Home / Blogs

A Patchwork Quilt: Abuse Mitigation, the Domain Naming System and Pending Legislation

A few weeks ago, Appdetex published a blog with predictions for 2021, and admittedly, at the date of publication, there were already very clear indications that one prediction was already in flight.

In our blog post, we’d said, “With the global domain name system failing to abate abuse, and, in fact, thwarting consumer protection, get ready for a patchwork of local laws targeting attribution and prosecution of bad actors… Get ready for some confusion and turmoil in the world of notice and takedown related to local laws and regulations.”

Since May 2018, it’s been harder for brands to mitigate consumer harm resulting from infringing domain names. A recent study from Interisle Consulting bears this out: WHOIS data has gone from being over 75% available to just above 13% since the implementation of ICANN’s reaction to GDPR. It should come as no surprise, then, that regulators in the US and EU are poised to take action to try to protect consumers. Late last year, both the United States (US) and European Union (EU) governments had already begun to act to make access to domain name registrant contact data (WHOIS) more available to protect consumers and internet users.

In their proposed Revised Directive on Security of Network and Information Systems (NIS2), the EU has become much more specific about intermediaries’ obligations, including Domain Naming Service (DNS) providers. The legislation would specifically identify hosts, DNS providers, TLD registrars, and registries as being part of the solution and is expected to mandate that they act swiftly to mitigate consumer risk and balance privacy and harm more carefully. Public Stakeholder comments have been gathered, and now the EU is readying the legislation for adoption and its implementation by member states.

Meanwhile, buried in the thousands of pages of the omnibus Consolidated Appropriations Act of 2021 is an instruction to the National Telecommunications and Information Administration (NTIA). The NTIA is “directed,” through their position on the Internet Corporation for Assigned Names and Numbers (ICANN) Government Advisory Committee, to “work with ICANN to expedite the establishment of a global access model that provides law enforcement, intellectual property rights holders, and third parties with timely access to accurate domain name registration information for legitimate purposes.” There are also rumblings about stand-alone legislation to protect consumers by making WHOIS data more accessible.

While these actions seem both relevant and helpful on their surface, it represents a failure in ICANN’s ironically-named expedited policy development process (EPDP) that these legislative solutions need to be taken. ICANN’s glacial-paced EPDP has yielded very little in the past two years. The EPDP has proposed a guideline for implementing a toothless tool investigating and abating abuse. This guideline, judged as so useless that even EPDP participants from some constituencies voted against its implementation, will likely require two or more years to implement.

Had ICANN and the multi-stakeholder community acted in a balanced manner to protect both privacy and the internet from harm by bad actors, it would have been unnecessary for governments to act. Sadly, it is now up to brands to do their best to remediate consumer abuse and harm without the help of the governing body of the internet. Worse still, a patchwork of legislation will be yet another complication for both brands and DNS participants.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Frederick Felman, Marketing executive and advisor

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global