The recent adoption at the end of December of the new EU Directive for a high level of cybersecurity across the Union -- commonly referred to as "NIS2" - paved the way for important updates to the domain name system (DNS). Most significantly, Article 28 of NIS2 and its related recitals resolved any ambiguities about the public interest served by a robust and objectively accurate WHOIS system that permits legitimate access by third parties to data... more
I'd like to reflect on a presentation by Dr. Paul Vixie at the October 2022 meeting of the North American Network Operators Group (NANOG) on the topic of the shift to pervasive encryption of application transactions on the Internet today. There is a view out there that any useful public communications medium needs to safeguard the privacy and integrity of the communications that it carries. more
The debate around encryption has become a hot topic in a world where communications are increasingly becoming digital. The modern encryption debate is a complex and nuanced issue, with many players from different backgrounds trying to influence the conversation. The question of balancing the need for national security with the right to privacy has been a matter of public debate for years. Only recently has the issue been framed in terms of encryption, but the discussion is certainly not new. more
Recently ten Democratic Members of Congress wrote a letter to Alan Davidson, head of the NTIA, requesting that the "NTIA immediately cease the public disclosure of personal information about users of .US" country code top-level domain (ccTLD). This communication highlights a significant concern regarding domain registration data: the need to protect the privacy rights of Registrants. However, an equally significant concern regarding registration data was raised... more
At his farewell speech in August outgoing, Telstra CEO Andy Penn mentioned that the cyber threat has never been as serious as the present. He mentioned the deteriorating geopolitical situation and the big shift in how criminals operate in the cyber domain. One thing is for sure is that in order to enjoy all the positives resulting from the digital economy, we need to be far more vigilant about the barrage of information that we are receiving and/or have access to. more
In 2020, the ICANN Generic Name Supporting Organization (GNSO) Council approved a plan to revamp the WHOIS system as per the recommendations given by the ICANN Expedited Policy Development Process (EPDP). This plan directed ICANN to develop a centralized System for Standardized Access/Disclosure (SSAD) for WHOIS records. After much debate regarding the suitability and cost of such a system, ICANN brought together a group... more
Ask ten people what privacy is, and you'll likely get twelve different answers. The reason for the disparity is that your feelings about privacy depend on context and your experience. Privacy is not a purely technical issue but a human one. Long before computers existed, people cared about and debated privacy. Future U.S. Supreme Court Justice Louis Brandeis defined it as "the right to be left alone" in 1890. Before the Web became a ubiquitous phenomenon, people primarily thought of privacy in terms of government intrusion. more
The UK government launched its 2022 Cyber Security Strategy on 15 December 2021, outlining its ambitious plans to improve the resilience of UK institutions and businesses while protecting the country's interests in cyberspace. The strategy signals a more involved approach by the government, which previously relied heavily on the private sector for leadership. The government's stated commitment to a 'whole of society' approach sounds really good on paper, but what exactly does it really mean? more
Avivah Litan, the storied Gartner analyst, laid it down succinctly for insiders in her blog two and one-half years ago. She said, "Web 3.0 will transform us from Web 2.0's monetization via surveillance capitalism and advertising to monetization built directly into the protocol that is equally available to any connected user." Translated, that means we'll control our destiny by owning and managing our credentials for logging into systems, content, financial resources, and, importantly, our data. And, we are told, blockchain technology will enable all that. more
As a designated committee of experts prepares to draft a new treaty to combat the use of information and communications technologies in cybercrime at the UN in January 2022, it is paramount that other stakeholders oversee these discussions to avoid violating human rights on the Internet. This initiative was kickstarted by a 2019 resolution led by Russia and endorsed by other countries considered by many to behavior controversially on cybersecurity matters, such as China, Venezuela, Cambodia, North Korea, and others. more
As today is the Global Encryption Day, I decided to make my first post here on this topic. About two months ago, Apple caused a controversy by announcing the adoption of a measure to combat the spread of Child Sexual Abuse Materials (CSAM). The controversy was so huge that, a month after its announcement, Apple decided to postpone its plans for the new features to have more time to gather information from the various stakeholders and implement improvements before releasing the measures originally announced. more
Anyone who works in privacy is familiar with the term "data shadow": the digital record created by our transactions, our travels, our online activities. But where did the phrase come from? Who used it first? A number of authors have attributed it to Alan Westin, whose seminal book Privacy and Freedom (largely a report on the work of the Committee on Science and Law of the Association of the Bar of the City of New York) set the stage for most modern discussions of privacy. more
It has been just over 3 years since the General Data Protection Regulation (GDPR) came into effect, and the work within ICANN (type "EPDP 2a" into your acronym decoder ring) to develop a permanent Registration Data policy is progressing at a snail's pace. At issue is a proposed mandatory requirement for Contracted Parties (really just Registrars), to differentiate between "legal persons" (a fancy way of saying corporations and similar organizations) and "natural persons" (the kind that eat and breathe and schedule Zoom calls). more
CSC recently participated in an open discussion at the World Trademark Review's APAC WTR Connect, where we moderated a discussion with brand owners, Western Digital and PVH, and platform owner, Alibaba, on the topic: "Making the Platform Relationship Win-Win." How do brands define what a platform is? For the brand owners, a platform could be any distribution service of their products -- be it a traditional eCommerce marketplace like Alibaba or Amazon.com -- or other digital service enablers... more
For many years the consuming topic in DNS circles was that of the names themselves. If you wind the clock back twenty years or so, you will find much discussion about the nature of the Internet's namespace. Why were there both generic top-level labels and two-letter country codes? If we were going to persist with these extra-territorial generic country codes in the namespace, then how many should there be? Who could or should manage them? And so on. more
Supreme Court Declines to Hear Wikimedia Foundation’s Challenge to NSA Surveillance
U.N. Cybercrime Convention Enters Critical Stage
Zoom Faces Class-Action Lawsuit, Accused of Overstating Its Privacy Standards
China’s App Allows “Superuser” Access to Entire Data of Over 100 Million Android-Based Phones
51 CEOs Call on US Congress for Urgent Nationwide Data Privacy Law Overriding State-Level Laws
Microsoft Sees Serious Appetite for Revised Privacy Laws in US, Says It’s Time to Match EU’s GDPRA World-Renowned Source for Internet Developments. Serving Since 2002.