back to article German court snubs ICANN's bid to compel registrar to slurp up data

Global domain name system overlord ICANN’s latest attempt to deal with compliance with European data protection law has been dealt a blow after a German court rejected its request to force a registrar to keep gathering people’s information. The DNS overseer filed a lawsuit in Bonn against German domain registrar EPGA on Friday …

  1. DJV Silver badge

    ICANN

    They keep getting slapped but are too stupid to know when to fall down. Sigh...

    1. TheVogon

      Re: ICANN

      "He added: "ICANN is continuing to pursue the ongoing discussions with the European Commission, and WP29, to gain further clarification of the GDPR as it relates to the integrity of WHOIS services." "

      Seems very clear to me - It must be an opt in service for anyone covered by GDPR. For those that decline i dont see why providing the details of the registry holding the domain registration data isnt an acceptable substitute. Not that you can't already get that from DNS.

      This provides a route for police, security services and copyright cartels to go after data needed for legitimate purposes. If anything thats a better solution as registration data is often inaccurate or incomplete or private anyway. Especially when the domain is used for legally questionable purposes.

      The reason that Icann are fighting this path as a tool of US interests - is that court orders would commonly be required in non US jurisdictions. And the US likes to pretend that US law has global reach.

    2. Anonymous Coward
      Anonymous Coward

      Re: ICANN

      No, UCAN'T

      1. I ain't Spartacus Gold badge
        Happy

        Re: ICANN

        ICANN

        UCAN'T

        ICANN

        Look, Orville.

        WHOIS your very best friend?

        I'm gonna help you mend, your broken hear.

        [children's TV flashback]

  2. Anonymous Coward
    Anonymous Coward

    If only it were the other Icahn getting slapped down in court, the alleged (legal bit) asset stripping one.

    1. Alistair
      Windows

      Perhaps we should put Carl Icahn in charge of ICANN so that we can put all the ICANTs in one basket.

      And then have Elon Musk put the whole works on the test launch of the BFR.

      1. Anonymous Coward
        Anonymous Coward

        >And then have Elon Musk put the whole works on the test launch of the BFR.

        Or set them off in a tesla on autopilot.

      2. Anonymous Coward
        Anonymous Coward

        FTFY

        I think you'll find its pronounced ICunnts

      3. quxinot

        >And then have Elon Musk put the whole works on the test launch of the BFR.<

        Why bother wasting payload space? Just set them on the launchpad next to it, that'll work just as well.

  3. Anonymous Coward
    Anonymous Coward

    Can we have more of that

    Americans being explained that they can shove USA law where Das Sonne does not shine outside USA. Can we have more of that. Applause.

    1. Anonymous Coward
      Anonymous Coward

      Re: Can we have more of that

      Given their reactions so far - from Tronc having a hissy fit and blocking their various publications from being accessed from the EU at all, through the myriad websites like Forbes who only offer the options of data slurping or no service (ie no meaningful consent, so fail) - it seems that most American companies are having a hard time understanding that European laws apply in Europe.

      1. JassMan
        Holmes

        Re: Can we have more of that

        They also seem to have a hard time understanding that a contract is a legal document and therefore can't contain clauses to force someone to break the law.

        Law trumps contracts every time.

    2. TheVogon

      Re: Can we have more of that

      "Americans being explained that they can shove USA law where Das Sonne does not shine outside USA."

      And even better by a law that effectively forces many US companies to abide by EU law. What goes around comes around.

      1. Joe Werner Silver badge

        Re: Can we have more of that

        Well, they only need to stick to the laws where they operate. And their business partners cannot be forced contractually to break the law.

        Nothing new to be seen, move along.

      2. Anonymous Coward
        Anonymous Coward

        Re: Can we have more of that

        Find yourself without the Net someday.!!!!!!

  4. Wolfclaw

    beggers belief how incompetent ICANN can be, two years notice and they still scew it up !

    1. TheVogon

      "beggers belief how incompetent ICANN can be, two years notice and they still scew it up !"

      To be fair on Icann, lots of powerful US interest groups were largely responsible for that. They were likely politically unable to effectively scrap Whois contractual obligations until it was clear that they had to.

      1. John Brown (no body) Silver badge

        "They were likely politically unable to effectively scrap Whois contractual obligations until it was clear that they had to."

        They've had two years notice. That seems like quite a lot of time to take proper legal advice and frame the questions they wanted clarification on. Leaving it 'till the last few days and then launching legal action after the fact sounds more like incompetence than being politically unable to act.

    2. Mark 85

      They haven't screwed it up.... yet. All they've done is bury their head in the sand, occasionally scream, and then ignore the rule. Seriously, they need a year or two? I'd think a simple change to their web pages regarding signup and WHOIS would kill that info. Add in a select wipe of date from the database and job done.

      Having said that, I know there's a lot of politics (and money) behind this or they wouldn't have been fighting/ignoring it for so long.

  5. Will Godfrey Silver badge

    How entirely...

    expected.

    Both the result and the following bluster.

    This has almost got too boring for popcorn.

    1. Oengus

      Re: How entirely...

      Maybe so but my popcorn futures are still looking good. There are going to be so many of these cases.

  6. MiguelC Silver badge

    That was fast

    Swift justice, I should say

  7. lsces
    FAIL

    Privacy Brick Walls

    Given the number of .com and .net domains that are hidden behind 'privacy services' is it any suprise that the courts don't buy that the data is 'essential'. At least Nominet complies with GDPR and ensures that REAL contact information is logged against a domain!

    1. TheVogon

      Re: Privacy Brick Walls

      "At least Nominet complies with GDPR and ensures that REAL contact information is logged against a domain!"

      All that Nominet do is ensure that the name and address likely exist. They don't even have to be linked. There is no validation that they have any relationship to the domain owner or to each other. It's just a close to valueless gesture.

  8. Grikath

    Damn..... That was fast...

    ICANN just found out that european courts do not work like the US...

    If it's *really* important, the courts can and *will* tell you your Hot Air is just that.... Within a week, no problem...

    So... precedent set... ICANN slides to ICANN't. Done and dusted. NEXT!!

  9. Anonymous Coward
    Anonymous Coward

    ICANN not get my own way !!!???

    "...ICANN’s general counsel John Jeffrey said that the ruling “did not provide the clarity that ICANN was seeking when it initiated the injunction proceedings”.

    Translation:

    I did not get the result I wanted, so we will continue to trawl the EU/German law books to find another basis to get our way !!!

    (BTW: How much does it costs to get a ruling in MY favor in the EU !!!???)

  10. Doctor Syntax Silver badge

    Despite these comments, ICANN’s general counsel John Jeffrey said that the ruling “did not provide the clarity that ICANN was seeking when it initiated the injunction proceedings”.

    I'd say it provides excellent clarity. It shows that European registrars know what they're doing, know that some of the ICANN contract terms, being unenforceable in the EU, should be ignored and the business should proceed along legal lines. The sensible thing for Jeffrey to do would be to go back to his clients and tell them to let those registrars continue doing what the law says they should do.

    But wow. That must have been one of the shortest times on record for a European court to give a US corporation a flea in its ear.

    1. Nick Kew

      A German Court

      That must have been one of the shortest times on record for a European court to give a US corporation a flea in its ear.

      German courts are famous for not taking certain forms of nonsense. They have form.

      ICANN went to a German court, the first day of GDPR. That smells of jurisdiction-shopping. They wanted to lose, and they wanted a quick and clean loss. They got it. They even picked on a suitably deep-pocketed victim to be sure that being properly lawyered wouldn't cause undue pain and perhaps a perverse result (like going out of business).

      Now they have a result they need to help deal with their own internal politics and shady lobbyists.

      1. Anonymous Coward
        Anonymous Coward

        Re: A German Court

        > They wanted to lose, and they wanted a quick and clean loss.

        That is indeed the only plausible explanation.

        I mean, suing to force someone to breach people's privacy? In Germany???

  11. Stoneshop
    Flame

    Clarity

    "Despite these comments, ICANN’s general counsel John Jeffrey said that the ruling “did not provide the clarity that ICANN was seeking when it initiated the injunction proceedings”."

    Clarity to the willfully obtuse is ultimately provided by the Hot Enema of Enlightenment.

    1. Mark 85

      Re: Clarity

      Clarity to the willfully obtuse is ultimately provided by the Hot Enema of Enlightenment

      Wow... thumbs up for an analogy worthy of at least a barrel of mind bleach.

  12. sequester

    Direct link from article is blocked

    To access the ruling, I had to copy the link and open it "manually", clicking it lead(s) to a "Temporary Maintenance" page.

  13. JBowler

    ICANN is the epitome of malevolent bureaucracy

    Over the years I've battled with domain registration hurdles despite, pretty much forever, having had a registration within the system. It's broken; shred the RFCs, they are just being used to extract money and prevent service.

    Take a look at the whois information for apple.com; a company who, surely, would want to distinguish administrative and technical queries. This comes from:

    https://www.whois.com/whois/apple.com

    This is what you get if you copy'n'paste the email addresses (as plain text, without the HTML). I have javascript blocked by default and it is blocked on this page:

    Registrar Abuse Contact Email: email@cscglobal.com

    Registrant Email: email@apple.com

    Admin Email: email@apple.com

    Tech Email: email@apple.com

    If you use a whois query directly, however (i.e. not a web browser, open a command line and type "whois apple.com"; I did this on a gentoo machine; OpenSUSE on Windows simply doesn't show the information) you get:

    Registrar Abuse Contact Email: domainabuse@cscglobal.com

    Registrant Email: domains@apple.com

    Admin Email: domains@apple.com

    Tech Email: Apple-NOC@apple.com

    You can see for yourself what they actually display as; the second list, not the first. The HTML reveals that the emails displayed are pictures, here is one:

    https://www.whois.com/eimg/2/49/249f6ba0eb9411f5354b2db5f1351bfa006f5f7c.png

    Well, ok, you can't see that can you! Clever trick eh? It exploits the ability of PNG images to encode semi-transparent images. The PNG image has two "colors" in it, one is black, the other is transparent. The transparent parts display the word "domains", but only if you view the image over a non-black background.

    So why on earth would Apple/ICANN go to such lengths to obfuscate information that is readily available to someone like me who hasn't progressed out of the Bourne Shell?

    Because they think they are really clever.

    1. MacroRodent

      Re: ICANN is the epitome of malevolent bureaucracy

      Umm, whois.com is not ICANN, jus another web business. How they present the data should not be relied on. I guess the only official way to get whois data is a query with the whois protocol.

    2. Anonymous Coward
      Anonymous Coward

      Re: ICANN is the epitome of malevolent bureaucracy

      > If you use a whois query directly, however [...] you get:

      Where are you based? In Europe, since last week you get this:

      > whois apple.com

      Domain Name: APPLE.COM

      Registry Domain ID: 1225976_DOMAIN_COM-VRSN

      Registrar WHOIS Server: whois.corporatedomains.com

      Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html

      Updated Date: 2017-07-06T03:10:21Z

      Creation Date: 1987-02-19T05:00:00Z

      Registry Expiry Date: 2021-02-20T05:00:00Z

      Registrar: CSC Corporate Domains, Inc.

      Registrar IANA ID: 299

      Registrar Abuse Contact Email: domainabuse@cscglobal.com

      Registrar Abuse Contact Phone: 8887802723

      Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

      Name Server: A.NS.APPLE.COM

      Name Server: B.NS.APPLE.COM

      Name Server: C.NS.APPLE.COM

      Name Server: D.NS.APPLE.COM

      Name Server: E.NS.APPLE.COM

      Name Server: F.NS.APPLE.COM

      DNSSEC: unsigned

      URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

      >>> Last update of whois database: 2018-06-03T01:01:29Z <<<

  14. don't you hate it when you lose your account

    WTF

    But your honor, when the crime was committed my client was wearing his "if you allow me in to your store you accept my right to leave without paying" T-Shirt.

    Well that obviously trumps the law

  15. teebie

    “did not provide the clarity that ICANN was seeking when it initiated the injunction proceedings”

    You say 'clarity', you clearly mean 'result'

  16. DropBear

    "But the court, noting that it was possible for a registrant to provide the same data for each of the three contacts - and that this had not led to a registration being denied."

    Carefully saved in my doom survival toolbox, to be used in case I ever need to well and truly lock up a malicious hive mind or AI.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like