Closing the Governance Gaps: New Paradigms for a Safer DNS

Report

The discussion primarily focused on addressing DNS technical abuse and the need to move beyond basic technical issues to tackle more complex challenges. Contractors have made suggestions that have been adapted and utilized, indicating progress in addressing DNS technical abuse.

It was acknowledged that there are no ‘good’ botnets, thus emphasizing the importance of taking them down.

Another topic of discussion was the capacity gap faced by developing countries in DNS governance. It was highlighted that developing countries lack legal infrastructure and physical infrastructure, which hinders their ability to effectively govern DNS.

Strengthening collaboration between all stakeholders, including civil society, the private sector, development partners, and experts, was seen as essential to bridge this gap and minimize it.

Preemptive regulation was viewed positively during the discussions. The community appreciated the proactive approach to dealing with problems before they escalate and require regulation.

This approach aims to address issues beforehand and prevent any potential harm.

New DNS standards were considered to have the potential to introduce new governance challenges. The speaker raised concerns about the potential difficulties that may arise when implementing these standards.

It was recognized that careful consideration and planning are necessary to navigate any challenges that may arise.

The need for more diverse policy stakeholders within the standards community was highlighted. It was argued that the current standards community lacks diversity and is not welcoming to collaborative, multi-stakeholder approaches.

Encouraging a more inclusive and diverse community was seen as crucial for the development of effective policies and governance frameworks.

There was a discussion about DNS or registries not always being the best-equipped entities to address internet issues.

It was pointed out that issues such as content removal on platforms hosted on a network are beyond the control of registries or registrars. The responsibilities for handling different internet issues should not solely fall on DNS or registries. Telecom companies and other relevant parties could play a role in addressing specific issues.

A clear delineation between DNS-related issues and broader internet problems was advocated.

It was emphasized that not all problems on the internet can be attributed solely to DNS. Issues that can only be resolved by platforms or other entities should not be allocated to DNS or registries.

The security and relevancy of the DNS were questioned during the discussion.

With the proliferation of domains, the value and importance of individual domains have diminished. Attackers can easily obtain thousands of domains, making the cost of losing a domain irrelevant for them. The present form of domain availability facilitates and enables attackers.

In conclusion, the discussion revolved around a range of essential topics related to DNS governance, addressing technical abuse, capacity gaps in developing countries, preemptive regulation, new DNS standards, diversity in policy stakeholders, roles and responsibilities of DNS and registries, delineation between DNS-related issues, and broader internet problems, and security challenges in the DNS.

The insights gained from the discussions emphasize the need for collaborative efforts, diverse perspectives, and careful considerations to ensure effective governance and security in the DNS ecosystem.

Report

The European Commission (EC) is an active member of ICANN and aims to provide support rather than imposing strict regulations. The EC recognizes the importance of not being solely viewed as a regulatory body in relation to ICANN. Esteban Zanz, a member of the EC, agrees with his colleague’s approach on contractual negotiations, indicating a positive sentiment towards supporting ICANN.

However, there is a need for more proactive measures and transparency in dealing with DNS abuse.

Esteban Zanz suggests the application of artificial intelligence as a proactive measure in addressing DNS abuse. He also points out the lack of transparency in the current amendments, indicating a neutral sentiment towards the current state of affairs. While the current amendments are seen as a step in the right direction, they are considered to be insufficient in addressing the issue of DNS abuse effectively.

Esteban Zanz believes it is crucial to separate discussions on technical DNS abuse and content DNS abuse.

He argues that this separation is crucial to address the specific challenges associated with each type of abuse. This neutral sentiment suggests that there is room for improvement in the current approach towards DNS abuse.

Moreover, Esteban Zanz advocates for principles to prevent harmful internet regulation by states.

He emphasizes the importance of globally accepted principles that restrict certain actions taken by states to regulate the internet. This positive sentiment indicates a desire for a fair and open internet, free from harmful regulation.

Esteban Zanz also expresses concern over the misuse of the internet by authoritarian countries to control their population.

He points out that the internet is being used as a tool of control by these countries. This negative sentiment highlights the need for action to prevent such misuse and protect the freedom of the internet.

In discussions surrounding the New Generic Top Level Domains (NSWs), capacity building is considered key.

ICANN is making efforts to include representatives from regions outside the Global North in NSWs discussions to ensure a fair representation. The current involvement of the Global North in these discussions is seen as predominantly dominant, suggesting a negative sentiment towards the lack of diversity and representation.

Furthermore, capacity building is acknowledged as a fundamental issue in the context of future internet and NSWs discussions.

The Declaration for the Future of the Internet supports capacity building initiatives, indicating a positive sentiment towards addressing this issue.

In conclusion, the European Commission aims to support ICANN without imposing strict regulations. However, there is a need for more proactive measures and transparency in dealing with DNS abuse.

The current amendments are seen as inadequate, and Esteban Zanz emphasizes the importance of separating discussions on technical and content DNS abuse. He also calls for globally accepted principles to prevent harmful internet regulation by states and expresses concern over the misuse of the internet by authoritarian countries.

Capacity building is crucial in NSWs discussions, and efforts are being made to include representatives from regions outside the Global North. Additionally, capacity building is being addressed in the context of future internet and NSWs discussions.

Report

DNS abuse can be interpreted differently by various stakeholders, including users, providers, and governments. This discrepancy arises due to their different perspectives and priorities. There is currently no international consensus on the definition of harm in relation to DNS abuse.

This lack of agreement further complicates efforts to address and mitigate the issue on a global scale.

Moreover, the approach to dealing with DNS abuse varies across jurisdictions. Some jurisdictions advocate for a proactive approach, where measures are taken to prevent abuse before it occurs.

On the other hand, other jurisdictions prefer an approach that requires proof of harm before taking action. This discrepancy in preference highlights the diverse regulatory landscapes and cultural perspectives surrounding DNS abuse.

The work of Internet & Jurisdiction, specifically the domain group, has played an important role in advancing the conversation on DNS abuse.

Their efforts to establish a shared understanding of terms and the proportionality of response have resulted in contractual amendments within the Internet Corporation for Assigned Names and Numbers (ICANN). This demonstrates the progress made in addressing DNS abuse through collaborative initiatives and international cooperation.

Fiona Alexander, a prominent supporter, emphasizes the importance of voluntary action for resolving DNS abuse.

She believes that voluntary actions are typically more effective, targeted, and faster in response to emerging challenges. However, she emphasizes the need for transparency and due process to ensure the integrity of these voluntary systems.

Regulation has always been present in the technology sector, and its approach has evolved over time.

Early regulations extended even to the telegraph, and with the proliferation of the internet, the approach to regulation has shifted. This observation highlights the continuity of regulatory practices while acknowledging the need for adaptability and updated approaches in the digital age.

Solving complex problems related to DNS abuse requires a multi-stakeholder approach, where inclusive discussions are encouraged.

This approach goes beyond simply collecting feedback and publishing notices. It emphasizes the importance of understanding not only the “what” but also the “how” of addressing these issues. Inclusive discussions foster learning and cooperation among stakeholders, leading to better outcomes.

It is acknowledged that no single stakeholder group or government body can solely resolve the problems associated with DNS abuse.

Collaboration and engagement from all parties involved are necessary for successful outcomes. When stakeholders sit separately and fail to engage in an inclusive discussion, solutions become elusive. The imperative lies in bringing together all relevant actors for open and sustained conversations.

Furthermore, it is crucial to involve actors from the Global South in discussions surrounding DNS abuse.

Their perspectives and experiences can provide valuable insights and help identify and address areas of concern. By ensuring inclusivity, the understanding of DNS abuse can be enriched, and gaps in solutions can be better identified and addressed.

In conclusion, DNS abuse is a complex issue that can be interpreted differently depending on the perspectives of users, providers, and governments.

The absence of an international agreement on harm and the varying preferences for proactive approaches highlight the challenges in effectively addressing DNS abuse. However, the work of organizations like Internet & Jurisdiction and the advocacy for voluntary action from advocates like Fiona Alexander underscore the progress being made.

Employing a multi-stakeholder approach, inclusive discussions, and involving actors from the Global South are essential for addressing DNS abuse comprehensively and finding effective solutions.

Report

The internet regulation is increasingly necessary as it matures, according to a collection of related topics and arguments. It is believed that regulation is not a hindrance but rather a way to shape and frame the internet as it evolves.

However, there are concerns about the implementation of this regulation.

Google, a major player in the internet industry, supports regulation but expresses concerns about the specific methods and approaches used. They recognize the importance of tackling harmful content but emphasize the need for balanced and well-regulated measures to ensure users’ online experiences are not negatively impacted.

This highlights their commitment to maintaining a safe online environment while also preserving freedom of expression and innovation.

Google has established its own set of policies and community guidelines to tackle harmful content. They actively demonetize inappropriate content and promote the dissemination of quality information.

Additionally, Google collaborates with researchers and the industry to develop and share technical solutions for addressing harmful content. This proactive approach demonstrates their commitment to combating online issues and promoting responsible internet use.

However, one challenge in addressing internet-related issues is the deficit in government engagement and collaboration with the multistakeholder community.

The analysis suggests that policymakers need to actively listen to the technical community, industry, and civil society. Relying solely on public consultations falls short of fostering effective collaboration and addressing the complexities of internet regulation.

To achieve balanced regulation, proactive outreach, education, and advocacy are called for.

The industry needs to demonstrate its commitment to combating harmful content and ensuring a safe online ecosystem. Caution should be exercised when implementing DNS-level actions, as there is a risk of unintended consequences and significant collateral damage.

The analysis also emphasizes the importance of capacity building in handling harmful internet content.

Practical steps and solutions are needed, with specific initiatives suggested. For example, continuing discussions can help identify practical measures, and existing platforms like the School on Internet Governance can be utilized for engaging different stakeholders. Online training for governments worldwide is proposed as a means to deepen understanding and foster collaboration in addressing internet-related challenges.

In conclusion, the analysis indicates that as the internet continues to mature, regulation becomes increasingly necessary.

Google supports regulation but calls for a balanced approach that addresses harmful content without impeding innovation and freedom of expression. The deficit in government engagement and collaboration with the multistakeholder community needs to be addressed, and proactive outreach, education, and advocacy are crucial.

Capacity building plays a vital role, and practical steps such as discussions and online training for governments should be pursued. Ensuring a safe and accountable internet ecosystem requires collaborative efforts from various stakeholders.

Report

The ICANN community has made significant progress in addressing the issue of DNS abuse through a slow but effective collaborative process. Stakeholders have actively raised concerns about DNS abuse, leading to recent efforts to incorporate DNS abuse definitions and clauses into the Registrar Accreditation Agreement and Registry Agreements.

This move reflects the community’s dedication to tackling DNS abuse before the next round of generic top-level domains.

DotAsia has highlighted the importance of collaboration within the DNS ecosystem and emphasized the proactive measures taken by the DNS industry to combat DNS abuse.

They have signed a Memorandum of Understanding (MOU) with TWNIC for a trusted notifier system, showing their commitment to addressing DNS abuse promptly and effectively. Additionally, DotAsia is exploring the establishment of relationships with other organizations, such as APNIC, AP cert, and SANOG.

Regional gaps in the approach to DNS abuse and regulation have been observed, particularly between the European region and the Asia-Pacific region.

Operators in the Asia-Pacific region are stepping up to fill these gaps by actively addressing DNS abuse issues. However, there is a need for greater harmonization and coordination between regions to ensure a consistent and comprehensive approach to combating DNS abuse.

One notable challenge to cybersecurity investigations is the impact of the General Data Protection Regulation (GDPR) enacted by the European Union.

The GDPR has resulted in the redaction of personal information of EU citizens from the ICANN registration lookup system. As a result, law enforcement agencies have faced difficulties in conducting cybersecurity investigations, leading to feedback from Interpol describing the system as “useless.” This underscores the need to strike a balance between privacy and enabling essential functions for law enforcement agencies.

Jen Rong Lo reflects on the difficulties faced when implementing the GDPR without consulting other branches of government.

This lack of consultation has resulted in challenges for law enforcement agencies. Effective communication between different stakeholders is crucial to navigating these complexities, especially with the involvement of multiple stakeholders in the DNS industry.

In addition to its efforts in addressing DNS abuse, ICANN contributes to capacity building for law enforcement agencies, helping them enhance their understanding and implementation of DNS security measures.

This collaboration demonstrates ICANN’s commitment to promoting a secure and stable DNS ecosystem.

Furthermore, ICANN and the industry adopt a cautious approach when introducing new DNS standards. Instead of starting from scratch, they prefer to build on established standards such as DNSSEC and DAIN.

This approach ensures continuity and stability in DNS operations while enabling incremental improvements to DNS security.

In conclusion, the ICANN community has made remarkable progress in addressing DNS abuse through a slow yet effective collaborative process. The inclusion of DNS abuse definitions in Registrar and Registry Agreements, as well as the proactive measures taken by organizations like DotAsia, emphasizes the commitment to combating DNS abuse.

However, regional gaps, the impact of the GDPR, and the challenges of regulating privacy without hindering essential functions remain areas of concern. Effective communication and coordination between stakeholders are essential to achieving a harmonized approach to DNS abuse and regulations.

ICANN continues to play a vital role in capacity building and adhering to established DNS standards, gradually enhancing DNS security.

Report

During a discussion on the subject of registry operators and DNS abuse, Jennifer Chung highlighted the significance of transparency and due process in effectively dealing with internet abuse. She argued for the implementation of a policy that takes into account the insights of child rights experts and users who report instances of abuse.

Chung stressed the importance of maintaining a comprehensive record of every reported abuse case and the subsequent actions taken. This approach not only ensures transparency but also allows for recourse in case of any disagreements.

In addition, DotAsia was commended for its active involvement in capacity-building projects within the Asia Pacific region.

The organization collaborated with reputable organizations such as ICANN, KISA, Google, and others to drive initiatives that promote the development of industry, innovation, and infrastructure. These projects aim to enhance the overall capabilities and competencies of the region, contributing to the achievement of the United Nations’ Sustainable Development Goal 9.

Furthermore, the discussion highlighted the need for multi-stakeholder collaboration when addressing DNS security.

It was emphasized that comprehensive and effective security measures require the cooperation of all elements within the DNS ecosystem. Chung emphasized the importance of this collaborative approach, which is aligned with the United Nations’ Sustainable Development Goal 17, focusing on partnerships for sustainable development.

However, the discussion also included criticism of mere consultations, which were deemed insufficient for meaningful stakeholder participation.

Chung argued that more than just consultation is required for true and effective multi-stakeholder collaboration. The sentiment expressed was that a more active and engaged approach is necessary to achieve desired outcomes and make progress towards the United Nations’ Sustainable Development Goal 16, which pertains to peace, justice, and strong institutions.

In conclusion, Jennifer Chung’s discussion shed light on several important aspects of the issues surrounding registry operators and DNS abuse.

She highlighted the importance of transparency, due process, and multi-stakeholder collaboration in addressing internet abuse, enhancing capacity-building efforts, and ensuring DNS security. The criticism of mere consultations emphasized the need for more substantial and active stakeholder participation. Overall, the discussion provided insights into the complexities and potential ways forward when it comes to these critical matters.

Report

The DNS ecosystem comprises various actors, each playing a specific role in mitigating online harms. These actors include registries, registrars, hosting companies, CDNs, and ISPs. Each actor has their own set of responsibilities and capabilities when it comes to addressing online harms.

For instance, in the ICANN community, governance by contract is a method used to define the obligations of registries and registrars. CCTLDs (Country Code Top-Level Domains) have relationships with local governments or local internet communities for governance. Hosting companies and providers are subject to the laws of their jurisdictions and adhere to industry best practices.

Collaboration and partnership among the different actors in the DNS ecosystem are essential for proactive harm mitigation.

By better communicating and working together, they can identify and act on trends and address bad actors effectively. Collaborative measures can also help reduce costs and allow for a proactive response to potential risks. By showcasing their collective commitment to harm mitigation, the DNS sector can send a message to regulators about their initiatives and proactive approach.

Although regulation in the DNS industry is inevitable, it should aim to avoid fragmented jurisdictional approaches.

If the industry does not take the initiative to regulate itself, it may end up being regulated by external forces. Fragmented jurisdictional approaches could arise if external regulation is introduced. However, regulation can be appropriate in certain circumstances, provided it is informed and educated.

Recognising that regulation is already present, involving input from the industry and civil society is important for effective regulation.

Industry players in the DNS ecosystem, such as registries, registrars, hosting companies, CDNs, and ISPs, need to collaborate and communicate more effectively to identify and mitigate the actions of bad actors.

Improved engagement and collaboration across different sectors within the industry can bring about fundamental opportunities in combating online harms.

Understanding the roles, responsibilities, and technical capabilities of the different actors in the ecosystem is crucial to ensure that the appropriate actor takes the necessary action to address the harm.

This understanding enables actions to be proportionate and avoids negatively and disproportionately impacting users and other parts of the ecosystem. Transparency, due process, and recourse should be essential considerations when mitigating online harms.

Trusted notifiers, if involved in requesting actions on DNS to take down content, should operate within a system that ensures provenance, transparency, proportionality, due process, and recourse.

Concerns are raised about the authority and procedures of trusted notifiers, particularly if they operate outside the traditional court system. Discussions about the procedures, processes, and authority of trusted notifiers are needed to maintain the integrity of the system.

ICANN’s contracted parties have voluntarily initiated contract negotiations to tackle DNS abuse within their respective roles, responsibilities, and capabilities.

This voluntary action demonstrates their commitment to addressing the issue and ensuring a safer online environment.

Registries and registrars in the ICANN space are dedicated to multi-stakeholder engagement and policy development processes through the GNSO (Generic Names Supporting Organization).

They actively participate in community-based consensus policy development, further emphasizing their commitment to collaboration and stakeholder involvement.

Ongoing conversation, collaboration, and information sharing involving all actors, including those from the industry, are vital. This ongoing dialogue ensures that all stakeholders are actively engaged in addressing the challenges of the DNS ecosystem.

Recognising the need to tackle online harms, industry associations and various operators are currently engaged in conversations to find effective solutions.

Overall, the DNS ecosystem requires the collective efforts of its actors, along with collaboration, transparency, and proactive measures, to mitigate online harms effectively.

By understanding each actor’s roles, responsibilities, and capabilities, and through ongoing collaboration, the DNS industry can work towards a safer and more secure online environment.

Report

The discussion centred around various aspects of DNS abuse and internet governance. A key focus was on the effectiveness of ICANN’s multi-stakeholder model in addressing emerging challenges like DNS abuse. The model allows for the participation of different stakeholder groups, facilitating comprehensive decision-making.

It was noted that progress has been made in the ICANN community towards tackling DNS abuse through this model.

Participants agreed that stronger amendments and clearer definitions are needed to combat DNS abuse effectively. The existing agreements between ICANN and accredited registrars and registries are being reviewed and updated to incorporate provisions against DNS abuse.

However, it was argued that these amendments could be strengthened by providing more concrete measures and objectives.

The power of voluntary action in handling DNS abuse was emphasised. Voluntary actions were deemed more effective, targeted, and swift in addressing such issues.

The role of organisations like ICANN, with international reach, in making a significant impact on DNS abuse was also acknowledged.

A critical point of discussion was the need to strike a balance between combatting DNS abuse and respecting human rights and freedom of expression.

Acknowledgment was made that different jurisdictions may require different approaches based on local laws and context to maintain this balance effectively.

Efforts by domain registries, such as .asia, to go beyond their contractual obligations and proactively enhance DNS security were commended.

These efforts include using trusted notifier systems, cooperating with regional partners, and promoting proactive approaches.

The importance of collaboration and communication among industry stakeholders in mitigating online harms was highlighted. Recognition was given to the need for industry, technical community, and civil society to be involved in policy-making processes.

Active engagement by governments with the multi-stakeholder community was seen as crucial for a balanced and effective regulatory approach.

The discussions also addressed the regulation of the digital industry. While acknowledging the inevitability of regulation, participants emphasised the need for informed and educated regulation that considers the diverse needs and complexities of the digital ecosystem.

Concerns were raised about the practice of using trusted notifiers to regulate content, emphasising the need for transparency, proportionality, and effective recourse mechanisms.

Maintaining provenance and ensuring fairness and transparency in all actions taken were seen as essential.

The need for capacity building and international cooperation in DNS governance, particularly in developing countries, was recognised. Inclusive discussions involving the Global South were considered important to ensure diverse perspectives and effectively address the capacity gap.

The unintended consequences of the General Data Protection Regulation (GDPR) were discussed, particularly its impact on law enforcement agencies’ cybersecurity investigations.

Extensive consultations between regulatory bodies and stakeholders were seen as necessary to prevent unintended negative impacts.

The role of registry operators in combatting DNS abuse and ensuring safe online content, especially in child-related domains like .co, was acknowledged.

Efforts such as implementing national hotlines, protocols for blocking specific URLs, and collaborations with judiciary and international organisations were commended.

The discussions highlighted the need for a comprehensive understanding of the DNS ecosystem and internet security. Outdated security practices were deemed ineffective, emphasising the importance of proactive measures to enhance internet security.

Overall, the discussions underscored the importance of collaborative, informed, and inclusive approaches to tackling DNS abuse and addressing internet governance challenges.

The multi-stakeholder model, voluntary actions, clear definitions, and effective regulation were seen as critical in creating a secure and trustworthy internet environment. Capacity building, industry collaboration, and international cooperation were also recognised as essential elements for success.

Report

The analysis reveals several important findings about CCTLDs and internet governance. Firstly, unlike gTLDs, CCTLDs are not bound by the policies developed within ICANN processes. Instead, CCTLDs have policies that are based on local regulations and work in coordination with local communities, providing them with greater flexibility in tailoring their policies to the specific needs and priorities of their region.

Additionally, region-specific challenges exist, including gaps in understanding among different types of authorities about the functioning of the internet and its governance models.

These challenges emphasize the need for increased awareness and education about internet governance among various stakeholders.

One positive development in this regard is the proactive and collaborative initiatives that have been undertaken, such as the ‘illegal content workshop’.

This workshop aims to raise awareness of the internet’s operation and its governance models among judges, prosecutors, and law enforcement agents. By doing so, it seeks to address the issue of illegal content and foster a safer online environment.

Furthermore, building regular dialogue and cooperation networks between national authorities and CCTLDs or other technical operators has a positive impact.

This highlights the importance of fostering partnerships and collaboration to enhance internet governance and overcome regional challenges.

However, it was observed that there is a lack of regulations in the LAC region promoting harmonisation of policies among the CCTLDs.

This lack of harmonisation can lead to inconsistencies and variations in the approaches adopted by different CCTLDs in the region, which may hinder effective internet governance.

On a positive note, the analysis found that the proportion of abusive domains in the CCTLD community is significantly small.

This suggests that the efforts taken by the CCTLD community in ensuring a secure and trustworthy online environment have been effective.

In terms of domain registration processes, it was identified that some processes in the LAC region have introduced data validation mechanisms.

These mechanisms, such as the use of national tag identifiers, help ensure the accuracy and validity of registration data. This highlights the importance of data validation in maintaining the integrity and credibility of the domain registration process.

The analysis also emphasised the importance of tackling the illegitimate use of the internet.

The .co domain, for example, has taken steps to address serious illegal content by incorporating a national hotline and a protocol to block certain URLs. This demonstrates their commitment to dealing with illegal content and ensuring a safer online space.

Additionally, Rocia de la Fuente suggests that improving mechanisms to measure and identify levels of DNS abuse is necessary.

This reflects ongoing efforts to strengthen tools and methods used to combat DNS abuse and maintain a secure internet environment.

Finally, the analysis highlighted the importance of continuing training workshops targeted towards governmental authorities. These workshops, held in collaboration with regional organizations, aim to enhance knowledge and understanding of internet governance among governmental authorities, contributing to the sustainable development goals of quality education and partnerships.

Overall, the analysis provides valuable insights into the policies, challenges, and initiatives surrounding CCTLDs and internet governance.

The findings underscore the need for proactive measures, collaboration, and ongoing education to ensure a secure, inclusive, and well-regulated internet environment.