DNS Abuse Among Key Topics at ICANN Meeting
Domain Name System (DNS) abuse is a growing threat given the cost of cybercrime, Laureen Kapin, FTC counsel for international affairs for consumer protection, said at an Oct. 15 ICANN policy webinar. The law enforcement community is pressing registries and registrars to take action. Those "contracted parties" say they want to help, but they face a lack of clarity on how to define the abuse and how far they can go to address it. This issue, along with continuing work on compliance with EU's general data protection regulation, possible new generic top-level domains (gTLDs) and a more effective multistakeholder governance model, is teed up for ICANN's Nov. 2-7 meeting in Montreal.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Mitigation of DNS abuse is a "vital topic," said Kapin, co-chair of the Governmental Advisory Committee public safety working group. The global cost of cybercrime was $600 billion last year. GDPR raises challenges to investigating cyberthreats that use the DNS, but another round of new gTLDs might provide the opportunity to improve the current system of handling abuses.
DNS abuse encompasses malware, botnets, phishing, pharming and spam, which all ultimately affect email that's used by cybercriminals, said Gabriel Andrews of the FBI cyber initiative resource fusion unit. Akamai research on the prevalence of malicious domain names in each TLD in the root zone showed the original gTLDs (such as .gov and .com) "look pretty good," blogged data scientists Donghoon Shin and Paul O'Leary Friday. Among the gTLDs in the second round, .biz showed "relatively high levels of malicious activity and even higher levels of spam or other potentially unwanted activity." For gTLDs approved in 2012, researchers found the most highly abused was .loan.
One problem for registrars and registries is that some provisions of their ICANN contracts aren't entirely clear, webinar speakers said. DNS abuse may not mean the same thing to everyone, said GoDaddy Director-Global Policy Ben Butler. There are "misaligned expectations" leading to reports against contracted parties. Registries are required by their agreements to periodically do "technical analyses" to judge whether domains in their TLDs are being used for security threats, but the definition of technical analysis is advisory, said Public Interest Registry (PIR) Deputy General Counsel Brian Cimbolic.
There are questions about whether registries are the appropriate parties to address certain security threats, such as website content abuse, Cimbolic said. That type of abuse is generally outside the scope of registrar/registry agreements with ICANN but the companies often tackle certain forms of it such as child sexual abuse materials. It may be more appropriate for hosting providers to deal with these issues because they're covered by safe harbor provisions under the EU e-commerce directive and the U.S. Digital Millennium Copyright Act, and because contracted parties have only "nuclear options" such as suspending whole TLDs, he said.
PIR, GoDaddy and other registries and registrars floated a proposal to address abuse. The Oct. 17 document calls for registries and registrars to act against the five forms of abuse but says maintaining the distinction between them and website content abuse "is critical for the Internet to remain open for free expression." ICANN can play an important role in the discussion by providing a discussion forum during meetings and an opportunity for multistakeholder talks. Other signers are Donuts, Tucows, Amazon Registry Services, Afilias, Blacknight Solutions, Name.com, Amazon Registrar, Neustar and Nominet UK.
ICANN agrees "clarity is needed in the contractual obligations as well as what we mean by security threats and how to fight DNS abuse," a spokesperson emailed last week. Discussions in Montreal are intended "to move the ball forward." However, data collected through a domain abuse activity reporting project and registry audits confirms that the vast majority of registry operators are committed to addressing DNS security threats, which appear to occur among a "relatively small number" of registry operators.
Other key agenda items include the expedited policy development process aiming to create standardized access to nonpublic domain registration data to comply with the GDPR, and procedures for approving new gTLDs. Pre-meeting information about what to expect is here. Information on efforts to make ICANN's multistakeholder governance model more effective is here.