InternetNZ’s Jordan Carter Talks Privacy: GDPR, DomainTools Court Case, .NZ Individual Registrants… And More

Privacy is a big thing, both in the .nz space and in the wider domain name world and has brought about both highlights and lowlights according to InternetNZ’s Chief Executive Jordan Carter. In today’s Domain Pulse Q&A Carter says a 2018 lowlight was ICANN’s handling of their policy response to the EU’s GDPR, which he believes, along with privacy for internet users, to be a good thing. In New Zealand they’re been dealing with privacy in 2 ways: an Individual Registrant Privacy Option introduced in 2018 as well as an upcoming review of the Privacy Act.

Looking ahead to 2019 another issue impacting on privacy is InternetNZ’s US litigation against DomainTools. This is a test case with implications for the protection of ‘privacy rights of .nz registrants in the .nz domain name space and likely other ccTLDs and the wider industry.’ Also for 2019, Carter sees a “challenge and opportunity” in seeing Internet Governance becoming more effective, which follows the “strong challenge to the global multistakeholder approach to governing the Internet issued by Emmanuel Macron and the U.N. Secretary General at last year’s Internet Governance Forum.” Getting it right says Carter, would mean evolving “multistakeholder Internet governance in a way that brings governments more on board, and is fit for the future.” Carter also discusses security, domain name abuse and DNS hijacking.

Domain Pulse: What were the highlights, lowlights and challenges of 2018 in the domain name industry for you?

Jordan Carter: A highlight for us in New Zealand was putting the issue of domain name abuse squarely on the table. We held a forum to tackle this in Wellington late in the year, and had some pretty clear perspectives shared by almost a hundred people who took part.

Another highlight was implementing the merger of InternetNZ and NZRS, our former subsidiary that operated the .nz registry. There’s a lot of work involved in that kind of change and our team have done an amazing job in making it happen.

Lowlights? The handling of the GDPR by ICANN sticks out as a major issue. And right at the end of the year, leading into 2019, the DNS hijacking that became apparent is a real concern.

Three of these are challenges too – how we get privacy right in the DNS, how to improve our security performance, and how to deal with abuse in the DNS.

DP: GDPR – good, bad and/or indifferent to you and the wider industry and why? (You’ve alluded in previous emails that NZ is working on its own privacy legislation so to answer it thinking of this could be good)

JC: Privacy is a good thing. Changing the domain name system to support it is a good thing. The GDPR in principle is a good thing. In New Zealand we have two items on this topic.

The Individual Registrant Privacy Option (IRPO) was introduced in 2018, giving registrants not in significant trade the choice to keep e some of their registrant contact details private.

We also have a review of the Privacy Act likely to lead to amending legislation later this year or early next, which will follow some of the precedents created by the GDPR while maintaining New Zealand’s general approach to privacy law. One goal of the legislative update is to retain New Zealand’s adequacy finding under the new GDPR framework.

For the wider industry, I am quite critical of how ICANN has approached this topic. For ICANN to have ended up rushing a policy development process when GDPR was very well signalled for years in advance isn’t the standard we should expect of that organisation. That said, I am confident they’ve learned a big lesson and have taken steps to make sure a repeat is unlikely.

DP: What are you looking forward to in 2019?

JC: For .nz, we have a number of things on the go.

We’re going to look at our security approach across the .nz domain, working with our registrars and others to look at the threat landscape and see what more we can do on the security front.

The Domain Name Commission will be revising and improving its compliance approach.

The Commission will also have an outcome from its US litigation against DomainTools. This test case will be significant for protecting the privacy rights of .nz registrants in the .nz domain name space and it is likely to have an impact on other ccTLDs and the wider industry.

We will be looking at what more we can do to tackle the tricky issue of domain name abuse, including supporting the work that the Internet and Jurisdiction Project has underway on that topic.

We will soon be launching an end-to-end review of the whole policy framework that applies to the .nz domain name space, asking our stakeholders if there are any issues they see that need solving.

I’m looking forward to all of these, because they are what we need to be doing to respond to the world around us, and to keep on with our efforts to help all New Zealanders harness the power of the Internet and the DNS.

DP: What challenges and opportunities do you see for the year ahead?

JC: One I’d draw attention to, as both challenge and opportunity, is the strong challenge to the global multistakeholder approach to governing the Internet issued by Emmanuel Macron and the U.N. Secretary General at last year’s Internet Governance Forum.

Both commented on the need to make “Internet Governance” more effective, to incorporate more diverse voices and perspectives, and to go beyond the talking-shop approach and into more substantive policymaking.

How we respond to that pressure is crucial. If we get it right, we can evolve multistakeholder Internet governance in a way that brings governments more on board, and is fit for the future. If we get it wrong, we risk seeing Internet policymaking disappearing into intergovernmental institutions like the ITU – and that would be bad for the Internet, and for us all.

DP: 2019 will mark 5 years since the first new gTLDs came online. How do you view them now?

JC: Personally, I’ve always been a bit sceptical. It’s good to be offering more choice, but the uptake of these domains indicates a limited appetite from consumers to be registering them. I had thought they might drive significant innovation and change in the DNS, but it does not seem to have played out that way from my perspective.

DP: Are domain names as relevant now for consumers – business, government and individuals – as they have been in the past?

JC: Domain names are still the key way for people to identify Internet resources, and for many people dear old email remains the killer app.

That said, we have a job to do to make domains easier to use (why isn’t it one-click to connect my gmail account to a domain?) and to better understand how, in the age of social media platforms, domains can evolve and keep playing a useful role.

Part of the answer to that, I suspect, lies in the field of digital identity. People are going to become more conscious of being the product when it comes to social networks. Domain names as a part of the identity ecosystem have a role to play in making sure people can keep control of their identity online.

Previous Q&As in this series were with:

  • EURid, manager of the .eu top level domain (available here)
  • Katrin Ohlmer, CEO and founder of DOTZON GmbH (here)
  • Afilias’ Roland LaPlante (here)
  • DotBERLIN’s Dirk Krischenowski (here)
  • DENIC (here)
  • Internet.bs’ Marc McCutcheon (here)
  • nic.at’s Richard Wein (here)
  • Neustar’s George Pongas (here)
  • CentralNic’s Ben Crawford (here)
  • CIRA’s David Fowler (here)
  • Jovenet Consulting’s Jean Guillon (here)
  • GGRG’s Giuseppe Graziano (here)
  • Blacknight Solutions’ Michele Neylon (here)
  • Public Interest Registry’s President and CEO Jon Nevett (here)
  • ICANN board member and founding auDA CEO Chris Disspain (here).

If you’d like to participate in this Domain Pulse series with industry figures, please contact David Goldstein at Domain Pulse by email to david[at]goldsteinreport.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.