Exposing and Documenting Abusive Internet Behavior (29 April 2019)
Today's Internet is increasingly polluted by malware, phishing, scams, and other forms of abuse that degrade the online environment on which so much of our economic,
social, and political lives rely. These abuses erode user confidence and inflict serious harm on individuals and organizations in every part of the world. Countering
them is at the top of everyone's list. But accurate information about abusive behavior on the Internet is surprisingly hard to obtain. This frustrates efforts to protect
Internet users from abuse, and to change the environment in positive, lasting ways.
ICANN's Domain Abuse Activity Reporting (DAAR) project is a system for studying and reporting on abusive
behavior across top-level domain (TLD) registries and registrars. But DAAR reports only aggregated data on gTLD registries; it does not associate any metrics directly
with specific registries, does not include information about registrars, and omits ccTLDs entirely. As such it does not give organizations or individuals the information
they need to make decisions about how to safely and efficiently interact on the Internet. Achieving a safer Internet requires a trusted, neutral, public clearinghouse
to collect, publish, and persistently store information that categorizes and quantifies Internet identifier system behavior, which can be used to deploy security measures,
demonstrate the effectiveness of security or other administrative controls, inform policy makers, and conduct research.
Conservative abuse reporting throws new TLD program under the bus (19 February 2019)
ICANN has released a January 2019 domain abuse report
generated from the Domain Abuse Activity Reporting system (DAAR). DAAR is a system for studying
and reporting on domain name registration and security threat (domain abuse) behavior across top-level domain (TLD) registries and registrars.
It provides a distribution of domains identified as security threats and a breakdown of security threats by class for all new and legacy registries for which the
DAAR project can collect TLD zone data. But the report provides only aggregated summary statistics for TLDs, in pie-chart format; these “findings” are
misleading and do not represent actionable intelligence. The report also omits registrar information. By failing to be open and transparent about the high levels
of abuse in specific new TLDs and registrar portfolios, ICANN actively frustrates efforts to promote Universal Acceptance
of domain names and email addresses and calls future new TLD delegations into question.
Read Dave Piscitello's Security Skeptic blog post:
Conservative abuse reporting throws new TLD program under the bus.
APWG and M3AAWG Survey Finds ICANN WHOIS Changes Impede Cyber Investigations (20 October 2018)
Dave Piscitello's The Security Skeptic blog has a column focusing on how ICANN's "Temporary Specification for gTLD Registration Data" has affected access
and usage of domain name registration by cyber investigators and anti-abuse service providers.
Read Dave's column
and follow Dave's Security Skeptic blog.
Regulating Internet Service As a Utility: The Devil, As Always, Is in the Details (4 February 2015)
On the heels of President Obama's call last November for the FCC to take a stronger regulatory position with respect to "net neutrality,"
FCC Chairman Tom Wheeler is expected to share a proposal with the other Commissioners tomorrow that will set up a vote 3 weeks later on
new rules for Title II regulation of "Internet service." What this means, however, is not clear from the way in which terms like
"net neutrality" and "Internet service" are used by reports in the popular press, such as this recent article in the New York Times:
In Net Neutrality Push, F.C.C. Is Expected to Propose Regulating Internet Service as a Utility (NYT 2/2/15)
"It is expected that the proposal will reclassify high-speed Internet service as a telecommunications service, instead of an information
service, under Title II of the Communications Act..."
The details are even more important than usual in this context, as Interisle's comments to the FCC
("Protecting and Promoting the Open Internet")
describe — in detail. Our conclusion is that "[s]ervice providers should be required to make the telecommunications layer
of their networks available to any requesting party on a common carrier basis, subject to Title II regulation, especially Sections
201, 202, 208, and 254." Read the full paper for a clear explanation of the issues.
The Internet Assigned Numbers Authority in Transition (15 December 2014)
The Internet Assigned Numbers Authority (IANA) has been responsible
for making and publishing the assignments of Internet names and numbers, including DNS domain names and Internet Protocol (IP)
addresses, for more than 40 years. The IANA functions are currently performed by the
Internet Corporation for Assigned Names and Numbers (ICANN) under a set
of agreements that includes a
with the National Telecommunications and Information Administration (NTIA) of the U.S. Department of Commerce.
On 14 March 2014, NTIA
that it intended to end its oversight of the IANA functions, and asked ICANN
to launch a multistakeholder effort to propose a non-governmental alternative. As part of that effort,
ICANN's Security and Stability Advisory Committee (SSAC) has prepared and published a set of three Advisories:
SAC067, "Overview and History of the IANA Functions";
SAC068, "Report on the IANA Functions Contract";
and SAC069, "Maintaining the Security and Stability
of the IANA Functions Through the Stewardship Transition." Interisle partner and SSAC member Lyman Chapin co-authored all three Advisories.