IGF 2022 Day 4 DC-DT Fact-checking the DNS: towards evidence-based policy-making

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.



>> PABLO HINOJOSA: Hello, everyone.

Whoever is in charge of the music, it's very nice, but ...

Just one second.

>> MODERATOR: How are you all doing today, Jean Pedro speaking.

We are just waiting a couple more sends.  We give a chance for more people to join and see if everyone from the remotes are ready to take the stage.  We are happy to have you here.

>> PABLO HINOJOSA: Thank you so much.  We still don't have video from the room, and we are waiting for co‑moderator, Madeleine, who I hope will be joining soon.  Let's give it a minute.

Great to see all of you in Addis Ababa.

About how many are in the room.

>> MODERATOR: All good.  Can I also ask support to make Madeleine co‑host, please.

>> PABLO HINOJOSA: Definitely.

Has she joined yet.  I don't think I have seen her?  I have Heron my Zoom.

>> MADELINE CARR: Good morning, everyone.

>> PABLO HINOJOSA: Good morning, Madeleine.

>> MODERATOR: Who is speaking can always turn on the camera, and if necessary, taking the floor so the technical support can also pin you and we can see you, perfect.

We have a big remote participation list.  So right now we are seeing you quite fine, but let's see if we don't make it too much images, yeah.  So I think we can start.

>> MADELINE CARR: Thanks very much, Pedro.  Good morning, everyone, my name is Madeline Carr, I'm professor of global politics and cyber security at university college London, and together with my colleague, Pablo Hinjosa, Director of Strategic engagement at APNIC, we are delighted to be moderating this session this morning.

Wanted to start off by thanking Emily Taylor, care line Caeiro and Regina Fuchsova who invited us to moderate.  Of course, this session is part of the Dynamic Coalition on data and trust.  Wish we could be there in person, but welcome to everyone online and onsite.

Ever increasing dependence on internet infrastructure is driving these discussions about DNS data, and we wanted today to begin a conversation on questions around DNS data as they relate to evidence‑based policy‑making.  Geopolitics and the perception that information infrastructure is not only critical to the functioning of society, but it's also vulnerable to the dynamics of global conflict and competition, is prompting thinking about the ‑‑ how the DNS may need to adapt to jurisdictional boundaries and what the possible detriments of that may be.  The DNS for EU initiative could be considered one example of that kind of thinking.  And, of course, encrypting DNS data has been a response to privacy concerns, but it's also thrown up challenges for law enforcement, something that we've discussed in previous forums and sessions.

But really, who owns the DNS data?  And how exactly it's governed is a question that we feel is really important to examine with quite a critical lens, because in some ways, this ecosystem has grown up quite organically with adjustments and amendments along the way, but this is really, in a sense, a global good that we need to think quite critically about how it is managed and who has access to it and for what purposes.

Either way, the DNS is receiving increased attention from policy makers and standard‑setting bodies, but what data is missing to develop really evidence‑based policies around the DNS that address these myriad and sometimes competing or conflicting demands?

The goal of this year's IGF conversation by the Dynamic Coalition on data and trust really centers around the development of DNS policies and standards highlighting good practices within industry that use evidence to inform policy choices and different approaches to database decision‑making, as well as any gaps in data governance that may limit that kind of informed policy‑making or, indeed, community scrutiny and study or research.

So we have a really excellent lineup of speakers here today who we feel can cover the breadth of the issues that will feed into this, and we have time obviously set aside for online and onsite participants to feed into this discussion, and we hope to make it as interactive as we possibly can with the time allowed.

To kick us off, I'd like to ‑‑ I'd like to introduce Geoff Huston, who will give us a broad overview of the issues, Geoff ‑‑ I'm sure most people in the room and on the call would know Geoff has been involved in these issues from the beginning and has kind of breadth of understanding and depth of understanding about the evolution of the DNS that, I think, will be really helpful to just set this talk up from the beginning.  Geoff, could I ask you to step in, please.

>> GEOFF HUSTON: Thank you very much for that, and it's a pleasure to be with you this morning, this afternoon or wherever you may be, I have three minutes, I might go over by a few seconds, I'll try to keep it at that.

Let me dive straight in, the DNS lies in a relatively obscure part of the internet.  It might be obscure, but it's incredibly simple.  It takes names and translates them into network addresses, IP addresses to be precise.  All this seems quite in okay with us, like a phone book, but there are a few aspects about this function that has been used and abused by many over the years.

This abuse lies at the heart of today's issues with the DNS.  This particular protocol is quite old, it was devised in the 1980s, and it follows the pattern used by many other protocols at the time.  It was completely open, not encrypted, didn't bother to authenticate who it was talking to.  At the time, you see, we weren't constructing the future global communications infrastructure, not at all, this was just a small‑scale experiment in packet networking done by a few researchers, predominantly in the U.S. at the time, and a couple of other countries.

So the DNS didn't need to be armor plated, it was trusting.  Now, we took all of that protocol and converted it into a global network, oops.  In retro picture expect, the DNS in particular was ‑‑ in retrospect, it was overly trusted, the best word is credulous.  Any determined adversary could in road to on the DNS and observe what was happening and tamper with the answers.

But at the time, you see, in the 1980s, why was this concern, it was a research project, why would they ever want to do that?  So when the DNS kind of grew up into this world of the global internet, it was actually a vulnerability.  If I could tamper with DNS answers, I could misdirect you or claim that the sites and services you wanted to get to don't exist.

Many national regimes have and do use their regulatory powers to compel ISPs to actively sense the DNS in this country, pretty much every country these days, very widespread.  Perhaps more disturbing, particularly to the technical community was the revelations of 2013 which showed the DNS was being used by some U.S. agencies to perform massive violence at an unprecedented scale.  Literally everything.  So if I was able to observe your DNS query stream, you have no secrets.  I know everything you're doing online and with who in realtime.  I don't need to know anything else about you if I know your DNS, there's no secrets left.

Now, the technologist's response to these revelations, you could argue was extreme, perhaps even hysterical, but it happened.  And they erected a new set of protections around the DNS, DNS messages are encrypted, sources of information are authenticated, DNS content is now verifiable.  Tampered DNS responses can be recognized as such and discarded.  It's hard to accept the lie.  These days we are looking at perhaps the most complete measures with obfuscation.  No single party can correlate who is asking and what name they're asking about.

It's not that that's information is well hidden, it doesn't exist anymore.  So let me talk about the policies around DNS data in such an obfuscated world.  If we go down that path, there is no DNS data to talk about, it just doesn't exist.

So the upshot is, the DNS is going dark, extremely dark.  It's actually unclear what this means in the long run, bad actions and bad actors going undetected, do we lose our visibility.  What's a secure network and how to secure it when the traffic is opaque.  If we can't see inside the DNS anymore, how can we tell if it's been captured by one of these digital.  How can we access the digital health when providers for consumers when the entire thing is deliberately obscured.  In closing, I would point out, there is much to think about here and with weather the reaction to the 2013 publicized abuse was in scale or not, is kind of irrelevant.  That reaction is causing its own set of issues now, which are commensurate with the original problem that started us down this path.  It's a new set of challenges we now have to grapple with.  Thank you.

>> MADELINE CARR: Thanks very much, Geoff, that was a terrific scene‑setter.

I want to turn now to Mallory from the center of Democracy and technology.  Mallory has a long background in consideration of issues, of technology from a user's perspective or public interest perspective, and she has a long legacy of work on issues of privacy and technology.  Mallory, could I ask you to step in, please.

>>  MALLORY:  Thanks for inviting me, yeah, I wanted to just talk about what this group talking about DNS and private DNS should be considering.  So from a technical perspective and Geoff did a lot of the work here, I wanted to point out that the DNS, like, you know, global routing directories, these are all global rendezvous services that applications need to function.  That's all they are, they are databases that have to be distributed globally, and so we need to query them, applications need to query them from time to time.  There's no reason why that should be global data.  No reason why anybody should know when my applications ask this global database for details on where to find a website or other service that other people should know about that.

It's pretty easy now, we found, to just obfuscate that and authenticate it too.

I think the perception that this is going dark, or that now we can't get an action to all of this, data that was once sitting around for free is a bit of a strange framing.  I think it's just that it wasn't really locked down before and didn't think about how it could be private and authenticated.  Now we have done.  And that's a good thing overall.

So ‑‑ I guess the other point I would like to make, though, because we have had to transition the new technology has been introduced other DNS over HTTPS or TLS or click, basically however an application has decided to query the global database, however that's done, doesn't really matter, that's been a transition, in that transition, other things have broken or needed to adapt.

There have been some tensions there, and I think from a public interest or human rights perspective, it's been helpful to confront those issues and those tensions rather than pretend they don't exist.  At some point, me and a colleague, who is at the Brave browser, we developed a paper ‑‑ we never really published it, but took it to a few different workshops, I guess, just to talk about it, identified a few places it was coming into tension, we can highlight the areas and we can have a conversation throughout the panel.  I'll be quick, the first around competition, because ‑‑ centralization, actually, is probably the term from a technical perspective, meaning a lot of the people ‑‑ the services that were being provided that actually helped to protect and make private DNS lookups were not ‑‑ it was not an ISP innovation quarterback, it was not the usual actors that came up with this and implemented it first.  So it did seem at the beginning that there was a lot of centralization of this provision.

With content delivery networks and that sort of thing.  That changed, that was a pretty easy fix.  Now a lot of ISPs offer it and back to being decentralized service.  I'm not going to minimize it, there are some concerns with that.

Another one, though, was also intention with abuse mitigation, so it was DNS data was a convenient way to interfere with sort of abusive behavior online, either malware, Spam, a variety of don't things, there are issues to be worked out.

I think actually providing the private lookup by services has helped, because they would have access, then, to the lookup data.

Another one, and I might actually be forgetting a couple, sorry, another one was accessibility concerns, there were some tools that folks needed to access the internet in accessible way, either screen readers or other things based on domains, so if those were even in your browser as an add‑on or something, those sorts of things were disrupted and needed to reconfigure how they could be invoked automatically for those users.  There's a sort of ongoing tension with privacy and security features that interrupt those features, it's an area of work that we also are looking into.

I'll say the last one, it probably exacerbated some of the worst censorship cases around, another way DNS data was being abused previously, it was used to block and filter and obviously there's some ‑‑ people are going to try to circumvent that.  So I think what happened was when there were censorship regimes used to using DNS as an easy way to block and filter, they then had to ratchet up their censorship, in regimes very motivated, they are now just wholesale blocking certain kinds of traffic because they can no longer interfere with the DNS.  So that was an un‑foreseen consequence.  Something that could be thought through a little bit more to avoid that, because it's now I think in some places it's worse ‑‑ blocking is worse than it was when it was DNS blocking.  Those were the high level ones, happy to dive in, I appreciate the extra time I took, sorry.

>> MADELINE CARR: Thanks very much, Mallory, that really helpful, I appreciate you setting out those tensions and conflicts, that's a big part of this conversation.

We'll turn now Jordi Iparraguirre will talk about things that link to this conversation.

>> JORDI IPARRAGUIRRE: Thank you very much, happy to be here too, thanks for an invitation, we'll talk about another level, another domain ‑‑ sorry DNS itself but the domain names and I would like to share very briefly some things that the dot EU registry, some practices related to the evidence‑based policy, something that we do because of your framework allows to us do that in terms of legal framework and capabilities and whatever, but something that may not apply to any other TLD around the world.  Here one size does not fit all at all.

So we first is the extended factors, the legal framework in which EURid has to work, the contract with the European Commission, our local law in Belgium or the European law or the GDPR or whatever.  The other one is our own concern about customer care, we would like to prevent as much as possible harm to users of the dot EU space.  The brand protection of the dot you space.  If ‑‑ dot EU.  That is harming our brand, so we want to take care of that and prevent it as much as possible.

Then the internal factors, inside the domain space and all that.  So usually ‑‑ we do care about and look to different things that have taken place in the dot EU space.  From time to time we see strange activity, domain names and websites that may look abusive, that would be the definition of abuse would be something we would not recommend to family and friends, okay, we are not going to get into the content as for free speech, we'll get if need be, content in terms of possible harm to third parties, harm to your health, harm to consumer rights, harm to your savings and all that.

These are maybe the two sides that we have to take into account.  And then how do we develop that?  Well, different ways there.  The first one, for instance, key word detection on domain names itself.  They sent us a list of strings we have to look for in order to find out what was happening with those do names that contained those strings, basically to prevent consumer harm and health issues for, I don't know, web shops selling fake masks or vaccines or whatever.  That would be one way to go.  Key word detection.

Another one we have run since three years already is abuse prevention and early warning system that is analysis of the domain names and the registration time and also after registration to identify which is of those can be harmful based on our expect ‑‑ sorry, harmful.

Then we start the know your customer procedures, that is do we need to ‑‑ we ask the registrant to verify, to provide some proof that person is the one they say it is.  Okay, we need to know who is behind the domain name.  Not because we are curious, but because of agreement between the registrar and registrant is based on that.  You are an owner or you're renting a space of the internet and we need to know who is behind that.  For that, we have different developments there, maybe the latest ones are checks with SMS, or making a payment to a bank account or asking you to use the electronic ID card to know who is behind the domain name.

The checks who is the person that's ‑‑ the company behind the domain, we may share certain domain names that we deem suspicious of harmful activity to third parties like, for instance, cyber security professionals and law enforcement.  We don't have the authority to suspend domain names, but we do share domain names that could be seen as abusive, based on the definition before.  Something you would not recommend to are friends and family.  So we share that with the professionals of cybercrime, they will decide what to do with that.  At the DNS level, bring that to court, sending that to the police and asking to us suspend the domain.

Those are the four branches in which we develop those policies, based on the code and the data on the DNS and registry.  Thank you very much. car.

>> PABLO HINOJOSA: I will take the moderating role for a bit here to introduce Biyi Oladipo.  Welcome, from Nigeria, TLD operations and we welcome your perspective here.

>>  BI OLADIPO:  Thank you very much.  I'll look at this from key points and first, it's a perspective, not just from Nigeria, but across the African continent, which is, first of all, how TLD is managed Africa.  There are various models that I used and a number of them run around in collaboration with governments.  So we have a model where you have multistakeholder running the TLDs, and they have MOU's and contracts with the governments to run those names on behalf of the internet community.

However, there are developing scenarios where governments actually take over those names and take over the running of the TLDs such that those we are running it for now begin ‑‑ are no longer the governments that run the TLDs directly.  This has implication around the governance of the CCLD's and the conversations around how free and how easy will it be to get domain names and things registered.

We don't have that issue in Nigeria, we also have ‑‑ of course, we need to start thinking about what if it happens and how this would work, and this brings out concerns on how we want to ensure that the business is free, and domains are free and easy, accessible for people.

Issues around data privacy and protection.  Why the EU has the GDPR on the African continent, each country has their own responsibility for digital protection laws and digital protection issues and around their own domains, their own jurisdictions.  So there's the central responsibility on data protection, each country would have to come up with their own, and this is one ‑‑ I think it's one opportunity for evidence‑based policy‑making in having the specific TLD's running those ‑‑ the DNS system into the environment to come up with proper protection revelations that would assist people who use the internet then those places to know ‑‑ who ‑‑ by domain names and here are the domain names and they want to put out there.  This has implication around the who is data and how it's been protected.

It is the line with security on the internet.

So you ask yourselves who gets to see what, and who owns what.  This has implications around what policies are we going to adopt, and what principals are those policies going to be adopted.

If you look at the way policies have been done physically around most of TLD's in the Africa, one of the things you find out, they're based on what is happening elsewhere in terms of like best practices and ask yourself, what is happening in a lot of those policies, however, I think more and more would need to start looking at how to use the evidence‑based system in those policies around security.

The fourth thing I will talk about is collaboration with law enforcement, which is ‑‑ at what point do DNS's ‑‑ domain names get taken down, I know we have had requests for people to take down certain domain names, but we have not acted on such, not because we don't have a policy that says we can take down any domain just like that, but collaboration with law enforcement would help to identify what threats are coming from and where people can gather data in order to help to get the policies ‑‑ to come up with definite policies to tackle abuse and also be able to populate with law couldn't with law enforcement.

It is important ‑‑ cooperate with law enforcement.  I remember on the African continent.  There's actually a position coming together with law enforcement to tackle abuse, and but DNS takedowns could be possible in some places, where in most places Africa is  ‑‑ still not happening.  I'll stop there, then we can take other things.

>> PABLO HINOJOSA: Thank you Biyi, thank you for talking about the special policy and regulatory issues that registries such as country codes are facing, and the collaboration with government that is required.

Peter Van Roste, the association of CCLD's level domains in Europe, welcome.  We are everything a journey through different operators of DNS registries and through that journey, we will continue to regain those threats that we started at the beginning with Geoff and Mallory.


>> PETER VAN ROSTE: Thank you, Pablo, good morning, everyone.  I was asked to spike for three minutes about DNS for you.  Which is an interesting element in this discussion as it captures quite a few of the threats that previous speakers have touched upon.  Just first brief explanation on the DNS and what that function is.  As Geoff explained, almost every action that a user executes on the internet will involve at one point DNS lookup, that's the resolution of the name and ‑‑ there are servers that perform that task.  Their only function is to answer these queries, these are called recursive resolvers and when they are open for everybody to use, not restricted to, say, a company network, they are referred to as public recourse or resolver.  That's just the background, I do realize I'm cutting some corners there.

So this was, at first, a very pragmatic way to improve query response time, but as was already pointed out by previous speakers, it became an interesting point of data collection, as Geoff pointed out.  When you look at somebody's DNS queries, you can learn a lot.  It's not so much about personal data but the aggregated data that becomes very valuable.  You can see which websites or which domains are trending up, which are popular and, of course, search engines are very interesting to ‑‑ very interested to match that data with the queries they see coming in.

Secondly, that's the second aspect, touched upon by Mallory, that the DNSes being used more and more as a filtering tool, to protect users from phishing attacks, but also in a global effort to increase cyber security on a geopolitical level.  There is no business case for recursive resolvers, people who run them spend a lot of money on them.  It is a public service.  If you cannot make use of the data that services generating, then it becomes actually quite expensive thing to do, especially for smaller ISP's.

So still despite the pressures from GDPR, we some players get more interested in collecting that data, and we see consolidation in that space, what was once a very healthy and fragmented market becomes more and more consolidated.

It's probably not as bad as some people seem to think, but we are talking about numbers in the range of 15 to 20 percent of market share that is captured by the larger players.

So what about Europe and how do Europeans use recursive resolver.  Probably not knowing.  I do not have any friends who would know where to make those changes, that's maybe an interesting point for the discussion in the panel.  Around 15 to 20 percent use a service not provided by their ISP.  So by default, you do get assigned a DNS resolver from your ISP, 15 to 20 percent of users will not use that one.

It doesn't tell the whole story because in addition to that the 15 to 20 percent, there's probably quite a few smaller ISP's that lean on external services to provide that service to their customers.  It's difficult to estimate, probably around 30 to 35 percent is a realistic number.

Those ‑‑ those public resolvers will typically be not European, they will not be European.  Google is capturing the lion's share of that amount, and that number is trending up, slowly but surely trending up.

Suddenly the European institutions realize that what they consider to be critical infrastructure, the DNS and operators running it, was seeing an ‑‑ seeing an interesting and from their perspective, scary market effect.

I do believe that when Geoff pointed out 2013 discussions and the response from the technical community in particular DNS over HTTP, which makes it impossible for some of the intermediaries to see the internet and DNS traffic flowing, there was a discussion on the security aspects of it, but also on the market aspects of it.

I think that was what mainly triggered the whole DNS 4u plan.  We believe that ‑‑ so what is the DNS 4u.  It's a public call for tender by the European institutions for party to run a European‑wide resolver, as I described at the beginning of my presentation.

And that would be open and free to use for every European but would obviously be applying all local jurisdictional rules when it comes to blocking.  In general, we believe that was a good and positive move.  I think most people understands the importance for European institutions to ensure that European infrastructure is less dependent on nonEuropean players.  But there is obviously also a very important geopolitical security function to that.

We believe it creates more choice and diversity, which is good.  We see different flavors in Europe, there's already, I think, more than 30 or 40 public resolvers listed, and more are being added every quarter.

So the DNS4EU will be another one instance, that can only be applauded.

However, it's important to know that this can only be applauded as long as nobody gets an ID to make some usage of that DNS4EU server mandatory.  That would undermine the diversity and resilience and undermine user choice.

The good thing is that at least as far as I know, nobody in Europe is considering that.

Final, look into the opportunity to jointly bid during that call for tender, but in the end we decided not to do it because we believe that we can add to the diversity without having to rely on the bid, and so even add more diversity, more localized functions and resilience to the system.

The latest to add on a positive note, the latest instance that was just announced last week, was Lithuanian initiative, and I think with them, we have already about a dozen European CCTLD's being a partner or even running their local instance of a recursive resolver.  That's it from me.

>> MADELINE CARR: Thanks so much, Peter, that was really helpful.  To pick up on those kinds of commercial elements you've introduced and questions about diversity and consolidation in the market.  We have Carolina Aguerre now, an academy at the University of Duisburg‑Essen and Carolina has research currently under way, I understand, on some of the issues around mergers and acquisitions in this market.  Carolina, thanks for joining today.

>> CAROLINA AGUERRE: I won't be speaking about that research here, but I will be bringing in some bit of a flavor on the discussion on privacy in the DNS and what is happening in Latin America, which is very much not evidence based in terms of data being created by the region on this issue.  Operators, different ISPs, CCTLD's, APNIC, et cetera, the technical community in general has been very much driven by this debate in the last four years and they are very cautionary notes to be said about this trend from a developing region, very much in line with a bit what Peter and Geoff and Mallory developed earlier, in a region that still relies very much on a very large international providers, et cetera, there is this awareness that the internet is becoming more centralized by the big tech.  And so the concerns which are very legitimate concerning privacy in the DNS is not being coupled with an architecture, with a possibility of enforcing that privacy or generating that understanding.  So while there is  ‑‑ I think APNIC has done fantastic ‑‑ a fantastic job in mapping some of these trends concerning the adoption of protocols to protect the privacy of the DNS at a global level, in the region there are some experiences in Brazil, in Ch le.  One of the issues being raised is actually working on raising at a citizen level, but also at the policy‑making level, greater case for this particular issue, which is, of course, very much in conflicting views with practices that are not widespread of DNS blocking and internal shutdowns at a regional level in Latin America, there are some experiences, as you may be aware, but still the intellectual property protections over DNS blocking and the world cup recently has sparked these debates again and again.

So I would say we are still at a very early stage in terms of getting reliable data for evidence‑based policy‑making, but there are scattered community that is getting a bit stronger and pushing for a better approach and understanding what privacy in the DNS can and may mean for operators in the region.

>> MADELINE CARR: Thanks very much for that, Carolina, really helpful.

I'd like to bring in Keith Drazek now from Verisign.  Keith, I think you can perhaps speak a little bit about the different roles and responsibilities and capabilities of the various actors in the DNS ecosystem, which might help at this stage.

>> KEITH DRAZEK: Thanks very much, Madeleine, I'm Keith Drazek, Vice President of policy and government relations at Verisign.  Verisign operates two of the largest top‑level domains, gTLD's in dot command .NET.  We participate regularly as registry operator and have contracts with ICANN to operate these zones, these top level domains.

I would just like to sort of reins for, as we talk about engaging in the DNS from an operational perspective, that there are a number of different layers, a number of different operators engaging at different layers of this hierarchical engagement, this ecosystem, and it's very important, as we start talking about data and, you know, access to data, tracking data, using data for things like DNS abuse mitigation, that we recognize that these different actors have different roles, responsibilities and, frankly, operational capabilities, and that we need to make sure that we ‑‑ as we engage in DNS abuse mitigation strategies and policy development and regulation, that we understand and recognize what those various roles, responsibilities and capabilities are and whether it's a registry at the top level selling domain names at the second level through registrars and resellers, whether it's hosting providers, hosting service providers, maintaining the content, IP address registries, that there are a number of different operators and actors in this space, and each one of those actors has a different role responsibility and capability.

I can say that over the last several years I've been very much involved in the ICANN community, working to try to identify improvements around DNS abuse mitigation, and I say DNS abuse, that's a term being used quite broadly, and it's probably not specific as it needs to be, but in the ICANN space, as it relates to gTLD registries and registrars, we are very much focused on DNS security threats not content related, but there is a need to focus on content related abuse, but largely, there needs to be further engagement, I think, in those conversations in a multistakeholder way around, you know, the abuse that relates to content that actually belongs outside of ICANN.

So I think there's a range of actors and range of responsibilities, and I'll say I will drop a link in the chat.  The gTLD registries and registrars have except a letter to ICANN organization, ICANN CEO, basically saying we are prepared to take on additional obligations in our contracts, in the gTLD space to require further action it relates to mitigating DNS security threats, this is an important step, but not the only step.  There needs to be additional work and tracks of engagement and discussion when it comes to mitigating the wide and broad range of abuse as it relates the DNS, whether it's using the DNS for abuse or activity that relates to the DNS.

So I'll make sure I drop that in the chat here in a second.

So I just want to note that I think this is a really important discussion, I think we as registry operators and registrars engaged in the domain name registration and resolution process, data is very important to us.  Evidence based reporting, when it comes to requests to mitigate abusive activity online, through the DNS, through basically taking a route out of the zone, doesn't necessarily remove the content from existence, it simply removes a path to get there.  And we need to make sure as registries and reg stars, working closely with civil society, law enforcement, other groups, that we understand what it means to take action at the DNS level when trying to mitigate a broad and wide range of abuse.  So I'll stop there, definitely look forward to the Q&A and the engagement.  Happy to take any questions as well, thank you so much.

>> MADELINE CARR: Thank you.

>> PABLO HINOJOSA: Thank you so much.

>> MADELINE CARR: Go ahead, Pablo.

>> PABLO HINOJOSA: I think we have a very widespread of DNS‑related issues here.  We started with DNS data and also how the DNS has evolved from sort of open secrets to absolute OBFUSCATION in terms of technology and human rights and competition and concentration, we then kind of moved towards the registry side of things so we have Jordi doubly regulated by the European Commission and ICANN, then we moved to the CCTLD space in Nigeria, sort of they are mostly ruled by a set of agreements within their own jurisdictions.  We went to Peter, talking from a perspective of the call on the DNS resolver and how it works.  We went from the heavily regulated contracted party Verisign, and good questions from Carolina.  So what do we do with it, Madeline, how do we work an open mic, but also to steer the conversation towards something useful for the Dynamic Coalition.

>> MADELINE CARR: I think we could start by perhaps bringing in Emily Taylor, see if Emily has a question she would like to kick off.  I see hands going up in Zoom, Regina online moderating and while in the room.  Let's throw to Emily Taylor first and start picking up some of the questions.

>> EMILY TAYLOR: Thank you, Madeleine and Pablo, thanks for such interesting remarks from the widespread perspective of the industry and academia as well.  I had a question about, you know, picking up on Keith's point and Geoff's earlier in the says about the availability of data for researchers and, Madeline, this is something we have encountered in trying to understand the encrypted DNS data, you have this real patchy landscape, the ICANN contracts compel the publication and publication of a lot of data, which is brilliant for policy researchers and possibly not understood enough.  If we want to understand what's going on in the resolution space, is so hard to get hold of that data.

I wonder ‑‑ I would like to ask the panel's views on whether that, you know, is almost like attracts policy‑making to the wrong thing because we get drawn to where there's data, right?  Where there's information and this is big sort of big very opaque area, which is so vitally important to understanding behavior.  So I'd really welcome the panel's guidance and views on that.

>> MADELINE CARR: I think we have ‑‑ let's collect a few questions and a few comments, Pablo, to get the Q&A going.

>> PABLO HINOJOSA: I saw Mark's hand for a little bit.  Not sure if you would like to participate.  Mark, go ahead, then we'll go with Nigel in the room.

>>  MARK:  .

>> MODERATOR: Nigel, would you like to speak first.  Go ahead, then Mallory wants to give a few points and Nigel will have another subject to touch upon.

>>  NIGEL:  I have broader points, if you'd like to keep on this discussion and come back to me, that would be fine.

>> MODERATOR: Appreciate that, mark.  Mallory, if you could address the topic and Nigel.

>>  MALLORY:  Sorry about the queue confusion, I wanted to respond to Emily's question, it was one of the things in ‑‑ when I was recounting the sections of my paper I forgot to mention, which was measurements, the ‑‑ like in the transition to more private encrypted DNS, we have disrupted a lot of key measurement functions, the measurement community I'm familiar with, it's very o robust, probe the m lab, censorship planet, a lot of those folks feel very strongly this is a challenge they can overcome technically to continue to measure network effects in particular censorship, even though DNS is encrypted, they understand it's made their job slightly harder and up for that challenge, I think that's important to discuss in terms of the tradeoff.

I also hadn't in my remarks talked about the who is database, I think this comes into Emily's question, which to me this is a similar sort of thing to the DNS lookup data, it's really a contractual transaction between people who buy domain names and the registries and registrars and ICANN, there's not really a reason why, other the fact there's centralization of the database, I know I'm a little late and the ship has sailed and there's a way that folks can get access to that, I just want to make the parallel, the IME numbers, when you enter a contract with a mobile telecom, in many jurisdictions, even in the United States a year ago, there are always proposals to make this a centralized database that law enforcement, in particular, could easily query, who has which IMEI numbers, and it's always resisted because it would be a gross violation of privacy and have a lot of implications.  Why we resist that and not domain registrant data, I've never quite understood.  Those would be my points on that, thanks and back to the ‑‑ I guess the rest of the intervention, thanks for that.

>> MADELINE CARR: Thanks, Mallory, I'm sorry, between mark and Nigel, did we settle on who wanted to speak next.

>> MODERATOR: I think he'll present some points, actually invited to speak in, so if you go ahead.

>> MADELINE CARR: Thank you, Nigel.

>>  NIGEL:  Thank you very much, thank you very much Pablo and Madeleine for inviting me to say a few words in this session.

How many governments are there in the room?

Oh, yeah.  Well, it's good to see one other government.  I work for the U.K. government in the Department of Culture, media and sport.

First of all, I'd like to say that, you know, governments in general are a greatly ‑‑ policy making is greatly enhanced through the contribution of many of the actors in this room, you know, from the center, from EURid, through Oxford internet institute, CDT, and many others.  The expertise Geoff Huston who I often refer policy makers to, in his Earls on the DNS.

Governments have a role, we might be on the outside, but we are listening.  And I think this debate this morning that we are having shows us the importance of governments understanding what is going on in the DNS, it shows us the importance of being involved in the discussions.

Now, my minister in the U.K., and I've had many internet ministers I've had to deal with in my time in the U.K. government, ministers change rather more frequently than officials in the U.K.  But if I went to my minister and said I want to tell you about DOH and tell you about Quick and Apple Relay, he would probably say, Nigel, I'm really fed up with you, could we discuss the cricket or the football.  Policy makers, ministers are not necessarily interested in these acronyms and not necessarily interested in the standards being developed, but they are interested in the effect of those standards and those protocols.

They are interested when they're told by me or someone else that, minister, some of the adoption of these protocols will affect the implementation or the effectiveness of the legislation you're putting through in online safety.  Some of these protocols may affect the long standing policies the ministers have signed up to in the rad indicating child abuse images.

If we tell them that, they'll say why don't you do something about it.  I pay you ‑‑ don't pay you much but pay you to be officials and intervene and to do something about this.

Of course, we say this is a multistakeholder process, bottom up, and there are many different players in the room.

Of course, there are many different players in the room.

But we have to be there, we have to be part of this discussion.

The second point I want to make is on choice and the very informative presentation that Peter gave, and I heard some other presentations on this.  Again, if we told ministers about choice in terms of selecting your recursive resolver, again, please, don't tell me what recursive resolver are.  Let's not talk about choice, people don't have a choice, like the net neutrality debate we had 25 years ago.  I remember being told when we are discussing net neutrality in the European union, there was a choice, consumers had a choice, if you had an internet service provider that blocked social media, don't worry, you can go and choose another internet service provider, what tosh.  Year contract, two years contract, three years contract, come on.

So it's important that we don't hide behind choice in terms of the quality of our systems.

To finish with, because I've probably gone over time, I want to say that it's fantastic, the work that has been done and that is taking place.  I mention the great work of academic institutions, et cetera, but the fact that we can meet in ICANN, as the government Advisory Committee, the fact that governments can interact and work with people like Keith at Verisign and the ICANN board, that we can have our say in terms of the involvement of the DNS.  That we can work in the IETF.  Yes, it's complicated and far too complicated for me at different times, but the IETF is open.  The internet registries, the way they involve governments, whether it's APNIC or others, it truly is, you know, very welcoming.

That's all I've got to say and thank you.

>> PABLO HINOJOSA: Thank you for the perspective.  I'm sorry, go lead.

>> MODERATOR: No, no, just thanking for the very important government perspective, but back to you.

>> PABLO HINOJOSA: Thank you so much, it's a little bit complicated to coordinate the in‑room and the remote participants.  Sorry about that.  And just a question.  Is there any other in the room that would like to speak?  I was looking at Mark before, not sure if you would like to go ahead.

>> MODERATOR: I would suggest we go now for Mark remarks and also passing back the word to Emily afterwards because I think we have some points being raised online.


>>  MARK:  Thank you very much, panelists, thank you very much, this Mark Datafield speaking.  I am chair of the group on internet abuse on the council.  I come here ‑‑ I would like to believe speaking on behalf of my group and would like to socialize a few points that member of interest to the session in particular.

As Keith mentioned, there has been very active debate this year concerning DNS abuse, but not in the generalistic sort of amorphous way it had been in the past.  This year we have made some very realistic progress and started to get to the nitty gritty of policy.  And the way this was accomplished, I think, was by really uniting the members, the different stakeholders in ICANN for a greater cause.  Instead of focusing on our differences, we got together and thought about what do we want to accomplish in terms of the security of the internet.  It united the noncontracted parties, civil society, businesses, end users and the contracted parties represented here by Keith, but we have many of them here who are the registries and registrars, managed to get together in this group and reached some consensus, which is supposed to be the broader point of what we are doing, but very rare.

So we are moving ahead with a letter from the council to the contracted parties in ICANN to renegotiate asking them, you know, it's an ask, to renegotiate contracts to change the responsibility, because something we didn't know at the beginning of this process was ICANN doesn't have the power to actually enforce anything, they can send very strongly worded letters actually saying what you're doing is very evil, which, you know, I won't be soft here, is completely useless.

The team was really working towards how can we change this reality, and the letter that the contracted party house sent a few weeks ago, was very encouraging because they even pre‑empted their own letter.  So this was very ‑‑ this made us very happy, it signifies everybody is on board, that we want to start moving ahead and start coordinating these malicious actors not with strongly worded letters, but actually talking to them as in this has consequences, you have to do something, this is not a problem for someone in the cloud.  It's your problem, we sell a product, the DNS is a product, it is a technical standard.  About the end of the day, it is a commercial product deployed across the world.  We don't want to make it easy for all these different ‑‑ many different resolution systems emerging to say the DNS sucks, so come use ours, we need to keep making this product better and work together as a community to do that.  This is more of a partially an update, partially a big thank you to the ICANN community for being so involved, contracted parties for being so generous in their time and hoping that next year we can bring another update saying we accomplished this, things are going better than we thought, thank you very much for the space, panelists, organizers, it's a pleasure to be here and for sharing all this information, thank you.

>> PABLO HINOJOSA: Mark, thank you.  Let's go back to second round with panelists, starting with Geoff.  Geoff, a reply, your views.

>> GEOFF HUSTON: I would like to start with Emily's question and make a more general observation and move on from there.  Emily asked about query data, it's important because the DNS is actually two parts.  One is provisioning, zone files, publishing the information, and oddly enough, it's really easy to talk about provisioning, there's a lot of data around, but that's not what's important.  What's important is query data, how it's used.  And the problem there is query data is extraordinarily hard to find.  I know that only too well as a researcher in this space.

The issue is that real query data has incredible privacy implications.  And most operators just simply don't release it.  For extremely good reasons.

Now, some try and obfuscate the data, we can publish this, you can't sigh personal data.  That makes it largely useless, our efforts at APNIC in looking at the way queries happen, have had limited success in exposing inquiry are query patterns, emerging centralization and DNS service, that behavior observation is peaking through a window I think is getting smaller every single day as more and more of the privacy efforts shut that down, I believe where we are heading is an outcome there will be nothing less to see in the DNS, no data, nothing.  In my view, no policy, no regulation can alter this trajectory, what we are talking about here is the actions of applications and trying to put regulatory on the way the DNS behaves.  Is like the fine grind behavior of the Chrome browser, we have never tried it in the past.  I don't think it will happen in the future.

Oddly enough, what we are finding now has been a convenient coincidence of motives for both the large operators in today's internet, Google, Apple and so on, and their perception of what users want in terms of privacy that has led to this push to change a lot of the technology landscape in the DNS.

And with this ascendency of applications as the dominant factor in the internet system and the suppression of networks, they are no longer important, there is a strong aversion by applications to allow any part of the network to gain any insight at all into the behavior of the application, its content, or any information that it's gathering.  If you want just one example, and I'll go back and quote back to Nigel, quick is really important.  Because this is an excellent example, the best we see today of taking the entire function of transport application and content and loading it up into the application and hiding everything from the network, the platform, and anyone else.  It's lifting it up and then hidden it entirely.

So I think the DNS is heading in the same direction.  DNS over HTTPS is incredibly important, at. When you think about it, with server push, there are no more queries, they just disappear, the server pro‑provisions the DNS to the user.  The server asks for nothing.  There is no query data left to find.

Of if you thought the DNS was a:  Piece of internet infrastructure, that view is being superseded by the view the DNS is an application artifact.

Now, the implication of that observation is profoundly disturbing.  It enters into areas, splintering and fragmentation, as each application customizes their view of the name space to suit their purpose.  And the residual value of a common name space with a single root decline inevitably.  All of this operates behind a veil of encryption and obscured traffic that we will be challenging to even see what's happening, let alone try and prevent these forces of destructive injury.

The inevitable outcome here is something what I said was highly challenging, by highly challenging, I really mean impossible.  Thank you.

>> MADELINE CARR: Thank you very much, Geoff, that's a powerful statement.  I think it will set up from the remainder of the conversation.

We would like to cycle back through the other panelists for final remarks now.  Mallory, could I throw to you, please.

>>  MALLORY:  Yes, I endeavor to take less time because I've spoken too much.  Just two additional points that I failed to make clear before as well.  So just a slight quibble with the direction of travel for encrypted DNS, I don't think it's only that users have asked big providers for more privacy, I think that the engineers at the ITF and elsewhere have made better protocols, they have understood where DNS filtering is basically a hack to use a technical term, doesn't work well, easily circumvented and the protocol needed to evolve, this is actually just better engineering overall, you're filtering by DNS was never room a good approach anyway, and mitigating other kinds of abuse, they need do come up with different approaches.

So wanted to make those additional points on that.  But otherwise, really appreciate this panel and the discussion from everyone.  Thanks.

>> MADELINE CARR: Thanks, Mallory.  Peter, final remarks from you.

>> PETER VAN ROSTE: Yes, I would be happy.  I didn't have my hand up.  But the discussion ‑‑ the valving discussion made me realize to other ‑‑ an observation to this discussion, that the fact that DNS becomes useless as a filter tool or monitoring tool or point of control for governments, regulators, means that the pressure is just going to shift.

I mean, there's not going to be a hand up in the air and we give up on enforcing public policy.  So we see already that is shifting to the different actors and that in this case is the registry operators and registrars who are getting pulled more and more into the debate, not just on the fight against abuse and the prevention of abuse.  And before we know it, we'll be in a minority report scenario when somebody is registering a o domain the expectations are increasing that it's able to ‑‑ that we are able to predict whether that domain will be used for abuse or criminal purposes or not.

So I think ‑‑ it's important to realize that this will be continuing discussion between those willing to enforce public policy goals, possibly no matter what, and those that understand the impacts on the global internet, the unified internet, and are preventing ‑‑ trying to prevent its continuing splintering.


>> PABLO HINOJOSA: Peter, awesome.  Biyi, Carolina, if you would like to go ahead.  We would like to give time to discussion afterwards, that's fine, Keith, let me know.

>>  BIYI OLADIPO:  I have final thoughts similar to what Peter talked about.  How are we going to talk about abuse or look at things in which we can ‑‑ we more and more, we see by merely looking at some of the names you're asking yourself, what would this be used for.  I think law enforcement needs to collaborate more and more with registry operators, to try to see how we can work together.

>> PABLO HINOJOSA: We are having a bit of trouble hearing you, Biyi.

We got the central element of collaboration and also collaboration with law enforcement.  Let's move on, any other panelist?

>> MADELINE CARR: If not, Pablo, there's a question in the online chat.

Oh, wait.  Keith has his hand up as well.

>> MODERATOR: Let me ask the IT support to support the delayed reception of the stream and also Nigel wants to take the floor for a final remark.

>> PABLO HINOJOSA: Keith and then Nigel.

>> KEITH DRAZEK: Thank you very much and hello again, everybody.  So I think when it comes to collaboration, I think there is very good work going on right now, as Mark Dataskeld mentioned within the ICANN community, TLD space, other parts of the community, but as I said earlier, there are so many different operators or those associated with DNS that I think we need to think a bit more broadly about how we can expand our multistakeholder dialogue about better information sharing, better collaboration across the various actors that I described earlier, with different roles, responsibilities and capabilities.

We really need to make sure that we include governments, law enforcement, civil society, especially as it relates to, you know, actions that are being requested or demanded or regulated on DNS operators to mitigate abuse.

I think that there are some real questions about transparency, recourse for those that are negatively impacted.  We have to make sure that we design policies and regulations and laws that are focused on proportionality and provenance being as close to the source of the harm as possible, so we don't end up with disproportionate negative impacts across the ecosystem and to potential end users.

So I think that there's some additional work that we need to do as a multistakeholder community to carry on these conversations, and especially when it relates to content, where we need to bring in the right players, the right operators, including the hosting service providers, to make sure that they are part of the conversation, because generally speaking, they are not engaged at ICANN today, ICANN's bylaws for everybody's benefit actually restrict ICANN from developing policies and contractual requirements related to content.

So I think that there's a gap here that I think we are starting to see about the need for better collaboration, better communication, you know, perhaps there's some systems that could be developed for better collaboration and communication across the various actors, but we really need to continue to expand this multistakeholder dialogue to include the hosting service providers, governments, civil society, and the other actors in the DNS ecosystem to make sure that we are raising the bar and sharing information to ‑‑ so we can mitigate DNS abuse as a very broad concept, right, DNS security threats are one thing, DNS abuse is a very broad term, and in order to be able to address that, we need to have more people at the table and need to have met multistakeholder dialogue so we can find the right balance.  Thanks very much, really appreciate the opportunity to be here today.

>> MADELINE CARR: Thank you, Keith, really glad that you could join us.  Nigel, you're next in the queue, I believe.

>>  NIGEL:  Yes, thank you very much.  Yeah, I've been following Keith, yeah, great work.

I just really wanted to reflect on one point I didn't cover.  That is the importance of this debate not just to national governments, but also to the sort of global internet ecosystem, if I might put it that way.  As you know, there are U.N. discussions taking place on the cyber Kim, there are U.N. discussions taking place on cyber security, we have the U.N. global digital compact and the tech enjoy who has been with ‑‑ envoy who has been with us here in Addis Ababa this week, considering what policy issues on the internet should be included in the global digital compact.  In 2025 we have the WSIS plus 20 review process debate at the UNGA.  That will be very important indeed.  It will probably use terminology that's equally confused as QWIK or whatever.  It will set the agenda going on for 2025.

Some governments will no doubt reflect, whether for good reasons or bad, that the internet has had enough of multistakeholder cooperation, that all this chaos, the inability perhaps to do things that governments thought they could do is a result of this bottom up multistakeholder process, it's a result of the decision by the U.S. to set up ICANN, it's a result of decisions that non for profit bodies should give out IP addresses.  There will be a debate and some governments might say well, yeah, perhaps the U.N. could do it better.

Now, we might laugh at that, we might say, well, that's absurd, you know, the internet itself is an ecosystem that involves all actors.  But the pendulum could swing.

So this is the importance I think of being able to say, well, yeah, there are problems, there are issues, but the multistakeholder community, the standard bodies, ICANN, other institutions, are doing their best to tackle these problems.  Thanks.

>> MADELINE CARR: Thanks very much, Nigel.  Carolina Aguerre, did you have final remarks to make.

>> CAROLINA AGUERRE: The final remark is to embed this debate into like the broader debates around open data and privacy over the last years and how the pendulum regarding open size, open research is not shifting in a positive way, and I'm glad that this is being addressed in an internet governance forum, because the closing of spaces is kind of knowledge and data sharing and understanding, is really not productive for these meaningful, multistakeholder dialogues and engagements, based on an evidence‑based policy‑making space, it's very contradictory what we are seeing here in terms of what we want to aim 17 years on in the IGF, with what we are actually seeing happening at the internet architecture.  And I really think that we need to sort of garner energy for building up this multistakeholder spaces so that there is actual common ground for discussing this and not just from a political standpoint, but also that where we can sustain some discussions on data and evidence that we are all familiar and aware of.  Thank you.

>> MADELINE CARR: Thanks, Carolina.  Now, we are almost out of time, but Andrew has been saying some really interesting comments in the chat, which we thought it would be nice to introduce to the room as well.  Andrew, would you like to take a minute and sum up your thoughts.

>>  ANDREW:  Surely.  Thank you, Madeline and thanks, panelists for really interesting discussion.

I'll rattle through these really quickly, just to amplify what I said in the chat.  So as you were seeing from any comments, some claims let me relate to the privacy benefits of DNS are questionable.  Yes, they do obscure the queries to the network based observer, but of course the queries are visible to the resolver operator and to software running on the end point.  Resolverless DNS maybe removes the observation from the resolve operator from the equation, but you're still exposed to software on the end point.

What we seem to conveniently overlook, and this is usually the case, most of the worst privacy violations are undertaken by the companies that operate some of those open resolvers, and the companies that run the software that's on our end points.  We a have all heard of surveillance capitalism, the egregious privacy violations that continue to this day.

So ‑‑ I think we also tend to conflate privacy and security quite often, ignore the fact that DNS is a key indicator of compromise.  So weaken our cyber differences if that's taken out of the equation, and also the resolver approach is often based in the U.S., and there's no GDPR protection in the U.S.  There's no federal privacy laws.  So, again, we lose legislative protections as well.  Which is unhelpful.

So if we are to talk about the security of the internet, let's get to grips with the really underlying issues, talk about surveillance capitalism and how we deal with that.  Let's address the issues increasingly posed by centralization and the loss of resilience of infrastructure, which is being aided and abetted by things like encrypted DNS and centralization of the DNS infrastructure.

And frankly, and finally, a lot of the internet standards developments have significant policy implications.  If?

>> We need more representation from industry within standards bodies like the ITF.  These standards far too important to leave to the tech industry, because that, as I said at the start has a vested interest, it's operating the surveillance capitalism.  We need other voices in there to make sure we get to we should.

>> PABLO HINOJOSA: Thank you, Andrew.  I think we are soon to arrive to the end.  I hope we were able to meet expectations of Emily and Carolina, the ones that proposed this.  Madeline, I learned quite a bit here.  I would like to ask you quickly, what are your key takeaway and also for the purposes of the report, we need to have a couple of actions to take.  One takeaway, one action, and then perhaps we close after you refer that question to me.

>> MADELINE CARR: Thanks to everyone who participated today.  I think my takeaway is that it's really important that we think ‑‑ when we arrive at these problems or questions, we always arrive at them at the current point in time, and we think back on what's happened and how we have arrived at where we are.  I think from the conversation today, it's really important we think ahead to the next 20 years or 50 years and kind of look back at this moment from the future and consider what steps did we take now.  Internet governance has emerged quite organically, and when we have made mistakes or things haven't worked out as we expected them too, it's important we can go back and ‑‑ that we can address those and rectify them.

I think we need to be considering or actions now in the context of the future.  I think the action is that we really are first think the IGF is such an important forum for bringing together government, industry, the tech community, civil society and academia, to really have these conversations.  So I think we need to think about a follow‑on discussion for next year.  What are your takeaways, Pablo, and your call for action.

>> PABLO HINOJOSA: Well, I take it from what Mark said, it is a commercial product, he said, but it is actually a massive collaboration of different entities that ultimately operate this very important infrastructure at the technical level.  So while this collaboration performs well, technically, it also has many layers of policy‑making, it's a very heavily regulated industry, but at the same time, I do feel that there are important governance and policy questions that still remain that they are out from the ICANN sphere, that they are subject to a very good conversation at the IGF, and as you said, I think we need to explore a little bit more about it.

Key actions to take, well, more of these discussions at the IGF in Japan, and what do you think.

>> MADELINE CARR: I think another session.

In Japan.

>> PABLO HINOJOSA: Thank you very much, everyone, and all the very best to all.  We can close the session here.

>> MADELINE CARR: Thanks everyone, thanks, Pablo.