We've seen alarmingly BIG increases in multiple abusive behaviors – like phishing, hacking and malware – that often leverage the domain name system (DNS) and privacy/proxy services. Cybercriminals capitalize on gaps in DNS security measures, and ICANN is holding the door open for them by failing to implement their privacy/proxy policy. If you are ever targeted, you are not alone. more
The IETF WEIRDS working group is defining a follow-on to WHOIS. Since this is the IETF, it's working on the technical issues about which it can deal with, not policy which is up to ICANN and the country registries. Somewhat to my surprise, the group is making steady progress. We've agreed that the basic model is RESTful, with queries via http, and responses as JSON data structures. The protocol is named RDAP for Registration Data Access Protocol, or maybe RESTful Data Access protocol. more
Well amazingly, it's that time again. Next week, individuals from around the world with a keen interest in Internet policy will head to Panama City, Panama for the second ICANN meeting of the year. As always, Brandsight will be attending to follow all of the important policy work being carried out by the community. Before I head off to the meeting (which based on my research will actually be my 32nd ICANN meeting!), I'd like to share a preview of the major topics slated for discussion. more
Privacy issues have been important to parts of the ICANN community for many years. I can attest to that fact as a long time veteran of Whois debates as far back as 1998 when I was with the U.S. Federal Trade Commission. However, they have started to receive the general ICANN community visibility only relatively recently. These efforts must continue in order to protect rights, to avoid increasing potential conflicts between ICANN rules and applicable laws, and to generally maintain trust in the Internet as a place to be. more
A recent exchange on CircleID highlighted a critical need for data to inform the debate on the impact of ICANN's post-GDPR WHOIS policy that resulted in the redaction of domain name registrant contact data. A bit of background: in my original post, I made the point that domain name abuse had increased post-GDPR. A reader who works with a registrar (according to his bio) commented: "Can you back up that statement with data? Our abuse desk has actually seen a reduction in abuse complaints." more
The ICANN 64 meeting in Kobe concluded two weeks ago, and we are no closer to accessing WHOIS data critical for law enforcement, cybersecurity threat investigators, intellectual property owners, or other consumer protection advocates who rely on the data to act quickly against online abuse in the domain name system. Instead of a balanced approach to WHOIS that serves the public interest, the ICANN Board is set to approve a new global policy that fails to even fully acknowledge critical... more
As you may know, ICANN holds three public meetings every year. The most recent one, ICANN 54, was held in Dublin... So the next ICANN meeting is being held in Marrakech, Morocco starting Saturday, March 5th through March the 10th. Up until now all three meetings were the same length and had the same basic structure. However, from this year onwards, that'll change. How that will play out in reality, however, is anyone's best guess. more
As widely reported, and not surprising, the internet is swimming in COVID-19 online scams. Criminals, accustomed to rapidly grabbing online territory during times of crisis and profiting from public fear, are working overtime in the face of the coronavirus. Unfortunately, ICANN's failure to enforce its minimal WHOIS and DNS abuse requirements has resulted in delayed mitigation efforts at a time when swift responses are needed to protect the public from COVID-19 scams. more
A major concern about the present WHOIS is the level of data inaccuracy. The Expert Working Group (EWG) on Registration Directory Service (RDS), of which I had the pleasure of being a member, spent considerable time figuring out how to improve WHOIS data accuracy. The EWG in its final report proposed a new system, the RDS, which we believe will significantly address the flaws in the current WHOIS, including the data inaccuracy challenge. more
GDPR. It's the four-letter "word" everyone is talking about, and there are lots of questions still swirling around the topic. We wanted to provide a summary of where we are and what we believe the next ten days will bring... GDPR enforcement will begin May 25, 2018. After this date, those found in violation of the regulation can be fined up to 4% of annual global turnover or 20 Million Euros, whichever is greater. more
Recently ten Democratic Members of Congress wrote a letter to Alan Davidson, head of the NTIA, requesting that the "NTIA immediately cease the public disclosure of personal information about users of .US" country code top-level domain (ccTLD). This communication highlights a significant concern regarding domain registration data: the need to protect the privacy rights of Registrants. However, an equally significant concern regarding registration data was raised... more
As a longtime member of ICANN's Intellectual Property Constituency (IPC), I'm impressed by the important work that this group does on behalf of trademark owners worldwide (as I've written before). While some die-hard IPC members spend countless (and, often, thankless) hours working virtually and in-person (at ICANN's global meetings) for the constituency, I find it very educational and worthwhile to participate on an ad-hoc basis. more
There is an ongoing disagreement among various members and groups in the ICANN community regarding automation -- namely, whether and to what extent automation can be used to disclose registrant data in response to legitimate data disclosure requests. A major contributing factor to the complications around automation has been confusion about how to interpret and apply Article 22 of the GDPR. more
ICANN has once again acceded to the wants of contracted parties and is at risk of abdicating its duty to act in the global public interest when it comes to WHOIS policy. Its inability or unwillingness to date to reign in bad WHOIS policy, driven by contracted party interests, flies in the face of its previously-expressed policy goal “to ensure the continued availability of WHOIS to the greatest extent possible while maintaining the security and stability of the Internet’s system of unique identifiers.” more
Benjamin Franklin once said, "By failing to prepare, you are preparing to fail." As we consider how Internet domain and address registration data is managed and accessed in a post-WHOIS era, and given the long history of failure in addressing the shortcomings of WHOIS, it is extremely important to start preparing now for the eventual replacement of WHOIS. This is the fundamental purpose of the next Registration Operations Workshop (ROW) that is scheduled for Sunday, July 19, 2015, in Prague, Czech Republic. more
A World-Renowned Source for Internet Developments. Serving Since 2002.