Session
Organizer 1: Alexis Douglas, International Trademark Association (INTA)
Organizer 2: Revels Heidi, International Trademark Association (INTA)
Organizer 3: Charles Shaban, 🔒International Trademark Association (INTA)
Organizer 4: Lori Schulman, 🔒
Organizer 5: Diane Fiddle, International Trademark Association
Speaker 1: Daniel Zohny, Private Sector, Western European and Others Group (WEOG)
Speaker 2: Tara Harris, Private Sector, Western European and Others Group (WEOG)
Speaker 3: Dr. Sameh Abdel Rahman Ahmed, EgCert of the Egypt National Telecommunication Regulatory Authority
Alexis Douglas, Private Sector, Western European and Others Group (WEOG)
Diane Fiddle, Private Sector, Western European and Others Group (WEOG)
Revels Heidi, Private Sector, Western European and Others Group (WEOG)
Classroom
Duration (minutes): 60
Format description: This proposal involves a panel of experts who will present the definition of DNS Abuse and their experience with that abuse to inform, educate and engage the audience. A classroom setup would allow all attendees to view the panel and will allow the moderator and panelists to see attendees and engage in a question and answer session.
What is Domain Name System Abuse? What policy advancements are necessary to eradicate or diminish Domain Name System Abuse? What policy advancements are necessary to prevent Domain Name System Abuse from increasing?
What will participants gain from attending this session? Participants will engage in a dynamic, educational experience from people dealing with all aspects of the Internet and DNS Abuse, and through their attendances, participants will gain insight into the current climate of the online community, the extent and impact of DNS Abuse, and how defining DNS Abuse will help drive change in laws and policy to protect Internet users against abuse.
Description:
Domain Name System (DNS) operations and stability are essential for the Internet We Want. DNS abuse affects every individual who uses the Internet. This Workshop panel and discussion will define (i) the concept of DNS Abuse and how it impacts the Internet community, (ii) the different types of DNS Abuse, and (iii) how DNS Abuse impacts individual consumers, businesses, governments, and brands. The panelists will be from different industries and represent diverse geographic regions, including: online platforms, consumer goods, web security, government, and policymakers. Each will share their experiences with the DNS Abuse, and their perspective on how the Internet community can advance laws and policies that improve Internet safety and governance for the Internet We Want. Specifically, they will cover the pervasive types of DNS Abuse that involve children, health and safety, security and e-commerce (e.g., fraud in online banking, counterfeit goods, and phishing). Our panelists include Daniel Zohny, Global Head of Brand Protection at Abion in Switzerland, Tara Harris, Group IP Legal at Prosus in the Netherlands, and Chris Thompson, Investigator at the British Colombia, Canada Securities Commission.
Learn about Domain Name System Abuse, the importance of DNS Abuse definitions, and how to create policies that guide and drive improved digital governance.
Hybrid Format: We have selected an engaging in-person moderator, Alexis Douglas, experienced at hosting panels with experts and attendees both online and in-person. Our moderator and team will carefully curate and prepare the panel material, choosing thoughtful examples to engage attendees in all locations. We will utilize poll questions related to DNS Abuse that can be answered via a mobile device for both participants in the room and online to engage and see results in real-time. For the question and answer portion, we plan to prepare questions in advance in case audience participation is low.
Report
The International Trademark Association (INTA) presented an IGF workshop on the topic of Domain Name System (DNS) Abuse: Defined and Experienced. INTA has an interest in DNS Abuse because brand owners are experiencing continued online misuse of their trademarks that impacts not only brands but also consumers who value and trust those brands. The panel was moderated by Alexis Douglas, with panelists Tara Harris, Daniel Zohnny, and Dr. Sameh Abdel Rahman Ahmed. The moderator and two panelists were in person, while one panelist appeared virtually. Approximately 85 participants attended with nearly 90% in person and the remaining 10% present online.
The workshop’s objectives where to:
- Outline the importance of access to accurate WHOIS data to allow the internet community to act against domain name registrants involved in deceptive and abusive activities;
- Highlight the need for more consistent policies that make domain name registrants accountable; and
- Emphasize the need for cost-effective and fast-acting tools that allow brand owners, governments, and other involved parties to act quickly.
The panel outlined definitions of DNS Abuse, its history, and provided examples from the global brand community. Definitions of DNS Abuse from the EU Commission, ICANN Registry Agreement, DNS Abuse Institute, ICANN’s Business Constituents, and INTA where highlighted to categorize the differences throughout the industry and emphasize the need for a broader definition. This workshop focused on INTA’s DNS Abuse definition, which is broader and more inclusive, defining DNS Abuse as: any activity that makes, or intends to make, use of domain names, the Domain Name System protocol, or any digital identifiers that are similar in form or function to domain names to carry out deceptive, malicious, or illegal activity.
The panel presented the history of DNS Abuse, including early examples of domain extortion. Historically, brands would register a .COM domain and someone else would register the brand in a different TLD with the intention of selling the domain back to the brand owner. An example of domain extortion referenced during the panel involved the registration of a .GG domain needed by FIFA. The domain registrant sought $17m from FIFA to recover the domain. However, FIFA was able to use the UDRP process to recover the domain.
More pressing examples highlighted by the panel were the use of brand domain names to facilitate crimes instead of trying to extort companies for money. The current issues are much broader than DNS issues previously.
Newer examples of DNS Abuse include:
- Typo-squatting: Using domains with common typos of well-known brands to direct consumers to fraudulent websites. Typo-squatters use the fraudulent webpages to consumers to provide an air of legitimacy to their scams and to gain financial institution information from the consumer;
- Deep fakes: using artificial intelligence to create convincing but false content on fraudulent websites. The use of deep fakes is often what engages consumers when they reach the fake website; and
- Impersonation issues: creating fake job postings to lure people and steal their personal information. Scammers will register domain names and create websites with fake job postings to lure people and get their contact information as they apply for the nonexistent job.
Panelists discussed issues with consumers losing sums of money to these types of scams. Because a lot of people lack internet literacy, these scams become easy to execute. There’s little to no harm to the brand. The greatest impact is to the general public duped by the scammers. The issue will only get worse as the Internet expands to more unsophisticated users in new geographic locations.
The primary challenge with combatting these issues is the inability to quickly take down abusive domains. The speed of domain suspension depends on the company, host, and registrar, often relying on the UDRP process. Smaller companies may struggle to know where to start, while larger companies, despite having more resources, face greater potential harm and time pressure. Also, the host and/or registrar’s policies and takedown procedures impacts responsiveness to takedown or suspension requests. Most registrars/hosts understand abuse and have trust and safety teams that monitor many forms of abuse 24/7.
The panel received positive feedback from participants. Notably, different processes are used the Internet community to combat abuse, creating inconsistencies in reporting and eliminating DNS Abuse. It was shared that ICANN now has tools to hold registrars accountable for phishing scams and can withdraw accreditation from non-compliant registrars.
Representatives from ccTLD registries, including the United Kingdom and Vietnam, attended the session and shared feedback about their own mechanisms for DNS Abuse that have helped mitigate the issues discussed by the panel. These ccTLD frameworks for DNS Abuse should be analyzed in greater detail and potentially proposed models or required mechanisms for all registries/registrars to follow. The ccTLD registries can’t address abuse that involves gTLDs, and are looking for solutions to offer their customers when abuse issues are raised.
In the future, INTA will prepare a suggested policy and/or path forward for global approach to addressing DNS Abuse and protecting consumers.