The internet should have a formal penalty system, say experts • The Register


The former head of ICANN, two European parliamentarians and a handful of technical, security and legal experts plan to publish an open letter to the Internet governance community on Thursday saying that now is the time to develop a system of targeted Internet sanctions.

The letter, delivered in draft form to The registerfollows a request from Ukrainian government officials for all Russian web domains, revocation of HTTPS certificates and other technical interventions.

Ukraine’s request for these online sanctions was rejected by the Internet administrative bodies ICANN and RIPE (Regional Internet Registry for Europe, Middle East and parts of Central Asia) on the grounds that the sanction was too broad and would have too many undesirable consequences.

But the signatories of the letter – Bill Groothuis, Member of the European Parliament, Netherlands; Bill Woodcock, executive director of Packet Clearing House; Ihab Osman, Non-Executive Director of ICANN, Felix Reda, Former Member of European Parliament, Germany; Mike Roberts, founding chairman and former CEO of ICANN; Jeff Moss, President of DEF CON; Niels ten Oever, post-doctoral researcher at the University of Amsterdam; Runa Sandvik, security researcher; and Kurt Opsahl, Deputy Executive Director and General Counsel of the Electronic Frontier Foundation – say something has to be done.

The signatories argue that the internet governance community has reached a level of maturity that entails a responsibility to reflect on how to respond to humanitarian crises. The letter, they say, represents the start of a global internet governance conversation about the appropriate scope and feasibility of internet sanctions.

“We believe that while the specific penalties suggested by Ukraine’s Ministry of Digital Transformation are overbroad and would harm civilians, there are well-established mechanisms by which existing forms of Internet abuse, such as spam, malware, phishing and cyber-attacks are controlled and that these mature mechanisms can easily be extended to report specific IP addresses and domain names of sanctioned entities,” the letter states.

“In the case of the Russian attack on Ukraine, the Russian military, its propaganda organs and all dual-use facilities should be in scope, while the civilian population should be out of scope. enforcement. Sanctions should meet criteria of proportionality, effectiveness, enforceability and reversibility, and non-scope.”

The group proposes the establishment of a multi-stakeholder mechanism similar to NSP-SEC or Outages, which, after deliberation and consensus, would publish sanctioned IP addresses and domain names in public feeds. Entities subscribing to these feeds could then choose to observe the sanctions, thereby limiting access to the identified resources.

“We call on our colleagues to engage in multi-stakeholder deliberation using the mechanism described above, and to decide whether the IP addresses and domain names of the Russian military and its propaganda outlets should be sanctioned, and to throw the basis for timely decisions of similar gravity and urgency in the future,” the letter concludes.


Comments are closed.