A couple of reports from the people behind .nz have shown the impact of COVID-19 (coronavirus) on New Zealanders and their internet use in recent months. Statistics for .nz shows increased DNS activity, including a surge in registrations that has taken registrations to close to 715,000.
New Zealand’s Domain Name Commission (DNC) had their third victory in three appearances in their ongoing court battle with DomainTools, the latest being in March. DomainTools had appealed three claims, following losing their first appeal, but won only one, while the DNC won the remaining two, with consideration being given by the DNC to appeal the remaining claim. It is a battle over whether a top-level domain registry protect the privacy of their registrants. As Jordan Carter, InternetNZ’s CEO, told the Goldstein Report back in March 2019, “this test case will be significant for protecting the privacy rights of .nz registrants in the .nz domain name space and it is likely to have an impact on other ccTLDs and the wider industry.” It seems that the privacy rights of .nz registrants has been protected.Continue reading .NZ Gets Another Victory In DomainTools Battle Over registrant Privacy Rights
Today [Monday] InternetNZ is launching our #ShopSafeNZ campaign hoping to raise awareness about safer online shopping experiences for Kiwis. We’ll be campaigning in the lead up to the holiday season and retail sales from 25 November – 1 January 2020.
Check the campaign’s website at fakewebshop.nz, learn how to recognise a fake online store, spread the word to protect your whānau, friends and workmates.
Keeping .nz trusted, safe and secure is our priority. It’s crucial for small businesses that have a .nz domain name and everyday New Zealanders who choose to shop online.
In 2019, the Domain Name Commission has suspended or cancelled more than 5000 domain names for fake registration details. Many of these suspensions or cancellations were for domain names associated with fake webshops. Our fake webshop algorithm co-designed with InternetNZ research team also flags 5-35 domain names a week for validation checks.
Opportunists who register a .nz domain name for a short period of time or grab an expired domain name to build a fake webshop are becoming more frequent. It can cost everyday New Zealanders in many ways: money loss, personal data robbery and destroyed trust in online shopping.
The Internet is awash with stories of payments made and goods not received, goods that don’t match the offer, or no ability to return items.
Most people won’t be able to spot a phantom online store and we hope the #ShopSafeNZ educational campaign will make it easier for people to recognise fake webshops.
What we know is:
- many people are motivated to shop online to get a good bargain
- tag lines like ‘super discount’, ‘80% off’ are common tactics used by fake webshop owners to draw a shopper to a particular online store
- it can be hard to see the telltale signs that if an offer is too good to be true it probably is
- if you buy from a fake webshop you may get more than you bargained for – credit card and personal data loss, to begin with.
We invite you to shop safely online this holiday season, New Zealand. Together we can keep the .nz domain name space trusted and secure. Start with visiting fakewebshop.nz – click on the gingerbread icons on the home page and learn the most common warning signs of fake webshops. And then… happy holiday online shopping!
This post by the NZ Domain Name Commissioner, Brent Carey, was sourced with permission from the InternetNZ website. The original version was published here.
An independent review into the body responsible for regulating New Zealand’s ccTLD, the Domain Name Commission, has found “there is much for current and past DNCL staff to be proud of” and that it “is a sound and competent regulator of the .nz space.”
It’s the first regulatory review into the Domain Name Commission and was undertaken over 2018-2019 by independent reviewer David Pickens and was published Thursday. It’s a far cry from New Zealand’s neighbours Australia where a government review published in April 2018 found “urgent reforms are necessary” and that auDA’s “current management framework is no longer fit-for-purpose and reform is necessary if the company is to perform effectively and meet the needs of Australia’s internet community.”
The independent reviewer found DNCL staff are well regarded for their achievements, and there is much optimism with respect to where the DNCL is heading.
One of the findings of the report is “against the theory of regulatory standards and enforcement theory, the evidence available to the review and from the interviews, the DNCL is a sound and competent regulator of the .nz space. It is highly regarded internationally and operates absent many of the handicaps other TLDs contend with. With small exceptions, the .nz policies and the enforcement of those standards were viewed as appropriate.”
The report notes that “overwhelmingly, the response from the DNCL’s stakeholders was positive, with one exception… The majority offered no or minor criticism only. Favourably commented upon were the people, culture, systems and comparative international performance.”
The one exception was criticism of how the DNC deals with domain name abuse but even here there were diverging views with criticism not coming from all respondents.
“All regulators and a number of other stakeholders felt the DNCL needed to more actively reduce opportunities for domain name abuse. Harm was being perpetrated that the DNCL was uniquely positioned to stop, New Zealand was now out of step with international developments, there was a growing risk to integrity and confidence in the .nz space and legal and political risks to the DNCL was growing. Nearly all, however, acknowledged the DNCL appeared more open to debating and moving towards a more proactive role, and its recent efforts were supported.”
With this though there were “a significant number of people who supported the status quo, arguing policing this activity was not the DNCL’s responsibility and that comparatively New Zealand performed well. It was also argued greater policing efforts would be costly and generate little benefit.”
One key weakness identified during interviews was “the absence of well-developed indicators allowing comparison of the DNCL’s performances with comparable entities overseas.”
“This has been a huge amount of work for Mr Pickens, and we thank him for the thought-provoking report,” said DNCL Chair Jordan Carter.
“Since the Domain Name Commission was established in 2002 to regulate the .nz online space, the .nz space has evolved. In today’s online era, the .nz domain is at the heart of New Zealand’s distinctive online world.”
The Domain Name Commissioner Brent Carey welcomed the review findings saying “Mr Pickens’ recommendations will help to ensure we are keeping pace with modern self-regulatory challenges”.
“The Commission and InternetNZ will be looking to work with others to equip us with the right relationships and tools to help us keep .nz fair and safe for everyone.”
There were a number of recommendations made by Pickens including that “the DNCL should view itself more as a competitor against other TLD administrators and regulators,” “to explore the utility of a comprehensive information disclosure regime to drive better performance across registrars in the .nz space”, to collect and disseminate performance data, “seek international co-operation”, “rescinding the current market concentration policies” and to collect market concentration information “with respect to the abuse of market power by registrars”.
In responding to the report, the DNCL have “already commenced the implementation of some of the recommendations and will continue to incorporate the report’s findings and recommendations in its priorities.”
Additionally, the DNCL “have identified several improvement areas including, process improvement, delivery capability, emerging policy considerations, stakeholder relationship management and enforcement and compliance.”
Of the 15 recommendations in the report, the DNCL note they either fully support or support in principle every one of them.
The Commission has published the full final review along with its response to the recommendations. For the report, Pickens conducted 23 interviews with DNC stakeholders, current and past staff, Board members, staff of the other two main players in the .nz space (InternetNZ and the Registry), Government and self-regulators and registrars. Specialists from overseas and those delivering the Disputes Resolution Service were also interviewed. Registrants were sought out, although many interviewed were .nz registrants.
New Zealandâs Domain Name Commission is seeking input to review how dispute resolution services for .nz are handled. Theyâre asking interested parties to tell them what type of dispute services should be available from the DNC.
To help provide background, the DNC has compiled a consultation paper [pdf]that examines how other jurisdictions have tackled the same or similar problems, what constitutes best practice and possible options for resolving domain name disputes more efficiently and effectively into the future.
The consultation is steering clear of making in-line changes to its existing dispute resolutions policy framework. Rather, its focus is on dispute resolution as a âserviceâ offering and asking open questions about what types of services, how might they be delivered, for whom and by whom and what processes might be needed to support the delivery of speedy, independent, fair and efficient digital justice.
Itâs not that the number of disputes for New Zealandâs country code top-level domain are high. There have been 300 disputes since the existing dispute resolution service was introduced in 2006, and according to the DNCâs 2017/18 annual report there were 22 valid complaints received during the 12-month period with 6 going to mediation and 3 reaching settlement. However, closer inspection by the DNC revealed that 4 of the disputes validly lodged last year did not progress any further, because of unpaid fees. The reason for this lack of progression is unknown.
So the DNC wants to know if their processes are putting stakeholders off. The consultation paper also notes 6 further complaints, (more than a quarter) were never responded to by the registrant, voiding the Complainantâs access to cost-free mediation and making a fee payable for an Expert Determination. In the context of the overall total number of disputes made each year, the DNC notes these numbers are significant. In each case, the determination resulted in the disputed domain name being transferred to the Complainant. Arguably says the DNC, that is unfair to the Complainant. Other jurisdictions faced with the same circumstances either grant a discount (Canada) or give the option of a summary judgment (UK). Similar to the .uk model, .za (South Africa) makes use of a process called a âSummary Decision.â If a registrant does not submit a response, the adjudicator must decide the matter based on the dispute contemplated in regulation and issue a summary decision.
The consultation could be a world first among top-level domain registries and will examine current procedures, fees, whether there are barriers to lodging disputes, ensuring natural justice is met, what innovation is possible such as utilising Blockchain technologies and artificial intelligence. The consultation paper also looks at tightening point of registration controls to lower the risk of a complaint occurring and providing âwithout prejudiceâ early indicative judgements.
There are 4 ways for anyone interested to make a submission: to submit a response to their consultation paper by 19 July, to complete an online survey that should take around 5 to 10 minutes, attend one of 2 6 hour workshops to be held in Wellington (24 July) and Auckland (26 July) or an online brainstorming exercise from 3 July.
For more information, see the Domain Name Commissionâs Dispute Resolution Review page here.
New Zealand’s Domain Name Commissioner has been sharing its expertise both in New Zealand and among a couple of Pacific countries, signing 4 Memorandums of Understanding, the latest announced this week with Papua New Guinea’s ccTLD manager.
Previous MoUs have been with CERT NZ, The Telecommunications and Radiocommunications Regulator of Vanuatu and the Digital Safety Directorate in NZ’s Department of Internal Affairs.
In the latest MoU [pdf] with the Department of Information Technology of the Papua New Guinea University of Technology, who manages the country’s country code top level domain (ccTLD) .pg, the DNC will collaborate and cooperate on rules and regulations, dispute resolution, consumer protection and any other issues that emerge.
It appears registrations of .pg domain names are restricted to Papua New Guinea entities with com.pg and net.pg domain names requiring proof they’re for bona fide PNG businesses. Other second level .pg domain names available for registration include org.pg, gov.pg and ac.pg.
The DNC is a body appointed by InternetNZ, who is delegated to manage .nz, to develop and monitor a competitive registrar market, as well as create a fair environment for the registration and management of .nz domain names.
Recently the DNC has been seeking feedback on its first Independent Review, giving New Zealanders and anyone else that’s interested an opportunity to have their say on how the Commission can best serve the sellers, buyers and service providers in the .nz domain name industry and how the Commission should represent itself at international fora alongside InternetNZ. Consultation closes on 6 June.
.NZâs Domain Name Commission has published its monthly update for October with news on its Domain Name Abuse Forum in November and that it is currently seeking submissions as part of their Framework Policy Review 2018.
The Domain Name Abuse Forum next month has Justice Minister Andrew Little opening the event. Numbers are restricted to 100 people for this free, one-day event bringing together lawyers and law enforcement, internet safety and security experts, government departments, academics and more. Attendees will work together to identify issues surrounding domain name abuse, understand the issues more clearly, and identify the best course of action to deal with these challenges.
InternetNZ is currently seeking submissions as part of their .nz Framework Policy Review 2018. The .nz Framework Policy requires updating to reflect the new structure implemented as part of the Organisational Review of 2017. Roles and responsibilities previously assigned to NZ Registry Services in the old organisation structure need to be reassigned to InternetNZ. The review is technical in nature and does not extend to the principles underpinning the operation of .nz.
In other news for New Zealandâs country code top level domain (ccTLD) manager, thereâs an update on InternetNZâs participation at ICANN63 in Barcelona where Jordan Carter was elected as the Asia-Pacific representative on the CCNSO Council that had thus far been held by former Domain Name Commissioner Debbie Monahan. Thereâs also an update on ICANN63 that InternetNZ staff attended, including the Government Advisory Committeeâs (GAC) biannual High Level Government Meeting Session. The ccNSO meeting received updates from various working groups, including one on the retirement of ccTLDS. âThe group achieved consensus on the process to retire a ccTLD. The trigger event is the removal of the ccTLD from the ISO 3166-1 list. The group agreed that the subsequent retirement period before removal from the root zone should be in the range of 3-10 years following the trigger event.â
Thereâs also updates on Domain Name Commission staff attending The Crossroads Conference 2018 in Auckland that brought together local and international experts, and focused on putting the online safety sector ahead of the technology curve. Attendees heard presentations on a range of topics based around promoting online safety, disrupting online harm, and protecting and educating children. Plus InternetNZâs inaugural digital annual report was shortlisted year in the annual report category of the Plain English Awards.
The October DNC Newsletter is available in full from:
New Zealand’s Domain Name Commission this week won a motion for preliminary injunction in a US court [pdf] to prevent DomainTools from accessing .nz’s Whois details and downloading the information into their own database.
The DNC, whose role they describe as being to develop and monitor a competitive registrar market, as well as creating a fair environment for the registration and management of New Zealand’s country code top level domain, comes under the InternetNZ umbrella. They viewed the victory as important for the .nz domain name space and for domain name holders wanting to keep some of their personal details from public view. It also strikes a precedent for other registries wanting to keep registrant data private.
The preliminary injunction prevents DomainTools from “sending ‘high volume’ queries, “accessing the .nz Register ‘in bulk’”, “storing or compiling register data”, “publishing historical or non-current versions of the register data; and publishing register data in bulk.”
In the leadup to the decision, in November 2017 the DNC allowed individual registrants who are not in trade to choose to withhold their phone number and contact address from publicly appearing in the domain registrant search (Whois). Earlier this year, this became mandated. More than 20,000 domain names have already taken up the privacy option.
Domain Name Commissioner, Brent Carey, says winning this lawsuit is good news for .nz domain name holders and their privacy.
“The ruling allows the Commission to continue balancing online accountability with respect for individual privacy. The ruling temporarily puts to an end DomainTools’ bulk harvesting of .nz domain holders’ personal information and selling that data for a profit.
DomainTools argued that this lawsuit may cause an avalanche of litigation as other registries attempt to protect the privacy of their registrants – and Judge Lasnik stated they may be correct.
“We look forward to presenting our full case to the Court, as we seek to permanently prevent DomainTools from ever building a secondary .nz database offshore and outside the control of the Domain Name Commission,” says Carey.
In court, DomainTools requested $3.5 million (over NZ$5m) in bond to compensate for reworking database files to ensure that .nz data is not provided to its customers. However, the judge ruled that a nominal bond of only $1,000 (NZ$1,500) is required.
Over 22,000 individuals with .nz domain names have chosen to have the Individual Registrant Privacy Option (IRPO) applied, New Zealandâs Domain Name Commissioner has revealed in their August update.
The DNC notes this reflects a significant shift in online spaces more generally, with many users taking a stronger approach to privacy online. In the .nz domain name space, the DNC notes itâs critical to strike the right balance between fostering transparency and accountability, while enabling users to take control of their privacy. The IRPO was designed to do just that.
The DNC reminds that not all .nz registrants qualify to use IRPO, and misuse of the service is something that the DNC will be looking at in greater detail in the coming months. Eligibility is limited to:
- an identifiable individual (i.e., not a company or organisation), and
- not using the domain name to any significant extent in trade.
As a result of the implementation of the General Data Protection Regulation, there has also been seen an increase in the use of third-party privacy options and proxy services. These are not permissible under .nz policy. The DNC will be addressing the use of these services by working with the providers offering these.
For the complete August update, which also provides updates on International Outreach, the latest Board meeting, a Registrar Advisory Group meeting, Making .nz safe, trusted and secure, NetHui dates and the development of a strawman Cyber Security Strategy by the National Cyber Policy Office, see:
New Zealand’s Domain Name Commission and CERT NZ announced this week an agreement to share some domain registration information to help enhance cyber security in the land of the long white cloud. Continue reading NZ’s Domain Name Commission and CERT To Share Domain Registration Information to Enhance Cyber Security