[discuss] ICANN policy and "Internet Governance"

Sat Jan 4 21:18:13 UTC 2014

John,

I agree with most of this ... see my comment near the end.

On 05/01/2014 02:45, John Curran wrote:
> On Jan 3, 2014, at 8:38 AM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
> 
>> Some of the other topics -- international crime and so on -- are only
>> "Internet" issues in that they happen to be using the Internet as an
>> enabling technology.  Apart from a discussion forum to inform national
>> lawmaking, what is needed here? 
> 
> Andrew - 
>  
>   These are Internet-related issues because they incorporate Internet 
>   aspects that are not readily separated from routine law enforcement
>   components...
>  
>   If I respond to an email indicating that I need to reset my bank
>   password, dutifully enter my username and password as instructed,
>   and then find out that my savings has disappeared, it poses some
>   very different challenges for law enforcement than if someone puts 
>   a device on the ATM (which copies my card info and pin) and then 
>   takes all of my savings.
> 
>   Yes, it is true that both approaches share a chance of successful 
>   investigation and prosecution based on "following the money", i.e.
>   the funds transfer which empties the account.  This is one small
>   advantage of crimes have financial components (and it is indeed
>   a rather small advantage, given the efforts necessary for its use 
>   during routine law enforcement matters.)  
> 
>   The reality is that the latter theft (based on efforts in the real
>   world) offers an abundance of physical evidence; everything from 
>   construction of the skimming device itself, to the ATM video footage
>   of its installation and/or its removal...
> 
>   In the case of the cyberspace-based theft, done via a phishing 
>   email, there is literally nothing to go on... i.e. there may be one
>   IP address that could be related to origin of the email (but is far 
>   more likely just a botnet-infected home PC doing email origination)
>   There will be a domain-name or IP address associated with the web
>   site that was used to collect the account info, but neither of these 
>   are necessarily are a reliable indicator of even the country of the 
>   perpetrator, let alone the organization/entity/individual involved.  
>   Even if the perpetrator were particularly sloppy, the relationship 
>   between any alleged perpetrator and the website is completely based 
>   on information in various Internet databases which contain the IP 
>   and DNS registrations, and hence the practices related to entry and
>   update of these databases are inherently both Internet and public 
>   policy matters.
> 
>   You readily dismiss these as '"only "Internet" issues in that they 
>   happen to be using the Internet as an enabling technology.'  That
>   may be true, but we're not going to be able to ever remove the use
>   of Internet registration data from the topic reliable attribution, 
>   and the topic itself is inherently a public policy matter (i.e.
>   governance) that involves significant consideration of tradeoffs 
>   involved between privacy, anonymity, protected/free speech, LEA
>   expectations, data misuse, etc.
> 
>   Now there are similar questions which end up being the realm of 
>   national policy-making - for example, the various identification 
>   requirements posed now purchase of prepaid disposal cell phones
>   in some countries, but the use of such  devices have physical and 
>   geographic constraints which make national lawmaking workable.
>   That is not possible to claim with Internet registrations, for the 
>   practices in each country has a direct impact on ability to perform 
>   attribution for alleged criminal activity affecting users in every 
>   other country, i.e. the global nature of Internet traffic makes it
>   far more difficult to meaningfully address this issue piecemeal on 
>   a nation by nation basis.
> 
>   Ergo, reliable attribution is an Internet issue with significant 
>   governance aspects, 

I'll come back to my "Road governance" analogy. Reliable attribution
of vehicle number plates (a.k.a. tags) is important for detecting criminal
activity involving the road system, whether it's dangerous driving or
escaping robbers. But we have no difficulty separating that issue from
the engineering of the road system, because it's plain for the eye
to see. We have more difficulty separating the attribution of Internet
addresses or names from the engineering of the network. I think this
is why these discussions are so complex.

>   and "Internet Governance" (while imprecise) 
>   is a reasonable description of the nature of the challenge.

And it's that imprecision which I've become allergic too, because
it seems to distort the debate.

   Brian (1/4 for today)