Home / Blogs

Standing Up for a Safe Internet

Michael Young

Back when I started working in this industry in 2001, ICANN was small, the industry was tight, and things moved slowly as interest groups negotiated a balance amongst the impacts of change. Change often meant added overhead and, at the very least, a one-time cost effort to implement on the commercial side. Registries and registrars preferred to be hands-off when it came to how their domains were being used. But e-crime became big business during the 2000s. We all became aware of the dangers posed by malware, phishing, scams, and of the billions of spam e-mails spewed by criminal-controlled botnets. The costs of the criminal use of the DNS began hitting everyone — Internet users, big and small businesses, and governments too.

Answering GAC requests, the ICANN Board has now inserted two significant new contractual requirements about domains abuse into the nTLD Registry Agreement. The first is pretty non-controversial, and most TLD applicants had already pledged to do it:

"Registry Operator will include a provision in its Registry-Registrar Agreement that requires Registrars to include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name."

But the second new requirement is more substantial and difficult:

"Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request."

ICANN calls this a "public interest commitment," and the Board committee must have seen it as an affirmation that all parties have a role in keeping the Internet a safe place, and should manage the resources they control in a responsible way. (And who can disagree with that sentiment?) But it's not an easy thing to implement. It takes specialized knowledge and data to understand when your domains are being used for no good, much less what to do about it.

If you are a current registry operator, it's about understanding the extent of the problem you have, and if you are a new operator, it's about understanding the extent of the problem you face. Then, most importantly, it's about having tools in place to manage the abuse. Unchecked abuse can (and has) operationally impaired domain registries by steady reputational poisoning, and has hurt registrars through payment fraud and complaint-handling costs.

Finally, ICANN's new analysis and reporting requirement will receive some refinement. There will be additional public discussion and policy-making to flesh it out. We at Architelos will be watching these developments closely. But it's clear that registries will be required to know what's going on in their zones, must be able to quantify and categorize it, and must be able to report what they did about it.

I've watched the domain space grow to almost ten times the size it was when I started in 2001. Growth of a successful medium is inevitable, but continued success depends on maintaining the value proposition — in this case, keeping the domain space safe for everyone's use. It's time to fight for what's valuable to us.

I think Bob Dylan put it well when he said:

Come gather 'round people
Wherever you roam
And admit that the waters
Around you have grown
And accept it that soon
You'll be drenched to the bone
If your time to you
Is worth savin'
Then you better start swimmin'
Or you'll sink like a stone
For the times they are a-changin'.

By Michael Young, Chief Technology Officer at Architelos. He built the first modern EPP Top Level Domain registry in 2001 (.info) and subsequently built and operated the backend systems for numerous gTLDs, ccTLDs, IDN enabled registries and sponsored TLDs such as .org, .mobi, .in, .me and others. Architelos provides new gTLD application guidance and registry management services for clients in the DNS and IP industry. Mr. Young can be reached directly at myoung@architelos.com.

Related topics: Cybercrime, Domain Names, ICANN, Internet Governance, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

General Availability Period for New .RED Top-Level Domain Opens

General Availability Period for New .BLUE Top-Level Domain Opens

General Availability Period for New .PINK Top-Level Domain Opens

New Chinese "Mobile" Top-Level Domain Now Available

New .KIM Domain Goes Live

Welcome .SHIKSHA! General Availability Now Open

Adrian Kinderis Appointed as Chair of Domain Name Association

Internet Reaches 271 Million Domain Names in the Fourth Quarter of 2013

Internet Business Council for Africa Participates at the EU-Africa 2014 Business Forum, Brussels

The Future of Chinese Domain Names (a Panel Discussion)

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

Tony Kirsch Announced As Head of Global Consulting of ARI Registry Services

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Afilias Chairman Appointed to Domain Name Association Board

.BUILD Enters Landrush with Support of ARI Registry Services

Radix Awards Contracts for .website, .host, .space, and .press to CentralNic plc

DotConnectAfrica Statement Regarding NTIA's Intent to Transition Key Internet Domain Name Function

Afilias Welcomes "Dot Chinese Online" and "Dot Chinese Website" Top-Level Domains to the Internet

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Sponsored Topics