The challenge here is that, per previous, we have not for some time
> >>>> had the NCUC policy committee called for in our dated bylaws to
> >>>> approve constituency-level statements. So the way we?ve done such
> >>>> things in recent years is pretty much rough consensus after hearing
> >>>> from as many folks as possible in the time frame?certainly elected
> >>>> (EC) or appointed (NCSG PC) representatives, and regular members as
> >>>> well. Admittedly, this is not quite a satisfactory approach given
> >>>> that NCUC is now much bigger and more diverse when that model set it,
> >>>> but in lieu of a formal PC a broader and virtual PC is what we have to
> >>>> work with at the moment.
> >>>>
> >>>> So, it?d be really helpful if we could hear back either way from
> >>>> whoever?s online and can get their head around this in the next few
> >>>> hours.
> >>>>
> >>>> Thanks
> >>>>
> >>>> Bill
> >>>>
> >>>>
> >>>> On Jan 16, 2014, at 11:52 PM, Kathy Kleiman <Kathy at kathykleiman.com
> >>>> <mailto:Kathy at kathykleiman.com>
> >>>> <mailto:Kathy at kathykleiman.com>> wrote:
> >>>>
> >>>>> Hi All,
> >>>>> I need your help. There is an amazing study done by two researchers
> >>>>> (a PhD and an almost-PhD) at Carnegie Melon University. They tested
> >>>>> the hypothesis of whether "public access to WHOIS data leads to a
> >>>>> measurable degree of misuse of certain kinds of gTLD domain name
> >>>>> Registrant identity and contact information." They did both a
> >>>>> descriptive study (surveys of law enforcement and privacy people,
> >>>>> registrants and registrars) and an experimental study (registering
> >>>>> domain names with no other traceable source and seeing how much spam,
> >>>>> and unsolicited phone calls and emails they received).
> >>>>>
> >>>>> They found what we have been telling ICANN for years: "there is a
> >>>>> statistically significant occurrence of WHOIS misue affecting
> >>>>> Registrants' email addresses, postal addresses, and phone numbers,
> >>>>> published in Whois."
> >>>>>
> >>>>> Great and let's tell them so! I've drafted some comments that not
> >>>>> only support the findings (and review the great effort dedicated to
> >>>>> the study), but also draw on abuse cases we have discussed and shared
> >>>>> from the NCUC over many years, including political persecution,
> >>>>> chilling effects, anti-competitive activity, and stalking.
> >>>>>
> >>>>> Since these are Reply Comments, it is traditional to not only share
> >>>>> your own views, but comment on those of others. Our views are, in
> >>>>> many way, close to those of ALAC on this issue. ALAC's comments note
> >>>>> that the Study's results "align with individual experience of
> >>>>> At-Large constituents" and also research ALAC has done. So the
> >>>>> noncommercial and individual registrant groups are aligned on this
> >>>>> issue - and that is key.
> >>>>>
> >>>>> Below and attached please find the draft comments. Please feel free
> >>>>> to send me edits with Track Changes (if you use the attached file).
> >>>>> To avoid a flood on the list, feel free to share small edits with me
> >>>>> privately. Big edits and changes are probably up for discussion.
> >>>>> DEADLINE: SATURDAY (but I am judging my son's debate team, so
> >>>>> tomorrow if possible).
> >>>>>
> >>>>> Best and tx,
> >>>>> Kathy
> >>>>>
> >>>>> *[DRAFT] Comments of the Noncommercial Users Constituency of ICANN*
> >>>>> *Study on Whois Misuse*
> >>>>> *Due: January 18, 2014*
> >>>>>
> >>>>> The Noncommercial Users Constituency of ICANN submits this document
> >>>>> in response to the call for public comments on the*/Study on Whois
> >>>>> Misuse/*posted on the ICANN website. We respectfully submit that this
> >>>>> Study is a very important one for ICANN and for the GNSO policy work
> >>>>> ahead.
> >>>>>
> >>>>> We note that the study seems thorough and professionally done. Its
> >>>>> named researchers were Dr. Nicolas Christin and Nektarios Leontiadis.
> >>>>> Dr. Christin received his PhD in Computer Science from the University
> >>>>> of Virginia, and is an Assistant Research Professor of Electrical and
> >>>>> Computer Engineering at Carnegie Mellon University.Nektarios
> >>>>> Leontiadis is a PhD candidate at Carnegie Mellon University, in the
> >>>>> department of Engineering and Public Policy, with research focused on
> >>>>> the economic modeling of online crime. Both are affiliated with
> >>>>> CMU?s/CyLab/security lab.
> >>>>>
> >>>>> This study stayed close and tight to the Terms of Reference set out
> >>>>> for it --terms set and designed by members of the GNSO and approved
> >>>>> by the GNSO Council.
> >>>>>
> >>>>> The key question of the study was:/Does public access to
> >>>>> WHOIS-published data lead to a measurable degree of misuse?/The
> >>>>> answer was an unequivocal yes:
> >>>>>
> >>>>> The main finding of the descriptive study is that there is
> >>>>> a*statistically significant occurrence of WHOIS misuse affecting
> >>>>> Registrants? email addresses, postal addresses, and phone numbers,
> >>>>> published in WHOIS*when registering domains in these gTLDs.*Overall,
> >>>>> we find that 44% of Registrants experience one or more of these types
> >>>>> of WHOIS misuse.*[Emphasis added, WHOIS Misuse Study, p. 6]
> >>>>>
> >>>>> We appreciate the extensive efforts the CMU team undertook to test
> >>>>> the hypothesis it was given by ICANN and the GNSO.First, it conducted
> >>>>> a descriptive study reaching out to Experts, Registrants and
> >>>>> Registries/Registrars. Specifically, the team surveyed a ?diverse
> >>>>> group of experts in the fields of security and privacy affiliated
> >>>>> with research institutes, academia, law enforcement agencies,
> >>>>> Internet Service Providers (ISPs), and national data protection
> >>>>> commissioners.? [Study, p. 13]
> >>>>>
> >>>>> The team surveyed Registrants for a ?better understanding of their
> >>>>> direct experiences with Whois misuse? and found that 43.9% reported
> >>>>> ?some kind of misuse of their WHOIS information,? including/postal
> >>>>> address misuse, email address misuse/and/phone number misuse/tied to
> >>>>> the Whois data, as well as/Identity theft, unauthorized intrusion to
> >>>>> servers/and/blackmail/to which publicly-published Whois data may have
> >>>>> been a contributing factor.
> >>>>>
> >>>>> Then the team surveyed Registrars and Registries about Whois
> >>>>> harvesting attacks, and the deployment and effectiveness of WHOIS
> >>>>> anti-harvesting techniques.
> >>>>>
> >>>>> Second and perhaps most interestingly, the CMU team conducted its own
> >>>>> experimental study in which they registered a set of domain names in
> >>>>> the top five gTLDs through a representative set of Registrars, with
> >>>>> unique Registrant identities. Over the course of six months, they
> >>>>> tracked emails, voicemails and postal mail received by the
> >>>>> registrants of these experimental domain names. The purpose of the
> >>>>> study was to eliminate ?any extraneous variables,? e.g. the
> >>>>> publication of a postal address in both the Whois and an outside
> >>>>> directory.
> >>>>>
> >>>>> The conclusions of the study are Striking ? and answer questions
> >>>>> floating in the GNSO for over a decade./Yes, there is abuse of
> >>>>> publicly-published Whois data. Yes, that abuse is statistically
> >>>>> significant./We share again the main finding of the Study for
> >>>>> additional review in this comment period:
> >>>>>
> >>>>> The main finding of the descriptive study is that there is a
> >>>>> statistically significant occurrence of WHOIS misuse affecting
> >>>>> Registrants? email addresses, postal addresses, and phone numbers,
> >>>>> published in WHOIS when registering domains in these gTLDs.Overall,
> >>>>> we find that 44% of Registrants experience one or more of these types
> >>>>> of WHOIS misuse.[Emphasis added, WHOIS Misuse Study, p. 6]
> >>>>>
> >>>>> We thank CMU for the extensive efforts it devoted to this study, and
> >>>>> the extra efforts made and extra time spent to expand studies to
> >>>>> include more experts from Latin America and overall go above and
> >>>>> beyond the requirements for arounded and complete study.
> >>>>>
> >>>>> _Reply to Other Commenters:_
> >>>>>
> >>>>> *ALAC Comments:*
> >>>>> ALAC published the following comment in their comments: ?We note the
> >>>>> study has returned findings that align with individual experience of
> >>>>> At-Large constituents plus the evidence of widespread occurrence has
> >>>>> validated similar research undertaken by At-Large connected
> >>>>> researchers.?
> >>>>>
> >>>>> We note that NCUC, too, has directly experienced deeply concerning
> >>>>> misuses of WHOIS data. In particular, attorneys in NCUC have directly
> >>>>> experienced and directly worked with clients who have experienced:
> >>>>>
> >>>>> -Stalking, for which the Whois was the only published source for the
> >>>>> location of an online, home-based business by which an ex-spouse
> >>>>> found his wife and stalked her.
> >>>>> -Political persecution, by which Whois data was used not only to
> >>>>> track dissenters (some located in the US and protected by the First
> >>>>> Amendment), but also their families located in the countries about
> >>>>> whose corruption the websites were devoted (and who were not
> >>>>> similarly protected);
> >>>>> -Chilling effects, by which Whois data was used to track down and
> >>>>> intimidate or silence those who have a different political, religious
> >>>>> or moral view;
> >>>>>
> >>>>> -Anticompetitive activity ? by which competitors used Whois data to
> >>>>> track down entrepreneurs and small businesses owners and seek to
> >>>>> intimidate them to set businesses plans and services aside.
> >>>>>
> >>>>> We further share with ALAC the deep concern that ?WHOIS misuse is
> >>>>> factual and widespread, as the evidence from 44% of sampled
> >>>>> registrants across the several domains attest.?We further agree that
> >>>>> thisposes a ?continued threat? to the ?security and confidence in the
> >>>>> use of the Internet, [and] the public interest demands measures to
> >>>>> address and abate its impact.?ALAC
> >>>>>
> Comments,http://forum.icann.org/lists/comments-whois-misuse-27nov13/msg00006.html
> >>>>>
> >>>>> We have the evidence, and measures must now be taken to protect
> >>>>> Registrants, and the speech, work, expression, hobbies, research,
> >>>>> business, education and communication they conduct using their domain
> >>>>> names.
> >>>>>
> >>>>> Respectfully submitted,
> >>>>>
> >>>>> [if approved]
> >>>>>
> >>>>> NONCOMMERCIAL USERS CONSTITUENCY
> >>>>>
> >>>>> <NCUC DRAFT Comments - Misuse of Whois
> >>>>> Study.docx>_______________________________________________
> >>>>> Ncuc-discuss mailing list
> >>>>> Ncuc-discuss at lists.ncuc.org
> >>>>>
> <mailto:Ncuc-discuss at lists.ncuc.org><mailto:Ncuc-discuss at lists.ncuc.org>
> >>>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
> >>>>
> >>>> ***********************************************
> >>>> William J. Drake
> >>>> International Fellow & Lecturer
> >>>> Media Change & Innovation Division, IPMZ
> >>>> University of Zurich, Switzerland
> >>>> Chair, Noncommercial Users Constituency,
> >>>> ICANN,www.ncuc.org <http://www.ncuc.org/><http://www.ncuc.org/>
> >>>> william.drake at uzh.ch
> >>>> <mailto:william.drake at uzh.ch><mailto:william.drake at uzh.ch> (direct),
> >>>> wjdrake at gmail.com
> >>>> <mailto:wjdrake at gmail.com><mailto:wjdrake at gmail.com> (lists),
> >>>> www.williamdrake.org
> >>>> <http://www.williamdrake.org/><http://www.williamdrake.org/>
> >>>> ***********************************************
> >>>>
> >>>> _______________________________________________
> >>>> Ncuc-discuss mailing list
> >>>> Ncuc-discuss at lists.ncuc.org
> >>>>
> <mailto:Ncuc-discuss at lists.ncuc.org><mailto:Ncuc-discuss at lists.ncuc.org>
> >>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
> >>>
> >>>
> >>>
> >>> <Attached Message
> Part.txt>_______________________________________________
> >>> PC-NCSG mailing list
> >>> PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
> >>> http://mailman.ipjustice.org/listinfo/pc-ncsg
> >>
> >
> > _______________________________________________
> > PC-NCSG mailing list
> > PC-NCSG at ipjustice.org
> > http://mailman.ipjustice.org/listinfo/pc-ncsg
>
> ***********************************************
> William J. Drake
> International Fellow & Lecturer
> Media Change & Innovation Division, IPMZ
> University of Zurich, Switzerland
> Chair, Noncommercial Users Constituency,
> ICANN, www.ncuc.org
> william.drake at uzh.ch (direct), wjdrake at gmail.com (lists),
> www.williamdrake.org
> ***********************************************
>
>
More information about the NCSG-PC
mailing list