The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> EMILY TAYLOR: Hopefully this works now.
Hello, everybody. Welcome to this session, which is on behalf of the dynamic coalition on DNS issues. The recently revived dynamic coalition, I should say, and it's great to see so many of you in the room and online. Today, we're going to be discussing Closing Governance Gaps, New Paradigms for a Safer DNS.
We've got a wonderfully expert panel, both here in the room and online, who I'll introduce in a moment, but we also have many experts in the room, and also I'm assuming online. Because we have so many speakers, we're going to try and just move quite rapidly through questions, but we're also keen to hear from you. So if there is something you want to intervene on, a question that you want to ask, a challenge that you want to pose either to the panel or to us just generally, that's the point. And if we have time at the end, we can maybe talk a little more about the dynamic coalition and what it does next and how it organizes itself, but we have got an incredibly substantive load of issues to discuss.
Luckily, we have wonderful experts to help us on the way. So we are talking about governance gaps and a safer DNS. There's always been a traditional sort of separation, if you like, between the more structure layers of the Internet and content issues, and both regulators and industry and the multistakeholder bodies, such as ICANN and the top‑level domains, they've understood these lines. When we're thinking about harmful content, sometimes the lines become blurred. What this reveals is gaps in the way they're governing this.
What we're hoping to get to today is an exploration of what those gaps are, and also try to be action‑oriented, like, what are we going to do about it? What does good look like?
Joining us on the panel, we have Keith Drazek, the vice president of policy and government relations at Verisign. Thank you, Keith. To my right, your left, Esteve Sanz, head of the multi‑stakeholder dialogue at the European Commission. Further on, we have Jia Rong Low, managing director for Asia‑Pacific at ICANN. To my left, Jennifer Chung, director of corporate knowledge at DotAsia.
Somewhere, maybe in the building, maybe joining us later, Jean-Jacques Sahel from Google. Online, we have Fiona Alexander. I'm not sure if she is connected yet, but I'm going to introduce her anyway. Distinguished policy strategist and fellow at the Internet Governance Lab at American University. Also joining online is the general manager at LACTLD, Rocio de la Fuente.
We have a range of experts from across the globe, a warm welcome to particularly Rocio and Fiona for joining online.
Can I start with you, Keith? Could you just give us a very rapid thumbnail sketch about what we're talking about? You know, why are we talking about governance gaps? I mean, we thought that we understood all of this stuff was separate, so what are the gaps and why does it matter, and how do we create that safer DNS paradigm?
>> KEITH DRAZEK: Very good. Thank you, Emily.
Hi, everybody, I'm Keith Drazek. I want to thank Emily and her team at the research federation, and my colleague, Nick Smith, getting the dynamic coalition on DNS issues back up and running. It was first established approximately five or six years ago. It was focused primarily on universal acceptance issues in its origin. During the pandemic phase, it went dormant. We have now recognized that this is a critical, you know, convening opportunity to talk about these issues.
We're very excited about the re-establishment of the DC‑DNSI, and let's get right into it.
So, Emily, thank you very much for the introduction. I think the key point here is that it's really important for those of us in this space, whether we are operators or folks who have a concern about DNS issues, security, online harms broadly speaking, to recognise that there are roles, responsibilities, and capabilities of various actors, and whether that's a registrar, a registry, CDN or ISP. When it comes to mitigating online harms, we each have our roles, responsibilities, and capabilities.
As we talk about those roles, responsibilities, and capabilities, it's really important to recognise that, in some cases, there are governance regimes or governance in place. For example, in the ICANN community with GTLDs, we have governance by contract. There are obligations that registries and registrars have in the GTLD space, and there is a function performed by ICANN. That is one example of a governance structure. CCTLDs, as, you know, a distinct approach, typically have relationships with local governments or local Internet communities, where there is a sort of governance umbrella there.
If we look at hosting companies and providers, again, it's perhaps not exactly the same. We all, as operators, are subject to the laws of our jurisdiction, regulations. In some cases, Best Practices for our industry. But we have, I think, what we've identified is a range of governance approaches. What we've identified is that there are certain variations in approach. At the end of the day, I view this conversation as the beginning of an opportunity for better communication, collaboration, and good work across the various parts of the DNS ecosystem, up and down the stack.
I think there's a need for us as technical operators, registrars, registries, to work better and collaborate better together as an industry, as a sector, so we can actually mitigate online harms in a proactive way, in a way that actually helps to reduce cost, reduce expense, become more proactive in our communication to identify bad actors and trends.
At the same time, to demonstrate that as an industry, as a sector, we have identified these challenges, and we are committed, broadly and collectively, to do better work together, to demonstrate to regulators that we are taking the initiative and that we are, together, identifying ways to work more collaboratively. Because if we don't, we're going to be regulated, and we'll be regulated in a fragmented way when it comes to different jurisdictions.
Fundamentally, that is the reason, I think, you know, one of the reasons we have this conversation. I should also note that, in addition, there are conversations we want to have about the advent of blockchain, alternate identifiers and technologies, and there are governance gaps in that area, as well.
Emily, I'm going to stop there. I'm happy to weigh in as we go along on other conversations, but that's sort of, I think, the framing of the issue, is we as industry have an opportunity to do better together, and I think that there is an opportunity to work in a multistakeholder fashion, to make sure we take on the views as industry of Civil society, of government, of the technical community, to make sure that we are making, you know, positive steps forward. I'll stop there. Thanks.
>> EMILY TAYLOR: That's a really useful opening, too. If I'm understanding you correctly, Keith, what you're saying, it isn't that people aren't doing anything. What it is is that it's almost like unjoined islands of activities. Perhaps a lack of communication. Perhaps a lack of understanding of each other's good practices that could be improved. Your call to action is for us to collectively step up.
Can I just welcome Jean‑Jacques Sahel with the relief that you're here. Thank you for finding the room.
Can I ask you and Jean‑Jacques to swap positions or for you to move onto the front row? Apologies. So Jean‑Jacques can join at the table. Thank you so much, Georgia. That is Georgia, everybody, who co‑organized the session with Carolina and Nick. Thank you for that.
Jean-Jacques, I'll let you settle down in position.
First of all, what I'd like to do, Keith mentioned, I'd like to call to Jia Rong Low as VP of Stakeholder Engagement and Managing Director for Asia‑Pacific at ICANN. Of course, there has been a lot of activity in the stakeholder environment, hasn't there? To respond to Keith's point about people needing to step up and voluntary practices. Perhaps you could update everybody, or those who don't know already, about what has been going on on the contracts.
Then I'd like to give Esteve a spot, and Fiona, as well, so coming to you next.
Jia Rong.
>> JIA RONG LOW: Thank you. In the ICANN community, it is governed by a wholistic model structure, so anyone interested can participate in ICANN. Tied to the ‑‑ one particular conversation that has been happening over the past few years has been the topic of DNS abuse. When this was first raised by stakeholder groups, including governments, they also included Civil society and the end user community.
In fact, a large community who represents the end users, they were very, for lack of a better way of saying it, very adamant that the issue of DNS abuse needs to be addressed within ICANN. Before we talk about having the next round of generic, top‑level domains. This conversation, when it first started, sounded very messy. Even, for example, what's the definition of DNS abuse? People couldn't agree on the definition at the time.
Fast forward a few years later, where we are now. Just on the 9th of October. The ICANN accredited registrars and registries will be voting over a 60‑day period to amend the registration, the registrar accreditation agreement and the registry agreements, to update it to incorporate DNS abuse.
Sometimes, you know, it's talking about models. When you look at it from an outsider perspective, you may think nothing seems to be moving, right? The conversations take very long. But if you look at it between milestones, actually, we've come a long way. You know, the agreement, the contracts that Keith mentioned, ICANN has registries and registrars, will be updated. You include clauses that defines DNS abuse more clearly, which is malware, botnets, phishing, farming, and spam.
These conversations take a while to come together, but it's a significant milestone.
Now, is this the silver bullet, the pinnacle to everything? I would say probably not. But it's moving in the right direction. So, you know, that's the key thing for us to takeaway, is that, how do we keep evolving and moving the conversation to be relevant to address the challenges of the day, and to continue to have faith in that wholistic conversation, where different stakeholders come together. You raise a problem, then you can come to a solution.
I'd like to leave that with everybody. Thank you.
>> EMILY TAYLOR: Thank you very much. That was a really clear explanation and thank you for that.
But, Esteve, if I can come to you, you know, from the perspective of a regulator in the European Commission, we've heard from Keith. You know, we've got to up our game or we'll get regulated. We've heard from Jia Rong, you know, people have got to keep faith with the multistakeholder scenario.
From where you're sitting, do you think the industry is doing enough? Do you think that we are doing enough to close those governance gaps and respond to the challenges?
Maybe you can, you know, just let us know what we've got in store in terms of regulation.
(Laughter)
>> ESTEVE SANZ: A bit of silence and tension.
>> EMILY TAYLOR: I think it is really working for you.
>> ESTEVE SANZ: I think we are regulators, but we are also very active members of ICANN. So I am a bit uncomfortable when you present us only as regulators threatening the community. I think you will be very happy, most of you will be very happy to know that we don't have new regulations in mind.
What we have in mind is really supporting ICANN and, I have to say, from the start, I'm really pleased, and I completely agree, with the approach my colleague has just presented on this contractual negotiations. We think this is really the moment of truth in DNS abuse, but also in, you know, the ICANN model. It needs to deliver on this thing.
We were very pleased to see that the amendments go in leading the right direction. We are very hopeful that the vote of those amendments is going to be positive. We cannot think otherwise, frankly. We did express very openly within the GAC, and many members agreed with us, that the amendments are not enough to be able to tackle even this more technical definition of DNS abuse, which, of course, we were happy to accept in the context of ICANN.
For example, well, the amendments are a bit general when it comes to defining concrete measures on DNS abuse. They are more based on kind of the objective. We know because we have regulated many different markets, that sometimes this is a bit weak. We have also missed some elements that relate to the transparency of contracted parties. We would like to see indicators. We think that this is really a very good incentive for the registries in crisis to really get their act together when it comes to dealing with DNS abuse.
We have also missed elements that relate to kind of proactive measures. They are very ‑‑ they are regulations that the amendments are very much focused into forcing or asking contracted partners to react to requests when they have this actionable evidence, which, by the way, is a complex concept in itself. But, of course, we know that some proactivity, as many registries and registrars are doing, is extremely beneficial. We have the example in Europe that has this artificial intelligence system, that, you know, runs this classic technical list that also they have at their disposal. Then they apply a little artificial intelligence to be proactive and automated.
All of this is not in the amendments, and it would have been very useful that this is in these amendments. But I have to say, you know, we've engaged very constructively with the GAC community, and we are hopeful that these issues will be resolved in further discussions with the ICANN system. That's our conciliatory pitch for you today.
>> EMILY TAYLOR: Thank you very much. Notice the rumble in the room before you started speaking. This is a really useful overview. Thank you very much, Esteve. Thank you for joining the panel today.
Sort of the European Commission as a member of the multistakeholder community, having a view and wanting to encourage those proactive measures.
And we're very fortunate to have Jen Chung in person and Rocio online. Maybe we can come to you both in terms of those proactive measures, and also from Rocio's point of view, in LACTLD, the difference between the country codes. I can see some country code managers here in the room, as well, who are not part of that ICANN circuit. You know, is there some governance gaps to be closed in terms of information sharing?
First, I'm going to turn to Fiona Alexander, who many of us remember from her long service with the U.S. government at the NTIA. Fiona, if you can hear me, I hope you can, you've just heard from Esteve about the perspective from a European member of the multistakeholder community, who happens to also be a regulator, as well.
Okay. Maybe you can help us to understand, you know, we often think of governments as having one single point of view. Maybe less often these days. But there are also profound differences of approach, aren't there, between the U.S. and the EU in terms of thinking about this.
So maybe you could talk to that point and the general regulatory perspective and how that fits with the sort of differences between DNS and content in this international global Internet that we have.
>> FIONA ALEXANDER: Sure. Hi, Emily. Hello to everyone in Kyoto and around the world. Good morning from Washington. It's about 4:30 now maybe, 4:20.
>> EMILY TAYLOR: Thank you very much for getting up so early, as well. I should have started with that.
>> FIONA ALEXANDER: It's okay. It's part of being part of the global Internet governance community, to do meetings at all times of the day and night. Not uncommon. Anyway, thank you for the invitation, and congratulations for reinvigorating the dynamic coalition. I think that's great.
One of the reasons I think it's good to have places like this, to have conversations, is because it's a little bit more neutral in terms of a convening platform, but, also, it's kind of a safe space to talk about issues that can be complex and can be a little bit more challenging in, you know, even in the ICANN system, which is multistakeholder, but as Keith described, as the regulatory contracting process, and then government‑to‑government, it can be more complex, as well.
Thank you for the invitation, and I'm glad the group is reinvigorated. The topic sounds more simple than it is. DNS abuse sounds straightforward, but it can mean lots of things to lots of people, depending on where you sit as a user in the system versus a provider in the system versus a government in the system, trying to address what you see as harms. Again, perception of harms or real harms can be very different country to country. There is no international agreement or even sometimes agreement between like‑minded countries. Specifically, what constitutes harm?
I think it is important, and that's why this sort of idea of having a lot of different tools at your disposal to solve some of these challenges is a good idea. There has to be an appropriate balance of how you deal with these issues. In some jurisdictions, perhaps you want a more proactive approach, and other jurisdictions, you want an approach where there is a demonstrated proof of harm, versus proactively going in and doing something. This is important as you try to balance the important issues of free expression and human rights with actually addressing when there actually is harm done.
It is challenging, and this cross‑jurisdictional challenge is one that can be difficult to resolve. I think I saw when everyone was coming into the room, I think I saw Bertron coming in, easy to spot him, and the jurisdiction and domain does a lot to help push the conversation forward. It's a lot in the way it has convened stakeholders in a neutral fashion to define terms. That's led to amendments in ICANN that folks already spoke to.
I think, again, making sure there's shared understanding of terms, that there is a shared understanding of some of the challenges, that we look at the portionality of the response, when do you take a small versus larger measure, and who is best to do that? Those are all important things to consider in the system as we look at DNS abuse and how to address it.
Like Keith, who started this conversation by framing some of the voluntary commitments, personally, I'm a fan of those. They're more effective. I think they can be more targeted and quicker to resolve some of the issues. Again, when looking at voluntary action, it is really important to make sure there is transparency in those systems and that there is due process in those systems, as well.
Maybe I’ll leave with that and let others go and go into the conversation. I just want to stress that it's not quite as simple as one might assume when you say, DNS abuse, of course we know what it means, but, actually, it's much more complicated than I think it seems many times.
>> EMILY TAYLOR: Yeah, thanks a lot for that, Fiona. You've highlighted not only that, you know, the issues are more difficult than they seem, but also that there are important checks and balances to maintain. There's free expression, there's human rights. Although we could ‑‑ if we all thought about it quickly, we could go, we don't want DNS abuse, but we want a thriving domain system where people can lawfully go about business without interference.
Fiona mentioned an important aspect, the power of voluntary action. Particularly, when you have organizations like ICANN with the international reach, you can much more efficiently get that international impact than you can through a sort of, one by one, different jurisdictions taking action. Although, of course, the European Union has been very entrepreneurial in its use of extraterritoriality and in gaining that ‑‑
(Laughter)
>> EMILY TAYLOR: That wasn't a joke, everyone. But that has been, and we're seeing that in the upcoming legislation. We'll all experience what that is like now with the directive.
Jen, thank you for waiting. With a huge panel, the benefits of it is that we get this global coverage. But, of course, it means, thank you for waiting for such a long time for the floor.
But other speakers have talked about the power of proactive actions, but also, perhaps, you could reflect on how these issues look in different regional perspectives.
I'm going to come to Rocio next, before finally coming to you, Jean‑Jacques.
Perhaps, you know, from the DotAsia perspective, you are a GTLD, a new‑ish GTLD, but if you could maybe reflect on the contractual amendments and also those proactive measures from the regional perspective, that would be great.
>> JENNIFER CHUNG: Thank you, Emily. Okay, thank you, Emily. I guess DotAsia can be considered as a middle child, not so much new. I think we're past our tenth birthday, so not that ‑‑ oh, still new compared to Keith next to me, of course, yes.
(Laughter)
>> EMILY TAYLOR: I think she meant dot-com, not you personally.
>> JENNIFER CHUNG: Yes, thank you so much, Emily, for that.
I wanted to touch beyond our contractual obligations, which Jia Rong mentioned. I'll leave Keith to talk more about how the contract party has helped. It's done a lot of good work, voluntary work, in actually trying to look at the gaps and fill the gaps, and its industry Best Practices.
For DotAsia, we're looking at using the trusted notifier systems, and it's more of a closer collaboration with regional partners, such as APNIC, APCERT. And we have a trusted notifier system with TWNIC. It is important, and I want to stress that collaboration with the different parts of the DNS ecosystem is extremely important for us to be able to establish a fast track, anti‑phishing mechanism, where we have, you know, TWNIC on one side and DotAsia on the other side, being able to periodically share different lists, periodically identify the risks.
That part is beyond our contractual obligations, but it is much to do with the industry, specifically the registry operators really come forward with good intentions to make the DNS more secure, to make the DNS more trusted, and to make the DNS something that other people can rely on. If you're looking to the different, you know, definitions that are floating around about DNS abuse, you can already see that there is a lot of people saying, you know, to one person, it means one thing, to the other person, it means something else. But for the contracted parties, it is simply, you know, DNS abuse for contracted parties is malware, dot net, phishing, spam.
It's not too much that we really need to nail down, this must be the only thing we do, we're doing above and beyond. With the trusted notifying frameworks, it is really important to understand, also, to include the certs. We're also looking at establishing with APNIC and APCERT and a South Asia CERT. I think it is very particular in our region, where there's a lot of stopgap. You think, perhaps, the European region has a more comprehensive approach to regulation and comprehensive approach to that. We don't really have that in the Asia‑Pacific region. I think that puts onerous on operators like DotAsia and other organizations in the Asia‑Pacific to step up to fill this gap.
I think it is really important to be able to understand, there is more work that is being done than is being advertised. Maybe it is an advertisement, or maybe it is kind of a socialization issue, where I think, on the one side, perhaps different jurisdictions looking at regulations are thinking, hey, the DNS industry, you're not doing enough. But maybe we need to also let them understand, here are the proactive approaches we are taking.
Trusted notifier system is one of the approaches we are taking, and it seems to be working. I think there are other initiatives that the contracted party house, both the registries and the registrars, are looking into, that would be able to fill these governance gaps. I'll stop here.
>> EMILY TAYLOR: Thank you very much, Jen. That is an interesting perspective on the contract being a baseline. And not preventing registries or registrars from doing more, if they want to. I mean, from what we're hearing from the industry, it sounds like everything is great. But the session title is, you know, about bridging governance gaps. It acknowledges that we're not there yet. The perspective that we want to now include is that of the country code, top-level domains, for those who are not aware of how it all works. I know that many in the room are very aware.
The country codes are not bound by the policy determinations or the consensus policies formulated in the ICANN community and do their own thing. The country codes also have regional organizations, like LACTLD in Latin America and the Caribbean. We are very happy to have Rocio here joining us remotely. You know, Jen, we heard about the proactive measures taken by the registries and registrars.
Rocio, maybe you can help us to understand what the proactive measures are being taken by the country code community in the Latin American region and your activities there in an attempt to bridge these governance gaps. Thank you.
>> ROCIO de la FUENTE: Thank you very much, Emily, and for inviting me to participate in this panel.
So as you were mentioning, it's not subject to the processes, and the policies are based on local regulations that are often established in coordination with their local communities. In terms of the governance gaps or governance issues that we have seen at the regional level, relating mainly, a lack of sometimes understanding about the functioning of the DNS and the different technical stakeholders. We've also identified some certain interests in these issues and some private actors that are not involved in internet governance but have approached it, like TLD and other organizations in the technical community, for help in addressing these issues.
So this has led to an initiative that, at first, we call the (?). And this is a proactive approach or collaborative approach that consists of a training and awareness raising effort on the operation of the Internet, its governance models, the actors that are involved in this technical operation, and among other topics. This is something that was provisionally intended for prosecutors and law enforcement agents. Later on, we have adapted this type of training activities to other audiences that have also approached the technical community organizations.
We believe that this kind of effort and capacity building sort of activities have been successful. They have operated as an initiative to close certain governance and, most importantly, to build networks of cooperation, or at least networks of contact between authorities and organizations involved in the operation of the Internet. And we see a very positive impact when national authorities, regulators, and judges, policymakers, can have a regular dialogue with CCTLDs in each of their countries or with other types of technical operators.
Also, we have been able to involve in certain editions of these workshops the private sector also, to address issues related to illegal content in their platforms and services besides the DNS threats or DNS abuse issues.
So this is one of the proactive approaches that we have developed at the regional level, in collaboration with the technical communities and organizations. There are also kind of unilateral efforts promoted by CCTLD specifically, so I can maybe share later in the panel.
>> EMILY TAYLOR: Thank you very much for that, Rocio.
You make an incredibly important point about the lack of understanding among some policymakers and judiciary and others, that you are proactively training, about the domain main system and how it works. Perhaps that is a point for reflection for those of us in the room and listening online. You know, how have we managed this, this public gap in understanding?
We at the DNS federation did research, and we tested people's understanding of basic terms. We found a small minority, but a significant minority thought DNS was a kingdom from Dungeons and Dragons, and some thought it was the Devin Nudist Society, as well. Unfortunately, it's not that fun.
But, Jean‑Jacques.
Sorry, Rocio, I hope we can come back to you for more detail on the unilateral action taken by some of your members, and also I'm going to come out to the room for your questions and comments. Get ready.
Also, Georgia, please let me know if anybody is raising their hand online. You're very welcome to join in this conversation.
Jean‑Jacques, welcome back.
>> JEAN‑JACQUES SAHEL: Thank you.
>> EMILY TAYLOR: Jean‑Jacques spent years at ICANN as the vice president of something very important. He is Asia head of content policy and global head of telecommunications policy at Google. It is wonderful to have you joining the panel because of your understanding of the DNS issues, but also your new role in terms of content. It comes back to Keith's opening remarks, that there are really good and mature practices in content moderation, and the reduction of harms, but perhaps not as much joining us as there could be between the content community and the DNS.
It'd be great to have ‑‑ well, whatever you would like to say, but maybe some reflections on that, as well.
>> JEAN‑JACQUES SAHEL: Thank you. It is so nice to be here. You've just shattered my illusions about what the DNS is actually about after all these years.
Sorry I was late. I was on another panel dealing with data flows. For some reason, they had questions to Google about privacy.
(Laughter)
>> EMILY TAYLOR: Mystifying.
>> JEAN‑JACQUES SAHEL: Yeah. I'm going to tweak what I was going to say after hearing everyone.
It is interesting when, you know, when I started all these years ago, the Internet issues, and I was in government dealing with the World Summit and information summit, we were talking about how the Internet was young and how we shouldn't hinder it with regulation. I still think that is probably true, we shouldn't hinder it with regulation, but the reality is that it is now no more a child. It's not even an adolescent. The Internet is an adult, though hopefully a young adult, like dotcom.
>> JENNIFER CHUNG: And Keith.
>> JEAN‑JACQUES SAHEL: We've had governments who wanted to regulate the Internet from day one, pretty much, but we've seen a broadening of this belief by a number of governments around the world, that they needed to frame the Internet with a regulatory construct around it and increasingly so. I think that's the reality.
When I look at it from a Google perspective, we're not trying not to be regulated. This is a thing of the past. It is more about how you are regulated. And within that regulation, there's also space for self‑regulation. By the way, let me hasten to say that, because it is relevant to today. That's my hope.
A quick one on Google, right? Google as an information company since 1998, we have this lovely mission since 25 years ago, which is to organize the world's information and make it universally accessible and useful. So in that, for us, there's this notion of useful, of relevance of the information to the users. So the company has never been too keen on having users exposed to bad information, bad content. So, over the years, we've developed a lot of experience in tackling harmful content, inappropriate content, undesirable content, and we've done it on our own backs. We have a set of policies and community guidelines that some of you may be aware of, whereby we can take action against inappropriate behavior that we see across our platforms, right?
The basic one is to, you know, have approaches within the strategy to deal with harmful content. We detect bad content, usually because it's been flagged to us by users on their machines or by governments, and then we try to remove it. That can be pursuant as to use flags, and depending on whether it corresponds to our usage policies or may be pursuant to illegal removals process, depending on the platform.
But it shouldn't just be about removal, it is also trying to make sure users are exposed to the right information. Making sure our searchs bring up quality results from authority sources. And we want to create good content on platforms like Youtube, and also follow the money, and demonetize as soon as we see content used by bad actors.
The final is collaborations. We've tried for years to partner, to understand the problems better, to come up with and share the technical communities. That's the overall approach.
Let me get a little to the core of the matter. In my experience, also having moved from Asia to Asia‑Pac a few years ago, generally, when I look at regulation around the world, certainly in this region, I think there's definitely a trend for much increased regulation, if not over regulation, and there is nothing stopping those regulations applying to all intermediaries, right? You see a few countries coming up with social media regulation that is specifically defined as social media actors, not always well‑defined but defined. But vast majorities on omnibus regulation concerns all Internet intermediaries.
It's there or it's coming, and it's from the range of countries. Certainly from across Asia‑Pac. Also, we need to think of the evolution of regulation when, say, 10, 15 years ago, you could probably still say quite a lot of countries outside of the two regions were looking at what the U.S. was doing, what the EU was doing, and sometimes they were copying.
The picture is much more complex now, where you have some coming up with their own pretty brand‑new regulation, greenfield regulation, and others, and I see a lot of those, cherry‑picking. Oh, I'll take a little of that, a little that I like, not the due process parts, and I'll take that, all the nasty parts of the dreadful UK online safety reel. Sorry, I didn't say that. Et cetera, et cetera, and adding their own veneer. It's there, and we're talking about significant markets. We're not talking about a few hundred of thousands of people, it's hundreds of millions of people that are going to be regulated through this.
I sense, I think to your point about education and collaboration, I don't think there's a lot of education. I was going to mention a lot of the principles that we like to see when we hear about regulation, and I can mention them, it's all about flexibility, balance, proportionality, outcomes based, all of that, but there is a fifth ‑‑ like, we have four of them. I could read them out, but there is a fifth one. The rest is on my blog. The fifth is regulation.
What I feel is lacking, and not just in this region, all regions, is engagement by governments with the multistakeholder community. I still ‑‑ well, you know, it's one thing to have a public consolation you push on a website, but as a policymaker, tentative would‑be regulator, how many times have you heard those guys come and ‑‑ and people, regulators, policymakers coming to you as an Internet intermediary, to proactively seek input? I haven't heard much at all. I think there is a deficit in policymakers and regulators actually listening and wanting to listen to the views of technical industry of views of Internet society.
When we look, this is supposed to be a better regulation directive, as in the EU. They're supposed to get the views of stakeholders. I don't see that happening a lot. Okay, we could try to remind them to do that, and the IGF is a good forum to remind them. But it is probably not going to happen. We're probably going to have, as an industry, to go out there.
Finishing up going back on the DNS as an industry, I don't want to be scaremongering, because I think it's not a banner, but I think regulation is upon us and has been for a while. I think there's been some really nice carveouts here and there in some of the recent legislations, where the core of the Internet has been, you know, set aside, so to speak. But even if the regulations don't touch Internet intermediaries as such, there's existing other types of regulation where I'm hearing very similar suggestions about DNS level actions. Copyright, harmful content.
I'm sure you're familiar, Jen, in APAC with the scams and frauds. People say, "Yeah, take action at the DNS level," then and the registries and registrars, "Let's not touch them."
It is whoever can take the action. Though some of us are raising concerns of collateral damage, massive collateral damage to the ecosystem, it gets scant attention. I think there's a lot of work for us to do. I like what I've been hearing here, about being proactive. It needs to be done. We need to show as an industry, as an ecosystem, we're trying to do the right thing.
I know people in this room who I know have no interest in having bad stuff on their platforms. Same as us. We're doing ‑‑ we are all working really hard. Sure, we need to demonstrate that, but we all need to raise our voices more, educate as much as possible. I like to think, you know, for instance, you've been doing a lot of work on Internet shutdowns, things like that.
>> ( Inaudible ).
>> JEAN‑JACQUES SAHEL: I didn't mean you shut down the Internet. But maybe we can have balanced regulation and making sure we leave space for freedom and expression and not overregulating.
>> EMILY TAYLOR: Thank you very much. So we had a challenge there for regulators, to actually talk to industry.
So, Esteve, I'm happy to give you the floor if you want to respond to that.
Keith, you wanted to come in on that.
Do any of the other panel members want to sort of join that? Fiona and Rocio, if you can raise your hands, then Georgia can let me know if you want to come in.
Should I give you the floor briefly, Esteve? Then Keith, then I'd like to open the floor to your questions and the questions online, as well. Do raise your hand if you'd like the mic.
>> ESTEVE SANZ: Thank you so much for all these, by the way. I was listening carefully.
Very briefly, it is inevitable to move from this discussion about technical DNS abuse, content DNS abuse, as, you know, we know well that this is a discussion that will go on for some time. I think that we've moved in different planes, talked about content, talked about technical issues. There is still value in operating both, at least for sort of conversations.
You know that the EU has a very clear approach when it comes to regulating platforms, regulated content. This is basically the Services Act. After discussions with stakeholders, we found an approach that we think really strikes the right balance between the users' rights and fundamental rights and the need to do something.
I think the reason why we're here, and we opened these contracts and are discussing these things, is we finally agree that, you know, there is DNS abuse, and it is something significant. That's very positive, you know? But the other thing, of course at the international level, and that's what I call you sometimes, but why I coordinate very well with Ken, and he is angry at us because he did the heavy lifting on the organization of the digital declaration for the future of the Internet session, but we co‑organized it, but he did most of it, I have to admit, but we collaborated with the U.S. on that.
There are many principles, but there is one thing, one way of approaching the declaration, which is very clear for us, which is a straitjacket. Here, we are proposing globally a series of principles for states not to do certain things, not to regulate the Internet in certain ways we think are absolutely harmful. You know, digital authoritarianism is really a thing.
Perhaps the worst thing that has happened to the Internet is that, now, we know that authoritarian countries are using it to control their population. That's the reality. The Internet is ‑‑ no longer can we see the Internet as something that brings freedom or freedom of speech or Democracy. It really depends on how states treat it.
And the declaration is precisely that, it is a way forward, a series of principles of how to do things but also how not to do things. How not to regulate the Internet, so that it doesn't end up consolidating authoritarian tendencies.
>> EMILY TAYLOR: Thank you very much.
I know, Keith, you wanted to come back.
Jean‑Jacques, really, you got everything riled up. Everybody is like, I want the floor.
I have Fiona waiting to join, as well.
Jia Rong, you want to?
I have Mark, as well, in the audience.
Anybody else? Great, we're going to be fine now.
Keith, in your remarks, perhaps you can address Jean‑Jacques' point. He's like, the governments never call, but, actually, do the industry talk to each other? Well, it's never called you. But are industry talking to each other across sectors effectively enough? Thank you.
>> KEITH DRAZEK: Thank you, Emily. I'm going to touch on a few things. I'll try to be brief. I think the answer is not sufficiently. The direct answer to your question is industry, especially when we talk about up and down the stack or, you know, across the range of operators, I think ‑‑ and that was one of the reasons we identified the governance gaps as a challenge here, is there is an opportunity and a need, I think, for registries, registrars, hosting companies, CDNs and ISPs to engage more constructively and proactively together to collaborate, identify trends of bad actors, mitigation strategies.
I think it's a fundamental opportunity we have as industry. But to be informed by the concerns of Civil society, to be informed by the views of governments and regulators. Just to go back to one of the things that Jean‑Jacques said, clearly, regulation is here. There's no turning back that clock, right? And to Esteve's point, regulation can be appropriate and is appropriate in certain circumstances. I think that's quite clear. The fundamental issue we have as industry is it needs to be informed and educated regulation. Education, regulation, whatever it may be, it needs to have civil society concerns. And I'll get back to the trusted notifies, like Jen said.
When we talk of trusted notifies as inputs to us as operators, requesting, in many cases, the use of the DNS to take down content or to moderate content, that raises a lot of real concerns. When we talk about roles, responsibilities, and capabilities of the actors in the ecosystem, a registry can do a certain set of actions, very, very limited. A registrar can do perhaps a slightly expanded set of actions, but very limited. When you start talking about content, hosted content at a third‑level domain, registries and registrars have one option, and that is to take the entire domain, the second level domain out of the zone.
If it is a bit of offending content or harming content on a third‑level name or a website, the hosting company has to be involved in that conversation about how to mitigate those harms. You know, on and on. So really important to understand the roles, responsibilities, and technical capabilities of the actors in the ecosystem.
Fundamentally, when we talk about using the DNS or taking action at the DNS level to mitigate content‑related harm, we have to start thinking about providence. Like, the closest operator, the closest provider to the harm should be the operator that takes the action, so providence. Proportionality, making sure that if you're taking action to mitigate online harm, especially content, you're doing so in a proportionate way that doesn't negatively impact other parts of the ecosystem or impact negatively disproportionately users.
Transparency, right? We need to have transparency when it comes to using the DNS to mitigate content, mitigate online harms. Transparency, what actions were taken? What was the procedure and the process that was followed? Due process, right? It was their due process for consideration of that action. Finally, recourse. Is there a process for recourse for the impacted party if you got it wrong, right?
I think these are all things that need to be discussed. And if we rely on a third party, a trusted flagger or a trusted notifier that's outside of the traditional court system, that raises all of these questions. So I think the understanding of the procedures, processes, the authority that a so‑called trusted flagger or trusted notifier might have, especially when you're talking content, raises these questions. These need to be discussed by industry but informed by concerns of civil society, informed by the views of regulators, and that's a conversation, I think, that we need to have.
But I think as industry, we need to start having this conversation together so we can then take that next step of bringing in the multistakeholder sort of inputs.
Emily, thank you.
>> EMILY TAYLOR: Thank you very much. I think if you could find a different word for "transparency," you're close to a five Ps of policy principles there that can be developed.
I have Fiona, Jia, Jen that want the floor. Mark, the gentleman at the front. I have Andrew. Who else wants to take the floor? Mikele?
Let's try to get through these remarks in the next quarter of an hour, 20 minutes, because I want to set aside time at the end before we close to do a sort of, so what are we going to do, right? How are we going to close those governance gaps? What actions, what commitments can we make to actually make things a bit better?
So, Fiona, thank you very waiting.
Then I'll come to you, Jia.
>> FIONA ALEXANDER: Sure. It is important to keep in mind the technology space always had regulation. I think back to the telegraph in the early days of that. There's always been regulation in and around technology. I think the thing that's changed in the last 30, 35 years, is how that regulation comes about. That's because of sort of the proliferation of the Internet and what it affords people to do. This really is the multistakeholder approach to actually engaging everyone in the process.
I think that's the important way forward and the important path forward, to solve some of these complex issues. And at least from my perspective, governments putting out a public comment process, government putting out a notice of rules and asking for feedback is not a multistakeholder process. Yes, you're talking to people, and, yes, you're getting feedback, but that's not actually a multistakeholder process. So no matter how well‑intentioned it is for a group of governments to get together and say the right things and say things that could be useful, you know, I'm often reminded by what one of my old bosses used to say to me all the time, how you do something is equally important as what to do.
To solve these complex problems, it is important the policies and rules happens in a multistakeholder fashion, to Keith's point, where everyone is in the room and listening to each other. That's how to solve the problems. It is not for one stakeholder group, industry, governments, civil Society, to sit separately. That doesn't solve the problem. I wanted to respond to a couple things people said.
>> EMILY TAYLOR: Thank you. That comes back to your remarks earlier, the IGF being a safe space to experiment with ideas. You don't have the pressure of somebody maybe changing a contract or regulating at the end of it. These are problems that are difficult, and you were saying that earlier. These sound simple, but they are actually difficult to solve. They span multiple sectors, multiple actors, as you were saying.
Jia Rong, you wanted to reflect on some of the things you've heard, too.
>> JIA RONG LOW: Thank you. I was kind of hoping to just zone off, yeah, but after hearing Esteve say something, it got me thinking. Jean‑Jacques was mentioning regulation, and that what he's hoping to hear is governments reaching out to get the inputs and thoughts. Esteve talked about balanced approach to regulation. Got me thinking suddenly, because I've not had interactions with E‑regulators directly, but I've been on the receiving end of law enforcement agencies.
After the EU enacted the GDPR, the registration look‑up system, most of you in the room knows who is, we have to redact a lot of the information of the EU citizens. Law enforcement agencies, including Interpol, they have an office in Singapore. They called me up, just catching up with them. They said, "The system now is useless. I can't do any cybersecurity investigations anymore because I can't find the information I need."
I was then ‑‑ I realized that the same colleagues on the EU, on law making and policymaking side, did you consult with your own colleagues from the law enforcement agencies? They have ended up being the victims of this regulation. The intention is good, you know, you want to protect the privacy of citizens, but the flip side of it is, the same government folks, you know, who have charge of fighting Cybercrime, can no longer use the tool. So it is actually very hard. It is more a reflection than a question.
I think governments, you have a role, and you need what you need to do to protect the citizens, and it is difficult. Because even just talking to each other within your own government is difficult. Then it makes it even harder when you want to think of getting inputs from multistakeholders.
So I think it's very difficult because there's no one answer. There's going to continue to be a gap. What I think would help is, you know, we really try to find more opportunities for us to have these conversations with one another. I don't have an answer for it, but it is just a reflection.
>> EMILY TAYLOR: Thank you very much for that. We did, actually, make it past the hour without mentioning GDPR, but I think it is a really important aspect, you know, and it reflects some of the remarks made by Fiona earlier. A lot of regulation is well‑intentioned, and, Jean‑Jacques, you talked about the evolution of regulation, like we can't regulate this stuff and now we are, and maybe overregulating at times, but each regulation has its impact, has its winners and losers.
I'd like to bring Jen and Rocio back into the conversation at this point. You know, just general reflections. It could be on the availability of Data, and it could also be, you know, fulfilling your promise earlier, Rocio, to think about what individual members are doing in the LAC region to try to address some of the governance gaps.
Jen?
>> JENNIFER CHUNG: Thanks. It's on. Thank you, Emily.
Actually, I wanted to give a live case study to what Keith mentioned earlier about the list of ‑‑ it's not really the five Ps. You had other initials in there, but giving a different flavor of, you know, what a registry operator does. Obviously, DotAsia is DotAsia, but we also manage and are the registry operator for Dotkids. It is one of the first GTLDs with a mechanism for restrictive content. What Keith mentioned earlier with the chain is extremely important.
Most of the registry operators, of course, our baseline is our contractual obligations and what is within the ICANN to deal with DNS abuse. One as Keith already mentioned, downstream, we have the hosting providers, DNS resolvers, all of that. At every point there could be abuse happening, whether it can be termed specifically as DNS abuse or pretty much bad things are happening on the Internet, so all the way to content.
For DotKids, when you're looking at it, we rely on the Google AI to look at the content, specifically for the GTLD. The first thing we do to look at it is to have a policy that listens to Civil society, that listens to experts, and in DotKids case, of course, the child rights experts, the online rights experts, that community.
Second thing is the transparency part of it. At every single level, when you're dealing with this kind of content, we need to have the paper trail of where, what is this reporting coming from, how are we addressing it? Downstream, how are due process? How would a registrant or, actually, the user who has reported this abuse, how would there be recourse if they don't agree with the actions that we take?
This is just kind of a live kind of case study, illustrating what Keith just mentioned. That was what I had.
>> EMILY TAYLOR: That's fantastic. Thank you for that.
Rocio, would you like to reflect on some of the things you've heard?
Then I'm coming to you, Mark, and then gentleman at the front, Andrew Kempling.
>> ROCIO de la FUENTE: Thank you, Emily. First, I wanted to mention, unlike the EU, there are no regulations in the LAC region that promotes harmonization. That's why there is differences in the facilities in the region.
Also, we saw some preliminary studies recently in the ecosystem have shown that the percentage of abuse domains is significantly small in visibility to the community, but even though the percentage of domains is small, there are some cases of proactive action that has been promoted by CCTLDs. In terms of Data, the CCTLD registration process in some case in the region have introduced the evaluation mechanisms for individuals. One is based on the national track identifiers.
While the process of the registration delegation might be a slower or more bureaucratic in relation to other CCTLDs, those specifically based on tax identifiers raise the barriers for users that are seeking to register a domain for criminal activities. Also, there are other cases that are related to tackle specifically illegal content. We have the case of DotCo, which is a specific approach to tackle the cases of extremely serious, illegal content, in partnership with the judiciary and also with international organizations for the protection of children online.
In this case, there is a national hotline that has been incorporated, which also includes mechanisms for reviewing reports in coordination with specialized Civil society organizations, and also a protocol for developing certain URLs in certain cases.
>> EMILY TAYLOR: Thank you.
>> ROCIO de la FUENTE: Oh, okay.
>> EMILY TAYLOR: Thank you very much. There's so much more to say, but really vivid examples, like the cooperation between DotCo and other organizations in relation to child and sexual exploitation materials. Thank you very much for highlighting those.
I'd like to come back to you if we have more time, but I have got ‑‑
>> ROCIO de la FUENTE: Of course.
>> EMILY TAYLOR: ‑‑ a queue of people in the room waiting patiently for the floor.
Mark, can I start can you? There is a microphone in the middle. Hopefully you don't mind that. Maybe we can take those four comments from the floor, then come back to the sort of need for action to the panel. Thank you very much, Mark.
>> MARK: Everyone, I'm an Internet governance consultant, and I was co‑chair of the team on DNS abuse that eventually made suggestions to the contracted parties that were then taken in by them and worked on within their terms. One important question that came up, and Esteve mentioned it in passing, but I would like to really stress this, was that what our group did was seek the minimal level of technical abuse. This is maybe a fault of how we arrived at this.
It is DNS abuse, but we are thinking about the technical level, because this is something that we could get together as a community and agree. I kept posing questions to people, such as, you know, cite me a good botnet, one, that is not an experiment, an academic novelty. There is none. You have no reason not to take down botnet.
So the suggestions we arrived at, in theory, should have been addressed before. We are trying to get to the point we need to be, the very basics, and from there, now, it's a discussion of what are the things that are not the bottom of the bottom, right? That's the discussion that starts once, hopefully, and I'm not promising anything, but hopefully the contracted parties adopt these amendments.
Where do we go from here is the next things. With technical ‑‑ it is not all technical, but there are still technical abuses out there, but the basic ones handled, where to move next. That should be our question, right? It's not, where is DNS abuse at right now? Technical abuse is slightly getting solved. Where do we go from here? Thank you.
>> EMILY TAYLOR: Thank you very much. Mark is making the point about, you know, the community starting with very technical definitions. Let's hold on to that idea and invite you, sir, to make your point. I'm sorry, would you mind going up to the mic? We can try getting it to you otherwise.
>> AUDIENCE: Thank you very much. Let me introduce. I'm in (?). Before talking about DNS governance related challenges, we need to know about the city cap of the developing countries related to the governance gap. Even though we don't have all of the cybersecurity law, they're related legally and that might be essential before going to address to the DNS‑related case.
So how we will extend the collaboration, as mentioned already between not only the Civil society and the private sector, but for among the developing partners as it relates to experts, so we can have ‑‑ we can minimize the gap.
Although, there is the threat of the DNS‑related threat out there, so that we need to build a capacity of the developing countries, particularly where there is a lack of legal impact as it relates to physical impact. Thank you.
>> EMILY TAYLOR: Thank you very much, Kanesh. A really important point. Thank you for raising it. You know, we can have a very global north conversation, we have to ‑‑ you know, one of the gaps, most important gaps to overcome is that capacity gap that you mentioned. I hope the panel will reflect on that.
Andrew, I think you were next, and then Mikayle.
>> AUDIENCE: Thank you. Too often, when we have gatherings like this, the conversation usually starts with, we can't do X, where X is something the community doesn't like, because of fragmentation or because of the Internet way of working, or some other, in my view, generally quite flimsy excuse.
I thought it was incredibly positive that this whole discussion started with Keith, you know, and then others talking about preemptively, proactively, rather, preempting the need for regulation to deal with problems, recognising that there are problems. It was very positive. If only more in the community took that approach.
Thinking about the gap, so perhaps tossing in a different aspect, are new standards as they relate to DNS, do the panelists think they might be introducing new gaps, new challenges, from a governance perspective, and should these be considered in advance, in much is same way that legislation should perhaps be more considered in advance?
If so, how do we get more policy stakeholders engaged in the standards community, which is currently very under diverse and not, in my experience, overly welcoming of the multistakeholder approach?
>> EMILY TAYLOR: Thank you very much. We're actually getting from the audience some really important additional gaps that I'd like us to reflect on. In addition to the limitations of technical‑led definitions, we've got the gaps in capacity and now, from Andrew, the gaps in getting policy voices into emerging standards in the space. So not much for you all to deal with in your one minute of reflection you'll be having.
We haven't heard from Mikayle yet.
>> AUDIENCE: Thanks so much. For those who don't know me, I'm the founder and CEO of a hosting provider and registrar based in Ireland.
A couple of things. First off, to the gentleman from the EC, would you please, please, please stop using DotEU as examples of anything. The operator under contract with yourselves, so holding them up as the gold standard, while it might be suitable in certain scenarios, expecting other registries and registrars to automatically adopt whatever DotEU is able to do is quite problematic.
I think a lot of what Keith was talking about makes a lot of sense, but one of the problems I'm having with this is, what is the line between DNS and Internet? Not everything is a DNS problem. It really isn't. Trying to solve it, I think, as Keith rightly points out, a lot of the issues that need to be dealt with aren't within the scope of registrars or registries. We're not the best equipped to deal with them. We shouldn't be the ones to deal with them.
I'd even go further and say that, in many cases, as hosting providers, we're not even particularly well equipped to deal with them, because there are issues on platforms and things like that which we really can't see. I cannot ‑‑ if I was hosting Facebook.com, for example, I could remove the entire website, or a large part of it. I wouldn't be able to remove one offensive post. It's the same with any blog or anything we host in our network. We have no ability to remove a single piece of content. It is very, very hard to do that.
The issue, though, really becomes one of, okay, who do you want to talk to, and what's the problem you're actually trying to solve? At the moment, and in Europe, one of the issues we've been seeing is a huge rise in smishing. It is the telecom companies that could do something but have failed to act, in many cases. But, right now, the only ones enabled to take any action are going to be the registries and the registrars because it's a URL, so it is a domain. But why aren't the telecos being asked to do things?
From our perspective, we are tired of being the ones that are the stopgap for everything, for all the evil on the Internet. It comes back to the DNS. In many respects, it actually doesn't.
>> EMILY TAYLOR: Thank you very much. Also, it is great to have a voice from a registrar, as well, in the room. You don't see many registrars at the IGF, so thank you for raising that.
I think there was a challenge to you, Esteve, which hopefully you'll respond to.
But are there any further questions, either online or in the audience that we want to get there?
Yes, sir? Then I'm going to wrap the session with some positive.
>> AUDIENCE: My name is (?), and I work for a registrar, also an organization that does a non‑for‑profit, whose objective is to improve the DNS by getting some resources in place, by sharing resources. For operating systems.
The habits we've gotten into over the last 20 years turn out to be, now, not so good habits. Because the security of the DNS, things have disappeared. When the DNS was created, fax numbers, telephone numbers, and physical addresses, postal addresses, used to have meaning at that time, 30 years ago. They don't anymore. They've become totally liquid, floating. You can have a telephone number anywhere. It doesn't mean anything. It's no longer an anchor.
More importantly, the domain itself has been a victim of its own success. Because there are so many domains, the cost of losing a domain is irrelevant for an attacker. He's still behaving as if it was a big problem to lose the domain. Of course, they couldn't care less. They have thousands, millions of domains accessible to them. There is a great market of making domain names available, you know, for all kinds of things.
It also enables them to use them selectively, so there's no longer just a question of handling evidence of abuse. It's just too late when it comes through there. When we actually act, you know, the attacker couldn't care less.
>> EMILY TAYLOR: I think that's a good, welcome reminder to all of us over a certain age, that sometimes 20 year old habits aren't always best for us.
In closing now, I said we'd get to it five minutes ago, and half of my plan for the session has gone out the window, but one thing I would like to revive is this sort of future looking and to come back to your original call for action, Keith. Like, what can we do? You know, it's always easy to point the finger and say, "Somebody else should do something."
I heard something that I was reminded of, a phrase earlier this week, which is, those who can, should. So there are people in this room and on this panel who have got some capacity to do things. So my question to you is, what can you do that will make things better?
Jean‑Jacques, we haven't heard from you for a bit, so I'll put you on the spot, then I'll run through the panel. Just thinking individually or for an organization.
>> JEAN‑JACQUES SAHEL: On the record?
>> EMILY TAYLOR: We'd love to hear from Google, honestly.
>> JEAN‑JACQUES SAHEL: Look, there are a few things we're already doing and things we should discuss in more detail, in terms of ‑‑ and I think Keith has already given a few good ideas along the way.
Maybe starting with reference to what the gentleman was saying in capacity building. We do capacity building when we engage with certain governments and describe how we deal with harmful content, and we also do it through third‑party organizations. For example, the UN drugs and crime often organizes training sessions for law enforcement agencies for countries across Asia. I've gone there myself to explain how Internet companies deal with harmful content, terrorism, that sort of stuff, so there are channels that exist and, you know, we can talk about that.
Then, you know, I'm mentioning UN agencies, and we are in an UN forum, after all, so we have to give them credit. Then going back to what some of us have been saying in the room, you know, is there something we can do as an ecosystem? Why not just Internet industry writ large, but as an ecosystem. It was interesting to hear Mikayle talking about everyone turns to the DNS people for action, and he is gone now, but I don't think it is entirely true, but unto us, as well.
>> EMILY TAYLOR: Possibly a little more sometimes.
>> JEAN‑JACQUES SAHEL: Maybe. Anyway, talking about some of the governments that talk to us about disinformation seriously. Look in your own backyard.
Anyway, there should be some discussion, perhaps, we should continue this discussion in a way to think, okay, what is it practically we can do? Are there any coordinated actions we can take? You know, having worked for ICANN, and I know what I was trying to do in Europe when I was there, what I imagine Jia Rong is trying to do regularly, is engage the governments, trying to explain to judges, law enforcement, how it all works.
Importantly, I think we should continue the discussion. Think about practical things to do, and perhaps it's just also a question of visibility, saying to each other, oh, there is the school on internet governance, for example, that's run. Can we tack on something for governments? By the way, doesn't have to be in person. We have something called the Internet. We can get governments from everywhere to join the trainings online and further understand, and also network with the industry, get more understanding. You can practically do that. There is a bit of explaining and some basic explaining we need to do even with governments supposed to be there.
We have work to do in Australia to explain to people that DNS level, blocking is bad, as one example. I think there's a lot more we could continue to discuss, very practical actions of engaging of those governments. I'd love to continue. I don't know what platform would be best, maybe there is some sort of ICANN sink we can tap onto.
>> EMILY TAYLOR: Thank you very much.
I'll ask Esteve next, then I'll come to Rocio and Fiona, and then come to you, then Jen and ‑‑ so brisk remarks. Four minutes. In total.
>> ESTEVE SANZ: I just wanted to start acknowledging the questions and comments from the audience. Capacity building is key. We have to admit this is a global north conversation. We're global north, discussing the abuse mostly. This is bad for the overall ecosystem, and it will play very badly in the WSIS discussions that will emerge very soon. We need to work on that. I know that ICANN is making great efforts to be more inclusive, working on support to the new round of TLDs, but we need to do more.
I can just say that we are perfectly aware of this situation, and we are engaging in the context for the future of the Internet, capacity building projects, in the global gateway, development support, et cetera. This is probably one of the core, fundamental problems of the model.
>> EMILY TAYLOR: I think ‑‑ sorry. Just to get the others involved, but that's a really important point on the need for inclusive conversations involving the Global South.
Fiona, Rocio, can I ask you for your concluding thoughts on what action needs to be taken? Preferably by you.
>> FIONA ALEXANDER: Sure, happy to start. One of the things the session reiterates is first thing people need to do is get in the room and sit down, remote or in‑person, and have a conversation, right? The only way you can solve problems is to sit down and talk to each other. Understand the issue sets, figure out what the gaps are, as have been raised by folks in the audience. Even the point about bringing in other actors and not just focusing on the DNS players. I think, you know, just what can happen and what should happen is a sustained way of having and continuing the conversation. Whether it's at other IGFs, the dynamic coalition wants its own meetings, but I think continuing the conversation is the best way to get us to shared solutions.
>> EMILY TAYLOR: Thank you.
Rocio.
>> ROCIO de la FUENTE: I believe a task to undertake is improve the mechanisms to measure and identify levels of DNS abuse. We believe this will be very helpful in our region. We also view the importance of continuing to promote our training workshops targeted to different governmental authorities and in collaboration with other organizations of the regional community. Thank you.
>> EMILY TAYLOR: Thank you very much. So the need for improved measurement and identifying DNS abuse and continue your great work in workshops and trainings.
Jia Rong?
>> JIA RONG LOW: Thank you. Just quickly responding also to Kanesh. We try to do a lot of capacity building work, not on the regulation side, but with the operators. So I'll reach out to you after this, and if you need any help from the operators, we help them to think about DNS security. We also do capacity building for law enforcement agencies. It applies for the Asia‑Pacific region, so it applies for the Asia‑Pacific region I'm looking after, but we have colleagues from other regions who do the same thing.
And I thought insightful remark and I thought to close on this one, is the remark from Andrew. It's like, you know, new DNS standards are introducing new gaps. Actually, in our space, for the DNS, I find as industry and also for us from ICANN and IGF, we are very cautious, I feel. One example. We introduced DNSSEC, and some say it's not a great thing, solves only one small problem and so on, but there is this new other problem, TRC. It is a specific vulnerability, then people introduce DANE. It replies on DNSSEC, which builds on standards and makes sure you go in a safe, secure manner. As a group, all of us thinking about DNS, that's probably the approach we want to go for. Instead of DNS kill everything, start over. What we have is dealing with something very solid. Let's all work together to make that better, one step at a time.
>> EMILY TAYLOR: Thank you very much.
Jen?
>> JENNIFER CHUNG: I want to kind of carry on from what Jia Rong just mentioned about the capacity gap that our question from Nepal came from. DotAsia also engages in projects around Asia‑Pacific region, in partnership with ICANN and other ‑‑ and Google, and other Asia‑Pacific organizations. I think that is one of the gaps that we can also identify and really take action. Maybe as, you know, DC‑DNSI, that's one of the actions we can take.
Joining the dots and the different approaches we're already taking, both contractual ones, both proactive ones, thanks that can work. Taking the ones that actually work and scaling it, actually seeing if it would also replicate and work in other regions and other registry operators and other parts of the DNS ecosystem.
Finally, I mean, I guess this is really important but bears repeating, DNS security likes collaboration. We really need actual multistakeholder approach to it. Not just what Fiona mentioned before, the government is coming out for consultations, and we take it in. That's not perhaps an actual multistakeholder collaboration. We really need to bring in all the different elements in the DNS ecosystem and wider, as well, to address this. It's more of a complete approach.
>> EMILY TAYLOR: Thank you very much.
Keith, some closing reflections for you, and minus 30 seconds. Thank you.
>> KEITH DRAZEK: Thanks, Emily. Two quick points. I want to build on something Mark said, you know, and a concern that Esteve raised earlier. The GTLD registries and registrars, contracted parties, voluntarily started the conversation with ICANN to take on an affirmative and enforceable obligation to act to mitigate DNS abuse within our areas of, you know, role, responsibility and capabilities. It was a bilateral initiative by the registries and registrars to take on new obligations on ourselves. That was the first step, as Mark noted.
The second step, registries and registrars are exacts to PDPs, policy development processes, through the GNSO, as the mechanism for multistakeholder community‑based, bottom‑up policy development. So the expectation is that that will be the next step, which will then further address some of the issues that Esteve, you know, mentioned, as perhaps being undefined or less clear. There's more work to be done.
To answer the question what's next, there is clearly a need for ongoing conversation and dialogue, collaboration and information sharing. It's two sides of the same coin.
One, bring the actors together. There is a range of actors that ought to be part of this multistakeholder conversation. Especially from industry as a starting point, as an initiated sort of conversation. And I think we should use the IGF construct. We should use the DC‑DNSI. We should use the national and regional IGS to, in an organic, bottom‑up way, start the conversation in different regions and areas, and eventually work toward something a little more concrete in terms of identifying potential outputs.
I would say, stay tuned. There are conversations going on now with various operators at different levels of this ecosystem that have recognized this as a challenge and a need and an opportunity. Stay tuned. More to come.
>> EMILY TAYLOR: Thank you for your participation today. We ran out of time, but there's really good thoughts for talking among the ecosystem, inclusive conversations with the Global South. A sustained conversation. Maybe the dynamic coalition can play a role there.
We had plans. Forgive me, that didn't happen, but stay tuned. Thank you for your involvement. Thank you for your questions. Please, join me in thanking our amazing panel for sharing their insights.
( Applause )