Privacy

Blogs

KSK Rollover, Elliptical Curve Vulnerabilities, Surveillance and Privacy. Are We Building Trust?

ICANN just recently performed a Root Zone DNS Security Extensions (DNSSEC) Key Signing Key (KSK) Rollover. The recent KSK Rollover that took place on the 11th October 2018. The KSK Rollover has been successful and congratulations are in order. The Root Zone DNSSEC Key Signing Key "KSK" is the top most cryptographic key in the DNSSEC hierarchy. The KSK is a cryptographic public-private key pair. more

ICANN's ePDP - An Insider's Perspective

Amazingly enough, summer is rapidly ending as kids head back to school, the temperatures in the mornings are just slightly cooler, and soon enough jeans and sweatshirts will be upon us. It also means that the important work on ICANN's temporary specification regarding WHOIS relative to GDPR has already aged a few months. The ICANN Board adopted the temporary specification in May 2018 and it became effective on the 25th of the month. more

Why Foldering Adds Very Little Security

I keep hearing stories of people using "foldering" for covert communications. Foldering is the process of composing a message for another party, but instead of sending it as an email, you leave it in the Drafts folder. The other party then logs in to the same email account and reads the message; they can then reply via the same technique. Foldering has been used for a long time, most famously by then-CIA director David Petraeus and his biographer/lover Paula Broadwell. Why is foldering used? more

Traceability

At a recent workshop on cybersecurity at Ditchley House sponsored by the Ditchley Foundation in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated... That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses. more

ICANN at a Crossroads: GDPR and Human Rights

The European Data Protection Board certainly has been keeping its records straight. Its 27 May statement starts with the following: "WP29 has been offering guidance to ICANN on how to bring WHOIS in compliance with European data protection law since 2003." All internet users have dealings with the Internet Corporation for Assigned Names and Numbers, yet the vast majority have never heard of ICANN. more

It's About Whois Display And Access

The need for an access model for non-public Whois data has been apparent since GDPR became a major issue before the community well over a year ago. Now is the time to address it seriously, and not with half measures. We urgently need a temporary model for access to non-public Whois data for legitimate uses, while the community undertakes longer-term policy development efforts. more

Heading Into Panama for ICANN62

Well amazingly, it's that time again. Next week, individuals from around the world with a keen interest in Internet policy will head to Panama City, Panama for the second ICANN meeting of the year. As always, Brandsight will be attending to follow all of the important policy work being carried out by the community. Before I head off to the meeting (which based on my research will actually be my 32nd ICANN meeting!), I'd like to share a preview of the major topics slated for discussion. more

ICANN vs EPAG: ICANN Seeks Appeal Plus Pushes for ECJ Referral

As I predicted ICANN is pursuing its case against EPAG. They're now not only appealing the case to a higher court in Germany but are also trying to get the entire thing referred to the European Court of Justice. In an announcement late last night ICANN made it very clear what their intentions are. While they're pursuing the appeal in the higher court in the German region, which makes sense at some level, it's also very clear that they're not taking "no" for an answer. more

WHOIS Users Facing Serious Challenges Caused by Post-GDPR Fragmentation

On May 25, 2018, the European General Data Protection Regulation (GDPR) came into effect, meaning that European data protection authorities (DPAs) can begin enforcing the regulation against non-compliant parties. In preparation, the ICANN Board passed a Temporary Specification for gTLD Registration Data - essentially a temporary policy amendment to its registrar and registry contracts to facilitate GDPR compliance while also preserving certain aspects of the WHOIS system of domain name registration data. more

Have You Had Your GDPR Training Today?

The suggestion was recently put to the GNSO Council: anyone who becomes a member of a proposed new Expedited Policy Development Process (EPDP) must be able to demonstrate that they have basic knowledge of privacy and data protection. This makes a lot of sense: Would you trust a lawyer who had never been to law school? Or a doctor who had never studied medicine? Of course not. Recently I asked members of our ICANN Community: have you had any GDPR training, classes, or certification? more

ICANN vs Epag/Tucows: German Court Rules Against ICANN

German courts seem to be pretty fast, so instead of having to wait weeks or months to see how they'd rule, we've already got the answer. The German court in Bonn has ruled that EPAG (Tucows) is not obliged to collect extra contacts beyond the domain name registrant. The decision, naturally, is in German, but there is a translation into English that we can use to understand how the court arrived at this decision. more

A Trebuchet Defence in the Age of the Augmented Reality Cyberwarrior

I've been ruminating on this for a while, this follow-up that was a decade in the offing. My article Trench Warfare in the Age of The Laser-Guided Missile from January 2007 did pretty good in terms of views since I wrote it. Less so in terms of how well the ideas aged or didn't, but that's the nature of the beast. Everything gets worse, and simultaneously, better, and so here we are: Using embarrassingly ancient approaches to next-generation threats. Plus ça change. more

ICANN vs EPAG/Tucows: Tucows Releases Statement on What They're Doing and Why

As I noted over the weekend, ICANN has instigated legal action against EPAG, an ICANN accredited registrar based in Germany that is part of the Tucows group. ICANN claims that the case is to "preserve WHOIS data", but Tucows asserts in their statement that the ICANN approach is flawed. It's not a frivolous statement, but one they've backed with fairly detailed rationale - and this is just their public statement and not a formal legal filing. more

GDPR PII Time-Bomb? Kill it With Fire!

Hi! My name is spamfighter. I investigate spam and phish in a post-GDPR dystopia. Recently, I invented Fire, to save you millions of €uros. One day, my Boss suggested I automate some of my processes. I, for one, welcome our Robot Overlords (and a happy boss), but I can be exacting about the tools I use. Perhaps not to the degree of the infamous Van Halen 'no brown M&M's' contractual clause but I have no patience for poorly-designed software, and truly dislike typing when... more

GDPR Your Domains For Sale? How to Keep Your Domain Name Lottery Ticket Alive

Have you ever sold a domain name that was just sitting in your registrar account? Maybe it was for that idea you had, but never found the time to develop. Perhaps it was for a business or website you once ran and then let go by the wayside. Then one day, out of the blue, that dormant domain turned into a winning lottery ticket. You got a random call or email from an interested party and the next thing you know that domain (which you've forgotten why you even renew it each year) is sold for $3,000 or $30,000 or more. more

News Briefs

First Round of GDPR Fines Coming by the End of the Year, Says EU Data Regulator

Facebook Security Vulnerability Allowed Attackers to Steal User Access Tokens Affecting 50 Million

New Zealand's Domain Name Commission Wins Injunction in a Lawsuit Against DomainTools

Study Finds GDPR Has Had Minimal Impact on Spam and Domain Registrations

Special Interests Circulating Draft Legislation to Cut Short ICANN's Whois Policy Process

DomainTools Sued for Misusing New Zealand's .NZ Domain Name Registration Information

Anti-Phishing Working Group Proposes Use of Secure Hashing to Address GDPR-Whois Debacle

European Data Regulators Throw ICANN Back to the Drawing Board for a Third Time on Whois Privacy

ACLU Released Guide for Developers on How to Respond to Government Demands That Compromise Security

ICANN Files Legal Action Against Domain Registrar for Refusal to Collect WHOIS Data

Major US Telcos Selling Customer Location Information to Third Party Companies, Reports Krebs

Internet Platforms Collecting User Data are Digital Sweat Factories, Says EU's Data Protection Chief

Researchers Discover Over 1.5 Billion Files Exposed Through Misconfigured Data Services

ICANN CEO "Cautiously Optimistic" EU to Provide Clear Guidance for Domain Industry GDPR Compliance

Close to 20% VPN Providers Reported Leaking Customer IP Addresses via WebRTC Bug

Facebook Announces New Privacy and Security Settings Amid Outcry Over Data Collection Practices

IBM Launches Quad9, a DNS-based Privacy and Security Service to Protect Users from Malicious Sites

Dutch Geographic TLDs Refuse Public Access to Whois Data

EU Privacy Case Could Backfire, Turn EU into Data Island, Say Experts

DHS Planning to Monitor, Collect Social Media Information on All Immigrants to US

Most Viewed

Help! My Domain Name Has Been Hijacked!

Do Not Enter - It's XXX

Whois Privacy vs. Anonymity

Adult-Related TLDs Considered Dangerous

Examining Two Well-Known Attacks on VoIP

Most Commented

Conflict of Opinion

DPI is Not a Four-Letter Word!

Hunting Unicorns: Myths and Realities of the Net Neutrality Debate

Whither DNS?

The Anti-Phishing Consumer Protection Act of 2008

Industry Updates

Participants – Random Selection