Privacy

Blogs

Why Are the EU Data Protection Authorities Taking Away Our Fundamental Right to be Safe?

What if we created a rule that gave everyone - good or bad - the right to hide their license plate, where they live, who they are, and just go incognito? What if we made it a right to walk into any building in the world, and simply say "No, thank you" when the security guards asked for one's identification? The criminals would celebrate, and we'd all be utterly alarmed. We would immediately be afraid for our personal safety. more

GDPR and WHOIS - We've Heard from the Article 29 Working Party, Now What?

Well, here we are on Friday the 13th and I couldn't think of a better way to spend the day than providing an update on GDPR, WHOIS and ICANN. There's lots to cover, so let's dive right in. As we have been talking about for a number of months now, the EU's new General Data Privacy Regulation (GDPR) will become enforceable on May 25th. The ICANN community has been struggling with how GDPR will impact the WHOIS system. more

Holocaust Remembrance Day

Today is Holocaust Remembrance Day. Today we remember that the Nazis rounded up Jews, Roma, political dissidents, and other "undesirables" using the best data and technology of the day and sent them off to concentration camps. We don't normally deal with this type of political reality in ICANN, but now is the time to do so. In 1995, the recently formed European Union passed the EU Data Protection Directive. more

Is It Time for a Data Sharing Clearinghouse for Internet Researchers?

Today's Senate hearing with Facebook's Mark Zuckerberg will start a long discussion on data collection and privacy from Internet companies. Although the spotlight is currently on Facebook, we shouldn't forget that the picture is broader: companies from device manufacturers to ISPs collect network traffic and use it for a variety of purposes. more

We Need to Disconnect from Facebook Right Now

The smartphone has effectively transformed us into cyborgs, we have in our hands a highly efficient computing device equipped with a photo and video camera, microphone, GPS, accelerometer, gyroscope, magnetometer, light and proximity sensors, as well as other features that allow creation of increasingly useful, impressive and addictive applications. more

Facebook vs. Domain Names: Lessons from Cambridge Analytica

The current revelations about Cambridge Analytica's use of Facebook data illustrate an important drawback to using a Facebook account as your business' online presence: Facebook knows and sells your customers! Millions of companies - especially small companies and start-ups - rely on a Facebook account for their online presence. On the surface, it seems like a great idea... more

Oblivious DNS: Plugging the Internet's Biggest Privacy Hole

The recent news that Mozilla and Cloudflare are deploying their own DNS recursive resolver has once again raised hopes that users will enjoy improved privacy, since they can send DNS traffic encrypted to Cloudflare, rather than to their ISP. In this post, we explain why this approach only moves your private data from the ISP to (yet another) third party. You might trust that third party more than your ISP, but you still have to trust them. In this post, we present an alternative design -- Oblivious DNS -- that prevents you from having to make that choice at all. more

CEOs and Encryption: The Questions You Need to Ask Your Experts

Barely a week passes without something in the news that reminds us of the critical role encryption plays in securing our data. It is a technology that protects so much of what we rely on, as individuals protecting our privacy, as companies securing our business assets and transactions, and as governments responsible for critical national infrastructure. ... The request Kathy mentions came after the San Bernardino shootings in California... more

Accreditation & Access Model For Non-Public Whois Data

In the current debate over the balance between privacy and Internet safety and security, one of the unanswered questions is: "How will those responsible for protecting the public interest gain access to the non-public data in the WHOIS databases post General Data Protection Regulation (GDPR)?" In an attempt to prevent WHOIS data from going "dark," several community members have been working for the past weeks to create a model that could be used to accredit users and enable access to the non-public WHOIS data. more

ICANN Proposed Interim GDPR Compliance Model Would Kill Operational Transparency of the Internet

ICANN has consistently said its intention in complying with the European Union's General Data Protection Regulation (GDPR) is to comply while at the same time maintaining access to the WHOIS domain name registration database "to greatest extent possible." On February 28, ICANN published its proposed model. Strangely, while ICANN acknowledges that some of the critical purposes for WHOIS include consumer protection, investigation of cybercrimes, mitigation of DNS abuse, and intellectual property protection, the model ICANN proposes provides no meaningful pathway to use WHOIS in those ways. more

WHOIS Access and Interim GDPR Compliance Model: Latest Developments and Next Steps

WHOIS access and development of an interim GDPR compliance model remains THE hot topic within the ICANN community. Developments are occurring at a break-neck pace, as ICANN and contracted parties push for an implementable solution ahead of the May 25, 2018 effective date of the GDPR... ICANN is now poised to formally publish the convergence model, although the community continues to discuss and seek a solution that is acceptable for all stakeholders. more

WHOIS Inaccuracy Could Mean Noncompliance with GDPR

The European Commission recently released technical input on ICANN's proposed GDPR-compliant WHOIS models that underscores the GDPR's "Accuracy" principle - making clear that reasonable steps should be taken to ensure the accuracy of any personal data obtained for WHOIS databases and that ICANN should be sure to incorporate this requirement in whatever model it adopts. Contracted parties concerned with GDPR compliance should take note. more

GDPR - Territorial Scope and the Need to Avoid Absurd and Inconsistent Results

There is an urgent need to clarify the GDPR's territorial scope. Of the many changes the GDPR will usher in this May, the expansion of EU privacy law's territorial scope is one of the most important. The GDPR provides for broad application of its provisions both within the EU and globally. But the fact that the GDPR has a broad territorial scope does not mean that every company, or all data processing activities, are subject to it. more

Preparing for GDPR's Impact on WHOIS - 5 Steps to Consider

With GDPR coming into effect this May, it is almost a forgone conclusion that WHOIS as we know it today, will change. Without knowing the full details, how can companies begin to prepare? First and foremost, ensuring that brand protection, security and compliance departments are aware that a change to WHOIS access is on the horizon is an important first step. Just knowing that the ability to uncover domain ownership information is likely to change in the future will help to relieve some of the angst that is likely to occur. more

Businesses and Intellectual Property Owners Discuss GDPR and WHOIS Issues With ICANN and Community

On January 24, 2018, ICANN's Business Constituency (BC) and Intellectual Property Constituency (IPC) co-hosted an event to discuss the EU's General Data Protection Regulation (GDPR) and its implications on access to the WHOIS database. ICANN's CEO and General Counsel joined the discussion, as did stakeholders from across the ICANN community. The event was timely and well attended with over 200 participants attending in-person or virtually. more

News Briefs

Researchers Discover Over 1.5 Billion Files Exposed Through Misconfigured Data Services

ICANN CEO "Cautiously Optimistic" EU to Provide Clear Guidance for Domain Industry GDPR Compliance

Close to 20% VPN Providers Reported Leaking Customer IP Addresses via WebRTC Bug

Facebook Announces New Privacy and Security Settings Amid Outcry Over Data Collection Practices

IBM Launches Quad9, a DNS-based Privacy and Security Service to Protect Users from Malicious Sites

Dutch Geographic TLDs Refuse Public Access to Whois Data

EU Privacy Case Could Backfire, Turn EU into Data Island, Say Experts

DHS Planning to Monitor, Collect Social Media Information on All Immigrants to US

EFF Resigns from World Wide Web Consortium (W3C) over EME Decision

U.S. Department of Justice Demands IP Addresses, Other Details on Visitors to Trump Resistance Site

Afghanistan Enacts Law Targeting Online Crime and Militancy

Trump Administration Doubles Down on Surveillance

Seattle Restores ISP Privacy Rules. Could be First of Many Cities to Defeat FCC's Privacy Roll Back

The Economist: Data, the Oil of the Digital Era

NSA to Stop Collecting American Emails To and From Overseas

Pirate Bay Founder and Other Internet Activists Launch Domain Privacy Service

Twitter Files Lawsuit Against U.S. Government Over National Security Data

Major U.S. ISPs Say They Will Not Sell Customer Browsing Histories

Trump Administration Backs Repeal of Broadband Privacy Rules

U.S. Senate Voted to Eliminate Broadband Privacy Rules

Most Viewed

Help! My Domain Name Has Been Hijacked!

Do Not Enter - It's XXX

Whois Privacy vs. Anonymity

Adult-Related TLDs Considered Dangerous

Examining Two Well-Known Attacks on VoIP

Most Commented

Conflict of Opinion

DPI is Not a Four-Letter Word!

Hunting Unicorns: Myths and Realities of the Net Neutrality Debate

Whither DNS?

The Anti-Phishing Consumer Protection Act of 2008

Industry Updates

Participants – Random Selection