The need for an access model for non-public Whois data has been apparent since GDPR became a major issue before the community well over a year ago. Now is the time to address it seriously, and not with half measures. We urgently need a temporary model for access to non-public Whois data for legitimate uses, while the community undertakes longer-term policy development efforts. more
German courts seem to be pretty fast, so instead of having to wait weeks or months to see how they'd rule, we've already got the answer. The German court in Bonn has ruled that EPAG (Tucows) is not obliged to collect extra contacts beyond the domain name registrant. The decision, naturally, is in German, but there is a translation into English that we can use to understand how the court arrived at this decision. more
Germany-based ICANN-accredited registrar EPAG owned by Tucows has informed ICANN that it plans to stop collecting Whois contact information from its customers as it violates the GDPR rules. more
Today is Holocaust Remembrance Day. Today we remember that the Nazis rounded up Jews, Roma, political dissidents, and other "undesirables" using the best data and technology of the day and sent them off to concentration camps. We don't normally deal with this type of political reality in ICANN, but now is the time to do so. In 1995, the recently formed European Union passed the EU Data Protection Directive. more
Today's Senate hearing with Facebook's Mark Zuckerberg will start a long discussion on data collection and privacy from Internet companies. Although the spotlight is currently on Facebook, we shouldn't forget that the picture is broader: companies from device manufacturers to ISPs collect network traffic and use it for a variety of purposes. more
The European Commission recently released technical input on ICANN's proposed GDPR-compliant WHOIS models that underscores the GDPR's "Accuracy" principle - making clear that reasonable steps should be taken to ensure the accuracy of any personal data obtained for WHOIS databases and that ICANN should be sure to incorporate this requirement in whatever model it adopts. Contracted parties concerned with GDPR compliance should take note. more
There is an urgent need to clarify the GDPR's territorial scope. Of the many changes the GDPR will usher in this May, the expansion of EU privacy law's territorial scope is one of the most important. The GDPR provides for broad application of its provisions both within the EU and globally. But the fact that the GDPR has a broad territorial scope does not mean that every company, or all data processing activities, are subject to it. more
In his book "The Darkening Web: The War for Cyberspace" (Penguin Books, New York 2017), Alexander Klimburg, an Austrian-American academic, gives "Internet Dreamers" a "Wake Up Call". He tells us the background-story why people start to be "anxious about the future of the Internet", as the recent ISOC Global Internet Report "Paths to Our Digital Future" has recognized. Klimburg refers to Alphabets CEO Erich Schmidt, who once said that "the Internet is the first thing that humanity has built that humanity does not understand". more
What happens when you open an email and allow it to display embedded images and pixels? You may expect the sender to learn that you've read the email, and which device you used to read it. But in a new paper we find that privacy risks of email tracking extend far beyond senders knowing when emails are viewed. Opening an email can trigger requests to tens of third parties, and many of these requests contain your email address. more
I'm excited! Not because of the 30 hours that it will take me to get to Johannesburg, but because this ICANN meeting will be the second time we've put the Meeting B Policy Forum to the test. If the second time is a charm then hopefully we'll have cemented the Policy Forum into the ICANN meeting structure, and we can start a conversation about having two Policy Forums each year and one AGM meeting. more
Human rights are a topic that came up several times at the IETF meeting that just ended. There's a Human Rights Research Group that had a session with a bunch of short presentations, and the featured two talks at the plenary asking, 'Can Internet Protocols Affect Human Rights?' The second one, by David Clark of MIT, was particularly good, talking about "tussle" and how one has to design for it or else people will work around you. more
Time to brush the dust off your Computer II notebooks. Are voicemail, electronic fax, and call forwarding enhanced services or telecom services? Today's case: FTC v. American eVoice, Ltd... The FTC brought an action against Defendants claiming that they were engaged in cramming, adding unwanted voicemail, electronic fax, and call forwarding services to consumers bills to the tune of $70 million. more
Two events, which made headlines in the digital world in 2016, will probably frame the Internet Governance Agenda for 2017. October 1, 2016, the US government confirmed the IANA Stewardship transition to the global multistakeholder community. November 2, 2016, the Chinese government announced the adoption of a new cybersecurity law which will enter into force on July 1, 2017. more
Last month the FCC released a Notice of Proposed Rulemaking (NPRM) on Customer Proprietary Network Information (CPNI), the information telcos collect about consumers' phone calls. The Commission's proposed rules would adapt and apply privacy rules that have historically applied to the traditional telephone space to broadband carriers. It would also regulate how broadband providers use and share that data. more
What appears to be a leaked copy of the Burr-Feinstein on encryption back doors. Crypto issues aside -- I and my co-authors have written on those before -- this bill has many other disturbing features. (Note: I've heard a rumor that this is an old version. If so, I'll update this post as necessary when something is actually introduced.) One of the more amazing oddities is that the bill's definition of "communications" (page 6, line 10) includes "oral communication", as defined in 18 USC 2510. more
A World-Renowned Source for Internet Developments. Serving Since 2002.