Apwg policy cybercrimes

The Industrial and Public Policy section examines the role of law, regulation and industrial convention in mobilizing – and impeding – the broader response and management of common cybercrimes that menace all Internet users.

Products and services provide key protections and resources for securing cyberspace – but when everyone is fighting the same fires; or the same maritime pirates; or the same measles; civilizations organize clearinghouses, conventions, and laws for the common defense. As a trade association, APWG finds pride in assisting industry in informing the decisions and applications of commercial enterprises. 

As well, APWG honors in memory the historical contributions of non-profit trade associations, government safety agencies, multilateral treaty organizations and standards bodies in providing keystone policy instruments to manage predictable risks programmatically over the centuries.

APWG has engaged data policy questions historically in a three-dimensional approach:

APWG Data Policy Symposium

Presentation of original policy research

APWG opened up the CFP to its annual eCrime conference for policy studies submissions and organized a unique Data Policy Symposium which holds meetings for stakeholders in the United States and the EU to consider, for example, policy and regulatory impediments to data exchange vital to forensic and security applications employed by industry and law enforcement. (SEE: Policy and Position Papers, below);

APWG Malicious Domain Suspension Program

Development of applied policy management instrumentation

like the APWG’s Data User Agreement for eCX users (to manage liabilities attendant cybercrime data exchange) and policy-driven cybercrime response applications such as AMDoS, an affidavit delivery system for Sponsoring Registrars to receive reports of malicious domain name registrations from Accredited Reporters;

Policy Section of APPLIED RESEARCH Secretariat

Contribution of policy analyses and proposals

offering expert-witness commentary to a number of multilateral treaty organizations (by invitation, for example, in the UN as recognized by the Doha Declaration and the Salvador Declaration) and governance and trade groups. [SEE Papers and Correspondence archive below.]

Central to APWG’s technical diplomacy objectives – key to our applied policy efforts – is for the operational realities that the industry manages every shift, three shifts a day, to be fully and accurately considered in the development of cybercrime law, regulation and policy. In practical terms, this requires addressing conflicts between them and cultivating policy makers’ understanding of those operational aspects.

Over the years, APWG and its directors and research fellow have been called upon to provide commentary and presentations to the

 United Nations (Office on Drugs and Crime), Organization for Security and Cooperation in EuropeCouncil of Europe’s Convention on CybercrimeEuropol EC3 the Organization of American States, the Commonwealth of Nations, the Commonwealth Parliamentary AssociationOrganisation for Economic Co-operation and DevelopmentInternational Telecommunications Union and ICANN; the European Commission, the G8 High Technology Crime Subgroup. APWG was a founding member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations.

One of APWG’s technical diplomacy objectives is for the operational realities that industry manages every day fighting cybercrime to be considered fully in the development of cybercrime law, regulation, and policy.

Some of APWG’s policy papers and submissions to trade groups and treaty organizations follow:

Commentary for Department of Commerce’s ANPRM concerning “Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities.”

U.S. domain name service providers should be classified as U.S. Infrastrucure-as-a-Service providers for purposes of this rulemaking. The establishment, maintenance and resolution of second-level domain names on the Domain Name System (DNS) contains operational elements of both land registries and the signaling systems of the public switched telephone network (PSTN). Functionally, the DNS is a globally distributed network of servers that represents a network number on the Internet to human beings in human-readable text (e.g. http:// h􀁀ps://apnews.com) for which there is no readily accessible substitute or competitive alternative. As such, the service providers who curate the DNS can be reasonably classified as infrastructure. Still. APWG directors stress that such a definition should be accompanied by precise and clear definitions for “U.S. domain name service providers” and “All U.S. domain name registries” so as to not over regulate and to ensure miscreants are covered by the regulations.

U.S. domain name registries should be required to maintain complete and accurate databases of the identity and contact information of all registrants for the domain names that such registries administer. A great deal of power of the WHOIS data that are archived with the registration of a new second-level domain name is in its utility for preventing cybercrime. APWG’s members cited the loss of WHOIS data after ICANN’s issuance of its Temporary Specification (in response to the GDPR) as a broadly damaging loss for preventative routines that allowed investigators and responders to key in on telling data elements in WHOIS to knock down cybercrime events before they happen. Accurate data would assist those stalwart, dogged interveners –– and its requirement would dissuade miscreants from abusing the domain name system.

Commentary for the Seventh Meeting of the Intergovernmental Expert Group on Cybercrime / APRIL 6-8 2021 in Vienna / Online

APWG reviews its proposals for the United Nations Intergovernmental Group on Cybercrime to animate far more programmatic responses to common cybercrimes for the benefit of the IEG’s interrogations. APWG’s recommendations include:

Data Handling Authority for Machine Event Data for Private Sector Interveners 2 A Universal Nomenclature for Cybercrime Data;
National and Transborder Cybersecurity Awareness Campaigns;
Machine Event Data vs. Personally Identifiable Information;
Automated Data Exchanges for Programmatic Security Schemes.

These recommendations would establish: a universal nomenclature for cybercrime data; specific legal authority for private sector interveners to handle machine event data; and a conventionalized legal definition of Machine Event Data that would be poised to highlight the borders of PII.

Commentary for the Sixth Meeting of the Intergovernmental Expert Group on Cybercrime / July 27 – 29 2020 in Vienna

APWG reviews its proposals for the United Nations Intergovernmental Group on Cybercrime to animate far more programmatic responses to common cybercrimes, including a universal nomenclature for cybercrime data; specific legal authority for private sector interveners to handle machine event data; and a conventionalized legal definition of Machine Event Data that would be poised to highlight the borders of PII.

Correspondence to ICANN Org from APWG’s Secretary General on behalf of the APWG Board of Directors. addressed to ICANN CEO Mr. Göran Marby Delivery via email April 5, 2018

APWG voices support for a tiered access scheme for qualified parties to maintain access to non-public WHOIS data after the initial roll out go the GDPR, citing the basic scheme of the Model 1.3 accreditation plan, known within the ICANN community as the ‘Cannoli Model’

United Nations Office on Drugs and Crime December 2010 Fifth meeting of the Core Group of Experts on Identity-Related Crime United National International Center 6-8 December 2010, Vienna, Austria SEE: Page, 19, Paragraph 48, 49 and 50.

APWG introduces cybercrime response utilities provided to industry, governments and civil sector actors to educate users exposed to cybercrime. In example, APWG reviews the APWG Phishing Education Fax-Back Page that instruct consumers about protecting themselves against offline phishing scams at the “most teachable moment”: when they have just responded to a phishing communication via fax. Here, too, APWG details the practical impediments can put in the way of evidentiary data between private sector responders and public agency law enforcement.

Cybercrime Convention Committee (T-CY) Public Hearing on Transferred Access to Data Written contributions Council of Europe 3 June 2013, Strasbourg, France (Page 3)

APWG addresses questions posted by the T-CY regarding the interpretation of Article 32b Operational Aspects of the Budapest Convention on Cybercrime of 2001 and other aspects of the convention on behalf of the Cybercrime Convention Committee and considers a posits a definition of machine event data as a necessary term of policy instrumentation in order to distinguish operational data produced by Internet technologies from Personally Identifiable Information.

Fourth meeting of the Core Group of Experts on Identity-related Crime  (Vienna, Austria, 18-22 January 2010)  SEE: Page 19, Paragraph 59

APWG reviews resources that its URL Block List provides to its members in industry, law enforcement and other public sector entities. APWG also details the Phishing Education Landing Page with Core Group of Experts, a redirect system that was then recently launched, automatically directing users clicking on links to decommissioned phishing sites to educational and awareness at the moment of potential misadventure.