Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
The worst thing about Brexit wasn't the referendum. It was the fallout. David Cameron decided that the best way to manage a small risk was to take a big one. Finally, over three agonizing years later, the UK looks set to move on. The Internet Society – which has run the .ORG domain since 2002 – was in the same position as Cameron. They became convinced that it was worth dealing with a small risk by taking a huge one.
As the Internet has grown, so too have the abuses that go along with one of the world's most transformative technologies. For all of the positives the Internet brings, negatives like phishing, malware and child exploitation are a reality online. As of December 9, 2019, 48 registrars and registries have signed onto the "Framework to Address Abuse." This initiative was launched last month by a number of domain name registries and registrars, just prior to the ICANN meeting in Montreal.
The stakeholder community needs to get with the program and assert itself now – if it still can. The recent attempts by the Internet Society (ISOC) to wrap itself in the halo of Jon Postel's "original intent" for .org is specious and laughable. As I've previously published, Postel also didn't like how big the top-level domains were getting and suggested, in 1993, that top-level domains should be capped at 10,000 names and that further zone growth should happen at the second- and third-levels (similar to how the UK has .uk and then .com.uk, for example).
A year ago, under the leadership of the Internet Corporation for Assigned Names and Numbers (ICANN), the internet naming community completed the first-ever rollover of the cryptographic key that plays a critical role in securing internet traffic worldwide. The ultimate success of that endeavor was due in large part to outreach efforts by ICANN and Verisign which, when coupled with the tireless efforts of the global internet measurement community, ensured that this significant event did not disrupt internet name resolution functions for billions of end users.
I run a business. For years I've been in the ICANN Business Constituency, holding a series of different positions including Chair. Suffice it to say, I'm absolutely ok with making money and generally speaking, letting markets work. I also care about NGOs. For years our firm worked with PIR on the .NGO project. We got to see up close the role PIR has played as a supporter of NGOs online -- encouraging best practice, helping push out DNSSEC to a global audience, working on DNS abuse issues, supporting the sector.
The announcement of the intended Internet Society (ISOC) sale of the .ORG registry to Ethos Capital has caused a lot of frustration and anger while raising a lot of questions.
It's more than just about the money. It's more than who is behind it. It's about the soul of the DNS and the ICANN community with its multi-stakeholder model. Let's remember that the Public Interest Registry (PIR) was created, with ISOC as its sole legal owner, to provide ISOC with the funds to operate and to run the registry more-or-less as a Social Business.
A recent exchange on CircleID highlighted a critical need for data to inform the debate on the impact of ICANN's post-GDPR WHOIS policy that resulted in the redaction of domain name registrant contact data. A bit of background: in my original post, I made the point that domain name abuse had increased post-GDPR. A reader who works with a registrar (according to his bio) commented: "Can you back up that statement with data? Our abuse desk has actually seen a reduction in abuse complaints."
Last Thursday, during VeriSign's Q3 2019 quarterly earnings call, CEO Jim Bidzos offered statements that seemed to be carefully calibrated to satisfy Wall Street's curiosity about protracted negotiations with ICANN on a Third Amendment to the .com Registry Agreement while also appearing to distance the company from the soon-to-be forthcoming product of that year-long effort.
We've seen alarmingly BIG increases in multiple abusive behaviors – like phishing, hacking and malware – that often leverage the domain name system (DNS) and privacy/proxy services. Cybercriminals capitalize on gaps in DNS security measures, and ICANN is holding the door open for them by failing to implement their privacy/proxy policy. If you are ever targeted, you are not alone.
Domain names that can be rapidly acquired, used in an attack, and abandoned before they can be traced are a critical resource for cybercriminals. Some attacks, including spam and ransomware campaigns and criminal infrastructure operation (e.g., "botnets"), benefit particularly from the ability to rapidly and cheaply acquire very large numbers of domain names – a tactic known as bulk registration.
A World-Renowned Source for Internet Developments. Serving Since 2002.