Home / News I have a News Tip

Leading Domain Registries and Registrars Release Joint Document on Addressing 'DNS Abuse'

A group of leading domain name registries and registrars have joined forces in the fight against abuse in the Domain Name System (DNS), by developing a "Framework to Address Abuse." Each contributing company has shared its expertise and experience mitigating abusive practices with the goal of submitting the resulting Framework as a foundational document for further discussion in the multistakeholder community. The group includes Public Interest Registry, GoDaddy, Donuts, Tucows, Amazon Registry Services, Inc., Blacknight Solutions, Afilias, Name.com, Amazon Registrar, Inc., Neustar and Nominet UK.

"The registries and registrars participating in this effort recognize that the health and security of the DNS is essential to the trust and safety of the Internet overall and that they have an important, yet often misunderstood, role to play as stewards of this public resource," a spokesperson for the group told CircleID. The group considers the Framework as a critical first step in the scope of the broader community effort to tackle DNS Abuse.

Noteworthy paragraphs from the released document:

What is DNS abuse? "Before DNS Abuse can be effectively addressed, we recognize the need for a shared understanding as how to define it." The group has collectively defined DNS Abuse as five broad categories of harmful activity: "malware, botnets, phishing, pharming, and spam (when it serves as a delivery mechanism for the other forms of DNS Abuse)"

When Should a Domain Name Registrar or Registry Act on Website Content Abuse? "Despite the fact that registrars and registries have only one blunt and disproportionate tool to address Website Content Abuse [i.e. disabling the entire domain name], we believe there are certain forms of Website Content Abuse that are so egregious that the contracted party should act when provided with specific and credible notice. Specifically, even without a court order, we believe a registry or registrar should act to disrupt the following forms of Website Content Abuse: (1) child sexual abuse materials ("CSAM"); (2) illegal distribution of opioids online; (3) human trafficking; and (4) specific and credible incitements to violence."

Read the full document here.

Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

The slippery slope begins? Alan Maitland  –  Oct 22, 2019 2:06 PM PDT

This is generally a giant leap forward in combating DNS abuse as defined in the Framework to Address Abuse document and those entities who worked on the document should be congratulated on coming this far.  That said, in the context of WebSite Content Abuse, there may be problems with the document as regards objective vs subjective items.

Facts are objective.  They are or they are not, there is no gray area.  Items requiring interpretation are subjective, subject to interpretation by whosoever is examining a given item.

All though none of the items in the Website Content Abuse items 1-4 are really facts, some of the items easily pass the "any reasonable person" test.  Subjective items, being open to interpretation won't necessarily pass the reasonable person test for any number of reasons (e.g., cultural, legal, etc).

Website Content Abuse (1) child sexual abuse materials ("CSAM");:
Objective - Generally passes the reasonable person test.

Website Content Abuse (2) illegal distribution of opioids online;:
Objective - Generally passes the reasonable person test.

Website Content Abuse (3) human trafficking;:
Subjective - While certainly objectionable to any reasonable person, the definition of what constitutes this form of abuse to the degree it is shutdown is vague in the document.  Would a discussion of human trafficking, pointing to examples be adequate cause to bring a domain down?  If so, most newspapers might take issue with the plan, in not, why not?  Adding words to the definition here would go a long way to tighten up the definition.

Website Content Abuse (4) specific and credible incitements to violence.:
Highly subjective as it stands.  Pretty much every site carrying a comment board may fail that test.  In America, we have politicians who almost daily accuse each other of this very thing.  Are there plans to bring down several well known .Gov sites on the horizon?

While we would all like to believe people think things through and use good judgement in determining a course of action, history is replete with examples of that not always being the case.  For example, years ago in the San Francisco bay area during a drought, a local water board employee decided to open a reservoir and dump huge quantities of needed and now scarce drinking water into the bay.  Why?  Perhaps because the operating manual the employee was using, which apparently had limited or no information on the conditions when the dump procedure should be applied, said to do so and so, without thought or an understanding of consequences, the employee acted. 

Believing everyone is on the same page as regards a matter is not the same a knowing everyone is on the same page.  Words applied well can make it possible to be closer to knowing than believing.

In summary, it is precisely because of "the fact that registrars and registries have only one blunt and disproportionate tool to address Website Content Abuse" they all must be extremely precise in their definitions of what exactly constitutes the objectionable behavior most all people do and should want to see shut down, without treading on the rights of those who fall into corner cases who then become "collateral damage" in this initiative. 

Minimally, there should be a formal mechanism provided in the document which allows for near instant restoration of a site brought down by policy, where a subjective standard was used.  Ultimately, such a policy protects the registries and registrars as well as a person or group from being caught up in a subjective decision.

Words have meaning and thus precision in wording goes a long way to ensuring nobody but the bad actors ever get caught up in the laudable blunt tool efforts the registrars are working to achieve.

Would that we didn't live in a world where a very small number of people do the objectionable things they do for which they richly deserve to be roasted on a spit! (Quick - Did I just pass the incitement to violence test or simply express an opinion through the use of an allegorical device?) In order to protect the rights of most all of us we need to consider such things and never let this Comment's Title ever be answered "yes".

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

Whois

Sponsored byWhoisXML API

Cybercrime

Sponsored byThreat Intelligence Platform

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Domain Names

Sponsored byVerisign