Group of country code operators questions the EU’s study of DNS abuse.
Today, we heard from European country code domain operators, and their appraisal is not so rosy.
CENTR, a coalition of European ccTLD registries, called out some of the “misleading analysis and unfortunate conclusions in the study.”
The group said the definition of DNS abuse in the study is so broad that it encompasses all common forms of cybercrime. If it defines it this way, CENTR says it needs to include mitigation measures aimed at all actors, not just those in the domain ecosystem.
The DNS Abuse Study has therefore not provided any clear justification, nor abuse-specific explanation on why a proportionate resolution path targeting the intermediary that is closest to the content first is not appropriate, beyond a simplistic statement that this is generally not effective.
Indeed, domain registries and registrars are often used as the choke point because they are easiest to define and, in the case of gTLDs, under a common regulatory framework.
But ccTLDs and gTLDs are different. CENTR writes:
…the recommendations requiring ccTLDs to put in place similar measures to gTLDs also disregard the fundamental difference between the governance of gTLDs and ccTLDs. While technically a ccTLD and a gTLD perform similar functions in the DNS, their widely different policy arrangements are openly recognised by all stakeholders in the internet ecosystem. ccTLDs are governed by national and international law, while gTLDs also need to comply with ICANN policies. The specific rules and policies that govern ccTLDs depend on their country of establishment.
CENTR also argues against universal enhanced “know your customer” requirements given different requirements in various European countries. It also warns that increased requirements will deter people from creating websites:
Disproportionate verification obligations will hamper access to basic infrastructure by businesses and customers who wish to establish their online presence within the European domain space. This would cause a competitive disadvantage to the EU ccTLD industry, as end-users would rather opt for a more convenient option than a European domain name. Other options (such as a social media page) will allow the user to establish an online presence much faster and at much less cost.
The group also questions some of the suggestions in relation to the EU General Data Protection Regulation. The EU report’s suggestions seem to fly in the face of disclosure rules under GDPR.