For more than two years, members of the Domain Name System (DNS) user community have highlighted the need for more effective Internet Corporation for Assigned Names and Numbers (ICANN) policies and contractual tools to crack down on abuse in the DNS, which spiked during the COVID-19 crisis. ICANN 73, held virtually on March 7-10, featured a plenary that sought to grapple with DNS abuse mitigation in a more focused and actionable manner. Using as reference an academic study commissioned by the European Commission, plenary speakers explored the distinction between maliciously registered domain names versus compromised domain names and discussed why this differentiation is important for timely mitigation.
According to USCIB Vice President for ICT Policy Barbara Wanner, who participated as an industry representative, panelists underscored the need for the ICANN community to work together to address this challenge, recognizing that a one-size-fits-all approach may not be appropriate, that DNS users and providers will have to work both inside the ICANN community as well as reach out to “adjacent organizations” like hosting services to develop effective redress, and that “proportionality of harm” must be considered.
Not surprisingly, according to Wanner, the crisis in Ukraine was top-of-mind for all participants, who offered various views about an appropriate response by ICANN and its constituents. On February 28, the Government of Ukraine asked ICANN to revoke permanently or temporarily the domain name certificates for “.ru,” “.su” among others as sanctions for Russia’s invasion of Ukraine, “… a clear act of aggression and a manifest violation of Article 2.4 of the UN Charter.”
Ukraine’s letter to ICANN CEO Goran Marby further justified such sanctions on grounds that “… atrocious crimes have been made possible mainly due to the Russian propaganda machinery using websites continuously spreading disinformation, hate speech, promoting violence and hiding the truth regarding the war in Ukraine.”
Marby responded that ICANN would not intervene in this conflict. While expressing personal concern about Ukrainians’ well-being as well as the “terrible toll being exacted on your country,” he wrote to Ukrainian authorities that ICANN’s mission “does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the Internet — regardless of the provocations.”
“On March 6, however, the ICANN Board decided to allocate an initial sum of $1 million to be used to provide financial assistance to support access to Internet infrastructure in emergency situations, noting that the distribution ‘will focus on maintaining Internet access for users within Ukraine,’” said Wanner.
On March 7, ICANN further clarified that events in Ukraine would formally be considered an “extenuating circumstance under Section 22.214.171.124 of the 2013 Registrar Accreditation Agreement (RAA). This means that registrars now have the flexibility to extend the domain name registration renewal period for domain name holders in affected areas.
ICANN Board Chair Maarten Botterman further clarified on March 10 that the Board will shortly consider policy advice from the Country Code Names Supporting Organization (ccNSO) aimed at retiring the “.su” domain name.