ICANN Stakeholder Assembly: Briefing by the European Commission on the recent EU initiatives on digital services and cybersecurity - Shared screen with speaker view
Who can see your viewing activity?
Hi Elena and all, thanks for organizing this!
Me too, came in early
Greetings from the Office of the Ombuds… always nice to join these informative sessions. Hope everyone is staying healthy and safe.
hello everyone! may thanks to ICANN for organizing this event
Looks like we have the band back together
I was part of ICANN band long time ago, good to be back!
Charles Shaban! Greetings!!!!
Chris long time :)
Hello everyone :) !!
Good afternoon from sunny London
Abdeldjalil Bachar Bong
Hi Manal, and hi to all. Great to see old friends. Or "not see" old friends as the case may be.
Manal and Lori not that long for me, glad to see you too !
do others observe the grey rectangles on the text, as well?
yes @Peter ..
yes, I assume the speaker has some chat windows or notifications open
Hey Marco! Everyone...
Since ICANN doesn’t deal with content regulation and the DSA seems to be all about content regulation, I am wondering why we are hearing about DSA at all
Great to reconnect @Lori and @Charles ..
+1 to Milton, except for consideration of service providers' liability?
Service Provider legal liability is not, to my knowledge, assessed by ICANN.
And for clarity, ICANN is not a regulator
+1 to Goran
Think, we did not do too bad in securing a directive back then which has lasted over 20 years despite rapid changes to Internet.
+1 to Nigel Hickson
And this law might have an impact on the possibility for ICANN to create policy
If it walks like a duck and quacks like a duck...
ICANN is not supposed to be a regulator, but of course it does regulate entry into registry and registrar market, terms and conditions of services, and dispute resolution.
Although I agree that much of this is beyond the mandate of ICANN, I truly appreciate this discussion if for no other reason than for education purposes.
see: the third ’S’ in SSR is for ‘safety’
Milton, we disagree on that.
You can get a masters degree in digital public policy from Georgia Tech Jeff ;-)
The DSA is included in the list of initiatives that are of relevance to the DNS and that we are discussing for information today, as DNS service providers are under scope
I keep getting black bars over the slides. - can we switch to the unreacted deck?
@Marco: this is NewIP in action …
Joking of course - but slightly annoying, even when I have seen this press before
@Milton - I haven't ruled that out :) But I am not sure I am smart enough for Georgia Tech :)
Hello - best greetings from Brussels!
You are a clever and experienced guy, Jeff
And FYI, New IP has a new name “polymorphic networking” and that unfortunately is not a joke
Does the proposed new text clearly include registries and registrars as intermediaries?
Should be interesting to see those comments, Volker :)
wolfgang kleinwaec hter
@ New IP: Where it is now discussed?
maybe discussed in Beijing?
DSA Recital 27 says it applies to, among others, "domain name system (DNS) services, top–level domain name registries"
Marco, would you prefer polyamorous networking?
Great, thanks EU, you can restore The Donald to his Twitter account
Recitals 27 and 83 yes
An actual LOL - thanks Anriette!
Anriette LOL and I guess it depends on the venue where it is developed and the principles applied
@Anri, speaking in a strictly private capacity: Oi! :D
Friday indeed… :D
Almost 5 o’clock in my part of the world
interesting discussion of the changing scope of liability exemptions
Same here, 1h to curfew xD
Geo Van Langenhove
you need to click on the "pin" when sharing a screen
Here 6 PM on a weekend, but today full curfew since morning here, so good to do something beneficial!
In 1999 we were focusing on news groups; news and early web services; not much social media......
DNS is (correctly) classified as an intermediary exempt from liability.
@milton the whois information is on the black boxes ;)
redacted due to GDPR
There will be a recording of this session available
And the recording will contain the same occlusion?
but if you apply with a proper legal basis you can get them removed
Geo Van Langenhove
Can the slides be shared afterwards, please?
I don't live in Europe. I don't expect I have the indicated access.
What’s the official definition of an SME at EU level ?
Define "small"? ISC is a small company whose open source products and DNS Root services are used by many users throughout the world. Are we small or large?
That's could create a mess for DNSes that are only authoritative for their own domain name. There doesn't seem to be any definition on the number of domain names hosted.
@JMCC - yes ping me offline about that - we’re trying to get input back to the department
thank you for the SME definitions link Nigel
Of course, every TLD or second level is only authoritative for itself.
Fewer than 250 employees & annual turnover not exceeding EUR 50 million.
Will do, Michele
So we’re safe for now Marie :)
assuming 'or equivalent in local currency' is implied on those fin threshholds
Jothan - you’re still fine
Sure, it's an EU definition, Jothan.
very - and I hope there are lower qualificications than micro - if I go by balance sheet, with all of the additional policy costs I go negative balance ;)
this is the Dutch court of Bremen?
sanctions or fines of 6% of the providers's [▒▒▒]
I thought the same, Peter
that was a good presentation, all kidding aside. will the slides be shared? The zoom presentation redacted portions of the screen unintentionally
is there case-law under Directive 2000/31 and national laws on whether registries and registrars fall under that Dieective?
@jorge you should ask this in the Q&A not chat
Good question, Jorge
One of the issues of Registries being required to do "take downs" is that Registries cant just take down the harmful content but can only take down ALL the content of the entire site.
@Jorge: Interesting question. I’m struggling to see how Registries would actually become liable based on registration activity. ISPs are nervous because they “carry” content - but a registry service does not.
Mention in the NIS directive also
Though Bremen might now be Dutch, I have difficulty seeing how a court desciciosn from another jurisdiction outside Norwegian jurisdiction could be enforced directly in the Norwegian jurisdiction
For the record: last I looked NL was still a sovereign state
Brussels Ia Regulation + Lugano Convention
It mentions HSPs but not resellers. Is there any coverage of resellers?
The sale chain is often registry - registrars - resellers - public.
Can a registry be considered a very large platform if its meets the financial/revenue requirements?
For this legislation to happen all member states and the parliament needs to agree.
interesting; ‘takedown’ obligations are easily conflicting with critical infrastructure provisions
In Norway, the supreme court has ruled several times that a registry shall not judge wether or not content is or could be illegal or not, that is the taks of the law enforcement and the courts to do.
@ John McC: it has long b been clear to me that resellers should be under contract with iCANN or otherwise accountable to the rules of their Registrars.
Christopher - they already are
not under contract
Thank you so much; that was very informative.
Yes, thank you for the presentation!
It is a very complex problem, Christopher and the EC hasn't the expertise to properly quantify it. Legislation without clear definitions is iffy.
Thanks for the presentation .. Very informative ..
@Michele, could you explain the accountability for resellers? I am uninformed. Thx
Geo Van Langenhove
Thank you for this presentation!
Thanks all, for your patience
@Göran: unanimity principle is true for some laws, not here, so a qualified majority of Member States have to agree, plus the EP (also majority vote)
Mark - I’ll ping you somewhere else
Section 3.12 of the RAA makes registrars responsible for their resellers
@Mark There are approx. 2.5K gtld registrars. But only about 600 retail registrars. Some of these registrars have resellers. There can be hundreds of thousands of resellers just in gTLDs alone. Some cctld registrars are resellers for gTLDs rather than accredited gTLD registrars and vice versa.
@marksv under 3.12 ot the RAA Resellers are under the same requirements of the registrar which they work through, That, PLUS whatever the registrar may add as T&C or AUP to suit regional or other policy regimes, per registry contract requirments, etc.
to be clear, we are talking about resellers in gTLDs that are under ICANN mandate, not ccTLDs nor legacy gTLDs not under ICANN purview
Thanks for making my point live…
Thanks, all for clarifying the accountability of resellers
@Jothan it gets really interesting when registrars have their own almost independent reseller operations.
Some of the large operators can have a hundred or so different brands.
There are cross-jurisdictional nuances where reseller is in different country or region covered
also, "I am not an attorney"
but I know a few really good ones
IRENE ROCHE LAGUNA
On expected timeline of adoption for DSA: the negotiations have just started, but both Commission, Council and EP share a sense of urgency - France wants to finalise negotiations under their Presidency (2022)...
IRENE ROCHE LAGUNA
But short answer is: hard to say :)
@Irene : clearly ambitious ;-)
Passports of vaccines on mobiles - who can supervise cybersecurity standards for all these mobile applications? Especially for non-EU countries?
Thank you @Irene
Good question Oksana, they probably have no idea how to answer it
I am starting to see why projects are decentralizing
Many of us feel your pain Christian!
Thomas De Haan
@Milton, thanks for your confidence in the EC ;-)
Well, territorial jurisidiction and global internet don’t match, seems authorities around the world keep bumping up against this
Redacted slides again.
Big grey rectangle on. My side
needs to go into presentation mode
Blacked out rectangles getting bigger!
I started to sigh relief about the scale of a business / SME providing some relief to registrars to have a chance to open back up .... until bill's presentation - it sounds like the SME definitions and exceptions on scale are irellevant
ist the presenters view
at least this way the black boxes do not block the slides
A bit better but it’s the wrong presenter view
3 dots menu - close notes for the presenter, than its real fullcreen
if negotiations are finalized in 2022 then transposition deadline will be in 2024 or 2025, depending on actual 2022 date? what are the chances that member states would transpose faster than 18 months?
if the infringement proceedings regarding the EECC are any indication, Becky, not exachtly high
Ireland usually misses the deadline
and the kids are at the cat videos on YouTube again...
yikes. rectangle proliferation
He needs a better router with QOS rules
Obviously we should ditch Zoom and switch over to Microsoft Teams
No, its low quality mic. :)
DNS4EU … the new monster of Loch Ness
Paid advertisement, Mark?
At your service, Milton!
the screens would be blue and not black ;)
the error messages would be more cryptic
@kristoff didn’t Quad9 already solve that by moving in this direction?
I dunno. I tried to use Teams for a talk in Pakistan from California, and it was a disaster. The fix was to use zoom.
there so now its less an advert. MS = member states again
wolfgang kleinwaec hter
Question to Christian: Any plans for an initiative on LAWS?
wolfgang kleinwaec hter
Lethal Autonomous Weapon Systems
Just to quantify that DNS issue with single domain hosters. There were 879,165 hosters (dns grouped by domain name) in .COM in Jan 2021. Of these, 525,995 were single domain name hosters.
interesting, thanks John
And how many individual authoritative servers were involved in serving those domains?
I wouldn’t mutiply by two
since I’m seeing so many running two NS off one IP
but John probably knows
Those are hosters (dns grouped by domain name of hoster). Yep. Some control panels automatically set up DNS and single IP DNS is not unusual. At least one major HSP does this.
Is there any search tool for comments and answers in Zoom?
Is there a way to change the ironic redaction settings in zoom?
Because all this setup is automated, the registrant may not even have a clue that they have a DNS associated with their domain name.
JMCC - yes
most of them don’t know what it is or why it matters
@jmcc yes and ... enter things like handshake that completely decentralize DNS
Or care, Michele. The only thing that matters is that it works.
"Autonomous" root servers isn't necessary unless there is a desire to alter the contents of the zone. I hope that isn't the case.
The silly eu root servers idea again…
@Jothan it is hard enough to track the zones as it is. :)
there are root servers in the EU - yes
They really don’t understand
I really don’t want the EU operating them
the question is what problem is this the solution for?
+1 Peter Koch:-)
Peter- it’s a solution looking for a problem
Yep, 15 years ago I discussed this with the commission as well.
Anne-Marie Eklund Löwinder
EU funding - hm - tempting. :)
Did China do this well?
Europe is immensely provisioned for resolution service, so what is the issue?
Ashley - US big tech?
beyond that I don’t know
(bogeyman I assume)
Measures of market concentration asserted are completely wrong. We (IGP, Ga Tech) would be happy to point you to some research about that
@ashkey. Yes, that has always been my argument,
Getting a .EU ccTLD vibe about this and not in a good way.
@JMCC - you saw my blog post? :)
The EC's wonderful bidding process? :)
so sad there are no venues for good practices for the DNS
Strange that they missed the whole Brexit thing. :)
at least some Chinesescholar understand it is not necessary and try to keep a distance with the idea of running a separate Chinanet
I haven't heard the term "ICANN" used when talking about DNS standards. Is that for a reason?
Jeff - wouldn’t they be coming from IETF?
Delusions of digital sovereignty from the EU
that depends on your definition of ‘standard’
(you did say standard)
wolfgang kleinwaec hter
How much support the technical community needs from the EU
@Michele - IETF develops technical standards, but I would argue the policy standards are not within the IETF
So within the IETF they developed the standard for DNSSEC. The promotion and adoption of DNSSEC is not within the scope of IETF (in my opinion)
Is someone going to mention WHOIS accuracy to the EU and the related problems?
Jeff - ccTLDs are not bound by ICANN
Absolutely right, Michele
@Michele - I didn't hear that any of this was limited to ccTLDs.....but perhaps I missed it
When the EU talks it’s looking at member states and ccTLDs - not ignoring gTLDs
if you count .eu as a ccTLD, I could see the EC proclaiming THAT one in scope
@Michele - I believe it also looking at gTLDs that operate within the EU
Your belief is correct Jeff
@Jeff It is a gateway TLD rather than a ccTLD. People go there before being redirected elsewhere.
anyone here been involved in these ‘studies’?
And I believe that these stats now on registries and registrars is likely with gTLDs
This is a serious question: Who determines if the information is "accurate?" The person who provided it?
And there's the Catch 22, Ashley. :)
There are still EU Member States without at least a single copy of the root server located in the territory and network infrastructure of the country. The local government has no competence to address this issue. Yes, it is a security issue. What do you suggest as a solution?https://root-servers.org/
@Peter also a Loch Ness monster story I guess
,Who determines if information is accurate in any "know your customer" law?
If they are responding regarding something registered with them, I would expect them to give the information associated with the registration. If that information is no longer accurate, I don't see how they can assure that.
Do we have a frame of reference for what would constitute "undue delay"?
Plus as we all know, things that apply within the EU (or conversely within the US) have a funny way of making it into treaties and trade agreements.....
Mark - is that the case for this directive? I'm not sure that is the case.
@Peter I compile stats and have never heard of these people. They don't seem to be able to quantify the problems that they want to solve.
Ashley - it feels like a de facto KYC regulation.
Which is why I suggest using 3rd party identity providers
This feels a bit like we're being legislated into a scylla and Charybdis situation on untangling the redaction conseqeunces
Accuracy under GDPR is defined in relation to the purposes for which it is processed, so arguably if data is processed for a purpose of facilitating communication to a domain registrant, then the registrant’s provision of a non-functional email address would not be sufficient, etc.
Even if that was intentional by the data subject
Accuracy in the GDPR is a sole right of the data subject, which is not the scope here
Can you provide a source for that?
@Peter Koch: Agree with you
NIS2D is not GDPR. It is addition to GDPR. Accuracy requirements in NIS2D are separate from GDPR and do not conflict with GDPR.
Will the Q&A be publsihed as well, for as far as these questions were answered via correspondence?
Why can’t you do that via ICANN?
EU is represented in GAC, and Europeans are active in all stakeholder groups, SOs and ACs
@Milton The domain market is already balkanizing. The ccTLDS are outstripping sales of gTLDS in their country level markets.
That’s incorrect @John. a larger market share for ccTLDs has nothing to do with “balkanizing” DNS
Geo Van Langenhove
@Peter: GDPR Art. 5 2: The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).And paragraph 1 says "Personal data shall be: (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);"
ccTLD reg volume as a % in country markets overtook gTLD reg volume in many countries since 2008.
The root is still uniform and the root zone the same
@Milton The domain name market rather than DNS.
I find that is a huge difference in having a (potential)obligation to _identify_ the registrant/Customer versus receive/secure “accurate” registration data about the said registrant/customer
We are not talking about DNS market share, it’s totally irrelevant to the issue of governing security and operations of the global DNS
why just DNS-RELATED WHOIS data? Isn't IP data equally important?
They seem to have completely bypassed addressing and routing.
@Milton it is ccTLD markets versus gTLD markets. The gTLDs have been overtaken in EU by ccTLD reg volume/sales. The balkanization aspect applies to how markets are splitting and moving away from gTLDs as their primary domain names.
Answer about max fines not applying to Art 23 does not answer the question about whether there are ANY fines.
Answer about max fines does not explain how one can avoid a fine if there is noncompliance in spite of best efforts and swift mitigation once noncompliance is detected.
John, again, it is nonsensical to refer to shifting market shares as “balkanization” or fragmentation. The market is globally integrated, even if the shares of different providers change
John, you and Milton are having a pedantic debate about the word "balkanization". Just replace that word and you can discuss the topic more clearly.
If the customer willingly provides false information who is responsible in terms of the accuracy requirement?
Thank you for the clear and unambiguous statement regarding the protection of personal data contained in legal person data.
hello from the Balkans ;)
@Milton When a market shifts,, the number of single registration domain name rises in a ccTLD. The registrants don't bother registering domain names in other TLDs (gTLDs) as they did historically.
what you don’t seem to understand is that the only reason people can make a market choice between ccTLDs and gTLDs is that the root zone is integrated and either domain name will work globally. Do you understand that now?
In earlier times, that was easy. You registered in you local ccTLD and .com or some of the others. Now it is too many gTLDs to cover everything.
I am talking about the global governance structure for the entire DNS. I care nothing about who has what market share
I'm talking about markets and not DNS.
indeed. which is irrelevant to the issues we are discussing here
It is quite relevant because the markets dictate registration patterns and in the EU, the trend has been towards ccTLDs and away from gTLDs for some time now.
do you need a globally accepted root or not?
Case closed. Whether 4% of users shift from gTLDs to ccTLDs is not an important issue in NIS2 or anywhere really
Some gTLDs are flatlining in EU markets. Some of the largest ccTLDs are EU ccTLDs. The .COM was the main TLD in some of these markets until the ccTLDs took over. It is very important when the EU has to deal with a multitude of registries than just ICANN. Many of those registries are within EU jurisdiction.
Is there a reliable resources on ccTLD registration trends in the last 3-5 years and in comparison to gTLDs?
Craig - JMCC would probably have that data
I also put the historical %s from the Versign/ccTLD markets in the Domnomics book in the Domain Tasting chapter. Should be in the free pages.
Interesting answer re whether registrars are essential providers. The answer focused on whether the registrar is also a DNS provider. In other words, their function as a DNS provider is primary and their function as a registrar is not considered. Conversely, in the ICANN contractual and governance framework, registrars have a primary role and DNS providers are not part of either the contractual or governance framework.
Steve, I noticed that too. Disappointing...
@Steve, the answer is problematic as the DNS aspects of a registrar are not mandatory and not offering these would be a convenient way to avoid the obligations!
Some of the larger DNS providers are actually registrars now. (Cloudflare being a good example.) The line is getting a bit blurred.
Is it possible to invite you to participate in national IGF and especially Youth IGF in non-EU countries?
I think we'll now see registrars spinning off their associated DNS offerings
Thank you all
Thx to the Commission for this session
Thank you to the speakers and presenters, and Elena's moderation. Appreciate all the information , and to the commission for this session.
Thanks to ICANN/Elena for setting up this excahnge
@Jothan More takeovers and mergers more likely.
Thank you all — and especially to Elena/ICANN for organising this
You too Olivier and other EC folks.
Thanks all, this was very helpful and informative!
Alarming but informative...
Thanks for this informative session
Thanks Elena/ICANN/EC. It was interesting if a little unsettling.
Thank you, Elena and ICANN for organising this webinar!
Very informative and helpful. Thank you for taking time to present this to us.
Isabel Cristina De Avila Benitez
Thanks to ICANN Isabel De Avila Managing Director .CO
Thanks a lot, it was really interesting!
Thank you EU COM and ICANN/Elena for this useful briefing!
Good session. Very useful
Yes, very interesting and a lot to unpack
Very helpful Thanks
Thanks to everyone for your respectful and professional participation
Geo Van Langenhove
thank you, very informative!