[WHOIS-WG] [At-Large] [NA-Discuss] [FWD: RE: [ALAC-Announce] Meeting Invitation / Discussion on Domain Names Registered Using Private/Proxy Services / 14.12.09 @ 18:00 UTC]
Jeffrey A. Williams
jwkckid1 at ix.netcom.com
Tue Dec 15 12:45:23 CST 2009
Derek and all,
Perhaps it would be to whomever you are representing,
to report these instances to the LEA's in the jurisdictions
in which the offender originated and "CC" ICANN's legal
department as both a matter of courtisy and passive
notification so that these suspected problems can be
investigated or otherwise resolved accordingly.
I along with all of our members long ago now recognized
that ICANN cannot or will not get it's registrars or
registries to comply properly with the RIAA's and/or
recognize and take corrective action to deal effectively
with security and privacy problems associated with domain
names and their uses however maline of miligenent they
may or may not have been used accordingly.
WHOIS was never intended as a tool for investigation in any
depth, but seems to me that at least accuracy in the data for
any domain along with reasonable Email and phone # contact
information should be avaliable and accurate, as ICANN some years
ago now promised, but has yet to diliver or inforce appropriately.
-----Original Message-----
>From: Derek Smythe <derek at aa419.org>
>Sent: Dec 15, 2009 9:10 AM
>To: whois-wg at atlarge-lists.icann.org
>Subject: Re: [WHOIS-WG] [At-Large] [NA-Discuss] [FWD: RE: [ALAC-Announce] Meeting Invitation / Discussion on Domain Names Registered Using Private/Proxy Services / 14.12.09 @ 18:00 UTC]
>
>
>
>Karl Auerbach wrote:
>> On 12/14/2009 07:44 PM, Derek Smythe wrote:
>>> Karl Auerbach wrote:
>>>>
>>>> It really concerns me that ICANN is being used as a private hired
>>>> gun through which everyone from the trademark industry to "consumer
>>>> advocates" are trying to create an e-vigilante shortcut past well
>>>> established legal due processes and protections.
>>
>>> No Karl, ICANN is not being used as a private hired gun. And maybe
>>> those "consumer advocates" may actually just be looking out for the
>>> best interests of less technical people on the net.
>>
>> Maybe those "less technical people" ought to have a vote so that we can
>> know what they want and not presume?
>>
>
>Presume?
>
>
>> To me a self proclaimed prophet of the people is simply self proclaimed
>> unless there is a demonstration that there are people who chose for that
>> person to represent them or who have an opportunity to recall that person.
>
>How about listening to what people are saying and asking, bearing in
>mind they are from all over the world, not just the USA? Example:
>===========
>> Hy there,
>>
>> center-motos-ltd.net
>> auto-center-ltd.com
>> hps-moto.com
>(details removed)
>> Please take action and report them immediately. I've searched all over the internet for this kind of website where I can report the scams and yours have a great feedback.
>> I'm waiting for an answer.
>===========
>> this fake bank sent me email for fund transfer and I believe is is a scam so I have to report it so it will be reported and terminated
>>
>> http://www.e-server-online.net/access/
>==========
>
>> The fake website is: (removed) and the scammer opened it up with my name and address as they stole it from a website they hacked into.
>>
>> PLEASE HELP
>==========
>> Please let me know if this is a fake website. One of my new suppliers is claiming his parcel is going to be sent by them but it just looks really fake:
>>
>> www.couriersolution-limited.com
>>
>> thank you very much!
>
>===========
>> I would like to know if this website is real....
>... and later from the same party:
>> Thanks for the heads up. I think my address is a magnet for scam because i lost money before. Can you direct me to the place where i can find out if a company or website is legitimate or registered.
>===========
>> please verify if this site is legit.They are demanding $5000 from me for wire transfer fees
>>
>> www.limburgsociete.eu
>
>
>If you want more, please email me direct. I think this is saying
>something ....
>
>Also I am not a prophet, simply representing people with no where to
>turn to get real answers to issues affecting their daily lives.
>
>Why are people turning to other places to report these? Indeed why not
>report them where somebody will seek to have the scams terminated.
>
>>
>> You cite the FDA - weak as the linkage of control is, the FDA is subject
>> and change by those who it purports to protect via political processes.
>>
>> ICANN has no such process.
>>
>My point is you refer to: "shortcut past well established legal due
>processes and protections". Yet you yourself distrust it? Eat your
>own dog food? Remember we are talking worldwide, not "USA only"-wide.
>
>> And we have all seen how the trademark protection industry has indeed
>> used ICANN and its UDRP as a "hired gun" to force people with perfectly
>> legitimate non-trademark rights in names into a forum that is
>> procedurally stacked in favor of the trademark holder.
>>
>> So, yes, I see ICANN as a "hired gun".
>
>Do you know what the ratio of those are vs nefarious domains
>deliberately registered to prey upon other netizens causing harm to
>them, financially and other? Also the losses caused vs other losses?
>Is your cure not worse than the disease?
>
>
>Please read this:
>http://www.internetevolution.com/author.asp?section_id=593&doc_id=147027
>
>> Although the Internet may be considered the greatest achievement of the past 50 years, the technology behind it has created a sanctuary for various types of computer criminals. The unfortunate and ugly truth is that the Web is providing a brand new “world” where international cyber criminals can thrive, and the world’s numerous criminal justice systems just aren’t ready to address these crimes in their entirety.
>>
>> Cyber criminals don’t necessarily need to leave the comfort of their homes to commit their crimes. Today, for example, bank robberies can be committed in Southeast Asia via a computer that’s being controlled by an individual in Russia. Identity theft is achieved through a complex network of individuals residing in North America, Europe, and Africa, all effectively working together on the Internet to profit from shared information. And organized crime has ties to spam campaigns, identity theft, denial-of-service attacks, and organized hacking rings.
>>
>> The fact is that Internet crimes are almost always international crimes. When you read about a bank system being hacked in order to steal 100,000 accounts, more than likely this crime was committed by perpetrators overseas, and there will almost definitely be a connection to organized crime. This part of the story is rarely conveyed to the everyday reader, but it is critical to understand this fact if we are going to fix the problem.
>>
>> In the world of cyber crime, law enforcement officials in most countries have recognized that they must move much faster than the average investigator due to the fact that computer evidence can “disappear” rather quickly. These same cyber investigators realize they must be willing and ready to cooperate with law enforcement officials in other countries if they actually plan to capture the Internet criminals.
>>
>> Laws, treaties, and conventions, such as the Convention on Cybercrime, have attempted to address the international cooperation issue. Although the Convention on Cybercrime is an outstanding step in the right direction, is not a “law” that applies to all countries. Regardless of whether the country is a member of this Convention, the punishments levied are based on the local laws of the land.
>>
>> But the problem with investigating international cyber crimes and capturing criminals on the Internet is not necessarily due to lack of cooperation among international law enforcement bodies. The issue has much more to do with the fact that the legal systems throughout the world vary greatly and take a very long time to change. These two facts make it extremely difficult for law enforcement to cooperate, investigate, capture, and ultimately prosecute the cyber criminals today.
>>
>> If we accept the fact that the greatest hurdle in arresting international cyber criminals is that various legal systems just aren’t prepared to address the speed at which these crimes occur or the various nuances that are unique to computer crimes, then the question is: What can we do to fix the problem?
>>
>> It’s obvious that the Internet requires some type of governance. But it is just as obvious that trying to establish this governance through the numerous legal systems might not be practical. The other possibility for governing the Internet, and, more specifically, the criminal activity that occurs on the Internet, would be to change the structure of the Internet. Although I don’t support ideas like the “national firewalls” put in place by some countries, this type of solution does afford some level of control over Internet traffic flowing through said country.
>>
>> However, knowing all the possibilities with disguising or “spoofing” one’s information on the Web, I’m not sure that there is a way to truly “protect our borders” when it comes to the Internet. The solution might be to establish two Internets -- the current Internet and a new, more secure Internet where users would be required to register prior to gaining access. Once again, though, we’re confronted with the issue of what would be the governing body that would manage the user registrations? Would it be an organization similar to the IANA (Internet Assigned Numbers Authority) or InterNIC that would manage user registrations on the “new” Internet, or do we need to establish an entirely new entity to manage a more secure Internet?
>>
>> The fight against international cyber crime is going to take a concerted effort from large and small corporations, law enforcement in all countries, as well as the governments and legislative bodies of those same countries. Most importantly, the average end user will have to join the fight to bring about change on the Internet, or create a “new” Internet using the lessons we’ve learned.
>
>Amen.
>
>>
>>> Do you distrust your institutions' advice so much that and are you
>>> willing to risk many, many consumers on the net?
>>
>> That is a surprising statement. I hardly accept the premise that
>> "distrust" of "institution's advice" must lead inexorably to consumer harm.
> >
> > The common wisdom is that trust is to be earned, not assumed.
> >
> > But in the case of ICANN we have evidence that suggests that
>distrust is
> > appropriate.
>
>Would you be willing to buy and use drugs from the pharmacies the FDA
>and like warns you about? If not, how does that project into other
>countries worldwide? Just because their government does not have an
>awareness program or adequate legal processes, does that mean their
>net users are to be subjected to the dangers of those online drugs?
>(There are some amazing scientific reports out there where people
>deliberately purchased and tested those drugs - not backed by those
>big corporates)
>
>If not, what do we do? Think worldwide.
>
>>
>> We ought to distrust institutions that purport to act in the public
>> interest, institutions but that have worked year-in and year-out to deny
>> the public a voice in that protection.
>>
>> ICANN, which has legal existence and tax exemptions based on protection
>> of the public interest, is a poster child for a body that ejects the
>> public from its halls of decision-making.
>>
>> How can one believe ICANN cares even one whit about "consumers" when it
>> repeatedly refuses to incorporate third party beneficiary rights into
>> its contracts with registries and registrars so that users can enforce
>> the terms of those agreements even when ICANN does not?
>>
>> Daily I see industrial lobbying groups that try to cast their message
>> into the "consumer protection" mold. When it comes to "consumer
>> protection" why should anyone trust ICANN any more than we trust the
>> National Association of Manufacturers?
>>
>> ICANN has been found to be a pliant tool by the intellectual property
>> protection industry - their claim is that they protect the public by
>> protecting intellectual property. That's no different than a claim that
>> ICANN should condemn and block this or that lawful activities on the
>> grounds that some group says that such condemnation or blocking is in
>> the interest of some un-enumerated and voiceless "public interest".
>>
>> If the thing being complained of is unlawful - and if what you suggest
>> certain pharmacies are doing is unlawful - then the right tool is
>> called "law enforcement".
>
>Once again, which country's law enforcement? Please, pretty please,
>explain that one to me. In the recent examples we had Panama as an
>example of the "supposed" country of origin. Heck, originally they
>were in Canada as some of the domain names still infer. There is
>nothing new here.
>
>Let us look at the law enforcement landscape:
>First of all you would have to acknowledge we are talking
>internationally and that presumes international cooperation, that we
>are talking about investigations leading to countries that may or may
>not have an agreement/treaties with the country where the victim finds
>himself, that domain proxy providers may take a day or two to disclose
> licensee info, that requests for info via standard protocols takes
>time while server logs are retained for one to two days in some
>instances (loss of evidence), that anonymous internet proxies plays a
>large part in the internet today (buy a domain from a reseller and get
>a free paid for proxy subscription) where no logs are kept due to
>privacy ... it just goes on and on.
>
>Unless distinctive patterns can be discerned of mass fraud or other
>nefarious activities, there will be no legal action brought. Victims
>to isolated are not really investigated.
>
>The fact that the FBI, Interpol and other law enforcement agencies are
>spoofed on a regular basis by parties should also tell you something.
>
>Am I saying law enforcement officials do not do there work? No, just
>they are flooded with incidents are have to do damage control with
>limited resources.
>
>I note you said nothing about my suggestion regarding the law
>enforcement levy on domains?
>
>
>>
>> ICANN can't even do the job it was created to do - to assure that DNS
>> query packets are accurately, efficiently, and reliably transformed into
>> DNS response packets without bias for or against any query source or any
>> query target.
>>
>> To give ICANN other jobs, particularly jobs fraught with cultural and
>> social values, jobs that amount to saying "no" to lawful activities, is
>> foolish.
>
>I agree the system is broken. But it has to be fixed. Incidentally
>privacy will not be the way currently, it will be disastrous.
>
>The ICANN RAA is a good start though, or do we give it up as a bad
>job, call it a day and cancel our network with our ISP. Or do we try
>and fix it?
>
>How can you have a legal agreement with a party that does not exist,
>targeting other net users to deceive them, then turn around and call
>it privacy. That is mentioned in ICANN advisory dated 3 April 2003.
>That party is already in breach of the registrant agreement anyway.
>Why then go off an and turn such a domain into a major issue when in
>fact it devalue sthe whole DNS system.
>
>Note what I am saying "targeting other net users to deceive them". It
>is also term causing harm to third parties elsewhere in official
>documentation.
>
>Let us start by looking and evaluating where the system is broken.
>Example, the following domains where reported via the WDPRS system,
>follow up reports where launched six weeks later. Long after being
>reported people actually lost money to these domains. Also stolen
>credit card details involved. It also illustrates why hosting
>termination is not an option - go look at their hosting history. All
>these domains had a scam site on them at one stage .
>They where also reported to the authorities :)
>
>accessob.com (Access Bank - but suddenly in Malaysia)
>uibaccess.com
>skymicrofinance.com (http://skymicrofinance.com/uk/)
>unitymicrofinance.com (http://unitymicrofinance.com/uk/)
>ramafinancial.com
>
>Later in an official complaint, these were also reported:
>indosatfin.com
>perdanfin.com (hosting terminated at time of reporting, back;
>http://perdanfin.com/home/)
>uibaccess.com
>cuandoinvest.com
>ulsterirish.com
>
>
>There are no blind accusations as to the nature of these domains. They
>are scams used by parties to defraud other internet victims, totally
>unaccountable despite being reported and escalated on 2009/11/29 after
>the system fell flat. However some registrars have a history of that.
>
>They also show another issues I mentioned. Registered in the USA with
>a fake non existent address (easily verifiable), claims to be in the
>UK, but international forwarding numbers are used to ?? (typically
>mobile/cell phones). Victims in another county, also Malaysia here.
>Situations like these do cause headaches for law enforcement,
>especially when more people are victimized by these scams daily and
>they are left online despite their bogus whois details. The only
>positive part here is at least the scammer did not steal somebodies
>details for the whois as is the norm nowadays.
>
>
>>
>> Moreover, ICANN has long since become a combination that acts to
>> restrain lawful trade, fix prices, and limit the vendors in the
>> marketplace. Adding yet another restraint of trade to ICANN's portfolio
>> simply makes it more likely that ICANN will be found to be in violation
>> of the US, EU, or some other jurisdiction's laws regarding fair and open
>> competition. And once that happens, ICANN's pyramid of contracts will
>> come 'a tumbling down. That would be the antithesis of protection of
>> everyone's, including consumers', interests.
>
>Who is talking restraint of trade? "Restraint of fraud" is what I am
>referring to; scammers, phishers etc targeting victims to deceive them
>with false pretenses and deception to commit fraud which is illegal in
>most of the countries in the world we both live in.
>
>So if ICANN is not able to judge and certain registrars are not
>willing to enforce their own ToS/AUP, what about those registrars
>paying a surcharge of $X to fund a specialist abuse ubnit at ICANN,
>but under the control of international law enforcement. That way maybe
>ordinary people could be protected.
>
>At this juncture I also wish to commend those registrars that have
>looked at the problem, acknowledged it and realize the current system
>is what it is. They then invested in training their own abuse staff
>that investigate claims of abuse and where found to be justified,
>terminate those domains. They also take no prisoners when it comes to
>abuse of their privacy. Yet they have not had any claims against them.
> Nor have they lost real business. Makes you think.
>
>As a parting thought, I wish to repeat the last sentence in the
>article I quoted:
>> Can I repeat that last sentence:
>>> Most importantly, the average end user will have to join the fight to bring about change on the Internet, or create a “new” Internet using the lessons we’ve learned.
>
>Who better than the people here at one of the ports of entry of those
>acts targeting those they this group is supposed to represent.
>
>Or do we end up with the alternative:
>http://news.softpedia.com/news/Former-FBI-Agent-Proposes-Second-Internet-79777.shtml
>
>Yet nearly two years down the line and are we are still were we were
>when the article was published, with new technologies abounding and
>being abused. One of the early adopters is the cyber criminal (fact)
>and domains are also part of the cyber criminal's toolkit (fact).
>
>
>Derek
>
>_______________________________________________
>WHOIS-WG mailing list
>WHOIS-WG at atlarge-lists.icann.org
>http://atlarge-lists.icann.org/mailman/listinfo/whois-wg_atlarge-lists.icann.org
>
>WHOIS WG Wiki: https://st.icann.org/gnso-liaison/index.cgi?whois_policy
Regards,
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 294k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1 at ix.netcom.com
Phone: 214-244-4827
More information about the WHOIS-WG
mailing list