IGF 2019 – Day 2 – Raum V – WS #331 Should we tackle illicit content through the DNS?

The following are the outputs of the real-time captioning taken during the Fourteenth Annual Meeting of the Internet Governance Forum (IGF) in Berlin, Germany, from 25 to 29 November 2019. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 



>> THIAGO TAVARES:  Good afternoon, ladies and gentlemen.  Welcome to the Session 331.  With the proposed questions should we track illicit content through the DNS.  I would like to invite the organizer of this session, Professor Hartmut Glaser, which is one of the internet pioneers in Brazil.  He is the Secretary‑General of the Brazilian steering committee.  You're very welcome, Professor Glaser.

My name is Thiago Tavares.  I'm one of the board members of the Brazilian Internet steering committee and the Safernet Brazil president.  Today we are going to have an interesting discussion, a very hot topic that has been discussed in many forums, and the Internet and Jurisdiction Policy Network.

To introduce the first round of the discussion, I would like to invite two distinguished keynotes to update us on the state (?) and provide some truths to our debates afterwards.  It's my honor to ask Bertrand de La Chapelle, the director of the Internet & Jurisdiction Policy Network to take the floor for a short introduction on the global interaction of the internet and the jurisdiction debate of DNS in content.

>> BERTRAND DE LA CHAPELLE:  Thanks, Thiago.  I have what, 25, 35 minutes, 40?


>> THIAGO TAVARES:  If you could do it in ten, I would much appreciate it.

>> HARTMUT GLASER:  That is always the danger with Bertrand.

>> BERTRAND DE LA CHAPELLE:  No.  That's okay.  I will be careful.  Hi, everybody.  I think it's better if I stand because I see people and you see me.  I'm Bertrand de La Chapelle.  I'm the director of the Internet and Jurisdiction Policy Network.  Among the three activities and three programs we have, there's one called domains and jurisdiction that addresses specifically the question that can be framed as follows:  Under which condition is it appropriate to act at the DNS level to address activities of content that are inappropriate underneath?

I've seen in the room a certain number of people who are following the work or participating in the contact group.  I want to take a few minutes to highlight a certain number of issues that are related to this.

First of all, why is it a relevant question?  It is a natural tendency to think that to make it simple, the domain name system is a wonderful control panel.  If you have a problem somewhere, wow, the problem is solved if you just flip the switch and take down the domain name, and it's solved, right?

The thing is, a lot of people, and it's important to reiterate this, do not understand that when you suspend a domain name, the site actually continues to the available.  The example I took to explain that to somebody a few weeks ago is that if you're in a hotel and I do not give you the address of the hotel, the hotel is still there.  If you have the GPS coordinates, you can still come to the hotel.  The GPS is the equivalent of the IP address, and the address is the equivalent of the domain name.

Using the domain name as a tool is only reducing the ease of access to something.  The second thing is, the second mistake that a lot of people make is that they use the expression to delete a domain name.  Without getting into details, it's important to understand that when a domain name is deleted instead of suspended, it usually means that actually it is released again on the market.  So you delete who was the owner, et cetera.  But it can actually be used again.

So these are two elements that are very technical in nature, but that are often misunderstood.  The next thing that I want to highlight that came strongly in the work of the group is the very course nature of action at the DNS level.  Because if you take down or suspend a domain name, you basically impact a lot of other services, and in addition, it is something that is global.  Because you cannot do the equivalent of your own IP filtering that you do on a platform.  If you suspend a domain name, it is applicable world‑wide.  It is a very blunt instrument.

In addition, it prevents access and use to a lot of other services.  So there is a fundamental question.  Which is, when is it appropriation Nate action to do something on the domain name when you want to address something at a lower level in the content or in the activity of the site?

The next point that is important is where should those things be discussed?  Those of you who followed the discussions within ICANN, you know that has been an ongoing discussion.  Around the label of DNS abuse.

The question is, is this within the mandate of ICANN?  Is it not within the mandate of ICANN?  Is it in the mandate of ICANN?  Is it not within the mandate of ICANN?


>> BERTRAND DE LA CHAPELLE:  You can continue on forever.  Not as important as this question is, it prevents people from actually addressing the question.  This is why the internet jurisdiction policy network created this space that allows the different actors to go beyond just having sessions on this at every ICANN meeting but without getting into the heavy development of the policy process which is a bit premature and a lot of actors don't necessarily want.

I come to the last point which is once we've said I think its he DNS is a rough course and blunt instrument that cannot be used in all cases and has potentially detrimental effects.  It is not at the moment agreed on how to address it.  We're nonetheless confronted with the fact that there are situations where it is appropriate to do it

So there are a few questions that I will not elaborate but are the ones that we try to help the different actors access in the domains and jurisdiction and contact group which are, for example, how do you define the types of abuses that need to be addressed?  Here there's a distinction between the labels may vary, but there's a distinction between what is more directly related to the infrastructure in a certain way bot nets, mall aware, phishing attacks, spam, if you put it in that category.  On the other hand, things more related to content.  It can be copyright.  It can be things related to pharmaceuticals and sales of regulated substances.

So this distinction is what is the threshold at which it becomes legitimate to act at the domain name level is important.  The other element is what is the responsibility of the different actors when confronted with a notification regarding this?  And who make the notification?  Is it a public entity or a private notifier.  If it's a public entity is it a public entity in the country of the registry or registrar or is it a foreign court or a foreign authority?

If is a private notifier, what are the due diligence steps that this private notifier has taken?  Is it what the registry or registrar is recognizing?  What other steps, what other formats, what constitutes good notice?  What are the different components that should be in a request so that the registry or registrar doesn't have to make a full evaluation that they're in most cases not competent to make?  At the same time, what are the mechanisms that will allow the entities that want to act and do the right thing to act in a proportionate matter that doesn't overburden their activity and is respectful of due process, procedural guarantees, et cetera?

I stop here.  It is a very important topic.  It's one of the three programs that the Internet and Jurisdiction Policy Network are facilitating.  The other two are content moderating and platforms and cross‑border access to electronic evidence.  What's important to share here there are actually connections between the three programs, and we're trying to make sure that the people from the domain name community are aware of the evolution of thinking on content moderation and in particular ‑‑ I can elaborate further if you want ‑‑ the notion of international normative coherence of illegitimate content.  And likewise, are aware of the discussions that are taking place in the context of access to electronic evidence because there are some regulations that might directly impact the domain names, operators in particular in regard to Ruiz from outside the ICANN environment.

So I stop with this.  I could go on for ages, as Thiago knows.  But it's a pleasure to have the opportunity to introduce this.  And don't hesitate to go to the website to find the work of the remarkable people in the contact groups.

>> HARTMUT GLASER:  Before I introduce the second speaker, we have some seats in the front, one, two, three, four, five.  Those who are stand, welcome.

Now I would like to introduce and invite, Polina Malaja policy advisor of the European top domain level registries to take the floor.  And also give us a short introduction on the European experience.  Welcome.

>> POLINA MALAJA:  So good afternoon, everybody.  And thank you for this introduction and for this opportunity to have a short glimpse into European experience when it comes to the content moderation discussions on DNS level.  So I've prepared also a few slides for you.  Thank you for getting them.  I hope you see them.  Yes.

So as I said, the center is an association that represents European country top level domain registries such dot GE for Germany and dot eu for European Union.  Before giving a few examples on European ccTLDs are tackling the topic from their side, I would remind everybody that ccTLDs are technical operators of DNS infrastructure and their responsibilities include operating their DNS for their TLD only and maintaining the registry database.  And all of that, all of those responsibles are there to make sure that domain names can be used to navigate the internet.

Before ‑‑ sorry.  Before we could even enter the topic of content moderation on the DNS level, it's important to establish the simple truth that registries have no control over content online.  They do not host nor pass any content through their infrastructure at any point in time within the internet traffic.  And this is an important fact that needs to ‑‑ it is a foundation of all the discussions.

And the only action that registries can do when with it comes to responding to content online is to suspend domain names which Bertrand highlighted before.  That means the domain name is taken down, if I use another word for that, in its entirety, as a whole.  There's no way registry can only address a particular part of the website and take down or remove content from the internet.

And another point about ccTLDs is they're deeply rooted in their local rules and legal framework and everything they can or cannot do is restricted within the local jurisdiction.  And another important point is that many ccTLDs are already governed as multi‑stakeholder model, and they regularly consult a local internet community including governments and law enforcement authorities when revising their policies.

And they're also active collaborators and many international and internet governance for example at the IGF level and being active collaborators for discussions sharing their practices with other detailed and generic top level trench industries.  They're registered with ICANN and participate in the internet and jurisdiction policy network that Bertrand has outlined.  It's also important to highlight that ccTLDs are considered to be experts within the local Internet communities on technical issues and they regularly provide technical trainings to governments and law enforcements and policy makers in general.

And before ‑‑ yeah.  The second part of my introduction is I would like to highlight a few notable examples from ccTLD world when it comes to tackling this question of content moderation and there are many, many more examples because all ccTLD are different as I highlighted.  In the interest of time I'll focus on three that have chosen different approach and it's also important to bear in mind while there are successful approaches from the ccTLD world to many policies around the topic, just simply copying a policy from one jurisdiction to another, it does not guarantee a success.  It might not even be legal in another jurisdiction.

The first example I would like to highlighted to is dot no.  It's a registry for Norway.  The registration of the domain names in Norway requires local presence and also identification of domain name holder.  Within the Norwegian jurisdiction domain name holder is primarily responsible for the use of the domain name.  The role of registry that is the technical operation has also been recognized by the Norwegian Supreme Court has that explicitly stated that an registry does not undertake any control of the content of website nor did is it have any mandate to react to websites that may appear to violet the law.  This is part of the dot no operator.  It is collaborating with law enforcement authorities or other competent law enforcement.  Maybe making sure there are procedures available to assess if there are any illegal activity has been conducted online.

The second example that I would like to highlight today is the dot dk operator, DK host master, an operator for Danish country code.  Denmark has a legal framework that obliges the operator to verify data in its registry database.  The national EID system is used to verify data of the domain name holders.  However, DK host master is not looking into website content either.  If they're spinning a domain name, they do it on inaccurate registration data, and that is in violation in their terms of service.

Another interesting example is dot be, a country code for Belgium.  They have an interesting collaboration procedure with their national government.  It's an interesting one because this procedure code notice an action procedure allows the registration in cooperation with the Belgium government to act fast in fraudulent use of dummy domain names.  The government can only result to this procedure as a measure of last resort when is it exhausts other means and has to provide proof if all the other means are exhausted.  It also includes some liability guarantees for dot be registry which taking action in this procedure.  So DNS Belgium is not assessing whether something illegal has happened or not happened online.  This is left to the authority.

Finally, to ‑‑ yes.  So these are the three examples that I wanted to highlight today.  However, there are more and more practices as I've highlighted because all ccTLD are very different.  We have issued, published a center issue paper on that.  You can check it out yourself by the link that is provided just in the bottom of the slide.  And you can learn about other ccTLD experiences within the online content.

So finally, to respond to the two policy questions that have been posted to the panel and looking forward to other discussions as well.  From my side, I would like to highlight that blocking access to illegal online content on the level of DNS infrastructure is not as effective as removing illegal content by taking action against the owner of the ‑‑ or the hosting provider because simply suspending a domain name does not remove content.  It doesn't prevent content from moving to another domain name.  It's clearly not the most efficient way and should not be used as a first step when addressing any harmful or illegal content.

And another point that I'd like to also say, the DNS operators such as ccTLD are already established policies and practices within their own technical capacity to tackle these problems.  However, registries cannot assess at any point of time and they don't have capacity to say whether something is illegal or is not.  And that should be left to the competent authorities to assess.

Any misunderstandings on the role of the registries including by equating them to the other actors within the internet ecosystem which have detrimental consequences with other stakeholders and users and businesses, so this is an important point that I wanted to highlight today.  And I'm looking forward to the discussions.


>> THIAGO TAVARES:  Thank you very much.  Now I would like to move for the second segment of this section four distinguished speakers to join us.  To address the first policy questions proposed to this session.  It's my pleasure to invite Manal Ismail, she is the director of the international technical coordination department at the national telecommunications authority of Egypt and the ICANN chair.  It's also a pleasure to invite Thomas Rickert.  He's an attorney of law, director of names and numbers, association of the internet industry in Germany.  And it's also a great pleasure to invite Jennifer Chung, she's director of corporate knowledge for dot Asia organization to oversee the policy for dot Asia.  It's a great pleasure to invite Miguel, the general manager of LACTLD for the administrations of TLDs from Latin America and Caribbean.

And the policy question that we have, the first policy question that we have to discuss is blocking access to illegal content, illegal online content at the level of the DNS infrastructure is as effective as removing illegal content by taking action against the owner, publisher of the hosting providers?  Who wants to jump in for us?  Thomas?

>> THOMAS RICKERT:  Thank you so much, Thiago.  Hello, everybody.  In preparation for this session, I noticed that this topic of blocking access to illegal content has been haunting me for more than 20 years now.  I'm not sure whether that's a good thing.  Some of you might reminder in the early days what they should take down or not.  Then we had discussions about what access providers should be doing and if they should be limiting certain access to content.  Now we're talking about registries and registrars to take action to tackle illegal content or the visibility thereof.  We're moving closer and closer to the root.  I'm asking myself at what point we're going to go to ICANN and ask ICANN to ‑‑

>> AUDIENCE:  (Off Microphone)

>> Root server operators and ask them to remove entire zones?  Joking aside, I hope this is not going to be reality at some point, but there's a saying in Germany and I hope the translation will carry the idea that for somebody with a hammer, everything looks like a nail.  So if we're trying to manipulate the DNS, folks will easily use that opportunity to shut down content that they don't want out there and don't each look for other things.

I think that we need to take a far more nuanced look at the issues at hand and the policy or technical responses thereto.  We need to take a look at what issue is at hand.  Are we talking about child sexual abuse material?  Where content that is online might be evidence of ongoing abuse scenarios?  By merely making that invisible by whatever technical means we are potentially taking away chances for law enforcement to step in and end the abuse.  Right?  So we need to take a look at what is at risk.  On the other hand, we do know that for victims of abuse, it is particularly challenging to know that material depicting them is still out there and invisible.  But that needs to be discussed differently than copyright infringements or free speech or other forms of content that might be objectionable to some target groups.

So I think that all this discussion, I'm sure we will get back to this.  We need to bear in mind that we need to take a look at what is the issue and what is the appropriate response?  In Germany we had a law to limit access by virtue of DNS blocking.  It was put into force in 2010 and it was abandoned in 2011.  There was a big discussion surrounding this.  And there was a plea by free speech advocates and many other groups that said, let's try to delete stuff instead of blocking access to it.

If I may, Thiago, I've dug out a few figures because if you take the trouble of trying to go to the company that actually hosts content rather than to prevent access to certain content at the DNS level by other means of filtering or blocking, you can bring about change.

So the BKA, federal police in Germany has conducted or they have published a report and I have more information to substantiate this, this is a couple years old, but they looked at 143 websites.  Instead of blocking, they went to the hosting providers and asked for a take down.  Because most of that stuff is violating their acceptable use policies or terms and conditions.  Within one week they had 68% of the websites deleted.  Within two weeks they had 93% deleted.  Within three weeks they had 98% deleted and after four weeks it was the 9%.  So these are quite old figures.  I have other statistics that I will happily share.  But this is to show that if we take the trouble of manually going after bad content, if we channel it through the right ‑‑ to the right organizations such as law enforcement to host being companies we can do both things, reduce the visibility of content and also help victims and ongoing abuse scenarios.

>> THIAGO TAVARES:  Thank you very much, Thomas.  Manal, perhaps you could be next?

>> MANAL ISMAIL:  Thank you very much.  Before talking, I have to disclaim I'm not speaking here for all governments, of course.  I'm not speaking for the GAC.  I'm just chairing my own views from a governmental perspective.  So I worked for a government throughout my career path.  I chair the GAC, so I understand somehow how governments think.  So just not to be talking for anyone.

So just to start here by saying that, of course the illicit content is of deep concern to governments.  And we have to agree that governments would be looking for quick, if not immediate action efficient way of taking this content down and we'll be trying to do this one way or another.  And we have to appreciate that also in some circumstances this is valid and legitimate.  There was an excellent session this morning on addressing terrorists and violent extremist content online.  And they were discussing the Christ church call initiated by New Zealand.  I'm just explaining that sometimes there are really legitimate reasons behind what the governments call for.

Having said that, I still find some room for discussion.  I mean, we can call for immediate actions, but we can still keep them reversible, for example, just in case we took the wrong decision or have unintended consequences somewhere.  We can ask for effective actions but still if they are proportionate, then it would be equally good.  But if we just ignore the concerns and say it's not us, this doesn't help.  Governments will try to find one way or another to have this issue addressed.

So I think we need to put ourselves in other person's shoes and understands their concerns and have this dialogue ongoing and at the end if there is a process that needs to be followed provided that it is efficient and quick, I don't think anyone would not want to follow.

Still we need to find some avenue for specs, something like the Christchurch call, we need to have a fast track or somewhere where we can speed up even this efficient process even further.

I would say the internet and jurisdiction provided an excellent venue for starting this discussion.  I have to say also I met a few parliamentarians here.  I'm thankful for the German government for inviting parliamentarians and for bringing this very big number.  I think there are 140 or 150.  I spoke to a few and everyone I met ‑‑ not everyone from the parliamentary.  The few I he met said this is an eye opener, the discussions here they need to know more about this.  I think we have keeping those channels open and keeping everyone informed and updated so we make sure that at the end what they come up with does not ‑‑ I mean from the internet somehow or pose any unintended consequences or otherwise.

So I'll stop here and give others the chance.  I didn't want to give you the short answer to the question.


>> MANAL ISMAIL:  I'm sure you're looking for discussion.

>> THIAGO TAVARES:  Thank you very much.  Miguel, maybe you can be next and give an update.

>> MIGUEL ESTRADA:  I'll give you the short answer and the answer is no.


>> MIGUEL ESTRADA:  It's not effective.  There's a big risk of having an impact when taking down a domain name.  As an example, if US registry are somehow looking into content of your domain names and you find phishing, you decide to take down that domain name because there's a web page with phishing and maybe the owner of that domain name knows there's a website you're going be to taking down a whole business without the responsible person for that content knowing what happened.  If you take down a domain name, they can easily ‑‑ the ones behind that domain name, they can easily use another domain name.  And if not, the domain name will still be available using the IP address.  It's like blocking the sun with the hand.  You cannot do that.

Also you're making the ones responsible for the illegal content that you have an eye on them.  If they want to go back, legally speaking, they could go back with a better website and more difficult to take down.  Because maybe they can start complying to the reasons you gave to take down the domain.  So the solution is to find the responsible.  If you can't find the responsibles, you go for the one that's hosting that content.  That would be the hosting company or whatever.

We, LACTLD, held in August this year a workshop where we invited judges, prosecutors, (?) and also platforms and brand owners.  What surprised me most in that workshop is that brand owners were telling that they were tired of asking judges to take down domains because they would have to do the first time and then a second time and then a third time and the same person will be behind that domain name.  So they're wasting time and they're wasting money.

What they intend to do and that's why they were there is to give tools to judges and prosecutors and (?) to find the responsibles, not just to block the sun with your hand.  I don't know if I have any other point, but I don't think ‑‑ I don't want to forget anything.  Sorry.

We know that maybe some content might be created with more urgently than other content but if you want the content to definitely go offline, you would have to take the content offline, not block it.  As Bertrand said, deleting the address from the guide won't take the house from the street.  It's kind of the same.

>> THIAGO TAVARES:  Thank you very much, Miguel.  I invite Jennifer to give respect to the Asia‑Pacific.

>> JENNIFER CHUNG:  I don't want to echo what my colleagues already have said on this panel.  The short answer really is no.  Recalling what Polina said earlier, registries operate as do not and cannot be responsible for or able to take down any kind of content.  And what Thomas said is really correct.  You can't use the bluntest, most strong tool to do something ‑‑ for example, if there's illicit content on otherwise legitimate website, there's no way for a registry operator to surgically remove bits and parts of it.  It is what Bertrand mentioned before, we can only suspend it, hold it, we can remove it from the view.  But then if you have the IP address, you can still see it.

So what really can be done about this?  We're not really talking about the effectiveness of really targeting this thing when you have to really go to the hosting providers that publishes the online content, the people who can actually get to changing, deleting altering this content rather than going all the way up to the hierarchy to use such a tool.  There was a joke earlier about going all the way to the root service which is really ‑‑ that's not desirable in any way, shape, or form.

Also the question is, I think Polina mentioned, even if a registry takes down, for example, a website, the content can then jump to other fora.  They can go from TLD to TLD to website to website.  What is actually done in the sense when you go to a registry operator and say, you need to do?  Maybe it's because for them to identify, okay, well, maybe our information is out there for people to see, but then when you think about it on a deeper level, you're not really addressing the actual problem.  You can't use something that is so blunt and, you know, to borrow Miguel's phrase to use your hand to cover the sun to pretend to prevent it in different ways.

I'll share what recently happened there are protests in certain parts of the world where there's illegal things happening and permanent data is posted online this is also known as docking.  The this is not an DNS abuse in the technical sense.  Of course it is content abuse in the privacy sense.  When those websites get taken down, they get to move to different sites.  Should registry operators care about this?  We cannot do that in our framework but should we have information sharing or digital fingerprinting on these things?  These can be further discussed and developed.

But going back to the short answer, Thiago, I think I will have to agree with everybody up here that it really is not an effective use to do that.

>> THIAGO TAVARES:  Thank you very much, Jennifer.  Now I would like to take two interventions, one remote participants and another one from you guys.  Before we move for a second policy question.  No remote participation?  Okay.  Does anybody want to take the floor?  There is one gentleman.  Please introduce yourself.

>> AUDIENCE:  Hi.  I'm Jack from assembly floor from Australia.  I think the main thing I guess everyone is worried about is what is illicit content.  This differs by jurisdiction.  I was just in the internet splinternet panel just before, and given that it's hard ‑‑ especially for registries if someone registers a domain, the TLD, that's covered under German legal ‑‑ German laws.  Why wouldn't they just move to another registry where ‑‑ with much more free laws, right?  And, again, I feel like it just doesn't help especially ‑‑ for example, the US passed FOSTA‑SESTA in April last year which criminalizes anything seen as sex trafficking and given that the US doesn't really have any form of legal sex work, that effectively caused a lot of platforms that supported sex workers around the world to disappear overnight which put sex workers in more harm.  So I guess legality is different for jurisdiction it's a slippery slope to a more, I don't know, less free internet, I suppose.

>> THIAGO TAVARES:  Thank you.  Bertrand?

>> BERTRAND DE LA CHAPELLE:  Yeah.  Actually it's a good thing to intervene after that.  Because it's part of what I wanted to say.  As the others have said, yes, the answer to both questions is no.

The question is, what do we do once we've said no?  We continue to explain why it's not the best thing.  Is there something better that can be done?  Where can we go next?  There are a few things.  One is that we all understand this is a problem we have in common.  I'm sorry to repeat it over and over again.  I'm using this in almost any intervention.  We keep arguing about all those issues about applicable laws on the internet and so on as if it's always the responsibility of somebody else.

It's either the government saying to companies, you don't do what you should be doing.  It's your responsibility.  And the companies say you're putting too many regulations on us and is this proportionate and Civil Society and apologies for those that heard the joke.  Businesses and businesses I don't like when you're doing things behind closed doors and behind our back.  The challenge what we're trying to do is put people around the table is to say, we have a common problem and the problem is and it has been mentioned directly, what are the different actions that are necessary across the whole chain of accountability?

You have a user posting something on either its own website that he has bought the domain name or on somebody else's site that can be a platform.  This is hosted by a hosting provider.  And they have other actors we have not mention the cloud players, the people who are replicating this, the cloud service provider, all these actors are part of a common problem which is how do we collectively as a society and different actors collaborate and coordinate to weed out the things that we collectively consider as inappropriate?

I don't think anybody considers that phishing is a good thing.  How do we combat phishing?  What is the different responsibility of the different elements in the chain?  We're talking about reaching the user.  This is a whole problem that you know is addressed and is under discussion on the whole who is thing.  There is a notion that has emerged in some ccTLD on the protection of the users.  You can have proxy registration.  The question is, is the individual person in the end potentially reachable through sufficient legal steps.

There are other issues I want to touch very quickly on, is the law of a country where a registry or registrar is incorporated applicable to all the content that is activated under a domain?  In other terms, is every site under dot com supposed to respect American law or a registrar in the US.

There was a case very called director where the domain name was seized although it was a European entity because the domain name had been bought under a registry or registrar in the US.  Another question is if a registry or registrar receives notification from a court related to a mid‑order from a foreign country, should this registry or registrar only operate under a court order of their own country or not?  These are very valid questions.  They're not a simple answer.

I just want to encourage all of us to say, once we have all agreed ‑‑ I completely agree with everything that has been said ‑‑ no, it's not the right place.  As I said in the introduction, there are still cases where it is the right place because of urgency, because of the egregious nature of the content, child abuse being one, but there can be others.  What is the chain of responsibility?  What is the ‑‑ what are the corporation mechanisms that can be put in place so that when problems arise, they're tackled at the right level with the right procedures to actually reach the people who are doing the harm and not necessarily use the chain as the main target because it's simpler?

But this is a common problem, and the DNS is one component in the whole thing.  There are many aspects that are related to the type of content that is internationally inacceptable or very locally unaccessible.

>> THIAGO TAVARES:  Thank you so much, Bertrand.  Now, I turn it over to professor Hartmut Glaser to introduce the second policy question that was proposed for this session and to go through the bases for now.

>> HARTMUT GLASER:  Let me introduce the second question.  Ready?  If DNS operators have any role to play, should they be the same responsibilities as hosting providers and publishers of illegal content, or should they have a different legal statement?  What are the risks inherent to one size fits all approach to the matter?  Manal, you start?  You sit on my side, so it will be easier for me to give you the mic.

>> MANAL ISMAIL:  I will learn not to sit by your side next time.


>> MANAL ISMAIL:  So to the first question I would ultimately say no, but with the condition I mentioned before.  Moving to the second question, I don't of course see the same ‑‑ since we agree that it's no for the first question, I don't see the DNS operators playing the same role, of course, as the hosting providers or publishers of the illegal content.

But, again, I can see a role for them at least in ‑‑ as I said, you cannot just say it's not us and leave it as this.  You have to find then an alternative avenue that would accommodate the concerns of the governments.  And I'm sure if you tell them if you go to the hosting provider or the publisher, this guarantees more effective results because the content will not be put elsewhere.

This would be more efficient because it's the shortcut to the publisher.  Otherwise, even if the operator wants to help, they will contact the hosting provider.  And this would each take more time.  So if you're providing an alternative that is more quick and more efficient, I'm sure no one will say no.  But if we just ignore and say, you don't understand.  It's not us.  We have nothing to do with this.  Then I'm sure they will try to use the hammer.  (Laughing)

>> MANAL ISMAIL:  Don't try to look like a nail.


>> MANAL ISMAIL:  Jokes aside, I'm just saying that we have to appreciate the concerns.  And they are valid and legitimate.  We have very good examples this morning.  So just trying to find a common way forward and accommodate the concerns as possible.  I can see the dialogue is progressing in the right direction, I would say.

>> THIAGO TAVARES:  Let's follow ladies first.  Jennifer?

>> JENNIFER CHUNG:  Thank you, Hartmut.  So I don't think we can say no and then just wipe our hands of everything.  I think, of course, registry operators and DNS operators as well, we've actually taken it on.  A lot of registries and registrars have taken a good faith approach to try to come and discuss it and two weeks ago, I see a lot of colleagues in this room, we met at the ICANN meeting in Montreal to talk about what DNS abuse is and how we can kind of come together to come to a common information sharing framework to be able to tackle it.

I don't think DNS operators should bare the same responsibilities because we aren't in control of the content.  I don't need to reiterate what we were talking about in the previous segment of the discussion, but we are also intermediaries.  We're not the arbiters of the comment.  We don't want to be judge, jury, and executioner.  When we have a court order from other jurisdictions it is much, much easier to take this piece of paper and say, it came from a court.  We have this, you know, right or this obligation to act because it's a court order.

An interesting thing you pointed out was different jurisdictions.  Dot Asia we're headquartered in Hong Kong but we receive lots of different court orders from around the world.  A lot from the US, of course.  We do look at it and act upon it.  It is within our anti‑abuse policy to act upon it with sole discretion.

That being said, you know, a lot of this does come on the technical abuse, right.  If it affects the integrity, stability, and security of the TLD, of the registry, then, of course, we need to act right away.  When we come to content, as lot of panelists have said and also the question from the floor, there's a sliding scale here.  What jurisdictions are we looking at?  What kind of norms?  What kind of cultures?  I think really what we're trying to do here is to get the most information to the people who can act upon it to create this information sharing that we can then take it forward, whether it is cooperating of course with the law enforcement authorities within different jurisdictions, regional ones, and of course amongst ourselves, the registries and registrars, sharing this information is really crucial.

>> THIAGO TAVARES:  Thank you.  Miguel, it's your time.

>> MIGUEL ESTRADA:  So my answers are no, no, no.  That is the most negative intervention on a panel I have in my life.


>> Let's go to ‑‑


>> MIGUEL ESTRADA:  It is in the way some expect we are part of the logical layer of the internet, so, again, we have no responsibility for entitlement to inspect content.  That's not the idea.  Would you ask the RIRs to go through every one of the IP addresses to search what's behind them to see what's legal or not?  I don't think so.  So we shouldn't do that.

I think our responsibility is to collaborate and be responsible with the information requests from authorities and educate authorities in what information are we able to provide because that is something that usually happens.  For example, I don't know, dot something the ccTLD has asked for information on dot com or whatever and also make them aware of the risks when they decide to finally take down a domain name.

From ‑‑ again we held an illegal content workshop in bog tie in August where we invited judges, prosecutors and LAAs and we had a day where we trained them on the different layers ICANN identifies from the Internet, the infrastructure layer, the logical layer, and then the economical or content layer.  So they can identify what kind of information they can expect from each one of the actors in those layers.  And what we find during this workshop is that mostly platforms, hosting providers, and everyone at the content layer were really collaborative with them and were eager to collaborate because they don't want to have that content within their platforms.

So if each one in each capacity in each layer collaborates, everything's going to be better.  Again, we're going to be finding the responsibles for illegal content and not just blocking the sun with the hand.

>> BERTRAND DE LA CHAPELLE:  You said it was an illegal workshop.

>> Illegal content.

>> HARTMUT GLASER:  Okay.  Thomas, please?

>> THOMAS RICKERT:  I think I'd like to get back to my earlier point that we need to take a very nuanced look at what we're trying to solve and who can solve a particular issue.  We've heard the registries and registrar perspective.  I spoke a little bit about the ISP perspective.  I think we need to note that registries and registrar registries and registrars have a binary choice to make either to make a domain name work or suspend it from working through different technical means.

An IST can take a more nuanced approach to things.


>> THOMAS RICKERT:  The first precedent was with BT clean feed where you could filter out the URL level each.  So that is possible.  I think we need to take a look at what is the infringement that is alleged, what is the good that is to be saved or preserved?  And then for certain types of abuse, the registrars and the registries have something in their acceptable use policies or they check the registration in but the data is inaccurate and suspend the domain name because of that and not on the infringement they can't comment about.

For ISPs, it's even more different because they don't entertain a contractual relationship with the holder of the domain name.  And in Europe we have laws that specify who's responsible for content that they generate themselves and publish themselves for content that they host for others.  And then scenarios where they are the mere conduitee where they're the line for the third parties.  The first crack at that came with German with the information and communication services act in 1996 it was made and in 1997 it was put into force.  That was basically copied into the European level way back when.  We're now on the verge on eroding this where mere conduits can't be liable for third‑party content.  So we're sort of reviewing this at the moment.  There are changes away and the political demands to change that.

I think that's very ‑‑ that's a very dangerous thing to do.  And there has been something at the European court of justice where these web blocks have been tested.  As a matter of last resort so the court said, both at the European level as well as at Germany, as a matter of last resort, that can work.  And you need to balance what rights are at steak for the internet service provider whose right to choose their profession which is embedded in our Constitution is at stake.  The.

The right to self‑determination is at stake.  The telecommunication secrecy is as stake.  I'm saying exceptional courses can block all this.  This is ‑‑ I think I've exhausted more than I have in terms of time.  We need to take a look at who does what ask who has the best angle on that.  It's not good to shut down a domain name and then shut down websites that are perfectly legal.  I think in this the political debate I'm missing that somebody wants to take the table to look at roles and responsibilities and who can do what.  Going to ask ICANN to do things out of ICANN's mission is a no‑brainer.  Going to a registry ask them to produce content they don't have inference on is a no‑brainer.  I think we need to map that out and it all needs to be a constitutional due process when content is taken down.  It can't be done in hiding.  That's the most important message.

>> HARTMUT GLASER:  Polina, you like to comment, please?

>> POLINA MALAJA:  I think I want to echo exactly what my co‑panelists have said.  I think the really important part is to really understand what role registry plays within the ecosystem, then we can see what they can do and in which circumstances.  It's not about shielding ourselves no, we cannot do anything and don't come to us but come to us when you have highway exhausted all the measures or there's imminent threat to consumer interests, collective consumer interests.

I think another important part about suspending a domain name, I think it can be considered ‑‑ compared to a nuclear measure to respond to illicit content.  So I think also the question of reversibility of the action it should also be on the table because what if it's done by mistake?  This is the role of the competent authorities there who can assess and say you're taking this great action of taking down the whole thing and suspending an entire domain name.  I think it can only be done in emergency cases when there's no possibility to address it at the source.

I think this is an important part that needs to be considered within this debate and not just equating all the stakeholders and considering they all have the same responsibilities and have the same control of the content.

>> HARTMUT GLASER:  Before I ask the audience, let me ask Bertrand for his comments.  Then we go to the audience.

>> BERTRAND DE LA CHAPELLE:  Thank you.  Usually when I work on all the issues, I like to take the devil's advocate arguing for one category of actors in front of others and vice versa.  One thing that is ‑‑ it's striking me as we hear the exchange here, one of the big difficulties of the registries and registrars is that they have to work on two fronts.  And those two fronts are very difficult to reconcile when you speak publicly.

On the one hand, the level of misunderstanding of the technical aspects forces to overemphasize the no, we cannot do it.  This is not technically what is supposed to work.

Meanwhile, the vast majority of them are actually doing stuff.  They're addressing the technical abuses, particularly bot nets, mall aware.  I want to emphasize what was said in passing, when something is compromised it's a delicate thing.  They pay a lot of attention to understand how to tell the person, the registrant, which is the person that has to be protected because it's actually their site that has been hacked sometimes, that they can work with that.

The problem with content is that there is an increased pressure at the moment that is coming, and so on one hand they have this difficult position of having a very strong message that says no just to explain that it is difficult.  At the same time, if they begin to say, but we're doing a lot of good things, then the whole door is being pushed, and then you can do other things.

That being said, as I said before, there are things that have to be discussed because at the moment we do not have the solution.

One example is somebody was mentioning the situation of you have an online pharmacy in one country, perfectly legal in one country.  But they bought the domain name from a registrar in a completely different country and the registrar in the second country receives a notification for a third country that says, you know what?  Pharmacists are illegal in my country, and this one has no authorization.  Let's say it's a pharmacy in India and requesting country is Japan.  How are we going to collectively to address the thing that there might be a distinction between this website is entirely in Indian languages for the population of India, doesn't sell abroad, doesn't sell any prescription to anybody outside of India, and even says it explicitly on its site, versus exactly the same domain name where the operator is actually providing a web page in Japanese, sending pharmaceuticals in Japan, has no authorization there and has refused three times or four times to comply with the request to not deliver things in Japan?  That's the very difficult issues that we're confronted with it.

The explanation of last resort has been used.  It is manifest that in the first case it's absolutely inappropriate to suspend the domain name for something that is fully legitimate in India and not serving any other actor.  On the other hand, if there are three strikes, whatever, and there's manifest ill well, maybe it's a last resort measure to suspend temporarily or something like that.  But asking the DNS operators to make proactively this kind of research, is certainly not appropriate.

I like the comment saying we're not asking the original internet registry to check every single IP address is a very nice pun.  There is a sliding scale from the editors who have full responsibility of everything that they're posting including the owners of the website to the upper end or the other end of the change where the responsibility is technically and morally and operationally completely different.  We need to discuss what is appropriate to be done at each state.

I want to insert one last thing.  On the content aspect in the content and jurisdiction program there's a notion that is emerging which, I mentioned earlier, international normative consistency.  Very quickly four categories.  There are types of content that everybody in the world that everybody considers inappropriate and the standards are relatively or quite similar.  Child abuse material.  Second category, everybody agrees it has to be addressed but the standards are different, defamation.  Third category, not everybody agrees but due to local circumstances some content can be considered illegal, denial of Holocaust in Germany or France.  Fourth category not only is there no agreement there's also a strong disagreement because some countries considering the legislation of another one shouldn't exist.  Sexual orientation, discrimination, racism, whatever.  If you think about those four categories, you can couple it with the notion of geographically proportionate jurisdiction because the domain name suspension is not only blunt for all the services but it's viscerally and structurally global, it is only if you meet the highest standard of normative consistency and high level of proof that it makes sense to act.  This goes to the due process America nymph of how you establish the fact that it is indeed infringing globally that will trigger that sort of thing.

These are the discussions that we should have together.

>> HARTMUT GLASER:  Thank you.  Is there remote?  I will go to the audience.  And I will ask you please to say your name.  It can be a comment or it can be a question.  So you please very clear.  Let's start here with my friend from Russia.  He was the first.

>> AUDIENCE:  Thank you.  Thank you, Hartmut.  EPLTD for the record.  Thank you that was quite illuminating.  I was happy that everyone was on the same page.  I just would reference to the manila principles, I was trying to find out if there is any government or new government as a signatory to the document, and I didn't find any.

So my question is, how soon do you think governments would be in a position to appreciate manila principles and validate them.

The other question, listening to everyone, I realized that at times we seem to be living in different worlds or yourselves, if you will because for some of our members in the EPLTD world imagine a situation where the same registry is the registrar and the only one ISP and on top of that, and this is a real life case, the Ministry of IT or whatever is at the same time the prosecutor general for the nation.


>> AUDIENCE:  So my question to the panel, would you suggest any kind of universal remedy for those small guys, usually landlocked or island‑based registries, dash registrars, dash whatever, are there any universal remedy or any universal answer they may come up with when ‑‑ yeah, on top of that, they are all public entities, not private.

So when their minister slash prosecutor general comes with a question as to what to do with whatever request for the domain name suspension or deletion.  Thank you.

>> HARTMUT GLASER:  The lawyers usually have an answer for every question.

>> I'm afraid I don't have an answer to the question to give you an informed guess of what's going to happen and when.  I think the organization that sort of performs our roles as a one‑stop shop including the public side of things.  This happens but you find other companies that also perform more than one role.  I think you need to really specify the responsibility per role.  And then as you typically would, you would try to find the least invasive measure.  I think when it comes to the prosecutor general instructing the person sitting next door that's responsible for managing domain names, that would be an odd case.  I would hope that you find more due process in such a country.

We're discussing approaches and jurisdictions that try to do their best in order to come up with constitutional approaches.  The situation that you described doesn't seem to be amongst them.  I think that's a exchange in itself.  I think the only thing that we can ask for is ask for due process and ask for all solutions that are being discussed not to be voluntary or handshake agreements but they're founded in applicable laws.

Let me give you one brief example.  Its evenly going to take a few seconds.  Many years back at the beginning of the 2 thousands in a European country that shall be remain unnamed it's not Germany.  There was an arrangement between internet providers and law enforcement whereby law enforcement would send lists of websites to be blocked to the ISPs and then the ISPs would implement filtering or blocking technology and there was overblocking.  So somebody complained and went to the ISP my website doesn't work.  Why is that.  They said we take this filtering list from the law enforcement on an as‑is basis.  You talk to them.  We gave you this as inspiration for feeding your filter.  We didn't give you as a legally binding order.

So that's what we want to avoid.  It needs to be due process or contractual.  You can't have your AUPs and ask them to play by certain rules and if they don't you kick them out.  That happens in business everywhere.  We should avoid doing shady arrangements with public authorities and wait for court orders or other things that can be challenged in the courts.

>> HARTMUT GLASER:  We have two other questions here in the middle, yes.  Then we have on the other side.  Let's see the time.  We have five or six minutes.

>> AUDIENCE:  I'll hurry.  My name is Sebastian.  I'm a researcher for the last three years on a research project in cooperation with the Danish CC registry.  My research has been looking at a lot of these questions.  So legal exemption can be most corrective in how registries fit under that.  Trusted notifiers and what the contractual practice is especially the European ccTLD where one‑third has content related notion.  From a legal research perspective agree with the very many noes I hear today.  I think it's an important clarification on content abuse, et cetera, also in the view of the European revisions potentially.  But then there's this one thing about all the measures that are being taken place.

I think one aspect which would be interesting to look more at are platforms which have those practices in place.  There's a lot of discussion about transparency I would like to see from a research perspective to see what do renal industries do because things are happening.  Trusted notifier models are really difficult to get content on.  They're being discussed in many different places right now.  Maybe the panel has some thoughts on that.  Thank you.

>> HARTMUT GLASER:  Any comment?

>> (Off Microphone)

>> HARTMUT GLASER:  The last row and then the lady on the other side.

>> AUDIENCE:  Hi, my name is Gabe Leavitt.  I'm pharmacychecker.com and founder of a nonprofit group called prescription justice.  Online pharmacy is a very big topic and Bertrand brought it up.  I was a little bit intimidated to ask a question but then he brought it up, so had I had to say something.  Long story short there are tens of millions of people in the US who don't fill their prescriptions because the drug prices are too high.  And there are a subset of safe international online pharmacies often based in Canada, sometimes based in other countries that are working with licensed pharmacies, and Americans import lower cost prescription drugs from those pharmacies using a website.  They help ‑‑ have helped millions of people.

Then there are lots of rogue sites and Bertrand alluded to this problem of rogue sites and counterfeit drugs.  But, Bertrand, you know, I believe, that the pharmaceutical industry would like to see the safe international safe online pharmacies go away to and put pressure on the domain name system to do so.  So in your first example you said that's a completely legitimate site.  So obviously there shouldn't be any action, but in this ‑‑ on this other site maybe there should be a one, two, three strikes policy, that kind of scared me.

What do you mean by a three strikes policy?  Would that require a court order or how are you viewing that?  Thank you, everybody.

>> HARTMUT GLASER:  Let's listen to the last question and see if you can summarize.

>> AUDIENCE:  We have one here.

>> HARTMUT GLASER:  The lady first.

>> AUDIENCE:  I want to say thank you and I'll be quick.  My name is Laurie Schulman, I'm from the international trademark association.  So I do speak on behalf of brands.  I want to say generally I agreed with what was said on this panel in terms of making sure there are approaches due process that the DNS is a last resort and not the first resort.  I think sometimes in these panels where my members take issue is that there's the perception that brand owners are going to the DNS first when in fact typically they're not.  There is an understanding it is a last resort.

I would also like to hear from the group and comment on an content related question.  We heard Thomas mention copy right.  It's well known that copyright and trademark counterfeiting online goes directly to issues of child abuse.  They're related to organize the crime, human trafficking, substandard conditions, child labor, there are real social harms here and we're a social community trying to find problems to solve the ‑‑ solutions to the bigger problems.

So I would like to hear a little bit about how you reconcile that?  Because I do get concerned when trademark infringement and copyright privacy are looked at as secondary to other concerns you have when in fact the profits from these activities online go to fund the harms that you're relating to in your four concerns.  I'm going to add one more thinker thing in deference to my colleague Susan Anthony from the federal government we agree it's important that the industry continue to talk to each other and to intellectual property owners and the private sector businesses to come up with solutions as the debate goes on.  And while the trusted notifier programs are one solution.  Another solution we think is a verified registrant programs that is ‑‑ it could be very good.  We see this happening in CCs and we see discussion online about making sure that where people go to buy their domains is a trusted place that the domain is trusted itself.  We see a lot of thing going done on predict inch modeling on who may or may not be a registrant that would use a domain for not a legal purpose.  It's controversial.  It's not each beta tested yet.  There are good results about predictive analysis of registrants who will use their domains as they should and registrants who will defy laws.

>> HARTMUT GLASER:  Okay.  Thank you.

>> AUDIENCE:  Thank you.

>> HARTMUT GLASER:  Last question on this side.  Please, very brief.  Our time is over, and we would like to see ‑‑

>> AUDIENCE:  I'm going to read my question.  I'm here with youth IGF Brazil.  As some of you may have heard during the last years we've seen the emergency of some initiatives attempting to decentralize the DNS by utilizing blockchain.  Ma of these procedures don't succeed because of many reasons but it disrupts the DNS entirely breaking apart from ICANN.  I remember reading earlier this year about a project that intends to decentralize only the root itself and not the DNS entirely by utilizing blockchain.  Such a project is said to have many benefits such as increase safety and strengthening Brazilians and avoid domain squatting.

I was wondering ‑‑ I know this can only stir comments of a speculative nature but I was wondering if you have views of utilizing blockchain to fight illicit content?  Would it be beneficial or quite the contrary?

>> HARTMUT GLASER:  Jennifer, would you like to comment, general comments about the questions?

>> JENNIFER CHUNG:  Just really briefly because I think others do want to also answer.  Briefly to the question on the trusted notifiers, currently it's still being discussed each within the industry.  It's really, nascent right now.  What you can do if you want more information, you can come to the mailing list, come to ICANN and discuss with us.  But more importantly I think the motivation behind that is we really want to stress that we're not the arbiters of content.  We want to entrust it to people who are experts to recognize what ‑‑ okay.  This is child sexual abuse, this isn't, et cetera, et cetera.  We're not qualified to do that.  So that's probably the intent behind it.

I think there were other questions that maybe other panelists are more suited to answer.

>> HARTMUT GLASER:  Miguel, general comments?  Very brief.

>> The last question ‑‑


>> Final remarks.



>> Actually it's a no.  I don't find a relation.  Maybe you can enlighten me on blockchain and fighting illegal content on DNS.  If you can get me later I'll be pleased.  No, no, no.



>> THOMAS RICKERT:  There were so many points and we have only a few seconds left.  To Laurie's point the reason I made a distinction between copyright infringements and child abuse material, let me illustrate this.  I was president of the association from 2000 to 2005 that's an international network where tips of illegal content are being channeled to the appropriate authorities.  We were thinking what areas of concern could be tackled at the global level, this is in line with Bertrand's point.  That's something where it's universally accepted that it is illegal.  The second point is that you can judge the ill legality from looking at the content while if you take a look at a movie or other copyrighted material you cannot determine from looking at the content whether it's a licensee that offers the content or not.  So that is ‑‑ it's a difficulty that warrants a different treatment of those contents.

Also, the copyright infringement is not copyright infringement.  If I sing a song or if I come up with a song that is being parroted that is probably less of a concern than if Pink or some other global artist is copyright is being infringed upon.  As I said, the constitutional rights need to be balanced against the rights of the network operators and others.  That makes it more difficult.  That doesn't mean that I don't sympathize with the needs of this industry, but different policy response is warranted.

>> HARTMUT GLASER:  Manal, final comments?

>> MANAL ISMAIL:  Thank you.  Just, again, quick comments and also touching on the question that came from our friend from Russia.  I mean, irrespective of the titles if my boss is telling me, take this thing down, I don't go and simply shut the server.  I can tell them I have a better way to do it or at least give it a try.

So if we agree that there is illicit content, then we should at least agree how to take it down.  If we agree it's illicit, then the most important thing is to agree how to take it down.

I think there is still a lot to be discussed, but if there is an alternative better way, I'm sure no one would object.  If we're telling them you have to contact X, not Y, no one would insist to contact Y, especially if this other route would be more effective in terms of results and more efficient in terms of time.  So I'll leave it at this.  Thank you.

>> HARTMUT GLASER:  Polina, you have comments?

>> POLINA MALAJA:  Thank you.  So I also would like to echo what Laurie was saying and researches to towards those needs of the industry, but I have to agree with Thomas here.  I think investigation of the serious crimes you mentioned should be left for the competent authorities.  And it's really not the responsibility of the registry to ‑‑ they're not able to look at the content and see if a pirated website if the revenues they receive is actually going to fund human trafficking or other criminal activity or not.  This is really not the place.

The other point I want to highlight really is I think the fact that we're having this discussion and they have we have this panel already shows that DNS operators including registries do feel responsibility to take action to do something about this.  I think some of the examples that I gave during my introductory remarks about different approaches within the ccTLD is an example of that.  Laurie mentioned Euro IG and their approach.  There's more.  It's not that the registries and DNS operators don't feel responsible.  They do.  They just also want to their role to be respected and also they would be respected in technical capacities and that's my final remark on that.

>> HARTMUT GLASER:  Okay.  Thank you.  Now, Bertrand.  Very brief, please.


>> BERTRAND DE LA CHAPELLE:  I've been well behaved.


>> BERTRAND DE LA CHAPELLE:  Quick thing, it takes two to tango.  Sometimes when those things are being discussed, the spirit of cooperation disappears because immediately people retract in their positions and their mutual accusations fly.  This is not what is going to lead to the situation in cooperation.

I will give you one example.  There is a thing we didn't have to mention here, but algorithmically generated domains is something that is necessary for bot nets.  We never talk about this.  This is a major problem and with he don't have legal solutions.  That is the type of thing that needs to be discussed.

The other thing is, I don't want to forget the question that was asked before, the first one, without getting into details, the digital services act and the whole discussions in the European Union are going to be extremely important.  I want to highlight again that I've done in many instances including in the environment of ICANN and the program on domains, pay attention to discussions on the way the e‑evidence regulation that is currently in front of the European Parliament.  It will impact the DNS operators and it will impact on the whole discussion on who is.  It needs to be taken into account.

The question on transparency is a very valid one.  This is something that has been discussed a little bit in the domains and jurisdiction program last year.  The question is, what are the good metrics?  Those of you who follow the famous discussion on the DAR system, reporting of abuse and having the information, numbers are often not sufficient.  The question is who responds to what?  What is the due process that has been adopted for those things?

I want to highlight that one of the outcomes indirectly of the work that we're doing and I'm very happy about it was the presentation in Montreal of the framework that a certain number of operators have begun to explore, and it's a first step.  But it's an illustration of the fact when you put the actors around the table, the governments, the operators, the big platforms, the Civil Society, and international organizations you can make progress as long as the spirit of cooperation is there.  Again, I hope that this panel will alleviate the need for the registries and registrar community to defend tooth and nail the fact that it is not the right level which is preventing the discussions on the things that people really want to do together.

>> HARTMUT GLASER:  Our time is over but I would ask Thiago the co‑organizer of the workshop have the final word.  You now have time until midnight, no problem.


>> HARTMUT GLASER:  Try to bring us together.

>> THIAGO TAVARES:  Thank you, professor.  Of course, there's no time for conclusion statement but we do provide a report summarizing the arguments.  For each of the policy questions that was discussed today and the practice and policy making having to do with illegal content online.

Finally, an invitation for you all, besides the topics discussed here today, there are also other types of abuse that need to be discussed including those that target the DNS protocol or subvert the DNS process especially the attacks that subvert the DNS process are very concerning as attackers use a combination of techniques to divert users' queries to DNS (?) and this other types of abuse will be discussed Friday at noon at the open forum number 48, organized by Melani the report for the information sources of Switzerland.  You are all invited to take part in that discussion and finder finally I would like to ask for a great applause to our speakers on the stage and also for the audience on site and remotely.


>> THIAGO TAVARES:  Thank you for your attendance.

>> HARTMUT GLASER:  Thank you for your patience.  Ten minutes over time.  Thank you.