Home / Blogs

Standing Up for a Safe Internet

Michael Young

Back when I started working in this industry in 2001, ICANN was small, the industry was tight, and things moved slowly as interest groups negotiated a balance amongst the impacts of change. Change often meant added overhead and, at the very least, a one-time cost effort to implement on the commercial side. Registries and registrars preferred to be hands-off when it came to how their domains were being used. But e-crime became big business during the 2000s. We all became aware of the dangers posed by malware, phishing, scams, and of the billions of spam e-mails spewed by criminal-controlled botnets. The costs of the criminal use of the DNS began hitting everyone — Internet users, big and small businesses, and governments too.

Answering GAC requests, the ICANN Board has now inserted two significant new contractual requirements about domains abuse into the nTLD Registry Agreement. The first is pretty non-controversial, and most TLD applicants had already pledged to do it:

"Registry Operator will include a provision in its Registry-Registrar Agreement that requires Registrars to include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name."

But the second new requirement is more substantial and difficult:

"Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request."

ICANN calls this a "public interest commitment," and the Board committee must have seen it as an affirmation that all parties have a role in keeping the Internet a safe place, and should manage the resources they control in a responsible way. (And who can disagree with that sentiment?) But it's not an easy thing to implement. It takes specialized knowledge and data to understand when your domains are being used for no good, much less what to do about it.

If you are a current registry operator, it's about understanding the extent of the problem you have, and if you are a new operator, it's about understanding the extent of the problem you face. Then, most importantly, it's about having tools in place to manage the abuse. Unchecked abuse can (and has) operationally impaired domain registries by steady reputational poisoning, and has hurt registrars through payment fraud and complaint-handling costs.

Finally, ICANN's new analysis and reporting requirement will receive some refinement. There will be additional public discussion and policy-making to flesh it out. We at Architelos will be watching these developments closely. But it's clear that registries will be required to know what's going on in their zones, must be able to quantify and categorize it, and must be able to report what they did about it.

I've watched the domain space grow to almost ten times the size it was when I started in 2001. Growth of a successful medium is inevitable, but continued success depends on maintaining the value proposition — in this case, keeping the domain space safe for everyone's use. It's time to fight for what's valuable to us.

I think Bob Dylan put it well when he said:

Come gather 'round people
Wherever you roam
And admit that the waters
Around you have grown
And accept it that soon
You'll be drenched to the bone
If your time to you
Is worth savin'
Then you better start swimmin'
Or you'll sink like a stone
For the times they are a-changin'.

By Michael Young, Chief Technology Officer at Architelos. He built the first modern EPP Top Level Domain registry in 2001 (.info) and subsequently built and operated the backend systems for numerous gTLDs, ccTLDs, IDN enabled registries and sponsored TLDs such as .org, .mobi, .in, .me and others. Architelos provides new gTLD application guidance and registry management services for clients in the DNS and IP industry. Mr. Young can be reached directly at myoung@architelos.com.

Related topics: Cybercrime, Domain Names, ICANN, Internet Governance, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Season's Greetings - 2014 End of Year Message from DotConnectAfrica

Minds + Machines in 2014 and 2015

New .VOTE and .VOTO Domains Launched

Consumers Prefer the .ORGANIC Domain for True-Organic Goods

DNW Podcast Interview with Antony Van Couvering

TLD Registry and Right of the Dot Establish a Domain Name Industry "Dream Team"

TLD Registry Ltd Welcomes New Board Members

New .LGBT Top-Level Domain Launched

.sydney Domain Names Now Available in Pre-Release

"Chinese Domaining Masterclass" to be Presented at NamesCon Las Vegas in January 2015

Auction and Sales Channel Update

Radix Set to Launch .SITE TLD in 2015

Annual Manthan Award Event This Week

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

List of New gTLD Availability & Key Information Provided for Download

Radix Launches .Space for Individuals, Freelancers and Professionals

TLD Registry Wins Best Marketing Award at China New gTLD Roadshow

Public Interest Registry Introduces 'OnGood' - New Brand Identity for .ngo & .ong

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi
Afilias

DNSSEC

Sponsored by
Afilias
Verisign

Security

Sponsored by
Verisign