Notes
Seun welcomed the African community to the first call of ICANN67.
Maureen Hilyard expressed...
Goran thanked
Caleb - Asked question regarding the expansion of the ICANN Nairobi office. Thanked GM for the first ICANN virtual meeting. More remote hubs would be useful if there were future virtual calls.
GM - Appreciated question and feedback regarding the virtual meetings. Regarding the African office, we he have increased the personnel and other resources. We will continue to expand our resources for the African community. However, the African region is not the only region to request resources. We would like to ensure that all regions are able to contribute effectively to the MSM.
SO - Asked about virtual meetings:
GM - Noted that F2F meetings are in the DNA of ICANN. It was the Coronavirus that was the reason for holding a virtual meeting. The world seemed to be more complicated - visa issues, the Coronavirus, etc. The SOAC leaders should perhaps start a discussion as many of these questions belong to the community.
Leon Sanchez -
Pierre: Commented that AFrica GSE team has been focusing on DNS abuse for a couple of years. Noted role that AFRALO members played in the discussions. Invited all African members to the African Strategy Meeting on Monday 9 March.
TBJ - Provided the background of the AFRALO/Africann statements. Introduced the DNS Abuse statement and aim to raise awareness of the issue.
Barrack Otieno - Read the draft statement
Hadia provided comments on the statement.
TBJ - Noted that the statement was intentionally high-level regarding increased awareness and simple-language material on DNS Abuse.
The statement was approved.
Action Items
N/A
Notes
Action Items
Notes
From Laureen Kapin (U.S. FTC) to Everyone: (02:19 PM)
The U.S. Federal Trade Commission has very user-friendly educational materials on how to protect users online. This includes materials on spotting and avoiding phishing. See https://www.consumer.ftc.gov/topics/online-security and https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams The materials are also available in Spanish.
Action Items
Notes
140 participants with a pretty active chat, very constructive criticism to both ICANN and Registrar.
Jamie - Compliance is enforcing contracts and using different tools. Community decision whether when the CC enough?
James - DNS abuse vs Content abuse where does ICANN’s enforcement end? ICANN’s best practices are questioned.
Jamie: In terms of tools, individual complaints which are inaccuracy etc. ICANN does not take a holistic approach in enforcing contracts. ICANN CC is open for innovative ideas. Small number of Rrs and Rys are responsible for a big part of abuses.
James: ICANN’s scope is limited, they can change, there are legitimate ways to change them after processes. Bad guys are aware that ICANN has a process and the process is open. Industry collaboration is important to stop abuses. More money to registrars is welcomed, in terms of security etc. however we should be very careful to avoid abusing partners.
Jonathan: Most believe that CC is not well equipped for systemic abuse, more tools are needed and some systems should be getting better such as auditing.
Case #1
2 names are registered with Facebook information
Names used actively for Abuse
30k End Users are targeted through the messenger.
It is reported to Rr and Contracted Party
What should happen next?
What should compliance do?
How long should it take for this to be resolved?
Jamie: A complaint, inaccurate whois: CC first make sure that there is evidence that there is an inaccuracy, if there is an evidence, CC go to Rr and Rr has 15 days to investigate if there is an inaccuracy. It can go back and forth a few times, 2nd and 3rd notice. And there may be a breach at the end. This is a standard approach. It may be a 30-days process but can be way shorter.
James: There are some details missing. If reported to the registrar, you have different revenues to submit a complaint. If this domain name is used for phishing, Rr try to figure out they look at the complaint and address this faster. In the real world, the closer the proximity to the content, Rr can address the issue faster.
Case #2 - Whack - a - Mole
There are 1000 domains, 10 were taken down, can the rest be taken down as well?
Jamie: Rrs may find a pattern and take down many other similar domains registered but not necessarily.
James: Rrs can take lots of different actions depending on the situation, there may be a need for a 1000 complaints or just a complaint.
It is important for Rrs to do their diligence, empowering CC is not the solution.
Case #3 Privacy Proxy
Very probably abusive/phishing domain names have P/P providers, how can they be taken down if they can be?
Jamie: privacy proxy provider maintains full discretion, ICANN’s process is definite.
James: Either they are affiliated providers or not, they can use the PP providers. However, in the first place, it is very hard to get such a website address on Rrs website.
Case #4 - .creditunion
Jamie & James: This is under GAC safeguards, so it is not really possible.
Action Items
Notes
The session examined the DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) technologies for encrypted DNS, including both advantages and disadvantages.
Moderated by Maureen Hilyard, ALAC Chair, and Holly Raiche, ALAC Member, panelists Rod Rasmussen, SSAC Chair, Barry Leiba, SSAC Member, and Paul Hoffman, Principal Technologist, ICANN, explained the background for encrypted DNS, including the implications it has on operations for the DNS.
Members of the At-Large end user community within ICANN, as well as a total of 185 participants from around the world, asked questions and shared their feedback on the topic during the well-attended virtual meeting.
Action Items
Notes
Leon provided introduction of the meeting and agenda, followed by Maureen Hilyard who outlined ALAC's priorities. Marita Moll then provided an update on the Multistakeholder Model, and noted how surprised that the MSM was included only as Appendix C in the operating/financial draft plan (public comment).
Matthew Shears from ICANN Board (He is along with Mandla working on the Evolution of the MSM) responded that the Board is very much aware, and will be coming back to the community once they've had the opportunity to digest various comments. Theresa Swinehart also commented on the MSM in terms of operational perspective.
Joanna Kulesza presented on capacity building efforts and the ICANN Learn course in development (policy & advice development process within At-Large, et al). Leon and Maarten responded. Maarten noted the importance of regional structures (ALSes) in understanding ICANN. He also noted the success of ATLAS III, sharing knowledge with people at the global and regional level. Lito Ibarra echoed ATLAS III comments, as well as DNS Abuse video (ES). Leon noted they've received the ATLAS III Chair's Report.
Maureen introduced collaboration & partnerships, and At-Large Communications Strategy. Especially focusing on GAC with policy and capacity building, as well as GNSO and ccNSO - with prominent ALAC / At-Large representation in their work groups. Noted that most of At-Large members not compensated, and are extraordinarily hard-working and invested in At-Large and the ICANN community. Leon commented it was effective engagement to reach across silos, noted that it is a Board priority to enhance relationships with the various ICANN communities - less formal, more relaxed way.
Maureen introduced CPWG and At-Large policy activities, including the At-Large Policy Platform, focusing on security, stability and trust - turned over to Jonathan and Joanna for further discussion.
Jonathan watched meeting with commercial stakeholder group which has similar concerns to ALAC / At-Large. Mentioned Monday session with Compliance, and GoDaddy, etc. and various scenarios and how they would be handled. 2 observations: 1) everyone at an ICANN meeting are pretty much on the same side when it comes to DNS Abuse, 2) just need to align on path forward. Mentioned the ICANN understanding and that they boiled down to, how we might approach these changes / what is the process. But what is clear from Monday's session and from a policy perspective, is that Compliance lacks the tools necessary to combat systemic abuse (repeat offenders). Whether it's a PDP, changes to the contract. Asked Board for feedback on ideas themselves - personal opinions of members of the Board.
Göran Marby, ICANN CEO noted that DAAR is a very important tool to use in this process, as well as the health indicators. Alan Greenberg commented, "Taking down bad actors. That is EXACTLY what we are asking ICANN Org and Contractual Compliance in particular. What tools do you need?"
Becky Burr said the issues presented are right on point, need to understand tools and have collective consensus. Alan formally commented that we need to have consensus on tools and ICANN scope. Göran responded that the health indicators noted there are 5 registries that account for (90%) of all DNS Abuse. Ron da Silva noted that there is an expectation ICANN Org can update via contracts, that there is a gap between expectations and actual action. What are expectations, what is not happening? Then either put into contracts or embed language into various policy processes within ICANN.
Jonathan said ALAC would like to see from the ICANN Board an acknowledgement that this issue is of such severity and seriousness that a new round would not go forward without some of these norms being put in place - that the status quo is not sufficient.
Alan Greenberg commented, "If ICANN knows who the 5 registries are, let's figure out how to stop them!"
The meeting ran over time, and did not address items b. PIR/.ORG (Jonathan raised the points during the Public Forum), c. ALAC-GAC, and questions from the ICANN Board.
177 participants at peak.
Action Items
N/A