LISTSERV - NCSG-DISCUSS Archives

My two cents is that a) I like David's statement and think we should 
sign on it, and b) I worry about ICANN taking an operational role in 
cybersecurity.  Frankly, I worry about ICANN taking an operational role 
in just about anything, other than IANA. I think ICANN does well within 
a limited scope -- as a multistakeholder group with a narrow 
technical/policy mission.

I think ICANN can foster communication, even encourage good practices 
such as DNSSEC.  I could see ICANN as a forum for discussion of DNS 
Security issues, but I am not sure how well-suited we are to *making 
decisions* on cybersecurity. It would like lead to a lot of closed 
meetings, in which many of us would not be present.  Like content, I 
think I would leave this to other forums.

Best,
Kathy:
> I agree with Edward's proposed text, not much that I could add to it.
>
> ICANN has a well defined duty and getting involved in content debates 
> would be more than dangerous. However, ICANN can help in tackling the 
> cyber-criminality if such is done by abusing the domain name space. 
> Some of the cyber-attacks are using the domain name space and can 
> create a lot of damage to the consumers (private and business). In 
> this perspective I'm convinced ICANN has a collaborative task and can 
> not just stand aside.
>
> Rudi Vansnick
> Member NPOC policy committee
>
> Op 22-apr-2013, om 19:00 heeft Alain Berranger het volgende geschreven:
>
>> Thanks for your work David.
>>
>> I agree with Edward's most interesting development. Does Rudi have 
>> anything to say about that?
>>
>> Alain
>>
>> On Monday, April 22, 2013, Edward Morris wrote:
>>
>>     Thanks for your work David.
>>
>>     Regardless of ICANN's public statements or strategic plans, I am
>>     not sure ICANN can be in accordance with customary International
>>     Humanitarian  Law with the statement "ICANN does not have a role
>>     in the use of the Internet related to cyber-espionage and
>>     cyber-war" (page 7). I am equally not sure ICANN is not in
>>     accordance with customary International Humanitarian Law with
>>     that statement and I remain  open to arguments as to whether
>>     ICANN should be involved in these issues or could be commanded by
>>     IG treaty or agreement to exercise responsibilities thereof.
>>
>>     These are not simple issues. ICANN is a unique organisation that
>>     does not neatly fit into any typical, comfortable structure. IHL,
>>     of course, is state centric in terms of responsibility but ICANN
>>     on one, fairly superficial level,  is almost supreme being like
>>     in it's coordination of the Internet. Cyber-espoinage, no
>>     problem, ICANN is not involved. However, imagine a situation
>>     where there are massive cyber attacks on civilian infrastructures
>>     in third countries by state actors that ICANN could operationally
>>     prevent. Mass civilian death, mass civilian injury, mass
>>     destruction of property and infrastructure. Mass death of
>>     noncommercial users, mass injury of noncommercial users, mass
>>     loss of property of noncommercial users.  Do we truly represent
>>     these people with a position of "not our problem?"
>>
>>     ICANN is a non state actor but it's operational coordination
>>     abilities allow those who want, and they exist, to inpune state
>>     responsibility to it through a number of intellectual gymnastics
>>     involving the definition of territory and control. I doubt I'll
>>     ever buy into those arguments and I don't think they'll ever be
>>     majority opinion. I could be wrong. I am concerned, though, with
>>     rules 139 (Respect for IHL), 149 (Responsibility for Violations
>>     of IHL) and 161 (International Cooperation in Criminal
>>     Proceedings) of the ICRC's Study on Customary International Law.
>>     As of today  ICANN as a non state actor does not have any
>>     responsibility under these rules, but as more people examine the
>>     nature of ICANN, the ever changing role of the GAC, the
>>     uniqueness of ICANN as it is constructed, I can conceive of a
>>     consensus being developed in the IHL community that extends
>>     responsibility under these rules to ICANN as a unique non state
>>     actor. It won't happen tomorrow, it won't happen next year, but
>>     it may happen, and I don't want to get myself locked into a
>>     position today that prevents me from having options several years
>>     down the road.
>>
>>     For those who haven't read it the Tallinn Manual
>>     http://www.ccdcoe.org/249.html  is an exceptional first effort at
>>     porting IHL into the cyber arena. Mike Schmitt did an exceptional
>>     job at coordinating input from some pretty diverse people in
>>     creating the guidance, and from my perspective they did a near
>>     perfect job for what it is. ICANN is not mentioned in the Manual.
>>     However at cocktail discussions in Estonia last year with some of
>>     those involved in the project, there was an interest in thinking
>>     about ICANN and where it fit into all of this, post Manual
>>     production.  Interest varied, many did not understand how ICANN
>>     was constituted ( at CyCon's public sessions it was described,
>>     variably, as an NGO, an IGO, but never as a unique MS
>>     organisation), but as much as  ICANN would like everyone to
>>     forget about it in this context it simply is not going to happen.
>>     The salience of cyberwar as an  issue, for reasons often having
>>     to do more with private economic interests than security, is
>>     going nowhere but up and there will be some response on an
>>     international level that  will impact or involve ICANN, desired
>>     or not.
>>
>>     As we exist in 2013  I'm happy to sign off on David's statement.
>>     I do so, though, reserving the right to change my view as events
>>     and thoughts develop and change regarding cyberwar activities.
>>     That ICANN should not be involved in content, obvious. That we do
>>     not want to extend it's competence to cybercrime and
>>     cyberespionage, of course. Certain forms of cyberwar, though, are
>>     different in that in some areas it isn't something an entity can
>>     or should be able to opt out of. I'm just not personally sure
>>     today where ICANN does or should fit into all of this. It would
>>     be a lot easier if we had competing private Internets but until
>>     we do I have questions in this area  and reserve the right to
>>     come back in a few years time with views that are different than
>>     what I can accept today. These are complicated issues and I'm not
>>     sure best handled with a  bumper sticker like perspective. Then
>>     again...
>>
>>
>>
>>
>>     On Mon, Apr 22, 2013 at 3:36 PM, Brenden Kuerbis
>>     <[log in to unmask]
>>     <javascript:_e({},%20'cvml',[log in to unmask]);>>
>>     wrote:
>>
>>         +1, thanks David. Minor typo in last para, "explicit
>>         acknowledge[ment]..."
>>
>>         ---------------------------------------
>>         Brenden Kuerbis
>>         Internet Governance Project
>>         http://internetgovernance.org <http://internetgovernance.org/>
>>
>>
>>         On Mon, Apr 22, 2013 at 8:21 AM, David Cake
>>         <[log in to unmask]
>>         <javascript:_e({},%20'cvml',[log in to unmask]);>>
>>         wrote:
>>
>>             This document has been out for public comment.
>>             http://www.icann.org/en/news/announcements/announcement-06mar13-en.htm
>>
>>
>>             I've missed the deadline on public comment for this by a
>>             day or two, but I'd still like to see if we can make a
>>             small comment on it if we can.
>>             Here is my draft comment - if NCSG could approve it
>>             (quickly), that would be great, otherwise I'll just put
>>             it in as a personal comment.
>>             Any additions or disagreement?
>>
>>             Regards
>>             David
>>
>>             ----------
>>
>>             The regular update of the Security, Stability and
>>             Resiliency Framework is a very important part of ICANNs
>>             SSR function, as attested by its inclusion in the
>>             Affirmation of Commitments.
>>
>>             NCSG notes the significant effort involved in preparing
>>             the FY13 Security, Stability and Resiliency Plan, and the
>>             progress towards implementing the recommendations of the
>>             Security, Stability and Resiliency Review Team
>>             Report.  While work so far has seen the completion of
>>             only some recommendations, we note planning and progress
>>             has been made for all the recommendations, and we
>>             appreciate the commitment to full implementation.
>>
>>
>>             NCSG supports the definition of ICANNs SSR role and
>>             remit. In particular, NCSG values the acknowledgement of
>>             areas that lie outside ICANNs remit, and NCSG strongly
>>             agrees that ICANNs role does not include law enforcement
>>             or determining what constitutes illicit conduct.
>>
>>             NCSG welcomes the explicit acknowledge of the necessity
>>             of a continued multistakeholder approach to security, and
>>             notes the inclusion of civil society within all
>>             discussions of the Internet and security ecosystem, and
>>             particularly welcomes the inclusion of engagement with
>>             civil society on privacy and free expression issues as a
>>             commitment for FY14.
>>
>>
>>
>>
>>
>>
>>
>> -- 
>> Alain Berranger, B.Eng, MBA
>> Member, Board of Directors, CECI, http://www.ceci.ca 
>> <http://www.ceci.ca/en/about-ceci/team/board-of-directors/>
>> Executive-in-residence, Schulich School of Business, 
>> www.schulich.yorku.ca <http://www.schulich.yorku.ca/>
>> Treasurer, Global Knowledge Partnership Foundation, 
>> www.gkpfoundation.org <http://www.gkpfoundation.org/>
>> NA representative, Chasquinet Foundation, www.chasquinet.org 
>> <http://www.chasquinet.org/>
>> Chair, NPOC, NCSG, ICANN, http://npoc.org/
>> O:+1 514 484 7824; M:+1 514 704 7824
>> Skype: alain.berranger
>>
>>
>> AVIS DE CONFIDENTIALITÉ
>> Ce courriel est confidentiel et est à l’usage exclusif du 
>> destinataire ci-dessus. Toute personne qui lit le présent message 
>> sans en être le destinataire, ou l’employé(e) ou la personne 
>> responsable de le remettre au destinataire, est par les présentes 
>> avisée qu’il lui est strictement interdit de le diffuser, de le 
>> distribuer, de le modifier ou de le reproduire, en tout ou en partie 
>> . Si le destinataire ne peut être joint ou si ce document vous a été 
>> communiqué par erreur, veuillez nous en informer sur le champ  et 
>> détruire ce courriel et toute copie de celui-ci. Merci de votre 
>> coopération.
>>
>> CONFIDENTIALITY MESSAGE
>> This e-mail message is confidential and is intended for the exclusive 
>> use of the addressee. Please note that, should this message be read 
>> by anyone other than the addressee, his or her employee or the person 
>> responsible for forwarding it to the addressee, it is strictly 
>> prohibited to disclose, distribute, modify or reproduce the contents 
>> of this message, in whole or in part. If the addressee cannot be 
>> reached or if you have received this e-mail in error, please notify 
>> us immediately and delete this e-mail and destroy all copies. Thank 
>> you for your cooperation.
>>
>>
>


--