Hank Nussbacher wrote:
The entire whois debacle will only get resolved when some hackers attack www.eugdpr.org, ec.europa.eu and some other key .eu sites. When the response they get will be "sorry, we can't determine who is attacking you since that contravenes GDPR", will the EU light bulb go on that something in GDPR needs to be tweaked.
You seem to assume that said light bulb does in fact exist.
-Hank
--Johnny /\_/\ ( *.* )
^ <
That would be real time information involving 'essential' activities. GDPR would not prevent determining the source of an attack. GDPR specifically doesn't protect anyone involved in criminal activity nor contradict any regulatory requirement (which covers cyber attacks). Mack -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Johnny Eriksson Sent: Monday, June 04, 2018 12:24 PM To: nanog@nanog.org Subject: Re: ICANN GDPR lawsuit Hank Nussbacher wrote:
The entire whois debacle will only get resolved when some hackers attack www.eugdpr.org, ec.europa.eu and some other key .eu sites. When the response they get will be "sorry, we can't determine who is attacking you since that contravenes GDPR", will the EU light bulb go on that something in GDPR needs to be tweaked.
You seem to assume that said light bulb does in fact exist.
-Hank
--Johnny /\_/\ ( *.* )
^ < E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
That’s a wonderful theory. However, in practice, it’s a bit different. GDPR eliminates or at the very least complicates the maintenance of directory services. If past experience is any guide, once something becomes sufficiently difficult to maintain while complying with regulation, said thing eventually ceases to exist at least in any meaningful or useful form. It is not at all unlikely that this will be the inevitable consequence of GDPR when it comes to whois and thus, it is not at all unlikely that the scenario Hank described may be an (admittedly unintended, but very likely) outcome of GDPR. Owen
On Jun 4, 2018, at 09:30 , McBride, Mack <C-Mack.McBride@charter.com> wrote:
That would be real time information involving 'essential' activities. GDPR would not prevent determining the source of an attack. GDPR specifically doesn't protect anyone involved in criminal activity nor contradict any regulatory requirement (which covers cyber attacks).
Mack
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Johnny Eriksson Sent: Monday, June 04, 2018 12:24 PM To: nanog@nanog.org Subject: Re: ICANN GDPR lawsuit
Hank Nussbacher wrote:
The entire whois debacle will only get resolved when some hackers attack www.eugdpr.org, ec.europa.eu and some other key .eu sites. When the response they get will be "sorry, we can't determine who is attacking you since that contravenes GDPR", will the EU light bulb go on that something in GDPR needs to be tweaked.
You seem to assume that said light bulb does in fact exist.
-Hank
--Johnny
/\_/\ ( *.* )
^ < E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
once upon a time, when one received what had yet to be called spam, or logs showed an attack, one wrote to the owner of the source ip to tell them their system had been hacked. dunno about everyone else, but i stopped doing that sometime in the '80s. randy _ //` `\ _,-"\% // /``\`\ ~^~ >__^ |% // / } `\`\ ) )%// / } } }`\`\ / (%/`/.\_/\_/\_/\`/ ( ` `-._` \ , ( \ _`-.__.-%> /_`\ \ `\ \." `-..- ` ``` /_/`"-=-``/_/ ``` ```
On June 4, 2018 at 17:01 randy@psg.com (Randy Bush) wrote:
once upon a time, when one received what had yet to be called spam, or logs showed an attack, one wrote to the owner of the source ip to tell them their system had been hacked. dunno about everyone else, but i stopped doing that sometime in the '80s.
I remember one night, early 1990s, watching keystrokes of a guy who'd gotten into one of our systems and realized I knew the owner of the system he was coming in from, a name most of you would recognize, so called him at home at like 2AM which was appreciated. ISTR that was the guy who was actually typing VMS commands to a unix shell which is why I wasn't all that concerned, other than the holes he'd used to get a shell prompt which is what I was trying to track down. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
participants (5)
-
bzs@theworld.com -
Johnny Eriksson -
McBride, Mack -
Owen DeLong -
Randy Bush