Closing the Governance Gaps: New Paradigms for a Safer DNS

9 Oct 2023 08:00h - 09:30h UTC

Event report

Speakers and Moderators

Table of contents

Disclaimer: It should be noted that the reporting, analysis and chatbot answers are generated automatically by DiploGPT from the official UN transcripts and, in case of just-in-time reporting, the audiovisual recordings on UN Web TV. The accuracy and completeness of the resources and results can therefore not be guaranteed.

Full session report

Audience

The discussion primarily focused on addressing DNS technical abuse and the need to move beyond basic technical issues to tackle more complex challenges. Contractors have made suggestions that have been adapted and utilized, indicating progress in addressing DNS technical abuse. It was acknowledged that there are no ‘good’ botnets, thus emphasizing the importance of taking them down.

Another topic of discussion was the capacity gap faced by developing countries in DNS governance. It was highlighted that developing countries lack legal infrastructure and physical infrastructure, which hinders their ability to effectively govern DNS. Strengthening collaboration between all stakeholders, including civil society, the private sector, development partners, and experts, was seen as essential to bridge this gap and minimize it.

Preemptive regulation was viewed positively during the discussions. The community appreciated the proactive approach to dealing with problems before they escalate and require regulation. This approach aims to address issues beforehand and prevent any potential harm.

New DNS standards were considered to have the potential to introduce new governance challenges. The speaker raised concerns about the potential difficulties that may arise when implementing these standards. It was recognized that careful consideration and planning are necessary to navigate any challenges that may arise.

The need for more diverse policy stakeholders within the standards community was highlighted. It was argued that the current standards community lacks diversity and is not welcoming to collaborative, multi-stakeholder approaches. Encouraging a more inclusive and diverse community was seen as crucial for the development of effective policies and governance frameworks.

There was a discussion about DNS or registries not always being the best-equipped entities to address internet issues. It was pointed out that issues such as content removal on platforms hosted on a network are beyond the control of registries or registrars. The responsibilities for handling different internet issues should not solely fall on DNS or registries. Telecom companies and other relevant parties could play a role in addressing specific issues.

A clear delineation between DNS-related issues and broader internet problems was advocated. It was emphasized that not all problems on the internet can be attributed solely to DNS. Issues that can only be resolved by platforms or other entities should not be allocated to DNS or registries.

The security and relevancy of the DNS were questioned during the discussion. With the proliferation of domains, the value and importance of individual domains have diminished. Attackers can easily obtain thousands of domains, making the cost of losing a domain irrelevant for them. The present form of domain availability facilitates and enables attackers.

In conclusion, the discussion revolved around a range of essential topics related to DNS governance, addressing technical abuse, capacity gaps in developing countries, preemptive regulation, new DNS standards, diversity in policy stakeholders, roles and responsibilities of DNS and registries, delineation between DNS-related issues, and broader internet problems, and security challenges in the DNS. The insights gained from the discussions emphasize the need for collaborative efforts, diverse perspectives, and careful considerations to ensure effective governance and security in the DNS ecosystem.

Jennifer Chung

During a discussion on the subject of registry operators and DNS abuse, Jennifer Chung highlighted the significance of transparency and due process in effectively dealing with internet abuse. She argued for the implementation of a policy that takes into account the insights of child rights experts and users who report instances of abuse. Chung stressed the importance of maintaining a comprehensive record of every reported abuse case and the subsequent actions taken. This approach not only ensures transparency but also allows for recourse in case of any disagreements.

In addition, DotAsia was commended for its active involvement in capacity-building projects within the Asia Pacific region. The organization collaborated with reputable organizations such as ICANN, KISA, Google, and others to drive initiatives that promote the development of industry, innovation, and infrastructure. These projects aim to enhance the overall capabilities and competencies of the region, contributing to the achievement of the United Nations’ Sustainable Development Goal 9.

Furthermore, the discussion highlighted the need for multi-stakeholder collaboration when addressing DNS security. It was emphasized that comprehensive and effective security measures require the cooperation of all elements within the DNS ecosystem. Chung emphasized the importance of this collaborative approach, which is aligned with the United Nations’ Sustainable Development Goal 17, focusing on partnerships for sustainable development.

However, the discussion also included criticism of mere consultations, which were deemed insufficient for meaningful stakeholder participation. Chung argued that more than just consultation is required for true and effective multi-stakeholder collaboration. The sentiment expressed was that a more active and engaged approach is necessary to achieve desired outcomes and make progress towards the United Nations’ Sustainable Development Goal 16, which pertains to peace, justice, and strong institutions.

In conclusion, Jennifer Chung’s discussion shed light on several important aspects of the issues surrounding registry operators and DNS abuse. She highlighted the importance of transparency, due process, and multi-stakeholder collaboration in addressing internet abuse, enhancing capacity-building efforts, and ensuring DNS security. The criticism of mere consultations emphasized the need for more substantial and active stakeholder participation. Overall, the discussion provided insights into the complexities and potential ways forward when it comes to these critical matters.

Esteban Zanz

The European Commission (EC) is an active member of ICANN and aims to provide support rather than imposing strict regulations. The EC recognizes the importance of not being solely viewed as a regulatory body in relation to ICANN. Esteban Zanz, a member of the EC, agrees with his colleague’s approach on contractual negotiations, indicating a positive sentiment towards supporting ICANN.

However, there is a need for more proactive measures and transparency in dealing with DNS abuse. Esteban Zanz suggests the application of artificial intelligence as a proactive measure in addressing DNS abuse. He also points out the lack of transparency in the current amendments, indicating a neutral sentiment towards the current state of affairs. While the current amendments are seen as a step in the right direction, they are considered to be insufficient in addressing the issue of DNS abuse effectively.

Esteban Zanz believes it is crucial to separate discussions on technical DNS abuse and content DNS abuse. He argues that this separation is crucial to address the specific challenges associated with each type of abuse. This neutral sentiment suggests that there is room for improvement in the current approach towards DNS abuse.

Moreover, Esteban Zanz advocates for principles to prevent harmful internet regulation by states. He emphasizes the importance of globally accepted principles that restrict certain actions taken by states to regulate the internet. This positive sentiment indicates a desire for a fair and open internet, free from harmful regulation.

Esteban Zanz also expresses concern over the misuse of the internet by authoritarian countries to control their population. He points out that the internet is being used as a tool of control by these countries. This negative sentiment highlights the need for action to prevent such misuse and protect the freedom of the internet.

In discussions surrounding the New Generic Top Level Domains (NSWs), capacity building is considered key. ICANN is making efforts to include representatives from regions outside the Global North in NSWs discussions to ensure a fair representation. The current involvement of the Global North in these discussions is seen as predominantly dominant, suggesting a negative sentiment towards the lack of diversity and representation.

Furthermore, capacity building is acknowledged as a fundamental issue in the context of future internet and NSWs discussions. The Declaration for the Future of the Internet supports capacity building initiatives, indicating a positive sentiment towards addressing this issue.

In conclusion, the European Commission aims to support ICANN without imposing strict regulations. However, there is a need for more proactive measures and transparency in dealing with DNS abuse. The current amendments are seen as inadequate, and Esteban Zanz emphasizes the importance of separating discussions on technical and content DNS abuse. He also calls for globally accepted principles to prevent harmful internet regulation by states and expresses concern over the misuse of the internet by authoritarian countries. Capacity building is crucial in NSWs discussions, and efforts are being made to include representatives from regions outside the Global North. Additionally, capacity building is being addressed in the context of future internet and NSWs discussions.

Rocia de la Fuente

The analysis reveals several important findings about CCTLDs and internet governance. Firstly, unlike gTLDs, CCTLDs are not bound by the policies developed within ICANN processes. Instead, CCTLDs have policies that are based on local regulations and work in coordination with local communities, providing them with greater flexibility in tailoring their policies to the specific needs and priorities of their region.

Additionally, region-specific challenges exist, including gaps in understanding among different types of authorities about the functioning of the internet and its governance models. These challenges emphasize the need for increased awareness and education about internet governance among various stakeholders.

One positive development in this regard is the proactive and collaborative initiatives that have been undertaken, such as the ‘illegal content workshop’. This workshop aims to raise awareness of the internet’s operation and its governance models among judges, prosecutors, and law enforcement agents. By doing so, it seeks to address the issue of illegal content and foster a safer online environment.

Furthermore, building regular dialogue and cooperation networks between national authorities and CCTLDs or other technical operators has a positive impact. This highlights the importance of fostering partnerships and collaboration to enhance internet governance and overcome regional challenges.

However, it was observed that there is a lack of regulations in the LAC region promoting harmonisation of policies among the CCTLDs. This lack of harmonisation can lead to inconsistencies and variations in the approaches adopted by different CCTLDs in the region, which may hinder effective internet governance.

On a positive note, the analysis found that the proportion of abusive domains in the CCTLD community is significantly small. This suggests that the efforts taken by the CCTLD community in ensuring a secure and trustworthy online environment have been effective.

In terms of domain registration processes, it was identified that some processes in the LAC region have introduced data validation mechanisms. These mechanisms, such as the use of national tag identifiers, help ensure the accuracy and validity of registration data. This highlights the importance of data validation in maintaining the integrity and credibility of the domain registration process.

The analysis also emphasised the importance of tackling the illegitimate use of the internet. The .co domain, for example, has taken steps to address serious illegal content by incorporating a national hotline and a protocol to block certain URLs. This demonstrates their commitment to dealing with illegal content and ensuring a safer online space.

Additionally, Rocia de la Fuente suggests that improving mechanisms to measure and identify levels of DNS abuse is necessary. This reflects ongoing efforts to strengthen tools and methods used to combat DNS abuse and maintain a secure internet environment.

Finally, the analysis highlighted the importance of continuing training workshops targeted towards governmental authorities. These workshops, held in collaboration with regional organizations, aim to enhance knowledge and understanding of internet governance among governmental authorities, contributing to the sustainable development goals of quality education and partnerships.

Overall, the analysis provides valuable insights into the policies, challenges, and initiatives surrounding CCTLDs and internet governance. The findings underscore the need for proactive measures, collaboration, and ongoing education to ensure a secure, inclusive, and well-regulated internet environment.

Fiona Alexander

DNS abuse can be interpreted differently by various stakeholders, including users, providers, and governments. This discrepancy arises due to their different perspectives and priorities. There is currently no international consensus on the definition of harm in relation to DNS abuse. This lack of agreement further complicates efforts to address and mitigate the issue on a global scale.

Moreover, the approach to dealing with DNS abuse varies across jurisdictions. Some jurisdictions advocate for a proactive approach, where measures are taken to prevent abuse before it occurs. On the other hand, other jurisdictions prefer an approach that requires proof of harm before taking action. This discrepancy in preference highlights the diverse regulatory landscapes and cultural perspectives surrounding DNS abuse.

The work of Internet & Jurisdiction, specifically the domain group, has played an important role in advancing the conversation on DNS abuse. Their efforts to establish a shared understanding of terms and the proportionality of response have resulted in contractual amendments within the Internet Corporation for Assigned Names and Numbers (ICANN). This demonstrates the progress made in addressing DNS abuse through collaborative initiatives and international cooperation.

Fiona Alexander, a prominent supporter, emphasizes the importance of voluntary action for resolving DNS abuse. She believes that voluntary actions are typically more effective, targeted, and faster in response to emerging challenges. However, she emphasizes the need for transparency and due process to ensure the integrity of these voluntary systems.

Regulation has always been present in the technology sector, and its approach has evolved over time. Early regulations extended even to the telegraph, and with the proliferation of the internet, the approach to regulation has shifted. This observation highlights the continuity of regulatory practices while acknowledging the need for adaptability and updated approaches in the digital age.

Solving complex problems related to DNS abuse requires a multi-stakeholder approach, where inclusive discussions are encouraged. This approach goes beyond simply collecting feedback and publishing notices. It emphasizes the importance of understanding not only the “what” but also the “how” of addressing these issues. Inclusive discussions foster learning and cooperation among stakeholders, leading to better outcomes.

It is acknowledged that no single stakeholder group or government body can solely resolve the problems associated with DNS abuse. Collaboration and engagement from all parties involved are necessary for successful outcomes. When stakeholders sit separately and fail to engage in an inclusive discussion, solutions become elusive. The imperative lies in bringing together all relevant actors for open and sustained conversations.

Furthermore, it is crucial to involve actors from the Global South in discussions surrounding DNS abuse. Their perspectives and experiences can provide valuable insights and help identify and address areas of concern. By ensuring inclusivity, the understanding of DNS abuse can be enriched, and gaps in solutions can be better identified and addressed.

In conclusion, DNS abuse is a complex issue that can be interpreted differently depending on the perspectives of users, providers, and governments. The absence of an international agreement on harm and the varying preferences for proactive approaches highlight the challenges in effectively addressing DNS abuse. However, the work of organizations like Internet & Jurisdiction and the advocacy for voluntary action from advocates like Fiona Alexander underscore the progress being made. Employing a multi-stakeholder approach, inclusive discussions, and involving actors from the Global South are essential for addressing DNS abuse comprehensively and finding effective solutions.

Jen Rong Lo

The ICANN community has made significant progress in addressing the issue of DNS abuse through a slow but effective collaborative process. Stakeholders have actively raised concerns about DNS abuse, leading to recent efforts to incorporate DNS abuse definitions and clauses into the Registrar Accreditation Agreement and Registry Agreements. This move reflects the community’s dedication to tackling DNS abuse before the next round of generic top-level domains.

DotAsia has highlighted the importance of collaboration within the DNS ecosystem and emphasized the proactive measures taken by the DNS industry to combat DNS abuse. They have signed a Memorandum of Understanding (MOU) with TWNIC for a trusted notifier system, showing their commitment to addressing DNS abuse promptly and effectively. Additionally, DotAsia is exploring the establishment of relationships with other organizations, such as APNIC, AP cert, and SANOG.

Regional gaps in the approach to DNS abuse and regulation have been observed, particularly between the European region and the Asia-Pacific region. Operators in the Asia-Pacific region are stepping up to fill these gaps by actively addressing DNS abuse issues. However, there is a need for greater harmonization and coordination between regions to ensure a consistent and comprehensive approach to combating DNS abuse.

One notable challenge to cybersecurity investigations is the impact of the General Data Protection Regulation (GDPR) enacted by the European Union. The GDPR has resulted in the redaction of personal information of EU citizens from the ICANN registration lookup system. As a result, law enforcement agencies have faced difficulties in conducting cybersecurity investigations, leading to feedback from Interpol describing the system as “useless.” This underscores the need to strike a balance between privacy and enabling essential functions for law enforcement agencies.

Jen Rong Lo reflects on the difficulties faced when implementing the GDPR without consulting other branches of government. This lack of consultation has resulted in challenges for law enforcement agencies. Effective communication between different stakeholders is crucial to navigating these complexities, especially with the involvement of multiple stakeholders in the DNS industry.

In addition to its efforts in addressing DNS abuse, ICANN contributes to capacity building for law enforcement agencies, helping them enhance their understanding and implementation of DNS security measures. This collaboration demonstrates ICANN’s commitment to promoting a secure and stable DNS ecosystem.

Furthermore, ICANN and the industry adopt a cautious approach when introducing new DNS standards. Instead of starting from scratch, they prefer to build on established standards such as DNSSEC and DAIN. This approach ensures continuity and stability in DNS operations while enabling incremental improvements to DNS security.

In conclusion, the ICANN community has made remarkable progress in addressing DNS abuse through a slow yet effective collaborative process. The inclusion of DNS abuse definitions in Registrar and Registry Agreements, as well as the proactive measures taken by organizations like DotAsia, emphasizes the commitment to combating DNS abuse. However, regional gaps, the impact of the GDPR, and the challenges of regulating privacy without hindering essential functions remain areas of concern. Effective communication and coordination between stakeholders are essential to achieving a harmonized approach to DNS abuse and regulations. ICANN continues to play a vital role in capacity building and adhering to established DNS standards, gradually enhancing DNS security.

Jaen-Jacques Saillei

The internet regulation is increasingly necessary as it matures, according to a collection of related topics and arguments. It is believed that regulation is not a hindrance but rather a way to shape and frame the internet as it evolves. However, there are concerns about the implementation of this regulation.

Google, a major player in the internet industry, supports regulation but expresses concerns about the specific methods and approaches used. They recognize the importance of tackling harmful content but emphasize the need for balanced and well-regulated measures to ensure users’ online experiences are not negatively impacted. This highlights their commitment to maintaining a safe online environment while also preserving freedom of expression and innovation.

Google has established its own set of policies and community guidelines to tackle harmful content. They actively demonetize inappropriate content and promote the dissemination of quality information. Additionally, Google collaborates with researchers and the industry to develop and share technical solutions for addressing harmful content. This proactive approach demonstrates their commitment to combating online issues and promoting responsible internet use.

However, one challenge in addressing internet-related issues is the deficit in government engagement and collaboration with the multistakeholder community. The analysis suggests that policymakers need to actively listen to the technical community, industry, and civil society. Relying solely on public consultations falls short of fostering effective collaboration and addressing the complexities of internet regulation.

To achieve balanced regulation, proactive outreach, education, and advocacy are called for. The industry needs to demonstrate its commitment to combating harmful content and ensuring a safe online ecosystem. Caution should be exercised when implementing DNS-level actions, as there is a risk of unintended consequences and significant collateral damage.

The analysis also emphasizes the importance of capacity building in handling harmful internet content. Practical steps and solutions are needed, with specific initiatives suggested. For example, continuing discussions can help identify practical measures, and existing platforms like the School on Internet Governance can be utilized for engaging different stakeholders. Online training for governments worldwide is proposed as a means to deepen understanding and foster collaboration in addressing internet-related challenges.

In conclusion, the analysis indicates that as the internet continues to mature, regulation becomes increasingly necessary. Google supports regulation but calls for a balanced approach that addresses harmful content without impeding innovation and freedom of expression. The deficit in government engagement and collaboration with the multistakeholder community needs to be addressed, and proactive outreach, education, and advocacy are crucial. Capacity building plays a vital role, and practical steps such as discussions and online training for governments should be pursued. Ensuring a safe and accountable internet ecosystem requires collaborative efforts from various stakeholders.

Moderator

The discussion centred around various aspects of DNS abuse and internet governance. A key focus was on the effectiveness of ICANN’s multi-stakeholder model in addressing emerging challenges like DNS abuse. The model allows for the participation of different stakeholder groups, facilitating comprehensive decision-making. It was noted that progress has been made in the ICANN community towards tackling DNS abuse through this model.

Participants agreed that stronger amendments and clearer definitions are needed to combat DNS abuse effectively. The existing agreements between ICANN and accredited registrars and registries are being reviewed and updated to incorporate provisions against DNS abuse. However, it was argued that these amendments could be strengthened by providing more concrete measures and objectives.

The power of voluntary action in handling DNS abuse was emphasised. Voluntary actions were deemed more effective, targeted, and swift in addressing such issues. The role of organisations like ICANN, with international reach, in making a significant impact on DNS abuse was also acknowledged.

A critical point of discussion was the need to strike a balance between combatting DNS abuse and respecting human rights and freedom of expression. Acknowledgment was made that different jurisdictions may require different approaches based on local laws and context to maintain this balance effectively.

Efforts by domain registries, such as .asia, to go beyond their contractual obligations and proactively enhance DNS security were commended. These efforts include using trusted notifier systems, cooperating with regional partners, and promoting proactive approaches.

The importance of collaboration and communication among industry stakeholders in mitigating online harms was highlighted. Recognition was given to the need for industry, technical community, and civil society to be involved in policy-making processes. Active engagement by governments with the multi-stakeholder community was seen as crucial for a balanced and effective regulatory approach.

The discussions also addressed the regulation of the digital industry. While acknowledging the inevitability of regulation, participants emphasised the need for informed and educated regulation that considers the diverse needs and complexities of the digital ecosystem.

Concerns were raised about the practice of using trusted notifiers to regulate content, emphasising the need for transparency, proportionality, and effective recourse mechanisms. Maintaining provenance and ensuring fairness and transparency in all actions taken were seen as essential.

The need for capacity building and international cooperation in DNS governance, particularly in developing countries, was recognised. Inclusive discussions involving the Global South were considered important to ensure diverse perspectives and effectively address the capacity gap.

The unintended consequences of the General Data Protection Regulation (GDPR) were discussed, particularly its impact on law enforcement agencies’ cybersecurity investigations. Extensive consultations between regulatory bodies and stakeholders were seen as necessary to prevent unintended negative impacts.

The role of registry operators in combatting DNS abuse and ensuring safe online content, especially in child-related domains like .co, was acknowledged. Efforts such as implementing national hotlines, protocols for blocking specific URLs, and collaborations with judiciary and international organisations were commended.

The discussions highlighted the need for a comprehensive understanding of the DNS ecosystem and internet security. Outdated security practices were deemed ineffective, emphasising the importance of proactive measures to enhance internet security.

Overall, the discussions underscored the importance of collaborative, informed, and inclusive approaches to tackling DNS abuse and addressing internet governance challenges. The multi-stakeholder model, voluntary actions, clear definitions, and effective regulation were seen as critical in creating a secure and trustworthy internet environment. Capacity building, industry collaboration, and international cooperation were also recognised as essential elements for success.

Keith Drazek

The DNS ecosystem comprises various actors, each playing a specific role in mitigating online harms. These actors include registries, registrars, hosting companies, CDNs, and ISPs. Each actor has their own set of responsibilities and capabilities when it comes to addressing online harms. For instance, in the ICANN community, governance by contract is a method used to define the obligations of registries and registrars. CCTLDs (Country Code Top-Level Domains) have relationships with local governments or local internet communities for governance. Hosting companies and providers are subject to the laws of their jurisdictions and adhere to industry best practices.

Collaboration and partnership among the different actors in the DNS ecosystem are essential for proactive harm mitigation. By better communicating and working together, they can identify and act on trends and address bad actors effectively. Collaborative measures can also help reduce costs and allow for a proactive response to potential risks. By showcasing their collective commitment to harm mitigation, the DNS sector can send a message to regulators about their initiatives and proactive approach.

Although regulation in the DNS industry is inevitable, it should aim to avoid fragmented jurisdictional approaches. If the industry does not take the initiative to regulate itself, it may end up being regulated by external forces. Fragmented jurisdictional approaches could arise if external regulation is introduced. However, regulation can be appropriate in certain circumstances, provided it is informed and educated. Recognising that regulation is already present, involving input from the industry and civil society is important for effective regulation.

Industry players in the DNS ecosystem, such as registries, registrars, hosting companies, CDNs, and ISPs, need to collaborate and communicate more effectively to identify and mitigate the actions of bad actors. Improved engagement and collaboration across different sectors within the industry can bring about fundamental opportunities in combating online harms.

Understanding the roles, responsibilities, and technical capabilities of the different actors in the ecosystem is crucial to ensure that the appropriate actor takes the necessary action to address the harm. This understanding enables actions to be proportionate and avoids negatively and disproportionately impacting users and other parts of the ecosystem. Transparency, due process, and recourse should be essential considerations when mitigating online harms.

Trusted notifiers, if involved in requesting actions on DNS to take down content, should operate within a system that ensures provenance, transparency, proportionality, due process, and recourse. Concerns are raised about the authority and procedures of trusted notifiers, particularly if they operate outside the traditional court system. Discussions about the procedures, processes, and authority of trusted notifiers are needed to maintain the integrity of the system.

ICANN’s contracted parties have voluntarily initiated contract negotiations to tackle DNS abuse within their respective roles, responsibilities, and capabilities. This voluntary action demonstrates their commitment to addressing the issue and ensuring a safer online environment.

Registries and registrars in the ICANN space are dedicated to multi-stakeholder engagement and policy development processes through the GNSO (Generic Names Supporting Organization). They actively participate in community-based consensus policy development, further emphasizing their commitment to collaboration and stakeholder involvement.

Ongoing conversation, collaboration, and information sharing involving all actors, including those from the industry, are vital. This ongoing dialogue ensures that all stakeholders are actively engaged in addressing the challenges of the DNS ecosystem. Recognising the need to tackle online harms, industry associations and various operators are currently engaged in conversations to find effective solutions.

Overall, the DNS ecosystem requires the collective efforts of its actors, along with collaboration, transparency, and proactive measures, to mitigate online harms effectively. By understanding each actor’s roles, responsibilities, and capabilities, and through ongoing collaboration, the DNS industry can work towards a safer and more secure online environment.

Session transcript

Moderator:
Hopefully this works now. Hello everybody. Welcome to this session, which is on behalf of the Dynamic Coalition on DNS Issues. The recently revived Dynamic Coalition, I should say, and it’s great to see so many of you in the room and online. Today we’re going to be discussing closing governance gaps, new paradigms for a safer DNS. We’ve got a wonderfully expert panel, both here in the room and online, who I’ll introduce in a moment, but we also have many experts in the room and also, I’m assuming, online. Because we’ve got so many speakers, we’re going to try and just move quite rapidly through questions, but also we’re really keen to hear from you. So if there’s something that you want to intervene on, a question that you want to ask, a challenge that you want to pose either to the panel or to us just generally, that’s the point. And if we have time at the end, we can maybe talk a little bit more about the Dynamic Coalition and what it does next and how it organizes itself, but we have got an incredibly substantive load of issues to discuss, but luckily we have wonderful experts to help us on the way. So we are talking about governance gaps and a safer DNS. There’s always been a traditional sort of separation, if you like, between the more structural layers of the internet and content issues, and both regulators and industry and the multi-stakeholder bodies such as ICANN and the CCTLDs, the country codes or the regional top-level domains, they’ve understood these lines. But when we’re thinking about harmful content, sometimes the lines become blurred and what this reveals is gaps in the way that we’re governing this. So what we’re hoping to get to today is an exploration of what those gaps are, but also try to be quite action-orientated like so what, what are we gonna do about it? What does good look like and what do the different stakeholders need to do? So joining us on the panel today, we have Keith Drazek, who’s the Vice President of Policy and Government Relations at Verisign. Thank you, Keith. We also have to my right, your left, Esteva Zanz, who’s the Head of Sector of Internet Governance and Multi-Stakeholder Dialogue at the European Commission. Just a little bit further on, we have Jie Rong Lo, Vice President for Stakeholder Engagement and Managing Director for Asia-Pacific at ICANN. We have, to my left, we have Jennifer Chung, who’s Director of Corporate Knowledge at DotAsia. Somewhere, maybe in the building, maybe joining us later, Jean-Jacques Saillel from Google. We’ll look forward to his arrival. And online, we have Fiona Alexander. I’m not sure if she’s connected yet, but I’m going to introduce her anyway.Distinguished Policy Strategist and Fellow at the Internet Governance Lab at American University. And also joining online is Rocio de la Fuente, who’s the General Manager at LAC-TLD. So you can see that we have a range of experts across the globe. A warm welcome to particularly Rocio and Fiona for joining online. So can I start with you, Keith? Could you just give us a very rapid thumbnail sketch about what we’re talking about? Why are we talking about governance gaps? I mean, we thought that we understood all of this stuff was separate. So what are the gaps and why does it matter? And how do we create that safer DNS paradigm? Very good.

Keith Drazek:
Thank you very much, Emily. Hi, everybody. My name is Keith Drezik. So I will get into exactly that, but I would like- like just to take a moment to thank Emily and her team at the DNS Research Federation and my colleague, Nick Smith, who were instrumental in getting the Dynamic Coalition on DNS issues back up and running. It was first established approximately five or six years ago. It was focused primarily on universal acceptance issues and its origin. And then it was sort of during the pandemic phase went dormant and we have now recognized that this is a critical, you know, convening opportunity to talk about these issues. So we’re very excited about the reestablishment of the DCDNSI and let’s get right into it. So Emily, thank you very much for the introduction. I think the key point here is that it’s really important for those of us in this space, whether we are operators or folks who have a concern about, you know, DNS issues, security, online harms, broadly speaking, to recognize that there are roles, responsibilities and capabilities of various actors. And whether that’s a registrar, a registry, a hosting provider, CDN or ISP, when it comes to mitigating online harms, we each have our roles, responsibilities and capabilities. And as we talk about those roles, responsibilities and capabilities, it’s really important to recognize that in some cases, there are governance regimes or governance in place. For example, in the ICANN community, as it relates to GTLDs, we have governance by contract. There are obligations that registries and registrars have in the GTLD space. And there is a compliance function that is performed by ICANN. That’s one example of a governance structure. CCTLDs, as you know, as a distinct approach, typically have relationships with local government or local internet communities where there is a sort of governance umbrella there. If we look at hosting companies and providers, again, it’s perhaps not exactly the same. We all, as operators, are subject to the laws of our jurisdiction, regulations, in some cases, best practices for our industry. But we have, I think what we’ve identified is a range of governance approaches. And what we’ve identified is that there are certain variability or certain variation in approach. At the end of the day, I view this conversation as the beginning of an opportunity for better. communication, collaboration, and good work across the various parts of the DNS ecosystem, up and down the stack. I think there’s a need for us as technical operators, again, registrars, registries, hosting providers, CDNs, and ISPs, to work better together, to communicate and collaborate better together as an industry, as a sector, so we can actually mitigate online harms in a proactive way, in a way that actually helps to reduce cost, reduce expense, become more proactive in our communication to identify bad actors and trends, and at the same time, to demonstrate that as an industry, as a sector, we have identified these challenges, and we are committed broadly and collectively to do better work together to demonstrate to regulators that we are taking the initiative, and that we are together identifying ways to work more collaboratively, because if we don’t, we’re going to be regulated, and we will be regulated in a fragmented way when it comes to different jurisdictions. So fundamentally, that is the reason, I think, you know, one of the reasons we have this conversation. I should also note that, in addition, there are conversations we want to have about the advent of blockchain, of alternate identifiers, alternate technologies, and that there are potentially governance gaps in that area as well. So, Emily, I’m just going to stop there. I’m happy to weigh in as we go along on other conversations, but that’s sort of, I think, the framing of the issue is we, as industry, have an opportunity to do better together, and I think that there’s an opportunity to work in a multi-stakeholder fashion to make sure that we take on the views as industry of civil society, of government, you know, of the technical community, to make sure that we are making, you know, positive steps forward. So I’ll stop there.

Moderator:
Thanks. That’s a really useful opening to us. So if I’m understanding you correctly, Keith, what you’re saying, it isn’t that people aren’t doing anything. What it is is that people, that it’s almost like unjoined up islands of activities, perhaps a lack of communication, perhaps a lack of understanding of each other’s good practices that could be improved. And so your call to action is, Georgia, could I ask you and Jean-Jacques to just swap positions or for you to move on to the front row, apologies for doing, so that Jean-Jacques can join up at the table. And while you’re taking your seat, thank you very much, Georgia. and that’s Georgia, everybody who’s co-organized the session with Carolina and with Nick, so thank you very much for that. Jean-Jacques, I’m going to let you settle down in position, but first of all, what I’d like to do, Keith mentioned, I’d like to call to you to Jiarong Lo to Jiarong Lo as VP of Stakeholder Engagement and Managing Director for the Asia-Pacific to ICANN. Of course, there’s been a lot of activity within the ICANN environment, hasn’t there? And to respond to Keith’s point about people needing to step up and voluntary practices, perhaps you could just update everybody or those who don’t know already about what’s been going on on the contracts. And then I’d like to give Esteve a bit of a spot and Fiona as well, so coming to you next, so Jiarong.

Jen Rong Lo:
Thank you. So within the ICANN community, for those who don’t know, ICANN is governed by a multi-stakeholder model structure, so anyone interested can participate in ICANN. And tied to the one particular conversation that’s been happening over the past few years has been the topic of DNS abuse. And when this was first raised by different stakeholder groups, including governments, but it also included civil society and the end-user community. In fact, the at-large community who represents the end-users they were very, for lack of a better way of saying it, very adamant that the issue of DNS abuse needs to be addressed within ICANN before we talk about having the next round of generic top-level domains. And this conversation, when it first started, sounded very messy, even, for example, definition of DNS abuse. People couldn’t agree on the definition at the time, but fast forward a few years later where we are now, just on 9th October, the ICANN accredited registrars and registries will be voting over a 60-day period to amend the registration, the registrar accreditation agreement and the registry agreements to update it to incorporate DNS abuse. And sometimes it’s talking about models. When you look at it from an outsider perspective, you may think nothing seems to be moving. The conversations take very long. But if you look at it between milestones, actually we’ve come a long way. And the agreement, the contracts that Keith mentioned that ICANN has with registries and registrars will be updated. You include clauses that defines DNS abuse more clearly, which is malware, botnets, phishing, farming, and spam. These areas, the conversations take some time to come together, but we’ve come to a point where it’s a significant milestone. Now is this the silver bullet, the panacea to everything? I would say probably not, but it’s moving in the right direction. So that’s the key thing for us to take away, is that how do we keep evolving and moving the conversation to be relevant, to address the challenges of the day, and to continue to have faith in that multi-stakeholder conversation where different stakeholders come together, you address, you raise a problem, and then you can come to a solution. So I’d like to leave that with everybody. Thank you.

Moderator:
Thank you very much. That was a really clear explanation, and thank you for that. But Esteve, if I can come on to you, you know, from the perspective of a regulator in the European Commission, we’ve heard from Keith, you know, we’ve got to up our game or we’ll get regulated. We’ve heard from Jia Rong, you know, people have got to keep faith with the multi-stakeholder scenario. From where you’re sitting, do you think the industry is doing enough? Do you think that we are doing enough to close those governance gaps and respond to the challenges? And maybe you can, you know, just let us know what we’ve got in store in terms of regulation.

Esteban Zanz:
That’s a bit of silence and tension. would help the environment. I think we are regulators, but we are also very active members of ICANN. So I’m a bit uncomfortable when you present us only as regulators threatening the community. I think you will be very happy, most of you will be very happy to know that we don’t have new regulations in mind. What we have in mind is really supporting ICANN, and I have to say from the start that I’m very pleased and I completely agree with the approach that my colleague has just presented on this contractual negotiations. We think this is really the moment of truth in DNS abuse, but also in the ICANN model. It needs to deliver on this thing. We were very pleased to see that the amendments go indeed in the right direction. We are very hopeful that the vote of those amendments is going to be positive. We cannot think otherwise, frankly. We did express very openly within the GAC, and many GAC members agreed with us, that the amendments are not enough to be able to tackle even this more technical definition of DNS abuse, which of course we were very happy to accept in the context of ICANN. For example, the amendments are a bit general when it comes to defining concrete measures on DNS abuse. They are more based on the objective. We know because we have regulated many different markets that sometimes this is a bit weak. We have also missed some elements that relate to the transparency of contracted parties. We would like to see indicators. We think that this is really a very good incentive for the registries and registrars to really get their act together when it comes to dealing with DNS abuse. We have also missed elements that relate to kind of proactive measures. They are very regulations that… The amendments are very much focused into forcing or asking contracted parties to react to requests when they have this actionable evidence, which by the way, it’s a complex concept in itself. But of course, we know that some proactivity as many registries and registrars are doing is extremely beneficial. We have the example of the EU in Europe that has this artificial intelligence system that, you know, runs this classic technical lists that resolvers also have at their disposal and then they apply a little bit of artificial intelligence to be a bit proactive and automated. All this is not in those amendments. And it would have been very useful that this is all in these amendments. But I have to say that, you know, we’ve engaged very constructively with the GAC community and we are hopeful that these issues will be resolved in further discussions within the ICANN system. And that’s our conciliatory pitch for you today.

Moderator:
Thank you very much. Did you notice the rumble in the room before you started speaking? But this is a really useful overview. Thank you very much, Esteban. Thank you for joining the panel today. But there’s sort of the European Commission as a member of the multi-stakeholder community having a view and wanting to encourage those proactive measures. And we’re very fortunate to have both Jen Xiong here in person and also Rocio online. And maybe we can come to you both in terms of those proactive measures and also from Rocio’s point of view in LAC-TLD, the difference between the country codes and I can see some country code managers here in the room as well who are not part of that ICANN circuit. You know, is there some governance gaps to be closed in terms of information sharing? But first, I’m going to turn to Fiona Alexander who many of us remember from her long service with the U.S. government at the NTIA, but Fiona if you can hear me, I hope you can, you’ve just heard from Esteva about the perspective from a European member of the multi-stakeholder community who happens to also be a regulator as well, but yeah, okay, you know, maybe you could help us to understand, you know, we often think of governments as having one single point of view, maybe less often these days, but there are also quite profound differences of approach, aren’t there, between the US and the EU in terms of thinking about this, so maybe you could talk to that point and the general regulatory perspective and how that fits with the sort of differences between DNS and content in this international global internet that we have. Sure, hi Emily and hello to everyone in Kyoto and around the world.

Fiona Alexander:
Good morning from Washington, it’s about 4.30 now. Thank you very much for getting up so early as well, I should have started with that. It’s okay, it’s just part of being part of the global internet governance community to do meetings at all times of the day and night, so not uncommon, but anyway, thank you very much for the invitation and congratulations for reinvigorating the dynamic coalition, I think that’s great, and one of the reasons I think it’s good to have places like this to have conversations is because it’s a little bit more neutral in terms of a convening platform, but it also is kind of a safe space to talk about issues that can be complex and can be a little bit more challenging in, you know, even in the ICAN system, which is multi-stakeholder, but as Keith described, has that regulatory contracting process, and then governments, to government it can be a little bit more complex as well, so again, thank you very much for the invitation, I’m glad to see the group is reinvigorated, and the topic is an interesting one, and I think it sounds much more simple than it actually is. abuse sounds pretty straightforward, but the problem is that DNS abuse can mean lots of different things to lots of different people depending on where you sit as a user in the system versus a provider in the system versus a government in the system trying to address what you perceive as harms. And again, perception of harms or real harms can be very different country to country. There is no international agreement or even sometimes agreement between like-minded countries, specifically what constitutes harm. And I think it’s important, and that’s why this sort of idea of having a lot of different tools at your disposal to solve some of these challenges is a good idea. There has to be an appropriate balance of how you deal with these issues. In some jurisdictions, perhaps you want a more proactive approach. In other jurisdictions, you want an approach where there’s a demonstrated proof of harm versus proactively going in and doing something. And this is important as you try to balance the important issues of free expression and human rights with actually addressing when there actually is harm done by particular groups. So again, it’s a challenge, and this cross-jurisdictional challenge I think is one that can be difficult to resolve. So I know, I think I saw when everyone was coming into the room, I think I saw Bertrand coming in. Always easy to spot him as he walked in the room. And I think, you know, the work of Internet and Jurisdiction and the domain group in that has done a lot to actually help push the conversation forward. It’s done a lot in the way that it’s convened stakeholders in a neutral fashion to help define terms. And I think that actually has very much led to some of these contract amendments and ICANN that folks have already spoken to. So again, I think making sure that there’s shared understanding of terms, that there’s a shared understanding of some of the challenges that we look at, the proportionality of the response, when do you take an extreme measure versus a smaller measure, and who’s best positioned to do all that. I think those are all important things to consider in the system as we look at DNS abuse and how to address. it. And as like Keith who started this conversation by framing some of the voluntary commitments, personally, I’m a big fan of those. I think they’re more effective. I think they can be more targeted. I think they can be quicker to resolve some of those issues. But again, when looking at voluntary action, it’s really important to make sure there’s transparency in those systems and there’s due process in those systems as well. So maybe just to leave with that and let others go and go into the conversation. But I just want to kind of stress that it’s not quite as simple as one might assume when you just say DNS abuse. Of course, we all know what it means. But actually, it’s much more complicated than I think it seems many times.

Moderator:
Yeah, thanks a lot for that, Fiona. And you’ve highlighted not only that, you know, that the issues are more difficult than they seem, but also that there are important checks and balances to maintain, you know, there’s free expression, there’s human rights. And although we could probably, if we all thought about it quickly, we’d go, well, we don’t want any DNS abuse. But we also want a thriving domain name system in which people who can lawfully go about their business without interference. But Fiona mentioned a really important aspect, which is the power of voluntary action. And particularly when you have organizations like ICANN with that international reach, you can much more efficiently get that international impact than you can through sort of one by one, different jurisdictions taking action. Although, of course, the European Union has been very entrepreneurial in its use of extraterritoriality and gaining that. That wasn’t a joke, everyone. But that has been, and we’re seeing that in the upcoming legislation, and we will all experience what that’s like with a directive now, with the NIST 2 directive. But, Jen, thank you for waiting. And I know with a huge panel, the benefits of it is that we get this global coverage. But, of course, it means, thank you for waiting for so long. Other speakers have talked about the power of proactive actions, but also, perhaps, you could reflect on how these issues look in different regional perspectives. And I’m going to come to Rocio next, before finally coming to you, Jean-Jacques. But perhaps, from the DotAsia perspective, you are a GTLD, a newish GTLD. But if you could talk a little bit about a newish GTLD, but if you could maybe reflect on the contractual amendments, and also those proactive measures from the regional perspective, that would be great.

Jen Rong Lo:
Thank you, Emily. I guess .asia can be considered as a middle child. Not so much new. I think we’re past our 10th birthday, so not that new. So, oh, still new. Yes, that’s correct. Compared to Keith next to me, of course. Yes. So. I think Jen meant .com, not you personally. Oh, no, .com, everyone. Just for the record, this is being transcribed. For the record. Both are true. No. Yes, thank you so much, Emily, for that. I wanted to touch a little bit on beyond our contractual obligations, which Jaron already mentioned. And I’ll leave Keith to talk about a little bit more how the contracted party house has done a lot of good work, a lot of voluntary work in actually trying to look at the gaps and fill the gaps and its industry best practices. For .asia, we are looking more at using the trusted notifier systems. And it’s more of a closer collaboration with regional partners, such as APNIC, APCERT. And specifically, we signed an MOU for trusted notifier system with TWNIC. And I think it’s really important when I want to stress that collaboration with the different parts of the DNS ecosystem is extremely important for us to be able to establish a fast track anti-phishing mechanism where we have TWNIC on one side and .asia on the other side, being able to periodically share different lists, periodically identify the risks. And I think that part is something that is beyond our contractual obligations. But it’s very much to do with how the DNS industry, specifically the registry operators, really come forward with good intentions to make the DNS more secure, to make the DNS more trusted. and to make the DNS something that other people can rely on. If you are looking more to the fact, you know, the different definitions that are floating around about DNS abuse, you can already see that there is a lot of people saying, you know, one person, it means one thing. The other person, it means something else. But for the contracted parties, it is quite simply, you know, DNS abuse for contracted parties is malware, botnet phishing, spam. And it’s not too much that we really need to nail down, this must be the only thing we do. We are doing above and beyond. And with the trusted notifier frameworks, I think it’s really important to understand also to include the certs. We are also looking at establishing with APNIC and AP cert, and SANOG, a South Asian cert. I think it’s very particular in our region where there is a lot of stopgap where you think perhaps the European region has a more comprehensive approach to regulation and a comprehensive approach to that. We don’t really have that in the Asia-Pacific region. And I think that puts onus on operators like DotAsia and other ISAR organizations in Asia-Pacific to step up to fill this gap. I think it’s really important to be able to understand there is more work that is being done than is being advertised. And maybe it’s an advertisement or maybe it’s kind of a socialization issue where I think on the one side, perhaps different jurisdictions looking at regulations are thinking, hey, the DNS industry, we’re not doing enough, but maybe we need to also let them understand here are the proactive approaches we’re taking. Trusted notifier system is one of the proactive approaches we’re taking, and it seems to be working. And I think there are other initiatives. that the contract party house both the registries and the registrars are looking into that would be able to fill these governance gaps. I’ll stop here.

Moderator:
Thank you very much, Jen. That’s a really interesting perspective on the contract being a baseline and not preventing registries or registrars from doing more if they want to. I mean, from what we’re hearing from the industry, it sounds like everything’s great, but the session title is about bridging governance gaps. It acknowledges that we’re not there yet. A perspective that we want to now include is that of the country code top level domains for those who are not aware of how it all works. And I know that many in the room are very aware. The country codes are not bound by the policy determinations or the consensus policies formulated in the ICANN community and do their own thing. And the country codes also have regional organizations like LAC-TLD in Latin America and the Caribbean. And we’re very happy to have Rocio here joining us remotely. And Jen, we heard from about the proactive measures taken by the registries and registrars. Rocio, maybe you can help us to understand what the proactive measures are being taken by the country code community in the Latin American region and your activities there in an attempt to bridge these governance gaps. Thank you.

Rocia de la Fuente:
Thank you very much, Emily. And thank you also for inviting me to participate in this panel. So as you were mentioning, CCTLDs unlike GTLDs are not subject to the policies developed within the ICANN processes and their policies are based on local regulations. that are often established in coordination with their local communities. And in terms of the governance gaps or governance issues that we have seen are the regional level are related mainly with a lack of sometimes understanding among different types of authorities about the functioning of the internet, the DNS, and the role of different technical stakeholders. And we have also identified some certain interests in these issues in some private actors that are not involved in internet governance, but that have approached like TLD and other organizations in the technical community for help in addressing these issues. So this has led to an initiative that at first we call the illegal content workshop. And this is a proactive approach or collaborative approach that consists of a training and awareness raising effort on the operation of the internet, its governance models, the actors that are involved in its technical operation, and among other topics. And this is something that was originally intended for judges, prosecutors, and law enforcement agents. And later on we have adapted this type of training activities to other audiences that have also approached the technical community organizations. And we believe that these kind of efforts and and capacity building sort of activities have been successful and they have operated as an initiative to close certain governance gaps and most importantly to build networks of cooperation or at least networks. of contact between authorities and organizations involved in the operation of the internet. And we see a very positive impact when national authorities, regulators, judges, policymakers can have a regular dialogue with CCTLEs in each of their countries or with other types of technical operators. And also we have been able to involve in certain editions of these workshops, the private sector also to address issues related to illegal content in their platforms and services besides the DNS threats or DNS abuse issues. So this is one of the proactive approaches that we have developed at the regional level in collaboration with the technical community organizations, but there are also kind of unilateral efforts that were promoted by CCTLEs specifically. So I can maybe later on in the panel share some of it. Thank you.

Moderator:
Thank you very much for that, Rocia. And you make an incredibly important point about the lack of understanding among some policymakers and judiciary and others that you are proactively training about the domain name system and how it works. And perhaps that is a point for reflection for those of us in the room and listening to this online about how have we managed this, this public, this gap in understanding. We at the DNS Research Federation did some consumer research and we tested people’s understanding of some basic terms. And we found that a small minority, but a significant minority thought DNS was a kingdom from Dungeons and Dragons. And some people thought that it stood for the Devon Nudist Society as well. Unfortunately, it’s not that fun. But Jean-Jacques, sorry, first of all, Rocia, I hope we can come back to you for a bit more detail on the unilateral action taken by some of your members. So I’m going to come out to the room for your questions and comments. So get ready. And also, Georgia, please let me know if anybody’s raising their hand online. You’re very welcome to join in this conversation. But Jean-Jacques, welcome back. For those who don’t know Jean-Jacques, he spent many years at ICANN as a vice president of something very important. And he is now currently Asia-Pacific head of content policy and global head of telecommunications policy at Google. And it is really wonderful to have you joining the panel because of your understanding of the DNS issues, but also your new role in terms of content. And it comes back to Keith’s opening remarks that there are really good and mature practices in content moderation and the reduction of harms, but perhaps not as much joining up as there could be between the content community and the DNS. So it would be great to have, well, whatever you would like to say, but maybe some reflections on that as well. Thank you, Minnie. It’s so nice to be here. You’ve just shattered my illusions about what a DNS is actually about after all these years.

Jaen-Jacques Saillei:
I’m sorry I was late. I was on another panel which was dealing with data flows. And for some reason, they had questions to Google about privacy. So I had to stay a bit behind. Mystifying. So I’m going to shorten what I was going to say, or tweak it a little bit, having heard everyone. I just wanted to share a few thoughts, indeed, from the perspective of Google. And it’s interesting when I started all these years ago dealing with internet issues. I was in government dealing with the World Summit on Information Society. And we were talking about how the internet was young and how we shouldn’t hinder it with regulation. And I still think that’s probably true, that we shouldn’t hinder it with regulation. But the reality is that it’s now no more a child. It’s not even an adult. And the internet is an adult, albeit, I hope, still a young adult, like .com. And Keith. And with this, I think we’ve had an evolution of the perspective, especially. I think we’ve had governments, as we know, that have wanted to regulate the internet from day one, pretty much. But we’ve certainly seen a broadening of this belief by a number of governments around the world that they needed to frame the internet with a regulatory construct around it, and increasingly so. I think that’s the reality. And so when I look at it from a Google perspective, we’re not trying not to be regulated. This is a thing of the past. It’s more about how you are regulated. And within that regulation, there’s also space for self-regulation, by the way. Let me hasten to say that, because I think that’s very relevant to today. At least that’s my hope. So just a quick one on Google, right? So Google is an information company. Since 1998, we’ve got this lovely mission, since 25 years ago, which is to organize the world’s information and make it universally accessible and useful. So in that, for us, there’s this notion of useful, of relevance of the information to the users. So the company’s never been too keen on having users exposed to bad information, bad content. And so over the years, we’ve developed a lot of experience in tackling harmful content, inappropriate content, undesirable content. And we’ve done it on our own back. So we’ve got a set of policies and community guidelines that some of you might be aware of, whereby we can take action against inappropriate behavior that we see across our platforms, right? So the basic one is to, there’s like about four or so approaches within our strategy to deal with harmful content. We detect bad content, usually because it’s been flagged to us by users or by machines or by governments, and then we try to remove it. And that can be pursuant, as I said, to user flags, and depending on whether it corresponds to our own usage policies or whether it might be pursuant to a legal removals process, depending on the platform. But then it’s not just that, it shouldn’t be just about removal. It’s also about trying to make sure that users are exposed to the right kind of information, making sure our search results bring up quality results from authoritative sources. It’s also about encouraging good creators that create quality content on platforms such as YouTube, for instance, and also to follow the money and try to demonetize as soon as we see content that’s being generated or misused by bad actors. And the final one is about collaborations, and perhaps that’s helpful. We try and we have tried for years to partner with all sorts of researchers and others across the industry to understand the problems better, to come up with technical solutions and to share those technical solutions. That’s the kind of overall approach. But let me get a little bit to the core of the matter. And my experience also having moved from Europe to Asia-Pac a few years ago, generally, when I look at content regulation around the world and certainly in this region, I think there’s definitely a trend for much increased regulation, if not over-regulation, and there is nothing stopping those regulations applying to all intermediaries, right? It doesn’t, it is, you see a few countries coming up with social media regulation that’s quite specifically defined as social media actors, not always very well defined, but defined, but vast majority is omnibus regulation. That is about internet regulation, and that concerns all internet intermediaries. And it’s there, or it’s coming. And it’s from a range of countries, certainly from across Asia-Pac. And I think, also, we need to think about the evolution of regulation when, say, 10, 15 years ago, you could probably still say that quite a lot of countries outside of those two regions were looking at what the US was doing, what the EU was doing, and sometimes they were copying. I think the picture is much more complex now, where you have some coming up with their own pretty brand new regulation, Greenfield regulation, and others, I see a lot of those, cherry picking. They just say, oh, I’ll take a little bit of that EU DSA, but only a little bit that I really like, not the due process parts, but I’ll take all the nasty parts of the dreadful UK online safety bill, sorry, I didn’t say that, et cetera, et cetera, and then adding their own veneer. And it’s there. And we’re talking about significant markets. We’re not talking about a few hundreds of thousands of people. We’re talking about hundreds of millions of people that are going to be regulated through this. And the internet intermediary is coming. And I sense, I think, to your point about education and collaboration, I don’t think there’s a lot of education. I was going to mention a lot of the principles that we like to see when we hear about regulation, and I can mention them. We talk about flexibility, about balance, proportionality, outcomes-based, and all that. But there’s a fifth, like we’ve got four of those. I could read them out. But anyway, there’s a fifth one. If you want to know, I’ll give you the rest. It’s on our blogs. The fifth one, to me, is about engagement and collaboration. One thing that I feel is lacking, and it’s not just in this region, it’s frankly in all regions, is engagements by governments with the multi-stakeholder community. I still, well, you know, it’s one thing to have a public consultation that you push on a website. But as a policymaker and tentative would-be regulator, how many times have you heard those guys and people, regulators, policymakers, coming to you as an internet intermediary, or indeed a member of civil society, to proactively seek input? I haven’t had that much at all. And I think there’s really a deficit in policymakers and regulators actually listening and wanting to listen to the views of the technical community, of industry, of civil society. And when we look at the, this is supposed to be, in the EU, we call it a better regulation directive. They’re supposed to come out and seek proactively the views of stakeholders. I don’t really see that happening a lot. So, OK, we could try to remind them to do that. And the IGF is a good forum to remind them. But that’s probably just not going to happen. We’re probably going to have, as an industry, to go out there. So just trying to finish off, going back on the. I don’t want to be scaremongering because I think that’s not a bad idea, but I do think regulation is upon us, has been upon us for a while, and I think there’s been some really nice carve-outs here and there in some of the recent legislations where the core of the Internet has been set aside, so to speak. But even if the regulations don’t touch Internet intermediaries as such, there’s existing other types of regulation where I’m hearing very similar suggestions about DNS-level actions. Copyright, other parts of harmful content. In AIPAC, I’m sure, Jen, you’re familiar with all the scams and frauds that we have here. People are saying, oh yeah, we should take action at the DNS level. And they’re not going to not say, oh, they’re registrars and registries, let’s not touch them. They’re going to go through whoever can take the action. And even though some of us are raising the concerns of collateral damage, massive collateral damage to the ecosystem, it gets scant attention. I think there’s a lot of work for us to do. Like a lot what I’ve been hearing here about being proactive, I think it needs to be done. We need to show that as an industry, as an ecosystem, we’re trying to do the right thing. I know people in this room, and I know they’ve got no interest in having bad stuff on their phones, same as us. And we’re all working really hard. So sure, we need to demonstrate that. But it looks like we all need to also raise our voices more, educate as much as possible. I like to think, I know, Esteve, for instance, you’ve been doing a lot of work on internet shutdowns, things like that. And I think if we can- I didn’t call you. Right? I didn’t mean you shut down the internet, I mean the other way around. But perhaps we can have also some governments that help us in doing this outreach on the positive side about having balanced regulation and making sure that we leave space for freedom of expression and not over-regulating.

Moderator:
Thank you very much. So we had a challenge there for regulators to actually talk to industry. So Esteve, I’m very happy to give you the floor if you want to respond to that. I know Keith, you wanted to come in on that. Do any of the other panel members want to join that? Fiona and Rocio, if you can just raise your hands, then Georgia can let me know if you want to come in. Shall I give you the floor very briefly, Esteve, and then Keith, and then I’d like to open the floor to your questions and the questions online as well. So do raise your hand if you’d like the mic.

Esteban Zanz:
Thank you so much for all these interventions, by the way. I was listening very carefully. Just very briefly, it’s inevitable to move from this discussion about technical DNS abuse, content DNS abuse. We know well that this is a discussion that will go on for a long time. for some time. I think that we’ve moved in different planes, talked about content, talked about technical issues. There’s still value in separating both, at least for certain sort of conversations. You know that the EU has a very clear approach when it comes to regulating platforms that relate to content. This is basically the Digital Services Act. We found, after a lot of discussions with many stakeholders, an approach that we think really strikes the right balance between the user’s rights and fundamental rights and the need to do something. I think the reason why we’re here and we opened these contracts and we are discussing these things is that we finally agree that there is DNS abuse and it’s something significant. And that’s very positive in general. But beyond that, I just wanted to say that, of course, at the international level, and that’s why I call you sometimes, but also why I coordinate very well with Ken, that I see it’s there. He’s a bit angry at us these days because he did the heavy lifting on the organization of the declaration for the future of the internet, the zero session. But we co-organized it, but he did the heavy lifting, I have to admit it. But we have actually coordinated very well with the US on that declaration. And that declaration is many things. There are many principles, but there is one thing, one way of approaching that declaration, which is very clear for us, which is a straitjacket. Here we are proposing globally a series of principles for states not to do certain things, not to regulate the internet in certain ways that we think are absolutely harmful. And digital authoritarianism is really a thing. And perhaps the worst thing that has happened to the internet is that now we know that authoritarian countries are using it to control their population. That’s the reality. The internet is no longer, we cannot see the internet any longer, as something that brings freedom, or freedom of speech, or democracy. It really depends on how states treat it. And the declaration is precisely that. It’s a way forward, a series of principles of how to do things, but also how not to do things, how not to regulate the internet, so that it doesn’t end up consolidating authoritarian tendencies.

Moderator:
Thank you very much. So, I know, Keith, you wanted to come back. Jean-Jacques, really, you got everything riled up, because everybody’s like, I want the floor. I’ve got Fiona waiting to join as well. Jiarong, you want to? And I’ve got Mark as well in the audience. Does anybody else? Oh, great. Okay, we’re good. We’re gonna be fine now. So, Keith, in your remarks, perhaps you can address Jean-Jacques’ point. Jean-Jacques is like, the governments never call, but actually, do the industry talk to each other? Well, Esteve called you straight away, but are industry talking to each other across sectors effectively enough? So, thank you.

Keith Drazek:
Thanks very much, Emily. And yeah, so I’m gonna touch on a few things. I’ll try to be brief. I think the answer is not sufficiently. The direct answer to your question is industry, especially when we talk about up and down the stack, or across the range of operators. I think, and that was one of the reasons we identified the governance gaps as a challenge here, is that there is an opportunity and a need, I think, for registries, registrars, hosting companies, CDNs, and ISPs to engage more constructively and more proactively together to collaborate, communicate, identify trends of bad actors, mitigation strategies. So, I think that is a fundamental opportunity that we have as industry. But to be informed by the concerns of civil society, to be informed by the views of governments and regulators. And so, just to go back to one of the things that Jean-Jacques said, clearly regulation is here. There’s no turning back that clock, right? And to Esteban’s point, I think regulation can be appropriate and is appropriate in certain circumstances. I think that’s quite clear. The fundamental issue that we have as industry is that it needs to be informed and educated regulation, legislation, regulation, whatever it may be. It needs to have the benefit of the input of the industry informed also by civil society concerns. And I’m gonna get to this in a moment going back to what Jennifer said about trusted notifiers. As we start talking about trusted notifiers as inputs to us as operators, requesting, in many cases, the use of the DNS to take down content or to moderate content, that raises a lot of real concerns. And when we talk about roles, responsibilities, and capabilities of the actors in the ecosystem, a registry can do a certain set of actions, very, very limited. A registrar can do, perhaps, a slightly expanded set of actions, but very limited. And when you start talking about content, hosted content at a third level domain, registries and registrars have one option, and that is to take the entire domain, the second level domain out of the zone. If it’s a bit of offending content or harmful content on a third level name or on a website, the hosting company has to be involved in that conversation about how to mitigate those harms and on and on. So it’s really important to understand the roles, responsibilities, and technical capabilities of the actors in the ecosystem. And fundamentally, when we talk about using the DNS or taking action at the DNS level to mitigate content-related harms, we have to start thinking about provenance, like the closest operator, the closest provider to the harm should be the operator that takes the action. So provenance, proportionality, making sure that if you’re taking action to mitigate online harm, especially content, that you are doing so in a proportionate way that doesn’t negatively impact other parts of the ecosystem or impact negatively, disproportionately users. Transparency, right? We need to have transparency when it comes to using the DNS to mitigate content, mitigate online harms. Transparency, what actions were taken? What was the procedure and the process that was followed? Due process, right? It was their due process for consideration of that action. And finally, recourse. Is there a process for recourse for the impacted party if you got it wrong, right? I think these are all things that need to be discussed. And if we rely on a third party, a trusted flagger or a trusted notifier that’s outside of the traditional court system, that raises all of these questions. And so I think the understanding of the procedures, processes, the authority that a so-called trusted flagger or trusted notifier might have, especially when you’re talking content, raises these questions. And these need to be discussed by industry, but informed by concerns of civil society, informed by the views of regulators. And that’s a conversation I think that we need to have. But I think we as industry really need to start having this conversation together so we can then take that next step of bringing in the multi-stakeholder sort of inputs. So Emily, thank you.

Moderator:
Thank you very much. And I think if you could find a different word for transparency, you’re getting close to a sort of five Ps type of policy principles there that could be developed. Now I’ve got an ever-increasing list of people who want the floor. I’ve got Fiona, Jia, Jen. I’ve got Mark, the gentleman at the front. I’ve got Andrew. Who else wants to take the floor, Michele? So what I reckon is let’s try and get through these remarks in the next quarter of an hour, 20 minutes, because I want to set aside time at the end before we close to do a sort of. So what are we going to do, right? How are we going to close these governance gaps? What actions, what commitments can we make to actually make things a bit better? So Fiona, thank you for waiting. And then I’ll come to you Jia.

Fiona Alexander:
Sure, I’m happy. I just wanted to respond to a few things I heard other panelists speak to. So I think it’s important to keep in mind that the space, the technology space has always had regulation. I think back to the telegraph in the early days of that. So there’s always been regulation in and around technology. I think the thing that’s changed in the last 30, 35 years is how that regulation comes about. And that’s because of sort of the proliferation of the internet and what it affords people to do. And this really is sort of the multi-stakeholder approach to actually engaging everyone in the process. And I think that’s the important way forward and the important path forward to solve some of these complex issues. And at least from my perspective, governments putting out a public comment process and government putting out a notice of rules and asking for feedback is not a multi-stakeholder process. Yes, you’re talking to people and yes, you’re getting feedback, but that’s not actually a multi-stakeholder process. So no matter how well-intentioned it is for a group of governments to get together and say the right things and say things that could be useful, I’m often reminded by what one of my old bosses used to say to me all the time, how you do something can be equally as important as the what you do. And in this case, to solve these complex problems, it really is important that the conversations and the solution sets to get to Keith’s roles and responsibilities point really happens in a multi-stakeholder fashion where everyone is in the room, everyone is listening and everyone’s learning from each other. That’s the way to solve these problems. It’s not for one stakeholder group, regardless of whether it’s industry or governments or civil society to sit separately. That doesn’t solve the problem from my perspective. So I just wanted to respond to a couple of things that were said.

Moderator:
Thank you, Fiona. And that comes back to some of the remarks you made earlier about the IGF being a really safe space in a way to experiment with ideas. You know, you don’t have the pressure of somebody may be changing a contract or regulating at the end of it. These are problems that are difficult. And you were saying that earlier. These sound simple, but they are actually difficult to solve. They span multiple sectors, multiple different actors, as you were saying. So Jia Rong, you wanted to reflect on some of the things you’ve heard, too.

Jen Rong Lo:
Thank you. So I was kind of hoping to just zone off. Yeah, but after hearing Esteva say something, it got me to think about one thing. Because Shengzhe was mentioning about regulation and that what he’s hoping to hear is governments reaching out to get the inputs and thoughts. And Esteva talked about balanced approach to regulation. And it got me thinking suddenly. Because I’ve not had interactions with EU regulators directly, but I’ve been on the receiving end from law enforcement agencies. Because after the EU enacted the GDPR, the ICANN registration lookup system, most of you in the room would know who is, we have to redact a lot of the information of EU citizens. And law enforcement agencies, including Interpol, Interpol has an office in Singapore. So they called me up. I was just catching up with them. And they said, your system now is useless. I can’t do any cybersecurity investigations anymore. Because I can’t find the information I need. And I was then realized, I realized that the same colleagues on the EU, on the lawmaking, policymaking side, did you consult with your own colleagues from the law enforcement agencies? Because they have ended up being the victims of this same regulation. The intention is good. You want to protect the privacy of your citizens. But the flip side of it is the same government folks who have charge of fighting cybercrime can no longer use the tool. So it’s actually very hard. It’s more a reflection than a question. Because I think governments, you have a role and you need to do what you need to do to protect the citizens. And it’s difficult because even just talking to each other within your own government is difficult. And then it makes it even harder when you want to think of getting inputs from multistakeholders. So sometimes I think that it’s very difficult because there’s no one answer, there’s going to continue to be a gap. What I think would help is we really try to find more opportunities for us to have these conversations with one another. I don’t have an answer for it, but it’s just a reflection.

Moderator:
Thank you very much for that. We did actually make it past the hour without mentioning GDPR, but I think it is a really important aspect and it reflects some of the remarks made by Fiona earlier. A lot of regulation is well-intentioned and Jean-Jacques, you talked about the evolution of regulation, like we can’t regulate this stuff, now we are regulating it and maybe over-regulating at times. But each regulation has its impact, it has its winners and losers. And I’d like to bring Jen and Rocio back into the conversation at this point. Just general reflections, it could be on the availability of data and it could also be fulfilling your promise earlier, Rocio, to think about what individual members are doing in the LAC region to try to address some of these governance gaps. So Jen.

Jennifer Chung:
Thanks, Emily. Actually, I really wanted to give a live case study to what Keith mentioned earlier about the list of – it’s not really the five P’s, you had other initials in there, but giving a different flavor of what a registry operator does, obviously .asia is .asia. And we also manage and are the registry operator for .kids, and .kids is one of the very first GTLDs with a mechanism for restrictive content. And what Keith mentioned earlier with that chain is extremely important because most of the registry operators, of course, our baseline is our contractual obligations and what is within the ICANN remit to deal with DNS abuse. But as Keith already mentioned, downstream, we have the hosting providers, DNS resolvers, all of that. And at every point, there could be abuse happening, whether it can be termed specifically as DNS abuse or pretty much bad things are happening on the Internet, so all the way to content. And for .kids, when you’re looking at it, and actually I’m going to look at Jean-Jacques as well, we actually rely on the Google Safe Search API to look at these restrictive contents for specifically for this GTLD because the first thing we need to do to look at it is to actually have a policy that listens to civil society, listens to experts. And in .kids’ case, of course, the child rights experts, the child digital online rights experts, that community. And then secondly is the transparency part of it. At every single level, when you’re dealing with this kind of content, we need to have the paper trail of where. What is this reporting coming from? How are we addressing it? And then downstream, how are the due process, of course, how would a registrant or actually the user who has reported this abuse, how would there be recourse if they don’t agree with the actions that we take? And this is just kind of a live kind of case study illustrating what Keith just mentioned. So that was pretty much what I wanted to add.

Moderator:
That’s fantastic. Thank you very much. Emilio, would you like to reflect on some of the things you’ve heard? And then I’m going to come to you, Mark Dattesgeld, and then gentleman at the front, Andrew Campling-McKaley.

Rocia de la Fuente:
Thank you, Emily. I wanted to mention that, unlike the EU, there are no regulations in the LAC region that promote the harmonization of policies and practices among the CCLDs. And that’s why we see many differences in the approaches that are adopted by the different CCLDs in the region. Also, we saw that some preliminary studies recently in the ecosystem have shown that the percentage of abusive domains is significantly small in the CCLD community. But even though the percentage of abusive domains is small, there are some cases of proactive action that have been promoted by CCLDs. And in terms of data, the CCLD registration processes, in some cases in the region, have introduced data validation mechanisms for individuals and also legal entities. And one of these validation mechanisms is based on national tag identifiers. And while these processes of domain name registration and delegation might be slower or more bureaucratic in relation to other CCLDs or CTLDs, the data validation mechanisms and those specifically based on tag identifiers raise the variance for users that are seeking to register a domain for criminal activities. Also, there are other cases that are related to tackle specifically illegal content. And we have the case of .co, which presents a specific approach to tackle these cases of extremely serious illegal content as CSAM in partnership with the judiciary and also with international organizations. and for the protection of children online. And in this case, there is a national hotline that has been incorporated, which also includes mechanisms for reviewing reports in coordination with specialized and civil society organizations, and also a protocol for blocking certain URLs in certain cases. Thank you.

Moderator:
Oh, okay. Thank you very much. There’s so much more to say, but those are really vivid examples, like the cooperation between DOTCO and other organizations in relation to child and sexual exploitation materials. So thank you very much for highlighting those. And I’d like to come back to you if we have more time, but I have got a queue of people in the room who’ve been waiting very patiently for the floor. Mark, can I start with you? So there’s a microphone in the middle. I hope you don’t mind that. Maybe we can take those four comments from the floor and then come back to the sort of the need for action to the panel. So thank you very much, Mark.

Audience:
Thank you very much to everyone. This is Mark Darisgaud. I’m an internet governance consultant, and I was co-chair of the team on DNS abuse that eventually made suggestions to the contractor parties that were then taken in by them and worked on within their terms. So one important question that came up, and Esteve mentioned it in passing, but I would like to really stress this, was that what our group did was seek the minimal level of technical abuse. And this is maybe a false too of where we arrived with this. It is DNS abuse, but we’re thinking about the technical level because this is something that we could get together as a community and agree. And I kept posing questions to people such as, you know, cite me a good botnet, one. Give me an example of a good botnet. with botnet that’s not a novelty, like an academic experiment, there are none. So you have no reason, basically, not to take down botnet. So the suggestions we arrived at are the very, very floor, something that, in theory, if I was to say, this shouldn’t have been addressed before. We’re just trying to get to the point that we need to be, the very basics, and from there, now it’s a discussion of what are the things that are not the bottom of the bottom, right? That’s the discussion that starts once, hopefully, and I’m not promising anything, but hopefully the contractor parties adopt these amendments. Where do we go from here, where are the next things? So with technical, it’s not all technical, but there are still technical abuses out there, but the basic ones, handled, where to move next. So that should be our question, right? It’s not where is DNS abuse at right now. Technical abuse is kind of slightly getting solved. Where do we go from here? Thank you.

Moderator:
Thank you very much. So Mark is making the point about the community starting with very technical definitions, so let’s hold on to that idea and invite you, sir, to make your point. I’m sorry, would you mind going up to the mic? We can try and get it to you otherwise.

Audience:
Thank you very much. Let me introduce first so that this is Ganesh. I work for the government of Nepal. Before talking about the DNS governance related threats and challenges, we need to know about the capacity gap of the developing countries related to the governance gap. You know that we don’t have CDPR, GDPR, all the cybersecurity law. as well as other related legal, as well as infrastructure that might be essential before going to address to the DNS-related threat. So how we can strengthen the collaboration, as you mentioned already, between not only the civil society and the private sector, but among the development partners, as well as the experts, so that we can minimize those gaps. Although there is always the threats of the DNS-related threats are there, so that we need to build the capacity of the developing countries, particularly where there is a lack of legal infrastructure, as well as the physical infrastructure.

Moderator:
Thank you very much, Kanish. And a really important point. Thank you for raising it, that we can have a very global north conversation. We have to, one of the gaps, most important gaps to overcome is that capacity gap that you mentioned. So I hope the panel will reflect on that. Andrew, I think you were next and then Michele.

Audience:
Hi, thank you. So, too often when we have gatherings like this, the conversation usually starts with, we can’t do X, where X is something that the community doesn’t like, because of fragmentation or because of the internet way of working or some other, in my view, generally quite flimsy excuse. So I thought it was really incredibly positive that this whole discussion started with Keith. Yeah, and then others talk about sort of preemptively, sort of proactively rather, preempting the need for regulation by actually doing positive things to deal with problems, recognizing that there are problems. I think that was very positive. And if only more in the community took that approach. Thinking about the gap, so, and perhaps tossing in a different aspect, are new standards as they relate to DNS, do the panelists think that they might be introducing new gaps, new challenges from a governance perspective? And should these be considered in advance in much the same way that legislation should perhaps be more considered in advance? And if so, how do we get more policy stakeholders the standards community, which is currently very undiverse and not, in my experience, overly welcoming of the multi-stakeholder approach.

Moderator:
Thank you very much. So we’re actually getting from the audience some really important additional gaps that I’d like us to reflect on. In addition to the sort of the limitations of technical-led definitions, we’ve got the gaps in capacity, and now from Andrew, the gaps in getting policy voices into emerging standards in this space, so not much for you all to deal with in your one minute of reflection that you’ll be having, but we haven’t heard from Michaela yet, so please take the floor.

Audience:
Thanks Emily. Michaela Neyland, for those of you who don’t know me, so I’m the founder and CEO of a hosting provider and registrar based in Ireland. A couple of things, first off to the gentleman from the EC, would you please, please, please stop using .EU as examples of anything. They operate under contract with yourselves, so holding them up as the gold standard while it might be suitable in certain scenarios, expecting other registries and registrars to automatically adopt whatever .EU is able to do is quite problematic. I think what Keith was talking about makes a lot of sense, but one of the problems I’m having with this is, where’s the line between DNS and internet? Because not everything is a DNS problem. It really isn’t, and trying to solve it, I think as Keith rightly points out, a lot of the issues that need to be dealt with aren’t within the scope, within the scope of registrars or registries, we’re not the best equipped to deal with them, we shouldn’t be the ones to deal with them. I’d even go further and say that in many cases, as hosting providers, we’re not even particularly well equipped to deal with them, because there are issues on platforms and things like that, which we really can’t see. I cannot, if I was hosting Facebook. for example, I could remove the entire website, or a large part of it, I wouldn’t be able to remove one offensive post. It’s the same with any blog or anything like that that we might host in our network. We have no ability to remove a single piece of content. It’s very, very hard to do that. The issue, though, really becomes one of, OK, who do you want to talk to, and what’s the problem you’re actually trying to solve? At the moment, in Europe, one of the issues we’ve been seeing is a huge rise in smishing. So smishing, it’s the telecoms companies that could do something, but have failed to act in many cases. But right now, the only ones who are able to take any action are going to be the registries and the registrars, because it’s a URL, so it’s a domain. But why aren’t the telcos being asked to do things? Because just from our perspective, I think we’re a little bit tired of being the ones that are the stopgap for everything. For all the evil on the internet, it comes back to the DNS. And in many respects, it actually doesn’t.

Moderator:
Thank you very much, Michele. And also, it’s great to have a voice from a registrar as well in the room. You don’t see many registrars at the IGF, so thank you for raising that. And I think there was a challenge to you, Esteve, which hopefully you’ll respond to. But are there any further questions, either online or in the audience, that we want to get through? Yes, sir. And then I’m going to wrap the session with something positive.

Audience:
My name is Werner Staab. I work for, also, a registrar. It’s actually an organization that also does a registry system. It’s core association. It’s a not-for-profit whose objective is to improve the DNS by getting some resources in place by sharing resources for operating systems. And in a way, it’s a good idea. The habits that we’ve gotten into over the last 20 years turn out to be now not so good habits because relying things for the security of the DNS that have disappeared. When the DNS was created, fax numbers, telephone numbers, and physical addresses, postal addresses, used to have meaning at that time, 30 years ago. They don’t have anymore. They have become totally liquid, floating. You can have a telephone number anywhere. It doesn’t mean anything. It’s no longer an anchor. But more importantly, the domain itself has been a victim of its own success because there are so many domains. The cost of losing a domain is irrelevant for an attacker. You’re still behaving as if it was a great problem for an attacker to lose their domain. Of course, they couldn’t care less. They’ve got thousands, millions of domains accessible to them, not necessarily under direct control because this is a gray market of making domain names available for all kinds of things, which then also enables them to use them selectively. And so it is no longer just a question of handling evidence of abuse. It’s just too late when it comes to there. And then when we actually act, the attacker couldn’t care less.

Moderator:
Yeah, so I think that’s a good, a welcome reminder to all of us over a certain age that sometimes 20-year-old habits aren’t always best for us. But in closing now, I said we’d get to it five minutes ago, and half of my plan for the session has gone out the window. But one thing I would like to revive is this sort of future looking. And to come back to your original call for action, Keith, is like, what can we do? It’s always easy to point the finger and say somebody else should do something. I heard something that I was reminded of a phrase earlier this week, which is those who can should. And so there are people in this room and on this panel who have got some capacity to do things. So my question to you is, what can you do that will make things better? Jean-Jacques, we haven’t heard from you for a bit, so I’m gonna put you on the spot, and then I’m going to run through the panel. So just thinking individually or for an organization. Both. It’d be better to hear from Google, honestly.

Jaen-Jacques Saillei:
Look, I mean, I think there are a few things that we’re already doing and things we should discuss in more detail in terms of, and I think Keith has already given a few good ideas along this way. Maybe starting with a reference to what the gentleman from Nepal was saying in capacity building. I know we do quite a bit of capacity building of our own, for instance, where we engage with certain governments and we explain how we deal with harmful content. We also do it through third party organizations. So for instance, the UN Office of Drugs and Crime often organizes training sessions for law enforcement agencies from countries across Asia. And I’ve gone there myself to explain how internet companies deal with harmful content, terrorism, that sort of stuff. So there are some channels that exist and we can talk about that. But then, I’m mentioning UN agencies and it’s great we’re in a UN forum after all. So we have to give them a credit. But then going back to what some of us have been saying in the room, is there something that we can do as an ecosystem, not just a internet industry writ large, but as an ecosystem. I mean, it was interesting to hear Michele talk about, and he’s gone, but to talk about, everybody turns to the DNS people for action. Well, and saying all the ills are because of the DNS. I don’t think that’s entirely true. They turn to us as well. Possibly a little more sometimes. Maybe. Anyway, just talking about some of the governments that talk to us about disinformation, seriously, look in your own backyard. But anyway, I think there should be some discussion. Perhaps we should continue this discussion in a way to think, okay, what is it practically that we can do? Is there, are there more coordinated actions that we can take? Having worked for ICANN, and I know what I was trying to do in Europe when I was there, what I imagine Jaron is trying to do quite regularly is engage those governments, right? Trying to explain to judges, to law enforcement, how it all works. Importantly, and so I think we should continue the discussion just think about very practical things to do. Perhaps it’s just also a question of visibility, saying each other, oh, there’s that school on internet governance, for instance, that ICANN and others run. Can we tack onto that something for governments? And by the way, it doesn’t have to be in person. We’ve got something called the internet, we can do GVCs, right? And we can get governments from Nepal, from Bhutan, from everywhere to join those trainings online and be further understanding and also network with the industry, get a lot more understanding. I think we can very practically do that. There’s a bit of explaining and some basic explaining that we need to do even with governments who are supposed to be informed. Like I’m looking at Lisa, we’ve got work to do in Australia to explain to people that DNS level blocking is bad, just as one example. And so I think there’s a lot more that we could continue to discuss, very practical actions of engaging with those governments. So I’d love to continue. I don’t know what platform would be best. Maybe Jiarong’s got some sort of ICANN SIG or something that we can tap onto.

Moderator:
Thank you very much. And I’m going to ask Esteva next, and then I’ll come to… to Rocio and Fiona, and then come to you, Giron, and then Jen. So, brisk remarks, four minutes. In total. Yeah. I just wanted to start by acknowledging.

Esteban Zanz:
I just wanted to start acknowledging the questions and comments from the audience. Capacity building is key. I have to admit that this is a Global North conversation. We are Global North discussing the NSWs, mostly. And this is bad for the overall ecosystem. And it will play very badly in the WSIS Plus 20 discussions that will emerge very soon. We need to work on that. I know that ICANN is making great efforts to be more inclusive, working on support in relation to the new round of TLDs. But we need to do more. I can just say that we are perfectly aware of this situation, and we are engaging also in the context of the Declaration for the Future of the Internet in capacity building projects in the context of the Global Gateway, development support, et cetera. But this is probably one of the core fundamental problems of the model.

Moderator:
Sorry, just to get the others involved. But that’s a really important point on the need for inclusive conversations involving the Global South. Fiona, Rocio, can I ask you for your concluding thoughts on what action needs to be taken, preferably by you?

Fiona Alexander:
Sure, I’m happy to start. I think one of the things that this session helps reiterate is the first thing that people need to do is get in a room and sit down, whether it’s remote or in person, and have a conversation, right? So the only way you can solve problems is to sit down. down and talk to each other, understand the issue sets, figure out what the gaps are, as have been raised by folks in the audience. Even Michele’s point about bringing in other actors, not just focusing on the DNS players. So I think, you know, just what can happen and what should happen is a sustained way of having and continuing the conversation, whether it’s at other IGFs, whether the Dynamic Coalition wants to have its own meetings, but I think continuing the conversation is the best way to get us to some shared solutions.

Rocia de la Fuente:
So very briefly, as an organization from the LAC region, I believe that one of the tasks we want to undertake is to improve the mechanisms to measure and identify levels of DNS abuse. We believe this will be very helpful for some CCTLEs in our region, and we also believe in the importance of continuing to promote our training workshops targeted to different governmental authorities and in collaboration with other organizations of the regional community. Thank you.

Moderator:
Thank you very much. So the need for improved measurement and identifying DNS abuse and continue your great work in workshops and trainings. Giron.

Jen Rong Lo:
Thank you. Just quickly responding also to Ganesh. From ICANN, what we try to do is we do a lot of capacity building work, not on the regulation side, but with the operators. So I’ll reach out to you after this, and if you need any help from the operators, we help them to think about DNS security. We also do capacity building for law enforcement agencies, and it applies for – I look after the Asia-Pacific region, so it applies for the Asia-Pacific region I’m looking after, but we also have colleagues from other regions who do the same thing. And I thought an insightful remark, and I thought to close on this one is the remark from Andrew is like, you know, is our new DNS standards introducing new gap? And actually, in our space for the DNS, I find as industry and also for us from ICANN and the IETF, we are very cautious, I feel. One example, we introduced DNSSEC, and a lot of people say DNSSEC doesn’t really work, you know, it’s not a great thing, it solves only one small problem, and so on. But there’s this new other problem, TLS. TLS has a certificate of vulnerability, and then people introduced DAIN. And DAIN relies on DNSSEC, which then is building on established standards that then continues to make sure that you go in a safe, secure, and resilient manner. And I think as a group, all of us thinking about DNS, that’s probably the approach we want to go for, instead of DNS, kill everything, or start over. But what we have is sitting on something very solid, and let’s all work together to make that better, one step at a time. Thank you.

Jennifer Chung:
Thank you very much. I want to kind of carry on from what Jeroen just mentioned about the capacity gap that our question from Nepal came from. DotAsia also proactively does engage in a lot of capacity building projects around Asia Pacific region, in partnership with ICANN and KISA, and other Asia Pacific, and Google, and Google organizations. And I think that is one of the gaps that we can also identify and really take action. Maybe as, you know, DCDNSI, that’s one of the actions we can take. Joining the dots in the kind of different approaches we’re already taking, both contractual ones, both proactive ones, and things that can actually work. Taking the ones that actually work, and scaling it, and actually seeing if it would also replicate and work in other regions, and other registry operators, and other parts of the DNS ecosystem. And then finally, I mean, I guess this is really important, but I think it bears repeating, DNS security likes collaboration. We really need actual multi-stakeholder approach to it. Not just, you know, what Fiona mentioned before, hey, you know, the government’s coming out for consultations and we kind of take it in, that’s not perhaps an actual multi-stakeholder collaboration. We really need to bring in all the different elements in the DNS ecosystem and wider as well to address this. So it’s more of a complete approach.

Moderator:
Thank you very much. So Keith, some closing reflections for you in minus 30 seconds, but thank you. Thanks very much, Emily.

Keith Drazek:
Just two quick points. I wanna build on something that Mark Dataskild said, and a concern that Esteban raised earlier about the GTLD registries and registrars, ICANN’s contracted parties voluntarily initiated this contract negotiation with ICANN to take on essentially an affirmative and enforceable obligation to act to mitigate DNS abuse within our areas of role, responsibility, and capabilities. It was a bilateral initiative initiated by the contracted parties, registries and registrars, to take on new obligations on ourselves. That was the first step. As Mark noted, the second step, and registries and registrars in the ICANN space are committed to the multi-stakeholder engagement, committed to PDPs, policy development processes through our GNSO as the mechanism for multi-stakeholder community-based bottom-up consensus policy development. And so the expectation is that will be the next step, which will then further address some of the issues that Esteban mentioned as perhaps being undefined or less clear, so there’s more work to be done. To answer the question about what’s next, there’s clearly a need for ongoing conversation and dialogue, collaboration, and information sharing, and I see it’s two sides of the same coin. One is to bring all of the actors together, and I think to Michele’s point earlier, it could be, there’s concerns about IP blocking, right? The smishing, the telcos, there’s a range of actors that really ought to be part of this multi-stakeholder conversation, especially from industry as a starting point, as an initiated sort of conversation. And I think that we should use the IGF construct, we should use the DCDNSI, we should use the national and regional IGFs to, in an organic, bottom-up way, sort of start this conversation in different regions and different areas, and eventually work towards something a little bit more concrete in terms of identifying potential outputs. So I would say, stay tuned. There are conversations going on right now with industry associations and others and various operators at different levels of this ecosystem that I think have recognized this as a challenge and a need and an opportunity. So stay tuned, more to come. Thank you.

Moderator:
Thank you very much, and thank you everybody for your participation today. We ran out of time, but I think that there’s some really good thoughts for talking among the ecosystem, inclusive conversations with the global south, a sustained conversation, and maybe the IGF and the DNS dynamic coalition can play a role there. We had lots of plans for giving that a spot, didn’t happen. But stay tuned, thank you for your involvement, thank you for your questions, and please join me in thanking our amazing panel for sharing their insights. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you.

Audience

Speech speed

170 words per minute

Speech length

1546 words

Speech time

544 secs

Esteban Zanz

Speech speed

161 words per minute

Speech length

1196 words

Speech time

446 secs

Fiona Alexander

Speech speed

217 words per minute

Speech length

1309 words

Speech time

361 secs

Jaen-Jacques Saillei

Speech speed

209 words per minute

Speech length

2499 words

Speech time

719 secs

Jen Rong Lo

Speech speed

166 words per minute

Speech length

1844 words

Speech time

667 secs

Jennifer Chung

Speech speed

175 words per minute

Speech length

637 words

Speech time

218 secs

Keith Drazek

Speech speed

169 words per minute

Speech length

1995 words

Speech time

707 secs

Moderator

Speech speed

166 words per minute

Speech length

4048 words

Speech time

1464 secs

Rocia de la Fuente

Speech speed

135 words per minute

Speech length

864 words

Speech time

383 secs