Registration Abuse Policies Meeting Wednesday, 27 October 2009 ICANN Meeting Seoul, Korea >>MARIKA KONINGS: Okay. I think we should get started. Greg, are you on the call? >>GREG AARON: Yes, I am, MARIKA. >>MARIKA KONINGS: Okay. Do you want to kick things off, or -- >>GREG AARON: Okay. Excuse me. (Poor audio). >>MARIKA KONINGS: We have (Poor audio) very bad audio quality, so. >>GREG AARON: Okay. Just (inaudible) try to keep my comments to a minimum. This is Greg Aaron. I'm the chair of the working group -- >>MARIKA KONINGS: Greg, I'm sorry, but we really can't hear you. They're asking here if you're on a cell phone. >>GREG AARON: No, I'm not. >>MARIKA KONINGS: No. You're on a land line? >>MARGIE MILAM: Can they call him? >>MARIKA KONINGS: Is it possible to dial out to him. >> Yes, we can call him if it's a U.S. number. >>MARIKA KONINGS: Greg, could you maybe send Margie your phone number so we'll dial out to you? >>GREG AARON: Okay. Thank you. >> (inaudible) can you hear me okay? >>MARIKA KONINGS: Quite a bad line as well. Can you hear us okay? >> Just fine. (inaudible). >>MARIKA KONINGS: Okay. I think in the meantime, we're just going to get started with the meeting. First item on the agenda, can we project the screen? First item on the agenda is a roll call. So maybe we could start off with the members of the working group identifying themselves and (inaudible) themselves. Maybe, beau, we can start on your side. >>BEAU BRENDLER: Beau Brendler from the at large. >> Joe (saying name) from VeriSign, representing Pat Kane. >> (saying name) with MarkMonitor. >>MARGIE MILAM: Margie Milam, ICANN staff. >>ROD RASMUSSEN: Rod Rasmussen with Internet Identity. >> James Bladel, Go Daddy. >> (saying name) here as an individual. >>BECKY BURR: Becky Burr, just sitting at the table. >>LIZ GASSTER: Liz Gasster, ICANN staff. >>MARIKA KONINGS: Are there any other working group members -- are you a member of the working group? >> (inaudible). >>MARIKA KONINGS: For now restricting it to the members of the working group. We'll have a working session the first hour. And then the last 30 minutes are open for public participation and questions. So you'll have an opportunity to ask questions. And, of course, if during the meeting there are any clarifying questions, please feel free to raise your hand and ask questions. On the call, I don't know if people are already back, but we also have Berry Cobb and Greg Aaron. Did we already manage to dial out to Greg? >>MARGIE MILAM: No. I don't have his -- >> Do you have the number? >>MARIKA KONINGS: We're waiting for his number. Can we get the screen up, please. So for those of you who are new to this working group, I'm just going to provide a little update and background as to what this working group is tasked to do and activities it has undertaken to date. So I hope that's big enough for everyone. You're in the room as well, I'm just going to pull up a PowerPoint. That's easier. If you bear with me two second. >>MARGIE MILAM: Maybe we should send it to the (inaudible) -- should you send him -- right there. >>MARIKA KONINGS: So there we go. So a little bit of background. This issue was brought to the GNSO Council with a question asking, like, what kind of provisions -- just a moment. >>MARGIE MILAM: If we call him, then we hang up on Berry. We only have one line, so.... >>MARIKA KONINGS: Maybe you can give him a call and he dials back in. I don't know. Otherwise -- >>MARGIE MILAM: Yeah, maybe we'll just tell Greg to call back in. >>MARIKA KONINGS: Yeah. Apologies for the technical complications here. So, basically, a question was raised, like, what kind of provisions do registries and registrars have to deal with abuse? And if they have those provisions, how effective are they, actually, in dealing with abuse? And also questions were asked, like, what role should ICANN have in this discussion process and what role should it play in addressing domain name registration abuse? So ICANN staff produced an issues reports in September 2008 in which we found there is no uniform approach by registries and registrars to address abuse. Some have provisions; some don't. Provisions differ. There is no clear definition of what abuse is. There are provisions that allow a takedown of domain names that are involved in abuse. But some don't have any provisions. So questions were asked as well, does it mean that those registries or registrars then don't do anything just because they don't have the provisions? So in order to address some of those questions, the council decided, instead of immediately going for a policy development process, to first have a kind of pre-policy development process working group that would look at a number of these questions and take some additional research and discussion and basically be tasked to identify specific questions that might be suitable for GNSO policy development. So -- and the council agreed as well that they would not take a decision on whether or not to initiate an actual policy development process until the working group presents its conclusions and recommendations to the council. So first update was provided to the council on the 2nd of June. This was a requirement that this group had in its charter. And status update outlined activities undertaken to date, which included the organization of a workshop at Mexico. We have SSAC participation and collaboration in this group. And the group spent quite some time discussing the scope and definition of registration abuse. And since then, the group has been meeting on a biweekly basis. So what has been accomplished to date? The working group has developed a working definition of abuse and has developed a list of abuses, which they are exploring further. So these have been categorized in preregistration abuses, registrations substitutions, post registrations abuses, and domain name use abuse issues. And the intention of the group is to work through all of these identified abuses, come up with a definition, identify the issues and the proposed recommendations for the council to consider. So a number of subteams have been created to address a number of other questions that were raised in the charter of this working group relating to uniformity of contracts. So a subteam has been analyzing abuse provisions in the different registrar contracts. This group will be also looking at the question, like does it matter, should you have uniformity? Is there any benefit in having uniformity? Or what is the value of going down that path? And how effective are existing provisions in dealing with abuse? And then as well some groups are looking at more work around cybersquatting, front running, malware and botnet control, phishing, spam, malware, again, working on defining these issues, getting to a common understanding of the problem, and developing some recommendations for the council to consider. So as mentioned, there's still quite some work that needs to be done in this group. The uniformity of contracts subteam meeting now has the data available on, you know, what provisions do exist. But now they'll need to answer some questions related to, well, how does that matter? And would there be -- is there a desire to have more uniformity in contracts? And what are the potential impacts on that? For example, some questions that have been raised, would that take away the current possibility or creativity or flexibility that registrars have to deal with abuses, and especially new kinds of abuses, where now they often work on a case-by-case basis and based on good relationships in working on these issues, if you would create certain standard provisions, would that mean that everyone follows the same rules? And might it make it easier for those that are involved in abuse to go around the rules and just engage in something that cannot be addressed through those provisions? So those are a number of questions that this group will need to look at. Another task was added to the list of issues that in group needs to look at in relation to Fast Flux. This was another policy development process that was undertaken a couple of months ago. And one of the recommendations that this group made was for the registration abuse policies working group to examine whether existing policy may empower registries and registrars and including in that consideration questions raised to adequate indemnification to mitigate illicit uses of Fast Flux. So then there's still some outstanding items on the list of abuses that this group will need to work through, which include pay-per- click abuses, fake renewal notices, domain kiting. And there are some questions as well as how WHOIS should be part of these discussions, as, I think, many of the abuses we've identified, WHOIS plays some kind of role at some point down the line. But, of course, you know, WHOIS specifically, you know -- WHOIS in itself is not a specific topic of this group. So it's likely that this group will come up with a number of recommendations in different kinds of categories, which might include recommendations for a number of policy development processes. Consideration might be given to development of voluntary best practices. Or there might be as well requests for specific contract changes to be considered by the GNSO Council. But, again, all of these recommendations will need to be considered by the GNSO Council, who will then -- will need to initiate the appropriate process for each of these potential recommendations to actually take the next step. So just want to make clear that, you know, it's not this group that will make the actual proposals for changes to policies or contracts, but it will make recommendations for which issues should be taken further through different mechanisms to come to recommendations for changes. So there's -- this group has already been ongoing for quite some time. And it's not because they haven't been doing any work, but it has been because, you know, there are a lot of really complicated issues that garner a lot of discussion. There are a lot of different viewpoints in this group. So it has resulted in quite extensive discussions and negotiations on the different issues. So one of those issues is WHOIS. What role should it play? There are, I think, different perceptions in the group whether it is in the remit of this group to make recommendations that might affect WHOIS or further investigation of WHOIS, as this is, as everyone, I think, is aware, a very sensitive topic and a lot of work has already gone into that. So that's a question that will need to be addressed. Then questions related to scope, intent, legal ramifications, the difference between registration abuse, which is within ICANN's remit to address, versus domain name use abuse, which goes beyond the scope of ICANN. And, of course, where do you draw the line? Many instances, I think, we have seen there's quite a gray zone involved, and it's not very black and white to say, okay, this is only registration abuse and this is only domain name abuse. So that requires a lot of discussion as well to get through those issues. And a lot of the topics require substantive work. There's a lot of research involved, further discussion, gathering data. So it's not an easy task to give a clear dotted line as to when this work will be completed. But I think we have on the agenda a wish to maybe try to get this done by the next ICANN meeting, or at least have an initial report to present to the community and put out for public comment at that time. So going forward, we're having today our public meeting here. And just hoping everyone has come with a lot of questions and comments for the group to take into consideration in their deliberations. The working group will go forward at their usual schedule meeting every two weeks. The chair, Greg Aaron, unfortunately, couldn't be here. But he is on the phone. And I hope the quality of the line has maybe improved a bit so he can actually contribute as well. And Mike Rodenbaugh, who's the council liaison, but I don't think he's present at the moment. So are there any questions on this overview on the activities to date? I'm happy to provide -- I don't think it's on these slides -- I'm happy to provide you as well with links to some further information on the working group work space, where you can find some of the documents and some of the -- the sections where the group is working on defining the different abuses. So you can just come to me after the meeting to see that. So let's go back. Oh. Did I disconnect myself? So, Greg, are you back on the line? >>GREG AARON: Yes, Marika, I am. Can you hear me? >>MARIKA KONINGS: Yes. I think it's a bit better now. >>GREG AARON: Thank you very much for that overview. That's much appreciated. And since I am (inaudible) Marika's going to be recognizing experiences and helping to moderate the meeting today. As you mentioned, the first part of this meeting is going to be a continuation of the working group's discussions. And then the last half hour, we hope to open up the conversation to the broader community for questions and answers and so forth. Regarding the ongoing work, we have with us Berry Cobb. Berry, are you able to hear me on the line? >> Yes, Greg, I can hear you. But (inaudible). >>GREG AARON: Okay. >> I'm going to try hanging up -- >>MARIKA KONINGS: Berry, we can hear you very badly. >>MARGIE MILAM: Should we dial back out? >>GREG AARON: Berry has been leading a subgroup -- >>MARIKA KONINGS: Greg, hold on a second. Because the quality is still very bad. I'm just looking over at the tech people to see what's going on. Hold on one second. Greg, are you on a speakerphone? Oh, okay. >>GREG AARON: No. >>MARIKA KONINGS: Okay. He's not on a speakerphone. >>GREG AARON: Anyway, maybe Berry will be able to rejoin us. We have a group working on uniformity of contract, the next item on our agenda. Are there other members of that group present in the meeting? >>MARIKA KONINGS: James is here. James, I do have the -- but I think we went over it last time. But maybe for the public interest, I do have the slides that Berry put together, if you want me to pull those up. >> Thank you, Marika, that would be great. And I would be happy to jump in cold and do my best to get us through this section. I should mention that most of the heavy lifting has been done by Berry Cobb, who I understand we're having difficulties reaching. But this wouldn't be the first time that -- to throw this thing on the shoulders there. And that's okay. So Marika's pulling that up now. >>MARIKA KONINGS: You can explain what we're doing. >> Right. So while Marika's pulling up those slides, the purpose of this subgroup was to examine the registration agreements of various registrars and attempt to catalogue whether or not they contained provisions that would give the registrar the ability to address certain types of abuse. We've had to take care in a few situations, because, of course -- and I see at least a couple of lawyers within arm's length -- we don't want this to turn into a comparative legal review, where one method or one approach is better than the other. For example, if one registration agreement lists or enumerates all the different types of abuses, and another one, for example, just has a universal terms of service that just mentions abuse and leaves all the discretion to the registrar. So that's something we've tried to stay away from, making those sort of judgment declarations. Instead, what we've done, and what Berry has done, is -- we can go through the slides now that Marika has them up. But I'll just finish up this part. What we've done is comprised them all into a visually pleasing and organized spreadsheet that indicates what can be found where. So, hopefully, the folks who are remote can see what we can see here in the room, which is the beginning of the presentation on the uniformity of contracts subteam charter. This was done by Berry. And the first slide here indicates what within the -- this working group's charter prompted this effort. And it is this particular section here in the kind of off-orange box here that states that there should be some understanding of what contractual remedies registries and registrars have. I think -- did we just focus on registrars or was it registries as well? I can't read the charter from here, so -- >>MARIKA KONINGS: I think the initial research was focused on registrars. But the idea was as well to cover registries. But a lot of the work on registries was already covered on the issues report. Because it's a smaller group, so it was easier to take the provisions from those agreements directly. >> I understood. I tend to think of them as a group when I think "contracted parties," but this is specifically for registrars. So this is the section of the charter that kicked off this effort where we broke off into a subteam led by Berry to gather the registration agreements and review them as they are applied to various types of abuse. These bullet points on this slide will outline kind of the approach, collect and analyze publicly available contracts. So we're not asking for anything behind the curtains or any type of business practices. Try to -- see, there's the word "registries" again. But try to ensure that we're capturing all the relevant elements there. Attempt to quantify the current state for the purpose of providing a visual representation. So what we were trying to do with this slide -- and if I'm understanding this bullet point -- is that we were trying to develop a score that indicated how far the registrars were apart on various issues. So whereas uniformity might mean a low score, and a higher score would indicate a higher degree of dispersion in the various segments. And then we would correlate all of those. Now, this is a very, very extensive spreadsheet that has been shrunk down to almost a thumbnail here. It's color-coded. It's broken off into various sections. But I think that, you know, from this vantage point, it is easy to see that there is a high degree of dispersion on a lot of these. And what it means is that we don't see a lot of -- a lot of the dark green bars going all the way across horizontally. And that's indicating that there are differences in how registrars are approaching these issues in their registration agreements. Oh, I'm sorry. Can we go back just one more moment there? And across the top, there was a -- there was an indication that these are anonymized responses and that they are separated by region. So I think that -- not by country. So, for example, we didn't say "United States" or "Canada." We just said "North America." Is that correct? Okay. And so in this slide, Berry provided somewhat of a key to understanding the columns under each registrar header. I think that there was a great effort to ensure that -- as much market coverage as possible and that there was as much diversity from the different regions as possible. >>MARIKA KONINGS: Berry just noted on the Adobe connect that it does include -- I think it has the headings of the regions. But underneath that, it does specify countries as well. >> Oh, okay. Thank you. I'm glad he's watching over us, if only in a text capacity. Okay. This slide demonstrates or illustrates how the various RAP abuse categories that were defined earlier in this effort align to text provisions within the registration agreement of each registrar. And in some cases this was a bit of a hunting expedition on Barry's part. You know, some registration agreements may say spam. Others may say bulk unsolicited e-mail or refer to it as other types of abuse as well. So finding what exactly or mapping the provisions in the agreement to the categories was a big part of what he had done for this group. I think now we get into the actual spreadsheet, which we're -- I'm hoping we are not going to put up on the screen because that would be.... >>MARIKA KONINGS: No, maybe just for those of you that are really interested to see this, this is also on the working group Wiki as well. So people can come to me afterwards and we can share the information. >>JAMES BLADEL: I have two 17-inch monitors on my desk and it's still difficult to kind of take it all in. So here are -- What does this all mean? We have got some really great data. Clearly took a lot of effort to collect and categorize that and then put it into some sort of meaningful and digestible format. But ultimately, we want to reach some conclusions, and I think we have got a couple of options outlined here. One would be further research. You know, I am going to editorialize here a little bit as a registrar and say I would like, if we were to go forward with this information for registrars, to have an opportunity to correct anything that they feel is a discrepancy, for example. Maybe we didn't understand something or maybe it's in a different agreement. You know, something of that nature. I think that remaining the status quo, no changes, I think that's fairly apparent. Develop abuse standards or best practices with voluntary adoptions was one option. And recommending increased uniformity in contracts with respect to abuse. And this was coming up with essentially a common denominator of abuse or portfolio of abuse provisions that all registrars might, in some future contract, be required to include in their registration agreement. And that's one possibility, as well. And of course, whenever you have tackled an interesting subject with a breadth of research, if you are doing it correctly, it raises just as many questions as it answers. And that's certainly the case with this group. So, you know, some of the questions outlined here, and I can go through them individually. So what are the pros and cons of uniformity? Is uniformity desired? Is uniformity necessarily a benefit? Could it have unintended consequences, for example? We have discussed the possibility that bad actors might have the ability to compromise one registrar. Now they have compromised them all, as one possible answer. But what would be the benefit to registries and registrars, to registrants. Could such an animal even be developed that would be equally palatable across different jurisdictions and different market segments, I believe? Which may not be on this slide but was something we discussed. So the difference between, for example, a retail registrar like GoDaddy and a more wholesale registrar might not be readily interchangeable. And second of all would be what market conditions could or would occur with uniformity. So this is getting back to the unintended consequences. If uniformity is determined to be desired, then how would that be implemented and enforced? And what does that mean for compliance activities and efforts? And finally, what would the impacts be to liability and changes to indemnification? And I think the point of this particular slide is that if a registrar is following an ICANN prescribed and mandated process in dealing with a -- in dealing with an abuse condition, what protections does that registrar have against anything, especially in the case of false positives. So here are conclusions. Increased consistency across contracts creates a level playing field amongst registrars. If policies are consistent, then responsibility of enforcement moves from the registrar into -- falls to ICANN. So the lowest common denominator or minimum baseline of requirements of abuse provisions would be something that would be desirable, and we should understand the cost projections for implementations, and all of those things should factor into our final recommendations. Next slide is what's next and it just shows how we plan to bring this back to the at-large RAP working group and discuss what to do with this research and how it factors into the overall work of the group. Does that cover it? Is that the end of the slide deck? >>MARIKA KONINGS: It is. >>JAMES BLADEL: This has been a really -- It was just a few lines in the charter, but it was definitely a lot of work, and I think of all that, the bulk of that fell to Barry. I think Mikey and I were able to -- and Mike Rodenbaugh, I think you were on some of those calls as well, were able to guide some of our thinking here, but hopefully it is useful and hopefully it will help to inform some of the further deliberations in this area. >>MARIKA KONINGS: Thanks, James. Barry did mention that he had some other updates, so maybe we give a last attempt to see if we have some better quality on the phone line. Barry, do you want to give it a try? >> Barry: Yes, can you hear me now? >>MARIKA KONINGS: We can hear you, but the line is still breaking up a bit. Let's try. Barry, go ahead. >> Barry: Okay. (inaudible) quick shot. (poor audio.) >>MARIKA KONINGS: I'm sorry, Barry. We really can't hear you. I apologize for the bad sound quality. So I think the follow-up you have, we will probably is to take at the next meeting of the registration abuse working group. Are there any questions or discussions on the update from the members of the working group? Beau. >>BEAU BRENDLER: Yeah. Could you go back to the previous slide, I think it is? >>MARIKA KONINGS: This one? >>BEAU BRENDLER: Yeah, the third point there, I am having trouble actually understanding what that means. Could you translate the third and fourth bullets there into lay language? >>MARIKA KONINGS: I can give my interpretation. I'm sure -- well, maybe James, you go ahead. >>JAMES BLADEL: I can take a shot at that. And hi, Beau. So throughout this, I think -- this exercise, we discovered that the registration agreements were very much a patchwork. And they may work well for a particular registrar in a particular market and for their situation, but what we were trying to determine was whether or not having a proscribed set of provisions, developed by ICANN policy and required to be incorporated in registrar -- registrar/registrant agreements would be helpful in this area. Currently, there are a few models for that. One is, for example, the agreement to pass along -- or the requirement to pass along information regarding the UDRP. Whether you are signing a piece of paper or checking a box, it says in there that you agree that UDRP is -- you are going to abide by this policy, et cetera. So can that be extended to other areas with a set of provisions relative to abuse? And then the question, I think, goes down to the next one, which is how do you develop, implement, monitor and, of course, modify and keep those up-to-date for the changing abuse landscape? And what are the costs associated with that? What does that do for ICANN compliance head count, for example? You know, how quickly could something like that be rolled out? So I think that's roughly what those last two bullet points are saying, but I will certainly defer to Barry, in the little, teeny text box there in the middle column, if he has anything he wanted to add to that synopsis. >>MARIKA KONINGS: And I think maybe to answer that, I think another point I recall from the discussions we had, there is concern as well that if you set the bar low, does it mean everyone will stay low? How can you ensure that people won't see that as a restriction that they can't do more than what you might set as a minimum standard? So I think that was one of the other points of discussion to ensure you don't make the minimum, as well, at the same time, the highest standard. >>JAMES BLADEL: That's exactly right. You will always have registrars -- I think it's a spectrum. And we have folks that are really leading the charge in this area and that are dedicating resources, people and dollars and expertise to the problem, and that you are going to have some folks that maybe don't have or don't wish to make the same commitment. Maybe it's just not compatible with what they are trying to do with their registrar business. So the question, then, on the table, and I don't think we have really tried to answer it, we have just tried to put some boundaries around the idea that if you set out a minimum out there somewhere, you are telling folks what they need to do to get a passing grade. And. And what folks see as a competitive disadvantage to do more. >>MARIKA KONINGS: Are there any other comments, questions? Yes, please go ahead. >> Joe Walden from VeriSign. So I think on that same point, adding in the registry component of this will probably also be applicable in terms of setting the minimum standard, because there may be specific requirements within a TLD that would cause you to have additional definitions of abuse for a special-use TLD. So that may be one of the incremental things that would be above the standard baseline. >>MARIKA KONINGS: Other. Go ahead. >> By the way, I think you guys did a great job in the subgroup, and it's a lot of great information. I guess I was just wondering about some of the sections. I think it's on page 6. So is it contemplated that these are the categories that we would want to have uniformity on? And then maybe in that -- in the other categories, maybe have some discussion of what else would apply? I mean, what's your thinking around that? >>JAMES BLADEL: I think that's a good question. I think at this point the thinking is we were trying to map what we could find in the registration agreements to those types of abuse that we had previously defined in this group. I really hadn't taken it to that next step yet, but it was more of a mapping exercise. We spent the first, I think, three, four weeks of this working group identifying and defining different abuse types, and then we went back and just kind of took that list and took it back to the registration agreements. >> So when you kind of went through all the agreements, these were pretty much the ones that kind of stuck out as being, you know, the ones we needed to address from all of them? Is that how it kind of came together? >>JAMES BLADEL: Yeah, I think that's correct. We went back to our earlier work, and we were kind of building upon that. If there are other types that are missing or if you think that some of these might be duplicative or something, that's certainly up for discussion as well. But we just kind of took the list that we arrived at, and the first phase, if you will, of this group, and took that back to the contracts. >> That's a good job, by the way. >>JAMES BLADEL: It's all Barry. Barry gets all the credit, and if there's any blame to go around, I'm sure Mike will -- [ Laughter ] >>JAMES BLADEL: No, Barry did a lot of the heavy lifting on this. >>MARIKA KONINGS: And Barry is providing, as well, some comments on the Adobe chat room, so you can see it there as well. Any other comments or questions on this issue? So then the next item on the agenda is spam/phishing/malware, discussion of a concise statement of the problem/issue as a way to help crystallize the issues, what are the policy issues here and what might fall into other areas. So I think this is an area that Greg has been working on. Greg, shall we give another go to see if your line is maybe better? >>GREG AARON: I will try again. Spam and phishing and malware. (poor audio). >>MARIKA KONINGS: I'm really sorry, Greg, but it starts out well and then goes really bad. >>JAMES BLADEL: Can I make just a thought here? >>MARIKA KONINGS: Yeah. >>JAMES BLADEL: I don't know if you have tried Skype, but I have been calling my wife from the hotel just about every night and it is fantastic. The bandwidth in this country is amazing. >>MARIKA KONINGS: I don't know if it's a problem of the line or if it's the conference bridge that's causing the problem. I don't know. Would it make any difference if he dials in with Skype? >>JAMES BLADEL: Just anything that's I.P. based seems to fly. >>MARIKA KONINGS: Could it potentially help if he would dial in using Skype? >>GREG AARON: (inaudible) Skype with me right now. I'm probably dialed in from two different lines, so I think it's the conference bridge. >>MARIKA KONINGS: I think someone is hearing you, because we see -- we see what you are saying on the screen but we are actually not hearing you. But so, I don't know, Rod, were you involved in this activity as well? Would you be able to give an update? >>ROD RASMUSSEN: As far as I know, we don't have much of an update since the last meeting. There were a couple of conferences in between the last meeting and this meeting, so I don't believe either Greg or I had a chance to do anything. Unless Greg has a comment he wants to put on the chat board. I don't see one yet. But I know that he had been doing some updates. He doesn't have a Skype headset. We can see that. In general, this issue is surrounding the usage of domain names to support spam campaigns, phishing campaigns, malware, dropping, et cetera. And there's been a discussion back and forth as to whether this is a use abuse, or can be categorized as a registration abuse. And I see some comments from Greg here. Bad things people are doing with domains. Yeah, exactly. [ Laughter ] >>MARIKA KONINGS: I think the point he is making, I think these issues are issues of domain name use, bad things people are doing with domains. So I think he is making the point that this shouldn't be considered registration abuse. >>ROD RASMUSSEN: Right. And I think that's one side of the argument, and I am here, so I have the microphone for the other side of the argument, or at least a partial one, in that a lot of this abuse, or the people who are setting these campaigns up, can be identified at the time of registration with, in many cases, maybe 100% certainty and in other cases very high certainty. We have been going back and forth a little bit about that, how you do that. The question, I think, in the area that we want to concentrate in on here is how can we utilize information about abusive actors during the registration process to keep them off the system in the first place? I don't think that the found abuse later on in the process, I guess, would qualify under this particular working group, necessarily, other than as a feedback loop into blocking potential abusers from coming into the system again in the future. Kind of a feedback cycle of keeping track of the data around who the bad actors are and how they are configuring their domain names. So that's kind of the other side of the argument, I guess. I don't even know if it's a side. Much more of a different way of looking at things. >>MARIKA KONINGS: Greg is making a point on Adobe Connect that he thinks these are some fairly rare cases in which intent can be established at the time of registrations, but they are rare. James, Roland. >>JAMES BLADEL: I just wanted to say it's not really a debate so much as a difference in philosophy, and understanding that, you know, I think that the difference in philosophy about the police versus the fire type of analogy where, you know, do we want -- is it feasible or even possible for registries and registrars to be policing their zone versus having a very effective and rapid response to any type of problem that's reported? And I think that it is very, very sensitive, this concept of intent. And we shouldn't just get that swept along for the ride. We have to be able to identify how someone intends to use a domain -- I'm sorry. What this proposes is that we are able to, with near 100 percent accuracy, identify how someone intends to use a domain at the time of registration, or slightly before, I guess, in the purchase path or the registration process, so that we can terminate that. Now, just for statistic, and I think it's something that's public knowledge, is that we register a new domain name about -- well, I don't know, maybe a couple thousand since I started this sentence. So I mean, it has to be an automated process. It's just there -- it's something that we have to consider operationally and from a practical perspective. I think that anyone that's worked with most of the registrars, especially those that participate in these types of efforts at ICANN, knows that they are very responsive and very committed to this issue. But putting in any side of a prescreening of any type of a registration, it has some challenges associated with it. So it's not a debate, necessarily. More of just a differing perspective or differing philosophical approach. >>MARIKA KONINGS: Roland. >>Roland Perry: This is Roland Perry. I must give my apologies. I have another meeting that I must dash off to as soon as I have made this intervention. This is going to sound a little bit like some of the discussions to do with intellectual property and trademarks, but as I understand it, there is now a rule in the Swedish ccTLD that you cannot register a domain name with the letters B-A-N-K in it unless you get some approval in advance. It's actually very similar to a system in the United Kingdom where if you wish to register a company name, there's a list which has got on it for sure things like bank, royal, and a few other kind of important-sounding words. And you therefore have to -- if you want a company registered with that in its name, you have to provide some kind of proof. And I think international is another one. So if you want to register Roland's international trading company, limited, I would have to prove to the company registrar that I had some kind of internationalness about my business; otherwise, it would be regarded as possibly deceiving the consumer into believing I am a bigger, more important organization than I really am. So there is a possibility here that you could draw up a similar kind of a list that would be automatically applied to domain names, and it wouldn't ban you from registering those domain names, it would just bump you into an adjudication process where someone would have to sit down and say, yes, you really are a bank, look, you are registered with your country's financial services regulator. That's okay, then. >>MARIKA KONINGS: Beau. >>BEAU BRENDLER: My comment is along the lines of Roland. It's difficult for me to understand, given the nature of what I have seen with some types of repeated abuse, that there's not a way to -- and again, I apologize, I have been largely an observer in a lot of the proceedings and haven't spent time listening to the discussion or this part of the debate. But if somebody is trying to register Citybank with a "Y" and city hyphen bank with a Y and Citibank with an "I" and they are coming in from Nigeria or something -- it just seems to me there are some indicators, and Roland has put it more intelligently than I am, I have difficulty believing that these circumstances are rare. And in terms of response time, also from what I know about how cyber criminals behave, response time is too late. The movement on some of these registrations and their use is very rapid. So I would have to put myself on the side of the philosophical argument that it is possible to make some determination of intent of abuse. >>JAMES BLADEL: Marika, if I could just -- >>MARIKA KONINGS: Yeah, go ahead. >>JAMES BLADEL: And I see -- and fully embrace a lot of the things that you are raising, Beau. But I would just like to point out that we're not building a spam filter. One false positive and we are in big, big trouble. It's not the question of, oh, I think a message was picked up by a spam filter and inadvertently I got a false positive. If we block a legitimate registration, it could be an inconvenience, it could lose a customer, it could end up in court. So anything on that perspective. Mike is shaking his head so I am going to start edging the microphone over this way. [ Laughter ] >>JAMES BLADEL: But I am just saying we are very cautious about this. But I'm just saying that we're very cautious about this. Okay? Maybe you disagree with my list of the potential outcomes, but it is slightly different than a dropped e-mail. It has a larger impact, potentially. And I think it's something that we should just take care of and be mindful of. >>MARIKA KONINGS: Mike, go ahead. While you've unplugged it -- >> Mike, do you want to sit over here? >>MARIKA KONINGS: So maybe in the meantime, Rod, you can give some thought to what could be potential policy development or solutions that might address the issues raised, but also James's concerns. But -- >>ROD RASMUSSEN: Okay. Yeah. So I think that maybe a better analogy for thinking about some of this is what we do with credit card verification already, in that there's a process where you have known bad actors, known bad credit cards, so -- and I think that, really, we're not trying within this group to solve the problem. The question is, do we carve out an area for further study? And I think in that regard, this area is one that can be studied some more. And so there's -- Greg brought up an important point, is this rare or not? In my purview, I don't think it is. But then again, I'm not registering 2,000 domain names a second, either. So what is rare? Yeah, per sentence, sorry. And then, you know, there's the issue of where do you get that data? I know a lot of people do things already for looking at I.P. addresses that are being used to sign up, you know, whether it's a domain registration or an AdWords type thing, or all kinds of online services, there are various aspects of communications and registration configurations for all kinds of services where people and companies are taking proactive measures to block bad actors. Then the question is, okay, are we doing that, and that would be an area of study, I would say, for the registrar community as it stands today, and to see what kind of practices are going on in that regard. And then also, what are the provisions around perhaps sharing data between registrars and maybe even registries about bad actors and how they operate so that, as a community, we can keep the bad actors from abusing the registration process. >>MARIKA KONINGS: James. >>JAMES BLADEL: Yeah, and that's awesome. That's, in fact, what I think in practice is that registrars will try to thread that needle. You know, maybe they're not blocking registrations, but they get enough indicators, they will flag it, and it will be subject to a further intensive examination by human eyeballs before that's allowed to be put through the process. But, yeah, absolutely right. And I didn't mean to present it necessarily as an either/or proposition. I think we are trying to borrow a little bit from column A and column B. Thanks. >>ROD RASMUSSEN: And I just wanted to put a couple other thoughts on this. The dot -- the bank thing in Sweden actually got revoked. So that actually -- because of issues and problems. So that's actually something we can learn from, I think. And there are other -- you know, looking at strings being used in registrations, the last -- latest report that Greg Aaron and I coauthored from the APWG looking at malicious domain registrations, only about 3% of the domain names used for phishing actually contained a brand or a brand equivalent typo type of thing in them. So that is a rare occasion. That's 3%. I guess it depends on what your definition of "rare" is. But it's a very low percentage are actually using brands, whereas if -- of the domains that are maliciously registered, the vast majority of them are using nonsense characters and things like that and then using the DNS system to add a brand name either in the host name part or the URL path to fool people. >>MARIKA KONINGS: Sorry. Are you a member of the working group? >> Yeah. I'm observing here as part of ALAC. >>MARIKA KONINGS: Okay. But -- >> I am name (saying name). >>MARIKA KONINGS: We're opening up the meeting shortly for -- >> Just one -- one question I wanted to ask was, is proxy registration as a certain perspective to this phishing and malware and other things? Can anyone respond to that? That -- the whole proxy registration, does it have a clear link to phishing or malware, other practices? >>MARIKA KONINGS: I don't think that's an issue this group is considering. I'm sure Rod is happy to respond offline after this meeting and discuss it. But it's not a specific issue this group is discussing or researching at this point in time, as far as I'm aware. >>ROD RASMUSSEN: And I believe that compliance is researching that right now to get a much more qualified answer to your question. And that's a question we have in the abuse community as well. There's evidence that it is. But it's not necessarily a strong correlation. It depends on where you're looking. >>MARIKA KONINGS: Are there any other comments or questions on this update from the working group before we move into the public part of our meeting? Mike, go ahead. >>MIKE RODENBAUGH: Just curious, what are the next steps on this piece of the working group? The phishing/malware piece, where are we with that and what's going on next? >>MARIKA KONINGS: Well, what we have now is on the Wiki. And I think we still need to complete the different items here. I think that the questions that Greg raised in the agenda are, you know, we need to discuss in the group some -- some of the questions, like what are the policy issues here, what areas might be covered by other potential solutions, best practices. I think it's going back a bit to the discussion we had now, and fleshing it out, what parts might be suitable for recommendations in relation to policy developed, and then which parts fall outside of that registration abuse part and are more related to the domain name use/abuse. So I think we have a subteam, as you can see here. I think it's Greg -- oh, Martin is here as well. You're part of this group, too. And Mike O'Connor that are working out these issues. So I don't know if, Martin, is there any -- well, what are your next steps in this group, are you aware? >>MARTIN SUTTON: I'm as clear as what was suggested earlier. I think we have got quite a few things to go through here. The one thing I'll just add on to your summary there was consideration of research. So it's a bit more clear in some of the things we're looking at. >>ROD RASMUSSEN: And Greg had it up on the chat a minute ago, but James had to talk, so it's gone away. The -- There we go. It's been scrolled back. That we need come up with the concise problem statement and then some recommendations to move out from the subgroup to the main group. And that we will be working on here in the next few weeks. >>MARIKA KONINGS: Okay. So I think now we're going to move on to the public part of our session. So I would like to open up the discussion for those of you that are here and are not members of the working group to raise your questions or put forward your point of view so the group can take this interest conversation. So please go ahead. >> My name is (saying name) from the at large, ccNSO liaison, from ALAC. I'm just wondering, I have seen so many information in this work group. But having all this information, why could the work group not start to take one issue and go on in a practical sense to try to tackle that issue with real, practical proposals instead of waiting till you can solve all of it? Because the consumer cannot wait till the problem is solved. The consumer is at the basis of having a good service. And if the consumer just discovers that he is attacked by spam mails, by phishing mails, and so on, he will leave the Internet space, because he is no longer served by what he receives. And if policy just waits till everything can be solved, well, I think that within ten years from now, we will maybe have a solution. >>MARIKA KONINGS: Just to comment on that, I do believe -- and anyone can connect me here if I'm wrong -- once we get to the stage where we have more substantive information and agreement around, you know, some of these different types of abuses, I think if there's a clear indication that on some, there's real consensus on what the recommendations should be to the GNSO Council, or what next steps to take, but if there are others that really require more work and discussion, I think it's not unlikely for this group to put already forward those where there's clear agreement and consensus and leave those items that there's no consensus or really require further work and discussion to a later stage. James. >>JAMES BLADEL: I agree with that, Marika. And also, I would want to say that I think your frustration is shared by -- a lot in the community. But we also see a lot of these issues as being very interrelated and interdependent. So it's very difficult to extract out one issue and say, "Let's get going on this while this other stuff sorts itself out," because, unfortunately, what you'll do is find yourself circling back to other things. They're very closely related. >>MIKE RODENBAUGH: This is to follow on and maybe get an estimate of how long this is going to take to get to a point where we might be suggesting to council -- and I must apologize, as the council liaison, I have kind of fallen off the map in this group the last month or so, other than in the subteam with Berry and James. So, I don't know, Greg, I know you can hear me, but you can't speak. As -- but you can chat, and we can read your chat. So don't say anything too mean. It is public. But do you have an estimate as you sit there, Greg, as the chair, knowing all the pieces that are going on with the group right now, as to when you think this work will be done? See end of agenda. We will discuss. All right. Thanks, Greg. >>MARIKA KONINGS: So we can take it as part of the discussion now, because the next point, in addition to the questions and discussion, is, you know, the proposal to discuss the delivery of initial report by the next ICANN meeting in Nairobi in March of next year. So -- >>MIKE RODENBAUGH: That's -- >>MARIKA KONINGS: Well, I see you sighing, Mike. But, of course, the only way to get this work done is to have more participation and more work being done between calls. 'Cause that is one of the challenges this group has faced, that there are a lot of people showing up for the calls, but apart from, I guess, Berry, James, you know, some of the subteams are doing a lot of groundwork. But, you know, some of the work is lagging 'cause -- you know, I understand people are stretched. There's, you know -- not everyone has time. But if we really want to get this done in a timely manner, we all need to put our minds to that. And I'm more than happy to try to gather some of the information that we've put together and try to already start building a draft report if that makes it easier for people to start feeding in information there. I'm happy to facilitate that process. So.... >>MIKE RODENBAUGH: I don't know. Maybe we are at a point where we can go back to council and start a policy development process, you know. We've determined that all -- that the contracts are not uniform. I think we're pretty close as a group to coming to consensus that they ought to be. At least it's some minimum standard. Certainly we came to that consensus in our subgroup, in any event. I haven't heard any real opposition to that notion from anybody else when we discussed today or otherwise. So maybe that's enough. Maybe we go to council now and we commission another group that decides what those minimum standards ought to be. >>MARIKA KONINGS: Just before we go there, I just want to point out that Greg is making a comment, because the work plan of this group is to go -- to have an initial report and put it out and allow for public comment so people can provide inputs. So I think that's the point Greg is making. But James. >>JAMES BLADEL: Yeah, I just -- as a chair of a working group that was also suffering from, you know, calendar slip, I just -- I think Greg would possibly -- were he here or audible, he would say, let's use this and let's channel that frustration, sir, with, you know, as a call for recruitment and further participation. And, Mike, I -- I'm, too, ready to get going on some of these things here. But I would also point out that the people likely to participate in the PDP are also the ones that are bogged down in this particular -- so parallelizing that may be a little more difficult, unless we can get a whole new set of volunteers to step up and get involved. >>MARIKA KONINGS: Yeah, please go ahead. >> Well, thank you for the information. And, indeed, we will try to participate as much as we can from the at-large group. It is a concern. And I organized in Mexico in the ecrime panel a thematic session on registry and registrar and abuse of domains, as we are concerned that there should be a solution. And we will try to get more people involved from the consumer base, because they are needed also. However, I am afraid that knowing that bad guys are trying to follow also the debates and the discussions, that they will easily find a way when you have standards and policy ready to implement, probably they are going to be ready to go around your policy. And that's why further delay is a danger for the final policy you are going to put on. >>MARIKA KONINGS: Any other comments or questions? No one? Go ahead. >> So on -- is the initial report going to be, like, a -- separated into different subgroups with their find innings each of the subgroups and recommendations from subgroups that is then compiled into the whole initial report which is then submitted to the GNSO? Is that how -- >>MARIKA KONINGS: I think the idea or the idea behind the subgroups was that they would come up with their conclusions or recommendations, but that they would first be discussed and endorsed or -- >> The entire group? >>MARIKA KONINGS: Yes, by the entire group before that goes into an initial report. At least that was my understanding of the creation of the subgroups. >>JAMES BLADEL: I just wanted to point out that Greg is making some comments there in the text box. Sorry. >>MARIKA KONINGS: He's saying, "I'm right." So -- >>JAMES BLADEL: Okay. He's taking a lot of text to say that. So maybe we could -- >>MIKE RODENBAUGH: He's also suggesting that perhaps we ought to have more frequent meetings, which perhaps is a good idea at this point to accelerate things a little bit. But I'll leave that up to everybody else to let us know their thoughts on that as well. But I do think, Marika, I think we should take you up on your offer to get what you can on paper so we know what the holes are and we can start chewing on the pieces that are done, essentially. >>MARIKA KONINGS: I'm happy to get that started. >> Are we -- Are you planning to have also some involvements of resellers? I think resellers of -- just a thought. 'Cause I know the discussion a few minutes ago was about, you know, registrations and figuring out a few things. And I can see both sides of the argument. However, I also think resellers have a lot of the problems, specifically, Web hosting companies. >>MIKE RODENBAUGH: So, generally, the way that is handled around ICANN is that resellers are essentially bound to the same contract that the registrars are bound, the RAA. So I think certainly one of the outcomes of this group could be a recommendation that resellers be specifically bound to whatever we come up with as far as minimum standards and that that should go into the next iteration of the RAA. Unfortunately, when you're talking -- And, fortunately, we are talking about amending the RAA now. There is another team effort going on discussing potential amendments to the RAA so that the work dovetails nicely, assuming that that group agrees that amendments are necessary. Then these will go. Otherwise, the fact is, the RAA is very difficult to amend. And it takes time. You have to do it on kind of a rolling basis as the existing one expire. So the other option it to make it consensus policy, which is automatically applicable via the RAA. And that will require a PDP. We're a little bit of a ways off. But no doubt that the resellers are on, I think, everybody's mind in this group. >> Yes. To add a comment to this discussion is that I think that the resellers' agreements are not identical if you look at gTLDs and ccTLDs. What I see is that in the ccTLDs world, the resellers are almost free to do whatever they want. So maybe there is something to do in regards policy on how to handle that issue. >>MARIKA KONINGS: Unfortunately, we can only deal with gTLDs in the GNSO. So you'll have to take that up in the ccNSO, I'm afraid. >> But -- >>MIKE RODENBAUGH: But rest assured, that would also be the plan. Once we come up with something, it will go out to the ccNSO as at least a recommendation. And many of them will adopt it. >>MARIKA KONINGS: So talking about the RAA, maybe, to make a little plug for the meeting that's taking place later this afternoon, for those of you that are interested -- and Margie can give you the details. >>MARGIE MILAM: Yes, we have a drafting team meeting today at 5:30 to 7:00 in sapphire 4, which is this room. So any of you interested in these topics as they relate to the RAA amendments process, please come, and we welcome your involvement. >>MIKE RODENBAUGH: Is that part A or B? >>MARGIE MILAM: It's actually both. We have A and B meeting together. >>MIKE RODENBAUGH: Oh, okay. >>MARIKA KONINGS: Are there any other items people would like to raise or discuss? Then we might as well finish early. I think the next meeting of the -- the working group will be in two weeks' time, on Monday, usual -- normal time. So thank you, all, for coming and participating. And we look forward to seeing you again.