Leaders of tech Q&A: Graeme Bunton on driving down DNS abuse
In our latest instalment of the Leaders of Tech Q&A series, we speak to Director of the DNS Abuse Institute, Graeme Bunton. Graeme tells us about the energy he gets from working in the Internet sector and trying to understand its impact on our lives, and why a collective response to DNS abuse is vital to improving Internet security.
This year you were appointed as the inaugural director of the DNS Abuse Institute. Can you tell us about the Institute and why it was established?
A couple of years ago in my previous job, I collaborated with Brian Cimbolic from PIR, and other registries and registrars to draft a voluntary agreement for the DNS industry to address the prevalence and growth of online harms. At the time, we lamented the lack of tools, resources, and education to mitigate these harms.
Public Interest Registry (PIR), the organisation that runs the .ORG top level domain, is a not-for-profit with a mission to make the Internet better, so in 2021, PIR decided to do more to address these harms and I jumped at the opportunity to lead the effort. The DNS Abuse Institute was created to fill gaps in DNS abuse mitigation within the global domain name and broader Internet infrastructure ecosystem and ultimately make the Internet more secure for us all. It’s a really ambitious project, but we’re well overdue for someone to take the lead and I’m really pleased to be a part of it.
In a few sentences, can you explain what DNS abuse is?
DNS abuse is a set of online harms that rely on the use of domain names (like example.com.au). The generally accepted list of harms and the one the DNS Abuse Institute uses is: botnets, malware, pharming, phishing, and spam, where spam is a vehicle for the preceding four. Without going into the details of each, those online harms have real impacts on both individuals and businesses, costing both time and money. Issues, stress, and anxiety that no one needs, especially during a global pandemic.
How does reducing DNS abuse help Internet users stay secure online?
There is a direct relationship between reducing DNS abuse and improving user confidence online. Less DNS abuse, or reducing how long that abuse is active, means less online harms, such as phishing sites stealing people’s credentials, less malware compromising websites and computers, less botnets sending spam and attacking networks. It’s important to point out that these harms are perpetrated not by individuals, but by organised, coordinated criminal gangs. Trying to combat these harms by individuals, or even by individual registries or registrars is a losing proposition. Coordinated action is required to really help Internet users stay secure.
Before joining the DNS Abuse Institute you had a long career in technology policy and Internet governance. What drew you to this area and what keeps you interested?
I started in the world of politics and technology 20 years ago at a research centre called the Citizen Lab, at the University of Toronto doing research into online activism, Internet censorship and surveillance. There was such an energy from being on the forefront of trying to understand the Internet and its impact on our lives. Twenty years later, I find a similar energy within the governance of the DNS. It is the only centralised function in an otherwise anarchic Internet, and so the combinations of policy and politics, governments, civil society and business all coming together is compelling and exciting. I’ve had more than a handful of moments in my career where I was a part of shaping the future of the entire Internet. It’s a pretty wild feeling.
auDA, like the Institute, is committed to helping reduce DNS abuse. How does the Institute work with the domain name industry, including top level domain administrators such as auDA?
Collaboration is an important pillar for the DNS Abuse Institute, and we’ve got a few key initiatives that we hope will help the industry come together to combat DNS abuse. The first is that we’re working on a collaboration platform for registrars and registries to share insights and intelligence on DNS abuse. The domain name industry is extremely competitive and consequently less-than-awesome at working together to deal with collective issues, including online harms. We’re working to extricate action on harms from the constraints of that competition. Another way we’re looking to work with the industry is to build a DNS abuse reporting function that not only makes reporting DNS abuse easier for end-users, but enriches those reports with additional information sources and then routes them to the appropriate party. This DNS abuse reporting tool will be available for registrars and registries to replace their own tools for free.
Domain name registrations in .au and in many other top level domains have surged since the onset of the pandemic. Has this changed how the industry is tackling DNS abuse?
The pandemic accelerated the pace of businesses moving online; a process that would have taken years for lots of small businesses was squished into a few short months. My father-in-law, for example, has had to figure out how to recreate a pub vibe online for his Melbourne-based trivia company. It also forced more people to use the Internet to identify and acquire services. This trend presented opportunities for malicious actors to exploit the DNS and take advantage of less savvy Internet users. That exploitation, especially when people are at their most vulnerable, had governments, law enforcement, and the DNS industry take a closer look at abuse in the ecosystem. I’m seeing a positive trend in how the DNS industry is monitoring and mitigating abuse, but there is still so much work to do. The tools and processes for both reporting and addressing online harms are still quite rudimentary. The DNS Abuse Institute is getting a lot of enthusiasm and interest from the community. Registries and registrars are looking for help, and with the creation of the institute there’s now someone that can.
What are the DNS Institute’s top priorities for the coming year?
Launching the Institute has been fun because there are so many opportunities to make the Internet safer. The DNS Abuse Institute roadmap lays out three projects that we think are going to have the biggest impact on DNS abuse in the least amount of time, and getting these up and running is our focus.
We’re working on an educational initiative with best practices for Industry and end-users and hope to have our first piece out in a few weeks. Another initiative is focused on understanding the landscape of DNS abuse, so we’re building and launching an intelligence platform to pinpoint where the abuse is, how it’s being executed, and how best to mitigate it. Lastly we’re launching what we call the Centralized Abuse Reporting Tool, or CART. The CART is meant to solve two problems. First, reporting online harms is difficult for the end-user, and second, the majority of abuse reports that registrars and registries receive are unactionable and duplicative. We hope to make reporting abuse easy and quick, to ensure abuse reports have the required information to make them actionable, and to get the report to the right place. I’m very excited for the future of each of these projects, it’s going to be a busy year.
Find out more about the DNS Abuse Institute here, and read about auDA’s involvement in the Institute’s Advisory Council here.
The views expressed are the interviewee’s own.