|
Domain Name System (DNS) Operators (Registries and Registrars) receive notices asking them to take action on a wide range of alleged technical and content-related abuses. However, there is a fundamental question of when it is appropriate to act at the DNS level and the evaluation of whether the alleged abuse meets a sufficient threshold for action at the DNS level. Additionally, given the volume of abuses occurring on the internet, existing resources, mechanisms, and protocols available in-house to Operators are in many cases insufficient to address abuses in a timely fashion.
Notifiers are entities alerting registries and registrars about online abuses. They can play an important role in the promotion of trust in online services and content. Yet, the frequently used concept of “Trusted Notifiers” covers two very different situations:
Trusted Notifier Arrangements require trust. If that seems like an axiomatic statement, it’s because it is. The conclusion of such Arrangements is premised upon voluntary engagement between DNS Operators and Notifiers and characterized by mutual affirmations of commitments.
Recognizing that Trusted Notifier Arrangements come in many shapes and sizes, it is useful to attempt to frame a better understanding of the attributes and components of such relationships and how they may best be used to mitigate online abuses. Within the DNS, Trusted Notifier arrangements may arise between, on the one hand, a Notifier with expertise in particular kinds of technical abuse (i.e. phishing, pharming, malware, botnets and spam when used as a delivery mechanism for any of the former) or content-related abuse, and on the other hand DNS Operators.
In the case of content-related abuses, many DNS Operators lack the subject-matter competencies and resources to identify, evaluate and verify the alleged abuse. In addition, in some cases, owing to prohibitions against distributing certain forms of illegal content, it may be illegal for Operators to try to verify certain types of allegedly abusive content (e.g. Child Sexual Abuse Imagery). And, of course, a seminal consideration is whether local law permits Operators to engage in trusted notifier arrangements, especially where local regulatory and enforcement authority to address a given form of abuse already exists and is exclusive to a given entity, as often is the case with some ccTLD Operators.
Where Trusted Notifier arrangements are permissible under local law and consistent with the Operator’s terms of service, the decision to enter into such arrangements is discretionary and depends on a host of considerations that may establish trust and thus a willingness to engage: these include the Notifier’s subject matter expertise, its reporting accuracy, the scope of its jurisdictional competency, and liability concerns, among others. In such Arrangements, Notifiers may seek commitments from Operators as to how and when notices will be prioritized, addressed and evaluated and whether and when the Operator will provide notice to affected parties or publicly disclose the existence of the Trusted Notifier arrangement. In addition, in an effort to build and maintain trust with third parties, both Notifiers and Operators may wish to consider transparency reporting and whether to afford dispute resolution mechanisms to aggrieved parties.
These considerations are developed in the aforementioned I&JPN “Trusted Notifiers: Typology and Framework Document.” As the title suggests, the document identifies different types of Trusted Notifiers and catalogs the attributes of such a relationship. Secondly, the document provides a set of components and areas of consideration to inform the conclusion of formal trusted notifier arrangements.
The document recognizes that there is no “one size fits all” approach to such arrangements. Yet, by creating a common understanding of the term Trusted Notifier and documenting elements for consideration and inclusion in potential formal arrangements, the Internet & Jurisdiction Policy Network hopes to provide both Operators and aspiring Trusted Notifiers with a clearer shared frame of reference when dealing with DNS Abuse.
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byVerisign
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byWhoisXML API