Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
In the digital age, personal data protection has become paramount, with regulations like the General Data Protection Regulation (GDPR) shaping global practices. One area significantly affected is the public availability of WHOIS data, a critical resource in the domain name system. WHOIS traditionally provided detailed contact information for domain registrants, but privacy measures have redacted much of this data in recent years. more
The European Union (EU) has set a high bar by tackling domain name system (DNS) abuse head on via government regulation and seems to have successfully resisted attempts to water down DNS stewardship obligations. Recent guidance from a key European Commission cooperation group (the NIS Cooperation Group) handling sections of the Network and Information Security Directive (NIS2) intends for a robust implementation of Article 28, which will go a long way toward helping to mitigate some of the longstanding problems that persist in the DNS. more
The NIS Cooperation Group has released critical guidance for the implementation of Article 28 under the NIS 2 Directive, focusing on registration data accuracy obligations for top-level domain (TLD) registries, registrars, and related services in the EU. more
ICANN must act now to harmonize its domain name registration data (commonly known as WHOIS) policies with Article 28 of the European Union's Network and Information Security (NIS2) directive, first to adhere to applicable laws as it fulfills its oversight responsibilities and, second, to keep its word to the community to preserve WHOIS to the fullest extent possible under law. more
On June 9 CircleID published an insightful article by Thomas Rickert entitled "Demystifying Art 28 NIS2." In that piece Thomas set forth two alternative interpretations of Article 28(6) of NIS2, and argued that TLD registries should not be required to maintain a separate database of the registrant data under NIS2. In my view, Thomas' approach is inconsistent with the remainder of Article 28, and would not achieve the goals of NIS2 to improve cybersecurity across the EU member states. more
ICANN has introduced the Registration Data Request Service (RDRS), offering a standardized way to request access to nonpublic data for generic top-level domains (gTLDs). more
While threat actors can use any domain across thousands of top-level domains (TLDs), they often have favorites. For instance, you may be familiar with Spamhaus's 10 most-abused TLDs for spamming. WhoisXML API researchers recently built on this list by analyzing 40,000 newly registered domains (NRDs) that sported some of the listed unreputable TLDs. We called this study "DNS Abuse Trends: Dissecting the Domains Under the Most-Abused TLDs." more
Late last year, the U.S. Federal Trade Commission - the governmental arm responsible for protecting Americans from unfair trade practices -- opened a comment period on a proposed "Trade Regulation Rule on Impersonation of Governments and Businesses." It's no surprise that those who are victims of or are battling online impersonation saw this as an opportunity to highlight the importance of a working domain name registration data system ("WHOIS") ... more
The recent adoption at the end of December of the new EU Directive for a high level of cybersecurity across the Union -- commonly referred to as "NIS2" - paved the way for important updates to the domain name system (DNS). Most significantly, Article 28 of NIS2 and its related recitals resolved any ambiguities about the public interest served by a robust and objectively accurate WHOIS system that permits legitimate access by third parties to data... more
WHOIS is about to become even harder to find. ICANN has recently concluded long-delayed contract negotiations with industry meant to accommodate the technical migration from the WHOIS protocol to the Registration Data Access Protocol (RDAP). Instead of limiting the changes to what's necessary to implement the new technical protocol, the proposals effectively gut WHOIS, making it virtually impossible to find by eliminating web-based WHOIS access... more
Recently ten Democratic Members of Congress wrote a letter to Alan Davidson, head of the NTIA, requesting that the "NTIA immediately cease the public disclosure of personal information about users of .US" country code top-level domain (ccTLD). This communication highlights a significant concern regarding domain registration data: the need to protect the privacy rights of Registrants. However, an equally significant concern regarding registration data was raised... more
After years of work on a proposed standardized system of WHOIS data disclosures (referred to as SSAD), and over a year of operational assessment of the proposal by ICANN itself, the ICANN Board seems poised to reject the proposal. And rightly so. The proposed SSAD is entirely watered down, fractured, and affords no oversight powers to ICANN regarding disclosure decisions that would continue to be left to the complete discretion of individual registrars (the very parties ICANN oversees). more
We're halfway into ICANN71, and early interactions are posing questions about ICANN Org's capability to carry out its mission to maintain an orderly domain name system (DNS). Or, if that's not the case, ICANN leadership seems bent on a hands-off approach to its oversight responsibilities to the DNS. For years now - years - the ICANN community has raised the volume level about acute issues -- a workable Whois management and access system (including clearly delineated controllership)... more
Subdomains help organizations sort different sections of their websites neatly. Looking at the subdomains of some websites, for example, we usually see subdomains like shop[.]domain[.]com and blog[.]domain[.]com, which help users navigate the sites efficiently. But we couldn't help but notice subdomains that might be revealing a lot about a company's Internet infrastructure and resources. more
Someone recently observed that many stakeholders have fallen victim to a "chilling effect" resulting from fear of retaliation by the rich and powerful bullies currently infecting the multistakeholder community, ICANN, and Internet governance. I related to what I was hearing because I've been personally targeted and libelously attacked and it is deeply dismaying enough having to worry about threats to revenue and reputation along with other harmful effects of such thuggery. more
A World-Renowned Source for Internet Developments. Serving Since 2002.