Everyone has their own definition of “abuse”

The domain name system is the only centralised, regulated part of the Internet. Anyone can become a hosting provider, a website publisher, an email services or DNS provider without receiving any kind of specific authorisation. This has made registrars - who need ICANN accreditation to offer registrar services - lightning rods for the whole internet industry.

This was made clear by the GAC’s insistence that ICANN require registrars to help law enforcement agencies in their investigations into abuse, a problematic request to be sure.

In a session devoted to DNS abuse mitigation, ICANN was expected to demonstrate what efforts it has made to help GAC mitigate “abuse.” However, it became increasingly clear throughout the course of the meeting that neither party is operating with the same definition of “abuse.” Moreover, the role of registrars and the actions they can legally and technically take is not clearly understood. But, as usual, most of the complaints voiced by attendees related more to cross border cooperation (or the lack of) between law enforcement agencies rather than anything specific to the DNS.

Perhaps my European bias is showing, but it was quite fascinating to witness law enforcement agencies and government representatives trying to push their duties on to private actors, effectively turning private actors into rent-a-cops. These agencies seemed to forget that they are the parties empowered by the people to pass and enforce laws, be it off or online.

Educate, educate, educate

The is one of the reasons why the Registrars Stakeholder Group met with the GAC to educate them about what a registrar can technically do when they receive a complaint regarding the use of their services.

Denial of service

The GAC is requesting that registrars cross-validate their customers’ postal addresses. This means that registrars should be able to verify, for example, that address 221B exists on Baker Street and that there is a Baker Street in London and a city named London with the zip code W1U in the United Kingdom.

As anyone who has ever ordered any goods online knows, such a detailed validation system does not exist. The only party with access to this kind of database is the one requesting that registrars use it: the government. But, unfortunately, no government official came forward to make available at no cost this particular kind of database.

Nonetheless, since ICANN’s accreditation agreement states registrars must implement this validation system if it becomes available at a reasonable price, a working group has been formed to investigate.

The most passionate place on the web

Last - but certainly not least - the Registry Directory Service (RDS) working group, in charge of devising a new WHOIS system, continues its passionate debates concerning law enforcement agencies’ need for access and registrants’ right to privacy.

As a reminder, this Policy Development Process was launched in November 2015 and designed as a phased process:

1. Establishing gTLD registration data requirements to determine if and why a next-generation RDS is needed;
2. Designing policies which detail functions that must be provided by a next-generation RDS to support those requirements; and
3. Providing guidance for how a next-generation RDS should implement those policies, coexisting with and eventually replacing legacy WHOIS.

During the meeting, the Chair of this working group said that he hoped the first phase would conclude within a year.

In other words, if you are eagerly anticipating this next generation WHOIS, you may not want to hold your breath.

Coming soon: ICANN 59

And that concludes our report from ICANN 58 in Copenhagen. Next up: ICANN 59 to be held June 26-29 in Johannesburg! Be sure to check out our blog for a full report of all the latest ICANN news!

photo credit