ICANN71 has now finished, and although we once again missed the usual opportunity to connect informally with colleagues from other organizations and travel to new and interesting locations, we still had an effective conference with valuable panels and sessions.
Two members of the Tucows Herd (Sarah Wyld and Reg Levy) were dedicated to the four-day-long policy-focused conference, which was centered mostly around continuations of ongoing topics: the fate of registration data access and disclosure, how best to address DNS Abuse, and the delegation of new gTLDs. The conference did not result in reseller-impacting changes, but here are some highlights for our interested readers and resellers.
The links below take you to the ICANN71 Schedule, where you can view more information about the panels and find links to the recordings, slides, and other materials. Please note that you do need to create an account in order to view the pages, but anyone can sign up — you don’t need to be a Registrar. We think these are the most interesting for you, though they don’t include all the sessions we attended. At the end, we’ve listed other sessions you may want to review.
The GDPR triggered a huge shift in how Registrars and Registries operate; what happens when the next big law comes along? When we participate in ICANN Policy Development or Implementation work, we always keep in mind future-proofing our requirements; we need to create policy that is clear about what obligations and prohibitions apply, but which also provides the flexibility that Contracted Parties (Registrars and Registries) need to follow the relevant laws for whatever jurisdiction they’re in.
In this session, we received reviews of NIS2 and the Digital Services Act in the context of our industry, and heard about changes to the Budapest Convention framework on cybercrime. That was followed by a cross-community panel discussion about approaches to these types of changes; click the link above if you’d like the specifics, but there was nothing said that has the potential to impact our resellers’ businesses. The Zoom chat was also highly interesting: ICANN’s CEO Gӧran Marby engaged in debate regarding whether ICANN is a Data Controller (a party that determines the purposes and means of processing personal data) under the GDPR, a subject that’s been the focus of discussion for quite some time.
The Contracted Party House DNS Abuse Work Group Community Update
The Contracted Party House DNS Abuse Work Group is composed of two sub-teams. Reg Levy, Head of Compliance here at Tucows, co-chairs one of them, the Registrar Stakeholder Group (RrSG)’s DNS Abuse sub-team, with Luc Seufer. Reg, Luc and their Registry DNS Abuse sub-team counterparts, provided an update on the collective work of the Contracted Party House DNS Abuse Work Group during ICANN71. The group held outreach sessions with members of other groups in the ICANN community; these were the first in a series of outreach sessions scheduled over the next few months. The goal is to hear various stakeholders’ perspectives on the current state of DNS Abuse and determine what kinds of resources or other actions they would find most helpful. They went over their existing outputs (my favourite is the Minimum Required Information for Whois Data Requests, but the Guide to Registrar Abuse Reporting is definitely worth a read.
One proposed method to combat DNS Abuse is the required use of so-called “Reputation Blocklists” (“RBL”s). These are lists that collect data points for a domain or IP address correlated with some definition of “badness”. While there are some open-source blocklists, the majority of them are retail (commercial) blocklists—they sell access to their list of supposed “bad” domains (or IP addresses). ICANN uses a number of them in their Domain Abuse Activity Reporting (DAAR), for example. There is a growing clamour for registries and registrars to be contractually obligated to use retail blocklists in their namespace. This session included interviews with commercial and open-source blocklist providers, a presentation by ICANN of the benefits and deficits of using blocklists, and a panel discussion by registrars, registries, and blocklist providers about their value in the ICANN context.
If you’re curious about what a normal Policy Development Process (PDP) Working Group meeting sounds like, this is the session for you! The Transfer PDP is an absolute delight, with everyone working together towards our goal of a transfer process that’s efficient, cost-effective, and user-friendly while still secure against domain theft—in fact, discussing and confirming that goal was a big part of this meeting. Then we got deep into transfer authorization codes, considering what type of requirements we should set out in this policy, and how we can gather data to guide and confirm our decisions. I’m truly looking forward to contributing further to this team.
If those weren’t enough, here are a few more sessions that you might want to check out:
- GAC Discussion on DNS Abuse Mitigation and GAC Communiqué Review
- GAC Discussions: Subsequent Rounds of New gTLDs (1 of 2) and Future GAC Meetings
- At-Large Policy Session 3: GDPR as a Technology – Policy Implications
- Plenary Session: ICANN’s Multistakeholder Model within the Internet Governance Ecosystem
- Joint Meeting: GAC and GNSO
- GNSO EPDP Phase 2A Community Update and Consultation
- GNSO – (RrSG) – Preview: Registrant whois experience study
- SSAC Public Meeting
If you enjoyed this post, you might also want to review our ICANN70 recap webinar and blog. See you next time!