After the Russian State Duma adopted the law on stable operation of the Runet, it has been approved by the Federation Council which is the upper chamber and signed by President Putin on 1 May. The law is set to take effect on 1 November 2019 and should ensure what Kremlin refers to as a ’sustainable, secure, and fully functioning' Russian Internet in case it is disconnected from the global infrastructure of the world wide web. Critics have warned that it will expand governmental control over the Internet and lead to censorship and surveillance over wide parts of the network. Russian officials first submitted the new measures in December 2018 as a response to the United States cyber strategy following the 2016 presidential elections.
Cisco Talos published a report on a new malicious cyber campaign, Sea Turtle, that affected 40 different organisations in the Middle East and North Africa (MENA) region. Targets included ministries of foreign affairs, military organisations, intelligence agencies, and major energy organisations. Researches describe Sea Turtle as a state-directed espionage campaign active since early 2017, aiming to obtain persistent access to sensitive networks and systems. The cyber-threat was not attributed to any state by Cisco Talos.
The attack used a sophisticated domain name system (DNS) manipulation thus exploiting third-party entities to reach targets such as telecommunications organisations, Internet service providers (ISPs), IT firms, registrars, and registries.
Sea Turtle compromised entities by manipulating and falsifying DNS records at various levels in the domain name space. Researchers believe that their intentions were to steal credentials and gain access to networks and systems of interest. Cisco Talos considers the Sea Turtle campaign worrisome in its realistic potential to undermine user trust in the Internet.
Responding to a request from the WhoIS Registry to reduce the annual fees of $25 000, ICANN responded stating that the new gTLD would have to pay the overdue fees by 10 Februray or risk being terminated. ICANN rules also allow gTLDs to sell their contract to other registries.
The Regional Court in Bonn, Germany has decided to reconsider a decision issued in May in a case brought forward by the Internet Corporation for Assigned Names and Numbers (ICANN). Back in May, the court dismissed ICANN's request for an injunction meant to oblige German domain name registrar EPAG to continue to collect administrative and technical contact information when domain names and registered. ICANN appealed the decision, and it was up to Bonn court to decide whether to re-evaluate its ruling or maintain it and forward the matter to the Higher Regional Court. EPAG now has two weeks to comments on ICANN's appellate papers.
The Internet Corporation for Assigned Names and Numbers (ICANN) has published a new issue of its Generic Top Level Domain (gTLD) Health Index, revealing statistics on topics such as geographic diversity of gTLD registry operators and registrars, the total number of second-level domain name registrations in gTLDs, additions and deletions in gTLDs, marketplace stability, and trust. The stats show, among others, that the regions with the largest number of ICANN-accredited gTLD registry operators and ICANN-accredited gTLD registrars are Europe, North America, and Asia/Australia/Pacific, with comparatively lower percentages in Africa and Latin America/Caribbean. According to the index, there were 195 404 000 second-level gTLD domain names at the end of the second quarter of 2017 (less than the 196 518 000 domain names in existence at the end of 2016). There were also less domain name registrations in internationalised gTLDs (IDNs) in the second quarter of 2017, compared to both the first quarter of the year and the second quarter of 2016.
In a follow-up to the adoption, in May 2018, of the Temporary Specification for gTLD Registration Data, ICANN has published for discussion the draft Framework Elements for a Unified Access Model for Continued Access to Full WHOIS Data. The specification established that registries and registrars for generic top-level domains (gTLDs) continue to collect robust domain name registration data, but personal data is restricted to layered/tired access, by users with legitimate purposes. The draft Framework Elements outline several questions to help frame the discussion on a possible model for how legitimate users could access personal WHOIS data and how such users would be accredited (the so-called 'accreditation and access model'). The document outlines an important role for governments. For example, governments within the European Economic Area would be tasked with identifying or facilitating the identification of broad categories of users eligible for continued access to WHOIS data. They would also determine authentication requirements for determining which law enforcement authorities from their jurisdictions should be granted access to full WHOIS data. ICANN also envisions that it would consult with its Governmental Advisory Committee on identifying relevant bodies to be tasked with authenticating users for access to WHOIS.
In May 2018, just a few days after the entry into force of the EU General Data Protection Regulation (GDPR), a court in Bonn, Germany, dismissed a case filed by the Internet Corporation for Assigned Names and Numbers (ICANN) against Germany-based domain name registrar EPAG, over the registrar's decision to stop collecting administrative and technical contact information when domain names are registered. ICANN has now appealed the decision to the Higher Regional Court of Cologne, announcing that its action is part of its 'public interest role in coordinating a decentralised global WHOIS for the generic top-level domain system'. The organisation is also asking the Higher Regional Court to refer the issues brought to its attention to the Court of Justice of the European Union if the court 'does not agree with ICANN or is not clear about the scope of the GDPR'. In explaining its appeal, ICANN noted that it 'appreciates and understands the dilemma of EPAG in trying to interpret the GDPR rules against the WHOIS requirements, but if EPAG's actions stand, those with legitimate purposes, including security-related purposes, law enforcement, intellectual property rights holders, and other legitimate users of that information may no longer be able to access full WHOIS records'.
The Internet Society has released the ‘State of IPv6 Deployment 2018’ report, which looks at the progress made in the deployment of Internet Protocol version 6 (IPv6) across countries, networks, and service providers around the world. Over 25% of all Internet-connected networks advertise IPv6 connectivity, and the top 10 countries using the new protocol include Belgium, Greece, Germany, the USA, Uruguay, India, Switzerland, Japan, Malaysia, and Brazil. Cited Google statistics reveal that 49 countries deliver more than 5% of their traffic over IPv6, and that there are 24 countries whose IPv6 traffic exceeds 15%. Among Alexa's top 1000 global websites, 28% are accessible via IPv6 (an increase from 23% in 2017). Among the existing 1543 top-level domains, 98.4% have an IPv6 name server addressed and can be accessed using either IPv4 or IPv6. The report notes that more work is needed to drive IPv6 deployment in many countries and that numerous networks have IPv6 on their backbone, but not provided to their end-users. It also argues that 'increasingly, IPv4 is an unnecessary cost and a speculative asset'.
In a Notice of inquiry on International Internet Policy Priorities, published in the US Federal Registry on 5 June 2018, the US National Telecommunications and Information Administration (NTIA) invites public comment on four broad digital policy issues. Under the heading 'The free flow of information and jurisdiction', the NTIA inquires about the main challenges to the free flow of information and freedom of expression online, and the role of stakeholders (including the NTIA) in ensuring free expression online. Under 'Privacy and Security', the public is invited to indicate ways in which cybersecurity threats are harming international commerce and to suggest the international venues that are the most appropriate for addressing online privacy issues. A section on the 'Emerging Technologies and Trends' asks which emerging technologies should be in focus in international policy discussions, and where they should be discussed. The section that seems to have attracted the most attention is entitled 'Multistakeholder Approach to Internet Governance', and tackles issues related to the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Governance Forum (IGF). On the one hand, the NTIA asks the public whether (and why) the Internet Assigned Names Authority (IANA) stewardship transition should be unwound. On the other hand, suggestions are sought on how to lower the barriers to engagement at the IGF and how the IGF can be improved.