The New Zealand Bankers’ Association (NZBA) wishes to make the
following submissions in response to the .nz WHOIS Fifth consultation:
NZBA and its members have no comments on the drafting and make the
following general comments.
1. As NZBA has previously submitted NZBA and its members consider the
critical component for those requesting the information is that they can
obtain the information urgently so they can act on it – cyber events happen
quickly and the more time taken to respond, the worse the situation gets.
The information should be disclosed urgently so that it can be acted on in a
matter of hours, not days or weeks. In this respect access to a telephone
number can be particularly useful. Our members see it as imperative that
they have this information, for example in order to have domains removed
or servers owned by these domains dealt with. Without this information
phishing sites that target our customers will be difficult to remove, resulting
in increased risk of financial loss by the bank and its customers.
To assist with responding to situations such as outlined above, our members
reiterate that WHOIS should have a facility for trusted
organisations/services, such as banks, to enter into an agreement which
enables information to be released to them quickly without needing an
individual assessment of whether this is appropriate each time. We
understand that the MOU concept is intended to fulfil this function.
2. NZBA and its members would expect that any MOUs will include an
expectation/requirement that the entity will:
a) only use the information for a purpose that is stated in the MOU; and
b) hold the information in such a way that it cannot inadvertently be
released to the public.
Antony Buick-Constable I Policy Director & Legal Counsel I New Zealand