The European Commission has released a “Study on Domain Name System (DNS) Abuse” highlighting the topic of abuse within the DNS as one that remains relevant and of key interest to lawmakers, regulators, industry professionals and end users. The study references the work of the Internet & Jurisdiction Policy Network (I&JPN) Domains & Jurisdiction Program.
The DNS lies at the core of internet infrastructure and preserving a reliable, resilient and secure DNS system is critical to maintaining a secure, stable and functional internet upon which the digital economy relies.
The Study defines DNS Abuse as “any activity that makes use of domain names or the DNS protocol to carry out harmful or illegal activity.” To be sure, this expansive definition is one that is not widely embraced by the DNS technical community, including ICANN and registry and registrars within the gTLD and ccTLD communities, who largely view DNS Abuse as limited in nature to what is referred to as technical abuse (phishing, pharming, malware, botnets and spam when it is used as a delivery mechanism for the former types of abuse). This is the definition that was developed by leading experts within I&JPN’s Domains & Jurisdiction Program Contact Group and which has been adopted by the ICANN Contracted Parties (registries and registrars) (See p.42-43 of the Study).
Yet, despite differences in how to define “DNS Abuse” the DNS industry has not turned a blind eye to other forms of online abuse that relate to content. Indeed, as the Study notes, within I&JPN, and as reflected in its Operational Approaches document, which was released in 2018, the Domains & Jurisdiction Program Contact Group has considered and addressed thresholds for action at the DNS level to address both technical abuse and content-related abuses. The work hasnoted that as to the latter, a higher threshold for action at the DNS level must be met due to the fact that alleged content-related abuses often implicate myriad conflicting laws and norms and DNS Operators (registries and registrars) are unable to selectively remove specific content that is reported as objectionable (See pp. 49-50 of Study).
The work of the Domains & Jurisdiction Program Contact Group has been hugely influential in advancing both dialogue and action on technical and content-related abuses within the DNS. As the Study notes the work of the Domains & Jurisdiction Program Contact Group laid the predicate for the Abuse Framework, a 2019 voluntary initiative spearheaded by PIR and Donuts which took aim at both technical and content-related abuses and currently has more than 40 signatories who have pledged to take action to remediate both technical abuse and certain forms of content-related abuses which are deemed so egregious as to warrant action at the DNS level even without a court order (i.e. child sexual abuse materials, illegal distribution of opioids online, human trafficking and specific and credible incitements to violence). Likewise, the DNS Abuse Institute, launched by PIR in 2021 with a stated objective to “create initiatives that will establish recommended practices, foster collaboration, and develop industry-wide solutions to combating abuses such as malware, botnets, phishing, pharming, and spam” seeks to further build upon the work of the Abuse Framework, and the work of the Domains & Jurisdiction Program Contact Group (See p. 143 of Study) .
“The I&JPN Secretariat is deeply gratified and humbled by the recognition accorded it in the EU Study and, more so, for the dedication and hard work of its volunteer participants over the years who have come together from diverse backgrounds, geographies, business models and interests to fashion policies and solutions for a free and open cross-border internet. There is still much to be done, but progress has been made and will continue to be made as long as responsible actors come together, donating their time and talents towards building a safer and more trusted internet.” said Elizabeth Behsudi - Director, Domains & Jurisdiction Program.
