Saturday, 7 March 2020

AFRALO/AFRICANN Meeting - SV

Notes 

Seun welcomed the African community to the first call of ICANN67.  

Maureen Hilyard expressed...

Goran thanked 

Caleb - Asked question regarding the expansion of the ICANN Nairobi office. Thanked GM for the first ICANN virtual meeting. More remote hubs would be useful if there were future virtual calls. 

GM - Appreciated question and feedback regarding the virtual meetings. Regarding the African office, we he have increased the personnel and other resources. We will continue to expand our resources for the African community. However, the African region is not the only region to request resources. We would like to ensure that all regions are able to contribute effectively to the MSM. 

SO -  Asked about virtual meetings: 

GM - Noted that F2F meetings are in the DNA of ICANN. It was the Coronavirus that was the reason for holding a virtual meeting. The world seemed to be more complicated - visa issues, the Coronavirus, etc. The SOAC leaders should perhaps start a discussion as many of these questions belong to the community. 

Leon Sanchez - 

Pierre: Commented that AFrica GSE team has been focusing on DNS abuse for a couple of years. Noted role that AFRALO members played in the discussions. Invited all African members to the African Strategy Meeting on Monday 9 March. 

TBJ - Provided the background of the AFRALO/Africann statements. Introduced the DNS Abuse statement and aim to raise awareness of the issue. 

Barrack Otieno - Read the draft statement

Hadia provided comments on the statement. 

TBJ - Noted that the statement was intentionally high-level regarding increased awareness and simple-language material on DNS Abuse. 

The statement was approved. 

Action Items

N/A

Monday, 9 March 2020

At-Large Leadership Session: Welcome to ICANN 67, At-Large Talking Points and Policy Platform - SV

Notes 

  • Maureen gave an overview of the meetings during the week
  • JZ encouraged all members to join in the DNS abuse session
  • JZ gave a high level overview of the talking point, namely : DNS, PIR, Subsequent procedure, PICs, EPDP, Reviews
  • DNS abuse: one of the 2 most significant points for the year as it is the #1 for internet end users. Any new round must wait for a policy on DNS abuse.
  • in 2012 At-Large was vocal about ICANN not being ready to launch a new round. Specific recommendations include thresholds for TLDs, holistic tools for compliance, more research on machine learning to predict DNS abuse, increase friction for bulk registration, decrease friction for access to registrant data. 
  • PIR : there should be revisions to the contract to guarantee the use of such a reputable domain, PICs are recommended. Board members selection should be revised so as to include reserved board seats for representatives of nonprofits. Focus on Individual registrants and nonprofits should be enshrined to maintain public credibility of the domain.
  •  Marita mentioned "structural changes" as they were mentioned in the earlier session.
  • JZ mentioned the change in legal structure of PIR changing to for-profit company. There is an open public comment being run by PIR.
  • B-corp status is a topic to be analyzed so that At-Large can comment it, we should make sure in the CPWG. 
  • Joanna pointed out that these are talking points and the CCWG welcomes ideas to be discussed via mailing list and weekly calls, all are welcome to join the CCWG calls.
  • Subsequent procedures: relates to new rounds. At-Large position is there is no need to have a new round, DNS mitigation reform should happen first. Community priority evaluation, more work to be done on how to handle geonames.
  • PICs are part of contracts ICANN signs with Registries to put out a new TLD. Reform is needed on how these PICs are managed to be effective, both voluntary and mandatory. Enforcement has been insufficient. Pathway to enforcement is needed.  ALAC should be pre-authorized to bring a PIC DRP, reforms are needed.
  • EPDP- support automation whenever possible. supports recommendations SSRT and CCTRT.

Action Items 

  • With regards to the change in legal structure of PIR changing to for-profit company, the CPWG should analyze the "B-corp status" proposal as a topic,  so that At-Large can comment on this aspect. The topic will be discussed within the CPWG. Evin Erdogdu

At-Large Policy Session: DNS Abuse: An At-Large Call to Action - EE

Notes

  • 246 participants joined (peak).
  • Jonathan Zuck presented the At-Large DNS Abuse 101 - EN video, which was very well received.
  • Volker Greimann (GNSO/EPDP) shared the DNS Abuse Framework and suggested increased collaboration with At-Large on DNS Abuse.
  • Laureen from US FTC noted - FTC.gov (US Trade Commission - "for the consumer") - has many resources to share, said At-Large may use logo on this as well: https://www.ftc.gov/

From Laureen Kapin (U.S. FTC) to Everyone: (02:19 PM)

The U.S. Federal Trade Commission has very user-friendly educational materials on how to protect users online. This includes materials on spotting and avoiding phishing. See https://www.consumer.ftc.gov/topics/online-security and https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams The materials are also available in Spanish.

  • Mason Cole (GNSO) also requested increased collaboration between GNSO and ALAC/At-Large on DNS Abuse.
  • Jonathan Zuck moderated a quiz session for all participants.

Action Items

  • Add DNS Abuse to ICANN Learn courses being developed for At-Large: Joanna Kulesza commented this is in progress; can be incorporated in ICANN Learn as well as additional resources across the community, with RALO collaboration via the CBWG.

At-Large Policy Session: Tools for Wholistic Contract Compliance - AE

Notes

140 participants with a pretty active chat, very constructive criticism to both ICANN and Registrar.

Jamie - Compliance is enforcing contracts and using different tools. Community decision whether when the CC enough?

James - DNS abuse vs Content abuse where does ICANN’s enforcement end? ICANN’s best practices are questioned.

Jamie: In terms of tools, individual complaints which are inaccuracy etc. ICANN does not take a holistic approach in enforcing contracts. ICANN CC is open for innovative ideas. Small number of Rrs and Rys are responsible for a big part of abuses.

James: ICANN’s scope is limited, they can change, there are legitimate ways to change them after processes. Bad guys are aware that ICANN has a process and the process is open. Industry collaboration is important to stop abuses. More money to registrars is welcomed, in terms of security etc. however we should be very careful to avoid abusing partners.

Jonathan: Most believe that CC is not well equipped for systemic abuse, more tools are needed and some systems should be getting better such as auditing.

  • How should the situations be handled today?
  • Will we have a favorable outcome?


Case #1

2 names are registered with Facebook information

Names used actively for Abuse

30k End Users are targeted through the messenger.

It is reported to Rr and Contracted Party


What should happen next?

What should compliance do?

How long should it take for this to be resolved?

Jamie: A complaint, inaccurate whois: CC first make sure that there is evidence that there is an inaccuracy, if there is an evidence, CC go to Rr and Rr has 15 days to investigate if there is an inaccuracy. It can go back and forth a few times, 2nd and 3rd notice. And there may be a breach at the end. This is a standard approach. It may be a 30-days process but can be way shorter.

James: There are some details missing. If reported to the registrar, you have different revenues to submit a complaint. If this domain name is used for phishing, Rr try to figure out they look at the complaint and address this faster. In the real world, the closer the proximity to the content, Rr can address the issue faster.

Case #2 - Whack - a - Mole

There are 1000 domains, 10 were taken down, can the rest be taken down as well?

Jamie: Rrs may find a pattern and take down many other similar domains registered but not necessarily.

James: Rrs can take lots of different actions depending on the situation, there may be a need for a 1000 complaints or just a complaint.

It is important for Rrs to do their diligence, empowering CC is not the solution.

Case #3 Privacy Proxy

Very probably abusive/phishing domain names have P/P providers, how can they be taken down if they can be?

Jamie: privacy proxy provider maintains full discretion, ICANN’s process is definite.

James: Either they are affiliated providers or not, they can use the PP providers. However, in the first place, it is very hard to get such a website address on Rrs website.

Case #4 - .creditunion

Jamie & James: This is under GAC safeguards, so it is not really possible.

Action Items

  • Jaime Hedlund to follow up some cases offline.

Tuesday, 10 March 2020

At-Large Policy Session - DoH/DoT - Threats and Challenges - EE

Notes

The session examined the DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) technologies for encrypted DNS, including both advantages and disadvantages.

Moderated by Maureen Hilyard, ALAC Chair, and Holly Raiche, ALAC Member, panelists Rod Rasmussen, SSAC Chair, Barry Leiba, SSAC Member, and Paul Hoffman, Principal Technologist, ICANN, explained the background for encrypted DNS, including the implications it has on operations for the DNS.

Members of the At-Large end user community within ICANN, as well as a total of 185 participants from around the world, asked questions and shared their feedback on the topic during the well-attended virtual meeting.

Action Items

Wednesday, 11 March 2020

Joint Meeting: ICANN Board and ALAC - EE

Notes

Leon provided introduction of the meeting and agenda, followed by Maureen Hilyard who outlined ALAC's priorities. Marita Moll then provided an update on the Multistakeholder Model, and noted how surprised that the MSM was included only as Appendix C in the operating/financial draft plan (public comment).

Matthew Shears from ICANN Board (He is along with Mandla working on the Evolution of the MSM) responded that the Board is very much aware, and will be coming back to the community once they've had the opportunity to digest various comments. Theresa Swinehart also commented on the MSM in terms of operational perspective.

Joanna Kulesza presented on capacity building efforts and the ICANN Learn course in development (policy & advice development process within At-Large, et al). Leon and Maarten responded. Maarten noted the importance of regional structures (ALSes) in understanding ICANN. He also noted the success of ATLAS III, sharing knowledge with people at the global and regional level. Lito Ibarra echoed ATLAS III comments, as well as DNS Abuse video (ES). Leon noted they've received the ATLAS III Chair's Report.

Maureen introduced collaboration & partnerships, and At-Large Communications Strategy. Especially focusing on GAC with policy and capacity building, as well as GNSO and ccNSO - with prominent ALAC / At-Large representation in their work groups. Noted that most of At-Large members not compensated, and are extraordinarily hard-working and invested in At-Large and the ICANN community. Leon commented it was effective engagement to reach across silos, noted that it is a Board priority to enhance relationships with the various ICANN communities - less formal, more relaxed way.

Maureen introduced CPWG and At-Large policy activities, including the At-Large Policy Platform, focusing on security, stability and trust - turned over to Jonathan and Joanna for further discussion.

Jonathan watched meeting with commercial stakeholder group which has similar concerns to ALAC / At-Large. Mentioned Monday session with Compliance, and GoDaddy, etc. and various scenarios and how they would be handled. 2 observations: 1) everyone at an ICANN meeting are pretty much on the same side when it comes to DNS Abuse, 2) just need to align on path forward. Mentioned the ICANN understanding and that they boiled down to, how we might approach these changes / what is the process. But what is clear from Monday's session and from a policy perspective, is that Compliance lacks the tools necessary to combat systemic abuse (repeat offenders). Whether it's a PDP, changes to the contract. Asked Board for feedback on ideas themselves - personal opinions of members of the Board.

Göran Marby, ICANN CEO noted that DAAR is a very important tool to use in this process, as well as the health indicators. Alan Greenberg commented, "Taking down bad actors. That is EXACTLY what we are asking ICANN Org and Contractual Compliance in particular. What tools do you need?"

Becky Burr said the issues presented are right on point, need to understand tools and have collective consensus. Alan formally commented that we need to have consensus on tools and ICANN scope. Göran responded that the health indicators noted there are 5 registries that account for (90%) of all DNS Abuse. Ron da Silva noted that there is an expectation ICANN Org can update via contracts, that there is a gap between expectations and actual action. What are expectations, what is not happening? Then either put into contracts or embed language into various policy processes within ICANN. 

Jonathan said ALAC would like to see from the ICANN Board an acknowledgement that this issue is of such severity and seriousness that a new round would not go forward without some of these norms being put in place - that the status quo is not sufficient. 

Alan Greenberg commented, "If ICANN knows who the 5 registries are, let's figure out how to stop them!"

The meeting ran over time, and did not address items b. PIR/.ORG (Jonathan raised the points during the Public Forum), c. ALAC-GAC, and questions from the ICANN Board. Both ICANN Board and ALAC noted that the discussion was engaged, positive and productive.

177 participants at peak.

Action Items


Joint ALAC & GAC Meeting - SV 

Notes

Maureen expressed appreciation to the GAC members for this meeting.

Justine presented the Subsequent procedures, showing the chart with  timelines and various stages followed  by the At-Large. The ALAC and GAC had an exchange of scorecards and AT-large expects this practice will continue. At-Large is taking the approach of building consensus on a number of topics taking into account end users point of view.

At-Large proposed some suggestions sub Pro topics of discussions, outlining the 10 topics.

Next steps: What concrete next steps could be put forward for inter-sessional work.

Manal explained 5 topics have been prioritize in the Subsequent procedures WG. GAC decided to follow the steps of the WG, there was a workshop at the beginning of the meetings focusing on these.

Justine asked if there is consensus.  Jorge Cancio Switzerland, The task of findings new positions on the specifics of recommendations being elaborated is something that will be discussed seasonally and we are basing discussions on prior positions from the GAC, dating back from 2007. There are different milestones and inputs from the GA.

Luisa Paez, the GAC has come up with a comprehensive GAC scorecard, with the support of staff.  We have some new members and GAC representation changes which is a challenge to be able to work in a speedy fashion. There are a lot of items and considerations that must be reviewed with GAC members. We need to ensure that we are aligned.

GAC and ALAC inter-sessional calls are contributing to build capacities. Manal pointed out that significant progress has been made.

  • GAC/ALAC to continue discussions on SubPro inter-sessionally and through email.


EPDP

Hadia presented 5 topics of interest, on GDPR pointed out that we are over complying with GDPR requirements, pointed out a Hybrid model is a good solution, pointed out that automation is also a good approach, urgent SSAD requests, accuracy of GTLD registration data; distinction between legal and natural persons.

Alan expressed some concern on the actual methodology to move forward on how to implement an automated system.  Laureen Kapin from the US pointed out that such Alan's concern brings an opportunity for the GAC to discuss this issue.

Joanna pointed out the session One World one Internet Cyber Security and geopolitics and invited all GAC members to attend.

Hadia answered a question from IRAN on how an automated request could be handled, and if it could be ignored. Hadia explained that all the troubleshooting would be automated but the central gateway manager wold review it and would contact the contracted party. It is envisioned that all of these procedures would be included in SLA.


“One world - one internet?” Cybersecurity and geopolitics in a multistakeholder environment

Panelists: León Sánchez - ICANN Board; Veni Markovski - VP, UN Engagement, ICANN; Patrik Fältström - SSAC Member; Milton Mueller, NCUC


JK: Welcomed participants and noted this session was a part of the capacity building activities. Aim is to develop a contemporary policy narrative on the topic of cybersecurity and geopolitics.  Reviewed specific issues of session: What is meant by internet fragmentation; Does internet fragmentation only apply to content or beyond? ; How is ICANN's DNS Abuse linked to cybercrime? Role of DoH/DoT; Role of individual Internet users; Board's views. 

LS: Noted ICANN Strategic Plan has a key mission of providing a single, interoperable internet. To achieve the strategic mission.    Two Goals: :

1) to identify and address global challenges by further developing early warning systems; We are aware we are not isolated and rely on the community to try to identify the strengths and challenges. Thus, individual internet end users are key. We need to work together to identify the challenges and common lines of outcomes.

Target Outcomes: a) Common awareness /education re early warning systems. Need to engage with all community members. b) CCWG was transformed into an engagement group and their discussions are essential. 4) Early identification - here individual internet users are essential. 

2) Build alliances and raise awareness - this will mitigate the risks. Target outcomes: a. Engaged and ICANN a trusted player b. ICANN playing an important player with governments

Risks: LS noted the possible risks of lack of information. 

LS encouraged all of the community to continue discussing geopolitical issues. 

Jim Pendergast's asked:  I continue to hear about the ICANN legislative and regulatory monitoring program but I have not seen it manifest itself in a formal way. Is here a program already in place? or is it still in development? I ask because when we discussed this a year ago in Kobe during the CCEG on IG session, there was envisioned a role for that group and as a member, I haven't seen anything about it yet. Thanks

GM responded to his question  - It is up to the community. Pointed to VM's paper on ICANN's activities with governments. Noted example of India. However, agreed with JP that would be good to have a more formal process in ICANN. 

VM - Noted that his paper is an historical review of ICANN's activities and the UN's activities with reference to cybersecurity. The UN is very different from the GAC. GAC members are normally from the ICT ministries rather than foreign ministries. Thus, ICANN org need to do a lot of outreach and engagement to the capitals in the foreign ministries who participate in UN agencies.  We try to bring the factual info to them and respond to questions. Most concrete with regards to the paper, Open-ended WG; CC Group of Governmental Experts and Open-Ended Committee of Experts. 

MM - in his study, found that most people didn't know what internet fragmentation was. Discussed possible examples of internet fragmentation. Definition is a misalignment of physical borders and the internet. Noted different of alignment of the internet. Covered the constraints on alignment - global scope of internet; economic efficiency and jurisdictional paradox. Provided example of how community/ICANN worked together against concerns in the US government of the transition of ICANN away from the US government. 

Questions:

How about alternate roots - to MM: 

MM: A good example of how the internet relies on the network externality. The ICANN network is trusted , so unlikely any new root will be a new root. Russia is creating a back up system for the DNS. 

ALAC/GAC collaboration - but what is danger of collaboration when it comes to geopolitics? - MM

MM - A fear here is that the ALAC may be co-opted by the GAC. Both the ALAC and GAC have no direct input into policy development, so they work together. 

IX and control/policies. - MM 

PF - Discussed security issues, IT security and cybersecurity definitions. Cyber security is when there is antagonist intent; Discussed lasagna vs pipes. DNNS vs https and encryption. Cross-border jurisdictions are challenging. Hopefully, greater alignment among jurisdictions will be the useful. 

Questions:

How far does the proposal for popular sovereignty align with the concept of global commons in international law , or a common heritage principle? Do you see potential for framing it through these or similar principles under international law? 

PF - International law is difficult, would like to see more collaboration between national jurisdictions. 

Do you see the increase in IX traffic due to remote workers? 

PF - Sees the internet at the same level as water and electricity. 

Role of ICANN holds in digital forensics; capacity building. 

PF - Pointed out why attribution is important as it determines who will need to deal with it. 

How should a national entity deal with the need to block content - or can it - once DoH/DoT is in place?

PF - Need to look at whether the same tools can do the blocking and whether the same jurisdictions are responsible. PF questioned whether enough is being done. 

JK summary - Thanked the panelists, staff,, etc. Looked forward that this theme is picked up within the ICANN community. 

Participants: 260

Thursday, 12 March 2020

At-Large ICANN67 Wrap Up - EE/AE

Notes 

Maureen introduced the session, Jonathan, Holly and Joanna provided a summary of their respective policy sessions during ICANN67. Jonathan and Joanna provided an update on the At-Large Policy Platform, including Q&A from the community.

Maarten Botterman provided an update of the Virtual ICANN67 Meeting, noting the attention on ICANN hosting the first virtual meeting. High participation in the sessions via Zoom, including active chat rooms. Was curious to hear ALAC/At-Large perspective.

Jonathan Zuck noted with thanks the Board's foresight, and acknowledged the initial response from the ICANN community was abusive towards the Board, and noted language participation.

Alan Greenberg echoed, saying that the ALAC / At-Large perspective that ICANN67 was tremendously successful. Noted that going forward, "how to cover the things we could not do".

Göran noted that ICANN Meetings (F2F) are integral to ICANN's DNA.

Sebastien noted that the Virtual Meeting format helped to make productive sessions, was encouraging of the virtual sessions as they were productive.

Göran noted the pre-ICANN meeting webinars were very high. Noted that the chats were very active, having one chat resulted in many comments/questions/dialogue. That the chats added great value to the meeting and engagement with ICANN Board / community. Wanted to examine best practices for potential Virtual Meeting(s) going forward.

Leon noted the success of the meeting and how important the languages/interpretation services are, and looking into additional Zoom features for remote meetings. Encouraged everyone to provide feedback of the virtual meeting experience.

Alan Greenberg commented that the meetings all started and ended on time. He then presented on the ALS Mobilization Report.

156 participants

Action Items

  • Evin Erdogduto post pics/tweets of top 3 winners on the SMWG workspace and feature in their regional newsletters.



  • No labels