[council] ICANN Policy Update
Below (and attached in Word with hyperlinks) are brief summaries of a number of significant Internet policy issues that are being addressed by the ICANN community's bottom-up policy development structure, as well as other significant activities of interest. This latest monthly update is provided by ICANN's Policy Staff in response to community requests for periodic summaries of ICANN's policy work. Links to additional information are included below and we encourage you to go beyond these brief staff summaries and learn more about the ICANN community's work. These monthly updates also will be available on our website. Our goal is to maximize transparency and broad community participation in ICANN's policy development activities. We continue to investigate more effective and efficient ways to communicate the relevance, importance and status of ongoing issues to the ICANN community. Comments and suggestions on how we can improve these efforts are most welcome and should be sent to policy-staff@xxxxxxxxx. Regards, Denise Michel ICANN VP, Policy ICANN POLICY UPDATE – April 2008 CONTENTS: 1. GNSO -- IMPROVEMENTS 2. GNSO -- DOMAIN NAME TASTING 3. GNSO -- WHOIS 4. GNSO -- INTER-REGISTRAR TRANSFER POLICY REVIEW 5. GNSO -- FAST FLUX HOSTING 6. GNSO/CCNSO -- BOARD SEAT ELECTIONS 7. MULTIPLE ENTITIES -- IDN ccTLDs 8. CCNSO -- INTERNAL IMPROVEMENTS CONTINUE 9. CCNSO -- PHISHING SURVEY 10. CCNSO -- NEW MEMBERS 11. ASO AC -- GLOBAL POLICY PROPOSALS (ASNs, IPv4) 12. SSAC -- DNSSEC BROADBAND ROUTER TESTING REVISED 13. SSAC -- ANTI-PHISHING ACTIVITIES 14. AT-LARGE -- NEW PRACTICES EXPAND POLICY PARTICIPATION 15. AT-LARGE -- NEW WEBSITE/PORTAL LAUNCHED 1. GNSO -- IMPROVEMENTS Background: The ICANN Board is considering a comprehensive set of recommendations to improve the structure and operations of the Generic Names Supporting Organization (GNSO). This is part of ICANN's ongoing commitment to its evolution and improvement, and follows an independent review of the GNSO and extensive public consultation. A working group appointed by ICANN's Board has developed a comprehensive proposal (GNSO Improvements Report) to improve the effectiveness of the GNSO, including its policy activities, structure, operations and communications. On 15 February 2008, the Board accepted the GNSO Improvements Report for consideration and directed ICANN staff to open a public comment forum on the Report for 30 days, draft a detailed implementation plan in consultation with the GNSO, begin implementation of the non-contentious recommendations, and return to the Board and community for further consideration of the implementation plan. Recent Developments: The period for public comments on the GNSO Improvements Report has been extended to 25 April 2008. Although many elements of the report seem to have broad support, the proposed stakeholder groups/constituency structures and allocation of seats on the GNSO Council continue to draw a significant amount of discussion from a variety of parties including the Business, Intellectual Property, and Internet Service Provider Constituencies who advocate a different allocation of seats than that recommended to the Board. Next Steps: Public comment period on the GNSO Improvements Report (closes 25 April 2008) -- subsequent Board action is expected at the Paris meeting. More Information: • GNSO Improvements information page < http://www.icann.org/topics/gnso-improvements/> • Full GNSO Improvements Report < http://www.icann.org/topics/gnso-improvements/gnso-improvements-report-03feb08.pdf> • Board resolution on GNSO Improvements < http://www.icann.org/minutes/resolutions-15feb08.htm#_Toc64545918> Staff Contact: Denise Michel, VP Policy Development 2. GNSO -- DOMAIN NAME TASTING Background: In Spring 2007, ICANN's At-Large Advisory Committee (ALAC), asked the GNSO Council to review the issue of "domain tasting." The term refers to a case when an entity registers a domain name and then tests to see if the name has sufficient traffic to provide more income than the annual registration fee (usually through the addition of pay-per-click advertising). If the address is deemed sufficiently profitable, it is kept. If not, the current "add grace period" (AGP) - where domains can be returned within five days without cost - is used to return the domain at no net cost to the registrant. Among other reasons, the practice is controversial because registrants who engage in this behavior can typically register many hundreds of thousands of domain names under this practice, with these temporary registrations far exceeding the number of domain names actually licensed. Over time, there has been a significant increase in the number of domains registered and returned prior to expiration of the AGP. A significant number of community members feel the AGP process presents a loophole that facilitates this conduct. In October 2007, after fact finding and consideration, the GNSO Council launched a formal policy development process (PDP) on domain tasting and encouraged ICANN staff to consider applying ICANN's fee collections to names registered and subsequently de-registered during the AGP. Subsequently, staff included in the initial draft of ICANN's next fiscal year budget, a proposal to charge a fee for all domains added, including domains added during the AGP. Public discussion of the budget, and this proposal, is ongoing. As part of the formal PDP process, an Initial Report was produced for public comment, outlining the problems caused by domain tasting, possible actions to be taken, and the arguments put forward for and against such actions . Public comments were incorporated into a draft Final Report posted on 8 February 2008. Recent Developments: At its 6 March 2008 meeting, the GNSO Council considered a motion drafted and subsequently revised by a small design team to stop the practice of domain tasting. The revised draft motion would prohibit any gTLD operator that has implemented an AGP from offering a refund for any domain name deleted during the AGP that exceeds 10% of its net new registrations in that month, or fifty domain names, whichever is greater. Under the terms of the motion, an exemption from the limitation may be sought for a particular month, upon a showing of extraordinary circumstances detailed in the motion. Public comments and constituency impact statements regarding the revised draft motion have been solicited and incorporated into a Final Report for Council consideration at its scheduled 17 April 2008 meeting. The comments and constituency statements reflect a plurality of views on what should be done to eliminate abuse of the AGP to facilitate domain tasting and addressed three potential options including (1) views on the draft resolution itself; (2) views on eliminating the AGP entirely; and (3) views on the proposed ICANN budget changes. Next Steps: The GNSO Council will consider the Draft Motion at its upcoming 17 April 2008 meeting More Information: • Public comment request < http://www.icann.org/public_comment/#domain-tasting> • GNSO Domain Tasting Issues Report, June 2007 < http://gnso.icann.org/issues/domain-tasting/gnso-domain-tasting-report-14jun07.pdf> • Outcomes Report October 2007 < http://gnso.icann.org/drafts/gnso-domain-tasting-adhoc-outcomes-report-final.pdf> • Final Report 4 April 2008 < http://gnso.icann.org/issues/domain-tasting/gnso-final-report-domain-tasting-04apr08.pdf > Staff Contact: Liz Gasster, Senior Policy Counselor 3. GNSO -- WHOIS Background: WHOIS services provide public access to data on registered domain names. That data currently includes contact information for Registered Name Holders. The extent of registration data collected at the time of registration of a domain name, and the ways such data can be accessed, are specified in agreements established by ICANN for domain names registered in generic top-level domains (gTLDs). For example, ICANN requires accredited registrars to collect and provide free public access to (1) the name of the registered domain name and its name servers and registrar, (2) the date the domain was created and when its registration expires, and (3) the contact information for the Registered Name Holder, the technical contact, and the registrant's administrative contact. WHOIS has been the subject of intense policy development debate and action over the last few years. Information contained in WHOIS is used for a wide variety of purposes. Some uses of WHOIS data are viewed as constructive and beneficial. For example, sometimes WHOIS data is used to track down and identify registrants who may be posting illegal content or engaging in phishing scams. Other uses of WHOIS are viewed as potentially negative, such as harvesting WHOIS contact information to send unwanted spam or fraudulent email solicitations. Privacy advocates have also been concerned about the privacy implications of unrestricted access to personal contact information. The GNSO Council decided in October 2007 that a comprehensive, objective and quantifiable understanding of key factual issues regarding WHOIS will benefit future GNSO policy development efforts, and plans to ask the ICANN staff to conduct several studies for this purpose. Before defining the details of these studies, the Council has solicited suggestions for specific topics of study on WHOIS from community stakeholders. Possible areas of study might include a study of certain aspects of gTLD registrants and registrations, a study of certain uses and misuses of WHOIS data, a study of the use of proxy registration services, including privacy services, or a comparative study of gTLD and ccTLD WHOIS. Recent Developments: A forum for public comments on suggestions for specific topics of study on WHOIS was open through 15 February 2008. Approximately 25 suggestions were received. A summary of those comments has been prepared. On 27 March the GNSO Council approved a motion to form a group of volunteers to: (1) review and discuss the 'Report on Public Suggestions on Further Studies of WHOIS; (2) develop a proposed list of recommended studies, if any, for which ICANN staff will be asked to provide cost estimates to the Council; and (3) produce the list of recommendations with supporting rationale not later than 24 April 2008. Next Steps: A report from the small group reviewing the suggestions on further WHOis studies is due to the Council by 24 April 2008. The GNSO Council will consider the recommendations of the group. Based on direction from the Council, ICANN staff will subsequently provide the Council with rough cost estimates for various components of data gathering and studies. The Council will then decide what data gathering and studies it will request, given available resources. Staff will perform the resulting data gathering and studies and report the results to the Council. More Information: GNSO WHOis Policy Work Web page < http://gnso.icann.org/issues/whois/> Staff Contact: Liz Gasster, Senior Policy Counselor 4. GNSO -- INTER-REGISTRAR TRANSFER POLICY REVIEW Background: Consistent with ICANN's obligation to promote and encourage robust competition in the domain name space, the Inter-Registrar Transfer Policy aims to provide a straightforward procedure for domain name holders to transfer their names from one ICANN-accredited registrar to another should they wish to do so. The policy also provides standardized requirements for registrar handling of such transfer requests from domain name holders. The policy is an existing community consensus that was implemented in late 2004 that is now being reviewed by the GNSO. As part of that effort, the Council formed a Transfers Working Group (TWG) to examine and recommend possible areas for improvements in the existing transfer policy. The TWG identified a broad list of over 20 potential areas for clarification and improvement. In an effort to get improvements on-line as soon as possible, the GNSO Council initiated a policy development process (PDP) to immediately clarify four specific issues regarding reasons for which a registrar of record may deny a request to transfer a domain name to a new registrar. That PDP process in now under way and the GNSO constituencies have submitted their initial comments. Recent Developments: ICANN staff finalized and posted an Initial Report for public comments to immediately clarify the four specific issues regarding reasons for which a registrar of record may deny a request to transfer a domain name to a new registrar. A summary of those comments is now available (see < http://forum.icann.org/lists/transfer-policy-2008/msg00004.html>). In parallel with the PDP process, the Council tasked a short term planning group to evaluate and prioritize the remaining 19 policy issues identified by the Transfers Working Group. In March, the group delivered a report to the GNSO Council with suggested clustering of those issues for consideration in five new PDPs. Next Steps: The public comments received on the Initial Report will be used by ICANN staff to compile a Final Report for the GNSO Council's consideration of further steps to take in this PDP. The report from the short term planning group on other potential PDPs will next be discussed and decided upon by the GNSO Council. More Information: • Draft Advisory < http://gnso.icann.org/issues/transfers/gnso-draft-transfer-advisory-14nov07.pdf > • Initial Report < http://www.icann.org/announcements/announcement-17mar08.htm> • PDP Recommendations < http://gnso.icann.org/drafts/transfer-wg-recommendations-pdp-groupings-19mar08.pdf> Staff Contact: Olof Nordling, Manager, Policy Development Coordination 5. GNSO – FAST FLUX HOSTING Background: Fast flux hosting is a term that refers to several techniques used by cyber criminals to evade detection, in which criminals rapidly modify IP addresses and/or name servers. The ICANN Security and Stability Advisory Committee (SSAC) recently completed a study of fast flux hosting. The results of the study were published in January 2008 in the SSAC Advisory on Fast Flux Hosting and DNS (SAC 025). Because fast flux hosting involves many different players—the cybercriminals and their victims, ISPs, companies that provide web hosting services, and DNS registries and registrars—it is possible to imagine a variety of different approaches to mitigation. Most of these will require the cooperation of a variety of actors including users and ISPs as well as registries and registrars. Recent developments: On 26 March 2008, staff posted an Issues Report on fast flux hosting, as directed by the GNSO Council. In the Report, staff recommends that the GNSO sponsor additional fact-finding and research to develop best practices guidelines concerning fast flux hosting. Staff also notes that it may be appropriate for the ccNSO also to participate in such an activity. Next Steps: The GNSO Council is scheduled to discuss the topic at its upcoming meeting on 17 April 2008. More Iinformation: • SSAC Report 025 on fast flux hosting, January 2008 - http://www.icann.org/committees/security/sac025.pdf • Issues Report on Fast Flux Hosting, corrected 31 March 2008 - http://gnso.icann.org/issues/fast-flux-hosting/gnso-issues-report-fast-flux-25mar08.pdf Staff Contact: Liz Gasster, Senior Policy Counselor 6. CCNSO/GNSO -- BOARD SEAT ELECTIONS Background: The Country Codes Name Supporting Organization (ccNSO) and GNSO Councils are responsible for filling two seats each on the ICANN Board of Directors. ccNSO seats are identified as Board seat numbers 11 and 12. GNSO seats on the Board are identified as seat numbers 13 and 14. Recent Developments: CCNSO Board Seat 11 Peter Dengate-Thrush was selected to fill seat 11 on the ICANN Board at the ccNSO Council meeting on the 31 March 2008. This selection was based on the outcome of a prior call for nominations among the ccNSO members. The only candidate who was nominated and seconded was Mr. Dengate-Thrush and he accepted the nomination. Next Steps: The ccNSO Council Chair will provide the Secretary of ICANN with written notice of the decision. More Information: ccNSO ICANN Election of Director Procedures < http://ccnso.icann.org/about/elections/election-procedure-to-elect-icann-director-03mar08.htm> Staff Contact: Gabriella Schittek, ccNSO Secretariat GNSO Board Seat 14 Rita Rodin was elected by the GNSO Council to fill seat 14 on the ICANN Board of Directors. The election closed on 7 March 2008. The GNSO Council confirmed the election results at its meeting scheduled on 27 March 2008, and pursuant to the bylaws, Avri Doria, GNSO Chair, informed ICANN's General Counsel of the outcome. Next Steps: The next GNSO election process will commence at the end of this year for the GNSO Chair. The current Chair's term ends 31 January 2009. More Information: GNSO Elections Procedures < http://gnso.icann.org/elections/election-procedures-2008.shtml> Staff Contact: Glen De Saint Géry, GNSO Secretariat 7. MULTIPLE ENTITIES -- IDN ccTLDs Background: The potential introduction of Internationalized Domain Names (IDNs) represents the beginning of an exciting new chapter in the history of the Internet. IDNs offer the potential for many new opportunities and benefits for Internet users of all languages around the world by allowing them to establish domains in their native languages and alphabets. An IDN ccTLD (internationalized domain name country code top level domain) is a country code top-level domain (corresponding to a country, territory, or other geographic location as associated with the ISO 3166-1 two-letter codes) with a label that contains at least one character that is not a standard Latin letter (A through Z), a hyphen, or one of the standard numerical digits (0 through 9). The technical potential for ICANN to now make these domain names available for assignment is prompting significant discussion, study and demand within the ICANN community – particularly for territories who want to make use of non-Latin characters. Current efforts are taking place on two fronts; (1) efforts to identify a "fast track" process to provide new domain opportunities to territories with immediate justifiable needs; and (2) efforts to develop a comprehensive long term plan that ensures a stable process for all interested stakeholders. IDNC Working Group Pursues The IDN "Fast Track" A joint IDNC Working Group (IDNC WG) was chartered by ICANN's Board to develop and report on feasible methods, if any, that would enable the introduction of a limited number of non-contentious IDN ccTLDs, in a timely manner that ensures the continued security and stability of the Internet while a comprehensive long-term IDN ccTLD policy is being developed. On 1 February 2008, the IDNC WG posted a "Discussion Draft of the Initial Report" (DDIR) for public comment and input from the ICANN community. The DDIR clarified the relationship between the "fast track" process and the broader long-term process IDNccPDP (the ccNSO Policy Development Process on IDN ccTLDs) and also identified the mechanisms for the selection of an IDN ccTLD and an IDN ccTLD manager. The ccNSO Council determined that those mechanisms were to be developed within the parameters of: • The overarching requirement to preserve the security and stability of the DNS; • Compliance with the IDNA protocols; • Input and advice from the technical community with respect to the implementation of IDNs; and • Current practices for the delegation of ccTLDs, which include the current IANA practices. A public workshop was held 11 February in New Delhi, India to discuss the DDIR and a comment period was opened on that document. Recent Developments: The IDNC WG has now produced a first draft of the IDNC WG Methodology in the form of an Interim Report that has also been made available for public comment. Discussions on the methodology were held at the ICANN Regional Meeting in Dubai, UAE (1-3 April 2008) and public comments on the methodology can be submitted until 25 April 2008. Next Steps: The work schedule agreed to by the IDNC Working Group is as follows: • An Initial Report, which will solidify the topics and their relation to the IDNccPDP. • A final Interim Report, which will contain potential implementation mechanisms is scheduled to be released 16 May 2008). • The Final Report, which will contain the actual recommendations of the IDNC WG is due to be published 13 June 2008) More Information: • Public Comments Requested on Initial Draft Fast-Track Mechanism < http://icann.org/announcements/announcement-01feb08.htm> • Draft Methodology for Fast Track < http://ccnso.icann.org/workinggroups/idnc-proposed-methodology-31mar08.pdf> • Public Comments on the Discussion Draft of the Initial Report < http://www.icann.org/public_comment/#dd-idn-cctld-ft> Staff Contact: Bart Boswinkel, Senior Policy Advisor CCNSO Also Focuses On Comprehensive IDNccTLD Policy Development Background: In parallel to considerations of a "fast track" approach, the ccNSO Council has initiated a comprehensive long term policy development process for IDNccTLDs (referred to as the IDNccPDP). At its meeting in October 2007, the ccNSO Council resolved to call for an Issues Report to examine the need for an IDNccPDP to consider: • Whether Article IX of the ICANN bylaws applies to IDN ccTLDs associated with the ISO 3166-1 two letter codes, and if it does not then to establish if Article IX should apply. • Whether the ccNSO should launch a PDP to develop the policy for the selection and delegation of IDN ccTLDs associated with the ISO 3166-1 two-letter codes. The Council formally requested that Issues Report on 19 December 2007 and directed ICANN staff to identify policies, procedures, and/or by-laws that should be reviewed and, as necessary revised, in connection with the development and implementation of any IDN ccTLD policy – including efforts designed to address the proposed fast-track concept. Recent Developments: The GNSO and several other parties have submitted comments regarding the proposal to set a comprehensive long term policy development process for IDNccTLDs (referred to above as the IDNccPDP). An Issues Report will be submitted to the ccNSO Council and will form the basis for the Council's decision on whether or not to formally initiate the IDNccPDP. Next Steps: Comments regarding the preparation of an Issues Report on the IDNccPDP and are now being evaluated. More Information: IDNccPDP Announcement: < http://www.icann.org/announcements/announcement-19dec07.htm> Staff Contact: Bart Boswinkel, Senior Policy Advisor 8. CCNSO -- INTERNAL IMPROVEMENTS CONTINUE Background: The ccNSO Council has recently been taking steps to improve its work plans, administrative procedures and communications tools. As a result of a ccNSO Council workshop held at the ICANN New Delhi meeting, a working group of the Council was established to propose administrative procedures for the ccNSO. The ccNSO Council also approved creation of a new "authoritative" ccNSO email list. The organization has also been conducting a participation survey in an effort to understand better why ccTLDs do or do not participate in ccNSO meetings. Recent Developments: In preparation for making recommendations on new structures, the new "Working Group on ccNSO Administrative Procedures" has had two conference calls on the structuring processes within the ccNSO. All ccTLD managers have been invited to subscribe to a new global ccTLD email list and a first draft of the results of the ccNSO participation survey recently was shared with the community at the African Top Level Domain meeting in Johannesburg. Next Steps: The Working Group will continue to develop new procedures for the ccNSO. More Information: • ccNSO <http://www.ccnso.icann.org/> • ccTLD Community Email List < http://www.ccnso.icann.org/about/charter-cctld-community-list.pdf> Staff Contacts: Bart Boswinkel, Senior Policy Advisor and Gabriella Schittek, ccNSO Secretariat 9. CCNSO -- PHISHING SURVEY Background: The term "phishing" has been used to describe criminal and fraudulent attempts by cybercriminals to acquire sensitive private information (such as usernames, passwords and credit card details) by masquerading as trustworthy entities in an electronic communication. Phishing remains a major problem among ccTLDs and as a result ccNSO members are being called upon to identify countermeasures that can be undertaken to fight back. A draft survey seeking to identify those types of measures was presented to and approved by the ccNSO Council during its meeting in New Delhi in February 2008. The survey was launched and sent to all available email lists. ICANN regional liaisons were also asked to help distribute the survey. Recent Developments: Originally, survey results of the anti-phishing survey were expected to be ready for posting by early April 2008, but the response period has been extended to allow for the receipt of more survey responses. To date 21 responses have been received and Staff is working to inspire more. Next Steps: Survey response and evaluation time extended to encourage more responses. More information: Survey < http://ccnso.icann.org/surveys/anti-phishing-survey-27feb08.pdf> Staff Contact: Gabriella Schittek, ccNSO Secretariat 10. CCNSO -- NEW MEMBERS Russia (.ru) and Georgia (.ge) recently were approved as new ccNSO members. The ccNSO now has 77 members. More Information: ccNSO Applications Archive < http://www.ccnso.icann.org/applications/summary-date.shtml> Staff Contact: Gabriella Schittek, ccNSO Secretariat 11. ASO AC - GLOBAL POLICY PROPOSALS (ASNs, IPv4) Background: Two significant global policy proposals on addressing matters continue to be actively studied and discussed within the addressing community. If they are (1) adopted by all Regional Internet Registries (RIRs), (2) verified by the Address Supporting Organization (ASO) and (3) subsequently ratified by the ICANN Board, the policies will govern the allocation of Internet addresses from the Internet Assigned Numbers Authority (IANA) to the RIRs. The two current proposals are described below. Recent Developments: Autonomous System Numbers (ASNs) Autonomous System Numbers (ASNs) are addresses used in addition to IP addresses for Internet routing. A new global policy proposal for ASNs would formalize the current procedure for allocation of ASNs and provides a policy basis for the transition from 2-byte (16 bits) to 4-byte (32 bits) ASNs. The final transition step is now foreseen for 31 December 2009, after which date the distinction between 2- and 4-byte ASNs will cease and all ASNs will be regarded as of 4-byte length, by appending initial zeroes to those of 2-byte original length. Next Steps: This new 4-byte proposal has been adopted in all RIRs. It will be forwarded to the ICANN Board for ratification by the ASO Address Council after the Council has verified that each RIR's procedural steps have been duly followed. More information: Background Report < http://www.icann.org/announcements/proposal-asn-report-29nov07.htm> Staff Contact: Olof Nordling, Manager Policy Development Coordination Remaining IPv4 address space The IANA pool of unallocated IPv4 address blocks is continuing to be depleted. As announced last month, a new global policy has been proposed to allocate the remaining address blocks once a given threshold is triggered. The text of the proposed policy essentially recommends that when there are five /8 blocks remaining in the IANA pool, one remaining block will be allocated to each RIR. Next Steps: This proposal was discussed at the APNIC 25 meeting in February 2008 and at the ARIN (American Registry for Internet Numbers) in Denver earlier this month. It will be discussed in upcoming meetings of the other RIRs, next in RIPE (Resaux IP Europeens Network Coordination Centre) - Berlin 5-6 May 2008, LACNIC (Latin American and Caribbean Internet Addresses Registry) – Salvador/Bahia, Brazil 26-30 May 2008 and AfriNIC (African Region Internet Registry) – 24 May-6 June, Rabat, Morocco. More information: Background Report http://www.icann.org/announcements/proposal-ipv4-report-29nov07.htm Staff Contact: Olof Nordling, Manager Policy Development Coordination 12. SSAC -- DNSSEC BROADBAND ROUTER TESTING REVISED Background: When Sweden and other ccTLDs began more extensive deployment of the Domain Name System Security Extension (DNSSEC), it was discovered that several broadband routers failed when they received DNS response messages containing DNSSEC resource records and other DNSSEC related protocol parameters. Study of these routers revealed that many have embedded DNS servers. The DNSSEC deployment community and SSAC have been collaborating to create a testing program for broadband routers to gauge the ability of these devices to correctly process DNS messages that contain DNSSEC resource records. A set of web pages was developed by ICANN staff to provide a series of tests that Internet users could use to determine if their router succeeds or fails when DNNSEC is present in DNS response messages. Recent Developments: After reviewing the new testing suite for broadband routers running DNSSEC, Staff determined that the test suite was too complicated and required too much data collection and analysis for voluntary community participation. Next Steps: Staff is now investigating an alternative testing approach that may involve several independent bodies testing broadband routers and SOHO firewalls -- one for U.S. domestic products, one for Europe products, one for U.K. products, and one for Asia Pacific products. The testing criteria are being re-evaluated to determine a new common test suite with a goal to have this new testing begin before 1 May 2008. More Information: SSAC <http://www.icann.org/committees/security/> Staff Contact: Dave Piscitello, Senior Security Technologist 13. SSAC – ANTI-PHISHING ACTIVITIES Recent Developments: ICANN staff has been helping to update/revise a work in progress for the Anti Phishing Working Group entitled, "What To Do If Your Web Site Is Hacked." The document describes preparation and incident response with respect to web site phishing attacks. The report was approved by the Internet Policy Forum (formerly the DNS Policy Working Group) and is currently being edited and prepared for publication. A new SSAC Advisory entitled "Registrar Impersonation in Phishing Attacks" has been distributed for review and approval by SSAC and ICANN's general counsel. Several external experts have reviewed the Advisory and provided some valuable additional insights. The document may be distributed in two phases - the first to registrars, so that they are advised of the threat, and the second (at or prior to the ICANN Paris meeting) to the general public. ICANN staff is also assisting with anti-phishing investigations of two registrars who are alleged to be shielding phishing activities. In one case the registrar's WHOIS/43 service is not responding; in another case, staff is studying a service that allegedly hampers anti-phishing investigations by creating barriers on WHOIS information access. Staff Contact: Dave Piscitello, Senior Security Technologist 14. AT-LARGE – NEW PRACTICES EXPAND POLICY PARTICIPATION Recent Developments: New policy development processes and simultaneous translation improvements are significantly expanding policy participation in the At-Large community. As a result of additional staff capacity and other developments within the At-Large community, the process by which the At-Large community develops policy statements has been completely overhauled. At the direction of the At-Large Advisory Committee (ALAC), ICANN Staff has now begun producing initial draft statements on policy (synthesis statements of written and verbal comments) for review by working groups and subcommittees. These drafts are put through several steps of community review before being voted on by the ALAC. Approved comments are transmitted, as appropriate, to the public comment process or to the Board of ICANN. The first three products of this new process effort are already making their way through the process. They are: • ALAC Statement on the Proposed Travel Policy for Volunteers • ALAC Statement on the Operating Plan and Budget Framework for FY 2008/2009 • ALAC Statement on GNSO Improvements Additionally, the worldwide At-Large Calendar has been improved to include a community comments window to make it easier for the public to keep track of comments. Also, thanks to new simultaneous interpretation capabilities and a new teleconference service the African Regional At-Large Organisation (AFRALO) and the Latin America and the Caribbean Islands Regional At-Large Organisation (LACRALO) are now holding monthly teleconference meetings. Staff Contact: Nick Ashton-Hart, Director for At-Large 15. AT-LARGE – NEW WEBSITE/PORTAL LAUNCHED Recent Developments: At-Large's new website went live in March. The new site is built upon a state-of-the-art, open-source content management system – Drupal. The result is a framework which can be duplicated and used by other parts of ICANN. The new site provides an array of new features which the static html-based old site could not, including: • Two-way links between forums on the site and the community's mailing lists – with new postings soon to be automatically visible; • Dynamically updated content; • Standardised multilingual support built into the site's architecture • Multilingual calendaring and events, including support for multilingual documents and time zone support. More Information: At-Large < http://atlarge.icann.org> Staff Contact: Nick Ashton-Hart, Director for At-Large # # # Attachment:
POLICY DEPT April 08 Update final.doc
|