Saturday, 7 March 2020

AFRALO/AFRICANN Meeting - SV

Notes 

Seun welcomed the African community to the first call of ICANN67. 

Maureen Hilyard expressed...

Goran thanked 

Caleb - Asked question regarding the expansion of the ICANN Nairobi office. Thanked GM for the first ICANN virtual meeting. More remote hubs would be useful if there were future virtual calls. 

GM - Appreciated question and feedback regarding the virtual meetings. Regarding the African office, we he have increased the personnel and other resources. We will continue to expand our resources for the African community. However, the African region is not the only region to request resources. We would like to ensure that all regions are able to contribute effectively to the MSM. 

SO -  Asked about virtual meetings: 

GM - Noted that F2F meetings are in the DNA of ICANN. It was the Coronavirus that was the reason for holding a virtual meeting. The world seemed to be more complicated - visa issues, the Coronavirus, etc. The SOAC leaders should perhaps start a discussion as many of these questions belong to the community. 

Leon Sanchez - 

Pierre: Commented that AFrica GSE team has been focusing on DNS abuse for a couple of years. Noted role that AFRALO members played in the discussions. Invited all African members to the African Strategy Meeting on Monday 9 March. 

TBJ - Provided the background of the AFRALO/Africann statements. Introduced the DNS Abuse statement and aim to raise awareness of the issue. 

Barrack Otieno - Read the draft statement

Hadia provided comments on the statement. 

TBJ - Noted that the statement was intentionally high-level regarding increased awareness and simple-language material on DNS Abuse. 

The statement was approved. 

Action Items

N/A

Monday, 9 March 2020

At-Large Leadership Session: Welcome to ICANN 67, At-Large Talking Points and Policy Platform - SV

Notes 

• Maureen gave an overview of the meetings during the week
• JZ encouraged all members to join in the DNS abuse session
• JZ gave a high level overview of the talking point, namely : DNS, PIR, Subsequent procedure, PICs, EPDP, Reviews
• DNS abuse: one of the 2 most significant points for the year as it is the #1 for internet end users. Any new round must wait for a policy on DNS abuse.
• in 2012 At-Large was vocal about ICANN not being ready to launch a new round. Specific recommendations include thresholds for TLDs, holistic tools for compliance, more research on machine learning to predict DNS abuse, increase friction for bulk registration, decrease friction for access to registrant data. 
• PIR : there should be revisions to the contract to guarantee the use of such a reputable domain, PICs are recommended. Board members selection should be revised so as to include reserved board seats for representatives of nonprofits. Focus on Individual registrants and nonprofits should be enshrined to maintain public credibility of the domain.
•  Marita mentioned "structural changes" as they were mentioned in the earlier session.
• JZ mentioned the change in legal structure of PIR changing to for-profit company. There is an open public comment being run by PIR.
• B-corp status is a topic to be analyzed so that At-Large can comment it, we should make sure in the CCWG. 
• Joanna pointed out that these are talking points and the CCWG welcomes ideas to be discussed via mailing list and weekly calls, all are welcome to join the CCWG calls.
• Subsequent procedures: relates to new rounds. At-Large position is there is no need to have a new round, DNS mitigation reform should happen first. Community priority evaluation, more work to be done on how to handle geonames.
• PICs are part of contracts ICANN signs with Registries to put out a new TLD. Reform is needed on how these PICs are managed to be effective, both voluntary and mandatory. Enforcement has been insufficient. Pathway to enforcement is needed.  ALAC should be pre-authorized to bring a PIC DRP, reforms are needed.
• EPDP- support automation whenever possible. supports recommendations SSRT and CCTRT.

Action Items 

• With regards to the change in legal structure of PIR changing to for-profit company, the CCWG should analyze the "B-corp status" proposal as a topic,  so that At-Large can comment on this aspect. The topic will be discussed within the CCWG.

At-Large Policy Session: DNS Abuse: An At-Large Call to Action - EE

Notes

• 246 participants joined (peak).
• Jonathan Zuck presented the At-Large DNS Abuse 101 - EN video, which was very well received.
• Volker Greimann (GNSO/EPDP) shared the DNS Abuse Framework and suggested increased collaboration with At-Large on DNS Abuse.
• Laureen from US FTC noted - FTC.gov (US Trade Commission - "for the consumer") - has many resources to share, said At-Large may use logo on this as well: https://www.ftc.gov/

From Laureen Kapin (U.S. FTC) to Everyone: (02:19 PM)

The U.S. Federal Trade Commission has very user-friendly educational materials on how to protect users online. This includes materials on spotting and avoiding phishing. See https://www.consumer.ftc.gov/topics/online-security and https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams The materials are also available in Spanish.

• Mason Cole (GNSO) also requested increased collaboration between GNSO and ALAC/At-Large on DNS Abuse.
• Jonathan Zuck moderated a quiz session for all participants.

Action Items

• Add DNS Abuse to ICANN Learn courses being developed for At-Large: Joanna Kulesza commented this is in progress; can be incorporated in ICANN Learn as well as additional resources across the community, with RALO collaboration via the CBWG.

At-Large Policy Session: Tools for Wholistic Contract Compliance - AE

Notes

140 participants with a pretty active chat, very constructive criticism to both ICANN and Registrar.

Jamie - Compliance is enforcing contracts and using different tools. Community decision whether when the CC enough?

James - DNS abuse vs Content abuse where does ICANN’s enforcement end? ICANN’s best practices are questioned.

Jamie: In terms of tools, individual complaints which are inaccuracy etc. ICANN does not take a holistic approach in enforcing contracts. ICANN CC is open for innovative ideas. Small number of Rrs and Rys are responsible for a big part of abuses.

James: ICANN’s scope is limited, they can change, there are legitimate ways to change them after processes. Bad guys are aware that ICANN has a process and the process is open. Industry collaboration is important to stop abuses. More money to registrars is welcomed, in terms of security etc. however we should be very careful to avoid abusing partners.

Jonathan: Most believe that CC is not well equipped for systemic abuse, more tools are needed and some systems should be getting better such as auditing.

• How should the situations be handled today?
• Will we have a favorable outcome?

Case #1

2 names are registered with Facebook information

Names used actively for Abuse

30k End Users are targeted through the messenger.

It is reported to Rr and Contracted Party

What should happen next?

What should compliance do?

How long should it take for this to be resolved?

Jamie: A complaint, inaccurate whois: CC first make sure that there is evidence that there is an inaccuracy, if there is an evidence, CC go to Rr and Rr has 15 days to investigate if there is an inaccuracy. It can go back and forth a few times, 2nd and 3rd notice. And there may be a breach at the end. This is a standard approach. It may be a 30-days process but can be way shorter.

James: There are some details missing. If reported to the registrar, you have different revenues to submit a complaint. If this domain name is used for phishing, Rr try to figure out they look at the complaint and address this faster. In the real world, the closer the proximity to the content, Rr can address the issue faster.

Case #2 - Whack - a - Mole

There are 1000 domains, 10 were taken down, can the rest be taken down as well?

Jamie: Rrs may find a pattern and take down many other similar domains registered but not necessarily.

James: Rrs can take lots of different actions depending on the situation, there may be a need for a 1000 complaints or just a complaint.

It is important for Rrs to do their diligence, empowering CC is not the solution.

Case #3 Privacy Proxy

Very probably abusive/phishing domain names have P/P providers, how can they be taken down if they can be?

Jamie: privacy proxy provider maintains full discretion, ICANN’s process is definite.

James: Either they are affiliated providers or not, they can use the PP providers. However, in the first place, it is very hard to get such a website address on Rrs website.

Case #4 - .creditunion

Jamie & James: This is under GAC safeguards, so it is not really possible.

Action Items

• Jaime to follow up some cases offline.