ICANN66 at Montreal – A contrasting summit

During the first half of November, the 66th ICANN Summit was held in Montreal, Canada. This third and final annual summit devoted to policies applicable to Internet naming was eagerly awaited as the topics under discussion are numerous. At its closing, however, it left many participants a little bit disappointed.

A preview of the topics and postures during the weekend before the official launch of the Summit

The weekend
before the official opening of the Summit is usually an opportunity to get an
overview of the topics and postures involved. Not surprisingly, the expedited
Policy Development Process (ePDP) which aims to develop a consensus rule to
specify future conditions of access to personal data that are no longer
published in the WHOIS, the domain name search directory, due to GDPR, is one
of the major topics.

Among other
related topics, the replacement of the same WHOIS by the RDAP (Registration
Data Access Protocol) probably next year for generic domain names. This
replacement is not insignificant when we know that WHOIS has been in use for
nearly 35 years.

The body
representing governments, the GAC, has weighed up the issue of domain name abuse,
which has taken off considerably on the new generic extensions launched in
2012. When we know the rise of Internet practices aimed at weighing on
elections in certain countries and the economic impact of computer attacks and
hacking, we understand that this subject is being pushed by the GAC. While one
of ICANN’s topics is to clarify in their texts the notion of malicious uses, this
term refers to domains registered for phishing, malware, botnets and spam, the
other part concerns the means to stem them. The existence of abusive domains indeed
threatens the DNS infrastructure, impacts consumer safety and threatens the
critical assets of public and commercial entities. Finally, and not
surprisingly, the subject of a future round of new generic extensions has also
been on many lips.

“The best ICANN summit”, really?

During the traditional opening ceremony, which brings together all the guests for one hour (2500 according to Goran Marby, ICANN CEO) in a huge room to listen to various speakers, including Martin Aubé of the Quebec Government’s Ministry of Economy and Innovation, Cherine Chalaby, one of the ICANN Board members whose term ends at the end of the year, told his audience that ICANN66 would be the “Best ICANN summit”. It must be said, however, that at the end of the week of debates and meetings, which followed one another at a sustained pace, while the subjects under discussion are really numerous, the feeling regarding this assertion was more than mixed for many participants.

First, the
expeditious process for access to WHOIS non-public data is progressing with a
framework constrained by ICANN and the Personal Data Protection Authorities.
The outcome of this process is envisaged between April and June 2020 and it is
currently a centralized model where ICANN would allow the future lifting of
anonymity of data that are now masked due to GDPR which holds the line.

Then the subject that was probably
most often mentioned during this new summit week concerned abuses with domain
names. For ICANN, the subject is central because it is directly correlated to its
totem: the stability of the Internet for which they are the responsible. Since
February 2019, ICANN has been publishing some metrics on malicious practices
identified through DAAR, their Domain Abuse Activity Reporting.

Their latest report presented in
Montreal shows that 364 extensions (mainly new generic extensions from the 2012
round) revealed at least one threat posed by one of the domain names activated
on these extensions. More worryingly, new generic extensions would still account
for nearly 40% of malicious uses, compared to 60% for historical generic
extensions. This figure should be highlighted with the volume of these two
categories of extensions. Indeed, out of just over 200 million generic names,
new generic domains represent only 15% of the total number of registered names.
ICANN therefore wants this subject to be taken up by the entire community
present in Montreal.

Proposals were made by the various bodies present, some of which went so far as to request a policy development process (PDP). This last proposal, if it were to obtain ICANN’s approval, would have the unfortunate consequence of postponing the hypothetical schedule for a next round of new extensions, a subject that interested many of the guests present in Montreal. Indeed, for ICANN, the problem of the concentration of malicious practices in the new generic extensions must be solved before any future round, so that the PDP still in progress on the review of the last round of 2012 has gone almost unnoticed.  

If the rules are slow to evolve on malicious uses, your Nameshield consultant can already provide you with adapted solutions to your needs on this key matter.

First published at nameshield blog