As I noted over the weekend, ICANN has instigated legal action against EPAG, an ICANN accredited registrar based in Germany that is part of the Tucows group. ICANN claims that the case is to "preserve WHOIS data", but Tucows asserts in their statement that the ICANN approach is flawed. It's not a frivolous statement, but one they've backed with fairly detailed rationale - and this is just their public statement and not a formal legal filing. more
For the past two years a diverse group of stakeholders from the ICANN community, including myself, has been working hard to come to a consensus on a set of recommendations related to development and implementation of an ICANN accreditation program for privacy & proxy service providers. The result of this effort will replace the interim specification defined in the 2013 Registrar Accreditation Agreement (RAA) that is due to expire at the end of 2016. more
Monika Ermert reporting in the IP Watch: "On the eve of the third internet-related Ministerial Meeting of the Organisation for Economic Development and Cooperation (OECD) starting tomorrow in Cancun, Mexico, the Global Commission on Internet Governance (GCIG) published a think report on 'One Internet.' Calling for a new 'social compact' for the internet, the 140-page report that was fed by 50 research studies has a number of well-known recommendations, some surprisingly technical and some interesting ones." more
One of the most striking and enduring dichotomies in the conceptualization of electronic communication networks is summed up in the phrase "the Internet as weapon." With each passing day, it seems that the strident divergence plays in the press -- the latest being Tim's lament about his "web" vision being somehow perverted. The irony is that the three challenges he identified would have been better met if he had instead pursued a career at the Little Theatre of Geneva and let SGML proceed to be implemented on OSI internets rather than refactoring it as HTML to run on DARPA internets. more
The AntiPhishing Working Group (APWG) in a letter to ICANN has expressed concern that the redaction of the WHOIS data as defined by GDPR for all domains is "over-prescriptive". more
The video-conferencing company Zoom is facing a class-action suit filed on Tuesday accusing it of overstating its privacy standards and failing to disclose that its service was not end-to-end encrypted. more
Domain Name Commission Limited ("DNCL"), New Zealand's overseer for the country's .NZ domain, has filed a lawsuit against the domain name service company DomainTools. more
Poker players say if you can't spot the fish within your first 15 minutes at the table, you're the fish. With that in mind, I'm tempted to ask ICANN President Fadi Chehade who's the fish in the high-stakes game of global Internet governance we're now playing. In 2013, ICANN dramatically changed its course in the global Internet governance debate. For a decade ICANN largely stayed out of the game, allowing stakeholders to defend the multi-stakeholder model where private sector and civil society are on equal footing with governments. But in 2013 ICANN went on the offensive... more
In a letter to ICANN, the chair of the European Data Protection Board (EDPB) makes it plain that even the organization's "interim" plan is fundamentally flawed, reports Kieren McCarthy in the Register. more
"ICANN could invoke emergency powers in its contracts to prevent Whois becoming 'fragmented' after EU privacy laws kick in next month," reports Kevin Murphy in Domain Incite. more
There's been a lot of media attention to a report that iPhones track your movements. It's even reached the U.S. Senate. I'm underwhelmed. I think that the threat is overhyped. What is happening is that these devices create a hidden file with your location... more
There is a lot of discussion about the Expedited Policy Development Process (EPDP) Phase 2 report on evaluating a System for Standardized Access/Disclosure (SSAD) to non-public gTLD registration data after the decisions taken by the GNSO Council on September 24th. Notably, the Business Constituency (BC) and the Intellectual Property Constituency (IPC) have voted against the adoption of the Final Report of the EPDP team. more
Spear phishing is the unholy love child of email spam and social engineering. It refers to when a message is specifically crafted, using either public or previously stolen information, to fool the recipient into believing that it's legitimate. This personalization is usually fairly general, like mentioning the recipient's employer (easily gleaned from their domain name.) Sometimes they address you by name. Much scarier is when they use more deeply personal information stolen from one of your contacts... more
Unlike most new IETF standards, DNS over HTTPS has been a magnet for controversy since the DoH working group was chartered on 2017. The proposed standard was intended to improve the performance of address resolutions while also improving their privacy and integrity, but it's unclear that it accomplishes these goals. On the performance front, testing indicates DoH is faster than one of the alternatives, DNS over TLS (DoT). more
A letter, signed by 51 CEOs, was sent to U.S. House and Senate and leaders of other committees today urging policymakers to pass a comprehensive national data privacy law. more