Domain Name System Abuse and Human Rights Impact Assessment: A Table Top Exercise
Co-authored with Michaela Shapiro from Article 19
The Internet Corporation for Assigned Names and Numbers (ICANN) plays a pivotal role in coordinating the allocation of Internet domain names and developing related policies. Despite its focused mandate, the ICANN community engages in discussions on a wide range of critical issues such as privacy, security, technical Domain Name System (DNS) abuse, trademark infringement, law enforcement access to registrant information, and data accuracy. These topics have significant implications for human rights and Internet governance.
To address these concerns, civil society has actively worked to integrate human rights principles, including the right to privacy and freedom of expression, into ICANN’s policy development processes. The Noncommercial Users Constituency (NCUC), established over two decades ago, as well as the Cross Community Working Party on ICANN and Human Rights (CCWP-HR), have been instrumental in this endeavor.
In April 2024, ICANN amended its agreements with registries and registrars to enhance the enforceability of DNS Abuse mitigation measures and to provide compliance guidance. As defined by ICANN, DNS Abuse encompasses technical misuses of domain name registrations as manifested in five specific ways: botnets, malware, pharming, phishing, and spam (when spam serves as a delivery mechanism for one of the aforementioned forms of DNS abuse) . It is important to note that DNS Abuse definition is limited to technical abuse and does not include website content abuse as mandated by ICANN’s bylaws.
Registries and registrars have sought community feedback on effective DNS abuse mitigation strategies. The Noncommercial Stakeholders Group (NCSG) has consistently emphasized that successful mitigation should not solely focus on the number of domain suspensions or takedowns. It should also consider qualitative aspects, including the processes employed, the provision of due process to the accused, and clear due process mechanisms to address false positives and provide redress to those impacted. The CCWP-HR in its Human Rights Gap Analysis of ICANN’s amendments to the base gTLD Registry Agreement (RA) and Registrar Accreditation Agreement (RAA) has similarly cautioned registries/registrars to ensure that enforcement or mitigation mechanisms remain within the scope of ICANN’s remit and that procedural safeguards are integrated to protect registrants’ rights.
To develop community-based qualitative measures, the Registries and Registrars DNS Abuse Working Group, in collaboration with the NCSG (which Digital Medusa and Article 19 are members of), is organizing a joint session to engage with various stakeholders—including governments, end-users, intellectual property owners, security experts, and human rights advocates. This session is scheduled for Sunday, November 10, 2024, at 10:30 AM GMT+3 during ICANN81 in Istanbul. You can also attend remotely if you register for ICANN81.
We have built this session based on valuable work that civil society and NCSG has done in the past, for example using BSR rapid human rights impact assessment (which Digital Medusa applied to an ICANN issue) and Article 19’s extensive work on human rights due diligence and Internet infrastructure. You can find the scenarios and the questions here.
ICANN brings together a unique multistakeholder environment that is very open, accessible and transparent. This multistakeholder dialogue aims to explore the potential human rights impacts of DNS abuse mitigation and identify strategies to address these impacts while effectively combating abuse. The insights gained from this session may offer valuable lessons applicable to broader fields, such as digital trust and safety, contributing to the protection of human rights while ensuring safety and freedom on the Internet.
We look forward to your participation in this important discussion.
