ICANN is seeking input on a draft framework for continued access to full Whois data (see 1805180055), President Göran Marby blogged. He noted European data protection authorities told ICANN it must develop, in accordance with the general data protection regulation, a system that allows legitimate uses by stakeholders such as law enforcement of the full personal data of domain name registrants but that doesn't grant unlimited access. The framework asks questions to shape discussion of how the model might work, such as how and which users with a legitimate purpose can access the non-public data, he said Monday. ICANN wants to start by talking with governments in the European economic area that are also members of the Governmental Advisory Committee, he said. Questions for discussion with officials include how law enforcement, individual Whois users and other private third parties might be authenticated to access the nonpublic registration data. ICANN also intends to discuss the framework with the European Data Protection Board, Marby said. He urged stakeholders to comment at gdpr@icann.org, and said the topic is on the agenda at the ICANN June 25-28 meeting in Panama.
ICANN efforts to align its Whois database with the EU general data protection regulation continue, and the organization also revised relevant internal policies, President Göran Marby blogged Tuesday. On Whois, he noted "positive feedback" from European Commission officials on ICANN's "temporary specification" for compliance (see 1805140001). He thanked the new European Data Protection Board (EDPB, formerly the Article 29 Data Protection Working Party) for its "recognition of the work ICANN has undertaken with its stakeholders and contracted parties on GDPR as it applies to the WHOIS services," and said the internet body wants to develop a unified access model for continued access to all Whois data. "This includes identifying opportunities for ICANN, beyond its role as one of the 'controllers' with respect to WHOIS or its contractual enforcement role, to be acknowledged under the law as the coordinating authority of the WHOIS system." The EDPB, which met for the first time May 25, endorsed an earlier WP29 statement that said the GDPR doesn't allow national supervisory authorities or the EDPB "to create an 'enforcement moratorium' for individual data controllers." Data protection authorities may, however, take into account measures that have already been taken or are underway when determining the appropriate regulatory response, it said. ICANN was already told it must put in place a Whois model that enables legitimate uses by relevant stakeholders, such as law enforcement, of domain name owners' personal information, "without leading to an unlimited publication of those data," the EDPB said. Internally, ICANN has now revamped its online privacy policy, terms of service, cookies policy and new generic top-level domain program personal data privacy statement, and created a new notice of applicant privacy relating to data processed for employment applications, Marby wrote.
A German domain name registrar isn't required to collect administrative and technical data for new registrations, a German court ruled Wednesday, rejecting an injunctive relief request from ICANN seeking to “preserve Whois” (see 1805280001). EPAG Domainservices opted to no longer collect registrants' administrative and technical contact information when selling new domain names because it would violate the EU general data protection regulation. ICANN noted the regional court “did not indicate in its ruling that collecting such data would be a violation of the GDPR.” ICANN General Counsel and Secretary John Jeffrey said the organization will look to continue “ongoing discussions with the European Commission, and WP29, to gain further clarification of the GDPR as it relates to the integrity of WHOIS services." A spokesperson for Tucows, which owns EPAG, pointed us to an earlier statement saying it will continue to allow “those with legitimate purposes, including law enforcement, intellectual property, and commercial litigation interests” to access domain registrant information.
The ICANN board approved a temporary specification for generic top-level domain registration data Thursday. ICANN board Chairman Cherine Chalaby said the approval allows ICANN and contracted parties to comply with existing “contractual requirements and community-developed policies as they relate to WHOIS.” It’s an “important step” for bringing ICANN and contracted parties into compliance with the EU’s general data protection regulation, set to take effect May 25, he said. NTIA Administrator David Redl said Thursday (see 1805170031) a short-term moratorium on GDPR enforcement for WHOIS may be necessary. “If not, then come May 25, we anticipate registries and registrars will stop providing access to WHOIS directories and services,” he said, warning against negative impacts on law enforcement for cybercrimes and intellectual property rights.
The U.S. accounted for 52.5 percent of malicious domain name system (DNS) queries to command and control servers globally between September and February, Akamai reported Tuesday. China accounted for 12 percent of malicious queries in the same span, a sign that command and control hosting is becoming less U.S.-centric, Akamai said. The report analyzed data from more than 14 million DNS queries from communications service provider networks.
ICANN should investigate the decision by domain name registrar GoDaddy to throttle Port 43 (automated bulk) access and mask the information in certain Whois fields, NTIA Administrator David Redl said in a Monday letter to ICANN board Chairman Cherine Chalaby. GoDaddy began throttling and masking in January to help reduce spam calls and emails, it said in a notice. But Redl said the actions "are of grave concern" to NTIA "given the U.S. Government's interest in maintaining a WHOIS service that is quickly accessible for legitimate purposes." It's worried that other registrars and registries could copy GoDaddy's approach, he said. The actions are inconsistent with ICANN's multistakeholder approach and could breach ICANN's registrar accreditation agreement, he said. Redl urged the board to investigate and to consider an ICANN cross-community discussion of the matter. NTIA also wants ICANN to look into allowing other players, such as non-ICANN accredited registrars, to offer enhanced domain name system security features.
Bitcoin-derived blockchain technology might improve an FCC Lifeline program that is ineffective and has seen "considerable fraud," said Mark Jamison, American Enterprise Institute visiting scholar and director of the University of Florida's Public Utility Research Center. "Studies consistently demonstrate" the low-income USF support program "has little impact and is costly," he blogged Tuesday. Blockchain transactions are conducted using "wallet" software that contains private and public keys to protect security, along with computer "miners" to verify transactions, he wrote. For Lifeline, "each person that is enrolled in one of the qualifying federal programs and that does not have a phone would be assigned a wallet suitable for the service for which the person wants to use the subsidy," he said. "The wallet might be an app on a secure smartphone if the person wants to use the subsidy for mobile service or on a piece of hardware that could plug into a smartphone, laptop, or tablet computer." Universal Service Administrative Co. each month "could transfer the Lifeline subsidy from a USAC wallet to the recipient’s wallet," he wrote. "The recipient could then use the currency to pay all or part of the service fee, depending on how much the person is paying for service. This payment would be made from the recipient’s wallet to a wallet designated by his or her service provider."
GSMA and ICANN signed a memorandum of understanding, with the goal of raising awareness of local and regional internet governance issues. Wednesday, GSMA Director General Mats Granryd and ICANN CEO Göran Marby signed the MOU in Barcelona, site of Mobile World Congress (see 1802260047 and 1802270047).
A communications law firm reminded those with websites to renew domain names and register valuable ones to those companies and not their vendors, saying it finds these "recurring problems striking regularly." Microsoft, Jeb Bush, the Dallas Cowboys and, recently, Sorenson Communications let domains lapse, blogged ICANN expert Kathy Kleiman of Fletcher Heald. Sorenson's goof meant its site was inaccessible, so "customers could not receive or place video relay service, 911, and other calls," she wrote Tuesday, in a post emailed the next day. For a “preventable, internal operational failure,” a September FCC Enforcement Bureau order (see 1709290056) said the company agreed to reimburse the Telecom Relay Service Fund $2.7 million and pay a $252,000 settlement, Kleiman noted. She recommended automatic domain renewal. Sorenson didn't comment.
Amazon’s application for the generic top-level domain name .amazon will be a major discussion topic at next week’s ICANN meeting, blogged American Enterprise Institute visiting fellow Shane Tews. Although Peru and Brazil opposed the application (see 1710040051), a review panel said the ICANN board didn't adequately explain its reasons for blocking the applications, giving Amazon a green light, Tews said. Debate will continue, since the two governments oppose Amazon’s application based on concerns it impinges on countries in their region. “The internet community sees the .amazon application as a case study in what they can and cannot do without government permission,” Tews said Monday.