My two cents is that a) I like David's statement and think we should sign on it, and b) I worry about ICANN taking an operational role in cybersecurity. Frankly, I worry about ICANN taking an operational role in just about anything, other than IANA. I think ICANN does well within a limited scope -- as a multistakeholder group with a narrow technical/policy mission. I think ICANN can foster communication, even encourage good practices such as DNSSEC. I could see ICANN as a forum for discussion of DNS Security issues, but I am not sure how well-suited we are to *making decisions* on cybersecurity. It would like lead to a lot of closed meetings, in which many of us would not be present. Like content, I think I would leave this to other forums. Best, Kathy: > I agree with Edward's proposed text, not much that I could add to it. > > ICANN has a well defined duty and getting involved in content debates > would be more than dangerous. However, ICANN can help in tackling the > cyber-criminality if such is done by abusing the domain name space. > Some of the cyber-attacks are using the domain name space and can > create a lot of damage to the consumers (private and business). In > this perspective I'm convinced ICANN has a collaborative task and can > not just stand aside. > > Rudi Vansnick > Member NPOC policy committee > > Op 22-apr-2013, om 19:00 heeft Alain Berranger het volgende geschreven: > >> Thanks for your work David. >> >> I agree with Edward's most interesting development. Does Rudi have >> anything to say about that? >> >> Alain >> >> On Monday, April 22, 2013, Edward Morris wrote: >> >> Thanks for your work David. >> >> Regardless of ICANN's public statements or strategic plans, I am >> not sure ICANN can be in accordance with customary International >> Humanitarian Law with the statement "ICANN does not have a role >> in the use of the Internet related to cyber-espionage and >> cyber-war" (page 7). I am equally not sure ICANN is not in >> accordance with customary International Humanitarian Law with >> that statement and I remain open to arguments as to whether >> ICANN should be involved in these issues or could be commanded by >> IG treaty or agreement to exercise responsibilities thereof. >> >> These are not simple issues. ICANN is a unique organisation that >> does not neatly fit into any typical, comfortable structure. IHL, >> of course, is state centric in terms of responsibility but ICANN >> on one, fairly superficial level, is almost supreme being like >> in it's coordination of the Internet. Cyber-espoinage, no >> problem, ICANN is not involved. However, imagine a situation >> where there are massive cyber attacks on civilian infrastructures >> in third countries by state actors that ICANN could operationally >> prevent. Mass civilian death, mass civilian injury, mass >> destruction of property and infrastructure. Mass death of >> noncommercial users, mass injury of noncommercial users, mass >> loss of property of noncommercial users. Do we truly represent >> these people with a position of "not our problem?" >> >> ICANN is a non state actor but it's operational coordination >> abilities allow those who want, and they exist, to inpune state >> responsibility to it through a number of intellectual gymnastics >> involving the definition of territory and control. I doubt I'll >> ever buy into those arguments and I don't think they'll ever be >> majority opinion. I could be wrong. I am concerned, though, with >> rules 139 (Respect for IHL), 149 (Responsibility for Violations >> of IHL) and 161 (International Cooperation in Criminal >> Proceedings) of the ICRC's Study on Customary International Law. >> As of today ICANN as a non state actor does not have any >> responsibility under these rules, but as more people examine the >> nature of ICANN, the ever changing role of the GAC, the >> uniqueness of ICANN as it is constructed, I can conceive of a >> consensus being developed in the IHL community that extends >> responsibility under these rules to ICANN as a unique non state >> actor. It won't happen tomorrow, it won't happen next year, but >> it may happen, and I don't want to get myself locked into a >> position today that prevents me from having options several years >> down the road. >> >> For those who haven't read it the Tallinn Manual >> http://www.ccdcoe.org/249.html is an exceptional first effort at >> porting IHL into the cyber arena. Mike Schmitt did an exceptional >> job at coordinating input from some pretty diverse people in >> creating the guidance, and from my perspective they did a near >> perfect job for what it is. ICANN is not mentioned in the Manual. >> However at cocktail discussions in Estonia last year with some of >> those involved in the project, there was an interest in thinking >> about ICANN and where it fit into all of this, post Manual >> production. Interest varied, many did not understand how ICANN >> was constituted ( at CyCon's public sessions it was described, >> variably, as an NGO, an IGO, but never as a unique MS >> organisation), but as much as ICANN would like everyone to >> forget about it in this context it simply is not going to happen. >> The salience of cyberwar as an issue, for reasons often having >> to do more with private economic interests than security, is >> going nowhere but up and there will be some response on an >> international level that will impact or involve ICANN, desired >> or not. >> >> As we exist in 2013 I'm happy to sign off on David's statement. >> I do so, though, reserving the right to change my view as events >> and thoughts develop and change regarding cyberwar activities. >> That ICANN should not be involved in content, obvious. That we do >> not want to extend it's competence to cybercrime and >> cyberespionage, of course. Certain forms of cyberwar, though, are >> different in that in some areas it isn't something an entity can >> or should be able to opt out of. I'm just not personally sure >> today where ICANN does or should fit into all of this. It would >> be a lot easier if we had competing private Internets but until >> we do I have questions in this area and reserve the right to >> come back in a few years time with views that are different than >> what I can accept today. These are complicated issues and I'm not >> sure best handled with a bumper sticker like perspective. Then >> again... >> >> >> >> >> On Mon, Apr 22, 2013 at 3:36 PM, Brenden Kuerbis >> <[log in to unmask] >> <javascript:_e({},%20'cvml',[log in to unmask]);>> >> wrote: >> >> +1, thanks David. Minor typo in last para, "explicit >> acknowledge[ment]..." >> >> --------------------------------------- >> Brenden Kuerbis >> Internet Governance Project >> http://internetgovernance.org <http://internetgovernance.org/> >> >> >> On Mon, Apr 22, 2013 at 8:21 AM, David Cake >> <[log in to unmask] >> <javascript:_e({},%20'cvml',[log in to unmask]);>> >> wrote: >> >> This document has been out for public comment. >> http://www.icann.org/en/news/announcements/announcement-06mar13-en.htm >> >> >> I've missed the deadline on public comment for this by a >> day or two, but I'd still like to see if we can make a >> small comment on it if we can. >> Here is my draft comment - if NCSG could approve it >> (quickly), that would be great, otherwise I'll just put >> it in as a personal comment. >> Any additions or disagreement? >> >> Regards >> David >> >> ---------- >> >> The regular update of the Security, Stability and >> Resiliency Framework is a very important part of ICANNs >> SSR function, as attested by its inclusion in the >> Affirmation of Commitments. >> >> NCSG notes the significant effort involved in preparing >> the FY13 Security, Stability and Resiliency Plan, and the >> progress towards implementing the recommendations of the >> Security, Stability and Resiliency Review Team >> Report. While work so far has seen the completion of >> only some recommendations, we note planning and progress >> has been made for all the recommendations, and we >> appreciate the commitment to full implementation. >> >> >> NCSG supports the definition of ICANNs SSR role and >> remit. In particular, NCSG values the acknowledgement of >> areas that lie outside ICANNs remit, and NCSG strongly >> agrees that ICANNs role does not include law enforcement >> or determining what constitutes illicit conduct. >> >> NCSG welcomes the explicit acknowledge of the necessity >> of a continued multistakeholder approach to security, and >> notes the inclusion of civil society within all >> discussions of the Internet and security ecosystem, and >> particularly welcomes the inclusion of engagement with >> civil society on privacy and free expression issues as a >> commitment for FY14. >> >> >> >> >> >> >> >> -- >> Alain Berranger, B.Eng, MBA >> Member, Board of Directors, CECI, http://www.ceci.ca >> <http://www.ceci.ca/en/about-ceci/team/board-of-directors/> >> Executive-in-residence, Schulich School of Business, >> www.schulich.yorku.ca <http://www.schulich.yorku.ca/> >> Treasurer, Global Knowledge Partnership Foundation, >> www.gkpfoundation.org <http://www.gkpfoundation.org/> >> NA representative, Chasquinet Foundation, www.chasquinet.org >> <http://www.chasquinet.org/> >> Chair, NPOC, NCSG, ICANN, http://npoc.org/ >> O:+1 514 484 7824; M:+1 514 704 7824 >> Skype: alain.berranger >> >> >> AVIS DE CONFIDENTIALITÉ >> Ce courriel est confidentiel et est à l’usage exclusif du >> destinataire ci-dessus. Toute personne qui lit le présent message >> sans en être le destinataire, ou l’employé(e) ou la personne >> responsable de le remettre au destinataire, est par les présentes >> avisée qu’il lui est strictement interdit de le diffuser, de le >> distribuer, de le modifier ou de le reproduire, en tout ou en partie >> . Si le destinataire ne peut être joint ou si ce document vous a été >> communiqué par erreur, veuillez nous en informer sur le champ et >> détruire ce courriel et toute copie de celui-ci. Merci de votre >> coopération. >> >> CONFIDENTIALITY MESSAGE >> This e-mail message is confidential and is intended for the exclusive >> use of the addressee. Please note that, should this message be read >> by anyone other than the addressee, his or her employee or the person >> responsible for forwarding it to the addressee, it is strictly >> prohibited to disclose, distribute, modify or reproduce the contents >> of this message, in whole or in part. If the addressee cannot be >> reached or if you have received this e-mail in error, please notify >> us immediately and delete this e-mail and destroy all copies. Thank >> you for your cooperation. >> >> > --