Skip to Content

Cybersecurity & Standards

I* Newsletter: WHOIS, Privatization, Third-Party Cookie Replacement

“I*: Navigating Internet Governance and Standards” was a monthly newsletter distributed by the Center for Democracy & Technology (CDT), and compiled by the Public Interest Technology Group (PITG), a group of expert technologists who work across a complex landscape of internet standards development (“I”) organizations that convene in the public interest.

The newsletter highlighted emerging internet infrastructure issues that affect privacy, free expression, and more, clearly explaining their technical underpinnings.

# Who remembers WHOIS?: In a win for user privacy, when the EU’s fine-enforced compliance with data privacy legislation went into effect nearly three years ago, the personal details of every domain registrant were scrubbed from the Internet Corporation for Assigned Names and Numbers’ (ICANN) distributed WHOIS database. (WHOIS is a free, publicly available directory containing the contact and technical information of registered domain name registrants.)

Legitimate requests for registrant data can still be made through WHOIS, but law enforcement, intelligence agencies, and security companies lament in report after report that some registries and registrars have over-complied with the General Data Protection Regulation (GDPR). They argue that, despite the GDPR protections, private data registration — when registrants pay a fee to hide private details from the registry — appears to be on the rise, allowing them access to less information.

ICANN 70 met online this week, and it’s unclear if any progress was made on its “emergency” policy development process to reinstate WHOIS after its public data was frozen when the GDPR went into effect, and the registry and registrar commitments that go with it.

  • For more information: Several reports support LEA’s position on reinstating WHOIS here, here, and here.
  • Contact: Ephraim Kenyanito, Article 19

# Internet infrastructure governance is not able to uphold its own values, let alone other values such as human rights: New research into the Internet Engineering Taskforce (IETF), published in the world-renowned peer-reviewed journal New Media & Society, reveals that the most widely shared values in the internet’s oldest governing body are being structurally subverted.

The study shows that, after the privatization of internet architecture in the 1990s, the interplay between the architectural principles of end-to-end, permissionless innovation, and openness subverted equality among internet users and hampered the ability to redesign the internet. While, theoretically, participation in governance bodies and standards developing organizations such as the IETF is open for everyone, it is dominated by employees of transnational corporations. The findings illustrate how corporate interests are structurally prioritized over the interests of end users in the design and maintenance of the internet infrastructure.

#  Efficacy of the organization building the internet suffers under working online: Recent data released by the Internet Engineering Task Force (IETF) reveals that since the organization moved its three yearly meetings online, the introduction of new work has declined. At the IETF’s 110th meeting earlier this month, new leadership was instated, and the new IETF chair Lars Eggert stated, “If we’re going to be meeting only virtually for much longer, we’re going to struggle with maintaining a healthy pipeline of new work.”

He noted, “Collective consensus building is not only happening during a meeting, much of it happens in between the actual meetings when people are talking to each other one on one or in smaller groups.”

This data runs counter to common assumptions that moving internet governance processes online has made organizations like the IETF more accessible and reduced friction for newcomers.

#  W3C members set out to replace the third-party cookie: How is it going?: Last year, the World Wide Web Consortium (W3C) announced that it wanted to alleviate user privacy concerns inherent to web tracking through the creation of a group of experts to discuss and research options for replacing third-party cookies. Google just announced Federated Learning of Cohorts (FLoC), a specification developed in Chrome to monitor browsing behavior in order to bundle individuals as “cohorts,” to which targeted ads will be served. While members of the W3C business group are focused on interoperability, privacy advocates are discussing the broader question of whether Google’s advanced behavioural targeting, which can lead to new ways of fingerprinting, discrimination and exploitation, isn’t worse than cookies.