Tag Archives: nominet

Nominet Add To The Registrar Nightmare As They Finally Announce Proposed .UK Whois Changes For GDPR Compliance

On 1 March Nominet finally announced how they’re proposing to deal with the upcoming General Data Protection Regulation, with a consultation to run until 4 April and then Nominet will have to finalise their plans with the regulation to come into place on 25 May. The situation is a nightmare for registrars who have to plan and implement changes for all top level domains impacted by the GDPR.

As EPAG’s Managing Director Ashley La Bolle told Domain Pulse (the blog) following the Domain Pulse conference in Munich in late February:
“The domain industry has been really late to the game on GDPR implementation. It’s already March and we are just beginning to see real progress regarding contractual and technical changes for the GDPR. We expect to receive a lot of last-minute changes from registries in the next couple months. Although we’re not thrilled about having to make last-minute changes to system settings, we still prefer registries to make those changes before May so we can ensure compliance.”

In case you don’t know what is the GDPR, it’s data protection regulation intended harmonise data protection laws across the EU and replace existing national data protection rules. The introduction of clear, uniform data protection laws is intended to build legal certainty for businesses and enhance consumer trust in online services. The new regulation applies to businesses within the EU, or any business in the world that collects data on European citizens, such as when someone is registering a domain name. With any data that is collected, it is imperative that those collecting the data have clear and freely given consent from the individual. Huge fines apply for any organisation contravening the GDPR of up to €20 million or 4% of the company’s global annual turnover of the previous financial year.

For the changes Nominet is proposing for .uk, as with most ccTLD registries, they have allowed the domain name registrant information, also known as Whois, to be publicly available for their domain names. However in the new proposal all registrant information will be hidden. But Nominet’s concerns don’t just deal with .uk. They also manage .wales and .cymru, and Nominet, like all other generic top level domain registries have to wait until ICANN finalise how they will resolve the issue.

We have opened a comment period from today until 4 April on our .UK proposals to comply with GDPR legislation.

In summary, Nominet proposals are as follows:

  • From 25 May 2018, the .UK WHOIS will no longer display the registrant’s name or address, unless they have given permission to do so – all other data shown in the current .UK WHOIS will remain the same.
  • For registrants who wish for their data to be published in the WHOIS, we will provide appropriate mechanisms to allow them to give their explicit consent.
  • We will continue to work in the same way as now with UK law enforcement agencies seeking further information on specific domain names via our existing data release policy and via an enhanced version of our Searchable WHOIS service, available free of charge.  Those users will have automatic access to the names and addresses we hold.
  • Any third party seeking disclosure for legitimate interests can continue to request this information via our Data Release policy, free of charge.
  • The standard Searchable WHOIS will continue to be available, but will no longer include name and contact details to ensure GDPR compliance.  Those outside law enforcement requiring further data to enforce their rights will be able to request this through our existing Data Release policy.
  • The proposed new .UK Registry-Registrar Agreement (RRA) includes a new Data Processing Annex.  This sets out terms for how we would work with our registrars when processing registrants’ personal data during the registering, renewing, transferring or managing of .UK domain names to ensure GDPR compliance.
  • The Privacy Services Framework will be replaced with recognition of a Proxy Service, within a new .UK RRA to allow registrars to offer proxy services to registrants who do not wish to have their details passed to Nominet.
  • Additionally, we propose changing the rules for the data we collect for domain names that end in second-level .uk domain registrations, such as example.uk. We will no longer require a UK ‘address for service’ bringing this into line with third-level .UK domains such as example.co.uk, example.org.uk and so on.

Further details including links to all redline copies of the relevant documentation are available here. You can find just the redline versions here. 

A webinar for Nominet members to hear more about our proposals will take place on Wednesday, 7 March from 2.00-3.00pm GMT.

These changes cover the .UK namespace. Pending outcome of ICANN discussions, and feedback from this comment period, Nominet will set out our proposed approach for GDPR compliance for .cymru and .wales domains.

Registries Aren’t Content Police, But Keeping Trust Is Reputationally Important: Domain Pulse

Registries universally said they’re not content police in a discussion on domain name take down processes involving legal counsels from the operators of 6 European registries, both generic and country code TLDs. However processes vary among the registries.

The discussion involved representatives from dotSaarland, DENIC (.de), SWITCH (.ch), SIDN (.nl), DNS Belgium (.be) and Nominet (.uk) at the Domain Pulse conference in Munich Friday, the annual event that rotates between Germany, Switzerland and Austria.

One registry that does make decisions on takedowns, or suspensions as they’re often called, and the content on the sites using the domain names, is SWITCH. Anna Kuhn explained how SWITCH was rather unusual in that they were both a registry and operated a national Computer Emergency Response Team (CERT), which gave them some additional expertise. However SWITCH still doesn’t make decisions on content, only on domain names involved in the hosting malware and phishing Combatting cybercrime, Kuhn explained, is one of the roles of the registry operator.

Volker Greimann from dotSaarland, the only new gTLD operator in the panel discussion, said .saarland is in a different position to the country code top level domain (ccTLD) registries as they have a direct contract with ICANN. Additionally, the Saarland regional government said they don’t want their new generic top level domain (new gTLD) to be a haven for crime. The gTLD for the German state has an anti-abuse rule in their terms and conditions that requires domain names to not ruin the reputation of the Saar region.

Horst explained the German registry's position of the German registry in this respect: “DENIC is not the right point of contact to which to turn when it comes to content. If DENIC were to evaluate content and delete, at its own discretion, domains through which websites with questionable content can be accessed, this would be equivalent to censorship. In a democracy based on the separation of powers, no one can seriously support law enforcement by the private sector. This philosophy of DENIC's is, by the way, also reflected by the unanimous opinion of the German courts.”

The courts, Horst explained, have always sided with DENIC’s view that they also aren’t in a position to judge on what is illegal content and that complaints should always go to the registrant if they can be contacted.

SIDN’s Maarten Simon said SIDN will never just take down a domain name and that contacting the registry should be a last resort. However Simon also noted .nl domain names are much more trusted by Dutch people than any other TLD. And that this trust is both in SIDN’s interest to protect so that internet users continue to want to visit sites using the Dutch ccTLD and businesses want to register .nl domain names. Building trust benefits SIDN’s bottom line as more .nl domain names are registered. For complaints regarding .nl domain names, there is an independent appeals board with a number of judges and professors with the expertise to deal with complaints.

Peter Vergote from DNS Belgium also noted how .be has nothing to do with judging content hosted using a .be domain name, so to get a domain name suspended a complaint has to give necessary evidence such as a court order to have a domain name taken down.

Vergote echoed Simon’s views on .nl in that DNS Belgium deeply cares about the quality of the .be zone and it’s their sincere duty to do what they can without taking unnecessary risks. While they are more active than in the past on dealing with complaints, they will never evaluate content on a website. This position has been backed by a court order from a Belgian court that states deciding illegal content is up to the courts and can’t be done by DNS Belgium. When it comes to phishing though, DNS Belgium treats this differently and will take action without a court order if they are advised from a competent body that a domain name is used for phishing.

But DNS Belgium will never take it upon themselves to suspend a domain name that’s suspected of being used for phishing because that’s a content evaluation. Additionally Vergote said a phisher is unlikely to put their correct identity in Whois. DNS Belgium suspends around a dozen domain names per month with complaints largely driven by government agencies and rarely from private individuals or organisations.

So what about the domain names that are required to be taken down, or suspended? For SIDN, Simon explained the procedure starts with a form to be completed on the SIDN website where the complainant explains why the domain name should be taken and what they’ve done to date to complain. If the complaint is clear cut SIDN will go to the registrar and get the domain name taken down. SIDN receives about 20 requests per year and take down one, maybe 2, each year out of the 5.8 million .nl registrations.

Nominet’s Wenban-Smith commented on the futility of removing or suspending a domain name because even if they do, the content still exists. Nominet doesn’t allow child abuse or content that promotes criminal activity on .uk domain names. But Nominet doesn’t make decisions on what is illegal content but does cooperate with those who can such as law enforcement. For those wishing to make complaints, Nominet doesn’t take requests from those outside the UK. In 2017 Wenban-Smith said Nominet suspended 16,000 .uk domain names in 2017.

Nominet Shows What One Day of .UK Looks Like

Ever wondered what a day in the life of the internet looks like? Nominet has sought to answer that, looking at the .uk’s virtual visitors across just one day, the 5 April 2017, using powerful analytics tools they have built in-house to monitor the UK registry.

To get closer to actual visitors, as opposed to machine-to-machine traffic, Nominet filtered the data using Alexa Top Sites as it’s a list compiled based on visits from web browsers and so will tend to favour humanly-driven traffic over infrastructure lookups. The traffic seen in their animation is created from authoritative DNS queries to .UK domains over 24 hours. The source of the queries is the location of the IP address that the query came to us from – this is likely to be the ISP provided resolver rather than the actual client. In reality, the destination of the query is one of Nominet’s servers which are distributed worldwide, however to simplify the visualisation they have made the destination the location of the domain owner.

Across the day, you can see visits from right across the globe, from Buenos Aires to Tokyo, with the largest number coming from the US, followed by Germany and France. All in all, our infrastructure handled 2.2 billion DNS queries over the course of that day, hitting 37k queries per second at its lunchtime (GMT) peak.

The analytical tools the .uk country code top level domain (ccTLD) manager has developed can do far more than just create cool videos. They are used to constantly evolve and refine our processes and systems to best serve users of the .UK domain. Using this phenomenal power to analyse the DNS, one of the fundamental protocols of the internet, is the bedrock of the cyber security services Nominet says they provide to clients, helping them to monitor their networks for suspicious activity, and identify specific threats and trends.

.UK Domains Suspended for Criminal Activity Doubles to 16,632 in 12 Months

The number of .uk domain names suspended due to being used for criminal activity has doubled, again, in the year to 31 October according Nominet.

Nominet suspended the 16,632 domain names for the United Kingdom’s country code top level domain (ccTLD) following notification from the police or other law enforcement agencies that the domain is being used for criminal activity. The suspensions represented around 0.14% of the more than 12 million .UK domains currently registered.

“A key part of our role in running the .UK internet infrastructure is to ensure that .UK is a difficult space for criminals to operate in,” said Russell Haworth, Nominet’s CEO. “The upward trend in suspended domains confirms that increasingly criminals seek opportunities online, but also shows how our cooperation with the law enforcement community and our expertise in network analytics helps tackle this problem thanks to the established processes and cyber security tools we have in place.”

The number of suspensions is an increase on the 8,049 suspensions over the preceding 12 month period. Nominet is now collaborating with ten organisations and received requests from seven of these reporting agencies including, for the first time, requests from DEFRA – Veterinary Medicines Directorate. The Police Intellectual Property Crime Unit (PIPCU) which processes and co-ordinates requests relating to IP infringements from nationwide sources is the main reporting agency with over 13,500 requests (almost double year on year), followed by the National Fraud Intelligence Bureau (NFIB) and Trading Standards.

The number of requests that didn’t result in a suspension was 32 – half the number for the previous year. Reasons for domains not resulting in suspension include the domain name already being suspended by the Registrar or being transferred to the IP rights holder as a result of a court order in the meantime.

The number of suspensions that were reversed was 15. A suspension is reversed if the offending behaviour has stopped and the enforcing agency has since confirmed that the suspension can be lifted.

The report also provides an update on domains suspended and blocked under Nominet’s offensive names policy, introduced in May 2014. Almost 3,500 domains were flagged for potential breach of the offensive names policy for the period, and two suspensions were made.

An infographic detailing more of the suspensions is available here [pdf] with full details of the report.

EURid Wins Registry of the Year at 2017 CENTR Awards

Eurid, the .eu registry operator, has won Registry of the Year at the 2017 CENTR Awards held in Brussels. This was the first year Registry of the Year has been awarded and was voted on by registrars with 105 participating in the survey with CENTR saying there was a tight race for the winner.

In a statement EURid said:
“It’s not only an honour and privilege to have won the award itself, but a testament to our incredible registrar community, who made it possible to win the award in the first place. We greatly appreciate their dedication and support towards our TLDs and initiatives.

“Additionally, this achievement couldn’t have been met without our wonderful community, utilizing both the .eu and .ею extensions, who make up Europe’s diverse online sphere.”

CENTR_awards_winners_2017

During the ceremony, the finalists in each of the five categories presented short videos of their projects or people that were nominated. The evening was a great opportunity to showcase inspiring projects and teams that truly make a difference in the online world and to demonstrate the great spirit of collaboration that gives life to the CENTR community.

This year’s CENTR Awards winners are:

  • Marketing Campaign Excellence Category: .CA Product Marketing team for its brand awareness and lead generation campaign (CIRA)
  • Safe and Sound DNS Category: Barbara Povše (Registry.si) & Bert Ten Brinke (SIDN) for the project “Security for Registry.si”
  • Greater Online Good Category: DENIC's source code donation to the Mozilla foundation to support IDNA 2008 in Firefox and Thunderbird
  • Above and Beyond Innovation Category: UK Domain Categorisation (Nominet data team)
  • Contributor of the Year Category: Annebeth Lange (Norid)
  • Registry of the Year Category: EURid (.eu)

CENTR is the association of European country code top-level domain name registries. CENTR’s main purpose is to provide its members with a forum for exchange of information.

Your correspondent was a Jury member for the 2017 CENTR Awards.

auDA Ignores Their Stakeholders With Echoes of Nominet Debacle a Decade Ago

It’s looming as a battle that has echoes of a few others. There’s the current battle between the powers that be at Cricket Australia and the cricketers. And there was the battle between members and management at Nominet a decade ago. And now there’s another battle that’s been going for a few months now. auDA is defying its members, ignoring their constitution and trashing transparency and accountability. Nominet lost the battle, Cricket Australia is so far losing the battle and auDA is digging in hoping it doesn’t follow.

auDA logoComing up for auDA is a member vote to sack the Chair Stuart Benjamin. The result will be known Monday after a Special General Meeting called by members. But no matter what happens, there are plenty of members that will remember how the auDA management and some board members have ridden roughshod over them.

auDA has continued to defy its members. It ignores their wishes for accountability and transparency, deleting historical documents such as meeting minutes from their website, which were only reinstated after a successful Freedom of Information request by former board member. One would have to question what auDA is trying to hide? Is it that auDA historically has been accountable and transparent to its members and stakeholders and the new CEO, Chair and a few board members have something to hide, either now or in the future?

Questions are asked of auDA, especially by fellow auDA member Ned O’Meara who also writes the domainer.com.au blog. But all he gets is auDA trying to obfuscate, and even lie, about what’s going on. Things are so dire at auDA that in the last xx months, 12 of the 14 staff members have either left or been sacked with suspicions staff leaving have been paid to keep quiet.

These sort of things have happened before at a country code top level domain (ccTLD) registry. A decade ago it was Nominet, the .uk ccTLD registry.

For Nominet, the UK government became so aggrieved by the risk to the stability of the .uk registry, as Kieren McCarthy wrote back in 2010, it inserted a number of clauses in the Digital Economy Bill giving the government “a number of reserve powers to take over the dot-uk registry if it thinks the situation warrants it.” As with Nominet back in 2007, members were aggrieved, particularly as their concerns weren’t being listened to. At the time McCarthy wrote of how the registry put a number of changes forward to a vote of members, members of its advisory board revolted and Nominet relented putting “forward only the two changes that have proven most popular with its members” at “its second extraordinary general meeting in a year.” During the Nominet debacle, “several members of Nominet's Policy Advisory Board started raising concerns over some of the changes. One, Hazel Pegg, even set up a website to outline her concerns in which she urges Nominet members to vote 'no'.”

The Pegg website was not unlike the grumpy.com.au site for auDA member dissatisfaction outlining 4 resolutions members wanted put to a vote. However auDA took “legal advice” that said the first 3 were not valid, only the fourth, to oust Chair Stuart Benjamin was allowed to proceed. The 3 resolutions blocked related to putting historical minutes, agendas and annual reports back online, a review and vote on by members of a Code of Conduct that was imposed without consultation and whether auDA was able to operate a wholesale registry.

So the auDA debacle of 2017 has echoes of the Nominet debacle of 2007, and even Cricket Australia. Ignore your stakeholders at your peril.

Nominet Sees 0.0074% of .UK Domains Disputed in 2016 as 3rd Level Registrations Drop, 2nd Level Rise

Nominet saw a small drop in complaints in 2016, with 25 fewer complaints for the 12-month period than in 2015. The 703 complaints related to 785 domain names, according to their 2016 annual summary of domain name disputes brought before its Dispute Resolution Service (DRS). The disputed .uk domain names in 2016 were 0.0074% of all domain names under management (DUM), or registrations.

In the same period total registrations dropped marginally by 44,882 from 10,637,764 at the end of 2015 to 10,592,882, or 0.4219%. Interestingly, and not unexpectedly, third level .uk registrations have been shrinking (from 10,140,436 to 9,972,226) while second level registrations have been growing (from 497,328 to 620,656) in the same 12-month period.

Of the complaints, over half resulted in a domain transfer, which was the same as the previous year (53%). 2016 also saw a 10% increase in the number of summary decisions made by DRS independent Experts, who support the DRS by giving their time and professional expertise to help resolve disputes when needed.

“While only a small proportion of domain names overall – 0.0074% of the .UK register – resulted in a dispute in 2016, the DRS continues to provide an efficient and cost effective way of resolving those that do arise,” said Russell Haworth, Nominet’s Chief Executive. “In fact, we should not underestimate the value of the service as £7million could have been saved on legal fees last year alone, thanks to the efficient process in place and the many volunteer Experts who generously offer their time and expertise.”

Brands such as Facebook Inc, O2 Worldwide, Jaguar Land Rover Limited, Virgin Enterprises Limited, JD Sports Fashion Plc and Anne Summers Ltd used the DRS in 2016.

Other users of the service included Brighton & Hove Albion Football Club, The National Council For Voluntary Organisations, the National Council For The Training Of Journalists, Wembley Primary School and PAGE, a campaign against gravel extraction in South Oxfordshire.

Nominet provided a number of statistics on the 2016 disputes:

  • In 2016 there were 5 appeals, with 4 original decisions being upheld. One appeal overturned a No Action decision to a Transfer decision.
  • The most common industries were automotive and Internet (14 each); retail (12); software and sports (7 and 6 respectively).
  • The year saw cases brought by complainants from 28 different countries, led by the UK (570) followed by the US (46), France (13) and Germany (10). Respondents were widely dispersed, coming from 35 different countries. Again, the UK leads with 570 respondents, with the US second (22) and St Kitts and Nevis third (16).
  • Mediated cases by Nominet took an average of 47 days to resolve in 2016, compared with 41 days in 2015, and 47 days in 2014. Cases being resolved by an Expert decision also took slightly longer to close than in 2015.
  • The majority of cases (91%) involved .co.uk domain names, with 4% of cases involving a .org.uk domain. The .uk domain names, launched in June 2014, made up 4% of cases in 2016, an increase on the 3.5% in 2015 and 1.6% from 2014.

“Almost 12,000 Complaints have been made to the DRS since 2001 with more than half of these resolved between the parties directly, through mediation, or an Expert. With millions of small businesses and individuals now in possession of a domain, it’s also important to bear in mind that the DRS recognises a wider class of rights than simply trademarks,” said Nick Wenban-Smith, General Counsel at Nominet. “So, if someone has the rights in a name which is the same as or similar to a .UK domain name they are concerned about and they can provide proof that the domain name has been registered or used in a manner that has or might cause unfair detriment, then the DRS is a good first port of call to address those concerns.”

 

MMX Reveals $7.1 Million Investment By Chinese

MMX, or Minds + Machines, certainly sees a bright future in China. In an announcement to the London Stock Exchange Tuesday, the company announced a Chinese investment company based in the tax haven of the Cayman Islands will be buying £5.5 million ($7.1m) worth of shares in the new generic Top Level Domain company.”The first half of the year has been transformational for MMX with the Company achieving its stated goals of transitioning into a lean pure-play registry business, able to operate incisively across three time-zones and, more importantly, crossing-over into operating profitability for its ongoing operations, a transition which is ahead of management’s expectations,” said Toby Hall, CEO of MMX, in a statement. “As underlined by our H1 success in China, both the industry as a whole and MMX itself have reached an inflexion point where the historic excitement surrounding new gTLDs is now beginning to be reflected by tangible results and meaningful progress. China and the Far East are leading the way and MMX has demonstrated it can and will continue to play a meaningful role in this region and the gTLD market as a whole.”Given the continued strength of our cash balances and the strong performance of our ongoing operations in H1, the Board is therefore delighted to also announce today a tender offer for 100,000,000 ordinary share at 13 pence as well as the private subscription for 42,307,692 Ordinary shares at 13 pence by Goldstream Capital Master Fund I, advised by Goldstream Capital Management Limited, a private fund incorporated in the Cayman islands which is wholly owned by Hony Capital, a leading Chinese equity investment company. The Company is confident that Goldstream and Hony will be able to greatly assist MMX’s long term plans in China and the wider Asia region.”The executive management team is optimistic for the outcome of the year as a whole as we continue to stream-line operations, outsourcing where possible and investing in sales and marketing as appropriate. We remain excited about the medium and long term prospects for 2017 and beyond across our three markets of focus: Asia, Europe and the US.”MMX also reported strong earnings growth with billings for the first half of 2016 increasing over 300 percent to US$8.05 million (H1 2015: US$2.0 million) significantly helped by the successful launch into China in the period. Also in the first half of 2016, revenues doubled to US$7.4 million (H1 2015: US$3.6 million).MMX is also in the process of migrating technical back-end services onto Nominet’s platform. Nominet is the registry for .uk and also provides registry services for .wales and .cymru.MMMX provides backed registry services for ten new gTLDs, the largest of which is .vip which has 460,000 domain names registered, totalling 584,000 domains according to nTLDstats.com. It also operates 26 new gTLDs, including .vip.

Nominet Publishes New Generic Top Level Domains Map

Nominet, the registry best known for .uk and now also .wales and .cymru, has published an interesting map of new generic Top Level Domains showing the top 250 new gTLDs that are publicly available, and selected others such as brands that aren’t.The map of gTLDs are linked according to type such as by geography or interest by a map based on the London Underground giving registrants and potential registrants the opportunity to see linked the options that may be available to them.The map is also available to download in pdf format from:
http://www.nominet.uk/wp-content/uploads/2016/08/nTLD-tube-map.pdfNominet Map of New gTLDs

Nominet Announces Changes To .UK Dispute Resolution Service Policy And Procedure

Nominet dotUK logoNominet Friday published a revised Dispute Resolution Service (DRS) Policy following the comment period earlier this year. The new Policy will apply to all complaints filed from 1st October 2016.

The DRS is Nominet’s mediation-based process for resolving disputes between parties over the registration or use of .UK domain names. The DRS aims to provide a clear, quick and cost-effective process outside of the formal court system which facilitates an amicable resolution between the parties where possible, and which is accessible and fair to both those complaining and domain name registrants.

The new DRS Policy along with some analysis and feedback on the comments that were made can be found here. A document showing the changes made to the proposed draft in response to comments has also been published.