Re: [gnso-ff-pdp-may08] Rasmussen/Piscitello action 4.a

[Dave Piscitello <dave.piscitello@xxxxxxxxx>]

Mike, I think ICANN might be perceived to be an administrator or coordinator
(see the ICANN.org "about" and "mission" pages), but not a regulator. If we
use the word "regulator", we suggest that ICANN like the FCC.

Would you be more comfortable with " ICANN's mission is to coordinate the
global Internet's systems of names and numbers. In particular, ICANN  is not
a legislative organization."?

> and numbers.


On 5/6/09 12:46 PM  May 6, 2009, "Mike Rodenbaugh" <icann@xxxxxxxxxxxxxx>
wrote:

> I am fine with this proposed answer, except that this clause should be
> deleted from the first sentence:  "nor regulator of assigned names and
> numbers".  Of course, ICANN is a regulator of assigned names and numbers, it
> has no other purpose.
> 
> 
> Mike Rodenbaugh
> Rodenbaugh Law
> 548 Market Street
> San Francisco, CA  94104
> +1.415.738.8087
> www.rodenbaugh.com
> 
> 
> -----Original Message-----
> From: owner-gnso-ff-pdp-may08@xxxxxxxxx
> [mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Dave Piscitello
> Sent: Wednesday, May 06, 2009 5:15 AM
> To: Fast Flux Workgroup
> Subject: [gnso-ff-pdp-may08] Rasmussen/Piscitello action 4.a
> 
> 
> I'm posting this on behalf of Rod and myself. I had the "final pen" because
> I'm on the East Coast and have a morning window to edit.
> 
> (4.a) There need to be strict laws in place to allow registrars and hosting
> companies to terminate fast flux hosting
> 
> Proposed answer: ICANN is not a legislator nor regulator of assigned names
> and numbers. Any legislation that might be created would fall outside the
> scope of ICANN. The challenge in defining and adopting either law or policy
> to terminate fast flux hosting was a major theme of the interim report:
> briefly stated, attackers use many of the same volatile networking
> techniques used in legitimate, production applications. This makes
> distinguishing them in a sufficiently clear manner for a legal or policy
> definition very hard. Moreover, attackers constantly alter their "flux"
> techniques - sometimes it's fast, sometimes it's slow - and a law or policy
> might actually have the opposite effect from the desired effect: it could
> define a space within which attackers and other "entrepreneurs" could
> operate their networks with impunity. An alternative is to define and adopt
> a best practice or policy that gives registrars the ability to perform
> accelerated takedown. (Suggestion: Cite current APWG and GNSO activities).
> 
> The comment does introduce the idea of "allowing" registrars and hosting
> companies to take specific actions regarding domain names and activities.
> To our knowledge, there are no restrictions placed on registrars by ICANN or
> contracted gTLD registries that would prevent them from taking action
> against any particular domain name they believe is being used maliciously.
> There has been a certain amount of confusion on this issue in the past, and
> certainly individual country's laws may or may not apply, but in general,
> there are few if any outright prohibitions from taking action.  What the
> commenter here may be referring to though are "safe harbor" laws where
> actions taken by a provider are protected from liability claims under
> certain circumstances.  Again, that is out of the scope of ICANN, but is an
> interesting concept that has recent precedence in the domain name world in
> the U.S. with the recent enactment of the "Ryan Haight Online Pharmacy
> Consumer Protection Act".  This law gives particular safe harbor protections
> to domain registrars, and even requires action in some cases when a domain
> name is being used to sell prescription drugs to US citiziens by a non-FDA
> approved pharmacy or on-line stores.  Since many so called "fake pharma"
> websites use malicious fast flux configurations, it would seem that in at
> least some applications, there already is such a law in place.
> 
> 
>