sb-nz logo
Story image

Domain Name Commission wins lawsuit against US intelligence firm DomainTools

18 Sep 2018

The Domain Name Commission has taken on a US intelligence-gathering company and won a motion for a preliminary injunction in court.

The US-based company called DomainTools has been scraping registration data from the New Zealand Domain Name Commission ‘for years’, but that has now come to a halt.

Earlier this year New Zealand’s Domain Name Commission, which holds registration information about all .nz domain holders, offered a privacy option for domain holders who are not in trade. More than 23,000 domain holders are now using the privacy option, which allows them to hide their address and phone number from publicly appearing in online registration data searches.

DomainTools displays historic data records, however when the new privacy rules came into effect the company did not update its own database to reflect the changes. As a result, it was displaying information that is now considered private.

DomainTools requested NZ$5 million in bond to ensure that it can complete the rework of database files to hide .nz data from its customers, however the judge ruled that the necessary bond would only be $1500.

According to Domain Name Commissioner Brent Carey, the lawsuit win is good news for .nz domain name holders and their privacy.

"The ruling allows the Commission to continue balancing online accountability with respect for individual privacy. The ruling temporarily puts to an end DomainTools’ bulk harvesting of .nz domain holders’ personal information and selling that data for a profit,” he says.

DomainTools argued that the lawsuit may set a precedent and an ‘avalanche’ of litigation as other registries worldwide act to protect their registrants’ privacy – a sentiment that Judge Lasnik says may be correct.

The Domain Name Commission says that other domain name system managers around the world will pay attention to the judgement.

"We look forward to presenting our full case to the Court, as we seek to permanently prevent DomainTools from ever building a secondary .nz database offshore and outside the control of the Domain Name Commission," says Carey.

"This is a step in the right direction to ensure that any person or company looking to build a business on domain name data, in violation of our Terms of Use, can’t do so," Carey concludes.

In June this year the Domain Name Commission and CERT NZ agreed to share domain registration information between the two agencies. The agreement vows to protect .nz domain names from cybersecurity threats.

CERT NZ must provide reasons for accessing the data, while the Domain Name Commission can suspend CERT NZ’s access if it believes that access has affected security and stability of the .nz domain.  

Story image
COVID-related email subjects biggest threat in phishing scams
Coronavirus-related email subjects remain the biggest threat in phishing scams, a new study has found.More
Story image
NZX, Metservice attacks show Kiwi companies must rethink cyber security
The attacks are a wake-up call for New Zealand businesses to step up their threat protection and contingency planning systems.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More