The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> ALEXIS DOUGLAS: Hello, everyone. We're going to discuss Domain Name System abuse. It is loosely experienced in the daily work and firmly grounded in the reality of consumers and demands that's happening online.
To give you an introduction to the panelist, we have Tara Harris. She spearheads the IP strategy, manages IP risk, and Intellectual Property. Risks and forces Intellectual Property assets, including the protection process. She's part of the South Africa Internet Consumer Group and one of the largest technology investors in the world. Next to Tara, we have Daniel Zohny who is the head at Avian. He has bar qualifications in Germany and the United States. He spent over ten years at FIFA where he led the protection for the World Cup tournaments. Right now he's at partner at Avian. He leads the Switzerland office with the head of protection there. Online, I think we have Dr. Zana. He's passionate about digital safety. I'm Alexis Douglas. My Intellectual Property practice includes helping clients come pat the online infringement and domain name system of use that we're going to talk about today.
The reason that we are here, myself, Tara, and Daniel, are all members of the International Trademark Association. One of our missions is to identify trends and practices online that impact Intellectual Property holders, and ultimately, really every day consumers. It is not just about brands and making money. It is about the people at the end of the experiences. That's a lot of what we're going to talk about today.
To this end, we put together a definition of domain name system abuse that seeks to hold registrars and registrants accountable for a wider range of harmful activity that's making it. Also to make it easier for companies, governments, and consumers to stop the activity online. So we have, you know, some of the objectives here for the programme. We'll go through the definitions very quickly not to bore you and put you to sleep. I think it is important to talk through these definitions and show why it is not enough and how the examples that we're going to speak about really touch on why there needs to be more protection and policies in place.
The slide clicker is not working. Can you go to the next slide for me? The next one. Two more after that. I just kept talking through the slides. (Laughter)
>> ALEXIS DOUGLAS: Keep going. Go ahead. This one right here. You can stop. Go ahead. Go back one more. Thanks.
Some of the common definitions of DNS abuse is the EU Commission Study that DNS abuse, Domain Name System abuse is any citizen that make use of domain names to carry out harmful or illegal activity. It can be a wide scope of activities; right? And in contrast, ICANN and the new registry agreement narrowly defines as malware, bot nets, phishing, and scams. These are technical contributions of what counts as DNS abuse.
The other business constituency gave us a broader definition that also included trademark or copyright infringement, fraudulent, deceptive practices, engaging in activity contrary to applicable law. We're going to take that and narrow it. It is broad. I think if you can slip up to the next slide please.
If you adopted a resolution aboard the resolution in 2023 to give the definition of the Domain Name System abuse, that's is simpler and easier to understand. It is broad. Any activity that tends to make use for the domain names and digital identifiers that are similar to domain names.
Now, you know, everything is included. To carry out deceptive, malicious, or illegal activity. And these three types of activity is what we're going to talk about today in our examples. Bad behavior online to put it simply. Why do we care about the definitions? There's a lot of harmful behavior that's happening right online right now affecting the general public. There are not mechanisms for stopping it. Easy mechanisms for stopping it.
I'm going to kick it over to Daniel to talk about where we started with Domain Name System abuse and where we are now.
>> DANIEL ZOHNY: Thank you. Kind of old school Domain Name System abuse. You've heard the cybersquatting and registering the name that's linked to a brand that you are the first one to do it; right? You are earlier than the registrant. As an example, in a different TLD, it is registered by somebody else. Normally with the model. I'm leveraging the fact. Trademarks invested the brands in their good faith. They might disagree.
If that was done for that specific purpose, so in that faith, registering the domain, there are mechanisms to get the domain back. An example, out of my practice when I was at FIFA, FIFA started to do a lot in the sports world. The sports world with the typical TOD that's used is dot gg. Dot gg also stands for good game. It is a term that's used by gamers. Somebody had registered FIFA for gg.
Now, FIFA wanted to use that domain. We have observations. For $17 million you can have it. That's not what the company thought the value was. Out of any pocket expense. You know, the procedure will start in arbitration before the end and the domain was registered. That's really not what we are typically talking about today. It is about domain names.
A lot of people don't care about the domain names anymore. So brands are now more faced with situations where the domain names that contain their brands are used for fraudulent activity. For scams, et cetera. That in essence, it doesn't really affect them. Much more effective.
For consumers, it is hard. Mostly good luck with that. I don't know what to do with this. Or you file a report. Brand owners are in the position to leverage their brand and trademarks and to file for or use the mechanisms available with the players in the field to get content and take you down and whatnot.
Thereby, also help consumers be protected. That was just the start in to it. To say I think things nowadays are much, much broader than what initially DNS abuse seemed to be.
>> ALEXIS DOUGLAS: Thanks, Daniel. Now we're going to go in to some of those examples. It is really hard to hear yourself. Some of these concrete examples that show what's happening, the issues, and that there's not simple ways to combat any of this.
One of the hypotheticals that we've come across in the last year based in several of us on the team, I think, have dealt with this in different capacities. Let's say there's a domain name. That was registered with the typo of the bank or other financial institutions name. Too many letters. Missing a letter. The bad actor points to the web site they were able to register and uses deepfakes to communicate with the target.
Other months, trust is formed. The consumer makes a money transfer to the wrong party without realising it. If the follow‑up call is requested to ensure the transfer is genuine, it is accepted at a fraudulent call center. These are not made up actions. These are things that we've all seen. If cryptocurrency was used, trying to track the therefore is completely impossible. Someone's bank doesn't know the money is not traceable. The consumer tries to get their money back and blames the trademark owner or the company or the brand owner for that loss. They come after them. They are complaining about them.
I think to ask our panelist to weigh in, how have you seen maybe examples similar to this? What have you done to stop it?
>> TARA HARRIS: Hello. Is this on? One of the biggest issues we have is with our classified platforms. Many of you shop online. The platforms will offer delivery services. What we see sometimes is scammers going on. Putting fake content and using it to lure people in. There's no product. The scammer now has the information. This is damaging. People don't trust the platform. People are losing money. The police don't always ‑‑ there's nothing they can do.
As a brand owner, what do we try to do to help the consumers? You know, we try our best to educate them. We warn them and put various things on the web site to say that you should only use the portals to speak to people. That doesn't always work. We also spent a lot of money trying to conduct, you know, daily domain name to try to catch anybody that's registering our brands in these web sites or in the domain names that we can try to close them as soon as the content goes down. That's some of the thing that is we see.
>> AHMED ABDELHAFEZ: Hello? Yes.
Another example that we had in 2022 a build up to the World Cup, there would be a lot of job postings online. With the FIFA logo and the logo of the World Cup, offering positions. Off targeted at countries like Bangladesh and Nepal. A lot of the migrant workers. Soliciting applications for jobs that didn't exist. These actors had nothing to do with the organisations. They only police sited the information. But to progress the applicant.
One could say this goes back to something that you heard a lot. Online literacy. Especially if you are newer to the Internet. This is the just the way it's done; right? You believe that. Others might say who would really think it works that way? A lot of people sent money. These are larger amounts in the western country. 100 to $200 is a lot of money in Bangladesh. It can be a year's salary. Oh, I'll go work. We dealt with this a lot.
The longer they are online, the more powerful they are. The main goal was to make sure no people were harmed. We get told about it. It doesn't affect the owner financially in a direct way. There's a direct financial loss to the consumer. That's something as a responsibility of big brands, you have to take care of.
>> ALEXIS DOUGLAS: One of the reasons is to hold the registrar accountable. What do you do when there's a web site? You said taking it down quickly. How fast can it be taken down?
>> AHMED ABDELHAFEZ: That widely differs. A lot of this happens on social media. It is faster with a lot of platforms. Depending on the platform really.
Normally, then you have as a first option or two options. You go to the host. The host the content on the web site. If it is a compliant host and they know what they are doing and they want to play by the rules, you can be successful pretty quickly. If you are lucky, within hours. If you give it enough evidence.
In some regions of the world, they are not really. You will fall on deaf ears. Then it becomes really complicated.
>> ALEXIS DOUGLAS: I agree. If there's a credit card and you as an organisational brand owner have the mechanisms and the knowledge to understand that's a sufficient case. You can go and use sophisticated tools. They cost money. I think what is important for smaller companies that do not have such a budget or do not necessarily even understand the need for these tools. They will not know where to start.
Again, I think trying to explain often when we get complaints the difference between the phishing attack person and simple infringement, or the job scams which we see and get a lot of complaints. People have handed over very personal information and attended online CBs, sent money and sent credit card.
Again, it depends on where it is. It is on the social media. We have three or four dimensional attacks. They get sophisticated. That's the issue. Trying to ‑‑ I've been doing this for so many years now. Even so the cases that are coming ‑‑ it is worth spending the resources. Are they using the trademark? Is there something that we can do. That's why it comes down to having the expertise and the skills in your team, the resources and the budgets to know which mechanisms to use.
>> AHMED ABDELHAFEZ: The investigation of the scams have exploded. Back in the day when there were scams, it is easy to detect. The English was broken. The links if you clicked on something it didn't work. It was pretty obvious. Nowadays with AI, people create web sites in minutes, put them up. They look perfect. Go down and next one is put up. You gave me an example of phish kits. Speak to that. That's interesting. Something that is rather new. The whole solutions are offered.
>> ALEXIS DOUGLAS: Hang on.
Before we do that, I want to tie it back to the idea of how long it takes to get something taken down. If you have the host who is responsive and sees there's some infringement. If there's not copyright that requires them to act quickly. If it is just trademark and a brand name on there. The host might not act. The registrar might not take it down. They don't know who is behind it. And the risk of taking something down that's real speech. They don't want to have to make that decision.
Then, you go through the uniform domain name and the UDRP process. Everybody does. That takes weeks. You have to hire a lawyer. It cost thousands of dollars. You have to file the fee and wait for the other side to respond. They don't. It is bad behavior. They are going to put it up on another site. The web site is up there for weeks until you can get it taken down. It is continuing to harm people.
People are continuing to put money in it or be deceived in to thinking it is a real site. I think that's tying that back to why there needs to be that broader definition to put the onerous on registrar and governments to make new policies and ensure that these kinds of activities can be stopped faster. That's what we're talking about here with these examples.
I will let Dr. Salem who is online chime in with his experience. If we can take the PowerPoint slides down and we can see him, that would be great.
>> SAMEH SALEM: For example, in 2023, the service and the rest for the individuals, including certain areas of operation. While in the application and code, they have managed to develop. And getting those. They have the space. They use mobile phones to message tools. The initiatives that appear to be the local person and information. It is another one.
Another vision that we have it. Also there's scams. One for the role and the other for the governmental roles. The consumer roles. Actually, this comes through the government as a cyber instance.
First, it validates the complaint and the relation to the financial institution. They scan the dimensional needs. We get suspicious and flow. The terms for the scans and local technicians spoke. It is for the invitation and just to prevent the officials. There's consumer awareness. They are in the campaigns and social media and this is the tools.
>> ALEXIS DOUGLAS: Thank you.
That's very helpful. It brings up one of the key pieces that government and businesses share the tools. We have the same tools; right? The brand owners. RDRS. You have to see who is behind it. Who is behind the bad activity for government to take action? It is also impossible for them after who is information, you know, was taken down to get accurate who is data. So governments rely on that. Intellectual Property owners rely on that. All to protect consumers.
Without that accurate information, it really limits the ability of anyone to figure out who is behind these web sites. And get it stopped. I don't know if the two of you have any more insight on that piece.
>> TARA HARRIS: I think in the previous session on DNS abuse, it might have been a Brazilian regulator. I joined a bit late. Not everyone needs to have the information. At least the platforms do. That should extend to DNS providers. They should have the right information. I don't believe that it should necessarily be published.
Of course, that would not be compliant. I think if there was at least some mechanism to have that in place, it would assist especially when a crime is being committed. Because at the moment, it could be that Mickey Mouse from California owns the domain name.
When you try to uncover that, then when you try to look at where it is hosted, that's usually hidden as well as behind cloud fare. You are hit with constant walls when you are on harmful content. That can be frustrating when you have customer that is are update and heard and have lost money. We have HR personnel who are being cloned. Even our staff is upset. People are pretending to be them. From my side, it feels like multiple walls that block you. The mechanisms if the criminals know what they are doing are not always effective.
>> DANIEL ZOHNY: You are very right.
Normally, time is of the essence. The longer they are perpetrated, the bigger the harm is. Often it takes quite significant amounts of time to deal with it. To find the information. To get behind it. Hope the hosts and registrars are compliant. See what you are seeing; right? Have some type of an issue of internal education of the people dealing with the complaints. Investment by the companies in the workforce to deal. It is not always that easy. I understand also from their perspective. Sometimes it is borderline.
Are you going to make the call and put the web site down that might be backlash? You are inhibiting speech. These are not easy questions to deal with. That's why, you know, regulation or clearer rules are important. To give guidelines on how to deal with such situations.
>> AHMED ABDELHAFEZ: We have one comment. Keith just added here.
>> AUDIENCE: Thank you. I'm Keith Drazek. Thank you for having the session. I'm with Verisign. I'll paraphrase in the comment. A phish is a phish whether there's IP distinction or not. The gTLD registrars and registrants do. We now have an obligation to mitigate the harms, the online harms and DNS abuse definitions. Phishing is clearly one of them.
If there are registrars are registries in any region that are ignoring well‑evidenced reports of phishing, they should be reported to ICANN. ICANN now has the tools to hold them to accountable. They have said if registrars continue to ignore well evidence reports of phishing, they will take action and hold them to account. Including the accreditation. That's an important tool now in ICANN's tool box that didn't exist before Q1 of this year.
So, this is a really important conversation. I wanted to note that ICANN has the tools. We're expecting ICANN to basically clean up the industry to the extent needed. Thank you.
>> ALEXIS DOUGLAS: Thank you. That's helpful. I do think sometimes proving that, the phishing ‑‑ I'm sorry. I think proving the phishing, that connection, having to give personal information about the consumer that you know was harmed. What do you do? Do you give that e‑mail? They lost $50,000 with their personal information in it to prove that? That's where it gets fuzzier. My brand name is on that. That's not my site. Take it down. That's not so quaint. We have a question in the front.
>> AUDIENCE: I'm Nick Smith. I'm the General Counsel for the Registry. I oversee all of the dispute resolution. We have a consistent reputation in general terms. We do have quite a wide definition under the terms and conditions. It would include any sort of unlawful content. I wanted to just explain FIFA here. I'll use the football example. We wanted the situation where there was a football manager, quite a famous one, called Alex Ferguson with the Manchester United. He posted his autobiography. He had a copyright in it. It was extensively reported when it was published. Including on the BBC's web site. He was pretty cross. He claimed it was an infringement on the copyright.
If you extend, you need to be quite careful about creating firm rules. Operators like to follow the firm rules. If you are careful ‑‑ if you are not too careful about widening the scope to clear the scams within the scope. That's an arguably copyright infringement. The logical consequence, maybe that was copyright infringement; right? The DNS level in that situation would be quite a severe one in the sense that the whole of the BBC's web site and all of their employees e‑mail addresses would stop working.
I'm just sort of testing the ties in the nicest possible way, and the industry generally have people who participate in the sorts of practices. They are very responsible and responsive. They have a very strong self‑interest, I guess, in terms of the reputation of their own infrastructure and resources. They need to be quite careful about over broad definitions. Thank you. Thank you for having the session. It was very interesting.
>> DAVID J. GIANNANTONIO: Thank you.
You made a good point. We get from brands lists of web sites that in their minds are infringing. If you took it just for the bare value and you go after them, we would have at one point taken down the major Australian retailer. There needs to be scrutiny. It is often a fine line. I totally understand from a registry perspective. You can't take the court. I get that.
>> ALEXIS DOUGLAS: We have one question over here. Then, we'll go back to the examples.
>> AUDIENCE: Thank you. Andrew. DNS enthusiast. Education helps. On the panel.
But when you've got mixed alphabets of letters, even if you are actively looking, it is really difficult to spot it. Maybe we and ICANN think about whether we should not allow mixed alphabets into the domain names. Just briefly, one is an informational point. The speed of exploitation and the research which says the size of the creature within an hour.
If you don't act within 24 hours, they are no longer interested. They stopped using them. They are on to the next one. You have minutes before the exploits beginning. The area is quite scary. The second one is building on what's been done. Let's build some more friction into the system. Know your customers tremendously valuable here.
If the domain isn't linked to the real person or legal entity. Mark the reputation down on the threat feeds. It becomes useful. Build on the good practice and make the bad actors less successful.
>> ALEXIS DOUGLAS: You spoiled our punchline.
>> AUDIENCE: We were apart from the beginning. I expect the other languages did something similar. I think I agree with you. It needs more technical solutions. I like that. They did something recently. It is similar to this.
>> ALEXIS DOUGLAS: Discussing the forum. It is simpler and easier to get things taken down. Definitely a leader. We were discussing that coming in to force in the EU is being adopted. We'll have an impact on understanding who is behind domain names and who is registering these and getting them stuff.
With their other examples, I think we were talking yesterday too. Just to get back in to the examples a little bit to keep hitting at it is not just phishing or financial fraud. We were talking about the products last night. If you could mention that. The average consumer being online, how does it affect them too?
>> TARA HARRIS: Okay.
I recently got asked by one of our platforms. We got some bad press. The businesses were upset. That was a device that was being hold. It was counterfeit. It was on the platform. We could take appropriate legal action. What we were talking about is the example of the small device. It is an anti‑choking device. This is not something that you want the counterfeit. If this was being sold on the domain names, for example, it could be dangerous.
Given the counterfeit product circulation, it is being sold in many places. In my view, that's an example of a dangerous product. People talk about baby car seats and baby formula and all sorts of things that could really have life or death. It could be dangerous.
>> ALEXIS DOUGLAS: The hook there too. I've seen this explode. It's gotten a lot easier to put up web sites that look like people with the device. Nothing ever comes. They get something that doesn't work. It is easier. Daniel touched on that earlier. I don't know if you have more examples of the domain names.
>> DAVID J. GIANNANTONIO: It is smaller companies. Then, it gets more difficult. They might not have region. If you don't have a tradework, it gets more difficult to take action. We had a case with the manager that just never thought about it. They didn't need it. I only work in the small area. Somehow they sight got cloned. Wasn't one to one. Their address was on there. Their information. Instead of the programme.
If you do that, the money is gone. The host that was on the web site. I took it down and it was over. They often know what they are doing. It will take a while for things to disappear online. What happens every day. It can happen to anyone. Often the scams are so sophisticate. We might be duped.
>> ALEXIS DOUGLAS: Yeah. I was thinking about the discussions that we had. I welcome the audience participation in inclusion and digital literacy. More people getting online and having access to the Internet and not understanding what's real and what's fake.
There's also the products and services and customer service attackers might impersonate of legitimate companies. I'm not going to name any. They have a fake chat service. You are new to the Internet. Think if you never saw this before. I know. I've heard of the big tech company. Maybe I'm online. This must be their tech support. They are tricked in to services that aren't needed.
Now, of course, it is covered by the new definition. ICANN, you know, there's things that are not as bad as phishing and malware. It is still bad and harming consumers. Taking it from the counterfeit to the services piece. It is not as tangible. It is not as here's the evidence of this financial harm. But also the brand owner who the customers now think, you know, this is what's going on here. You know. They have taken my information. Tara?
>> TARA HARRIS: Yeah. I think one of the big ones, big problems that we have at the moment, Daniel will talk about it.
Investment scams and job scams. Job scams I think really, you know, that's people talking about fundamental Human Rights. The right to work. People are desperate. The scammers offer the remote jobs with the company. They are targeting vulnerable people that are looking for money. They make them apply for the jobs. They get all of their personal information.
You know, I spoke to an expert about this. Some of his big clients have the person that's been tricked and has gone on a plane. It becomes the human trafficking issue. This is not happened to us. You can see how easily this could happen. Someone who is desperate. I have the offer. I'm getting some money. They start paying him in the beginning.
The other one is investment scams. We had, you know, whilst we are a public listed company, you have to go to your broker and buy the stocks. We don't sell them. People were going offline, first of all, and going into retirement homes. They were vulnerable people. Shows them how to invest. These are the kind of things that we see where vulnerable people are targeted.
>> ALEXIS DOUGLAS: Perfect. Developing the entities and others to get the information of who is behind this. How do we stop it? It needs to be more clear. It needs to be more accessible. Daniel, did you have more services? I don't want to ignore people online.
>> DANIEL ZOHNY: One final thing is we see impersonation issues. CEO of the big company and their identities are stolen and used again for scams, mostly investment stuff. It is not about criticism of the company. They are used the personas and they are used to drive certain behaviors from consumers that are harmful for them. I think that's quite a big topic in the companies. Impersonation has excelled.
But to be honest, mostly on social media rather than from my experience rather than the web sites. It is definitely a field that's being watched right now. Then you have the whole deepfake issue. Personas are created and interviews are being put out on the web site that are just made up.
>> ALEXIS DOUGLAS: Tied back to the idea of being able to put up the web site at domain names that look legitimate. With the deepfakes. I'm thinking of web sites that you can put up. That's available now. You can put up web sites that aren't and have photos on them and things like that that aren't even copyright infringement. You can't take it down through the host. The photo wasn't real. AI made it. It was an amalgamation of numerous photos. They have gotten more sophisticated and make it really necessary for more policing and more effective, I think, ability to take action online.
I don't know if Dr. Salem, if you have any more examples or thoughts on what was being said here this afternoon. Is he unmuted? If there are any other comments, it is not just a U.S. or European issue.
>> SAMEH SALEM: This is the issue for the scams in Asia. Actually, that's the customer with the issue. Lastly, we should consider again and again and again. We have to agree for the consumers. The victim for that please.
Actually, when we need also to look over. It is the local providence. Actually Egypt already has the installation. Actually, it is really protected. Also we have the same. Especially for the big medicine. There's some social media and Facebook empowerments. There are fake medicines.
Actually, we already have them. Just to come at the interview. They have consumers just to take care about that. Most of them.
>> ALEXIS DOUGLAS: Thank you.
The web site looks like a good web site. It is selling steroids or drugs that are very harmful. You wait for the fake purchase to see if it is a site. It turned out to be the only option in the example. It just takes a long time. Someone can be put in the process. I think that's what all of that goes to. I think the other comment.
>> AUDIENCE: Thank you.
Again, Keith Drazek with Verisign. As we refer to domain names, it is important to recognize the distinction between domains that were registered. Whatever it maybe. You know, in the instance there's a domain that's used for the purpose, the registrar and registry is in the most appropriate position to deal with that. You take the domain name down. Everything appropriated is being used or intentionally used for harm.
If you are talking about the compromised web site where perfectly legitimate web site has been hacked, malware is being distributed. A portion of the web site is used for phishing or illegal activity. Then the most appropriate actor is the web host. They are able to in a targeted way deal with that bit of harm on the web site or, you know, in the hosting platform.
Whereas if you were to take the domain name down in the case, everything associated with the domain name would be negatively impacted. E‑mail was an example that was used; right? So I think as we in the registry and registrar and the DNS space think about it, the distinction between the maliciously registered name or a name that's been registered for exclusive malicious use versus the compromised web site is just an important distinction. That points you to the most appropriate actor when it comes to the mitigation. Thanks.
>> ALEXIS DOUGLAS: Thank you. That's excellent. We're running out on time. I think we have one more. Go ahead.
>> AUDIENCE: Is this okay? Thank you for the experience.
On those issues, we have included in our charter some measures to mitigate the case of misuse of domain names. When we are informed of an use of domain name and when we have enough evidence, we just suspend. I think that can be a very good way of dealing with this kind of problem. Thank you very much. In Cameroon. Thank you very much.
>> ALEXIS DOUGLAS: Thank you for that. Excellent.
Now that we're done on time, anybody else over here? Great.
>> AUDIENCE: Thank you. Can you hear me?
My name is Tia. Thank you for the giving the time. I would like to have a question.
For example, for abuse we have the example of our colleagues. I would like to ask and I can't they have many ways to look at the domain. There's quite a lot of web sites using in Vietnam. That is the web site even the governmental web site. Can you have for us in such situation the best matter to shut them down? Thank you.
>> ALEXIS DOUGLAS: You're welcome. I don't know if you want to weigh in on that. What is the best issue here? What is the best way? Sorry. Now you are just putting your heads down. What is the best way to start testing a web site that isn't a dot VM or dot country domain name. We were talking about the dot‑com and dot everything else sites.
I think it happens less on the domain name issues. You know, the processes that we discussed, you know, contacting the registrar and the hosts and using the UDRP and mechanism for transferring the domain. I don't know if you have more to add.
We're coming up on time. Thank you, everyone, for joining us and for the opportunity.