Home / Blogs

Standing Up for a Safe Internet

Michael Young

Back when I started working in this industry in 2001, ICANN was small, the industry was tight, and things moved slowly as interest groups negotiated a balance amongst the impacts of change. Change often meant added overhead and, at the very least, a one-time cost effort to implement on the commercial side. Registries and registrars preferred to be hands-off when it came to how their domains were being used. But e-crime became big business during the 2000s. We all became aware of the dangers posed by malware, phishing, scams, and of the billions of spam e-mails spewed by criminal-controlled botnets. The costs of the criminal use of the DNS began hitting everyone — Internet users, big and small businesses, and governments too.

Answering GAC requests, the ICANN Board has now inserted two significant new contractual requirements about domains abuse into the nTLD Registry Agreement. The first is pretty non-controversial, and most TLD applicants had already pledged to do it:

"Registry Operator will include a provision in its Registry-Registrar Agreement that requires Registrars to include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name."

But the second new requirement is more substantial and difficult:

"Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request."

ICANN calls this a "public interest commitment," and the Board committee must have seen it as an affirmation that all parties have a role in keeping the Internet a safe place, and should manage the resources they control in a responsible way. (And who can disagree with that sentiment?) But it's not an easy thing to implement. It takes specialized knowledge and data to understand when your domains are being used for no good, much less what to do about it.

If you are a current registry operator, it's about understanding the extent of the problem you have, and if you are a new operator, it's about understanding the extent of the problem you face. Then, most importantly, it's about having tools in place to manage the abuse. Unchecked abuse can (and has) operationally impaired domain registries by steady reputational poisoning, and has hurt registrars through payment fraud and complaint-handling costs.

Finally, ICANN's new analysis and reporting requirement will receive some refinement. There will be additional public discussion and policy-making to flesh it out. We at Architelos will be watching these developments closely. But it's clear that registries will be required to know what's going on in their zones, must be able to quantify and categorize it, and must be able to report what they did about it.

I've watched the domain space grow to almost ten times the size it was when I started in 2001. Growth of a successful medium is inevitable, but continued success depends on maintaining the value proposition — in this case, keeping the domain space safe for everyone's use. It's time to fight for what's valuable to us.

I think Bob Dylan put it well when he said:

Come gather 'round people
Wherever you roam
And admit that the waters
Around you have grown
And accept it that soon
You'll be drenched to the bone
If your time to you
Is worth savin'
Then you better start swimmin'
Or you'll sink like a stone
For the times they are a-changin'.

By Michael Young, Chief Technology Officer at Architelos. He built the first modern EPP Top Level Domain registry in 2001 (.info) and subsequently built and operated the backend systems for numerous gTLDs, ccTLDs, IDN enabled registries and sponsored TLDs such as .org, .mobi, .in, .me and others. Architelos provides new gTLD application guidance and registry management services for clients in the DNS and IP industry. Mr. Young can be reached directly at myoung@architelos.com.

Related topics: Cybercrime, Domain Names, ICANN, Internet Governance, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Auctions Update: MMX Wins .law and .vip

LogicBoxes Partners with I-Content to Implement Vertical Integration for .RICH and .ONL

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

General Availability Kicks Off for .Website, .Press and .Host

New .ORGANIC Top-Level Domain Welcomes Leading Brands As .ORGANIC Pioneers

Dot Chinese Online and Dot Chinese Website Featured in EURid's World Report on IDNs 2014

New .ORGANIC Top-Level Domain Opens to Serve the Organic Community

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

Independent Endorsement of Dot Chinese Online & Dot Chinese Website by by FiarWinds Partners

New gTLDs and Best Practices for Domain Management Policies (Video)

.Host Announces Top Global Players As Pioneer Partners

Public Interest Registry Releases Bi-Annual Report, .Org Domain Registrations Pass 10.4 Million

Public Interest Registry to Speak About Upcoming Launch of .ngo and .ong Domains for NPOs

Landrush Opens for .Website, .Press and .Host

Afilias Announces General Availability of .BLACK Top-Level Domain

Nominum Announces Future Ready DNS

Last Lap of .WEBSITE, .PRESS and .HOST Sunrise

DotConnectAfrica Trust Responds to ICANN 50 GAC Advice, Updates on .Africa Application IRP Status

New .ORGANIC Domain Sunrise Begins, Creating Verified Space 
for Organic Products and Services

Sponsored Topics