RE: [dow1tf] Preliminary Report v. 5

["Milton Mueller" <mueller@xxxxxxx>]

Right. "phishing." There are many minor typos like that in the draft.
I've made a list of them. but
that can wait and can be corrected online.

To address the substantive issue re: phishing,
every single case of it I have seen involves an
email address with a phony domain name (e.g., "aol.com"). Thus, the idea
that whois
policy is going to solve that kind of fraud must taken with a boulder of
salt. 

--MM


>>> Barbara Roseman <roseman@xxxxxxxxx> 05/24/04 18:40 $)GD6E) >>>
the term is "phishing". It involves setting up a phony but very
realistic 
website in order to trick people into providing identity information,
such 
as social security numbers, credit card account numbers, and passwords. 
Ebay, Citibank, and other major online businesses have had considerable 
problems with this type of scam. Often, phishing uses many exploits of 
browsers to hide the true name of the domain so it's not easy for naive 
users to tell that they are not at the official site.

-Barb

At 06:30 PM 5/24/2004 -0400, Neuman, Jeff wrote:
>All,
>
>I have just looked through the section added by Jeremy on Needs and
>Justifications of Whois information and propose changing that section
to
>state:
>
>"In statements collected by the Task Force from the previous Whois task
>forces as well as ICANN workshops and our recent survey, some groups
have
>indicated that unfettered access to accurate, up-to-date, and reliable
Whois
>data has become an important tool for a variety of Internet users.
>Consumers as well as consumer protection authorities frequently use
Whois to
>discover with whom they are dealing online.  The United States Federal
Trade
>Commission, for example, often uses Whois to investigate online fraud,
>identity theft, and "phising" scams, particularly in the cross-border
>context.  Law enforcement officials likewise access Whois information
to
>combat online crimes.  Intellectual property owners, both copyright and
>trademark owners, use Whois as a tool to fight online piracy and
>cybersquatting.  In addition, trademark owners and other business users
use
>Whois as a way of managing trademark portfolios, conducting due
diligence
>for the purpose of corporate acquisitions, and identifying company
assets in
>bankruptcies or insolvencies.
>
>Previous materials also indicate that individuals responsible for
network
>security  access to Whois data to prevent denial of service attacks and
>identify other threats to networks stability.  ICANN's Security and
>Stability Advisory Committee recently noted the importance of Whois
data and
>recommended that "[t]he accuracy of Whois data used to provide contact
>information for the party responsible for an Internet resource must be
>improved, both at the time of its initial registration and at regular
>intervals."
>
>This would I believe eliminate some of the subjective language.  Also,
what
>are "phising scams."  I did not know if that was a typo or a real term.
>
>Please let me know your thoughts.
>
>Jeff
>
>-----Original Message-----
>From: Neuman, Jeff [mailto:Jeff.Neuman@xxxxxxxxxx]
>Sent: Sunday, May 23, 2004 7:18 PM
>To: 'dow1tf@xxxxxxxxxxxxxx'
>Subject: [dow1tf] Preliminary Report v. 5
>
>
>All,
>
>Enclosed is the latest version of the Preliminary Report as well as a
>separate Redline Document.  We are getting close.
>
>Please be prepared to discuss on Tuesday and please also send comments
to
>the draft via e-mail.  I think we should also plan on having a call
this
>Thursday to finalize all of the details.
>
>Thanks.
>
>Jeff
>
>  <<Whois TF 1 - Preliminary Report v 0.5.doc>>  <<Redline.doc>>
>
>Jeffrey J. Neuman, Esq.
>Director, Law & Policy
>NeuStar, Inc.
>Loudoun Tech Center
>46000 Center Oak Plaza
>Building X
>Sterling, VA 20166
>p: (571) 434-5772
>f: (571) 434-5735
>e-mail: Jeff.Neuman@xxxxxxxxxx