Help! My Domain Name Has Been Hijacked!

They are out there. In Internet Cafes and dark rooms from New York to Hong Kong to Iran, the domain name hijackers are plotting to steal your domain names. Fortunately, there are some steps that you can take to protect yourself against losing your domain names. ...Registrars are often skeptical of claims of domain hijacking, and the hijackers often "launder" the domain names to look as if they have sold them to third parties... By the time you discover that your domain name has been stolen, it may be at its third or fourth different registrar in the name of a completely different party... more»

New CIRA Whois Policy Strikes Balance Between Privacy and Access

My weekly technology law column focuses this week on the new CIRA whois policy that is scheduled to take effect on June 10, 2008. The whois issue has attracted little public attention, yet it has been the subject of heated debate within the domain name community for many years. It revolves around the whois database, a publicly accessible, searchable list of domain name registrant information (as in "who is" the registrant of a particular domain name). more»

Canada's New Policy Will Privatize Whois Data for .ca Domains

Canadian Internet Registration Authority (CIRA) has posted its Change of Privacy Status... "As of June 10, 2008 the dot-ca (.ca) WHOIS will no longer release information about individual Registrants and their Adminstrative and Technical contacts, providing more thorough privacy protection for many of our Registrants." more»

Important New Jersey Supreme Court Decision in Internet Privacy

The New Jersey Supreme Court has issued an important decision on Internet users' right to privacy. The case involves a dispute about whether an ISP violated a user's privacy rights by turning over subscriber information (name, address, billing details) associated with a particular IP address. It ends up that the subpoena served on the ISP was invalid for a variety of reasons. As the user had a 'reasonable expectation of privacy' in her Internet activities and identifying information, and because the subpoena served on the ISP was invalid, the New Jersey court determined that the ISP should not have turned over the personal data... more»

The Anti-Phishing Consumer Protection Act of 2008

Last week Sen. Snowe filed bill S.2661, the Anti-Phishing Consumer Protection Act of 2008, or APCPA. While its goals are laudable, I have my doubts about some of the details. The first substantive section of the bill, Section 3, makes various phishy activities more illegal than they are now in its first two subsections. It makes it specifically illegal to solicit identifying information from a computer under false pretenses, and to use a domain name that is deceptively similar to someone else's brand or name on the web in e-mail or IM to mislead people... more»

ICA Posts Position Paper and Analysis of Snowe "Anti-Phishing" Legislation

The Internet Commerce Association (ICA) has posted a position paper and analysis of S. 2661, introduced on 2/25/08 in the US Senate. While we are firmly opposed to phishing and other criminal activities that may utilize domain names we are very concerned about the provisions of the proposal that appear to provide trademark owners with a means to avoid both UDRP and ACPA actions and alternatively bring private claims against domain names with a lower burden of proof and the potential for far higher monetary damages, without even requiring an allegation that the DN was in any way being utilized in a phishing scheme... more»

IP is Personal Says Head of the European Union

Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law. He told a European Parliament hearing on online data protection that when someone is identified by an IP address "then it has to be regarded as personal data." more»

An Internet Security Operations Viewpoint of IGF

The Internet Governance Forum (IGF) is an annual UN conference on Internet governance which was held this year in Rio de Janeiro, Brazil. The topics discussed range from human rights online to providing Internet access in developing countries. A somewhat secondary topic of conversation is Internet security and cyber-crime mostly limited to policy and legislative efforts. Techies and Internet security industry don't have much to do there, but I have a few updates for us from the conference. more»

Whois: If You Want Privacy, Pay For It

Netchoice, a lobbying group for the e-commerce industry had a strange reaction on the failure of the GNSO working group on Whois to reach a consensus. After all, they say, "Privacy concerns with Whois that were identified years ago have already been addressed by in the marketplace"... more»

Getting Rid of Whois

The Whois database may disappear... An ICANN committee is considering a sunset proposal at its meeting this week in Los Angeles that would effectively scrap the directory system on privacy grounds. Among those arguments is that a public-by-default Whois listing may run afoul of Canadian and European Union privacy laws. more»

WHOIS Redux: Demand Privacy in Domain Name Registration

Doc's post and the impending comments deadline for the next iteration of ICANN's never-ending WHOIS saga finally pushed me to write up my thoughts on the latest iteration of ICANN debate. As Doc points out, much of the current debate is very inside baseball, tied up in acronyms atop bureaucratic layers. Small wonder then that ordinary domain name registrants and Internet users haven't commented much, while the fora are dominated by INTA members turning out responses to an "urgent request" to "let ICANN know that Whois is important to the brand owners I represent"... more»

Defendants Convicted in 1st Criminal CAN-SPAM Trial

In what seems to be the 1st criminal trial under CAN-SPAM, the defendants were convicted in June on a variety of counts. The court rejected defendants' motion for acquittal or new trial. Defendants challenged the conviction in the trial court (where proceedings are ongoing) and the court issued an order rejecting that challenge. It's tough to figure out what's earthshattering about the case. After reading the court's reasonably detailed opinion recounting the evidence, you're left with the feeling that the government did a thorough job in assembling evidence, and defendants engaged in a variety of questionable conduct. Put these two together (and the fact that cooperating defendants testified), and the conviction does not seem surprising. more»

More on WHOIS Privacy

Last week I wrote a note the ICANN WHOIS privacy battle, and why nothing's likely to change any time soon. Like many of my articles, it is mirrored at CircleID, where some of the commenters missed the point. One person noted that info about car registrations, to which I roughly likened WHOIS, are usually available only to law enforcement, and that corporations can often be registered in the name of a proxy, so why can't WHOIS do the same thing? more»

If WHOIS Privacy is a Good Idea, Why is it Going Nowhere?

ICANN has been wrangling about WHOIS privacy for years. Last week, yet another WHOIS working group ended without making any progress. What's the problem? Actually, there are two: one is that WHOIS privacy is not necessarily all it's cracked up to be, and the other is that so far, nothing in the debate has given any of the parties any incentive to come to agreement. The current ICANN rules for WHOIS say, approximately, that each time you register a domain in a gTLD (the domains that ICANN manages), you are supposed to provide contact information... WHOIS data is public, and despite unenforceable rules to the contrary, it is routinely scraped... more»

Another Whois-Privacy Stalemate

The report of the Whois Working Group was published today. The Working Group could not achieve agreement on how to reconcile privacy and data protection rights with the interests of intellectual property holders and law enforcement agencies. So the Working Group Chair redefined the meaning of "agreement." See the full story at the Internet Governance Project site. more»