According to the Federal Council, a large number of counterfeit shops in Germany have DE domains that are considered “particularly trustworthy” by consumers. In a statement on the Federal Government’s draft legislation to implement the Second EU Directive on Network and Information Security (NIS2), the State Chamber therefore reiterates “the obligation to verify the identity of domain registrations and domain transfers using qualified identification procedures”. Invokes. VideoIdent mechanisms or the presentation of electronic proof of identity (EID), which is included in the identity card, among other things, should be considered. In any case, providers must be able to “obtain certainty about the identity of the person involved”.
Advertisement
Must be “accurate and complete domain name registration data” The decision was taken on Friday on the presentation of the Federal Council “In the database for inquiries about persons with authorized access” (Whois). Domain registrars and registration service providers want countries to be obliged to make domains available to authorized users, such as security authorities, consumer advice centers or specialized service providers, “in as much real time as possible”. The federal government should also advocate for clear rules under which “domains can be blocked if misuse occurs”. It should be examined “to what extent automated processes” can be used.
“To combat counterfeit shops in the face of abuse, timely and full availability of registration data is essential to detect and respond to incidents,” the states explain in their initiative and a general statement of the Conference of Consumer Ministers. Mention the proposal. Since fraudulent online stores “with a legitimate address of another company are particularly dangerous”, it is relevant in view of the General Data Protection Regulation to “compare the location in the imprint of the counterfeit shop with the location stored in the Denik registration data”. (GDPR) information is mandatory.
Government scheme should be made much stricter
The government draft also sets out the obligation to maintain a database with “accurate and complete domain name registration data”, as well as to provide access “immediately” within the meaning of the NIS2 Directive – within 72 hours at the latest. However, the Federal Council is pushing for a large-scale tightening of these articles.
This would further restrict anonymous use of the Internet. Forced identification puts website operators at risk, as only online anonymity can effectively protect against data theft, stalking, identity theft, doxxing and so-called death lists, former EU MP Patrick Breyer passed the NIS2 Directive Had complained when it happened.
Marginalized groups, whistleblowers, and political activists in particular need the option to remain anonymous. Also Denik, who is responsible for the DE domain refuted the claimsAccurate and complete registration data is essential to the security, stability, and resiliency of the Domain Name System (DNS).
The Federal Council is committed to ensuring that the police and constitutional protection authorities of the federal states continue to receive “support services” from the Federal Information Security Office (BSI) – and not just administrative assistance, which is easy to refuse. Especially given the current security situation, incidents can also be imagined at the local level in which Bonn authorities would have to actively support state offices.
The IT security label given by BSI should also take into account “data security issues”, it should be extended to “all consumer-related products and services with digital elements” and expanded to include an intuitive scale in asterisks Should be done. The Executive must “appropriately reflect the ever-increasing security threat to hospitals” through digitalisation. However, the Federal Council is not troubled by the fact that municipalities and districts should generally not be subject to increased cybersecurity requirements.
(USC)
