Story image

Domain Name Commission wins lawsuit against US intelligence firm DomainTools

18 Sep 18

The Domain Name Commission has taken on a US intelligence-gathering company and won a motion for a preliminary injunction in court.

The US-based company called DomainTools has been scraping registration data from the New Zealand Domain Name Commission ‘for years’, but that has now come to a halt.

Earlier this year New Zealand’s Domain Name Commission, which holds registration information about all .nz domain holders, offered a privacy option for domain holders who are not in trade. More than 23,000 domain holders are now using the privacy option, which allows them to hide their address and phone number from publicly appearing in online registration data searches.

DomainTools displays historic data records, however when the new privacy rules came into effect the company did not update its own database to reflect the changes. As a result, it was displaying information that is now considered private.

DomainTools requested NZ$5 million in bond to ensure that it can complete the rework of database files to hide .nz data from its customers, however the judge ruled that the necessary bond would only be $1500.

According to Domain Name Commissioner Brent Carey, the lawsuit win is good news for .nz domain name holders and their privacy.

"The ruling allows the Commission to continue balancing online accountability with respect for individual privacy. The ruling temporarily puts to an end DomainTools’ bulk harvesting of .nz domain holders’ personal information and selling that data for a profit,” he says.

DomainTools argued that the lawsuit may set a precedent and an ‘avalanche’ of litigation as other registries worldwide act to protect their registrants’ privacy – a sentiment that Judge Lasnik says may be correct.

The Domain Name Commission says that other domain name system managers around the world will pay attention to the judgement.

"We look forward to presenting our full case to the Court, as we seek to permanently prevent DomainTools from ever building a secondary .nz database offshore and outside the control of the Domain Name Commission," says Carey.

"This is a step in the right direction to ensure that any person or company looking to build a business on domain name data, in violation of our Terms of Use, can’t do so," Carey concludes.

In June this year the Domain Name Commission and CERT NZ agreed to share domain registration information between the two agencies. The agreement vows to protect .nz domain names from cybersecurity threats.

CERT NZ must provide reasons for accessing the data, while the Domain Name Commission can suspend CERT NZ’s access if it believes that access has affected security and stability of the .nz domain.
 

Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
Report on SingHealth breach condemns poor security practices
The 2018 Singapore SingHealth data breach was poorly managed and riddled with vulnerabilities from the start.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.