We are the flag of Portugal on the internet

Blog

Marta Moreira Dias

.PT Board of Directors

15-02-2021

New times, new Rules

Illegal content and DNS Abuse

The proliferation of illegal content on the Internet pinches, albeit often unconsciously, the confidence that we have in this giant and updated encyclopedia that is available to us immediately and, most of the time, at no cost (at least direct). It is known, and in this regard, that we have no illusions, that not everything that falls into our network is trustworthy or has a scientific seal. Far from it. However, it is also known that the maneuvers and devices of disinformation and, far beyond what is desirable, the rapid dissemination of hate speech, racism, xenophobia are virtual webs in which even the most attentive ones fall unwittingly. And why? Because we are exposed, we are easy prey.

The growing importance of this subject and the complexity it takes are not in keeping with the brevity that we want to print in this publication, so we suggest to all readers to consult this text in full here.

Let us return, then, to the hat theme that brought us here: New times, new rules. In preparing the new .pt Terms & Conditions (Registration Rules), we were not, and could not be, indifferent to the subject of illegal online content, which led us to foresee mechanisms for blocking or removing domains that host illegal content or configurable actions such as DNS Abuse.

The concept of DNS Abuse is defined for the first time in al. g) the Glossary of Rules, and is limited to cases where the domain name is used, whether intentionally or not, for malware, phishing, pharming, botnets and/or spam dissemination activities. Conversely, and now reporting your attention to the concept of illegal content, its broad and multifaceted nature, has led us to choose not to present any formal definition, under the risk of incurring in doubtful rigor. However, here, too, this is not a silent matter, and in paragraph 4 of article 25 it is clarified: "(...) the .PT is not, under any circumstances, liable for the use given to the domain name, designated but not exclusively, for the contents associated". The responsibility for the use that is given to the domain name, and inherently, to the contents associated with it, is exclusive to the registrant. This is how Article 23 (2) dictates.

As for DNS Abuse situations, if we identify that a domain name is used for activities that are subsumable here, those responsible for the domain will be notified to ensure the necessary measures for its correction. If the identified malicious activity persists, and whenever applicable, .PT will report the situation to the competent authority (Article 25 (3)). This mechanism now formally set out in the text of the Registration Rules, in addition to formalizing what are the concerns of the .PT in terms of security1, it crystallizes what was the work already developed by its Security Operation Service, PTSoc2. PTSoc already has mechanisms that allow the active identification of domains that are being used for activities that fall under the concept of DNS Abuse3. For example, it is up to PTSoc to communicate to those responsible for the domain and/or the competent authority, DNS Abuse situations that, directly or indirectly, it identifies within the scope of its monitoring activity.

But can .PT remove a domain to which illegal content is associated? The answer is yes. Under the provisions of al. a) of article 22, the domain name is removed immediately when .PT is informed of the loss of the right to use it by its owner, and provided that this results from a notification to that effect by an entity with legal competence for that purpose.

In short, we sought in these Rules to reflect not only what our institutional commitments4 are, but also those that already derive from the law today - we recall here, for example, the obligations arising from our status as Essential Services Operator, in the light of Law no. 46/2018, of 13 August, which establishes the Legal Framework for Cyberspace Security. In parallel, and because there are no doubts in this field, we based our intervention on principles of neutrality, transparency and strict collaboration with the entities that the law identifies as competent in this matter.

A final outline that seems to deserve reference here. In this context under analysis, .PT calls itself a remaining but fundamental responsibility: to keep its database of contacts associated with domain names up to date, complete and with accurate information. It is a difficult task and where it is well to see, the information that is dealt with by registrars, as intermediaries in the process, is a fundamental piece. Again we fall into the importance of collaboration, made up of dialogue and closeness. We close with a new promise, making sure that our link is never the weakest.

1 All .PT initiatives in the area of security are duly described at: https://www.pt.pt/en/security/

2 https://www.pt.pt/en/security/security-operations-center-soc/

3 In 2020, PTSoc detected 186 cases of DNS Abuse. Full report at: https://www.pt.pt/fotos/editor2/relatorios/relatorio2020_ptsoc_en.pdf

4 .PT and the National Cybersecurity Center signed, in 2019, a Collaboration Protocol, which has served as a basis for close collaboration, and particularly fruitful, on several fronts and initiatives.

Please note: the articles on this blog may not convey the opinion of .PT, but of its author.

Back to Posts