Privacy

Blogs

NIS2, ICANN and “Thick” WHOIS: A Mandate to Move Forward

The recent adoption at the end of December of the new EU Directive for a high level of cybersecurity across the Union -- commonly referred to as "NIS2" - paved the way for important updates to the domain name system (DNS). Most significantly, Article 28 of NIS2 and its related recitals resolved any ambiguities about the public interest served by a robust and objectively accurate WHOIS system that permits legitimate access by third parties to data... more

Going Dark: How the Increasingly Dark Network Is Creating Some Pretty Ugly Choices for Site Security Administrators

I'd like to reflect on a presentation by Dr. Paul Vixie at the October 2022 meeting of the North American Network Operators Group (NANOG) on the topic of the shift to pervasive encryption of application transactions on the Internet today. There is a view out there that any useful public communications medium needs to safeguard the privacy and integrity of the communications that it carries.  more

The Modern Encryption Debate: What’s at Stake?

The debate around encryption has become a hot topic in a world where communications are increasingly becoming digital. The modern encryption debate is a complex and nuanced issue, with many players from different backgrounds trying to influence the conversation. The question of balancing the need for national security with the right to privacy has been a matter of public debate for years. Only recently has the issue been framed in terms of encryption, but the discussion is certainly not new. more

Solving the .US Registrant Data Directory Services (RDDS) Conundrum

Recently ten Democratic Members of Congress wrote a letter to Alan Davidson, head of the NTIA, requesting that the "NTIA immediately cease the public disclosure of personal information about users of .US" country code top-level domain (ccTLD). This communication highlights a significant concern regarding domain registration data: the need to protect the privacy rights of Registrants. However, an equally significant concern regarding registration data was raised... more

Cyberhygiene Requires Critical Thinking

At his farewell speech in August outgoing, Telstra CEO Andy Penn mentioned that the cyber threat has never been as serious as the present. He mentioned the deteriorating geopolitical situation and the big shift in how criminals operate in the cyber domain. One thing is for sure is that in order to enjoy all the positives resulting from the digital economy, we need to be far more vigilant about the barrage of information that we are receiving and/or have access to. more

WHOIS Disclosure Questions

In 2020, the ICANN Generic Name Supporting Organization (GNSO) Council approved a plan to revamp the WHOIS system as per the recommendations given by the ICANN Expedited Policy Development Process (EPDP). This plan directed ICANN to develop a centralized System for Standardized Access/Disclosure (SSAD) for WHOIS records. After much debate regarding the suitability and cost of such a system, ICANN brought together a group... more

What Is Privacy?

Ask ten people what privacy is, and you'll likely get twelve different answers. The reason for the disparity is that your feelings about privacy depend on context and your experience. Privacy is not a purely technical issue but a human one. Long before computers existed, people cared about and debated privacy. Future U.S. Supreme Court Justice Louis Brandeis defined it as "the right to be left alone" in 1890. Before the Web became a ubiquitous phenomenon, people primarily thought of privacy in terms of government intrusion. more

Dissecting the 2022 UK Cyber Security Strategy: The ‘Whole of Society’ Approach

The UK government launched its 2022 Cyber Security Strategy on 15 December 2021, outlining its ambitious plans to improve the resilience of UK institutions and businesses while protecting the country's interests in cyberspace. The strategy signals a more involved approach by the government, which previously relied heavily on the private sector for leadership. The government's stated commitment to a 'whole of society' approach sounds really good on paper, but what exactly does it really mean? more

Web3 - What Brand Protection Pros Need to Know

Avivah Litan, the storied Gartner analyst, laid it down succinctly for insiders in her blog two and one-half years ago. She said, "Web 3.0 will transform us from Web 2.0's monetization via surveillance capitalism and advertising to monetization built directly into the protocol that is equally available to any connected user." Translated, that means we'll control our destiny by owning and managing our credentials for logging into systems, content, financial resources, and, importantly, our data. And, we are told, blockchain technology will enable all that. more

We Must Keep Track of How Countries Will Confront Cybercrime in a New UN Convention

As a designated committee of experts prepares to draft a new treaty to combat the use of information and communications technologies in cybercrime at the UN in January 2022, it is paramount that other stakeholders oversee these discussions to avoid violating human rights on the Internet. This initiative was kickstarted by a 2019 resolution led by Russia and endorsed by other countries considered by many to behavior controversially on cybersecurity matters, such as China, Venezuela, Cambodia, North Korea, and others. more

Why Is the Client-Side Scanning a Concern for Encryption?

As today is the Global Encryption Day, I decided to make my first post here on this topic. About two months ago, Apple caused a controversy by announcing the adoption of a measure to combat the spread of Child Sexual Abuse Materials (CSAM). The controversy was so huge that, a month after its announcement, Apple decided to postpone its plans for the new features to have more time to gather information from the various stakeholders and implement improvements before releasing the measures originally announced. more

Where Did “Data Shadow” Come From?

Anyone who works in privacy is familiar with the term "data shadow": the digital record created by our transactions, our travels, our online activities. But where did the phrase come from? Who used it first? A number of authors have attributed it to Alan Westin, whose seminal book Privacy and Freedom (largely a report on the work of the Committee on Science and Law of the Association of the Bar of the City of New York) set the stage for most modern discussions of privacy.  more

Privacy, Legal vs. Natural Persons, and the Never-Ending ICANN EPDP

It has been just over 3 years since the General Data Protection Regulation (GDPR) came into effect, and the work within ICANN (type "EPDP 2a" into your acronym decoder ring) to develop a permanent Registration Data policy is progressing at a snail's pace. At issue is a proposed mandatory requirement for Contracted Parties (really just Registrars), to differentiate between "legal persons" (a fancy way of saying corporations and similar organizations) and "natural persons" (the kind that eat and breathe and schedule Zoom calls). more

Making the Platform Relationship Win-Win

CSC recently participated in an open discussion at the World Trademark Review's APAC WTR Connect, where we moderated a discussion with brand owners, Western Digital and PVH, and platform owner, Alibaba, on the topic: "Making the Platform Relationship Win-Win." How do brands define what a platform is? For the brand owners, a platform could be any distribution service of their products -- be it a traditional eCommerce marketplace like Alibaba or Amazon.com -- or other digital service enablers... more

Notes from the DNS Privacy Workshop at NDSS 2021

For many years the consuming topic in DNS circles was that of the names themselves. If you wind the clock back twenty years or so, you will find much discussion about the nature of the Internet's namespace. Why were there both generic top-level labels and two-letter country codes? If we were going to persist with these extra-territorial generic country codes in the namespace, then how many should there be? Who could or should manage them? And so on. more

News Briefs

Supreme Court Declines to Hear Wikimedia Foundation’s Challenge to NSA Surveillance

European Union Wants to Fix the GDPR

U.N. Cybercrime Convention Enters Critical Stage

CENTR Publishes Comment on the European Commission’s DNS Abuse Study

A New Privacy-Focused DNS Protocol Released Called Oblivious

U.S. Military Is Buying Location Data of People Around the World Through Ordinary Apps

Trump Admin Ramping Up Attacks on GDPR – Says It Helps Cybercrime, Threatens Public Health

Zoom Faces Class-Action Lawsuit, Accused of Overstating Its Privacy Standards

Israel’s Entire Voter Registry Exposed, the Massive Data Leak Involves 6.5 Million Voters

Coronavirus Exposes China’s Deep Surveillance State

EFF: For ISPs to Retain Power to Censor the Internet, DNS Needs to Remain Leaky

China’s App Allows “Superuser” Access to Entire Data of Over 100 Million Android-Based Phones

The U.S. House Judiciary Committee Is Investigating Google’s Plans to Implement DNS Over HTTPS

51 CEOs Call on US Congress for Urgent Nationwide Data Privacy Law Overriding State-Level Laws

Google Showing Signs of Increased Concerns Over Rising Data Privacy Scrutiny

New Zealand’s Domain Name Commission Wins Appeal in Lawsuit Against US DomainTools

EU Court of Justice Ruling Could Result in Cutting Off Data Flows to US

Majority of Popular Mobile-Only VPNs Are Run by Chinese Nationals or Located in China

Microsoft Sees Serious Appetite for Revised Privacy Laws in US, Says It’s Time to Match EU’s GDPR

NGOs, Academics Warn Against EU’s Deep Packet Inspection Problem, at Least 186 ISPs Breaking Rules

Most Viewed

Most Commented

Conflict of Opinion

DPI is Not a Four-Letter Word!

Hunting Unicorns: Myths and Realities of the Net Neutrality Debate

Whither DNS?

The Anti-Phishing Consumer Protection Act of 2008

Industry Updates

Participants – Random Selection