ISSN: 2301-1025

2nd year, 3rd edition twitter.com/lactld .com/LACTLD LACTLD REPORT The Latin American and Caribbean ccTLD publication

ANOTHER YEAR OF GROWTH AND CHANGES

The is constantly evolving. So are its challenges. The opportunities for development, participation and representation of stakeholders in the region encourage us to face 2014 with high expectations.

IETF, by two regional technical experts

Address: Rbla Rep. de México 6125, CP 11400, Security: personal data protection in Latin America Montevideo, Uruguay Tel.: + 598 2604 2222* (General Contact) Email: [email protected] www.lactld.org Enhanced cooperation and Internet governance EDITORIAL

STAFF Continued collaboration:

LACTLD Report LACTLD Report first anniversary 3rd edition 2nd year, 2013 Dear Readers, Board of Directors Eduardo Santoyo Another year ends – with plenty Luis Arancibia of debates, discussions and Víctor Abboud joint efforts to stimulate the Clara Collado ccTLD growth, both within and Frederico Neves outside the region of Latin America and the Caribbean. In Editorial Board Eduardo Santoyo this letter I would like to thank Luis Arancibia you all for your hard work and Clara Collado also invite you to continue Carolina Aguerre sharing the rewarding task of promoting Registry cooperation General Coordination and development during 2014. Marilina Esquivel The third issue of the LACTLD Report contains various articles and piece of news. A relevant announcement Editorial assistant is that the publication is now catalogued under the ISSN system, which will Sofía Zerbino enable to index and reference globally. In terms of the information, there is Art & Design information about ICANN’s new Engagement Center in Latin America and the Frida Caribbean, which opened in Montevideo, Uruguay and it aims to increase the representation of diverse stakeholders within the scope of this organization. Photography The subject of enhanced cooperation is addressed in an article that explains Martín Mañana the present situation and the challenges faced for its implementation. The Image banks creation of a working group (WGEC) and the enriching discussions around Images provided by the registries this topic are also treated in these pages. A very hot subject is the protection of personal data on the Internet, which Translation Virginia Algorta is presented in a general way and also according to the laws of different LACTLD countries of the region. As the commentator notes, the main problem of the regulation system is its enforcement and implementation. LACTLD Report is the ccTLD publication Furthermore, in two articles, experts from NIC.cl and LACNIC provide their of Latin American and Caribbean views on the significance of the Internet Engineering Task Force (IETF), its TLD Association (LACTLD). The published impact on the community and they explain the relevance of the participation material does not compromise in any way of representatives of the region. The Report also contains an article about LACTLD’s responsibility. The opinions the role of the DNS Security Extensions in the approach to security problems expressed belong solely to the authors and inconveniences that are faced in this task by one of the world experts in and do not necessarily represent the Association’s views. the field, Patrick Fälström from NETNOD. As is usual in this publication, we include an overview on the evolution of This is a work licensed under the registration of domain names. Latin America is slashing the nine million Creative Commons domain names and continues to grow at high rates in comparative terms with other regions. And we also used these pages to congratulate NiC.br for its 25th anniversary. Except when expressed otherwise, this I wish you a Happy New Year and meet you again in the fourth issue of our work is under an Attribution Licence. In Report in May 2014. every use of the work authorized by this licence it will be necessary to acknowledge the authorship (compulsory Eduardo Santoyo in all cases). President LACTLD

Summary 6. Enhacing stakeholders cooperation 17. Domain names, By Carolina Aguerre evolution and trends 3. Continued collaboration: LACTLD By LACTLD Report first anniversary 11. Personal data protection in Latin America By Eduardo Santoyo By Alberto Cerda Silva 20. The importance of DNSSEC By Patrik Fältström 4. In Latin America and the Caribbean, 14. Two regional views of IETF ICANN continues to grow By Hugo Salgado 22. .br celebrates 25 years By Alexandra Dans By Carlos Martínez Cagnazzo

3 • LACTLD Columns in Latin could not be oblivious to the fact that shall be distributed, intended as a guide businesses (RSVP). Latin America is the region where social for participants from our region to assist • Academy and ICANN in Latin America media is most widely used. We invite them in the choice of the sessions that and the Caribbean (open session). America and you to follow us at @ICANN_es and @ best suit their interests. • Challenges to security and stability in ICANN_pt. We also work with Scoop.it, the region (open session). a tool that allows us to share all press You may check the rooms and times of • Outstanding Achievement Award releases and news on ICANN, both in the following sessions in Latin America (open session). the Caribbean, Spanish and Portuguese. News can be and the Caribbean Participants’ Guide: found at: www.scoop.it/t/noticias-en- espanol-by-icann and at: www.scoop. • Legal LACTLD Workshop (closed it/t/noticias-em-portugues. session). • Opening Session (open session). We invite you to ICANN By Alexandra Dans Furthermore, in October this year, our • Presentation of the Strategic Plan for Communications Manager President and CEO, Fadi Chehadé, the region (open session). follow us on blog. for Latin America and the honored us with a visit to our • A place for economic actors in Latin Caribbean Engagement Center at Casa de Internet America and the Caribbean in ICANN icann.org where we continues and to the Uruguay ccTLD. Officers meetings (open session). visited the Central Computer Service • Let’s talk about IPv6 in Latin America regularly publish (SeCIU) at Universidad de la República, and the Caribbean (open session). the entity responsible for Uruguayan • Cocktail for local companies and notes related to our ccTLD (.uy), which formalized its businesses (RSVP). to grow relationship with ICANN in 2009. Fadi • Breakfast for local companies and work in our region. said that the experience was extremely positive and that he really enjoyed taking part in this event. Meetings held at Casa The opening of the Engagement Center in Montevideo and the de Internet with leading organizations in charge of Internet governance resulted visit of the president of the corporation, Fadi Chehadé, as well in a historical and extremely relevant as the holding of the 48th ICANN meeting in Buenos Aires are document to the future of cooperation Strategic Plan for the region on the internet called “Declaration of developments that demonstrate the strength of the organization. Montevideo”. This document was also central to many discussions of the Our organization found that the languages of the region. Internet Governance Forum held in Bali. there still is a low representation A significant effort is being You should read it here: http://www. of certain groups of interest made for greater visibility in In recent months, several developments icann.org/es/news/press/releases/ ICANN’s team for the region of Latin within ICANN. Many of the the region, for example through have mobilized us at ICANN. Among the release-07oct13-es main ones, there is the opening of our America and the Caribbean is composed actions of the strategic plan the promotion of new content Engagement Center for Latin America currently being implemented on different topics of interest in and the Caribbean in July 2013. The of Rodrigo de la Parra, Vice President Meeting in Buenos Aires seek to alleviate the situation Spanish (see for example, the inauguration took place in the context and encourage the participation last notes in Spanish on ICANN’s of our efforts to internationalize Another good news for this year and that for Latin America and the Caribbean, of groups that do not currently blog, the latest press releases our operations. The purpose of this really excites us is the holding of our Center is to increase participation Albert Daniels, relationship manager organization’s 48th meeting in the iconic participate in an active manner. disseminated in Spanish and and improve our relationship with city of Buenos Aires from November 17 Our Relationship Centre works the promotional material to be different stakeholders from the Internet for the Caribbean, and Alexandra Dans, to 21. We met in this city 15 years ago under that approach, for distributed in Buenos Aires). community, fulfilling the communication to discuss the white paper that would example by producing guidance Also, we shall very soon launch needs of our region. lead to the creation of ICANN. Communications Manager for Latin material and content in the ICANN’s website for Latin The Engagement Center is located in America and the Caribbean. We invite you to watch the video “Internet languages of our region. America and the Caribbean. Casa de Internet Latinoamérica y el Caribe pioneers in the region of Latin America Finally, within the strategic (Latin America and the Caribbean and the Caribbean” that we have Several projects are already plan, the purpose is to also Internet House), a unique initiative in the We recommend watching the video of available at: http://www.youtube.com/ prepared for this important occasion and underway. One of them is to seek to support the holding world. This privileged position allows Casa de Internet, available in Spanish with watch?v=uhF314uU6Hc which shall be released during the event. strengthen our presence in the of technical workshops, as the synergies with sister organizations in subtitles in English and Portuguese. The The link to the event website is: http:// the region as the Latin America and Spanish version with English subtitles is As of the opening of the Engagement buenosaires48.icann.org/es. regional press and, as already one that LACTLD organized on Caribbean Network Information Centre available at: http://www.youtube.com/ Center for the region, we also opened mentioned, in social media in September 3, 3013 in Panamá. (LACNIC), the Internet Society (ISOC) watch?v=0-_XYyj67Pk and the Spanish two Twitter accounts to share the latest During the meeting, a tri-fold brochure and LACTLD, among many others. version with Portuguese subtitles is news in Spanish and Portuguese. We in Spanish, Portuguese and English

4 • LACTLD 5 • LACTLD documents By Carolina Aguerre

Enhancing stakeholder cooperation

One of the legacies of the World Summit of the Information Society (WSIS) process is the principle of “enhanced cooperation”. This has been a hotly contested issue in the policy discussions surrounding Internet governance in recent times. The constitution of the “Working Group for Enhanced Cooperation” at the beginning of 2013 is a landmark in the attempts to move forward.

It is well known that the Internet With the new millennium, the problem With the new of World Summit on the Information has no owner, and that the forms of of the new technologies in governmental Society held in Tunis in 2005. There is exercising control are much more agendas became much more visible. The millennium, the no common understanding of what is The critical issues of diffuse and complex than those in other challenges to public policy and regulation meant with the term, but it is used by enhanced cooperation intercommunication networks. after the explosion of the Internet in all problem of the some countries to push for setting up social orders materialized the need to a new UN body to deal with Internet 1 The Internet’s architecture and its develop mechanisms to promote an new technologies issues.” 69. We further recognize the need organizations by the end of design principles: decentralized, agenda on a topic with diffuse topic, with for enhanced cooperation in the the first quarter of 2006, will distributed, end-to-end, among an impact in specific national contexts in in governmental Between 2006 and 2010 there were others, has imposed coordination domains such as public administration, several formal attempts to consolidate future, to enable governments, involve all stakeholders in their and cooperation as key governance health and education. It was in such a agendas became working principles for this issue. In on an equal footing, to carry out respective roles, will proceed as attributes of the relationships amongst context, where organizations such as 2006 Nitin Desai, then special advisor their roles and responsibilities, in quickly as possible consistent both stakeholders as well as in the ICANN had already formed in 1998 much more visible. to the United Nations, developed a international public policy issues with legal process, and will diverse layers of technologies that bring for the coordination of critical Internet consultation process which produced be responsive to innovation. about the Internet. resources that Kofi Annan, then Secretary no substantive results but which was pertaining to the Internet, but General of the United Nations, called for a starting point. In 2009, a document not in the day-to-day technical Relevant organizations should Particularly after the adoption of the the process called World Summit of the (ii) the principle of enhanced called “Enhanced cooperation on public and operational matters, that commence a process towards Internet at a global scale, cooperation Information Society (Geneva, 2003 and cooperation to promote mechanisms policy issues pertaining to the Internet” do not impact on international enhanced cooperation involving has become a challenge. The Internet Tunis, 2005). of participation and involvement was published by the UN Social public policy issues. all stakeholders, proceeding pioneers belonging to the scientific of all actors, particularly those of and Economic Council. This report as quickly as possible and communities that promoted the The Tunis Agenda for the Information governments (see text-box with delineated some of the main themes and first institutional mechanisms for Society established two fundamental articles). assessments on the topic and process 71. The process towards responsive to innovation. The transnational Internet governance (such concepts for Internet governance: of enhanced cooperation on the basis of enhanced cooperation, to be same relevant organizations as the IETF and the IAB), now coexist with According to Markus Kummer, vice- feedback provided by ten organizations. started by the UN Secretary- shall be requested to provide governments, civil society, companies, (i) the principle that Internet president for Global Policy of the Internet In 2010, another UN initiative with the General, involving all relevant annual performance reports. academic and technical staff which Governance is a multi-stakeholder Society (ISOC) enhanced cooperation support of the US government promoted all have different perspectives and effort, with specific roles for the is “one of the code words in Internet capacities to determine Internet policies different players that participate in governance discussions and means [1] Source: http://www.internetsociety.org/ Source: http://www.itu.int/wsis/docs2/tunis/off/6rev1.html at a global scale. its development, use and application different things to different people. The blog/2012/07/internet-governance-what-enhanced- in equal conditions; term goes back to the second phase cooperation

6 • LACTLD 7 • LACTLD documents

a process of public consultations Since 2015 is fast approaching and The critical issues of enhanced and the ITU Council Resolution 1035, private sector. Nevertheless, other whereby 98 interventions were received cooperation are barely sufficient since they are responses point to the need to develop from governments, international that year is a landmark since it is a not comprehensive enough and they new mechanisms in order to face new organizations, civil society and the With respect to the degree of are outdated. Even though several emerging issues. The most radical private sector. decade after the Tunis Agenda and implementation of the principles for organizations developed compendiums proposal of enhanced cooperation enhanced cooperation in the Tunis of Internet public policy issues, many mechanisms, in line with those already Since 2015 is fast approaching and that evaluations about Internet Governance Agenda there are three basic positions. consider that this is a moving objective put forward in 2005 during WSIS, year is a landmark since it is a decade In the extremes there are those since it is under permanent evolution. develop the need for an international after the Tunis Agenda and evaluations will be performed, enhanced cooperation which consider that it has not been organization, under the institutional about Internet Governance will be implemented, since no structures have The report also points that the umbrella of the UN, for the supervision performed, enhanced cooperation becomes of the most controversial issues been put in place for governments to majority of responses value the of public policies pertaining the becomes of the most controversial develop public policies on the subject decentralized open eco-system of Internet, as well as an international issues due to the ambiguity of its due to the ambiguity of its definition, (such as the government of Saudi definition, scope and operationalization. Arabia). Others maintain that enhanced This has motivated the creation of a scope and operationalization. cooperation has been implemented working group, a process which began in following the processes that promote a Regarding the role of developing late 2012 to approach this issue under multi-stakeholder dialogue, notably the the institutional umbrella of the United Internet Governance Forum (IGF). This countries, the generalized assessment Nations’ Commission for Science and registry (Australia) is a member of the (ii) public policy issues and possible position is supported by the government Technology for Development (CSTD). technical community as a ccTLD. mechanisms; of Japan and Finland, and by ARIN and of most respondents is that there is an The WGEC has convened twice in LACNIC. Middle-ground positions such This group, more well-known as 2013 with the objective of defining (iii) the role of the different as those expressed by the Foreign Affairs imperative need to incorporate more the Working Group for Enhanced the enhanced cooperation agenda and stakeholders; Ministry of , or the Association for Cooperation (WGEC), is formed by scope of action. Following this line, a Progressive Communications (APC), stakeholders from these countries, 42 members, 22 Member States and survey on enhanced cooperation was (iv) the role of developing countries and acknowledge that progress has been then five representatives for each of launched and it obtained 69 responses. accomplished since 2005, but that inasmuch as they represent the major the following: civil society, technical These were analyzed and disseminated (v) the barriers for participation enhanced cooperation has not yet been community and academia, international during the second meeting of the in enhanced cooperation. The implemented. volume of users of the Internet in the organizations and the private sector. group, which was held during the first following section develops the main From Latin America and the Caribbean days of November in Geneva and they points contained in each of these. Regarding the mechanisms and public world, and the forthcoming billion. there are participants from the member summarize five main issues2: policy issues in enhanced cooperation, States of Brazil, Dominican Republic, there is an agreement that the most Mexico and Peru. The region is also (i) level of implementation of the relevant themes identified in the main represented by a Andrés Piazza from principles contained in the Tunis documents such as the Tunis Agenda, Internet governance, comprised by 150 board to supervise ICANN. (Initiative [2] To access the full document and the analysis LACNIC and Carlos Afonso from Instituto Agenda; of responses: http://unctad.org/meetings/en/ the report produced by the Working governmental and non-governmental proposed by IT for Change, an Indian Nupef of Brazil. Chris Disspain from .au SessionalDocuments/WGEC_Summary_of_Responses.pdf Group on Internet Governance (WGIG) organizations of the technical and NGO). The government of Brazil, in

8 • LACTLD 9 • LACTLD documents DOCUMENTS

Personal data

By Alberto Cerda Silva protection in Assistant Professor of Computer Law, School of Latin America Law, University of Chile

line with the actions it has deployed in of the different responses distinguishes to the lack of public visibility of these the last months since the surveillance two positions: some acknowledge a issues in the national agenda, but also to We are experiencing many developments in the habeas data strategies deployed using cryptography hierarchy between stakeholders, where the need to explicitly open the dialogue on the Internet, points to the need to governments should have a leading in the existing forums to these actors, laws in the region. However, there is still room for improvement. develop a new platform, to deal with position; others on the contrary as the Bulgarian government expressed. the new problems that today are out emphasize the equality of conditions of scope of the current institutional for all. This is a key aspect for the future The last issue, barriers to participation mechanisms of already existing application of enhanced cooperation. in enhanced cooperation, identifies organizations. the following obstacles, among Since the late 1960s, the increasing sulting from the interaction with new To the above mentioned constitutional Under this theme there is a discussion others: economic, political, technical, use of technology in the processing of technologies. protection, several countries added One of the most analyzed mechanisms about the mechanisms for the cultural. The Russian government personal information has raised interna- laws regulating in detail the rights and was the IGF. The government of promotion and development of content has expressed that there is a tional concerns about the compatibility At the same time, trade liberalization obligations associated with the process- Brazil made an important distinction in national languages, as well as a participation barrier for governments of such use with the preservation of hu- facilitated access to these technolo- ing of personal data. Such is the case between the Internet Governance need to promote national processes, since the spaces and mechanisms for man rights and conditions specific to a gies and improved the communications of: Chile (1999), Argentina (2000), Uru- Forum (IGF) and enhanced cooperation particularly the experiences of national governmental participation are not democratic society. infrastructure in the region. At that guay (2008), Mexico (2010), Costa Rica as distinct processes. Whereas Internet Governance Forums. This clearly defined. IT for Change (NGO time, Latin American countries adopted and Peru (2011), Colombia and Nicara- enhanced cooperation is a “policy– last mechanism is one of the most from India), underlines that every time These led, in the late 1970s, to the new constitutions which recognize the gua (2012), and soon Brazil. making space”, the IGF is a “policy highlighted as an element to promote new institutional spaces are created, adoption of laws in the United States protection of the rights of individuals dialogue space”. The IGF may serve the participation of developing countries these are overtaken by the same and Europe which regulate the pro- against undue use of information. Although with some nuances, there cur- as a ground for future discussions on in the Internet governance processes, stakeholders, most of the coming cessing of such information. However, rently is in Latin America a constitu- enhanced cooperation, but according which is the fourth issue highlighted in from organizations from the developed this issue has not been solved in Latin However, the terse and sometimes am- tional and legal protection against the to this stakeholder, this should not be the agenda for enhanced cooperation North. The International Chamber of America, in part due the still small role biguous constitutional provisions do processing of personal information by considered as the only forum. from this survey report. Commerce expressed that the scarce that technology plays in the region but not guarantee adequate protection to both public and private entities. knowledge on the theme is a central also to the existence of dictatorial and people nor provide security to those With respect to the role of the different Regarding the role of developing barrier for an effective participation. authoritarian governments with poor hu- who process personal data. This regime stakeholders, even though paragraph countries, the generalized assessment man rights commitment. This situation would change at the beginning of the Data protection 35 of the Tunis Agenda defines the of most respondents is that there is an There is a long list of issues for would change over time. new century. interests of the main players involved imperative need to incorporate more improvement and problems raised by laws generally in the process, the survey responses stakeholders from these countries, this report. The WGEC will meet again Between the 1980’s and 1990’s, Latin tend to agree that these definitions, and inasmuch as they represent the major in February 2014 to elaborate the main America made some progress as far Changes in the new century. guarantee that the roles assigned, are not sufficient volume of users of the Internet in the document where the main basis and as its political re-democratization and to cover the interrelatedness of the world, and the forthcoming billion. lines of action will be included in the increasing political openness are con- During the first decade of this century, people control different issues and current Internet Despite this, the identified barriers do future agenda for enhanced cooperation cerned. The democratization process Latin America tried to catch up with de- governance mechanisms. The analysis not only respond to a training gap, or in Internet governance. revitalized the commitment to human veloped countries in terms of providing their personal rights, although initially focused on protection to people regarding their per- more pressing matters than those re- sonal information. information.

10 • LACTLD 11 • LACTLD DOCUMENTS

Data protection laws generally guaran- A law on the Law enforcement one country to another, complicating tee that people control their personal the work of online service operators Although laws are generally applicable, information. Not only private but also protection of But a law on protection of personal data that provide transnational services and public information. They have been is not enough. One of the fundamental causing the level of minimum protec- there still are doubts as to their rightly called habeas data laws, as the personal data is problems in the region is to ensure its tion offered to people across the region focus is not on the fact that information effective enforcement. to be somewhat uncertain. application to telecommunication service is private but rather that it concerns not enough. One identified or identifiable individuals. The law is sometimes violated out of This requires Latin America to make operators, online service providers and of the fundamental sheer ignorance. But, in other cases, it some progress in terms of regulatory Thus, the law protects not only informa- is more profitable to violate it than to convergence so that there is a minimum Internet service providers, among others. tion on health status or political, reli- problems in comply with it. In cases of violation, the common denominator regarding the gious or sexual choices of individuals law must provide adequate compensa- protection that people can get through- but also business information, credit re- the region is to tion to the victims of data misuse, set out the region. ports, public records and even Internet the penalties applicable on those pro- store user data for a certain period of of personal data is concerned across connection numbers used by them. ensure its effective cessing data improperly, and appoint an A third significant challenge to the regu- time in order to use them for purpose of the region. This protection combines authority to oversee the effective com- lation of the processing of personal criminal prosecution. constitutional provisions and general The adoption of specific laws on data enforcement. pliance with the law. data in Latin America relates to the laws on the subject. In the coming years, protection of individuals represents a technological environment. The indiscriminate and surreptitious we should see how the lagging countries huge achievement. From this stand- Although the contribution of courts is use of personal data by some operators join this trend and, at the same time, point, the law not only strengthens the valuable, it is insufficient. Hence, most Although laws are generally applicable, for commercial or marketing purposes, how countries deal with the mentioned control over personal information, but it From an international perception, an of the countries have established inde- there still are doubts as to their appli- which has not been consented to by the above issues, effectively ensuring com- also enhances the exercise of individu- appropriate personal data law also re- pendent authorities to promote, edu- cation to telecommunication service op- concerned individuals, is another press- pliance, harmonizing rules and specify- als’ fundamental rights. moves certain obstacles to the flow of cate, monitor and punish cases of viola- erators, online service providers and In- ing issue. ing the application of the law in certain information, which prevent countries tion of the law. ternet service providers, among others. contexts. In sum, although progress has From the perspective of those process- in the region from offering services in been made, it is necessary to strength- ing personal information, whether pub- those countries that require adequate A second critical aspect of the rules of This issue has become especially sen- Vision of the future en the protection of personal data in the lic or private entities, the law provides protection. the different Latin American countries sitive in view of the adoption by some region so that its use does not violate security regarding the use they can is the lack of legislative harmonization. countries of data retention laws that Latin America has undoubtedly made the rights of individuals or affect the make of such data. That is: laws still vary considerably from require Internet providers to collect and some progress as far as the protection democratic system.

12 • LACTLD 13 • LACTLD DOCUMENTS

Two regional views of IETF

Hugo Salgado, Engineer of NIC Chile (.CL), and Carlos Martínez Cagnazzo, LACNIC Engineer of Investigation and Development, write their thoughts about the Internet Engineering Task Force (IETF)

Key IETF documents nationalized domain names in the DNS based on consensus, sounds too Need for more Latin American (5890-5895). Having the privilege of see- good to really work! The slogan “We participation The importance of IETF in my work in a ing people like Vint Cerf, Steve Crocker reject kings, presidents and voting. ccTLD is the series that defines the cu- and John Klensin work is something that We believe in rough consensus and Possibly for historical and cultural rrent version of DNSSEC (which actually reaffirmed my interest in the Internet as running code” is like the cyberpunk reasons, there is a very passive attitude was a second attempt to bring crypto- far as both its technological and mainly anthem and represents a certain towards the creation of knowledge in graphy to the old DNS). It refers to RFCs social capacities are concerned. challenge to the way in which these Latin America, particularly in science 4033, 4034 and 4035. These are very institutions are usually organized. and engineering. There are barriers for well written and organized documents, IETF’s work is sometimes seen as aca- participation both in the IETF and in the first provides an introduction, ra- demic or purely scientific. But this is From time to time, the IETF Internet other standardization entities. There is a tionale and requirements, the second not true. The academy has its own com- Architecture Board publishes RFCs minimum level of knowledge on certain one defines new records, and the last puting progress mechanisms based on that address general issues, archi- topics and language. Another obstacle, one describes the behavioral changes the whole tradition of the scientific tectural decisions and protocol de- more difficult to assess, is culture; in the protocol. In addition to the fact method and on its publication and dis- sign practices that try to capture that is, how to use the knowledge and that they are important in themselves, a cussion methods. IETF is responsible all lessons learned over the years. language in a given scenario. tremendous effort was put into updating for the “engineering”, where scientific I especially recommend “What and managing the DNS in general (e.g. correction is no longer the only varia- Makes for a Successful Protocol?” These barriers are real and, in this the task of regulating the behavior of ble, as other aspects such as simplici- (5218), “Uncoordinated Protocol context, a list called IETFLAC was “empty-non-terminal”), which is noted ty, ease of use, community acceptance, Development Considered Harmful” created with the support of ISOC, as we revise the almost twenty old RFCs operational experience and even econo- (5704), “Evolution of the IP Model” LACNIC and other organizations, which that are updated or left out of date. So- mic incentive forces are as important. (6250) and “Design Considerations goal is to provide some IETF experiences metimes there is more into it and you These are all variables that influence for Protocol Extensions” (6709). and encourage participation. Some learn more with what is left out of an the success of a standard. of us have offered to be the point of RFC than with what stays. Now that people are again talking contact to all of those who want to about issues of transparency and submit their comments or topics of Bet on the social aspect neutrality on the net and are see- interest to the IETF. IETF is not purely academic king mechanisms to prevent abu- By Hugo Salgado I’ve always had an interest in the more ses of online political power, it is By Carlos Martínez Cagnazzo The regional approach is necessary as Engineer of NIC Chile After this first experience, I began to more social aspects of the Internet. And, in valuable to reread documents out- LACNIC Engineer of it helps to identify issues that affect lots closely follow the work on drafts being de- that sense, IETF continues to surprise lining this philosophy, such as “Re- of people but that are not being noticed (.CL) veloped and I had the chance to partici- me as an organization. A standardiza- flections on Internet Transparency” Investigation and Development. by certain organizations or groups. We pate in the last meeting of the working tion entity that does not have members, (4924) and “Privacy considerations need to participate more. group that resulted in IDNA 2008, the where participation is open and no vo- for Internet protocols” (6973). documents that define the use of inter- tes are cast, since decisions are taken

14 • LACTLD 15 • LACTLD DOCUMENTS LACTLD report

Domain names, evolutions and trends

Latin America is close to nine million domain names and continues to grow at high rates in comparative terms with other regions.

Globally, the total number of domain The list is also comprised of four ccTLDs It is important to note that the total name registries is of approximately from Asia and Pacific, 11 from Europe number of active domain names in 265 million. The growth between and two from North America. Among August 2013 has been significantly April and August, 2013 represented ccTLDs that recorded the highest affected by a reduction in the .ar a 2.4% increase (equivalent to a total growth rates in the four months from region. Such was due to a purge of 6.2 million domain names). 45% April to August, 2013, .br is fourth in performed by the registry as a result refers to ccTLDs and 55% of the total terms of fastest growing (2.8 %), after of the implementation of a new policy market to gTLDs (Centr - DomainWire .tk (13.9 %), . ru (4.8%) and .cn (3.5 %) and registry system. This led to the Edition 2 2013 ). In general terms, the (Centr, Domain Wire, 2 2013). deletion of over 600,000 domains, in DANE and RPKI and their imminent pillars of the network: in one case, In this regard, IETF determined that the proportion of domains that ccTLDs, at a zone that in June 2013 accounted for impact in terms of name resolution and, in protocols it produces must be royalty an overall global level, and gTLDs have 2,977,581, which means a decrease the other, in terms of routing. While free. They may be covered by a license is maintained. In Latin America and the Caribbean of 22% in attempt to organize the Standards relating to DNS and IPv6 technologically different, they have a but such must be for free. records and to deter cyber-squatters. are the ones that have and will have common goal. Until August 2013, the total number of The impact of such action on the total the most impact on the Internet in the IETF standardized an audio codec and registered domain names of ccTLDs LACTLD registries was considerable short term. is trying to standardize a video one. members of LACTLD was of 8,816,195, since .ar (together with .br, .ar, .co, .mx IETF work and the Internet of I would dare to say that, since it is a which represents a 6.33% decrease over and .cl) is among the five records that In five years, what DANE (DNS -Based Things common interest and legal security the previous two months, when they lead the ranking in absolute numbers Authentication of Named Entities) issue, most of the online content will be reached 9.410.384 (May-June 2013). of domain names, representing over and RPKI (Resource Public Key As widely known, online video and transferred to these codec. 93% of the region’s total. This also Infrastructure) work groups are doing audio are some of the most important will be relevant. DANE is this next twist applications. In each video and All this will have a social impact on the of DNSSEC. We will have something audio application, there is a software so called “Internet of Things”, which extremely valuable being deployed component called codec, which is based on an idea that is rather old on the Internet which is a directory is a little piece of software that is but that, up until this day, could not service or a cryptographically signed responsible for converting an analog be implemented because there were database distributed worldwide. It is a signal into an online transmissible no hardware or protocols to do so. The most powerful tool with very interesting digital media. Codec historically have purpose is to integrate the computing applications. DANE is also proposing presented a big problem as they are power in the objects that surround us. incredibly attractive applications: closely related to patents. The most This requires a very large technology Source: Centr - DomainWire Edition 2 2013 basically how to express trust famous example is Mp3: for years if complex involving communication relationships in a more distributed and someone created a device or wrote a protocols, wireless protocols, network less centralized manner as we do today program that played Mp3 songs, he/ protocols, sensors, ways to transport The twenty more extensive ccTLDs, in in the world of certificates. she would have to pay a license. There that data and low power electronics. terms of registered domain names, have been other cases of things that Every one of the necessary technology account for 81% of global ccTLD DANE DNSSEC and technology related could not be done because there was components is already emerging but registrations, and include the three to RPKI and origin validation are two no one to cover licensing costs. And it takes someone willing to invest to largest registries in Latin America and sides of the same coin. Both try to this affects innovation. research and integrate everything. Caribbean: .br (Brazil), .ar (Argentina) Source: LACTLD domain name report offer cryptographic security to different and .co (Colombia). http://www.lactld.org/wp-content/files_mf/informededominioslactldjulaug2013_sp.pdf

16 • LACTLD 17 • LACTLD LACTLD report

Annual growth In Latin America and the Caribbean, ccTLD growth has been a constant feature for the period 2007-2013. In this region, the proportion of the penetration of domain names from country code Top Level Domains has been traditionally high and sustained when compared with generic Top Level Domains.

explains why this reduction had such a Globally, the total number of domain great effect on growth. name registries is of approximately Notwithstanding this change, net growth for the July-August period was of 265 million. 0.95%, which represents, nonetheless, a Source: Matthew Zook. reduction if compared with the previous two-month values.

As far as net growth is concerned, the global domain name market has steadily declined in recent years. However, the expansion of LACTLD region registries is still higher, on average, than that of the European ccTLDs and gTLDs (see Graphic 2). It should be noted that the denominator is different in these statistics (i.e., total gTLD registries exceed 110 million).

After a brief growth spurt in early 2013, Source: LACTLD domain name report when the number of registries exceeded http://www.lactld.org/wp-content/files_mf/informededominioslactldjulaug2013_sp.pdf nine million members, combined Source: Matthew Zook. bimonthly rates decreased in the last six months until August when they leveled. Despite this decline, in the last 12 With respect to the behavior of the 2.8% and .gt with 2.6 %. As usual, the months, LACTLD members have grown ccTLDs that grew the most in relative diversity of ccTLDs in Latin America 2.5 % in total (10.5% if changes in .ar terms in the region, .ai experienced and the Caribbean shows a varied and are excluded), compared with 5.9% for the largest increase for the period from heterogeneous behavior in aspects European ccTLDs and 3,7% for global July to August 2013: 6.1%. It is worth relating to the growth of their domain gTLDs over the same period. mentioning that this rate places it names. Again, the relevance of registry among the top five members of LACTLD policies becomes evident, such as in the The annual growth for the period from for the last three year periods observed case of .ar, as far as trends and growth August 2012 to August 2013 was 2.5 (mention which periods); followed by rates are concerned. % in absolute numbers. Over the past .do with 4.3%, .ec with 3.1%, .bo with twelve months, average growth has been 14.2%. Again, it is worth noting that the significant alteration in August was mainly due to the changes in .ar. If such changes are not taken into account, the During the last year the average growth Source: Matthew Zook. growth rate for that period would be over 10% in total numbers. of ccTLDs in the region was 14%.

18 • LACTLD 19 • LACTLD DOCUMENTS

The

importance the point in time that all registrars do with the registrars, but a new initiative hotspots for example) do filter DNS handle DNSSEC. in the IETF is looking at the whole EPP and makes it impossible to receive architecture. Mainly between registry the DNSSEC key material (such as the The fourth piece is as described above and registrars, but if that is simplified signatures) and because of that running of DNSSEC that the manager of the zone that is there is hope also the dns operator – validation locally is very difficult. By Patrik Fältström to be signed signs it and passes the registrar communication end up being It sometimes work, but also fails Manager Research and public key to the registrar. That can be simplified as well. sometimes. Development at Netnod done after the key(s) are generated, the Domain Name System Security Extensions have private key is stored somewhere secure But having a signed zone in the The alternative is to send DNS queries and the zone is signed. The signatures authoritative DNS servers, and a chain as normal to the resolver that the access a key role in solving security problems. are pushed to the zone file itself and a of signed DNS key material to the root provider points at in the DHCP response new zone file is published. Of course of the DNS is not enough. That only one get when requesting access to the this is an automated process, but not creates the chain needed to do the local network. This implies one have to many provisioning tools can handle this validation. We have to actually do the both trust the DHCP response, the one correctly. Many DNS operators of today validation as well. doing the resolution of DNS queries do still use low level tools like the dnssec and on top of that one have to hope the Today many TLDs and organizations trusting whoever gives us data to to sign the keys for their child zones. zone signing tools that are distributed resolver is validating DNSSEC signed have deployed DNSSEC, but even more something called a chain of trust. One That is in a registry/registrar system with the Bind package. Others use The various relationships involved responses. still ask the question whether it is worth anchor the trust somewhere in the done by having the DNS operator for a bit more sophisticated tools (like in DNSSEC the effort, whether DNSSEC actually DNS hierarchy and by doing so one can the zone pass the public key via the OpenDNSSEC), but what we finally do Not all access providers do. In Sweden helps with something. derive the trust in all signed domain registrar to the registry so that a DS can see is complete dnssec management in It is the resolver operators that do the 97% of the DNS queries to local names below the so called trust anchor. be published and signed in the zone of provisioning software from a number of validation. This implies the validation resolvers do result in validation, but that It is the party validating the signatures the TLD. Today this is easy in the cases different vendors. can be made in the local computer by is because all larger access providers do It does. on the responses that do decide where the registrar is also the DNS operator, having a DNS resolver running locally. validate queries. Hotels and other WiFi the trust anchor is and finally whether but harder in the case the DNS operator There are still, as mentioned above, Unfortunately many access points (where validation might be It does not help against every security the potentially validated response is to is not a registrar. The reason why it some issues with the communication Providers (at hotels and internet needed the most) are still not doing it. problem we have in the world and it does be trusted or not. is harder is that we do have the EPP In other parts of the world the numbers not solve all problems we have with DNS protocol between registry and registrar, are not even close to be so good. either. But it is one of many important but we do not have a standardized way pieces of the puzzle, and we need all of Operating DNSSEC to communicate with the registrars. But lets say the responses are validated, them to have the puzzle completed. Registrars have web frontends, and and that whoever is doing the validation But lets start from the beginning. What some have APIs, but neither of the two is succeeding calculating a chain of trust do we need to make DNSSEC working? are standardized. And we are far from to one of the selected trust anchors, So what does DNSSEC help with? In fact, quite a large number of things. then we know much more about the First of all, the root zone must be response. And more specifically, we It helps solving one, but only one, signed. It is since a number of years know that many of the attack vectors important piece, and that is to know back and the public key for the root zone There are still some that exist against the namespace we use that the data received comes from an is published in a multitude of ways. are cut off. Many others still exist, but authoritative source and that the data With the help of that key, the root zone issues with the they have to be fought with other means. has not been changed during transport. management (IANA, Department of These two things do of course depend Commerce of the USA and Verisign) can communication This is the reason why so many things on many involved parties doing the right sign all public keys that TLDs pass to must work before one can say that thing (and we will look closer at that a IANA. The signatures for those keys (the with the registrars, DNSSEC is deployed. But this is also bit later) but it also allows even higher so called DS record) is then published why incremental steps to a full DNSSEC number of parties to potentially do the in the root zone. So the second thing we but a new initiative deployment are so important. For wrong thing. And we can accept data need is for the TLD to be signed. Many example that TLDs do sign their zones. being passed around by parties we do of them are, but there are still a few that in the IETF is Or that resolver operators do validate not trust. are not. responses. Each and every step towards looking at the whole this solution makes the world better. Because DNSSEC changes the trust Just like the root zone manager sign model we have. From “only” being the key of the TLD, a TLD registry is EPP architecture.

20 • LACTLD 21 • LACTLD aniversary

.br celebrates 25 years

The latest statistics show that there are 3,267,353 .br domains registered.

The Information and Coordination • register and maintain domain names • be the home of the Brazilian W3C Center for Dot Br - Nic.br has been using .br and distribute Autonomous Office, which develops standards for providing services to individuals and System Numbers (ASN) and IPv4 the web. companies in Brazil for almost 25 years. and IPv6 in the country through They’re about to celebrate their 25th Registro.br; Initially used in the Brazilian academic anniversary since, on April 18, 1989 the network, .br rapidly expanded and, in .br was assigned, even before the advent • address and respond to security September 2006, the first million of of the . incidents that affect computer domains was registered. In February networks connected to the Internet 2010, there were two million domains, Nic.br currently is a nonprofit in Brazil, activities which are in and, in August 2012, three. The latest organization that, since May 1995, has charge of CERT.br; statistics, which include registries been relying on criteria established by made until August 20, 2013, indicate the Internet Management Committee in • intervene in projects that support or that there are 3,267,353 registered Brazil, the agency responsible for the improve infrastructure networks in the domains. 94.5% of them correspond to coordination and integration of Internet country, as the direct interconnection generic domains, mainly .com.br. initiatives and services in the country. between networks (PPT.br) and the distribution of the Brazilian Network With the first TCP/IP connections in Its main purpose is to promote the Time Protocol (NTP.br), initiatives that 1991, the structure was defined under Internet and its main duties are to: depend on CEPTRO.br; .br. There is a closed second level with different subdomains that assist • produce and disseminate indicators, different segments of society. statistics and information on the Nic.br is a nonprofit strategic development of the Internet .br is a “thick” registry that holds direct in Brazil, under the responsibility of relationship with registrants while it organization that, CETIC.br; accepts that several providers assist with registries. Domain name can since May 1995, • promote studies and recommend be registered from one to ten years. technical and operational procedures, Besides, it provides an optional DNS has been relying rules and standards for network and service, at no charge, that includes Internet service security, as well as for DNSSEC. on criteria its increasing and appropriate use by society; As for currently active working groups, established by the as to know, Engineering and Network • provide technical and operational Operations and Network Security, Internet Steering support to LACNIC, the Internet their purpose is to support technical, Address Registry for Latin America administrative and operational Committee in and the Caribbean; and recommendations and decisions by CGI.br. Brazil.

22 • LACTLD 23 • LACTLD ISSN: 2301-1025

2nd year, 3rd edition twitter.com/lactld facebook.com/LACTLD LACTLD REPORT The Latin American and Caribbean ccTLD publication

ANOTHER YEAR OF GROWTH AND CHANGES

The Internet is constantly evolving. So are its challenges. The opportunities for development, participation and representation of stakeholders in the region encourage us to face 2014 with high expectations.

IETF, by two regional technical experts

Address: Rbla Rep. de México 6125, CP 11400, Security: personal data protection in Latin America Montevideo, Uruguay Tel.: + 598 2604 2222* (General Contact) Email: [email protected] www.lactld.org Enhanced cooperation and Internet governance