Privacy

Privacy / Recently Commented

Internet Economics

One year ago, in late 2017, much of the policy debate in the telecommunications sector was raised to a fever pitch over the vexed on-again off-again question of Net Neutrality in the United States. It seemed as it the process of determination of national communications policy had become a spectator sport, replete with commentators who lauded our champions and demonized their opponents. more

France to Stop Using Google as Part of Its Plan to Establish Digital Sovereignty

The 2013 NSA revelations by the American whistleblower Edward Snowden was a stern wake call for French politicians. more

Hackers Behind Marriott Breach Left Clues Suggesting Link to Chinese Government

Hackers behind the massive data breach of the hotel group Marriott International Inc have left clues suggesting ties to the Chinese government intelligence-gathering operation. more

Has President Macron Thrown Multistakeholderism Under the Bus at UN IGF 2018 Paris?

Today, President Macron threw down the gauntlet to President Trump and the US administration on Multistakeholderism. In his welcome address to IGF 2018 Paris a few hours ago, President Macron challenged IGF to become more relevant by reinventing itself in factoring in multilateralism into IGF's non-decision-making body and to move beyond the mere talk-ship lip service it has been for the last 13 years. more

Protecting Privacy Differently

My thesis is simple: the way we protect privacy today is broken and cannot be fixed without a radical change in direction. My full argument is long; I submitted it to the NTIA's request for comments on privacy. Here's a short summary. For almost 50 years, privacy protection has been based on the Fair Information Practice Principles (FIPPs). There are several provisions... more

M3AAWG and APWG Do the Best Survey Yet on WHOIS Redaction

M3AAWG, the Messaging, Malware, and Mobile, Anti-Abuse Working Group and APWG, the Anti-Phishing Working Group, surveyed their members about recent WHOIS changes. With over 300 results from security researchers, it's the broadest report yet on WHOIS use. The survey results confirm our concerns that WHOIS was a vital resource for security research, and its loss is a serious and ongoing problem. more

KSK Rollover, Elliptical Curve Vulnerabilities, Surveillance and Privacy. Are We Building Trust?

ICANN just recently performed a Root Zone DNS Security Extensions (DNSSEC) Key Signing Key (KSK) Rollover. The recent KSK Rollover that took place on the 11th October 2018. The KSK Rollover has been successful and congratulations are in order. The Root Zone DNSSEC Key Signing Key "KSK" is the top most cryptographic key in the DNSSEC hierarchy. The KSK is a cryptographic public-private key pair. more

Traceability

At a recent workshop on cybersecurity at Ditchley House sponsored by the Ditchley Foundation in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated... That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses. more

New Zealand's Domain Name Commission Wins Injunction in a Lawsuit Against DomainTools

New Zealand's Domain Name Commission today won a motion for preliminary injunction in a US lawsuit against the company DomainTools. more

Why Foldering Adds Very Little Security

I keep hearing stories of people using "foldering" for covert communications. Foldering is the process of composing a message for another party, but instead of sending it as an email, you leave it in the Drafts folder. The other party then logs in to the same email account and reads the message; they can then reply via the same technique. Foldering has been used for a long time, most famously by then-CIA director David Petraeus and his biographer/lover Paula Broadwell. Why is foldering used? more

Special Interests Circulating Draft Legislation to Cut Short ICANN's Whois Policy Process

Special interests who oppose privacy are circulating draft legislation to cut short ICANN's Whois policy process, warns Milton Mueller in a post published today in Internet Governance Project. more

ICANN's ePDP - An Insider's Perspective

Amazingly enough, summer is rapidly ending as kids head back to school, the temperatures in the mornings are just slightly cooler, and soon enough jeans and sweatshirts will be upon us. It also means that the important work on ICANN's temporary specification regarding WHOIS relative to GDPR has already aged a few months. The ICANN Board adopted the temporary specification in May 2018 and it became effective on the 25th of the month. more

It's About Whois Display And Access

The need for an access model for non-public Whois data has been apparent since GDPR became a major issue before the community well over a year ago. Now is the time to address it seriously, and not with half measures. We urgently need a temporary model for access to non-public Whois data for legitimate uses, while the community undertakes longer-term policy development efforts. more

ICANN vs EPAG: ICANN Seeks Appeal Plus Pushes for ECJ Referral

As I predicted ICANN is pursuing its case against EPAG. They're now not only appealing the case to a higher court in Germany but are also trying to get the entire thing referred to the European Court of Justice. In an announcement late last night ICANN made it very clear what their intentions are. While they're pursuing the appeal in the higher court in the German region, which makes sense at some level, it's also very clear that they're not taking "no" for an answer. more

WHOIS Users Facing Serious Challenges Caused by Post-GDPR Fragmentation

On May 25, 2018, the European General Data Protection Regulation (GDPR) came into effect, meaning that European data protection authorities (DPAs) can begin enforcing the regulation against non-compliant parties. In preparation, the ICANN Board passed a Temporary Specification for gTLD Registration Data - essentially a temporary policy amendment to its registrar and registry contracts to facilitate GDPR compliance while also preserving certain aspects of the WHOIS system of domain name registration data. more