The Domain Name Commission has taken on a US intelligence-gathering company and won a motion for a preliminary injunction in court.
The US-based company called DomainTools has been scraping registration data from the New Zealand Domain Name Commission ‘for years’, but that has now come to a halt.
Earlier this year New Zealand’s Domain Name Commission, which holds registration information about all .nz domain holders, offered a privacy option for domain holders who are not in trade. More than 23,000 domain holders are now using the privacy option, which allows them to hide their address and phone number from publicly appearing in online registration data searches.
DomainTools displays historic data records, however when the new privacy rules came into effect the company did not update its own database to reflect the changes. As a result, it was displaying information that is now considered private.
DomainTools requested NZ$5 million in bond to ensure that it can complete the rework of database files to hide .nz data from its customers, however the judge ruled that the necessary bond would only be $1500.
According to Domain Name Commissioner Brent Carey, the lawsuit win is good news for .nz domain name holders and their privacy.
"The ruling allows the Commission to continue balancing online accountability with respect for individual privacy. The ruling temporarily puts to an end DomainTools’ bulk harvesting of .nz domain holders’ personal information and selling that data for a profit,” he says.
DomainTools argued that the lawsuit may set a precedent and an ‘avalanche’ of litigation as other registries worldwide act to protect their registrants’ privacy – a sentiment that Judge Lasnik says may be correct.
The Domain Name Commission says that other domain name system managers around the world will pay attention to the judgement.
"We look forward to presenting our full case to the Court, as we seek to permanently prevent DomainTools from ever building a secondary .nz database offshore and outside the control of the Domain Name Commission," says Carey.
In June this year the Domain Name Commission and CERT NZ agreed to share domain registration information between the two agencies. The agreement vows to protect .nz domain names from cybersecurity threats.
CERT NZ must provide reasons for accessing the data, while the Domain Name Commission can suspend CERT NZ’s access if it believes that access has affected security and stability of the .nz domain.