The intersection of domain names and law enforcement concerns was the focus of two very high level meetings held recently in Washington, DC. The discussions that ensured mark a demarcation line that will change the tenor of all future discussions of the rights and responsibilities of DNS participants.
On September 28th, a group of leading registries and registrars – many based outside the U.S. – spent a full day at Federal Trade Commission headquarters meeting with personnel from the FTC, Department of Justice, and other Federal agencies – as well as with law enforcement officials from Brazil, New Zealand, Switzerland and the UK. The discussions focused on online crime categories and trends and the assistance desired by law enforcement when dealing with the sale of counterfeit goods, distribution of malware, phishing schemes, and online pedophilia. The government officials outlined the differences in national laws and the assistance they hoped to receive from the registry/registrar community; the DNS participants in turn outlined their roles and their own capabilities, limitations, and due process requirements. No firm conclusions were reached other than a commitment to keep the conversation going.
The following day, many of the same domain name system participants were called into a two and a half hour White House meeting where they were again exhorted to assist in the fight against online crimes and potential cyberattacks. Federal sector participants included IP “Czar” Victoria Espinel, top White House cyber-staffers Aneesh Chopra and Andrew McLaughlin, Cybersecurity coordinator Howard Schmidt, NTIA head Larry Strickling, and multiple other participants from the Department of Justice, Drug Enforcement Administration, Department of Homeland Security, and other Federal agencies. These many high level officials are brought together for a White House meeting only when the issue at hand is of urgent and top tier priority.
The current Chairman of ICANN’s Registrar Stakeholder Group, Mason Cole, played a key role at both meetings in explaining the perspective, role, responsibilities, and enforcement capabilities of ICANN-accredited registrars. Mason is a senior executive at Oversee.net and an ICA Board member, and his leadership at these meetings marks a milestone for direct domain industry participation in high level policy conclaves.
Dealing with malicious and illegal conduct has also been an expanding topic of discussion within ICANN, and we expect that trend to continue due to concerns triggered by the prospect of hundreds of new gTLDs as well as the growing oversight role of the Governmental Advisory Committee, which has been highly sensitive to law enforcement concerns. Meanwhile, the introduction of the Leahy bill has initiated a policy debate over the proper role of domain seizures and blocking in the long-running fight against online IP infringement. And the appearance of the Stuxnet worm – a program thought to have been designed by a nation-state and intended to destroy power plants and other critical infrastructure – has raised cybersecurity concerns to a whole new level. While past cyberattacks focused on shutting down company intranets and national Internet access we now seem to be entering a new and more dangerous stage, where some seek to use the Internet to propagate highly destructive malware that could bring technological society to a grinding and life-threatening halt.
Any notions of the Internet as a utopian space separate and apart from the ills that plague the real world were abandoned years ago. As society’s dependence upon and vulnerability to the Internet expands, DNS participants are likely to be called upon to assist in fighting against online crime, IP infringement, and cyber-terrorism with greater frequency in the future.
ICA commends all those who took part in these important discussions and will seek top play a positive and supportive role as these issues are further explored and developed in official Washington as well as ICANN. Major DNS players clearly should comply with reasonable law enforcement requests and, of course, with lawful judicial orders. At the same time, law enforcement must recognize that these players must be careful to respect the privacy and other legitimate concerns of their customers, and that there are economic and technological limits to the assistance that individual companies can provide.
The bottom line is that cybersecurity and law enforcement considerations are likely to be a central focus of every DNS policy debate going forward — and the domain investment and development community must monitor and join in these discussions to assure that the Internet remains a safe and trusted platform for online commerce and information sharing.