InternetNZ has moved to make New Zealand’s internet a little safer with their announcement Tuesday their security product, Defenz DNS Firewall, is now consuming CERT NZ’s local threat feed.
InternetNZ is seeking to ‘Reimagine the future of .nz’ with the release of a weighty (should you print it) Options Report from their .nz Policy Advisory Panel. The report seeks feedback on .nz’s guiding principles (trusted, safe and secure, open and accessible and for all New Zealanders), whether it should be more engaged with Māori and people from culturally and linguistically diverse backgrounds, should .nz eligibility be tightened, registrant privacy, conflicted domain names and much more.
New Zealand’s Domain Name Commission has launched a guide targeted at the insolvency industry to give them some information to help them with the domain names of companies placed in liquidation, the organisation announced in their latest monthly newsletter.
InternetNZ announced this week its new cybersecurity product, Defenz Domain Name System (DNS) Firewall, is available for a free four-month trial.
A couple of reports from the people behind .nz have shown the impact of COVID-19 (coronavirus) on New Zealanders and their internet use in recent months. Statistics for .nz shows increased DNS activity, including a surge in registrations that has taken registrations to close to 715,000.
Today [Monday] InternetNZ is launching our #ShopSafeNZ campaign hoping to raise awareness about safer online shopping experiences for Kiwis. We’ll be campaigning in the lead up to the holiday season and retail sales from 25 November – 1 January 2020.
Check the campaign’s website at fakewebshop.nz, learn how to recognise a fake online store, spread the word to protect your whānau, friends and workmates.
Keeping .nz trusted, safe and secure is our priority. It’s crucial for small businesses that have a .nz domain name and everyday New Zealanders who choose to shop online.
In 2019, the Domain Name Commission has suspended or cancelled more than 5000 domain names for fake registration details. Many of these suspensions or cancellations were for domain names associated with fake webshops. Our fake webshop algorithm co-designed with InternetNZ research team also flags 5-35 domain names a week for validation checks.
Opportunists who register a .nz domain name for a short period of time or grab an expired domain name to build a fake webshop are becoming more frequent. It can cost everyday New Zealanders in many ways: money loss, personal data robbery and destroyed trust in online shopping.
The Internet is awash with stories of payments made and goods not received, goods that don’t match the offer, or no ability to return items.
Most people won’t be able to spot a phantom online store and we hope the #ShopSafeNZ educational campaign will make it easier for people to recognise fake webshops.
What we know is:
We invite you to shop safely online this holiday season, New Zealand. Together we can keep the .nz domain name space trusted and secure. Start with visiting fakewebshop.nz – click on the gingerbread icons on the home page and learn the most common warning signs of fake webshops. And then… happy holiday online shopping!
This post by the NZ Domain Name Commissioner, Brent Carey, was sourced with permission from the InternetNZ website. The original version was published here.
An independent review into the body responsible for regulating New Zealand’s ccTLD, the Domain Name Commission, has found “there is much for current and past DNCL staff to be proud of” and that it “is a sound and competent regulator of the .nz space.”
It’s the first regulatory review into the Domain Name Commission and was undertaken over 2018-2019 by independent reviewer David Pickens and was published Thursday. It’s a far cry from New Zealand’s neighbours Australia where a government review published in April 2018 found “urgent reforms are necessary” and that auDA’s “current management framework is no longer fit-for-purpose and reform is necessary if the company is to perform effectively and meet the needs of Australia’s internet community.”
The independent reviewer found DNCL staff are well regarded for their achievements, and there is much optimism with respect to where the DNCL is heading.
One of the findings of the report is “against the theory of regulatory standards and enforcement theory, the evidence available to the review and from the interviews, the DNCL is a sound and competent regulator of the .nz space. It is highly regarded internationally and operates absent many of the handicaps other TLDs contend with. With small exceptions, the .nz policies and the enforcement of those standards were viewed as appropriate.”
The report notes that “overwhelmingly, the response from the DNCL’s stakeholders was positive, with one exception… The majority offered no or minor criticism only. Favourably commented upon were the people, culture, systems and comparative international performance.”
The one exception was criticism of how the DNC deals with domain name abuse but even here there were diverging views with criticism not coming from all respondents.
“All regulators and a number of other stakeholders felt the DNCL needed to more actively reduce opportunities for domain name abuse. Harm was being perpetrated that the DNCL was uniquely positioned to stop, New Zealand was now out of step with international developments, there was a growing risk to integrity and confidence in the .nz space and legal and political risks to the DNCL was growing. Nearly all, however, acknowledged the DNCL appeared more open to debating and moving towards a more proactive role, and its recent efforts were supported.”
With this though there were “a significant number of people who supported the status quo, arguing policing this activity was not the DNCL’s responsibility and that comparatively New Zealand performed well. It was also argued greater policing efforts would be costly and generate little benefit.”
One key weakness identified during interviews was “the absence of well-developed indicators allowing comparison of the DNCL’s performances with comparable entities overseas.”
“This has been a huge amount of work for Mr Pickens, and we thank him for the thought-provoking report,” said DNCL Chair Jordan Carter.
“Since the Domain Name Commission was established in 2002 to regulate the .nz online space, the .nz space has evolved. In today’s online era, the .nz domain is at the heart of New Zealand’s distinctive online world.”
The Domain Name Commissioner Brent Carey welcomed the review findings saying “Mr Pickens’ recommendations will help to ensure we are keeping pace with modern self-regulatory challenges”.
“The Commission and InternetNZ will be looking to work with others to equip us with the right relationships and tools to help us keep .nz fair and safe for everyone.”
There were a number of recommendations made by Pickens including that “the DNCL should view itself more as a competitor against other TLD administrators and regulators,” “to explore the utility of a comprehensive information disclosure regime to drive better performance across registrars in the .nz space”, to collect and disseminate performance data, “seek international co-operation”, “rescinding the current market concentration policies” and to collect market concentration information “with respect to the abuse of market power by registrars”.
In responding to the report, the DNCL have “already commenced the implementation of some of the recommendations and will continue to incorporate the report’s findings and recommendations in its priorities.”
Additionally, the DNCL “have identified several improvement areas including, process improvement, delivery capability, emerging policy considerations, stakeholder relationship management and enforcement and compliance.”
Of the 15 recommendations in the report, the DNCL note they either fully support or support in principle every one of them.
The Commission has published the full final review along with its response to the recommendations. For the report, Pickens conducted 23 interviews with DNC stakeholders, current and past staff, Board members, staff of the other two main players in the .nz space (InternetNZ and the Registry), Government and self-regulators and registrars. Specialists from overseas and those delivering the Disputes Resolution Service were also interviewed. Registrants were sought out, although many interviewed were .nz registrants.
The Independent Review can be downloaded here [pdf] and the Domain Name Commission’s response is available here [pdf].
.NZâs Domain Name Commission has published its monthly update for October with news on its Domain Name Abuse Forum in November and that it is currently seeking submissions as part of their Framework Policy Review 2018.
The Domain Name Abuse Forum next month has Justice Minister Andrew Little opening the event. Numbers are restricted to 100 people for this free, one-day event bringing together lawyers and law enforcement, internet safety and security experts, government departments, academics and more. Attendees will work together to identify issues surrounding domain name abuse, understand the issues more clearly, and identify the best course of action to deal with these challenges.
InternetNZ is currently seeking submissions as part of their .nz Framework Policy Review 2018. The .nz Framework Policy requires updating to reflect the new structure implemented as part of the Organisational Review of 2017. Roles and responsibilities previously assigned to NZ Registry Services in the old organisation structure need to be reassigned to InternetNZ. The review is technical in nature and does not extend to the principles underpinning the operation of .nz.
In other news for New Zealandâs country code top level domain (ccTLD) manager, thereâs an update on InternetNZâs participation at ICANN63 in Barcelona where Jordan Carter was elected as the Asia-Pacific representative on the CCNSO Council that had thus far been held by former Domain Name Commissioner Debbie Monahan. Thereâs also an update on ICANN63 that InternetNZ staff attended, including the Government Advisory Committeeâs (GAC) biannual High Level Government Meeting Session. The ccNSO meeting received updates from various working groups, including one on the retirement of ccTLDS. âThe group achieved consensus on the process to retire a ccTLD. The trigger event is the removal of the ccTLD from the ISO 3166-1 list. The group agreed that the subsequent retirement period before removal from the root zone should be in the range of 3-10 years following the trigger event.â
Thereâs also updates on Domain Name Commission staff attending The Crossroads Conference 2018 in Auckland that brought together local and international experts, and focused on putting the online safety sector ahead of the technology curve. Attendees heard presentations on a range of topics based around promoting online safety, disrupting online harm, and protecting and educating children. Plus InternetNZâs inaugural digital annual report was shortlisted year in the annual report category of the Plain English Awards.
The October DNC Newsletter is available in full from:
https://www.dnc.org.nz/the-commission/news/1745
New Zealand’s Domain Name Commission this week won a motion for preliminary injunction in a US court [pdf] to prevent DomainTools from accessing .nz’s Whois details and downloading the information into their own database.
The DNC, whose role they describe as being to develop and monitor a competitive registrar market, as well as creating a fair environment for the registration and management of New Zealand’s country code top level domain, comes under the InternetNZ umbrella. They viewed the victory as important for the .nz domain name space and for domain name holders wanting to keep some of their personal details from public view. It also strikes a precedent for other registries wanting to keep registrant data private.
The DNC notes that managers of other ccTLDs will want to pay attention to the judgment. This may raise confidence to fight their own cases should DomainTools be breaching their terms of use.
The preliminary injunction prevents DomainTools from “sending ‘high volume’ queries, “accessing the .nz Register ‘in bulk’”, “storing or compiling register data”, “publishing historical or non-current versions of the register data; and publishing register data in bulk.”
In the leadup to the decision, in November 2017 the DNC allowed individual registrants who are not in trade to choose to withhold their phone number and contact address from publicly appearing in the domain registrant search (Whois). Earlier this year, this became mandated. More than 20,000 domain names have already taken up the privacy option.
DomainTools is a digital intelligence-gathering company in the US and has been scraping registration data from New Zealand’s Domain Name Commission for many years. This mass collection of data breaches the Commission’s terms of use and exposes details of domain name holders who choose to have their details kept private. This is because DomainTools makes available historic records which show the now withheld information.
Domain Name Commissioner, Brent Carey, says winning this lawsuit is good news for .nz domain name holders and their privacy.
“The ruling allows the Commission to continue balancing online accountability with respect for individual privacy. The ruling temporarily puts to an end DomainTools’ bulk harvesting of .nz domain holders’ personal information and selling that data for a profit.
“This is a step in the right direction to ensure that any person or company looking to build a business on domain name data, in violation of our Terms of Use, can’t do so,” says Carey.
DomainTools argued that this lawsuit may cause an avalanche of litigation as other registries attempt to protect the privacy of their registrants – and Judge Lasnik stated they may be correct.
“We look forward to presenting our full case to the Court, as we seek to permanently prevent DomainTools from ever building a secondary .nz database offshore and outside the control of the Domain Name Commission,” says Carey.
In court, DomainTools requested $3.5 million (over NZ$5m) in bond to compensate for reworking database files to ensure that .nz data is not provided to its customers. However, the judge ruled that a nominal bond of only $1,000 (NZ$1,500) is required.
Over 22,000 individuals with .nz domain names have chosen to have the Individual Registrant Privacy Option (IRPO) applied, New Zealandâs Domain Name Commissioner has revealed in their August update.
The DNC notes this reflects a significant shift in online spaces more generally, with many users taking a stronger approach to privacy online. In the .nz domain name space, the DNC notes itâs critical to strike the right balance between fostering transparency and accountability, while enabling users to take control of their privacy. The IRPO was designed to do just that.
The DNC reminds that not all .nz registrants qualify to use IRPO, and misuse of the service is something that the DNC will be looking at in greater detail in the coming months. Eligibility is limited to:
As a result of the implementation of the General Data Protection Regulation, there has also been seen an increase in the use of third-party privacy options and proxy services. These are not permissible under .nz policy. The DNC will be addressing the use of these services by working with the providers offering these.
For the complete August update, which also provides updates on International Outreach, the latest Board meeting, a Registrar Advisory Group meeting, Making .nz safe, trusted and secure, NetHui dates and the development of a strawman Cyber Security Strategy by the National Cyber Policy Office, see:
https://www.dnc.org.nz/the-commission/news/1730