Privacy

Blogs

Has President Macron Thrown Multistakeholderism Under the Bus at UN IGF 2018 Paris?

Today, President Macron threw down the gauntlet to President Trump and the US administration on Multistakeholderism. In his welcome address to IGF 2018 Paris a few hours ago, President Macron challenged IGF to become more relevant by reinventing itself in factoring in multilateralism into IGF's non-decision-making body and to move beyond the mere talk-ship lip service it has been for the last 13 years. more

Protecting Privacy Differently

My thesis is simple: the way we protect privacy today is broken and cannot be fixed without a radical change in direction. My full argument is long; I submitted it to the NTIA's request for comments on privacy. Here's a short summary. For almost 50 years, privacy protection has been based on the Fair Information Practice Principles (FIPPs). There are several provisions... more

M3AAWG and APWG Do the Best Survey Yet on WHOIS Redaction

M3AAWG, the Messaging, Malware, and Mobile, Anti-Abuse Working Group and APWG, the Anti-Phishing Working Group, surveyed their members about recent WHOIS changes. With over 300 results from security researchers, it's the broadest report yet on WHOIS use. The survey results confirm our concerns that WHOIS was a vital resource for security research, and its loss is a serious and ongoing problem. more

Maintaining Trust, Respecting Privacy and Due Process

In order for the Internet to function properly, there has to be "trust". Trust in "online" is something that has ebbed and flowed over the years, but over the past two decades more and more of our daily lives are linked closely to "digital". Our banks encourage us to use online banking and their mobile apps. Government agencies share (and collect) information from private citizens and businesses online. And of course we all do more and more of our shopping online... more

KSK Rollover, Elliptical Curve Vulnerabilities, Surveillance and Privacy. Are We Building Trust?

ICANN just recently performed a Root Zone DNS Security Extensions (DNSSEC) Key Signing Key (KSK) Rollover. The recent KSK Rollover that took place on the 11th October 2018. The KSK Rollover has been successful and congratulations are in order. The Root Zone DNSSEC Key Signing Key "KSK" is the top most cryptographic key in the DNSSEC hierarchy. The KSK is a cryptographic public-private key pair. more

ICANN's ePDP - An Insider's Perspective

Amazingly enough, summer is rapidly ending as kids head back to school, the temperatures in the mornings are just slightly cooler, and soon enough jeans and sweatshirts will be upon us. It also means that the important work on ICANN's temporary specification regarding WHOIS relative to GDPR has already aged a few months. The ICANN Board adopted the temporary specification in May 2018 and it became effective on the 25th of the month. more

Why Foldering Adds Very Little Security

I keep hearing stories of people using "foldering" for covert communications. Foldering is the process of composing a message for another party, but instead of sending it as an email, you leave it in the Drafts folder. The other party then logs in to the same email account and reads the message; they can then reply via the same technique. Foldering has been used for a long time, most famously by then-CIA director David Petraeus and his biographer/lover Paula Broadwell. Why is foldering used? more

Traceability

At a recent workshop on cybersecurity at Ditchley House sponsored by the Ditchley Foundation in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated... That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses. more

ICANN at a Crossroads: GDPR and Human Rights

The European Data Protection Board certainly has been keeping its records straight. Its 27 May statement starts with the following: "WP29 has been offering guidance to ICANN on how to bring WHOIS in compliance with European data protection law since 2003." All internet users have dealings with the Internet Corporation for Assigned Names and Numbers, yet the vast majority have never heard of ICANN. more

It's About Whois Display And Access

The need for an access model for non-public Whois data has been apparent since GDPR became a major issue before the community well over a year ago. Now is the time to address it seriously, and not with half measures. We urgently need a temporary model for access to non-public Whois data for legitimate uses, while the community undertakes longer-term policy development efforts. more

Heading Into Panama for ICANN62

Well amazingly, it's that time again. Next week, individuals from around the world with a keen interest in Internet policy will head to Panama City, Panama for the second ICANN meeting of the year. As always, Brandsight will be attending to follow all of the important policy work being carried out by the community. Before I head off to the meeting (which based on my research will actually be my 32nd ICANN meeting!), I'd like to share a preview of the major topics slated for discussion. more

ICANN vs EPAG: ICANN Seeks Appeal Plus Pushes for ECJ Referral

As I predicted ICANN is pursuing its case against EPAG. They're now not only appealing the case to a higher court in Germany but are also trying to get the entire thing referred to the European Court of Justice. In an announcement late last night ICANN made it very clear what their intentions are. While they're pursuing the appeal in the higher court in the German region, which makes sense at some level, it's also very clear that they're not taking "no" for an answer. more

WHOIS Users Facing Serious Challenges Caused by Post-GDPR Fragmentation

On May 25, 2018, the European General Data Protection Regulation (GDPR) came into effect, meaning that European data protection authorities (DPAs) can begin enforcing the regulation against non-compliant parties. In preparation, the ICANN Board passed a Temporary Specification for gTLD Registration Data - essentially a temporary policy amendment to its registrar and registry contracts to facilitate GDPR compliance while also preserving certain aspects of the WHOIS system of domain name registration data. more

Have You Had Your GDPR Training Today?

The suggestion was recently put to the GNSO Council: anyone who becomes a member of a proposed new Expedited Policy Development Process (EPDP) must be able to demonstrate that they have basic knowledge of privacy and data protection. This makes a lot of sense: Would you trust a lawyer who had never been to law school? Or a doctor who had never studied medicine? Of course not. Recently I asked members of our ICANN Community: have you had any GDPR training, classes, or certification? more

ICANN vs Epag/Tucows: German Court Rules Against ICANN

German courts seem to be pretty fast, so instead of having to wait weeks or months to see how they'd rule, we've already got the answer. The German court in Bonn has ruled that EPAG (Tucows) is not obliged to collect extra contacts beyond the domain name registrant. The decision, naturally, is in German, but there is a translation into English that we can use to understand how the court arrived at this decision. more

News Briefs

Berners-Lee Launches Global Campaign to Save the Web From Destruction

US Senator Wyden Proposes Bill That Could Jail Executives Over Repeated Data Privacy Violations

Berners-Lee Warns About the Danger of Concentration Regarding Growing Dominance of Tech Giants

First Round of GDPR Fines Coming by the End of the Year, Says EU Data Regulator

Facebook Security Vulnerability Allowed Attackers to Steal User Access Tokens Affecting 50 Million

New Zealand's Domain Name Commission Wins Injunction in a Lawsuit Against DomainTools

Study Finds GDPR Has Had Minimal Impact on Spam and Domain Registrations

Special Interests Circulating Draft Legislation to Cut Short ICANN's Whois Policy Process

DomainTools Sued for Misusing New Zealand's .NZ Domain Name Registration Information

Anti-Phishing Working Group Proposes Use of Secure Hashing to Address GDPR-Whois Debacle

European Data Regulators Throw ICANN Back to the Drawing Board for a Third Time on Whois Privacy

ACLU Released Guide for Developers on How to Respond to Government Demands That Compromise Security

ICANN Files Legal Action Against Domain Registrar for Refusal to Collect WHOIS Data

Major US Telcos Selling Customer Location Information to Third Party Companies, Reports Krebs

Internet Platforms Collecting User Data are Digital Sweat Factories, Says EU's Data Protection Chief

Researchers Discover Over 1.5 Billion Files Exposed Through Misconfigured Data Services

ICANN CEO "Cautiously Optimistic" EU to Provide Clear Guidance for Domain Industry GDPR Compliance

Close to 20% VPN Providers Reported Leaking Customer IP Addresses via WebRTC Bug

Facebook Announces New Privacy and Security Settings Amid Outcry Over Data Collection Practices

IBM Launches Quad9, a DNS-based Privacy and Security Service to Protect Users from Malicious Sites

Most Viewed

Help! My Domain Name Has Been Hijacked!

Do Not Enter - It's XXX

Whois Privacy vs. Anonymity

Adult-Related TLDs Considered Dangerous

Examining Two Well-Known Attacks on VoIP

Most Commented

Conflict of Opinion

DPI is Not a Four-Letter Word!

Hunting Unicorns: Myths and Realities of the Net Neutrality Debate

Whither DNS?

The Anti-Phishing Consumer Protection Act of 2008

Industry Updates

Participants – Random Selection