IGF 2022 Day 2 Open Forum #46 Strengthening MS collaboration on DNS Abuse

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> ROWENA SCHOO: Welcome to the open forum on strengthen the multistakeholder on DNS abuse.  I'm Rowena Schoo, I work with the DNS Abuse Institute.  Set up by public registry.  I won't go into too much of what we do in terms of our activities on this panel.  There's another lightning session today if you'd like to know more about that.  This panel is here to discuss DNS abuse, what it is, when it's appropriate and how the multistakeholder model fits into that.

We are really trying to make this accessible, so I'll ask everybody to try to refrain from using acronyms as much as possible.  When you do use them, just explain what they mean for the context of people who might not be aware.  I'll start us off with DNS.

DNS is the domain name system.  It is a name tool that is used to navigate the internet.  It is probably one of the only centralized components of the global internet infrastructure system.  And that centralization involves a multistakeholder policy making organization called ICANN.  Different parts of the community come together, and the people you see here on this panel today are involved in that policy‑making policy.  They represent different constituencies, and I just want to note for the context of this panel, they're generally talking in their personal capacity rather than the groups within ICANN that they represent, unless they state otherwise while they're talking.

One other thing to understand about the structure of ICANN, is that there's a distinction between country code, top level domains which are referred to as TLD's and generic top level domains, DTLD's.  That is important, it influences how those policies are made for those different types of registry operators.  The country codes are much more independent, and they make policies aligned to their national jurisdictional expectations, but often use a form of multistakeholder policy to do that.  The TLDT's are bound by the policies made by ICANN for the multistakeholder model.  Without further ado, I'll introduce the panel briefly and then we'll pick up with the first question, which will be what does DNS abuse look like.  Joining me on the call today, I have an excellent panel to help us discuss this.

So I have Sam Demetriou who works for Verisign who runs a dot com, she's the chair of the registry stakeholder group within ICANN.  I have Manal Ismael, from the national telecommunications regulatory authority, and also from the government ‑‑ I'll try not to use acronyms., where the government people hang out in ICANN.

>> MANAL ISMAIL: Government Advisory Committee.

>> ROWENA SCHOO: That's right.  Chris Lewis‑Evans from the U.K. National Crime Agency, who tends to hang out in the public safety working group in ICANN, the PSWG with law enforcement are represented.  And I've got Nick Wenban‑Smith who run the dot U.K. country code, and also is part of the DNS abuse standing committee for the country code group within ICANN.  Let's get started with our first question.  I'll turn to Nick first to give us a bit of a short review on what does DNS abuse look like.

>>  NICK WENBAN‑SMITH:  Thanks for the introduction.  It is an interesting topic, I think, because if you look at lots of registries, say for example the dot U.K. registry.  You won't find much reference to DNS abuse but find a lot of policies which probably cover what most people would understand certainly to be DNS abuse.  For example.  Providing registration data, not fishing for all of those sorts of policies would be prohibited.  People have tried to make the definition, I think the reasons, it's sort of so focused on the definition is because if we are talking about DNS abuse, I think the abuse of the DNS does speak to the infrastructure, it's the sort of abuse that infrastructure providers would be expected to intervene on.  It's quite a controversial area because I think most people would consider, say, for example, dissemination of child abuse images to be abusive and something that responsible registry operators would take action on.  It's a content issue as opposed to part of the technical function.

This is where you get into the difficult areas of discussion around definitional, what should infrastructure providers be acting on in terms of responsible participation in terms of the overall safety and good reputation of the registries.  My opening observation would be a lot of us that work in the infrastructure would understand abuse when we see it.  Sometimes it's not that easy to work out the right enter vision, if any.  However, I think a lot of this would be largely characterized as essentially if you're running a good registry, good registry policies that should be lower than otherwise, that's my main point.

>> ROWENA SCHOO: Thank you very much, Nick.  The term of DNS abuse being used for shorthand whether or not action is appropriate.

I'll turn to Farzaneh next, I believe you wanted to talk about this distinction.

>> FARZANEH BADII: Yeah.  So for ‑‑ when we talk about DNS abuse, it's very important to understand and know which context we are talking about.  If we are at an organization like ICANN, internet corporation for assigning numbers, which are a large part of allocation of domain names and security of the DNS, then it is important to know there are some limits of what DNS abuse means there, and our efforts to define DNS abuse is being futile because of ‑‑ I'll mention later on about the short comings of the multistakeholder model.  But for us to kind of like have an understanding of what DNS abuse is, we need to make a distinction between when the DNS is used as an infrastructure is used to carry out technical attack, or when the ‑‑ or when the registration of domain names are ‑‑ and there are like hostings that are used to do social harm.  And it is not only about content.  I would like to suggest that we kind of frame the latter, the content and service abuse as a trust and safety issue.

Based on this kind of model, for example, if I use the DNS as a protocol and infrastructure to carry out technical attack, it is a little bit easier than a social and legal issue that has like multiple jurisdictional difficulties.  So that's it for now.

>> ROWENA SCHOO: Thank you very much, Farzaneh.  So really interesting points in that around what sort of mitigation is appropriate depending on what type of harm you're seeing within that bucket of DNS abuse.

Yeah, I think the definition point is interesting, and I will sort of challenge us to think about whether we need a definition of DNS abuse to move forward on this issue or what we need is actually having some clarity of what we're talking about between us, whether that's focusing on a specific issue like phishing or child abuse and looking at what actions can be taken around that.  I'll go next to Chris Lewis Evans.

>> CHIRS LEWIS-EVANS: Thanks, Rowena and hi, everyone.  From a law enforcement perspective, we don't categorize DNS abuse as an entity, as a type.  What we look at is the harm that has been caused by the activity carried out.  So whether someone has clicked on a link that they've trusted because it has a sort of trusted look to it, and then they've suffered a personal data loss, and then that leaves them open to extortion or whether that's caused them distress through the types of personal data they've lost.

From that, we would record based on the actual impact on the victim there.  You know, there's many other ways that victims can be harmed in this manner, whether it's businesses allowing different TLD's have been compromised or domains have been compromised because they trust those and lost an amount of money, we could categorize that as some form of business e‑mail compromise.

It's how we categorize is not necessarily that important to categories the methods that have been used to harm it's the actual effect on the person that's been harmed is really important for us.  Thank you.

>> ROWENA SCHOO: Thank you very much, Chris.  Really interesting points in there.  We are sort of touching on the next question, which is around what the DNS layer means, I'll turn now to Sam to give any responses to what's come up and also to think about the next question around what DNS level action means.  Kick us off, Sam.

>> SAM DEMETRIOU: Thank you so much, Rowena.  I'm glad Rowena laid out the definition of the domain name system at the top of this session.

I think what's crucial to remember is that the DNS is a tool that allows internet users to connect to content, but it is not content itself.  It's separate from the content that lives on websites or other parts of the internet.

So when we talk about this question of how to define DNS abuse and, you know, how to characterize it and really start to wrap our arms around and tackle this issue, the reason it becomes so difficult to nail something down is because the process of acting at the DNS layer is often a very blunt tool.

When you act at that level, as an infrastructure provider, as Nick kind of laid out, that often entails suspending or taking down or deleting the entire domain name, which means taking down all the content and the services that use that domain name.  All of the web sites, all of the e‑mail content, the e‑mail servers, everything associated with and uses that domain name.

So when we talk about DNS abuse within the context of ICANN and registries and registrars who participate within ICANN, we adopt a pretty narrow definition of DNS abuse that covers a handful of technical harms.  So specifically malware, phishing, farming, botnets when it's used as a delivery system for four other types of abuse, obviously that definition doesn't encompass all of the harmful activity heat happens online, Chris and Nick have mentioned a few.

But we sort of see it more as a starting point for what DNS infrastructure providers can worm on within their kind of remit and responsibility and their role within the larger internet ecosystem.  Specifically within the domain name system.

I think this underscores the whole point of this panel.  I know Farzaneh will get into this a little bit later, which is understanding the role of multistakeholderism and all of the different actors that have to come together to appropriately address the different kinds of harms that happen online, regardless of kind of how you set that definition.

There's obviously a role of, registrars and registries, e‑mail providers, content delivery networks to play, but then there's a wider group of service providers who are probably better suited to address other types of harms in the online space.

So I think that's really kind of sets the stage of how acting at the DNS infrastructure level is maybe appropriate for certain types of harms, but not necessarily everything that gets encompassed when people talk about abuse online.  That's why the definition question becomes so important, because it first think it really raises the question of how you set expectations around what you can require for different parties in that ecosystem and, like, what roles each and responsibilities each party plays in mitigating the different types of harms online.

>> ROWENA SCHOO: Thanks very much, Sam.  Really important points in there.  We often talk about registries and registrars having quite a limited toolbox in terms of what levers they can pull when there is an issue of something happening, and that those levers are quite blunt and probably one distinction I maybe should have set out at the start is the concept around malicious or compromised.  So often when something happens on a domain name, it could either be like entirely related to why that domain name is registered or it could only be a part of that.  So often a registry operator will need to be thinking about the potential collateral damage.  If they were to use one of those blunt tools, as Sam was saying, that would stop a lot of other services associated with that domain from functioning as well, which could have other harms for a society model.

So I'm going to turn now to the rest of the panel to respond to some of these remarks.  We haven't heard from you yet, would you like to come in here.  If you don't want to.

Okay.  Anyone else want to respond to what Sam has put up here?  Farzaneh, Nick?

Chris?

I'll have an extended open invitation to the panel on responding to what Sam has said around when ‑‑ what it means to act at the DNS level.  If no one wants to come in, we can move on to our next question, which is around what is appropriate.

>> FARZANEH BADII: Just wanted to ‑‑ Sam mentioned something that I think is really important that we kind of like disregard in our conversations.  A lot of the times when you're tackling a DNS abuse issue, there are multiple actors involved that sometimes the registries ‑‑ registrars cannot tackle the issue, and that they have to work with other actors who might not necessarily be cooperative.

So basically ‑‑ and we don't have those actors, like we need ‑‑ I think that Internet & Jurisdiction Policy Network has mapped that out and we need to talk to them as well, and we need to have them at the table so that we don't have ‑‑ like we don't expect the registries and registrars and those that we necessarily have a contract with them at ICANN to do things that they cannot technically do.

>> ROWENA SCHOO: Thanks, Farzaneh, very important point there around this complex ecosystem where there are lots of different parties involved with abilities to take different action and not always in the room and many of those aren't, indeed, part of the ICANN structure.

Any other responses from the panel on these points?

Just come off mute if you'd like to speak, otherwise we'll move on to when we think it's appropriate to act at the DNS level and I'll turn to Manal and Chris for those comments.

>> MANAL ISMAIL: Thank you very much, Rowena.  Apologies, I had an issue unmuting earlier.  Glad I managed to unmute now.

I'll use maybe my reflect on what Sam has mentioned.

So with the growth of the use of the internet and the reliance on the internet, particularly with the pandemic flagging a new era of global connectivity, this growth in usage is accompanied by multiplied risks in abuse and growing cybersecurity concerns, and so global connectivity poses jurisdictional and cross‑border legal challenges.  So if we take a cross‑border request for domain name suspension as an example, and this is what Farzaneh was referring to as well, this involves several parties, a notifier, the individual or entity call playing, registrant who is the owner of the domain name, hosting provider, where the website relevant to this domain is hosted, registrar where the registrant applies for the domain, and the registry administering the relevant top level domain.

Each of which may exist in a different jurisdiction and hence be subject to different laws and regulations.

This transnational nature of the internet makes it increasingly challenging, especially for governments, to solve problems ‑‑ to solve global problems at the national level.

Through traditional national legal tools.  So accordingly, governments also being concerned about the public interest, they prioritize curbing DNS abuse and try to involve different parties involved to assume the responsibilities and carry out their obligations in mitigating DNS abuse.

So governments have been advocating, for example in the ICANN ecosystem for appropriate due diligence by all actors to address malicious activities involving the DNS and this debate is intensifying particularly in the line of the introduction of new DTLD's with a focus on what constitutes DNS abuse and, again, this comes back to the definition, what is or is not in the scope of responsibilities of ICANN and the registries and registrars, whether the registries and registrars have the appropriate tools and whether ICANN contractual provisions are effective in mitigating DNS abuse.

That said, it's also important to note that acting at the DNS level, as Sam mentioned, also should be considered when it is effective and proportionate, because the domain name suspension has global impact and may result in collateral and unintended consequences, also not to mention the risk of false positives, as well.

And it is particularly important to not rely on acting at the DNS level as an easy solution to address abuse of content issues, which is, of course, acting at the DNS level is  ‑‑ would be more appropriate and effective in addressing technical abuse and, again, I think Sam already went through the list and got this.

But, again, as also Chris mentioned, governments are concerned about the harm cost by DNS abuse, which sometimes extends to problematic content where we find higher degree of shared agreement across jurisdictions, and this includes child abuse material, for example, among others, of course.

I'll stop here, not to exceed my time, but in conclusion, it's essential to have an agreed process in place, this mandates a multistakeholder dialogue, coordination and cooperation across borders in addition to the national level, of course, thank you.

>> ROWENA SCHOO: Thank you so much, Manal.  Really important points in there, which I'm sure we will come back to.  The jurisdictional one is also one that comes up a lot.  Of course the ‑‑ there's a big challenge for governments when trying to enforce national laws and used to having an area of jurisdiction, we have this great flattening of the world that's happened through the internet, and it doesn't always align.  I'm sure we'll come back to the contractual provisions too.

I'm going to turn now to Chris, who is going to respond on this same question around when you think it's appropriate to act at the DNS level.

>>  CHRIS LEWIS‑EVANS:  So I think there's some really key points, want to track on the time it is appropriate to deal through DNS.  I think Manal highlighted that many of these instances are multi-jurisdictional, the registrant could be in one country, the hosting company could be in country 2, the registrar could be in country 3, and the victim behind the DNS abuse in country 4.

So immediately when you're trying to deal with that DNS abuse, you could be dealing with four different entities in four different countries.  From a law enforcement perspective, being able to take timely action to prevent that abuse from continuing or happening to other people, it can be difficult to act in a timely manner when you're dealing with different legislation, different actors in different countries.

So I think the role certainly from law enforcement and I think we have some good examples of that, is trying to work with different entities to provide, you know, evident shall base information on the impact of the harm so appropriate action can be taken at the right level.

Sometimes that has to be escalated to taking action at the DNS, even if the most appropriate action might be for the registrant to take some action.  If they're in a different time zone, if you can't get in contact with them, then, you know, you sort of step up that level of action that can be taken, whether that's up to the hosting level to remove their content from the internet, or whether that's up to the registrar or registry to suspend their domain.

And one thing I'd like to flag is while takedown sounds really drastic and a bit of a sledgehammer, which it is, at the end of the day, what we are doing is suspending that domain, and, you know, we work together really well with our country code colleagues, so just highlighting what Nick said around suspending some domains that might be causing harm, but, you know, the registrant has the opportunity to come back and say, sorry that's happened, my domain was compromised, and, you know, law enforcement have worked with registrants before to provide them advice on how to clean up what's happening or to highlight the actual harm or the code on their domain causing the harm, and they're able to clean that up.

So once a domain is suspended, it can be unsuspended, it's not it's gone forever.  It's not a total sledgehammer, shall we say, but so I think there's some consideration that needs to be taken around, you know, preventing the harm in a timely manner.  It's getting that right.

So I think just to give an example of that, I think early last year, the takedown, we had a number of domains that were spreading malware, we were able to contact the registrant, where we were able to get the details, either from the website itself or the information, we were able to contact them, provide them advice on how to remove the malicious code from their websites.

Some others we weren't able to find out who the registrant was, we contacted the hosting company, and able to then reach out customer and act in an appropriate time.  Others we couldn't get ahold of, whether they were self‑hosting, or the hoster was nonresponsive.  Those ones we had to act with the registrar and registries to be able to suspend their domains to stop the malware being spread.  There are different levels of response.  One is not always the right answer, sometimes you have to escalate.  Thank you.

>> ROWENA SCHOO: Thanks very much, Chris.  I think this idea of false positives and reversal mechanisms is something we should come back to.  I'm going to go to Sam next to make an intervention and then we'll go to Farzaneh.

>> SAM DEMETRIOU: I kind of wanted to chime in on a few things Chris laid out, which is first off, that sometimes acting at the DNS layer is absolutely appropriate.  I feel like I maybe glossed over that in my introductory remarks on the last question.  Totally agree with Chris.

There's ‑‑ for example, if you look at Chris mentioned some cases of malware and botnets that use an algorithm to generate domains really quickly that are primarily going to be used, like the whole goal is to use them for abusive purposes.  A good argument to be made about taking action at the DNS layer, Verisign has some experience with not necessarily always suspending those domains, but like another alternative is registering them like understanding the algorithm, getting ahead of it, registering the domains and sink holing them so you can track the traffic and remediate who the victims are and identify them and help resolve the problem that way.

But for when action at the DNS layer is not necessarily the most appropriate, I really want to underscore something Chris said, the importance of the different relationships between the parties.  So relationships between registries and registrars and law enforcement, I think, are really critical here, having good, open channels of communication, even if there's not necessarily a jurisdiction or a regulatory framework under which that happens, having those lines of communication open, I think can be incredibly helpful.

The relationships between registries and registrars, because registrars are often the best place to start with some of these complaints because they have insights into who the registrant of the domain is, who the ‑‑ either the victim or the perpetrator, right, of the abuse, and they also end up having relationships with the other providers kind of down the chain, whether that's domain resellers or hosting providers.

So really having those lines of communication open and having those relationships established and understanding that like when you do have to bring in other parties, additional parties to address, like really hone in on the appropriate one to take action on this specific type of abuse, the most appropriate action, having those relationships is absolutely critical.  Whether it's in a very formal structure, like exists in ICANN or a more kind of open, free form structure that can exist in other kind of multistakeholder settings and channels.  Giving space for those to be established is critical in talking about this issue more broadly.

>> ROWENA SCHOO: Thanks Sam.  Going next to Farzaneh.

>> FARZANEH BADII: I think we need to mention now a very important issue in tackling DNS abuse, we are also dealing with fundamental rights, freedom of expression, freedom of assembly.  Nowadays, the internet is not just a means for communication.  It is to access essential services, services that we depend on to do our day‑to‑day tasks, and also it's not just to better our lives.  Sometimes during crisis, we use the internet to save ourselves and others.

So when ‑‑ if we make mistakes and stop somebody's domain name and suspend it, when we are tackling the abuse, and when we ‑‑ if we stop ‑‑ if it's likely that we stop an actual essential service that people are using, then we need to ‑‑ then we need to kind of like consider that and have the right processes in place in order to prevent that.

So due process, while it's very important to have some kind of recourse to kind of get after your domain name is suspended, to get it unsuspended, we also need to focus a lot on how we prevent false‑positive from happening, because we are now talking about our fundamental rights and access to essential services.

And so this is why I think that, as well as thinking about due process, and recourse for when your domain name is suspended, we should also have a process that prevents us from making mistakes.

So it's not as, you ‑‑ Chris, it's not that easy.

So I'm just saying it is not enough to just provide them with due process.  Also, another point that I wanted to make, something that Sam said about cooperation in an informal way.

We need to also be wary of law enforcement ‑‑ law enforcement most of the time does great work, but sometimes law enforcement can be, without the right processes, can violate the rule of law.  And can, like, violate human rights, and we need to have processes in place for those cooperation, now formal, informal, I don't know, I don't necessarily agree with law enforcement cooperating informally with others, but if there are informal cooperations, as well, we need some minimum procedure for how they are doing this.  How many requests they have made so we can keep tab on this and hold them accountable, in case of like in the rare circumstance that they make a mistake or violate the rule of law.  Thank you.

>> ROWENA SCHOO: 

>> AJITH FRANCIS: Maybe we could go to Chris to follow up from what Farzaneh was saying, Chris.

>>  CHRIS LEWIS‑EVANS:  Yes, thank you.  Just to respond Farzaneh, I think Sam mentioned it, as well, that, you know, it's really important to have the cooperation and with the cooperation, you can build in checks and balances, and sort of Farzaneh mentioned, it's up to law enforcement to be the right level of evidence and to do the due diligence and to provide that to ‑‑ whether it's the hosting provider, registry, registrar, the right inform to allow them to make a balanced decision.

Law enforcement will only come if there's harm being caused and generally, we don't see essential services being compromised.  However, it can happen.  But ‑‑ so we need to ensure that we have the right thresholds for taking the action that law enforcement are recommending, and that the information that we are presenting is enough for someone to make an informed decision, especially if that's, as Sam mentioned, someone working on a voluntary framework, rather than a ‑‑ you know, an international formal request by an international letter request, which is a court system that we can use to provide legislative functions internationally.

So I think it's really, really important we do have those checks and balances in place, and, you know, the last thing we want to do is cause more harm than we are trying to prevent.  So realistically, we can only get that by working together.  Law enforcement have been trying really hard to be more engaged in this area and this community.  I'm sure in some of the other sessions, throughout IGF, you'll have seen some other law enforcement colleagues, we are represented within ICANN, and it's really important that we take part in this multistakeholder process because it's only by doing that we can, you know, effectively take action against some of these harms and provide those right checks and balances.  Thank you.

>> ROWENA SCHOO: Thanks so much, Chris, apologies for dropping out for a moment there, it was almost like a demonstration of how problematic it is when you suddenly lose connectivity.

I believe we have Manal next for an intervention.

>> MANAL ISMAIL: Thank you, Rowena.  Indeed good points by everyone.

I just wanted to stress a few things that have already been said.  First Chris mentioned the timely response, and I really wanted to highlight the importance for governments and I'm sure for law enforcement, of course, to have to have a response and to have a timely response and action, of course.  That said, again, it's very important to have the channels established between all the different parties to make sure that there is good communication and collaboration.

Of course, with minimum agreed procedures, as Farzaneh mentioned, at least to have the flexibility to act upon the harm that may be of concern, and it would be very difficult to have a rigid process that is really binary that could be followed easily.  So the communication, the collaboration, what to expect, what is feasible, what is not, I think it's really important to have these channels of dialogue and cooperation established and open to ensure timely response and timely action, thank you.

>> ROWENA SCHOO: Thanks very much, Manal.  For everybody in the room, we will have some time for Q&A, do think about what questions you might like to ask of the panel, and obviously same for the online participants, if you put your questions into the chat, we can put them into the queue, if you're in the room, put your hand up, Adam Peake is the on sight moderator there.  Getting towards the end of this session, and the final question that we had on this list to discuss was about the role of multistakeholderism in DNS abuse.  This is sort have been coming up as people are speaking, I think it's worth focusing on it as well.  I want to turn to Farzaneh first to respond to this question.

>> FARZANEH BADII: Thank you.  Right.  That buzz word, multistakeholder.

So why are we, in the first place, doing multistakeholder governance on the internet in general?  No, don't worry, I'm not going to give you a speech for an hour.

I just want us to take us back to when they decided to design a multistakeholder governance for the internet, and what were the reasons behind that.

The reasons behind it, one of the reasons behind it was you could not operate the internet, some aspect of the internet without the multistakeholder model.  If you didn't have the key stakeholders involved, the operators, the telecom operators, government, if you didn't have them involved, you could not operate the internet.  So you would not have had the internet as we have it now.

Or some crucial aspect of the internet, such as what ICANN does, which is the ‑‑ which is the coordination of policy, global coordination of policy for domain names.

So when we talk about why are we ‑‑ first of all, when we are talking about DNS abuse, what DNS abuse are we tackling with this multistakeholder governance, and why?  Why do we have to do that?

Sometimes it's ‑‑ I'm just trying to kind of prevent us from going through a multistakeholder theater that will not yield results.  So when we are thinking about, okay, so there are certain aspects of DNS abuse that has to be done through multistakeholder governance, because we have to interact with many other actors that are impacted or are operating some aspect of this.

We need to decide on that first and not just do multistakeholder for the sake of multistakeholder and because we have done it for so long.

And also, like, checking whether the multistakeholder model, if this multistakeholder ICANN multistakeholder model is working for DNS abuse, have we even, like ‑‑ is the right venue, is ICANN the right venue, the right one to do actually do that.  In botnet mitigation, we have some kind of network governance that a lot of actors are involved through a model that involves a lot of stakeholders, different stakeholders.  But that's not like necessarily ICANN.

So whether we are having ‑‑ whether we are using ‑‑ sometimes it is necessary not to use a multistakeholder model, and sometimes we want to ‑‑ not to ‑‑ we want to do things contractually.

I was going to mention something about the contracted parties, registries and registrars, that want to negotiate with ICANN about their contracts, about DNS abuse, and also like mention that maybe Sam can touch upon this a little bit, whether that is some kind of like ‑‑ are we doing this in a multistakeholder fashion, are we changing the contract in a multistakeholder fashion or did we see the need not to actually go fully multistakeholder when it comes to DNS abuse.

The last point I wanted to make, I'm sorry, I went on and on.  For the content and for the trust and safety issues that we have on the internet for service governance and content governance on the internet, is the multistakeholder optimum.  What circumstance is it optimum?  Maybe ‑‑ so, for example, we have multistakeholder model for trust and safety, I believe it is good for protecting an open intra‑operable and global internet, because then you have thresholds to act upon things we will try not to it is at the infrastructure level and be more proportional in our actions to mitigate harm.  But in what other circumstance can we have the multistakeholder model for DNS abuse that can be effective, solve the issue and also protect these core values of the internet and our fundamental rights.  That was about it, sorry.

>> ROWENA SCHOO: Thanks for that.  I'll turn to Sam next, I think that is a very good segue in talking about that.  Then I'll talk to Nick and then we'll go to questions.  Sam.

>> SAM DEMETRIOU: Thanks, thanks for bringing up the counter to party host proposal going on within ICANN.  To be clear, at this point, I think switching gears and speaking from my perspective as the chair of the registry stakeholder group within ICANN, we represent the interests of generic top level domain registries, those that have a direct contractual relationship with ICANN.  We are working with colleagues in the registrar stakeholder groups, ICANN accredited registrars, they participate in ICANN through.

And in light of the ongoing conversations about DNS abuse and this question that the ICANN community has been grappling with about whether there is a role and what the role is for registries and registrars to play in mitigating and combating DNS abuse more broadly, after ‑‑ you know, considering this issue from a lot of different angles, including the appropriateness of acting at the DNS abuse ‑‑ sorry at the DNS infrastructure level as we have talked about at length on this panel, and like taking into account the limited remit that ICANN as an organization has, including ICANN's bylaws, which restrict ICANN from creating any regulations or passing any policy that restricts or governs content on the internet.

The proposal that registries and registrars within ICANN have come up with as a starting point is to make very targeted and focused changes to our contracts that would establish a kind of baseline requirement for registries and registrars to take appropriate action, given their individual role and responsibilities in the ecosystem on very clear‑cut instances of DNS abuse as that term is defined within the ICANN community.  I mentioned this at the earlier in the panel, farming, phishing, malware, botnets.

I think Farzaneh raises an excellent question about whether this kind of effort is truly a multistakeholder effort, and I think that's absolutely worth diving into.  What we are trying to do with this, these contract amendments, is sort of really just lay the foundation and take an initial step within the ICANN space that then can be built upon by the multistakeholder community.

We understand and recognize, we have heard from ICANN's compliance department, that they have a difficult time with the contracts as they are currently written with enforcing action to mitigate those clear‑cut instances of DNS abuse.

There really isn't a hook in either the registry agreement or registrar accreditation agreement, those are the contracts we talk about, that allows ICANN to kind of hold to account those actors who systematically fail to take any action on those clear‑cut instances of abuse.

So really what we are trying to do with the contract amendments and the reason we are keeping them so narrow, is really lift up that floor.  And establish at least the requirement if you're presented with well‑evidenced, clear cut, easily identifiable phishing, you got to do something about it.

And so we recognize that this is not going to solve the whole issue of bad content online, it's not even going to solve the whole question of DNS abuse within ICANN's remit, and within the ICANN space.  So I think there's a recognition on the part of registries and registrars that more community work will need to be done, but all of that work should go through a more robust, multistakeholder process that is open, inclusive, transparent, brings to the table all of the different interests and perspective and stakeholders as far as Nick laid out, that's the point of multistakeholderism.  And, you know, that work still remains to be done, we aren't trying to solve for all of that with the contract amendments.  We see this an introductory step and realize more work should be built upon it that should involve the larger community.  I hope that gives you the overview of one of the next steps we are taking within the ICANN space.

>> ROWENA SCHOO: Thanks very much, Sam.  I'm conscious of time.  I'm going to turn to Nick to give us two minutes on how multistakeholderism happens in country code spaces and then we'll go to questions, which I don't have any lined up at the moment.  So if you're in the room and online, pop your questions in, put your hand up, approach Adam Peake and we'll go to Nick.

>>  NICK WENBAN‑SMITH.:  As a noncontracted party for purposes of a country code, we don't have to follow the ICANN processes or ever get any attention from ICANN compliance, which is quite a nice thing from that perspective.  You still would be wrong if you thought country codes don't from the multistakeholder models.  There's diversity, you'll find a microcosm of the global internet multistakeholder community within each jurisdiction.  I think that's certainly the case in most of the frequently used jurisdictions that I deal with, certainly in the U.K., we would do things in a very consultative multistakeholder way in terms of how we form our policies and then there will be publicly accessible so that people understand what our policies are, how we apply things and issue things like transparency reports so people can see, this is how many sanctions we have undertaken, these are the agencies who have referred them, here's the complaint policies you can follow if you have any issues with overreach or undue flow dome of expression.

I think investment by the infrastructure providers into the resources and staffing to be able to provide these sorts of avenues and information so that either victims of crime or public authorities know who to contact and what to do about my problematic content or technical abuse of the internet, I think, is a very important point.

I think fundamentally the whole industry is becoming much more proactive in terms of how to deal with specific issues, we all talk to each other, there are formal and informal approaches so if you have an issue, you should be able to find out what to do about it and who to report it to.  And it should be actioned, that's what I think we are all aiming towards, proactive responsive and safe internet for everybody, because that's what we are here for.

>> ROWENA SCHOO: Thanks very much, Nick.  I believe we do have some questions in the room.  I'll turn to our own site moderator, Adam to bring in those questions.

>> ADAM PEAKE: Adam Peake speaking, I saw two hands, I'll begin with the gentlemen on my right, and Nigel Hickson I see further down the room.  Over to you, thank you.

>> AUDIENCE MEMBER: Thank you so much, chair for the opportunity, I'm Saul.  I'm a member of NCSG.  I like to what they raised about the fundamental human right of registrant when dealing with DNS abuse.  And when we are dealing with DNS abuse, we need to know that it's actually across the entire valuation of DNS services.  My question would be, how do we involve registrant in actually dealing with DNS abuse when we are fighting DNS abuse, and also, we need to look at the technical role and oppressional measures when dealing with DNS abuse.  My question is how do we prevent fundamental right of the registrant in fighting, I'll include in that process, any due process within ICANN, thank you.

>> ROWENA SCHOO: Thank you very much for that question.  I'm going to take both questions and turn to the panel.  One involving the registrant and human rights.  Nigel?

>> Nigel Hickson:  Good morning.  First of all, just thank you for this panel and thank you for the DNS abuse institute and the Internet & Jurisdiction Policy Network for all the work going on this.  There's a real focus on DNS abuse culminating as what was just being discussed in the contractual amendments.  I suppose the question I had and perhaps the first question is more important from my colleague across the room, but my question was given the holistic nature of this issue and the fact that, you know, certain types of abuse, which are very important to citizens, content abuse, which is not under the jurisdiction of ICANN, how holistically are we going to tackle this problem.  Is there a body out there that is going to ‑‑ is going to coordinate all this, thank you.

>> ROWENA SCHOO: Thank you very much, Nigel.  Anybody want first dibbs on the question of human rights and the registrant?  Otherwise, I believe ‑‑ do you want to respond to this question about content.

>>  NICK WENBAN‑SMITH:  If a registrant finds they're impacted or have been ‑‑ they should be notified at the very minimum.  Registrants should be notified if there's any issue with a domain name.  Certainly we receive threat feed provider reports, if the name comes up, we will ‑‑ in the usual course, if we can see that it's a registrant who has a compromised domain or somehow caught up in something they are unaware of, we'll reach out and tell them that, try to make them part of it.  If they feel they are being unfairly treated, there are complaint where they can raise issues, publicly accountable authorities in our jurisdiction.  It depends on jurisdiction to jurisdiction.  Sometimes the registrant is a very small part in a very big complex machine and difficult for them to exert any coordinated authority or know what's going on sometimes, people need to provide that information.

>> ROWENA SCHOO: Thanks, Nick, thanks, Nick.  I'm going to turn next for content, Ajith.  He was absolutely a crucial part of putting this panel together and designing what we were going to talk about today.  Ajith, would you like to come in.

>> AJITH FRANCIS: I wanted to comment on the question that Nigel had raised and content abuse or website content abuse and the DNS in particular, this is a very important issue from the perspective as this is content abuse is a right in ‑‑ are everyday society.  What are the appropriate escalation to address it and what could be the appropriate threshold or criteria at which point in circumstances action may be taken on specific website content abuses at the DNS levels.

However, it's very clear this topic is outside ICANN and there is a question in what multistakeholder forum can this conversation be had, particularly on the definitions of principles and criteria and thresholds, and also what sort of content abuses can be addressed through the DNS, is it everything or are there specific types of abuses that probably may not necessarily be immediate.  And there's a need for multistakeholder conversation on that.  The internet and jurisdiction policy network along we multistakeholder contact is trying to start addressing this topic from the perspective of principles and in the hopes of many of the multistakeholder initiatives use these principles to define specific thresholds and criteria and use cases when limited action may be taken.

>> ROWENA SCHOO: Thank you so much, Ajith.  Very concise there in true panel fashion.  Got the questions in at the very end.  Thank you so much for participating everyone, I think we better wrap up now.  I want to thank all of our panelists, this has been a really interesting and insightful session, I appreciate your time.  Thank you to everybody in the room and online who joined, we can, of course, continue these discussions throughout the week and feel free to reach out to any of us.  Thank you very much, everyone and I hope you have a good rest of the day in Addis Ababa and online and in the world wherever you are.

>> SAM DEMETRIOU: Thank you for organizing us and Adam for coordinating the room.

>> ADAM PEAKE: Thank you from the room.  Goodbye.