M3AAWG has submitted Comments on the NIST AI 100-4, Reducing Risks Posed by Synthetic Content: An Overview of Technical Approaches to Digital Content Transparency. Synthetic content is already a concern in areas such as profit-oriented cybercrime, fake news, and election interference. It therefore represents a risk to national security as a whole. M3AAWG welcomes the opportunity to comment on the current version of NIST AI 100-4 from our perspective as security and anti-abuse specialists.

Comments Submission Date: May 29, 2024

M3AAWG has submitted Comments on the transposition of the Revised Directive on Security of Network and Information Systems (NIS2) into EU national law. 

Countries Submitted: Sweden, Netherlands
 

M³AAWG recognizes that the scope of the powers described in the proposals is limited to situations where there has been a serious relevant failure in relation to an internet domain registry or any of its registrars in scope country code top-level domains (.uk) and generic top level domains (gTLDs) (.scot / .wales / .cymru / .london) that are targeting the UK. We generally support the powers in order to protect the public from harm in these limited circumstances. View the document to review the full scope of comments submitted.

Comments Submitted: August 31, 2023

M3AAWG has submitted Comments focused on technical recommendations in response to the UK government's request for Review of the Computer Misuse Act 1990: consultation and response to call for information. These comments provide recommendations supporting efforts to tackle online abuse and cybercrime while respectfully urging the UK government to liaise with key security and anti-abuse groups including M3AAWG and its partner organizations as well as key UK-based and international industry stakeholders.

Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) supports the U.S. Federal Trade Commission’s (FTC) proposed rulemaking as part of its current mission in protecting the public from deceptive or unfair business practices to include a critical role in protecting consumers from ongoing and increasing impersonation schemes targeting businesses and governments alike. M³AAWG suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation. M³AAWG notes that the investigation of impersonation schemes requires cooperation and information from many entities.  Specifically, WHOIS information is vital to the investigation of impersonation scams. The Comment identifies best practices to tackle impersonation scams, including the validation of commercial senders, DNS mitigation steps, and adoption of trusted notifier relationships to facilitate abuse reporting.

The Messaging, Malware, and Mobile Anti Abuse Working Group (M3AAWG) welcomes the opportunity to review the draft report from ICANN’s Security Stability and Resiliency Review Team (Two).

A joint survey conducted by the Anti-Phishing Working Group (APWG) and M3AAWG looks at how cyber investigators use WHOIS data and how the European Union’s General Data Protection Regulation (GDPR) has affected their anti-abuse efforts. The letter from M3AAWG and survey are also available on the ICANN site at https://www.icann.org/en/system/files/correspondence/upton-to-marby-et-a...

M3AAWG submitted these short comments to ICANN stating that an expert group from the Anti-Abuse community should be created to facilitate the certification of qualified applicants from the security field.

M3AAWG provided comments on the ICANN report.  The filed comments also are available on the ICANN website at https://www.icann.org/resources/pages/gdpr-legal-analysis-2017-11-17-en

M3AAWG submitted these comments in response to the U.S. Federal Trade Commission's request for comments on 16 CFR Part 316 of the CAN-SPAM Rule.  The comments can be viewed on the FTC site at https://www.ftc.gov/policy/public-comments/2017/08/30/comment-87

M3AAWG responded to the Federal Communications Commission's May 2017 Notice of Proposed Rulemaking (“NPRM”) relating to net neturality that was titled Restoring Internet Freedom.  Our comments can also be found on the FCC site at https://www.fcc.gov/ecfs/filing/1082812398671.

OPERACIÓN SAFETY NET MEJORES PRÁCTICAS RECOMENDADAS PARA ENFRENTAR AMENAZAS EN LÍNEA, MÓVILES Y TELEFÓNICAS Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats (2015)

WHOIS information plays a key role in determining where to report instances of abuse involving domain names. This paper explains some of the important WHOIS elements used to fight spam, phishing, malware distribution and other threats.

Submitted on May 27, 2016 responding to a U.S. Federal Communications Communications Notice of Proposed Rulemaking from the Wireline Competition Bureau. All comments and the FCC proposal are available at http://apps.fcc.gov/ecfs/proceeding/view/view?name=16-106.

Note: The FCC released its Rules to Protect Broadband Consumer Privacy on October 26, 2016, quoting several comments from M3AAWG.

M3AAWG submitted these comments with the new M3AAWG Bot Metrics Report in response to the U.S, Federal Communications Communications request for comments on the status of the implementation of CSRIC III best practices.

The extended written statement by Dr. Paul Vixie, author of several IETF DNS standards and Farsight Security, Inc. CEO. He also, augments his testimony starting around 1 hour and 34 minutes in the official hearing video (http://bit.ly/BotnetTakedownHearing2014) from the U.S. Senate Committee on the Judiciary website at http://www.judiciary.senate.gov/meetings/taking-down-botnets_public-and-... . Dr. Vixie testified at the July 15, 2014 hearing at the request of M3AAWG.

Submitted to ICANN in response to their misuse survey report.

Submitted in July 2013 to the ITU Council Working Group on International Internet–Related Public Policy Issues (CWG–Internet) in response to a request for comments on effectively countering and combatting spam.

Submitted to the NIST in April 2013
Response to two questions in the National Institute of Standards and Technology Request for Information is also posted at the NIST site with comments from other organization

Response to staff recommendations in the ICANN report.

Response to the final report from the ICANN WHOIS Policy Review Team

Submitted to U.S. Congress committees on the judiciary in December 2011
MAAWG outlined technical issues with S.968, Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, and H.R.3261, Stop Online Piracy Act, in a letter to the judiciary committees of the U.S. Senate and U.S. House of Representatives.

Submitted to NIST in November 2011- Responding to a Request for Information from the U.S. Department of Commerce (DoC) and U.S. Department of Homeland Security (DHS), the comments are also available on the NIST site.

A response from MAAWG to the Canadian commission were submitted in September 2011.
Submitted comments on the regulations to the Canadian Radio-television and Telecommunications Commission (CRTC) draft regulations.

MAAWG responded to the Department of Commerce (DOC) Internet Policy Task Force's seventy-seven page green paper on "Cybersecurity, Innovation and the Internet Economy."

MAAWG comments were submitted in April 2011 on the ICANN site in response to the ICANN Call for Public Comment
Responding to the ICANN WHOIS Review Team, MAAWG submitted comments on the useablity, access, accuracy and reliability of WHOIS and on the improvement of WDPRS.

MAAWG comments were submitted November 2010 in response to the DoC request.
The U.S. Department of Commerce’s Internet Policy Task Force requested comments on government policies that restrict Internet information flow, seeking to understand why these restrictions have been instituted; what, if any, impact they have, and how to address negative impacts. The DoC will publish a report contributing to the Administration’s domestic policy and international engagement on these issues.

MAAWG comments were submitted October 2010 based on the ICANN request.
ICANN conducted an exploratory study in 2009 to assess an approximate percentage of domain names (through a statistical sampling plan) contained in the top 5 gTLD registries that used privacy or proxy registration services. The study indicated that at least 18% (and probably not much more than 20%) of the domain names contained in the top 5 gTLD registries used privacy or proxy registration services.

MAAWG comments were submitted to the Department of Commerce’s request in September 2010. The DoC site has all submitted comments.
The Department of Commerce’s Internet Policy Task Force undertook a comprehensive review of the nexus between cybersecurity challenges in the commercial sector and innovation in the Internet economy. The Department was seeking comments on measures to improve cybersecurity while sustaining innovation.

The MAAWG response was submitted July 2010 in response to ICANN’s initial report for RAA improvements.
The ICANN report describes recommendations on the proposed form of a Registrant Rights and Responsibilities Charter, and describing the potential topics for additional amendments to the RAA. It also includes a proposal for next steps the GNSO Council should consider in determining whether to recommend the ICANN Board adopt a new form RAA.

MAAWG submitted comments in March 2010. As recommended by MAAWG and others, ARIN changed course on this topic.
The initial draft policy would have allowed ISPs to hide the true customer of a domain name. The revised Version 2 policy that was implemented recognized the need for the customer name to remain in the SWIP and RWHOIS information.

Outlines a voluntary set of principles for messaging system operators that discourages bulk messaging abuse of peer-to-peer messaging platforms

反滥发信息工作组（MAAWG.org) 信息系统运营商行为准则 - The Messaging Anti-Abuse Working Group (MAAWG.org) Code of Conduct for Messaging System Operators in Chinese (2005)

Рабочая группа по противодействию компьютерным злоумышленникам в области передачи сообщений (MAAWG.org) Кодекс поведения операторов систем обмена сообщениями -The Messaging Anti-Abuse Working Group (MAAWG.org) Code of Conduct for Messaging System Operators in Russian (2005)