[anti-abuse-wg] GDPR - positive effects on email abuse

Hi Simon,

that is a common misconception, but sadly untrue.

> As things stand at the moment, the interpretations of GDPR and subsequent actions of some large organisations make it likely that fraud and other types of malpractice, largely aimed at individual users, will increase.
On the other hand, the amount of spam and abuse directed at new 
registrant will be greatly reduced. Balance will be the result.
> The stated position "that tool was illegal to begin with as it violated the rights to privacy of millions of domain owners” is, at best, misleading. Assuming the “tool” being referred to is WHIOS, registrants of domains needed to provide information as part of their contract with the registrar. A contractual requirement. Perfectly OK pre GDPR, perfectly OK post GDPR.
Sadly untrue, since consent to processing of data that is not strictly 
necessary for the performance of the contract post GDPR must be freely 
given. If the service is withheld unless consent is provided, that 
consent is invalid.
Even before GDPR, the consent for whois was iffy as best.
> Publishing that data was perfectly legal pre-GDPR. It _may_ be legal post GDPR. Until this is tested in court, definitives are just so much posturing. And the argument is likely to be more nuanced anyway. If I want to register a domain and am told up front, in clear unambiguous language that the details I provide will appear in a publicly queryable database as part of the contract, job done. I may not like it. I may decide that I don’t want to enter into the contract. And that’s rather the point. Informed consent.
Actually, it isn't. Forced consent is never valid.
> Law enforcement doesn't provide anti-virus tools. Law enforcement doesn't offer secure transport services for cash and gold. Law enforcement doesn’t provide locks for front doors. Private companies provide those services. Your fancifully termed ""Private researchers" and other vigilantes or rent-a-cops” work to provide tools and services to enable people to protect themselves from bad actors online, not law enforcement. It is folly to remove tools used by these private companies to protect billions without at least some form of balanced debate.
Legal tools can be used, illegal toold cannot. But you raise a valid 
point regarding legitimate service providers providing valuable 
services. However, they must do so with tools that are legal.
> At ICANN, Puerto Rico, one member of a public interest board put it quite well when he stated that when it comes to protecting the interests of a few million (domain owners) versus protecting the interests of a few billion (internet users), he’d always come done on the side of the billions. I agree with the sentiment.
The opposite view is that "It's better that 10 guilty men go free than 
one innocent man be wrongly convicted", or in this case I'd rather see 
one spam mail a day in my inbox more than forfeit the privacy of all 
registrants. The needs of the many do not give the right to violate the 
rights of the few.

And even that is a false equivalent, since all this work can continue to 
be provided without the use of whois. Whois is but one tool in an 
arsenal of many. Use the others, like you probably already do with 
registrations in ccTLDs without full public whois access.

Volker
>
> Simon
>
>
>> On 29 May 2018, at 12:36, Volker Greimann <vgreimann at key-systems.net> wrote:
>>
>> Wow, the level of narrowmindedness and fearmongering is high with this one.
>>
>> Crime online will likely not increase due to GDPR. It may be more difficult to detect and take action against due to the loss of one tool amongst many, but ultimately that tool was illegal to begin with as it violated the rights to privacy of millions of domain owners.
>>
>> "Private researchers" and other vigilantes or rent-a-cops will indeed have a more difficult time to obtain such data as they will finally have to do so by legal means, but then they are in an untenable position anyway, taking upon themselves functions that should be fulfilled by actual law enforcement.
>>
>> Ultimately, private data if internet users no longer being public will lead to better registration data for those with a right to access it. Those with no such rights will have to figure out alternate routes to do their jobs that does not violate the rights of millions.
>>
>> Best,
>>
>> Volker
>>
>>
>>
>> Am 28.05.2018 um 21:13 schrieb Ronald F. Guilmette:
>>> ox <andre at ox.co.za> wrote:
>>>
>>>> Firstly I would like to comment that the multinationals and their funded trade
>>>> groups (and their lobby orgs) shouted from the rooftops that if the GDPR came
>>>> into effect, Internet in the EU would collapse and there would be digital doom
>>>> and gloom.
>>> I am not a multinational.  I am an individual volunteer anti-abuse researcher.
>>> And yet even -I- have told everyone I know that the disappearance of public
>>> WHOIS is and will be an epic catastrophy.  If there was cybercrime on the
>>> Internet before, it will be increased, going forward, by tenfold.
>>>
>>>> How wrong they were (hindsight is perfect - as we can all clearly see)
>>> Be patient.  The change has only just occurred.
>>>
>>>> The EU has truly become a world and global leader in the reclamation of
>>>> individual rights and the free Internet.
>>> Here on this side of the pond, one usually has to turn on Fox News in order
>>> to be treated to this level of rubbish.
>>>
>>> The only thing that has happened is that private researchers the world
>>> over have been effectively blinded due to the supreme arogance and idiocy
>>> of europeans... europeans who, in their religious fervor, have come to view
>>> it as their holy obligation to foist their demented notions onto the rest
>>> of the world, whether any of the rest of us like it or not.
>>>
>>> Meanwhile the malevolent forces of state-sponsored intrigue and violation
>>> of human rights are and shall remain totally unfettered and unaffected by
>>> GDPR, as they will be the first ones to obtain special exemptions allowing
>>> them to continue to see WHOIS data.  The CIA, NSA, BDN, and FSB are
>>> undoubtedly celebrating the arrival of GDPR, as it further entrenches
>>> their special status at the expense of the great unwashes masses.
>>>
>>> Friday was a sad day for both transparency and democracy, but all across
>>> the globe both criminals and statists undoubtedly celebrated it with
>>> toasts of champaign.
>>>
>>>
>>> Regards,
>>> rfg
>>>
>> -- 
>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>>
>> Mit freundlichen Grüßen,
>>
>> Volker A. Greimann
>> - Rechtsabteilung -
>>
>> Key-Systems GmbH
>> Im Oberen Werk 1
>> 66386 St. Ingbert
>> Tel.: +49 (0) 6894 - 9396 901
>> Fax.: +49 (0) 6894 - 9396 851
>> Email: vgreimann at key-systems.net
>>
>> Web: www.key-systems.net / www.RRPproxy.net
>> www.domaindiscount24.com / www.BrandShelter.com
>>
>> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
>> www.facebook.com/KeySystems
>> www.twitter.com/key_systems
>>
>> Geschäftsführer: Alexander Siffrin
>> Handelsregister Nr.: HR B 18835 - Saarbruecken
>> Umsatzsteuer ID.: DE211006534
>>
>> Member of the KEYDRIVE GROUP
>> www.keydrive.lu
>>
>> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>>
>> --------------------------------------------
>>
>> Should you have any further questions, please do not hesitate to contact us.
>>
>> Best regards,
>>
>> Volker A. Greimann
>> - legal department -
>>
>> Key-Systems GmbH
>> Im Oberen Werk 1
>> 66386 St. Ingbert
>> Tel.: +49 (0) 6894 - 9396 901
>> Fax.: +49 (0) 6894 - 9396 851
>> Email: vgreimann at key-systems.net
>>
>> Web: www.key-systems.net / www.RRPproxy.net
>> www.domaindiscount24.com / www.BrandShelter.com
>>
>> Follow us on Twitter or join our fan community on Facebook and stay updated:
>> www.facebook.com/KeySystems
>> www.twitter.com/key_systems
>>
>> CEO: Alexander Siffrin
>> Registration No.: HR B 18835 - Saarbruecken
>> V.A.T. ID.: DE211006534
>>
>> Member of the KEYDRIVE GROUP
>> www.keydrive.lu
>>
>> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>>
>>
>>
>>

-- 
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann
- Rechtsabteilung -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann
- legal department -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems

CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.