"Domain name sellers rub ICANN's face in sticky mess of Europe's GDPR," Kieren McCarthy reporting in The Register. more
ICANN has released temporary specifications for gTLD registration data in order to establish temporary requirements needed for the organization and gTLD registry operators to continue to comply with existing ICANN contractual requirements and community-developed policies. more
Today is Holocaust Remembrance Day. Today we remember that the Nazis rounded up Jews, Roma, political dissidents, and other "undesirables" using the best data and technology of the day and sent them off to concentration camps. We don't normally deal with this type of political reality in ICANN, but now is the time to do so. In 1995, the recently formed European Union passed the EU Data Protection Directive. more
The European Commission recently released technical input on ICANN's proposed GDPR-compliant WHOIS models that underscores the GDPR's "Accuracy" principle - making clear that reasonable steps should be taken to ensure the accuracy of any personal data obtained for WHOIS databases and that ICANN should be sure to incorporate this requirement in whatever model it adopts. Contracted parties concerned with GDPR compliance should take note. more
There is an urgent need to clarify the GDPR's territorial scope. Of the many changes the GDPR will usher in this May, the expansion of EU privacy law's territorial scope is one of the most important. The GDPR provides for broad application of its provisions both within the EU and globally. But the fact that the GDPR has a broad territorial scope does not mean that every company, or all data processing activities, are subject to it. more
The information in WHOIS database is very important to Law Enforcement Agencies, Intellectual Property Owners, and all Internet Users in general, who use this data to locate/contact domain name owners for various purposes including but not limited to enforcing laws or addressing grievances related to cybercrime and other cases of DNS abuse like Spam, Phishing, Malware etc. However, Privacy and Proxy Services are also available for many Top Level Domain Registries... more
It has been my distinct pleasure to serve on ICANN's Expert Working Group on gTLD Directory Services (EWG). We put in many long months and what seemed like countless hours of research, discussion, meetings, and deliberations on how to tackle a clean-slate approach to gTLD directory services, popularly known as "WHOIS". In our Final Report, the Expert Working Group (EWG) recommended a Registration Directory Service (RDS) to replace today's WHOIS, providing a next-generation system to better meet the needs of the evolving global Internet with greater accuracy, privacy, and accountability. more
ICANN has opened the Generic Names Supporting Organization (GNSO) Whois study on privacy/proxy abuse for public comment. Performed by the National Physical Laboratory (NPL), this study is one of many commissioned by the GNSO to examine the current, disparate, and often maligned registration directory service, and aims to measure the hypothesis that "a significant percentage of the domain names used to conduct illegal or harmful Internet activities are registered via privacy and proxy services to obscure the perpetrator's identity." more
It's safe to say that with just a week to go before ICANN intended to sign the first contract for a new gTLD, the last thing anyone wanted was a 12-page document from the world's governments with 16 new "safeguards", six of which it wants to see applied to every new extension. But what the industry shouldn't overlook, especially in the face of the expected critical responses this week and next, is that the Governmental Advisory Committee's (GAC's) formal advice from the ICANN Beijing meeting represents an opportunity for the domain name industry to lock-in self-regulation at a critical point in its evolution. more
There are two Bills that are floating through the corridors of power on the Hill that could potentially change the course of civil and political rights within the United States and the world. One was introduced through the House of Representatives and the other through the Senate. The two Bills touch on a common thread that are premised on "national security" however there are interesting challenges that will surface should the Bills be passed that affect global public interest that require further examination, introspection and discussion. more
It is just another phishing case. Why should I care? I happened to receive my own copy of the phishing email message. Most Internet users will just smile bitterly before deleting it. I checked it to see why it had gone through the spam filters. It had no URL in the text but a reply-to address. So it needed a valid domain name, and had one: postfinances.com. PostFinance (without trailing "s") is the payment system of the Swiss Post. It has millions of users. more
In response to a letter from ICANN's Noncommercial Users Constituency (NCUC) to data protection authorities concerning overreaching requests of law enforcement agencies in ICANN's ongoing Registrar Accreditation Agreement negotiations, the Article 29 Data Protection Working Party has written the ICANN Board. more
Declan McCullagh recently opined that the "FBI [and the] DEA warn [that] IPv6 could shield criminals from police." His post was picked-up relatively widely in the past few days, with the headlines adding more hyperbole along the way. So just how real is this threat? Let's take a look. more
No, that title is not a typo. The WHOIS service and the underlying protocol are a relic of another Internet age and need to be replaced. At the recent ICANN 43 conference in Costa Rica, WHOIS was on just about every meeting agenda because of two reasons. First, the Security and Stability Advisory Committee put out SAC 051 which called for a replacement WHOIS protocol and at ICANN 43, there was a panel discussion on such a replacement. The second reason was the draft report from the WHOIS Policy Review Team. more
American Registry for Internet Numbers (ARIN) is running a trial service that gives users access to historical IP whois data – that is, it will tell you who was responsible for an IP address or block of IPs. The service is not automated and if you want to access it you will need to submit a request via email with information about not only what you want to know, but why you are interested in accessing the information. more