My two cents is that a) I like David's statement and think we should
sign on it, and b) I worry about ICANN taking an operational role in
cybersecurity. Frankly, I worry about ICANN taking an operational role
in just about anything, other than IANA. I think ICANN does well within
a limited scope -- as a multistakeholder group with a narrow
technical/policy mission.
I think ICANN can foster communication, even encourage good practices
such as DNSSEC. I could see ICANN as a forum for discussion of DNS
Security issues, but I am not sure how well-suited we are to *making
decisions* on cybersecurity. It would like lead to a lot of closed
meetings, in which many of us would not be present. Like content, I
think I would leave this to other forums.
Best,
Kathy:
> I agree with Edward's proposed text, not much that I could add to it.
>
> ICANN has a well defined duty and getting involved in content debates
> would be more than dangerous. However, ICANN can help in tackling the
> cyber-criminality if such is done by abusing the domain name space.
> Some of the cyber-attacks are using the domain name space and can
> create a lot of damage to the consumers (private and business). In
> this perspective I'm convinced ICANN has a collaborative task and can
> not just stand aside.
>
> Rudi Vansnick
> Member NPOC policy committee
>
> Op 22-apr-2013, om 19:00 heeft Alain Berranger het volgende geschreven:
>
>> Thanks for your work David.
>>
>> I agree with Edward's most interesting development. Does Rudi have
>> anything to say about that?
>>
>> Alain
>>
>> On Monday, April 22, 2013, Edward Morris wrote:
>>
>> Thanks for your work David.
>>
>> Regardless of ICANN's public statements or strategic plans, I am
>> not sure ICANN can be in accordance with customary International
>> Humanitarian Law with the statement "ICANN does not have a role
>> in the use of the Internet related to cyber-espionage and
>> cyber-war" (page 7). I am equally not sure ICANN is not in
>> accordance with customary International Humanitarian Law with
>> that statement and I remain open to arguments as to whether
>> ICANN should be involved in these issues or could be commanded by
>> IG treaty or agreement to exercise responsibilities thereof.
>>
>> These are not simple issues. ICANN is a unique organisation that
>> does not neatly fit into any typical, comfortable structure. IHL,
>> of course, is state centric in terms of responsibility but ICANN
>> on one, fairly superficial level, is almost supreme being like
>> in it's coordination of the Internet. Cyber-espoinage, no
>> problem, ICANN is not involved. However, imagine a situation
>> where there are massive cyber attacks on civilian infrastructures
>> in third countries by state actors that ICANN could operationally
>> prevent. Mass civilian death, mass civilian injury, mass
>> destruction of property and infrastructure. Mass death of
>> noncommercial users, mass injury of noncommercial users, mass
>> loss of property of noncommercial users. Do we truly represent
>> these people with a position of "not our problem?"
>>
>> ICANN is a non state actor but it's operational coordination
>> abilities allow those who want, and they exist, to inpune state
>> responsibility to it through a number of intellectual gymnastics
>> involving the definition of territory and control. I doubt I'll
>> ever buy into those arguments and I don't think they'll ever be
>> majority opinion. I could be wrong. I am concerned, though, with
>> rules 139 (Respect for IHL), 149 (Responsibility for Violations
>> of IHL) and 161 (International Cooperation in Criminal
>> Proceedings) of the ICRC's Study on Customary International Law.
>> As of today ICANN as a non state actor does not have any
>> responsibility under these rules, but as more people examine the
>> nature of ICANN, the ever changing role of the GAC, the
>> uniqueness of ICANN as it is constructed, I can conceive of a
>> consensus being developed in the IHL community that extends
>> responsibility under these rules to ICANN as a unique non state
>> actor. It won't happen tomorrow, it won't happen next year, but
>> it may happen, and I don't want to get myself locked into a
>> position today that prevents me from having options several years
>> down the road.
>>
>> For those who haven't read it the Tallinn Manual
>> http://www.ccdcoe.org/249.html is an exceptional first effort at
>> porting IHL into the cyber arena. Mike Schmitt did an exceptional
>> job at coordinating input from some pretty diverse people in
>> creating the guidance, and from my perspective they did a near
>> perfect job for what it is. ICANN is not mentioned in the Manual.
>> However at cocktail discussions in Estonia last year with some of
>> those involved in the project, there was an interest in thinking
>> about ICANN and where it fit into all of this, post Manual
>> production. Interest varied, many did not understand how ICANN
>> was constituted ( at CyCon's public sessions it was described,
>> variably, as an NGO, an IGO, but never as a unique MS
>> organisation), but as much as ICANN would like everyone to
>> forget about it in this context it simply is not going to happen.
>> The salience of cyberwar as an issue, for reasons often having
>> to do more with private economic interests than security, is
>> going nowhere but up and there will be some response on an
>> international level that will impact or involve ICANN, desired
>> or not.
>>
>> As we exist in 2013 I'm happy to sign off on David's statement.
>> I do so, though, reserving the right to change my view as events
>> and thoughts develop and change regarding cyberwar activities.
>> That ICANN should not be involved in content, obvious. That we do
>> not want to extend it's competence to cybercrime and
>> cyberespionage, of course. Certain forms of cyberwar, though, are
>> different in that in some areas it isn't something an entity can
>> or should be able to opt out of. I'm just not personally sure
>> today where ICANN does or should fit into all of this. It would
>> be a lot easier if we had competing private Internets but until
>> we do I have questions in this area and reserve the right to
>> come back in a few years time with views that are different than
>> what I can accept today. These are complicated issues and I'm not
>> sure best handled with a bumper sticker like perspective. Then
>> again...
>>
>>
>>
>>
>> On Mon, Apr 22, 2013 at 3:36 PM, Brenden Kuerbis
>> <[log in to unmask]
>> <javascript:_e({},%20'cvml',[log in to unmask]);>>
>> wrote:
>>
>> +1, thanks David. Minor typo in last para, "explicit
>> acknowledge[ment]..."
>>
>> ---------------------------------------
>> Brenden Kuerbis
>> Internet Governance Project
>> http://internetgovernance.org <http://internetgovernance.org/>
>>
>>
>> On Mon, Apr 22, 2013 at 8:21 AM, David Cake
>> <[log in to unmask]
>> <javascript:_e({},%20'cvml',[log in to unmask]);>>
>> wrote:
>>
>> This document has been out for public comment.
>> http://www.icann.org/en/news/announcements/announcement-06mar13-en.htm
>>
>>
>> I've missed the deadline on public comment for this by a
>> day or two, but I'd still like to see if we can make a
>> small comment on it if we can.
>> Here is my draft comment - if NCSG could approve it
>> (quickly), that would be great, otherwise I'll just put
>> it in as a personal comment.
>> Any additions or disagreement?
>>
>> Regards
>> David
>>
>> ----------
>>
>> The regular update of the Security, Stability and
>> Resiliency Framework is a very important part of ICANNs
>> SSR function, as attested by its inclusion in the
>> Affirmation of Commitments.
>>
>> NCSG notes the significant effort involved in preparing
>> the FY13 Security, Stability and Resiliency Plan, and the
>> progress towards implementing the recommendations of the
>> Security, Stability and Resiliency Review Team
>> Report. While work so far has seen the completion of
>> only some recommendations, we note planning and progress
>> has been made for all the recommendations, and we
>> appreciate the commitment to full implementation.
>>
>>
>> NCSG supports the definition of ICANNs SSR role and
>> remit. In particular, NCSG values the acknowledgement of
>> areas that lie outside ICANNs remit, and NCSG strongly
>> agrees that ICANNs role does not include law enforcement
>> or determining what constitutes illicit conduct.
>>
>> NCSG welcomes the explicit acknowledge of the necessity
>> of a continued multistakeholder approach to security, and
>> notes the inclusion of civil society within all
>> discussions of the Internet and security ecosystem, and
>> particularly welcomes the inclusion of engagement with
>> civil society on privacy and free expression issues as a
>> commitment for FY14.
>>
>>
>>
>>
>>
>>
>>
>> --
>> Alain Berranger, B.Eng, MBA
>> Member, Board of Directors, CECI, http://www.ceci.ca
>> <http://www.ceci.ca/en/about-ceci/team/board-of-directors/>
>> Executive-in-residence, Schulich School of Business,
>> www.schulich.yorku.ca <http://www.schulich.yorku.ca/>
>> Treasurer, Global Knowledge Partnership Foundation,
>> www.gkpfoundation.org <http://www.gkpfoundation.org/>
>> NA representative, Chasquinet Foundation, www.chasquinet.org
>> <http://www.chasquinet.org/>
>> Chair, NPOC, NCSG, ICANN, http://npoc.org/
>> O:+1 514 484 7824; M:+1 514 704 7824
>> Skype: alain.berranger
>>
>>
>> AVIS DE CONFIDENTIALITÉ
>> Ce courriel est confidentiel et est à l’usage exclusif du
>> destinataire ci-dessus. Toute personne qui lit le présent message
>> sans en être le destinataire, ou l’employé(e) ou la personne
>> responsable de le remettre au destinataire, est par les présentes
>> avisée qu’il lui est strictement interdit de le diffuser, de le
>> distribuer, de le modifier ou de le reproduire, en tout ou en partie
>> . Si le destinataire ne peut être joint ou si ce document vous a été
>> communiqué par erreur, veuillez nous en informer sur le champ et
>> détruire ce courriel et toute copie de celui-ci. Merci de votre
>> coopération.
>>
>> CONFIDENTIALITY MESSAGE
>> This e-mail message is confidential and is intended for the exclusive
>> use of the addressee. Please note that, should this message be read
>> by anyone other than the addressee, his or her employee or the person
>> responsible for forwarding it to the addressee, it is strictly
>> prohibited to disclose, distribute, modify or reproduce the contents
>> of this message, in whole or in part. If the addressee cannot be
>> reached or if you have received this e-mail in error, please notify
>> us immediately and delete this e-mail and destroy all copies. Thank
>> you for your cooperation.
>>
>>
>
--
|