[At-Large] ICC Policy Statement on Cross- Border Law Enforcement vs Privacy Laws

Carlton Samuels carlton.samuels at gmail.com
Fri Mar 23 15:23:32 UTC 2012

The ALAC Statement on the WHOIS RT Report should be posted by now.

Check it out and you will find concurrence  for all the elements you
outlined; accurate WHOIS enforcement, binding privacy and/or proxy
- Carlton

Carlton A Samuels
Mobile: 876-818-1799
*Strategy, Planning, Governance, Assessment & Turnaround*

On Fri, Mar 23, 2012 at 5:31 AM, Derek Smythe <derek at aa419.org> wrote:

> On 3/23/2012 11:21 AM, Lutz Donnerhacke wrote:
> > On Thu, Mar 22, 2012 at 10:05:36PM -0500, Carlton Samuels wrote:
> >>
> http://www.iccwbo.org/uploadedFiles/Law_enforcement_access_to_company_data_final_20March12.pdf
> >
> > Thank you for pointing to this document. To my honest surprise the paper
> asks
> > the the Law Enforcement Agencies to respect the laws in other countries
> and
> > urges them to use cross-country law enforcement frameworks.
> >
> > Breaking it down to WHOIS, it declares the "global, unrestricted access
> to
> > complete data" as a violation of data protection and privacy laws.
> That would depend on which country you are in :)
> However, here is the problem:
> Currently we have grossly inaccurate and unvalidated WHOIS information
> we now wish to hide under privay laws.
> The end result to that is that the ordinary user on the net will
> become more of a target than ever before. It is common to see some
> West African registrant claiming to live in another country, in turn
> claims to be a business in a third like a bank, courier, lawyer etc.
> It is also not uncommon to link the real registrant whoever he is to
> credit card fraud and identity theft based upon the claimed whois details.
> Also remember: Law enforcement officials will not examine each and
> every occurrence of fraud on the internet, they simply do not have the
> resources.
> Right now law enforcement depends on non-law enforcement parties to
> alert them to issues. WHOIS data is part of this process and law
> enforcement will lose access to a lot of these alerts. I find it
> ironical that so many whois abuse studies are done, yet so few studies
> on legitimate usage.
> Also, say we have official channels to obtain data for criminals
> operating on the net, how long does it take before the reply gets back
> to law enforcement? What do you do if the reply is "Yogi Bear, 12
> Yellowstone Park"? How much time  and other resources would have been
> wasted? Remember some of these issues are also time sensitive. History
> has also shown a crisis in one country may not constitute a crisis in
> another country.
> We do however need privacy and desperately so. So how do we get to it?
> We first need to resolve the current WHOIS mess, then we can throw a
> blanket of privacy over it. Doing it the wrong way around is a recipe
> for a disaster.
> Also note distinction is made between companies and individuals. So
> what will we do if we notice a domain like the-real-bank.info with web
> content claiming to be the-real-bank.com, yet the first on cheap
> shared hosting and no security and with obfuscated WHOIS details. The
> real the-real-bank.com may act if it is phishing (targeting their
> clients), but history has shown the real owner tends to be less
> responsive if it's a 419 domain (not targeting their clients). What do
> we do if it is some-fictitious-bank.com that does not exist in reality
> (we see a lot of them)?
> Privacy requires accountability - you cannot separate the two.
> Currently there is no accountability in the system. Once we fix that
> we are on the road to responsible privacy.
> Derek
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> At-Large Official Site: http://atlarge.icann.org

More information about the At-Large mailing list