Sharing is caring!


  • ICANN to Participate in the 2018 Africa Internet Summit (AIS)
    on April 24, 2018 at 7:00 am

    The Internet Corporation for Assigned Names and Numbers (ICANN) is sponsoring and participating in the Africa Internet Summit (AIS) from 29 April – 11 May 2018, in Dakar, Senegal. This annual summit is organized by the African Network Information Centre (AFRINIC) and the African Network Operators Group (AFNOG). The AIS has evolved into a unique and important multistakeholder platform for information and communication technology. The summit brings together global and regional Internet industry stakeholders – including Af* and I* organizations – for a series of seminars, workshops, tutorials, and panels. ICANN's main activities at the AIS include: 5 May: Special Workshop for ICANN-Accredited Registrars in Africa The ICANN-accredited registrars based in Africa recently finalized the formation of the Afregistrar Association, part of the Af* family. Its main objective is to reinforce and strengthen the African domain name industry. It accomplishes this by increasing the number of ICANN-accredited registrars in the region, enforcing policy, and encouraging use of domain names both at the regional and national levels. The workshop will offer ICANN organization staff and AIS participants additional insights into specific operational needs and the challenges facing our contracted parties in Africa. A detailed agenda is available here. 5 May: ICANN Governmental Advisory Committee (GAC) Capacity- Building Workshop This workshop, co-organized with the Organisation Internationale de la Francophonie, will build momentum on raising awareness among African GAC representatives and governments. The workshop will cover how to participate and contribute effectively to policymaking in ICANN. Tarek Kamel, ICANN's Senior Advisor to President and SVP of Government and IGO Engagement, and Chérif Diallo, GAC Vice-Chair Elect, will lead the discussions. The full agenda is available here. 6 May: ICANN Day ICANN will host ICANN Day for the fourth year in a row. The session's goal is to raise awareness of ICANN's role in the Internet governance ecosystem and to foster ICANN's engagement in Africa. This year's agenda will cover some of the current hot topics in the Internet governance ecosystem, such as General Data Protection Regulation (GDPR). Pierre Dandjinou, ICANN VP of Global Stakeholder Engagement in Africa, will lead the sessions, and ICANN Board member, Mike Silber, will deliver a keynote address on the GDPR. Silber's keynote focuses on ICANN's efforts to ensure compliance with the GDPR and gives context on how the GDPR affects Africa. View the full agenda here. AIS Plenary Presentations ICANN will also participate in plenary sessions covering topics including Domain Name System (DNS) abuse and mitigation, the root zone key signing key (KSK) Rollover, and Universal Acceptance. For more information, visit the AIS website. We thank everyone in advance and look forward to seeing you in Dakar! […]

  • Data Protection/Privacy Issues Update: Summarizing our Recent Meeting with Article 29
    on April 23, 2018 at 7:00 am

    I'd like to provide an update on our ongoing discussions relating to the GDPR. Today in Brussels, ICANN org's Akram Atallah, John Jeffrey, Elena Plexida, and Theresa Swinehart joined me along with Board member Maarten Botterman, to meet with the Article 29 Working Party (WP29) Technology Subgroup and representatives of the Directorate-General for Communications Networks, Content & Technology and Directorate-General for Justice and Consumers. This meeting was in follow-up to the Article 29 Working Party 11 April letter. I was grateful for this opportunity to share with them additional details on the ICANN org's work with the community to develop an interim compliance model. We also reiterated ICANN's mission and how it relates to the purposes of WHOIS defined in the model. The Bylaws (Section 1.2) require ICANN to perform its mission "for the benefit of the Internet community as a whole;" and that ICANN must take into account that WHOIS, "meets the legitimate needs of law enforcement, promoting consumer trust and safeguarding registrant data." (Section 4.6 (e)(ii)). During the meeting we hand-delivered communications received from the Business Constituency [PDF, 108 KB], Intellectual Property Constituency [PDF, 137 KB], International Trademark Association [PDF, 202 KB], Non-Commercial Stakeholders Group [PDF, 179 KB], and the U.S. Government [PDF, 259 KB]. We also provided the following materials: A chart [XLSX, 14 KB] comparing ICANN's Proposed Interim Model [PDF, 922 KB] with input received from WP29 [PDF, 400 KB], the International Working Group on Data Protection in Telecommunications (IWGDPT, a.k.a. "Berlin Group") and the GAC [PDF, 232 KB]; A proposed timeline [PDF, 33 KB] for implementing the interim compliance model; And a technical paper [PDF, 1.85 MB] outlining how WHOIS works. We reiterated to the WP29 that we are committed to compliance with the law and that we, along with the community and ICANN's 2,500 contracted parties, still need additional time for implementation. Also, without further guidance from the data protection authorities (DPAs) on a working model, it is difficult to retain a single approach to a GDPR compliant WHOIS system. During the discussion regarding the timeline, the DPAs requested information regarding the implementation of anonymized email addresses in WHOIS contact information. It is clear from our meeting that registrant, administrative, and technical contact email addresses must be anonymized. We also shared some further thinking on the accreditation model and will provide them with a more detailed version based on their input during the meeting. This information will also be shared with the community. We appreciate the feedback we received during the meeting. From our discussions, we agreed that there are still open questions remaining, and that ICANN will provide a letter seeking additional clarifying advice to better understand our plan of action to come into compliance with the law. We also understand that the community may have opinions regarding the clarifications or interpretations of the law provided by the DPAs. All of this information is needed for the ICANN org and community to move forward, so that we can continue to establish the necessary milestones for compliance, and ultimately implement a model that is fully compliant with the law. We continue to work with the ICANN Board on the important next steps to be in compliance with the law, together with the community. Our dialogue with the DPAs is part of our overall work including evaluating all of our available options to ensure we maintain a stable and secure Internet and comply with our bylaw obligations relating to WHOIS. We will continue to publish questions, proposals, and solicit community input as your feedback remains a vital part of the discussions. As always, you can follow the latest updates on our Data Protection/Privacy Issues page including the updates to the FAQs [PDF, 76 KB]. We welcome the community's input and invite you to email your thoughts to gdpr@icann.org. […]

  • Improving our Planning and Preparation
    on April 23, 2018 at 7:00 am

    Over the last year, we all have worked hard to understand the European Commission’s General Data Protection Regulation (GDPR) legislation. One question that has been asked many times is: why didn’t we start the process earlier? I guess there are many answers to that question, but one might be lack of awareness. GDPR is, to my understanding, the first time a local law has an effect on the community’s ability to create policies, impact the scope of pending policy work, set limits on future policies, and impact contractual enforcement – but it surely will not be the last.  ICANN is not a political institution, and there are many things that are not and should not be in our mission, but we need to be better prepared. It’s becoming increasingly important that we, as both an org and a community, pay closer attention to any potential legislative efforts that may impact ICANN’s mission or operations. After several discussions with you during ICANN meetings, we decided to assemble a list of legislative proposals that could have an effect on current policies and future policy development. This reporting effort is intended to help us look at how these legislative initiatives impact ICANN and avoid unintended consequences; the effort is not focused on how ICANN can inform and impact the development of any legislation. Being able to identify any legislative efforts early-on is critical to ensuring that we’re prepared for any impacts those efforts may have on issues within ICANN’s remit. It also affords an opportunity for stakeholders and the community to provide factual information on how the technology works to avoid unintended consequences of legislative efforts. But, just as importantly, we’re interested in the ICANN community’s views and inputs on new legislative and regulatory efforts, and hearing your thoughts on how those efforts might impact ICANN and its mission. We can have early, collective discussions on issues such as how to address potential policy impacts, or how ICANN community participants – including members of the Governmental Advisory Committee – might help spread broader understanding of ICANN’s role in the wider Internet governance ecosystem, or other ideas to inform, educate and prepare for impacts on the work we undertake to execute our mission. As ICANN’s President and CEO, part of my remit is ensuring the ICANN org is ready for any and all challenges that may impact the way we operate and support the community. To this end, I’ve asked that our Governmental Engagement (GE) team begin identifying and regularly reporting on high-impact legislative developments around the world. This is a new effort, so we may change the format and some other details as we hear feedback from you. Please review the initial report, and let us know your comments on this blog. We see this as a joint effort between the ICANN org and the community, so we want to hear from you regarding any high-impact developments in the e-privacy and cybersecurity ecosystem that should be tracked in this report. We encourage you to provide our GE and Global Stakeholder Engagement (GSE) teams with information on new developments in your region, or leave comments here on this blog. The aim is to provide useful information for you. I hope that you appreciate the effort and look forward to your input if we missed something. […]

  • The Information Transparency Initiative (ITI) Feedback Site is Now Live
    on April 23, 2018 at 7:00 am

    I'm pleased to announce that today, we launched the ITI feedback site (feedback.icann.org). As I have written about in previous blogs and discussed at ICANN60 and ICANN61 sessions, this site is intended to provide you, the ICANN community, with the ability to share your input on the content and features the ITI team is working on to improve the findability, transparency, and accessibility of ICANN public content. The first item we are looking for your comments on is an updated Acronyms and Terms feature to replace the existing feature. Our update doubles the number of terms available, provides up-to-date definitions for the terms, and improves search. Unlike most of the ITI project, we will launch this updated feature on the current https://icann.org before 31 May 2018. The deadline to provide your input on the proposed updates to Acronyms and Terms is 30 April 2018, 23:59 UTC. Please visit feedback.icann.org to experience the proposed changes and complete a short survey. How the ITI Feedback Site Works The ITI Team will regularly post documents, mockups, or video walkthroughs of new content and features. The proposed content or feature items are listed on the homepage under the heading "Feedback Needed." Each item lists a deadline by which you need to provide input. Simply click on the item you're interested in. This will take you to another page, which provides you with the option to either download a mockup or watch a video walkthrough. Once you have completed that task, click on the "Feedback" button to complete a short survey or email your feedback to informationtransparency@icann.org. Once the deadline has passed, the ITI Team will collect and publish all comments to feedback.icann.org. All published results of the survey will be anonymous, unless otherwise requested by the submitter. We will review all submissions and make our best efforts to implement the feedback, prioritizing input that serves the goals of improving search and accessibility, and increasing the transparency of our content. Feedback Deadlines We do have a tight deadline for community comments – one week for each new item. The reason for this timeline is we need to maintain a rigorous development schedule to ensure we are delivering the project on time and within budget. However, feedback.icann.org is not your only avenue to share input. ITI has many other opportunities to learn about ITI and provide comments including: Regular sessions at ICANN Public Meetings. Special sessions or webinars for Supporting Organizations and Advisory Committees (SO/ACs) on request or for special features and content like Public Comment. Monthly blogs and newsletters. Via email at informationtransparency@icann.org Feedback Translations As I outlined above, we are working at a brisk development pace. This does limit our ability to fully translate feedback.icann.org and its survey. But, if you want to share feedback in another language, email us at informationtransparency@icann.org. It is important to emphasize that one of the primary goals of ITI is a multilingual https://icann.org, and the sooner we complete this project, the sooner we can deliver on that goal. ITI Goals ITI's goal is not a revamp of https://icann.org. While the ITI team is working on making improvements to your User Experience (UX) on https://icann.org, the vast majority of our efforts are focused on: Creating content governance through new, enforced workflows and the creation of a consistent, multilingual taxonomy. Building new technical infrastructures including a first-ever for ICANN document management system (DMS) and a new content management system (CMS). This new infrastructure will enforce this governance and enable improved content findability. Much of this foundational work won't be available on the feedback site for your input, but we will show the intended benefits of this work through the content and features we will share. ITI Update The ITI team has been hard at work completing that foundational work I mentioned above. We have completed the following tasks since the January 2018 launch of ITI: The foundational build of the DMS and CMS, and the integration between the two platforms. Sixty percent of the content audit and the taxonomy creation. Interviews with SO/AC leaders, registrants, registrars, Fellows, and other ICANN stakeholders. We have also begun work on the following items: Content modelling, workflow creation, and content governance enforcement in the DMS. Accessibility guidelines and multilingual site implementation planning. ITI will launch in December 2019. ITI Backgrounders For those of you unfamiliar with ITI, you can read about what it is and how it will benefit the ICANN community in my kickoff blog. You can learn more about how the content audit and taxonomy will help your search experience in my January blog. We also outlined the differences between ITI and the Open Data Initiative (ODI) in our pre-ICANN61 blog. We Need Your Feedback Remember, we need your input to help us make the specific improvements to search, transparency, and accessibility that you need and want. Please visit the ITI feedback site and email us anytime at informationtransparency@icann.org. […]

    on April 20, 2018 at 7:00 am

    As you know, the ICANN organization took down its Adobe Connect service midway through the ICANN61 meeting in response to reported issues with this service. Concurrently, we began to conduct our own forensic analysis of the reported incident and began working with our Adobe cloud service provider, CoSo Cloud LLC, and through them with Adobe to learn more. Shortly thereafter, we rolled out instances of Zoom and WebEx for the community to support remote participation (RP) and collaboration. Here's where we are now: The Forensics Investigation With respect to our forensics work, we received application logfiles from CoSo Cloud, going back for a period of one year. ICANN Engineering and Security teams have examined these application log files and the results of our investigation clearly show "fingerprints of incursion" by the researcher who reported the issue. We were unable to find any other indication that anyone else either identified or exploited this issue. Thanks to the person who found the bug again. Working closely with CoSo Cloud, we were able to recreate the reported issue, and understand the conditions required to trigger it. This information has been communicated to Adobe, and Adobe is working on a software fix to address the root cause of the issue. We have also been working with CoSo on options to re-enable Adobe Connect in the shorter term. We have determined there are two viable paths to accomplish this goal. They are: Deploy a hardened configuration to eliminate "man-in-the-middle" exploitations by encrypting relevant traffic, or Implement a programmatic fix from CoSo Cloud to substantially reduce the window during which the issue can be exploited. With respect to the first option, we attempted to hack the hardened configuration in a test environment last week, and were not able to do so over the course of 7 hours. Separately, CoSo Cloud and Adobe conducted similar tests and confirmed that this configuration is protected from exploitation of the issue. Community Feedback and Next Steps For the last three weeks, we have been gathering limited feedback regarding users' experiences with WebEx and Zoom. So far, we have input from about 200 people, including ICANN org meeting organizers and the ICANN community. Our analysis of this feedback indicates a desire to revert back to an Adobe Connect, providing the security of the service is ensured. Accordingly, we would like to propose the following plan to the broader community for consideration: We would like to restore Adobe Connect services with both the new hardened configuration and the programmatic fix discussed above. Our intent would be to restore service by 3 May. This would allow us to use Adobe Connect during several upcoming events including the Board Workshop, the GDD Industry Summit, and ICANN62. Once Adobe releases a new version of the software with a fix for this issue from their perspective, and provides assurance the update has been adequately tested, we will move toward that release of Adobe Connect in a prudent manner, with the help of CoSo Cloud. We believe that this approach will ensure the security of our content, and of our community interactions, while also enabling our community to use the collaboration tools of their choice. Before we make these changes, we want to hear from you. What do you think? Please submit your thoughts on this contemplated move before May 2nd here: RP-tool@icann.org Meanwhile, we will continue to offer WebEx and Zoom for RP and collaboration purposes. We will also continue to follow industry developments, including the research ALAC is doing on the RP and collaboration space, to ensure we are using secure and cost-effective tools that are appropriate for our needs. I look forward to your comments! […]

(Visited 2 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *