InternetNZ’s Jordan Carter Talks Privacy: GDPR, DomainTools Court Case, .NZ Individual Registrants… And More

Privacy is a big thing, both in the .nz space and in the wider domain name world and has brought about both highlights and lowlights according to InternetNZ’s Chief Executive Jordan Carter. In today’s Domain Pulse Q&A Carter says a 2018 lowlight was ICANN’s handling of their policy response to the EU’s GDPR, which he believes, along with privacy for internet users, to be a good thing. In New Zealand they’re been dealing with privacy in 2 ways: an Individual Registrant Privacy Option introduced in 2018 as well as an upcoming review of the Privacy Act.

Looking ahead to 2019 another
issue impacting on privacy is InternetNZ’s US litigation against
DomainTools. This is a test case with implications for the protection of ‘privacy rights of .nz
registrants in the .nz domain name space and likely other ccTLDs and the wider
industry.’ Also for 2019, Carter sees a “challenge
and opportunity” in seeing Internet Governance becoming more effective, which follows the “strong challenge to
the global multistakeholder approach to governing the Internet issued by
Emmanuel Macron and the U.N. Secretary General at last year’s Internet
Governance Forum.” Getting it right says Carter, would mean evolving “multistakeholder
Internet governance in a way that brings governments more on board, and is fit
for the future.” Carter also discusses
security, domain name abuse and DNS hijacking.

Domain Pulse: What were the highlights, lowlights and challenges of 2018 in the domain name industry for you?

Jordan Carter: A highlight for us in New Zealand was putting the issue of domain name abuse squarely on the table. We held a forum to tackle this in Wellington late in the year, and had some pretty clear perspectives shared by almost a hundred people who took part.

Another highlight was implementing the merger of InternetNZ
and NZRS, our former subsidiary that operated the .nz registry. There’s a lot
of work involved in that kind of change and our team have done an amazing job
in making it happen.

Lowlights? The handling of the GDPR by ICANN sticks out as a
major issue. And right at the end of the year, leading into 2019, the DNS
hijacking that became apparent is a real concern.

Three of these are challenges too – how we get privacy right in the DNS, how to improve our security performance, and how to deal with abuse in the DNS.

DP: GDPR – good, bad and/or indifferent to you and the wider industry and why? (You’ve alluded in previous emails that NZ is working on its own privacy legislation so to answer it thinking of this could be good)

JC: Privacy is a good thing. Changing the domain name system to support it is a good thing. The GDPR in principle is a good thing. In New Zealand we have two items on this topic.

The Individual Registrant Privacy Option (IRPO) was introduced in 2018, giving registrants not in significant trade the choice to keep e some of their registrant contact details private.

We also have a review of the Privacy Act likely to lead to
amending legislation later this year or early next, which will follow some of
the precedents created by the GDPR while maintaining New Zealand’s general
approach to privacy law. One goal of the legislative update is to retain New
Zealand’s adequacy finding under the new GDPR framework.

For the wider industry, I am quite critical of how ICANN has
approached this topic. For ICANN to have ended up rushing a policy development
process when GDPR was very well signalled for years in advance isn’t the
standard we should expect of that organisation. That said, I am confident
they’ve learned a big lesson and have taken steps to make sure a repeat is
unlikely.

DP: What are you looking forward to in 2019?

JC: For .nz, we have a number of things on the go.

We’re going to look at our security approach across the .nz
domain, working with our registrars and others to look at the threat landscape
and see what more we can do on the security front.

The Domain Name Commission will be revising and improving
its compliance approach.

The Commission will also have an outcome from its US litigation against DomainTools. This test case will be significant for protecting the privacy rights of .nz registrants in the .nz domain name space and it is likely to have an impact on other ccTLDs and the wider industry.

We will be looking at what more we can do to tackle the
tricky issue of domain name abuse, including supporting the work that the
Internet and Jurisdiction Project has underway on that topic.

We will soon be launching an end-to-end review of the whole
policy framework that applies to the .nz domain name space, asking our
stakeholders if there are any issues they see that need solving.

I’m looking forward to all of these, because they are what
we need to be doing to respond to the world around us, and to keep on with our
efforts to help all New Zealanders harness the power of the Internet and the
DNS.

DP: What challenges and opportunities do you see for the year ahead?

JC: One I’d draw attention to, as both challenge and opportunity, is the strong challenge to the global multistakeholder approach to governing the Internet issued by Emmanuel Macron and the U.N. Secretary General at last year’s Internet Governance Forum.

Both commented on the need to make “Internet Governance”
more effective, to incorporate more diverse voices and perspectives, and to go
beyond the talking-shop approach and into more substantive policymaking.

How we respond to that pressure is crucial. If we get it
right, we can evolve multistakeholder Internet governance in a way that brings
governments more on board, and is fit for the future. If we get it wrong, we
risk seeing Internet policymaking disappearing into intergovernmental
institutions like the ITU – and that would be bad for the Internet, and for us
all.

DP: 2019 will mark 5 years since the first new gTLDs came online. How do you view them now?

JC: Personally, I’ve always been a bit sceptical. It’s good to be offering more choice, but the uptake of these domains indicates a limited appetite from consumers to be registering them. I had thought they might drive significant innovation and change in the DNS, but it does not seem to have played out that way from my perspective.

DP: Are domain names as relevant now for consumers – business, government and individuals – as they have been in the past?

JC: Domain names are still the key way for people to identify Internet resources, and for many people dear old email remains the killer app.

That said, we have a job to do to make domains easier to use
(why isn’t it one-click to connect my gmail account to a domain?) and to better
understand how, in the age of social media platforms, domains can evolve and
keep playing a useful role.

Part of the answer to that, I suspect, lies in the field of digital identity. People are going to become more conscious of being the product when it comes to social networks. Domain names as a part of the identity ecosystem have a role to play in making sure people can keep control of their identity online.

Previous Q&As in this series were with:

  • EURid, manager of the .eu top level domain (available here)
  • Katrin Ohlmer, CEO and founder of DOTZON GmbH (here)
  • Afilias’ Roland LaPlante (here)
  • DotBERLIN’s Dirk Krischenowski (here)
  • DENIC (here)
  • Internet.bs’ Marc McCutcheon (here)
  • nic.at’s Richard Wein (here)
  • Neustar’s George Pongas (here)
  • CentralNic’s Ben Crawford (here)
  • CIRA’s David Fowler (here)
  • Jovenet Consulting’s Jean Guillon (here)
  • GGRG’s Giuseppe Graziano (here)
  • Blacknight Solutions’ Michele Neylon (here)
  • Public Interest Registry’s President and CEO Jon Nevett (here)
  • ICANN board member and founding auDA CEO Chris Disspain (here).

If you’d like to participate in this Domain Pulse series with
industry figures, please contact David Goldstein at Domain Pulse by
email to david[at]goldsteinreport.com.

This latest Domain News has been posted from here: Source Link