MENU
  • Enom.com
  • Resellers

Enom Blog

February, 2019
Archive

  • Enom’s Tiered Access Directory: eight months later

    February 19, 2019

    GDPR, Industry Insight

     Like

    Views: 3709

    keys on surface.

    Tucows’ Tiered Access Compliance & Operations portal (which we commonly refer to as a “Tiered Access Directory” or “gated Whois”) launched at the end of May 2018. With its launch, our public Whois “went dark.” From that date forward, all personal registrant data has been redacted from the public Whois by default, and made accessible only via the gated Whois.

    Most people saw this is a good thing—registrants deserve to have their personal information protected. A few argued that the change would impede efforts to identify and take legal action against cyber criminals and trademark or copyright violations. We’ve always advocated that a balance could be reached.

    Now, eight months into our Tiered Access program, we’re looking back at the data access requests to see what the numbers reveal about how the system is working out.

    The Big Picture

    We have received more than 2100 data access requests since our Tiered Access system started last May, and of these requests:

    • Just over 25% resulted in applicable registration data being provided to the requestor
    • Only a small percentage of requests get denied: 4.6%, as of 13 February 2019
    • 13% of all requests are duplicates
    • 65% of all requests came on behalf of a single requestor; only 21% of these requests resulted in the provision of data, as the majority did not provide sufficient legitimate purpose, nor did the requestor respond to our request for more information

    Perhaps surprisingly, 70% of data access requests are not fulfilled because the requestor did not respond to Tucows’ requests for additional information (including assurances regarding who the requestor was, how the data would be handled, and why the data were needed). For example, some requests failed to include the requestor’s own identity, their legal basis to access the information, or even which specific domain name they’re asking about. In all cases, we reply promptly to ask for the missing information but, so far, for 70% of the requests we have received, that information was never provided.

    Whois (pun intended) requesting registration data?

    The vast majority of requests—just over 90%—come from commercial litigation interests and relate to a suspected intellectual property (copyright or trademark) infringement. The remaining 10% are spread across other types of requestors, including law enforcement, security researchers, registries, the registrants themselves, and third-parties interested in purchasing specific domains.

    • 92% of requests were made by commercial litigation interests, mostly trademark interests (85%) but also some copyright (4%: fewer than 100 total copyright-related requests)
    • Within the “trademark” category, 76% of all requests are on behalf of a single entity. The next highest entity requestor accounts for only 7% of trademark requests.
    • Law enforcement requests account for less than 2% of all requests—this does not include warrants, as the intent of a gated Whois is to provide data which what had previously been publicly available; requests for additional information still require a warrant or subpoena
    • Fewer than 1% were requests from security researchers, one of the major groups who have expressed concerned about the loss of public Whois

    Interestingly, we have had only a single request that appears to be related to illegitimate pharmaceuticals being sold online and zero requests related to terrorism. These are categories that we were led to believe we would receive a high volume of requests for.

    Requests from ICANN Compliance

    There are also a significant number of requests for personal data that we’ve excluded from the stats and total number referenced above: those made by ICANN Compliance. These were not included because, although ICANN Compliance has requested personal data from us in relation to complaints filed by third-parties, they have not yet demonstrated a legitimate purpose for processing that data. Since the introduction of our Tiered Access system in May, no Tucows-owned registrar has shared any personal registration data with ICANN Compliance; we have discovered that we can successfully help ICANN’s compliance investigation of registrant or third-party requests without disclosing any personal data to ICANN. We are always looking for innovative solutions that allow us all to rethink the traditional way of doing things.

    What do these numbers tell us?

    We see significant spikes of requests surrounding ICANN meetings:

    These spikes and the prevalence of certain requestors strongly suggests an attempt to skew the data to create an argument against the loss of public Whois data. Regardless of that attempt, however, what we clearly see is a system working the way that it should: when sufficient legitimate interest is shown and assurances regarding the handling of data are made, the process of providing personal data is smooth.

    The sky didn’t fall. The dire predictions that commercial litigation, law enforcement, and security research interests made prior to our GDPR implementation did not come to pass. Our Tiered Access team is able to respond to requests in a timely manner and to provide access to registration data when the requestor can demonstrate their legal basis for access. The system works well.

    The future of Tiered Access

    There remains much to be done regarding Tiered Access. The “Technical Study Group on Access to Non-Public Registration Data”, a recently-created group of ten members hand-picked by the ICANN Board, is engaged in technical work on Tiered Access, although not the thornier legal or policy challenges. There is a lot of work happening in the ICANN Community as well. The Expedited Policy Development Process (EPDP) Team work has not yet been finalized; a Registrar Constituency document outlining guidelines for requesting registrant data will be published soon; and there are ongoing informal discussions among registrars and other interests intended to streamline access and make it less difficult and confusing.

    The EPDP’s Phase 1 Final Report, which will focus on data collection and, later, its Phase 2—which will be focused on a Standard Access Model—may affect what we collect and disclose in the future. We won’t know what the Tiered Access system will look like long-term until there is clarity around these items, which are still very much up in the air. That said, we’re in a position to adapt our system to meet the ICANN Community’s final requirements. In the meantime, we’ve created a solution that achieves an effective balance between protecting registrants’ right to privacy and providing legitimate third-parties timely access to the data they’re legally entitled to.

    As we’ve said before, while it marks a big change in the domain space, the introduction of our Tiered Access Compliance and Operations system is a move in the right direction, in step with evolving privacy laws across the globe. Tucows remains committed to protecting registrant privacy and applauds the efforts underway by various governments to establish privacy-by-default standards.




    Read More

  • What Brexit means for .EU domain owners in the UK

    February 11, 2019

    Announcement, Industry Insight

     Like

    Views: 3168

    Last updated: July 2, 2020

    On February 1, 2020, the United Kingdom officially withdrew from the European Union, with a transition period that will extend until December 31, 2020. One of the consequences of Brexit is that many UK-based, .EU domain owners will no longer meet the .EU eligibility requirements. Recently, EURid, the .EU registry, announced an updated timeline for revoking the domains of ineligible registrants.

    EURid’s new plan is to begin contacting impacted .EU registrants on October 1, 2020. Registrants who can will be asked to update their registrant data to demonstrate their eligibility based on citizenship in a remaining EU member state by December 31, 2020. On January 1, 2021, any UK-based registrants who have not demonstrated eligibility will have their domain name “withdrawn.”

     

    We provide full details below, but we want to stress the importance of encouraging your registrants to demonstrate eligibility prior to December 31, 2020, if they are able to do so. If their domain falls into “withdrawn” status, they can reclaim it. However, the process will be cumbersome, as it will involve manual work at the registry level.

    Read on for a summary of the .EU eligibility requirements and EURid’s timeline for UK-based .EU registrants, as well tips on how you can prepare.

    Eligibility Requirements for .EU Domains

    Last year, amid the Brexit negotiations, EURid released an updated Domain Name Registration Policy, which went into effect as of October 19, 2019.  Under this new policy, the eligibility requirements for organizations did not change, but the eligibility requirements for individuals did — .EU domains can now be registered by EU citizens who live outside of the European Union. The following registrant types are eligible to register .EU domains:

    • a European Union citizen, independently of their place of residence;
    • a natural person who is not a Union citizen and who is a resident of a Member State;
    • an undertaking that is established in the Union; or
    • an organization that is established in the Union, without prejudice to the application of national law.

    In the context of Brexit, here’s what the eligibility requirements mean for existing .EU registrants:

    • EU citizens who reside in the UK will not lose their domain names. They’ll simply have to demonstrate proof of EU citizenship.
    • UK citizens that reside in an EU member state will also remain eligible.
    • However, UK citizens who reside outside of the Union Member States are no longer eligible to hold an .EU domain name. Their domain name will be revoked at the end of the transition period.

     

    Detailed Timeline for .EU Reseller and Registrants

    October 1, 2020

    • EURid will contact via email all .EU registrants who have listed a postal address with a GB (Great Britain) or GI (Gibraltar) country code, inviting them to “demonstrate their compliance with the eligibility criteria by updating their registration data before December 31, 2020.”
    • For organizations, this would involve indicating a legally established entity in one of the eligible EU27 or EEA Member States. For individuals, this would involve updating their residence to a physical address located in one of the EU27 or EEA Member States. The registrant could also choose to transfer the domain name to an EU resident.

    December 21, 2020

    • EURid will email all UK registrants who did not demonstrate continued eligibility to remind them of their “forthcoming non-compliance with the .EU regulatory framework.”

    January 1, 2021, as of 00:00:00 CET

    • EURid will no longer allow UK residents (who can’t demonstrate EU citizenship) to register new .EU domain names. The transfer and transfer through update of any domain name to a UK registrant will also no longer be allowed.
    • EURid will email all UK registrants who have not demonstrated eligibility to inform them that their domain name is no longer compliant with the .eu regulatory framework and has, therefore, been “withdrawn.”
    • Domain names in “withdrawn” status will no longer function. The domain name is removed from the zone file and will no longer support any active services (e.g. websites or email).

    January 1 2022, 00:00:00 CET

    • All withdrawn domain names will be revoked and made available for general registration. These domains will be released for registration in batches.

     

    How Should Resellers Prepare?

    1. Ensure you’re familiar with how to register, transfer, and perform contact updates for domains registered by EU citizens who live outside the European Union.

    If you use the Control Panel to register domains: In the Enom Control Panel, there now exists a field that will enable you to indicate a country of citizenship for the registrant.

    If you use the API to register domains: When required, you’ll need to submit a eu_country_of_citizenship value, when needed. The value can be any two-letter country code of an EU member state.

    2. If you haven’t already, consider restricting multi-year renewals and registrations for UK customers. This will help avoid situations where a UK customer pays a sizable renewal fee, only to lose their .EU domain a few months later.

    3. Consider displaying a warning to registrants during the registration process. It’s important that before registering a .EU domain, your UK-based customers are made aware of the impending change to the domain’s eligibility requirements.

    4. Keep in mind that EURid will contact your impacted customers on October 1, 2020. You may wish to reach out beforehand, or simply ready your support team. 5. Advise those registrants who can to update their information to meet the eligibility requirements as soon as possible. This will ensure their domain(s) does not fall into Withdrawn status and become inactive.

    If their domain falls into “withdrawn” status, they can reclaim it. However, the process will not be as straightforward as a standard domain redemption. OpenSRS will do our best to make the process of reclaiming a withdrawn domain as smooth as possible, we are limited by the manual work involved at the registry level.

    Read More

FEATURED POSTS

  • How to Win by Treating Your Customers as Members

    August 13, 2020

  • A Great Domain for Freelancers and Entrepreneurs? Try .ME

    June 22, 2020

  • Bandzoogle: website builder for musicians

    June 1, 2020

  • security lock and credit cards on keyboard

    Avoiding COVID-19 Cyberattacks with Security Best-Practices

    April 28, 2020

CATEGORIES

  • Advice
  • Announcement
  • Developers
  • DNS
  • Featured
  • Fun
  • GDPR
  • Industry Insight
  • New TLDs
  • News
  • Premium Domains
  • Promotion
  • Resellers
  • Roadmap
  • SSL
  • Uncategorized
  • WTB

ARCHIVES

  • November 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • January 2016
  • December 2015
  • November 2013
Support
Report Abuse
Help Center
Contact Us

 Resources
WHOIS Lookup
Maintenance Alerts
Developers
Products & Services
Domain Name Search
Premium Domains
Web Hosting
SSL Certificates
Website Builder
Basic Email
Bulk Tools

© 2020 Enom Blog |