In March, I posted a call to action to those of us in the community who have the inclination to fight against a movement to redact information critical to anti-abuse research. Today i felt compelled to react to some of the discussions on the ICANN discussion list dedicated to the issue of WHOIS reform:
Follow-up-up To Loudmouths Wanted: Sorry, not sorry
Sorry, not sorry: I work every working hour of the day to protect literally hundreds of millions of users from privacy violating spam, phish, malware, and support scams.
Should access to WHOIS data be redacted in any way beyond what it is at present, my work will be made impossible. I spend 90% of my day in WHOIS data, the other 10% sculpting the data in a manner to provide reason and proof to hosting provider and registrars to take action against real-life criminals on their networks.
I also prepare cases for law enforcement to act upon. Contrary to popular belief in some quarters, LE cannot possibly begin to know about the stuff I (and my many, many colleagues) see, until we tell them. That’s how it works. Any of the big botnet and crime ring take-downs and arrests you’ve ever seen have involved a public-private collaboration between individuals, researchers such ads myself, and law enforcement.
So, I’d like to issue congratulations to all those who want to redact. You will, without a single iota of uncertainty, will expose many more people to real – not potential or hypothetical – privacy issues of a far more serious nature than you could possibly imagine, all in the badly mangled, misguided, and muddleheaded notion of what privacy actually is in the real world. ‘Cut off your nose to spite your face’ has never been more apt.
I hope you tell your Mom, family and your friends what you are trying to do here, while I spend my time trying to protect them from real evil: Revenge porn. Identity Theft. Plain old theft. Stalking. Photographic representation of the rape of children. Trolling, leading to the destruction of people’s lives. Emptied bank accounts.
Tell them you don’t want me to be able to do my job, and that you are trying to make it impossible, because you think access to the data that has been public and without challenge under the world’s privacy laws for twenty years is better off limited to the point of uselessness, sacrificed on some misshapen altar of privacy.
If I sound angry at what you are attempting to do, then I’ve hit my mark. i am furious. The security sector is furious. We are terrified that you may have any degree of success in this regard, because you apparently don’t know, or don’t care what the actual results will be. Placating with ‘gated access’ means there will be some among my peers and colleagues, far more talented and effective than I, who simply cannot gain access, and the resulting mess will be on your head, and at risk of overstating my case, the blood on your hands.
So again, congratulations. Mother’s Day is coming up. Be sure to make mention of this in the card you send. Now, if you’ll excuse me, I’ll go back to diving in the data lake of WHOIS, trying to keep spam and far worse evil off’ve your network.
K bye tnx.
Coalition Against Unsolicited Commercial Email
Twitter : @cauce