Tag Archives: tucows

PIR Launches DNS Abuse Institute To Protect Internet Users From Scourge of DNS Abuse

Public Interest Registry announced Wednesday the launch of the DNS Abuse Institute as part of its ongoing efforts to protect Internet users from the threat of DNS Abuse such as malware, botnets, phishing, pharming and spam.

Continue reading PIR Launches DNS Abuse Institute To Protect Internet Users From Scourge of DNS Abuse

GoDaddy, Tucows, CentralNic Announce Positive Financial Results Benefiting From Global Pandemic

The global COVID-19 pandemic is not hurting domain name registrars, with three of the largest, GoDaddy, CentralNic and Tucows, all announcing financial results to 30 June over the last week showing each company is doing well.

Continue reading GoDaddy, Tucows, CentralNic Announce Positive Financial Results Benefiting From Global Pandemic

NameJet Now Wholly Owned By Web.com

The Web.com Group has announced it has acquired from Tucows all remaining interest in the domain name aftermarket platform, NameJet. With this transaction, Web.com now owns two of the top platforms in the domain name aftermarket. The company also owns SnapNames Web.com, a pioneer in the domain name aftermarket space.

NameJet launched in 2007 as a joint venture between eNom, Inc., a subsidiary of Tucows, and Web.com subsidiary, Network Solutions, LLC. Like SnapNames, NameJet has exclusive partnerships with top domain name registrars across the globe and helps domain professionals, businesses and individuals acquire valuable domain names, including those that have recently expired.

“This move to complete ownership aligns with our goal of nurturing our core domain business, supporting and anticipating the diverse needs of our customers, and driving new opportunities for innovation and growth,” said David L. Brown, Web.com’s chief executive officer and president.

“We welcome the NameJet team to the Web.com family and are excited to leverage their thought leadership and expertise as we continue to invest in the aftermarket industry,” added Michael White, aftermarket vice president for Web.com.

“Web.com has been a great partner and we look forward to working with and leveraging their aftermarket expertise in the future,” said David Woroch, domains executive vice president for Tucows.

ICANN Reaffirms gTLD Registration Data Temporary Specification in Defiance of German Courts

Although ICANN isn’t technically American, there’s a growing difference of opinion between Europe and “America” over how to deal with the collection of domain name registrant’s registration, or Whois, data. Despite going down 4-0 to German courts in a dispute where EPAG is refusing to abide by ICANN’s requirement to collect registration data, ICANN has continued to insist registrars and registries collect the data they require for gTLDs. Continue reading ICANN Reaffirms gTLD Registration Data Temporary Specification in Defiance of German Courts

German Courts Rebuff ICANN For Fourth Time Over WHOIS/GDPR Data Collection

ICANN has suffered another setback in its desire to continue to collect and make public domain name registrant contact details following an appeal to a German High Court who ruled against ICANN's plea to reconsider the Court's own earlier decision following the introduction of the European Union's General Data Protection Regulation earlier this year.

ICANN has been pursuing a preliminary injunction from the German Court to require EPAG, a Germany-based, ICANN-accredited registrar (that is part of the Tucows Group and based in Bonn, Germany) to continue to collect elements of WHOIS data, as required under ICANN's Registrar Accreditation Agreement (RAA), which permits the registrar to sell domain name registrations for generic top-level domains.

ICANN received a ruling from the German Higher Regional Court in Cologne (“Appellate Court”) last week, that rejected ICANN's request for review (“plea of remonstrance”) filed by ICANN on 17 August 2018. ICANN's plea was filed to continue the immediate appeal in the ICANN v. EPAG injunction proceedings. ICANN initiated such proceedings against EPAG, to seek assistance in interpreting the European Union's General Data Protection Regulation (GDPR) in order to protect the data collected in WHOIS. The Appellate Court again has determined that it would not issue an injunction against EPAG.

This is the fourth time the German courts have rebuffed ICANN’s attempts to have EPAG enforce the RAA. On 30 May the Regional Court determined that it would not issue an injunction against EPAG. Then on 13 June ICANN appealed and on 18 July the Regional Court decided not to change its original determination not to issue an injunction against EPAG. The matter was referred to the Higher Regional Court in Cologne for appeal. Next on 3 August ICANN announced a German appeal court (Appellate Court of Cologne) had issued a decision on the injunction proceedings ICANN initiated against EPAG determining that it would not issue an injunction against EPAG.

In making its ruling, the Appellate Court found that the preliminary injunction proceeding does not provide the appropriate framework for addressing the nature of the contractual disputes at issue, and that a decision in preliminary proceedings does not appear to be urgently needed. Again, the Appellate Court did not address the merits of the underlying issues with respect to the application of GDPR as it relates to WHOIS.

ICANN is continuing to evaluate its next steps in light of this ruling, including possible additional filings before the German courts, as part of its public interest role in coordinating a decentralized global WHOIS for the generic top-level domain system.

On 25 May, the day the European Union’s General Data Protection Regulation came into place, ICANN filed a legal action against EPAG. This action was taken because of a disagreement between Tucows and ICANN on how the GDPR should be interpreted, with respect to their contracts.

In a post outlining their position back in May, EPAG Ashley La Bolle wrote the “GDPR begins with a statement of its core principle: ‘The protection of natural persons in relation to the processing of personal data is a fundamental right.’ Tucows has long been concerned with privacy and the rights of our customers, and takes the principles enshrined in this law extremely seriously.

“In order to have a domain registration system reflective of ‘data protection by design and default’, we started with the GDPR itself and crafted our procedures and policies around it. We built a new registration system with consent management processes, and a data flow that aligns with the GDPR’s principles. Throughout the registration life-cycle, we considered things like transparency, accountability, storage limitation, and data minimization.”

ICANN’s response to the GDPR came just over a week before the EU-wide data protection regulation came into place, and 2 years after it was announced. The “Temporary Specification”, as La Bolle writes, was “meant to temporarily bring gTLD registration services in line with the GDPR. The goal of the Specification is to serve as a stop-gap while the ICANN community works to resolve and balance issues between privacy law and existing ICANN policy.” EPAG have 3 concerns with the Temporary Specification based around “Personal Data Transfer to a Registry”, “Personal Data Display” and “Desire for Clarity”.

ICANN Loses Another Round in Battle Over Whois and GDPR With EPAG

ICANN announced Friday they had lost another round in their battle to get EPAG, a subsidiary of Tucows, to enforce their “temporary specification” on the collection of domain name registrant data.

For the third time the German courts have ruled against ICANN. This time the Appellate Court determined that it would not issue an injunction against EPAG. In making its ruling, ICANN explains in its announcement, “the Appellate Court stated that the interpretation of provisions of the GDPR was not material to its decision, so there was no obligation to refer the matter to the European Court of Justice.”

“Rather, the Appellate Court simply found that it was not necessary for it to issue a preliminary injunction to avoid imminent and substantial disadvantages, and noted that ICANN could pursue its claims in the main proceedings in order to enforce the rights it asserts.”

Former ICANN staffer and now (again) journalist on the domain name industry Kieren McCarthy tweeted on the news:

#ICANN has lost its #Whois legal case yet again. And its insistence that the matter be referred to the ECJ has been refused. Just how bad does it have to get before this critical org gets itself some proper legal advice?

ICANN is seeking to have EPAG reinstate collection of administrative and technical contact data for new domain name registrations. To comply with the European Unions General Data Protection Regulation, ICANN was seeking to have all its 2,500 accredited registrars and registries to continue to collect “thick” data but anyone conducting a Whois search would only receive “Thin” data in return, which includes only technical data sufficient to identify the sponsoring Registrar, status of the registration, and creation and expiration dates for each registration, but not personal data.

However Tucows took the view ICANN’s temporary specification wasn’t compliant with the GDPR. They had problems with 3 core issues. These issues were the collection, transfer, and public display of the personal information of domain registrants and the other contractually-mandated contacts.

Which led to a dispute on how the GDPR impacts EPAG’s registrar accreditation agreement. “The facts and the law, as we see them, do not support ICANN’s broader view of what will impact the security and stability of the internet. Neither do we find the purposes outlined in the temporary specification proportional to the risks and consequences of continuing to collect, process and display unnecessary data.”

ICANN note that they are now considering their “next steps, including possible additional filings before the German courts, as part of its public interest role in coordinating a decentralised global WHOIS for the generic top-level domain system and will provide additional information in the coming days.”

 

ICANN: German Regional Court to Revisit Ruling in Injunction Proceedings on Request to Preserve WHOIS data

ICANN was informed Thursday that the Regional Court in Bonn, Germany, has decided to revisit its ruling in the injunction proceedings that ICANN initiated against EPAG, a Germany-based, ICANN-accredited registrar that is part of the Tucows Group.

 

On 13 June 2018, ICANN appealed the Regional Court’s initial decision to reject ICANN‘s application for an injunction, in which ICANN sought a court order requiring EPAG to reinstate collection of administrative and technical contact data for new domain name registrations.

Upon receipt of an appeal, the Regional Court has the option to re-evaluate its decision that is being appealed, or affirm its decision and immediately forward the matter to the Higher Regional Court for consideration of the appeal.

In this instance, the Regional Court has decided to revisit its initial decision and has asked EPAG to comment on ICANN‘s appellate papers within two weeks.

ICANN is pursuing this matter as part of its public interest role in coordinating a decentralized global WHOIS for the generic top-level domain system. To that end, ICANN continues to seek clarity of how to maintain a global WHOIS system and still remain consistent with legal requirements under the European Union’s General Data Protection Regulation (GDPR).

Background:

On 25 May 2018, ICANN filed the injunction proceedings against EPAG. ICANN asked the Court for assistance in interpreting the GDPR in an effort to protect the data collected in WHOIS. ICANN sought a court ruling to ensure the continued collection of all WHOIS data. The intent was to assure that all such data remains available to parties that demonstrate a legitimate purpose to access it, and to seek clarification that under the GDPR, ICANN may continue to require such collection.

ICANN filed the proceedings because EPAG had informed ICANN that as of 25 May 2018, it would no longer collect administrative and technical contact information when it sells new domain name registrations. EPAG believes collection of that particular data would violate the GDPR. ICANN‘s contract with EPAG requires that information to be collected.

EPAG is one of over 2,500 registrars and registries that help ICANN maintain the global information resource of the WHOIS system. ICANN is not seeking to have its contracted parties violate the law. Put simply, EPAG’s position spotlights a disagreement with ICANN and others as to how the GDPR should be interpreted.

On 30 May 2018, the Regional Court determined that it would not issue an injunction against EPAG. In rejecting the injunctive relief, the Court ruled that it would not require EPAG to collect the administrative and technical data for new registrations. However, the Court did not indicate in its ruling that collecting such data would be a violation of the GDPR. Rather, the Court said that the collection of the domain name registrant data should suffice in order to safeguard against misuse in connection with the domain name (such as criminal activity, infringement, or security problems).

The Court reasoned that because it is possible for a registrant to provide the same data elements for the registrant as for the administrative and technical contacts, ICANN did not demonstrate that it is necessary to collect additional data elements for those contacts. The Court also noted that a registrant could consent and provide administrative and technical contact data at its discretion.

On 13 June 2018, ICANN appealed the Regional Court’s ruling to the Higher Regional Court of Cologne, Germany, and again asked for an injunction that would require EPAG to reinstate the collection of all WHOIS data required under EPAG’s Registrar Accreditation Agreement with ICANN.

ICANN appreciates and understands the dilemma of EPAG in trying to interpret the GDPR rules against the WHOIS requirements, but if EPAG’s actions stand, those with legitimate purposes, including security-related purposes, law enforcement, intellectual property rights holders, and other legitimate users of that information may no longer be able to access full WHOIS records.

In addition to the court proceedings, ICANN is continuing to pursue ongoing discussions with the European Commission and the European Data Protection Board to gain further clarification of the GDPR as it relates to the integrity of WHOIS services.

About ICANN

ICANN‘s mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.

This ICANN announcement was sourced from:
https://www.icann.org/news/announcement-3-2018-06-21-en

ICANN Appeals German Court Decision on GDPR / WHOIS

ICANN today (13 June) appealed a decision by the Regional Court in Bonn, Germany not to issue an injunction in proceedings that ICANN initiated against EPAG, a Germany-based, ICANN-accredited registrar that is part of the Tucows Group. The appeal was filed to the Higher Regional Court of Cologne, Germany.

ICANN is asking the Higher Regional Court to issue an injunction that would require EPAG to reinstate the collection of all WHOIS data required under EPAG’s Registrar Accreditation Agreement with ICANN.

The Regional Court in Bonn rejected ICANN’s initial application for an injunction, in which ICANN sought to require EPAG to collect administrative contact and technical contact data for new domain name registrations.

If the Higher Regional Court does not agree with ICANN or is not clear about the scope of the European Union’s General Data Protection Regulation (GDPR), ICANN is also asking the Higher Regional Court to refer the issues in ICANN’s appeal to the European Court of Justice.

ICANN is appealing the 30 May 2018 decision by the Regional Court in Bonn as part of ICANN’s public interest role in coordinating a decentralized global WHOIS for the generic top-level domain system.

“We are continuing to seek clarity of how to maintain a global WHOIS system and still remain consistent with legal requirements under the GDPR,” said John Jeffrey, ICANN’s General Counsel and Secretary. “We hope that the Court will issue the injunction or the matter will be considered by the European Court of Justice.”

Background:

On 25 May 2018, ICANN filed the injunction proceedings against EPAG. ICANN asked the Court for assistance in interpreting the GDPR in an effort to protect the data collected in WHOIS. ICANN sought a court ruling to ensure the continued collection of all WHOIS data. The intent was to assure that all such data remains available to parties who demonstrate a legitimate purpose to access it, and to seek clarification that under the GDPR, ICANN may continue to require such collection.

ICANN filed the proceedings because EPAG had informed ICANN that as of 25 May 2018 when it sells new domain name registrations, it would no longer collect administrative and technical contact information. EPAG believes collection of that particular data would violate the GDPR. ICANN’s contract with EPAG requires that information to be collected.

EPAG is one of over 2,500 registrars and registries that help ICANN maintain the global information resource of the WHOIS system. ICANN is not seeking to have its contracted parties violate the law. Put simply, EPAG’s position spotlights a disagreement with ICANN and others as to how the GDPR should be interpreted.

On 30 May 2018, the Court determined that it would not issue an injunction against EPAG. In rejecting the injunctive relief, the Court ruled that it would not require EPAG to collect the administrative and technical data for new registrations. However, the Court did not indicate in its ruling that collecting such data would be a violation of the GDPR. Rather, the Court said that the collection of the domain name registrant data should suffice in order to safeguard against misuse in connection with the domain name (such as criminal activity, infringement or security problems).

The Court reasoned that because it is possible for a registrant to provide the same data elements for the registrant as for the administrative and technical contacts, ICANN did not demonstrate that it is necessary to collect additional data elements for those contacts. The Court also noted that a registrant could consent and provide administrative and technical contact data at its discretion.

ICANN appreciates and understands the dilemma of EPAG in trying to interpret the GDPR rules against the WHOIS requirements, but if EPAG’s actions stand, those with legitimate purposes, including security-related purposes, law enforcement, intellectual property rights holders, and other legitimate users of that information may no longer be able to access full WHOIS records.

In addition to the court proceedings, ICANN is continuing to pursue ongoing discussions with the European Commission and the European Data Protection Board to gain further clarification of the GDPR as it relates to the integrity of WHOIS services.

About ICANN

ICANN’s mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.

This ICANN announcement was sourced from:
https://www.icann.org/news/announcement-2018-06-13-en

German Court Rejects ICANN Bid to “Protect” WHOIS Data

In a bid to “to protect the data collected in WHOIS”, ICANN last week sought a court ruling in a German court to “ensure the continued collection of all WHOIS data, so that such data remains available to parties demonstrating legitimate purpose to access it, consistent with the GDPR.”

The “one-sided filing” in Bonn, Germany, was against German registrar EPAG, these days part of the Tucows group. EPAG had recently informed ICANN that it would no longer collect administrative and technical contact information for generic top level domain name registrations as it believes collection of that data would violate the GDPR rules, and further, it wasn’t needed.

EPAG had advised ICANN it no longer intended to collect such data, citing the GDPR law implementation as its rationale. In a statement from their parent company, Tucows, they said they “realised that the domain name registration process, as outlined in ICANN’s 2013 Registrar Accreditation Agreement, not only required us to collect and share information we didn’t need, it also required us to collect and share people’s information where we may not have a legal basis to do so. What’s more, it required us to process personal information belonging to people with whom we may not even have a direct relationship, namely the Admin and Tech contacts.”

Through its contract with registrars including EPAG, ICANN requires the WHOIS information be collected. In an effort to comply with the European Union’s General Data Protection Regulation, ICANN recently adopted a new Temporary Specification regarding how WHOIS data should be collected and which parts may be published, which ICANN believes is consistent with the GDPR.

The late announcement of the Temporary Specification, a week before the GDPR came into being, already had registrars irate, as they had to have their systems compliant ready for its implementation. Speaking to Domain Pulse at the Domain Pulse conference (unrelated), EPAG’s Managing Director Ashley La Bolle said at EPAG they wished “ICANN had started work on this a year ago. Of course, we will try to accommodate changes, but in absence of new consensus policies, we have to develop solutions that we believe will ensure our own compliance with the law.”

The German court ruled in favour of EPAG, at least in part, ruling it would not require EPAG to collect the administrative and technical data for new registrations. However, the Court did not indicate in its ruling that collecting such data would be a violation of the GDPR. Rather, said ICANN in a statement, the Court said that the collection of the domain name registrant data should suffice in order to safeguard against misuse the security aspects in connection with the domain name (such as criminal activity, infringement or security problems).

The Court reasoned that because it is possible for a registrant to provide the same data elements for the registrant as for the administrative and technical contacts, ICANN did not demonstrate that it is necessary to collect additional data elements for those contacts. The Court also noted that a registrant could consent and provide administrative and technical contact data at its discretion.

“While ICANN appreciates the prompt attention the Court paid to this matter, the Court's ruling today did not provide the clarity that ICANN was seeking when it initiated the injunction proceedings,” said John Jeffrey, ICANN's General Counsel and Secretary. “ICANN is continuing to pursue the ongoing discussions with the European Commission, and WP29, to gain further clarification of the GDPR as it relates to the integrity of WHOIS services.”

So where to from here? Michele Neylon from the Irish registrar and hosting company Blacknight suggests “there might be more at play here than initially meets the eye. ICANN is probably coming under a lot of pressure from the US government and other interests in relation to public whois. Recent speeches by US Department of Commerce’s head honcho David Redl in multiple venues have underlined the US government’s fixation with full public whois.”

It's not over yet. As Jeffrey noted, the ruling didn’t give the clarity ICANN sought. Watch this space.

US Trade Office Wants ICANN and Governments To Help Stamp Out Online Counterfeit Goods

A report from the Office of the United States Trade Representative (USTR) is critical of registrars that have allowed domain names to be registered and used in the distribution of unauthorised copyright-protected content. And it is urging governments and ICANN to get involved to address the problem.According to the report, one respondent identified several registrars that have apparently refused requests to lock or suspend domain names used to sell suspected counterfeit pharmaceuticals to consumers worldwide. While this is conduct is a threat to brand owners, it also presents a public health challenge, and requires a coordinated response by governments and a variety of private sector stakeholders.According to a 2012 report from the National Association of Boards of Pharmacy cited by the USTR, an estimated 96 percent of online pharmacies targeting US consumers are operating in violation of applicable US law and standards.The report also cites a World Trade Organisation report estimating 50 percent of websites worldwide that hide their physical address are selling illicit pharmaceuticals, including those labelled with counterfeit trademarks. The website www.LegitScript.com has reviewed over 40,000 online drug sellers, but found fewer than 400 to be legitimate. Studies have found that counterfeit anti-cancer, anti-HIV/AIDS , and other medications are not only ineffective, but in some cases may contain toxic or deadly adulterants, such as rat poison.With relatively few lawful sources amidst a sea of harmful ones, the public faces a substantial risk when navigating these online pharmaceutical markets. In addition to the public health and safety risks, there is also economic harm. Illegal online pharmaceutical sellers can generate significant revenues each month, diverting income from legitimate innovative and generic pharmaceutical manufacturers , and depriving governments of tax revenues from legitimate sales.The USTR says registrars can play a critical public safety role in the internet ecosystem. Ignoring that role, or acting affirmatively to facilitate public harm, is of great concern. One of the registrars nominated in response to USTR’s Federal Register Request, Tucows.com, appears in the List of companies of concern and is an example of this concern. The USTR is urging trading partner governments and ICANN to investigate and address this very serious problem.But Tucows denies it is implicated in the problem. The registrar told Reuters ‘it took down dozen of sites every day but unlike some competitors, it considered all complaints carefully to ensure they were justified.'”We want to make sure that our registrants are protected and respected as well as making sure there are not bad actors on our system, and that requires striking a balance on a daily basis,” said Graeme Bunton, Tucows manager of public policy.