Domain Enforcement in a Post-GDPR World

The implementation of the General Data Protection Regulation (GDPR), and ICANN's conservative temporary policy, which favors privacy and limits registrar liability, has made domain enforcement against cybersquatters, cyber criminals and infringement more difficult, expensive and slow. With heightened concerns over privacy following high-profile breaches of consumer data and its subsequent illicit use and distribution, there is no question that consumer data protection practices would come under scrutiny. more

Let’s Have an Honest Conversation About Huawei

On May 29, I attended an AEI event on "International economics and securing next-generation 5G wireless networks," with Ambassador Robert Strayer, who heads the U.S. State Department's CIP team. But the focus of the talk was not really on 5G security, international trade or 5G development. In fact, there was no constructive agenda at all. The talk was an extended attack on China and the Chinese-based telecommunications vendor Huawei – another episode in an ongoing U.S. government campaign to shut Huawei and other Chinese firms out of the U.S. market, and to convince every other country in the world to do the same. more

Leading Domain Registries and Registrars Release Joint Document on Addressing ‘DNS Abuse’

A group of leading domain name registries and registrars have joined forces in the fight against abuse in the Domain Name System (DNS), by developing a "Framework to Address Abuse." Each contributing company has shared its expertise and experience mitigating abusive practices with the goal of submitting the resulting Framework as a foundational document for further discussion in the multistakeholder community.  more

Celebrating Twenty Years of the UDRP

The Uniform Domain Name Dispute Resolution Policy, commonly known as the UDRP, was first introduced on October 24, 1999, by the Internet Corporation for Assigned Names and Numbers (ICANN). The UDRP is incorporated by reference into Registration Agreements for all generic top-level domain names (gTLDs) and some country-code top-level domain names (ccTLDs). more

The Myth of 5G and Driverless Cars

A colleague sent me an article that had been published earlier this year in MachineDesign magazine that predicts that driverless cars can't be realized until we have a ubiquitous 5G network. When looking for the original article on the web I noticed numerous similar articles like this one in Forbes that have the same opinion. These articles and other similar articles predict that high-bandwidth, low-latency 5G networks are only a few years away. more

Kenya’s .KE Domain Registrations Nearing 100,000 Mark, but It Can Do Better – Here’s Why

Over the years, the Kenyan Network Information Center (KeNIC) has struggled to reach the 100,000 mark in .ke Kenya country code domain registrations. Many reasons have been given for this shortfall, among them pricing, competition from generic Top-Level Domains (gTLDs) like .com and .org, and also competition from Geographic domains like the new .africa. Also, not opening up the second level for registration has been cited as one of the reasons for the low number. more

RIP Don Blumenthal

It is with a heavy heart that we note the passing of a dear friend, colleague and member of the CAUCE board of directors, Don Blumenthal, on September 28, 2019, in Ann Arbor, Michigan. He was 67. Don was an anti-spammer for as long a there was an anti-spam community: he helped design, deploy and maintain the famous 'Spam Fridge,' the repository of junk email maintained by the Federal Trade Commission (FTC). more

Business Email Compromised (BEC) Scams Explode Under the GDPR Implementation

Business email compromised (BEC) attacks targeting American companies are exploding, with an increase of over 476% in incidents between Q4 2017 and Q4 2018. Up as well is email fraud with companies experiencing an increase of over 226%. These highly targeted attacks use social engineering to identify specific company employees, usually in the finance department and then convince these employees to wire large sums of money to third-party banking accounts owned by the attackers. more

Google Showing Signs of Increased Concerns Over Rising Data Privacy Scrutiny

Earlier this year, Google quietly terminated its "Mobile Network Insights" service, which provided wireless carriers globally, information on network performance in various locations. more

Domain Name System to Be Featured Prominently in Upcoming Review of EU Safe Harbor Rules

In July 2019, Netzpolitik and others leaked an internal document by DG Connect that outlines the European Commission's thoughts on an update of the E-Commerce Directive. Based on this document, it seems that the domain name system and its actors will be prominently addressed in the Ursula von der Leyen's Commission-cycle from 2019 to 2025. more

The Utility Formerly Known As WHOIS

Muscle memory is a funny thing. We don't even think about it really, but when we do the same thing over and over again, it just becomes second nature to us. This is how we've come to use WHOIS over the past two decades to get contact information for registered domain names. If you wanted to see who owned a domain, you'd simply do a WHOIS search. I've probably done hundreds of thousands of them during my time in the industry. Well as of this week, a major step in the retirement of WHOIS officially took place. more

What Is the Purpose of ICANN’s Comment Periods?

Almost every institution which purports to provide space for public accountability includes some sort of formalized process by which the public can have their say. And in almost every instance, they struggle with a tension between the desire to provide a commenting process which is meaningful and substantive (or, at least, which appears to be so), and a desire to adopt whatever course of action the institution thinks is best. more

Keeping a Free and Open Internet Starts at the Root

??Dynamics at the Internet's core erode stakeholder legitimacy and aid Sino-Russian efforts for multilateral control. ???At the beginning of what became a prolonged process for privatization, the U.S. Government established a framework of fundamental guiding principles for governance of the Internet's root. These principles were designed to work to preserve a free and open nature for a global network that was to be elastic, extensible, and – at more than two decades – enduring. more

DNS-over-HTTPS: Privacy and Security Concerns

The design of DNS included an important architectural decision: the transport protocol used is user datagram protocol (UDP). Unlike transmission control protocol (TCP), UDP is connectionless, stateless, and lightweight. In contrast, TCP needs to establish connections between end systems and guarantees packet ordering and delivery. DNS handles the packet delivery reliability aspect internally and avoids all of the overhead of TCP. There are two problems this introduces. more

Not So Private Thoughts at IETF 105

At IETF 105, held in Montreal at the end of July, the Technical Plenary part of the meeting had two speakers on the topic of privacy in today's Internet, Associate Professor Arvind Narayanan of Princeton University and Professor Stephen Bellovin of Colombia University. They were both quite disturbing talks in their distinct ways, and I'd like to share my impressions of these two presentations and then consider what privacy means for me in today's Internet. more