The Domain Name Commission has granted CERT NZ access to otherwise hidden information about domain name owners in a move it says will enhance cyber security in New Zealand by enabling CERT NZ to alert domain name owners to cyber security issues.
Generally, this information is already publicly available. As with all other top level domains, a query of a .nz domain name returns information about that domain name including its status and details of the person or entity that registered that domain.
However, following a recent review, the Domain Name Commission changed to the .nz query function so that individual registrants who are not using the domain name to any significant extent in trade are able to withhold their telephone number and contact address information from any queries.
All other information is still returned in response to a query, including the registrant's name, email and country.
Domain Name Commissioner Brent Carey said the commission had signed a memorandum of understanding with CERT NZ, enabling CERT NZ to use its access to international cyber threat and vulnerability information together with withheld domain name registration information to alert domain owners in the .nz space to cyber security issues.
The MoU sets out how CERT NZ will be able to access withheld domain name registration information from the Domain Name Commission when cyber security threats are identified and specifies that registrants whose details are released to CERT NZ will be notified.
Carey said: “Where individuals have validly chosen our privacy option, it’s paramount we protect their privacy. Security of our domain name space critical infrastructure is equally as important. Putting this agreement in place means that we can protect that privacy while also giving CERT NZ access to some information that they need to help keep New Zealand safe.”
CERT NZ director, Rob Pope said: “When we’re alerted to issues that may affect New Zealand domain owners, this agreement means we can access the right information at the right time.”
As part of the agreement, the Domain Name Commission says it will provide regular public reports that will include “high-level information on the withheld data accessed by CERT NZ.”