Hello Dennis,
I am writing regarding my request on today’s call to have equal time should the RrSG be permitted time to present on current Privacy Proxy services in the marketplace.
First, I want to address your concern about limiting our work to ICANN’s narrow mandate. There have been several ICANN community events in which the issue of registrant verification has been discussed. See for example ICANN79 ccNSO Tech
Day, eID panel discussion,
https://icann79.sched.com/event/1a1DU/tech-day-3-of-4; ICANN79 ALAC Plenary – Building Trust on the Internet through Registrant Verification,
registrant-verification; and the recent ICANN Contracting Party Summit session entitled NIS 2.0 and Registrant Verification,
https://cpsummit2024.sched.com/event/1c1fQ/nis2registrant-verification
Also, excluding these factual data points on what is currently feasible within the domain name marketplace appears to be inconsistent with ICANN Org's public statements. In connection with ICANN Org’s response to the US CIRCIA Notice of
Proposed Rule Making, ICANN Org made the following statement:
The multistakeholder system also allows for the development and implementation of
global policies. Global policies enable the Internet to remain a single, unified and interoperable
platform. By contrast, regulation by local, national or regional governmental bodies risks
fragmenting the Internet and creating conflicting obligations for Internet stakeholders.
Regulation by one jurisdiction incentivizes other jurisdictions to intervene with their own policy
objectives. See
https://www.regulations.gov/comment/CISA-2022-0010-0437
If this IRT group wants to explicitly exclude market-based solutions currently available within the broader domain name marketplace, we should properly document this decision so that national governments in those markets will be free to
act based on ICANN’s inaction. I am copying Elena Plexida and Veni Markovski on this email as I believe this goes to the heart of some of the current WSIS+20 and GDC discussions taking place regarding the ongoing evolution and vibrancy of the ICANN multistakeholder
model.
I would also like to reshare the link I posted in the Zoom chat regarding the NIS 2.0 implementation guidance comment that I submitted to the Commission today regarding the broader DNS supply chain ecosystem, see https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14241-Cybersecurity-risk-management-reporting-obligations-for-digital-infrastructure-providers-and-ICT-service-managers/F3475150_en
Privacy and Proxy providers are key players in the broader DNS ecosystem that ICANN currently has no contractual oversight. NIS 2.0 Article 6 (22) defines privacy and proxy providers as entities “providing domain name registration services”
for purposes of Article 28. Therefore “[t]he relative complexity of the DNS registration supply chain described above (registry, registrar, reseller, registrant, hosts and other DNS providers) provides many opportunities for malicious actors” as described
in the OECD whitepaper on DNS security is even more complex when you add privacy and proxy providers.
Hopefully, this email helps clear up why I believe having ALL the available facts before the IRT is critical to our success.
Best regards,
Michael