Verisign Service Request - Malware monitoring and Malicious site takedown
Verisign has requested ICANN permission to offer a new service under the Registry Service Evaluation Process (RSTEP). There are two services described within the proposed Verisign Anti-Abuse Domain Use Policy. - Periodic scans of websites to identify possible malware - An anti-abuse policy and procedures to take down sites that violate the policy. They would be applicable to the .com, .net and .name TLDs managed by Verisgin. The full request can be seen at http://www.icann.org/en/registries/rsep/verisign-com-net-name-request-10oct1..., and there are articles about the request at http://www.theregister.co.uk/2011/10/11/verisign_asks_for_web_takedown_power... and http://domainnamewire.com/2011/10/11/verisign-proposes-takedown-procedures-a.... There are already a few comments on the service - see http://forum.icann.org/lists/registryservice/. In theory, ICANN could approve the service in as little as two weeks from today. However, in this case I suspect that a longer time will be allowed, and perhaps a formal Public Comment period will also be opened. As you will see from the news articles and the early comments, there are a number of issues involved here and the ALAC may well want to comment on this Service Request. Alan
*Thank you Alan for pointing this out. * * * *The proposal under consideration illustrates the approach of many large companies today, calling for self-regulation to replace a proper regulatory body acting in the public interest. We've seen how Greenspan, Paulson and others, by playing down the regulatory duties of the US federal government over the years, have allowed widespread disaster in the financial sector, with incalculable consequences for taxpayers worldwide.* * * *Verisign's proposal brings up questions which have been well formulated by the commentators Alan has pointed to (Kirikos, Jeftovic) and which should also be looked at from a (higher) policy standpoint: * *- to what extent can a private company be allowed to exercise regulatory duties, against payment?* *- the proposed mechanism carries the risk of collateral damage to legitimate entities and users. * * * *Alan, I support your call for ALAC to adopt and make known its position on this.* * * *Regards,* *Jean-Jacques.* On 12 October 2011 03:20, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Verisign has requested ICANN permission to offer a new service under the Registry Service Evaluation Process (RSTEP).
There are two services described within the proposed Verisign Anti-Abuse Domain Use Policy. - Periodic scans of websites to identify possible malware - An anti-abuse policy and procedures to take down sites that violate the policy. They would be applicable to the .com, .net and .name TLDs managed by Verisgin.
The full request can be seen at
http://www.icann.org/en/registries/rsep/verisign-com-net-name-request-10oct1... , and there are articles about the request at
http://www.theregister.co.uk/2011/10/11/verisign_asks_for_web_takedown_power... and
http://domainnamewire.com/2011/10/11/verisign-proposes-takedown-procedures-a... .
There are already a few comments on the service - see http://forum.icann.org/lists/registryservice/.
In theory, ICANN could approve the service in as little as two weeks from today. However, in this case I suspect that a longer time will be allowed, and perhaps a formal Public Comment period will also be opened.
As you will see from the news articles and the early comments, there are a number of issues involved here and the ALAC may well want to comment on this Service Request.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
There are some interesting commentaries published on this: http://arstechnica.com/business/news/2011/10/verisign-wants-power-to-scan-si... On Wed, Oct 12, 2011 at 3:46 PM, Jean-Jacques Subrenat < jj.subrenat@welho.com> wrote:
*Thank you Alan for pointing this out. * * * *The proposal under consideration illustrates the approach of many large companies today, calling for self-regulation to replace a proper regulatory body acting in the public interest. We've seen how Greenspan, Paulson and others, by playing down the regulatory duties of the US federal government over the years, have allowed widespread disaster in the financial sector, with incalculable consequences for taxpayers worldwide.* * * *Verisign's proposal brings up questions which have been well formulated by the commentators Alan has pointed to (Kirikos, Jeftovic) and which should also be looked at from a (higher) policy standpoint: * *- to what extent can a private company be allowed to exercise regulatory duties, against payment?* *- the proposed mechanism carries the risk of collateral damage to legitimate entities and users. * * * *Alan, I support your call for ALAC to adopt and make known its position on this.* * * *Regards,* *Jean-Jacques.*
On 12 October 2011 03:20, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Verisign has requested ICANN permission to offer a new service under the Registry Service Evaluation Process (RSTEP).
There are two services described within the proposed Verisign Anti-Abuse Domain Use Policy. - Periodic scans of websites to identify possible malware - An anti-abuse policy and procedures to take down sites that violate the policy. They would be applicable to the .com, .net and .name TLDs managed by Verisgin.
The full request can be seen at
http://www.icann.org/en/registries/rsep/verisign-com-net-name-request-10oct1...
, and there are articles about the request at
http://www.theregister.co.uk/2011/10/11/verisign_asks_for_web_takedown_power...
and
http://domainnamewire.com/2011/10/11/verisign-proposes-takedown-procedures-a...
.
There are already a few comments on the service - see http://forum.icann.org/lists/registryservice/.
In theory, ICANN could approve the service in as little as two weeks from today. However, in this case I suspect that a longer time will be allowed, and perhaps a formal Public Comment period will also be opened.
As you will see from the news articles and the early comments, there are a number of issues involved here and the ALAC may well want to comment on this Service Request.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki:
https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
-- Salanieta Tamanikaiwaimaro aka Sala Tweeter: @SalanietaT Skype:Salanieta.Tamanikaiwaimaro Cell: +679 998 2851
Another link: http://www.theregister.co.uk/2011/10/11/verisign_asks_for_web_takedown_power... On Wed, Oct 12, 2011 at 3:48 PM, Salanieta T. Tamanikaiwaimaro < salanieta.tamanikaiwaimaro@gmail.com> wrote:
There are some interesting commentaries published on this:
http://arstechnica.com/business/news/2011/10/verisign-wants-power-to-scan-si...
On Wed, Oct 12, 2011 at 3:46 PM, Jean-Jacques Subrenat < jj.subrenat@welho.com> wrote:
*Thank you Alan for pointing this out. * * * *The proposal under consideration illustrates the approach of many large companies today, calling for self-regulation to replace a proper regulatory body acting in the public interest. We've seen how Greenspan, Paulson and others, by playing down the regulatory duties of the US federal government over the years, have allowed widespread disaster in the financial sector, with incalculable consequences for taxpayers worldwide.* * * *Verisign's proposal brings up questions which have been well formulated by the commentators Alan has pointed to (Kirikos, Jeftovic) and which should also be looked at from a (higher) policy standpoint: * *- to what extent can a private company be allowed to exercise regulatory duties, against payment?* *- the proposed mechanism carries the risk of collateral damage to legitimate entities and users. * * * *Alan, I support your call for ALAC to adopt and make known its position on this.* * * *Regards,* *Jean-Jacques.*
On 12 October 2011 03:20, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Verisign has requested ICANN permission to offer a new service under the Registry Service Evaluation Process (RSTEP).
There are two services described within the proposed Verisign Anti-Abuse Domain Use Policy. - Periodic scans of websites to identify possible malware - An anti-abuse policy and procedures to take down sites that violate the policy. They would be applicable to the .com, .net and .name TLDs managed by Verisgin.
The full request can be seen at
http://www.icann.org/en/registries/rsep/verisign-com-net-name-request-10oct1...
, and there are articles about the request at
http://www.theregister.co.uk/2011/10/11/verisign_asks_for_web_takedown_power...
and
http://domainnamewire.com/2011/10/11/verisign-proposes-takedown-procedures-a...
.
There are already a few comments on the service - see http://forum.icann.org/lists/registryservice/.
In theory, ICANN could approve the service in as little as two weeks from today. However, in this case I suspect that a longer time will be allowed, and perhaps a formal Public Comment period will also be opened.
As you will see from the news articles and the early comments, there are a number of issues involved here and the ALAC may well want to comment on this Service Request.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki:
https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
-- Salanieta Tamanikaiwaimaro aka Sala
Tweeter: @SalanietaT Skype:Salanieta.Tamanikaiwaimaro Cell: +679 998 2851
-- Salanieta Tamanikaiwaimaro aka Sala Tweeter: @SalanietaT Skype:Salanieta.Tamanikaiwaimaro Cell: +679 998 2851
Dear Jean-Jacques, Good point. *- to what extent can a private company be allowed to exercise regulatory
duties, against payment?*
Private companies, particularly ISPs and now registries/registrars, have long been taking down intellectual property infringing websites. It is not a surprise to extend the practices to cyber-security areas. I actually raised this possibilities at ICANN Cybercrime Forum 2009 in Seoul. At that time, most registries present deemed that too burdensome, although they would have to comply with UDRP to shield trademark owners. I think it would be good if ICANN to enact the policy not only to take care of private interests of trademark owners but public interests against malware.
*- the proposed mechanism carries the risk of collateral damage to legitimate entities and users.
Sure. Hong -- Dr. Hong Xue Professor of Law Director of Institute for the Internet Policy & Law (IIPL) Beijing Normal University http://www.iipl.org.cn/ <http://iipl.org.cn/> 19 Xin Jie Kou Wai Street Beijing 100875 China
participants (4)
-
Alan Greenberg -
Hong Xue -
Jean-Jacques Subrenat -
Salanieta T. Tamanikaiwaimaro