Registrars and law enforcement working to make the Internet safer

Stphane Van GelderICANN, the international body in charge of the Internet's naming and numbering systems, has been working with registrars for the past year to improve security for internet users.

This work is an illustration of ICANN's forum-like approach to internet governance. The initial impetus for it came from a set of 12 recommendations made by law enforcement agencies (LEAs) such as the FBI, Interpol and the UK's SOCA (Serious Organised
Crime Agency).

The LEAs, working with ICANN's Government Advisory Committee (GAC) submitted the recommendations as a kind of wish list for cybercrime prevention with an intent to get the Registrar Accreditation Agreement (RAA), the contract that binds registrars and ICANN, amended.

In response, the Registrar Stakeholder Group (RrSG), the body within ICANN that represents ICANN-accredited registrars and of which NetNames is a member, has put together a negotiating team to put forward the registrar perspective. Since the Dakar
ICANN meeting in October 2011, the RrSG team has met with the ICANN negotiating team on a regular basis and been involved in 18 extended negotiation sessions.

The negotiations are also being closely followed by the Generic Names Supporting Organisation (GNSO), ICANN's policy-making body for generic Top Level Domains such as .COM, which I chair.

The LEA recommendations can be summarised as follows:

  1. Registrars should investigate reports of illegal conduct.

  2. Registrars should not knowingly permit criminal activity in the registration of domain
    names or the provision of WHOIS information.

  3. Registrars should collect reliable domain name registration data.

  4. Registrars should post and maintain a point of contact for reporting abuse.

  5. Registrars should publish their information and contact details and any changes in their
    regular business information.

  6. Registrars should disclose their affiliated registrars.

  7. ICANN should accredit WHOIS privacy and proxy providers.

  8. Registrars should only accept WHOIS privacy or proxy registrations through accredited providers.

  9. Domain name registration service resellers should be held accountable to all
    provisions of the RAA.

  10. Registrars should validate registrant data.

  11. A WHOIS Service Level Agreement (SLA) should be agreed upon and include uptime minimums and data update requirements.

  12. ICANN should expand grounds for termination of a registrar's RAA for criminal activities.

Whilst there is agreement between the registrar and ICANN negotiating teams on most of these recommendations, two areas of contention remain. On registrant data validation (10) and on the collection of reliable registration data (3) registrars have so far found the LEA request either too vague or too wide-ranging.

Registrars owe it to themselves and their customers to make a stand on issues such as protection of data privacy and consumer rights, which in their understandable urge to defeat crime, law enforcement is sometimes tempted to overlook slightly.

That these negotiations are taking place is an encouraging sign that the domain name industry is maturing, with registrars participating actively take as firm a stance on cybercrime as they do on defending their customers' rights and preserving freedom of expression on the Internet.

When the negotiations conclude, a new registrar contract is expected to be rolled out by ICANN. As a leading global registrar, NetNames is extensively involved in both the negotiations themselves, and more generally the ICANN processes, to ensure that the interests of our clients are best represented.

Written by Stéphane Van Gelder, Registry Relations and Strategy Director,  NetNames

16 July 2012