Subject: Impact of Canada’s Bill C-22 (Lawful Access Act 2026) on the North American End-User

 

Dear NARALO Colleagues and At-Large Community,

 

As we move through the 2026 leadership cycle, I have been closely monitoring legislative developments in Canada that carry significant implications for our regional mission: protecting the rights and security of internet end-users.

 

I recently followed the discussions hosted by ISOC Canada in Ottawa regarding Bill C-22 (The Lawful Access Act). This bill just cleared a major milestone on April 20, 2026, passing its second reading and moving to the Committee stage (SECU) for detailed study. It introduces several measures that the NARALO community should have on its radar:

• Subscriber Information Access: The bill lowers the evidentiary threshold for law enforcement to access subscriber details from "reasonable grounds to believe" to the lower standard of "reasonable grounds to suspect."
• Mandatory Data Retention: Under Part 2, the government could mandate that electronic service providers retain metadata (including location data) for up to a year, creating potential security "honeypots."
• Technical Integrity: There are serious concerns about "mandated capabilities" for interception. Experts (including Michael Geist) have flagged that these requirements could introduce systemic vulnerabilities or "backdoors" into the DNS and network architecture.

 

As a candidate for the ALAC position, I believe NARALO must play a central role in translating these complex national legislative trends into actionable insights for the At-Large community. Whether it is through educational initiatives—similar to the technical translation work I’ve led for the VSIG course—or formal policy comments, we must ensure the end-user's voice is heard.

 

I would love to hear from our colleagues in the US and the Caribbean—are you seeing similar "lawful access" or metadata retention pressures in your jurisdictions? How can NARALO better coordinate a regional response to these infrastructure-level shifts?

 

I look forward to discussing this further during our upcoming monthly call.

 

Best regards,

 

Mohibul Mahmud

NARALO ALAC Candidate

On Tue, Apr 21, 2026 at 1:43 PM Mohibul Mahmud <mohibul.mahmud@gmail.com> wrote:

Subject: AI-Enhanced Phishing and the Evolution of MFA Bypass: Key Insights for At-Large

Dear NARALO and ALAC Colleagues,

As we continue our discussions on DNS abuse and end-user safety, I wanted to share some critical updates regarding the evolving threat landscape, particularly how AI is being used to refine attacks against individual users.

In a recent briefing from Microsoft Security, several trends were highlighted that I believe are directly relevant to our policy work and outreach efforts:

• The "Refinement" Shift: AI is no longer just about the volume of attacks. Threat actors are using it to create highly localized and role-specific messaging. This has resulted in a 450% increase in phishing click-through rates, as the traditional "red flags" (like poor grammar or generic lures) are disappearing.

• Modular Cybercrime Ecosystems: We are seeing a shift toward "modular" service models, such as the recently disrupted Tycoon 2FA. These systems allow even low-skilled actors to launch sophisticated "adversary-in-the-middle" attacks that can bypass standard Multi-Factor Authentication (MFA) in real time.

• Impact on North America: Approximately 25% of these observed AI-driven threats are currently targeting the United States and Canada, making this a primary concern for our NARALO constituency.

I believe these developments underscore the need for us to advocate for more resilient, phishing-resistant authentication standards (such as FIDO2/Passkeys) and to update our digital literacy frameworks to reflect this new "AI-upgraded" threat tempo.

You can watch the full briefing here: How AI agents change the threat landscape

I look forward to discussing how we might integrate these insights into our upcoming policy statements and community outreach.

Best regards,

Mohibul Mahmud 

NARALO / ALAC Candidate 

RSSAC Caucus Member

On Mon, Apr 20, 2026 at 12:59 AM Mohibul Mahmud <mohibul.mahmud@gmail.com> wrote:

Hi Evan and team,

I have been following the recent discussion about the need for more practical, end-user-focused materials as NARALO’s DNS abuse work moves forward.

With that in mind, I drafted a plain-language DNS abuse guide for the NARALO community. The goal was to create something practical and accessible, with a focus on actions members can take right away, such as using protective resolvers like Quad9 and CIRA Canadian Shield, as well as encrypted DNS. In that sense, I hoped to help move the conversation from policy definitions toward practical end-user protection.

I have attached the draft here and would welcome your feedback on whether this is the kind of operational outreach resource that would be useful for the committee’s work.

Best regards,
Mohibul

On Sun, Mar 22, 2026 at 11:26 PM Mohibul Mahmud <mohibul.mahmud@gmail.com> wrote:

Hi Evan, Glenn, and all,

Thank you, Evan — this is a wonderful and highly relevant addition to the discussion. CIRA's Canadian Shield is something I was not previously aware of, and it strengthens the case for our proposed guide considerably. The combination of DNSSEC support, encrypted DNS over TLS and HTTPS, and the privacy protections you highlighted makes it a compelling recommendation for Canadian members specifically — alongside Quad9 for the broader North American audience.

I think we now have the foundation for a genuinely useful resource. The outline is taking shape naturally from this thread:

• ICANN's official DNS abuse definitions as the policy anchor
• Quad9 (9.9.9.9) for general international users
• CIRA Canadian Shield for Canadian users
• RBLs such as Spamhaus for email protection
• Optional advanced protections including DNS over TLS and HTTPS

I would love to see this move forward as a NARALO initiative. I am happy to contribute to the effort and look forward to discussing next steps with the group — perhaps we can identify the right home for this on the agenda of an upcoming NARALO Monthly Call.

Best regards,
Mohibul Mahmud
NARALO Member

On Sun, Mar 22, 2026 at 9:39 PM Evan Leibovitch <evanleibovitch@gmail.com> wrote:

Hi Mohibul,

As it turns out, I have been doing some thought and research on this topic, and may expand further on it in the future.

Your idea for an end-user guide is an excellent one and I offer my assistance should NARALO pursue.

In my research I found that the only entity in the whole Internet Governance field that has given this issue any attention is Canada's ccTLD, CIRA. In a project called "Canadian Shield", CIRA has provided mobile apps and configuration guidance (for desktops and routers) on how to use its own public DNS servers (149.112.121.20/149.112.122.20).

I find in my own tests that Canadian Shield servers consistently provide the fastest response ... though that might not be the case for non-Canadians. As well as DNSSEC it supports encrypted DNS over TLS or HTTPS, which is also important in privacy considerations if you suspect your ISP is collecting data on what users access. Personally I use both CIRA and Quad9.

Even further protection is available at the DNS level if you want to extend blocking to ads or adult content.

Again, thanks for the suggestion. I hope it gets picked up and is offered some resources.

- Evan

 

On Sat, Mar 21, 2026 at 2:51 PM Mohibul Mahmud <mohibul.mahmud@gmail.com> wrote:

Subject: DNS Abuse & AI – Proposed NARALO Action: Member Guide

Dear Glenn and Evan,

I am writing to synthesize the key takeaways from the ICANN 82 roundtable discussion, "DNS Abuse and AI: Combatting and Enabling Threats," and to propose a concrete next step for NARALO.

The session highlighted a sophisticated, three-dimensional landscape regarding DNS abuse. On one hand, we have the formal ICANN policy definitions focusing on malware, botnets, phishing, pharming, and spam. On the other, we discussed the cutting-edge AI defense mechanisms presented by panelists like Jeff Bedser of CleanDNS, which leverage machine learning for near real-time detection (13:13).

However, a significant gap remains between these high-level policy discussions and the immediate, practical needs of the general internet user. As Evan highlighted in his response, many average users are bypassed by these technical efforts and remain vulnerable to daily threats.

To bridge this gap, I propose that NARALO develop a simplified, one-page guide for our members. This guide would synthesize the official ICANN focus on DNS abuse with a step-by-step tutorial on implementing effective, DIY mitigation tools — such as utilizing specific DNS providers like Quad9 (9.9.9.9) or RBLs.

This initiative would directly align NARALO's policy-driven mission with tangible, practical benefits for our community. I look forward to hearing your thoughts on this proposal.

Best regards,
Mohibul 

(360) DNS Abuse and AI: Combatting and Enabling Threats (EDIT) - YouTube

On Mon, Mar 9, 2026 at 8:57 PM Evan Leibovitch via NA-Discuss <na-discuss@icann.org> wrote:

Hi Glenn, and thanks for this.

I agree with you about the lack of clarity. The slide deck is very informative, but it seems to ignore what are now the most effective ways that the general public now confronts DNS abuse. They seem to be off the radar of the entire ICANN community because they've evolved as workarounds that do not wait for committees or government agencies or working groups to act, indeed they bypass ICANN completely:

• Abuse-limiting DNS servers: Anyone can override the DNS server provided by their ISP in their phone, PC or home router if they wish. Setting this manually enables anyone to send their DNS queries to a server that maintains lists of abusing DNS domains and refuses to feed them to you. There are many examples, the best of which (IMO) is the Swiss nonprofit Quad9. Setting your DNS server to 9.9.9.9 sends queries through this well-trusted site which is free to use and does not require setting up an account. They maintain a database of millions of malicious domains which is updated in real-time. It's easy to use, and an immediate step that protects the privacy of DNS lookups while blocking bad domains.  (Quad9 provides setup guides for PCs, phones and routers; here is a video that compares it to alternatives.)
  
  
• Spam is correctly noted in the slide deck as being an enabler of DNS abuse rather than the abuse itself. However the slide deck makes no mention of the massive amounts of volunteer time that go into creating Remote Blackhole Lists (RBLs) that maintain not only domains but also IP addresses of sources of unwanted and unsolicited email. The best known of these is Spamhaus but there are a few of them. They sometimes suffer from false positives, but there is a well-documented process for legitimate bulk-email senders to get removed from the lists. Many mail systems implement some kind of such blocking; anyone who looks at the spam folder of their Gmail will see this in action.
  Spam is specifically also the subject of legislation in both Canada (CASL) and the US (CAN-SPAM).

As the component of the ICANN that is closest to the end-user, if we in NARALO are interested in the actual practice of helping the public mitigate DNS abuse -- something that can be done by anyone, TODAY -- we can (and should) do much more than just point to internal ICANN process churn and pray that the contracted parties do the right thing. The solutions I have listed above unabashedly bypass the ICANN-registry-registrar chain in their pursuit of practical abuse mitigation. ICANN's work is trying to stop abuse at the source with limited success despite  decades of work. Well-meaning people joined NARALO chiefly to address abuse (old-timers here will remember Marc, Garth and Beau) but left out of frustration. Abuse-minded DNS servers and RBLs perform the task at the receiving end and appear to be more successful in the actual problem solving; it's much easier to ignore a bad domain than to take it down but the end-user effect is the same. The slide deck makes mention of PDNS but it's never elaborated.

I ask everyone here: what action is both easier and more likely to help you and your family reduce exposure to DNS abuse, right here right now?

1. Explaining ICANN processes and hoping it will all work out?
2. Monitoring Netbeacon and pressuring registries and/or ICANN to act on its information?
3. Setting your devices' DNS to 9.9.9.9? 

Education about Abuse-resistant DNS servers and DIY abuse mitigation should be part of ICANN's (and especially At-Large's) public mandate. That these solutions did not come from within ICANN (and indeed ignore it completely) does not negate their intense potential for public benefit in this realm. NIH thinking must be resisted.

- Evan

 

On Mon, Mar 9, 2026 at 1:01 PM Glenn McKnight via NA-Discuss <na-discuss@icann.org> wrote:

Hi Greg and Rookayya 

I  attended and watched the  recordings of the  DNS Abuse Mitigation sessions in Mumbai ( remotely )  and I need to confess that the group dance around the concrete issues which impacts the user community. 

As a result I spent some time tailoring a AI Gemini  slideshow given the parameters of making sense of the topic and I've added the result of slideshow as a EBOOK 

https://online.fliphtml5.com/gnel/DNS_Abuse_Playbook/

We are suffering by a lack of clarity and plain speaking on this topic.  I hope this slideshow can help our membership in trying to undersatnd the basics.

Glenn

Glenn McKnight, MA 

Virtual School of Internet Governance 

Chief Information Officer

www.virtualsig.org 

YOUR SOURCE FOR INTERNET GOVERNANCE EDUCATION 

Mobile  437-237-4655

------
NA-Discuss mailing list -- na-discuss@icann.org
To unsubscribe send an email to na-discuss-leave@icann.org

Visit the NARALO online at http://www.naralo.org
------
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

--

Evan Leibovitch, Toronto Canada

@evanleibovitch / @el56

------
NA-Discuss mailing list -- na-discuss@icann.org
To unsubscribe send an email to na-discuss-leave@icann.org

Visit the NARALO online at http://www.naralo.org
------
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

--

Evan Leibovitch, Toronto Canada

@evanleibovitch / @el56