EU ccTLD Operators Call DNS Abuse Study “Misleading” – Domain Name Wire

A group of country code operators question the EU study on DNS abuse.

Yesterday I wrote about the ICANN Business Constituency’s response to the European Union DNS Abuse Study.

Today we heard about European geodomain operators, and their assessment is not so rosy.

CENTR, a coalition of European ccTLD registries, denounced some of the study’s “misleading analyzes and unfortunate conclusions”.

The group said the definition of DNS abuse in the study is so broad that it encompasses all common forms of cybercrime. If it defines it that way, CENTR says it must include mitigation measures aimed at all actors, not just those in the domain’s ecosystem.

The CENTER declares:

The DNS Abuse Study therefore provided no clear rationale, or abuse-specific explanation as to why a proportionate resolution path first targeting the content-closest intermediary is not not appropriate, beyond a simplistic statement that it is generally not effective.

Indeed, domain registries and registrars are often used as a choke point because they are the easiest to define and, in the case of gTLDs, within a common regulatory framework.

But ccTLDs and gTLDs are different. CENTER writes:

…the recommendations asking ccTLDs to put in place measures similar to gTLDs also ignore the fundamental difference between gTLD and ccTLD governance. While technically a ccTLD and a gTLD perform similar functions in the DNS, their very different policy provisions are openly recognized by all stakeholders in the Internet ecosystem. ccTLDs are governed by national and international law, while gTLDs must also comply with ICANN policies. The specific rules and policies that govern ccTLDs depend on their country of establishment.

CENTR also opposes enhanced universal ‘know your customer’ requirements given the differing requirements in various European countries. He also warns that increased requirements will deter people from building websites:

Disproportionate verification requirements will hamper access to core infrastructure for businesses and customers wishing to establish their online presence in the European domain space. This would result in a competitive disadvantage for the EU ccTLD industry, as end users would prefer to opt for a more convenient option than a European domain name. Other options (such as a social media page) will allow the user to establish an online presence much faster and at a lower cost.

The group also questions some of the suggestions regarding the EU’s General Data Protection Regulation. The suggestions in the EU report appear to run counter to GDPR disclosure rules.