sanctions - User contributions [en]

Frequently Asked Questions

2022-03-19T13:34:29Z

Wadmin: /* What is the beacon? */

=== What is the purpose of this project? ===
This project allows Internet organizations to enact precisely-targeted sanctions which affect only the military and propaganda agencies of sanctioned countries, rather than sweeping sanctions which principally effect the civilian populations of those countries.

=== Who is it for? ===
This project is operated by and for Internet organizations which are required by governmental regulation to enact sanctions.

=== How does it work? ===
The project uses standardized protocols (BGP and RPZ) to distribute lists of Internet networks and domain names in ways that Internet network operators already use for blocking spam senders, DDoS attackers, malware distribution, and other threats against the Internet's infrastructure.

=== Who runs it? ===
This is a typical Internet governance organization. It is operated by volunteers, and decisions are made by those who show up and do the work. There are no barriers to entry which would prevent any other organization from forming to perform the same function in a different way, or a competing effort in the same way.

=== Is anyone required to use it? ===
No, this is entirely voluntary. The relationship between this project and Internet network operators is exactly the same as the relationship between many preexisting organizations which provide similar blocklists identifying spam, malware, phishing, DDoS, and other forms of abuse to network operators, and the functional mechanisms are identical. Network operators choose to subscribe to the data-feeds we provide, or not, and choose to act upon the data, or not. The obligation to implement sanctions imposed by the governments of the nations in which the network operators are incorporated, however, is not voluntary, it's mandatory under law. This project gives network operators a mechanism for complying with those mandatory requirements, in countries which have accepted this mechanism as sufficient.

=== What is the beacon? ===
The beacon is a set of artificial IP addresses and domain names which are not associated with any real-world organization or users, which will always be "sanctioned" and can thus be used by researchers to measure the reach and effect of the system. If the beacon is visible to you, the Internet sanctioning feeds are not being consumed by your transit providers or DNS recursive resolver operators. Beacons are a frequently-implemented diagnostic feature of Internet routing security systems.

Frequently Asked Questions

2022-03-19T13:33:42Z

Wadmin:

Research Group

2022-03-19T13:30:12Z

Wadmin:

The '''research group''' is responsible for designing and implementing the metrics and monitoring of the system and its effectiveness, and for liaison with the academic community who use those metrics.

The work of the research group is done on the research mailing list (which you're [https://lists.sanctions.net/mailman/listinfo/research welcome to join], or you can consult its [https://lists.sanctions.net/pipermail/research/ archives of past discussion]) and its findings and documentation will be published here.

----

=== Beacon ===
The design of the beacon which will be used to verify operation and reach of the program is currently underway on the mailing list, and will be described here when it reaches stable consensus. It is intended to allow independent verification of IPv4 and IPv6 routing and domain name resolution, and to be robust against orthogonal DNSSEC validation errors.

Research Group

2022-03-19T13:28:36Z

Wadmin: Created page with "The '''research group''' is responsible for designing and implementing the metrics and monitoring of the system and its effectiveness, and for liaison with the academic commun..."

Operations Group

2022-03-19T13:25:56Z

Wadmin: Created page with "The '''operations group''' is responsible for the functioning of this web site (which is MediaWiki, reskinned by [https://opentechstrategies.com Open Tech Strategies]) and mai..."

The '''operations group''' is responsible for the functioning of this web site (which is MediaWiki, reskinned by [https://opentechstrategies.com Open Tech Strategies]) and mailing lists, the operational mechanism of the BGP and RPZ data feeds, and liaison with the Internet network operators who use them.

The work of the operations group is done on the operations mailing list (which you're [https://lists.sanctions.net/mailman/listinfo/operations welcome to join], or you can consult its [https://lists.sanctions.net/pipermail/operations/ archives of past discussion]) and documentation will be published here.

MediaWiki:Mainpage

2022-03-19T13:16:49Z

Wadmin: Created page with "Welcome to the Internet Sanctions Project"

Welcome to the Internet Sanctions Project

Policy:Guiding Principles

2022-03-19T02:45:00Z

Wadmin:

These principles were inherited from the [[The Open Letter|open letter]] which lead to the founding of the project:

* Disconnecting the population of a country from the Internet is a disproportionate and inappropriate sanction, since it hampers their access to the very information that might lead them to withdraw support for acts of war and leaves them with access to only the information their own government chooses to furnish.

* The effectiveness of sanctions should be evaluated relative to predefined goals. Ineffective sanctions waste effort and willpower and convey neither unity nor conviction.

* Sanctions should be focused and precise. They should minimize the chance of unintended consequences or collateral damage. Disproportionate or over-broad sanctions risk fundamentally alienating populations.

* Military and propaganda agencies and their information infrastructure are potential targets of sanctions.

While these principles represent the starting-point of the project, they are not immutable, and may be refined by the community over time.

Established civil society organizations such as the [https://globalnetworkinitiative.org/russia-invasion-free-expression/ Global Network Initiative] have expressed similar principles:
{{Blockquote
|text=GNI supports efforts to sanction and hold accountable Russian government actors, as well as those abetting its aggression. However, some governments have been calling for retaliatory measures that are overly broad and would have unnecessary and disproportionate impacts on freedom of expression. GNI also notes with concern that well intentioned sanctions measures, as well as private and public campaigns, are exerting significant pressure on companies to withdraw products and services that help maintain information and communications network connectivity in Russia. It is critical to maintain infrastructure interconnection between Russian networks and the global Internet, as well as to preserve access for people in Russia to open platforms and services, so that they can continue to find spaces to organize in opposition to the war, report and share information about conditions in Russia, and have access to sources that are not controlled or restricted by Russian government censorship.
}}

Welcome to the Internet Sanctions Project

2022-03-19T02:43:44Z

Wadmin: /* Origin of the project */

__NOTOC__
This is an open, Internet community governed, project which produces BGP and RPZ feeds of network resources (IP addresses, Autonomous System numbers, and domain names) associated with sanctioned entities. These feeds facilitate Internet network operators in complying with the sanction requirements imposed by their respective governments.

=== Who is this for, and why does it exist? ===
National governments enact sanctions as (usually) deescalatory punitive measures against entities, usually other nations. The private sector within each nation is responsible for enacting those sanctions. The global, transnational nature of the Internet makes compliance with diverse sanctions regimes difficult for Internet organizations. At the same time, broadly-defined nationally-imposed Internet sanctions tend to disproportionately affect the civilian population of sanctioned countries; this is both counterproductive and violates their human rights to freedom of communication and access to information. This project brings together governments and Internet organizations to provide a globally-harmonized Internet sanctions imposition mechanism which is "lighter touch" than might otherwise be mandated, and does not impinge upon civilians' access to information and communications. This project is neither pro-sanction nor anti-sanction; it exists to facilitate public-sector/private-sector coordination while ensuring that the human rights of civilians are protected.

=== Origin of the project ===
This project originated in an [[The Open Letter|open letter]] from leaders of the multistakeholder Internet governance community, calling for constructive dialog about the imposition of Internet-related sanctions, and for a principled approach to sanctions which would explicitly rule the civilian population to be not a valid target.

=== Structure ===
The project is implemented by five working groups:

* A [[Policy Group|policy group]] monitors the political situation and the sanction initiatives of national governments, and evaluates proposed sanctions in light of the project's principles. If a sanction is deemed in-scope, the policy group defines the sanctioned entities and passes them to the [[Open Source Intelligence|OSINT group]]. The policy group is also responsible for determining when existing sanctions should be repealed and for liaising with governments which are considering declaring this mechanism to be sufficient compliance with their nationally-defined sanctions.

* An [[Open Source Intelligence|OSINT group]] investigates and catalogs the Internet resources (IP addresses, Autonomous System numbers, and domain names) held by sanctioned entities.

* An [[Oversight Board|oversight board]] provides a final check on which resources are included in the blocking feed. When anything is added to the feed, an announcement will be posted to the (read-only) [https://lists.sanctions.net/mailman/listinfo/announce announcement email list], which you're welcome to subscribe to, to keep track of the project's outcomes.

* An [[Operations Group|operations group]] keeps the BGP and RPZ feed publishing mechanisms working.

* A [[Research Group|research group]] is responsible for metrics and monitoring of the system and its effectiveness, and liaison with the academic community.

=== Participation ===
This is a community volunteer effort, and your participation is welcome! Please consider [[Frequently Asked Questions|reading the FAQ]] and subscribing to the [[E-Mail Discussion Lists|email discussion lists]] as starting-points.

Welcome to the Internet Sanctions Project

2022-03-19T02:43:20Z

Wadmin: /* Origin of the project */

__NOTOC__
This is an open, Internet community governed, project which produces BGP and RPZ feeds of network resources (IP addresses, Autonomous System numbers, and domain names) associated with sanctioned entities. These feeds facilitate Internet network operators in complying with the sanction requirements imposed by their respective governments.

=== Who is this for, and why does it exist? ===
National governments enact sanctions as (usually) deescalatory punitive measures against entities, usually other nations. The private sector within each nation is responsible for enacting those sanctions. The global, transnational nature of the Internet makes compliance with diverse sanctions regimes difficult for Internet organizations. At the same time, broadly-defined nationally-imposed Internet sanctions tend to disproportionately affect the civilian population of sanctioned countries; this is both counterproductive and violates their human rights to freedom of communication and access to information. This project brings together governments and Internet organizations to provide a globally-harmonized Internet sanctions imposition mechanism which is "lighter touch" than might otherwise be mandated, and does not impinge upon civilians' access to information and communications. This project is neither pro-sanction nor anti-sanction; it exists to facilitate public-sector/private-sector coordination while ensuring that the human rights of civilians are protected.

=== Origin of the project ===
This project originated in an [[The Open Letter|open letter]] from leaders of the multistakeholder Internet governance community, calling for constructive dialog about the imposition of Internet-related sanctions, and for a principled approach to sanctions which would explicitly rule the civilian population to be not a valid target. Established civil society groups such as the [https://globalnetworkinitiative.org/russia-invasion-free-expression/ Global Network Initiative] have expressed the same principles:
{{Blockquote
|text=GNI supports efforts to sanction and hold accountable Russian government actors, as well as those abetting its aggression. However, some governments have been calling for retaliatory measures that are overly broad and would have unnecessary and disproportionate impacts on freedom of expression. GNI also notes with concern that well intentioned sanctions measures, as well as private and public campaigns, are exerting significant pressure on companies to withdraw products and services that help maintain information and communications network connectivity in Russia. It is critical to maintain infrastructure interconnection between Russian networks and the global Internet, as well as to preserve access for people in Russia to open platforms and services, so that they can continue to find spaces to organize in opposition to the war, report and share information about conditions in Russia, and have access to sources that are not controlled or restricted by Russian government censorship.
}}

=== Structure ===
The project is implemented by five working groups:

* A [[Policy Group|policy group]] monitors the political situation and the sanction initiatives of national governments, and evaluates proposed sanctions in light of the project's principles. If a sanction is deemed in-scope, the policy group defines the sanctioned entities and passes them to the [[Open Source Intelligence|OSINT group]]. The policy group is also responsible for determining when existing sanctions should be repealed and for liaising with governments which are considering declaring this mechanism to be sufficient compliance with their nationally-defined sanctions.

* An [[Open Source Intelligence|OSINT group]] investigates and catalogs the Internet resources (IP addresses, Autonomous System numbers, and domain names) held by sanctioned entities.

* An [[Oversight Board|oversight board]] provides a final check on which resources are included in the blocking feed. When anything is added to the feed, an announcement will be posted to the (read-only) [https://lists.sanctions.net/mailman/listinfo/announce announcement email list], which you're welcome to subscribe to, to keep track of the project's outcomes.

* An [[Operations Group|operations group]] keeps the BGP and RPZ feed publishing mechanisms working.

* A [[Research Group|research group]] is responsible for metrics and monitoring of the system and its effectiveness, and liaison with the academic community.

=== Participation ===
This is a community volunteer effort, and your participation is welcome! Please consider [[Frequently Asked Questions|reading the FAQ]] and subscribing to the [[E-Mail Discussion Lists|email discussion lists]] as starting-points.

Template:Documentation

2022-03-19T02:42:37Z

Wadmin: Created page with "{{#invoke:documentation|main|_content={{ {{#invoke:documentation|contentTitle}}}}}}<noinclude>  </noi..."

{{#invoke:documentation|main|_content={{ {{#invoke:documentation|contentTitle}}}}}}<noinclude>

</noinclude>

Template:Comma separated entries

2022-03-19T02:42:12Z

Wadmin: Created page with "{{<includeonly>safesubst:</includeonly>#invoke:Separated entries|comma}}<noinclude> {{documentation}} <!-- Categories go on the /doc subpage, and interwikis go on Wikidata. --..."

{{<includeonly>safesubst:</includeonly>#invoke:Separated entries|comma}}<noinclude>
{{documentation}}

</noinclude>

Template:Main other

2022-03-19T02:41:31Z

Wadmin: Created page with "{{#switch:  {{#if:{{{demospace|}}} | {{lc: {{{demospace}}} }}  |..."

{{#switch:

{{#if:{{{demospace|}}}
| {{lc: {{{demospace}}} }} 
| {{#ifeq:{{NAMESPACE}}|{{ns:0}}
| main
| other
}}
}}
| main = {{{1|}}}
| other
| #default = {{{2|}}}
}}<noinclude>

{{documentation}}

</noinclude>

Template:Blockquote/styles.css

2022-03-19T02:40:26Z

Wadmin: Created page with "/* {{pp-template}} */ .templatequote { overflow: hidden; margin: 1em 0; padding: 0 40px; } .templatequote .templatequotecite { line-height: 1.5em; /* @noflip */..."

/* {{pp-template}} */
.templatequote {
overflow: hidden;
margin: 1em 0;
padding: 0 40px;
}

.templatequote .templatequotecite {
line-height: 1.5em;
/* @noflip */
text-align: left;
/* @noflip */
padding-left: 1.6em;
margin-top: 0;
}

Template:Blockquote

2022-03-19T02:39:51Z

Wadmin: Created page with "<templatestyles src="Template:Blockquote/styles.css" /><blockquote class="templatequote {{{class|}}}" {{#if:{{{style|}}}|style="{{{style}}}"}}>{{{text|{{{content|{{{qu..."

<templatestyles src="Template:Blockquote/styles.css" /><blockquote class="templatequote {{{class|}}}" {{#if:{{{style|}}}|style="{{{style}}}"}}>{{{text|{{{content|{{{quotetext|{{{quote|{{{1|<includeonly>{{error|Error: No text given for quotation (or equals sign used in the actual argument to an unnamed parameter)}}{{main other|[[Category:Pages incorrectly using the quote template]]}}</includeonly><noinclude>{{lorem ipsum}}</noinclude>}}}}}}}}}}}}}}}{{#if:{{{sign|}}}{{{cite|}}}{{{author|}}}{{{by|}}}{{{personquoted|}}}{{{source|}}}{{{ts|}}}{{{title|}}}{{{publication|}}}{{{quotesource|}}}{{{char|}}}{{{character|}}}{{{2|}}}{{{3|}}}{{{4|}}}{{{5|}}}|{{#if:{{{multiline|}}}|<nowiki />}}
<div class="templatequotecite">— <cite>{{#if:{{{char|{{{character|{{{5|}}}}}}}}}|{{{char|{{{character|{{{5|}}}}}}}}}, in }}{{Comma separated entries
| {{if empty|{{{sign|}}}|{{{cite|}}}|{{{author|}}}|{{{by|}}}|{{{personquoted|}}}|{{{2|}}}}}
| {{if empty|{{{title|}}}|{{{publication|}}}|{{{ts|}}}|{{{quotesource|}}}|{{{3|}}}}}
| {{if empty|{{{source|}}}|{{{4|}}}}}
}}</cite></div>
}}</blockquote>{{#if:{{{class|}}}{{{id|}}}{{{diff|}}}{{{4|}}}{{{5|}}}|{{main other|[[Category:Pages incorrectly using the Blockquote template]]}}}}{{#invoke:Check for unknown parameters|check|unknown={{main other|[[Category:Pages using Blockquote template with unknown parameters|_VALUE_{{PAGENAME}}]]}}|preview=Page using [[Template:Blockquote]] with unknown parameter "_VALUE_"|ignoreblank=y| 1 | 2 | 3 | 4 | 5 | author | by | char | character | cite | class | content | diff | id | multiline | personquoted | publication | quote | quotesource | quotetext | sign | source | style | text | title | ts }}<noinclude>
{{documentation}}
</noinclude>

The Open Letter

2022-03-19T01:33:46Z

Wadmin:

{{TOC right}}
On March 10, 2022, members of the Multistakeholder Internet governance community published the following open letter:
{{clear}}
----
{{right|Thursday, March 10, 2022}}<br>
{{right|The Hague}}
==Multistakeholder Imposition of Internet Sanctions==

===Executive Summary===
The invasion of Ukraine poses a new challenge for multistakeholder Internet infrastructure governance. In this statement, we discuss possible sanctions and their ramifications, lay out principles that we believe should guide Internet sanctions, and propose a multistakeholder governance mechanism to facilitate decision-making and implementation.

===Introduction===
The Internet is in its thirtieth year of transition from national to multistakeholder governance. As we encounter pivotal moments, we must decide as a community whether Internet self-governance has matured sufficiently to address such newly encountered issue. Governments have imposed sanctions throughout history, but the global Internet governance community has not yet established a process dedicated to this task.

We believe it is now incumbent upon the Internet community to deliberate and make decisions in the face of humanitarian crises. We may not responsibly dismiss such crises without consideration, nor with consideration only for the self-interest of our community’s own direct constituents; instead, maturity of governance requires that self-interests be weighed in the balance with broader moral and societal considerations. This document is the beginning of a global Internet governance conversation about the appropriate scope of sanctions, the feasibility of sanctions within the realm of our collective responsibility, and our moral imperative to minimize detrimental consequences.

===Principles for Internet Infrastructure Governance Sanctions===
We, the undersigned, agree to the following principles:

* Disconnecting the population of a country from the Internet is a disproportionate and inappropriate sanction, since it hampers their access to the very information that might lead them to withdraw support for acts of war and leaves them with access to only the information their own government chooses to furnish.

* The effectiveness of sanctions should be evaluated relative to predefined goals. Ineffective sanctions waste effort and willpower and convey neither unity nor conviction.

* Sanctions should be focused and precise. They should minimize the chance of unintended consequences or collateral damage. Disproportionate or over-broad sanctions risk fundamentally alienating populations.

* Military and propaganda agencies and their information infrastructure are potential targets of sanctions.

* The Internet, due to its transnational nature and consensus-driven multistakeholder system of governance, currently does not easily lend itself to the imposition of sanctions in national conflicts.

* It is inappropriate and counterproductive for governments to attempt to compel Internet governance mechanisms to impose sanctions outside of the community’s multistakeholder decision-making process.

* There are nonetheless appropriate, effective, and specific sanctions the Internet governance community may wish to consider in its deliberative processes.

===Recommendations===
We believe it is the responsibility of the global Internet governance community to weigh the costs and risks of sanctions against the moral imperatives that call us to action in defense of society, and we must address this governance problem now and in the future. '''We believe the time is right for the formation of a new, minimal, multistakeholder mechanism, similar in scale to NSP-Sec or Outages, which after due process and consensus would publish sanctioned IP addresses and domain names in the form of public data feeds in standard forms (BGP and RPZ), to be consumed by any organization that chooses to subscribe to the principles and their outcome.''' This process should use clearly documented procedures to assess violations of international norms in an open, multistakeholder, and consensus-driven process, taking into account the principles of non-overreach and effectiveness in making its determinations. This system mirrors existing systems used by network operators to block spam, malware, and DDoS attacks, so it requires no new technology and minimal work to implement.

We call upon our colleagues to participate in a multistakeholder deliberation using the mechanism outlined above, to decide whether the IP addresses and domain names of the Russian military and its propaganda organs should be sanctioned, and to lay the groundwork for timely decisions of similar gravity and urgency in the future.

===Signed,===
Bart Groothuis{{gray|, Member of the European Parliament, Netherlands}}<br>
Bill Woodcock{{gray|, Executive Director, Packet Clearing House}}<br>
Ihab Osman{{gray|, Non-Executive Director, Internet Corporation for Assigned Names and Numbers}}<br>
Mike Roberts{{gray|, founding President and CEO, Internet Corporation for Assigned Names and Numbers}}<br>
Jeff Moss{{gray|, President, DEFCON}}<br>
Niels ten Oever{{gray|, Postdoctoral Researcher, University of Amsterdam}}<br>
Marina Kaljurand{{gray|, Member of the European Parliament, Estonia, former ambassador to Russia and the United States}}<br>
Eva Kaili{{gray|, Member of the European Parliament, Greece}}<br>
Runa Sandvik{{gray|, security researcher}}<br>
Kurt Opsahl{{gray|, Electronic Frontier Foundation (affiliation for identification purposes only)}}<br>
 John Levine{{gray|, President, CAUCE North America}}<br>
Virendra Rode{{gray|, founder and contributor, Outages.ORG}}<br>
Stephen D. Crocker{{gray|, Edgemoor Research Institute}}<br>
Job Snijders{{gray|, board member, RIPE NCC, PeeringDB, and Route Server Support Foundation}}<br>
Moez Chakchouk{{gray|, Director of Policy, PCH, former ADG/CI UNESCO and former Tunisian minister}}<br>
Doug Madory{{gray|, Director of Internet Analysis, Kentik}}<br>
Ondrej Filip{{gray|, CEO, CZ.NIC}}<br>
Greg Rattray{{gray|, Founder, Next Peak and former cybersecurity advisor to ICANN}}<br>
Serge Droz{{gray|, in personal capacity, Director FIRST}}<br>
Mark Tinka{{gray|, board member, FranceIX}}<br>
Dmitry Kohmanyuk{{gray|, founder, Hostmaster Ltd.}}<br>
Timothy Denton{{gray|, Chairman, Internet Society, Canada Chapter}}<br>
Barry Greene<br>
Perry E. Metzger{{gray|, Managing Member, Metzger, Dowdeswell & Co. LLC}}<br>
Roelof Meijer{{gray|, CEO, SIDN}}<br>
Svitlana Matviyenko{{gray|, Associate Director, Digital Democracies Institute, Simon Fraser University}}<br>
Rabbi Rob Thomas{{gray|, CEO, Team Cymru}}<br>
Harald Summa{{gray|, CEO, DE-CIX}}<br>
Chris Gibson{{gray|, in personal capacity, CEO FIRST}}<br>
Tom Killalea<br>
The Internet Archive<br>
Philip Reiner{{gray|, CEO, Institute for Security and Technology}}<br>
Megan Stifel{{gray|, Chief Security Officer, Institute for Security and Technology}}<br>
Bart Stidham{{gray|, CEO, NAND Technologies}}<br>
Rudolf van der Berg{{gray|, Programme Manager, Stratix Consulting}}<br>
Alejandro Pisanty{{gray|, Professor, National Autonomous University of Mexico}}<br>
Henrik Kramselund{{gray|, CEO Zencurity Aps}}<br>

----

==Annex: <br>Technical Discussion of Internet Governance Sanction Measures==

This statement is occasioned by the letter Andrii Nabok (Андрій Набок) of the Ukranian Ministry of Digital Transformation addressed to the Internet Corporation for Assigned Names and Numbers (ICANN) on the morning of Monday, February 28, 2022. ICANN and RIPE replied to Mr. Nabok’s letter directly, in the narrowest possible terms, and in the negative.

In this annex, we discuss the technical specifics of each of the proposed sanctions, as well as of other possible Internet sanctions which we suggest are more effective, more precise, and carry fewer risks and lower costs.

===Analysis of Ukraine’s Request===
We respect Mr. Nabok’s professional expertise and his inclusion of Ukraine’s Internet community in the drafting of his letter in the full spirit of the multistakeholder principles by which the Internet is governed, and we express our deepest sympathies for the indescribable trauma Ukraine is experiencing as a result of Russia’s invasion, which we condemn without reservation.

Mr. Nabok’s letter requests the imposition of four Internet governance sanctions against Russia, namely:

* Permanent or temporary revocation of the country code top-level domains “.ru”, “.рф” and “.su”.
* Revocation of SSL certificates associated with those domains.
* Disablement of DNS root servers situated within the Russian Federation.
* Withdrawal of the right to use IPv4 and IPv6 addresses by Russian networks.

We commend Mr. Nabok and the Ukrainian people and government for responding to bloodshed with diplomacy and seeking deescalatory sanctions. Internet governance sanctions must, however, be selected and implemented carefully, in order to achieve the greatest effect and to avoid unanticipated consequences. In the attached appendix, we discuss each of the proposed sanctions, as well as others we consider more effective, with lower costs and risks of unintended consequences.

===Revocation of country-code Top Level Domains (ccTLDs)===
Every ISO-3166 Alpha-2 two-letter abbreviation of a national name is reserved for the use of the Internet community of that nation as a “country-code Top Level Domain,” or “ccTLD.” This reservation is made expressly for the Internet community of the nation and not the government of the nation. Geographic, political, and sociocultural allocations of “internationalized” top-level domains (such as “.рф” to the Russian Federation, or “.укр” to Ukraine) are made in parallel with the ISO-3166 mechanism.

The primary users of any ccTLD are its civilian constituents, who may be distributed globally and may be united by linguistic or cultural identity rather than nationality or national identity. Removal of a ccTLD from the root zone of the domain name system (the sanction suggested by the letter) would make it very difficult for anyone, globally, within Russia or without, to contact users of the affected domains, a group that consists almost entirely of Russian-speaking civilians. At the same time, it would have relatively little effect upon Russian military networks, which are unlikely to rely upon DNS servers outside their own control.

We therefore conclude that the revocation, whether temporary or permanent, of a ccTLD is '''not an effective sanction''' because it disproportionately harms civilians; specifically, it is ineffective against any government that has taken cyber-defense preparatory measures to alleviate dependence upon foreign nameservers for domain name resolution. In addition, any country against which this sanction was applied would likely immediately set up an “alternate root,” competing with the one administered by the Internet Assigned Numbers Authority, using any of a number of trivial means. If one country did so, others would likely follow suit, leading to an exodus from the consensus Internet that allows general interconnection.

===Revocation of certificates associated with domain names===
At least two kinds of cryptographic certificates and signatures are potential mechanisms for sanction, and we discuss each independently. First, revocation of SSL certificates, as mentioned in Mr. Nabok’s letter:

SSL (“Secure Socket Layer”), which has been succeeded by TLS (“Transport Layer Security”), is a certification mechanism principally used to authenticate and encrypt connections from web browsers to web servers. Such certificates are used in online commerce and banking, among other less visible roles. Certificates are issued by Certificate Authorities (“CAs”), of which there are many hundreds in existence, a significant number of them are controlled, directly or indirectly, by national governments or intelligence agencies. Any one of these organizations may issue a certificate to anyone, certifying that they are the authentic administrator of any domain.

The revocation of certificates associated with governmental or military domains is '''not an effective sanction''', because the targeted government is likely already using a Certificate Authority under its own control, and if it is not it can easily cause any CA under its influence to issue a replacement certificate. The revocation of certificates associated with private subdomains (for instance, redcross.ru, citibank.ru) would render communications between these organizations and their constituencies insecure and vulnerable to cybercrime until they were able to get new certificates issued; decreasing law and order and rendering a civilian population more vulnerable to crime is '''not an effective sanction'''. Alternatively, adding existing certificates for propaganda outlets to Certificate Revocation Lists or using Online Certificate Status Protocol (OSCP) to flag them as revoked would warn casual users such websites are problematic and require them to take explicit action to proceed beyond the warning. These techniques are, however, limited: they must generally be done by the same CA that issued the original certificate, which may not be outside the influence of the sanctioned government. We thus believe this to be a '''moderately effective sanction''' in the cases where it is possible to invoke: it is specific, easily centrally implemented, and has little chance of unintended broader consequences. In X.509 public key infrastructures, certificate revocation cannot be rescinded; a new certificate must be issued and deployed.

===Revocation of DNSSEC signatures on DNS delegations===
The cryptographic signatures used to authenticate domain names are known as DNSSEC, or DNS Security Extension signatures. Clients can evaluate the veracity of the mappings between domain names and IP addresses, which is what allows them to find and connect to resources on the Internet, by cryptographically validating the DNSSEC signature associated with a domain name.

If a top-level domain were removed from the DNS root, the DNSSEC signature that validates the delegation of that domain would consequently be removed as well. DNS clients or resolvers still in possession of the old information could continue to reach the websites or email addresses identified by a domain, but they would be unable to validate that they had arrived at the right place. The DNSSEC signature validating the delegation of a top-level domain could also be removed while leaving the delegation itself in place.

DNSSEC signatures prevent criminals from performing “man-in-the-middle” attacks, impersonating the website of a retail bank, for instance, to capture the user’s authentication information and empty their accounts. Military and high-security networks may use technical mechanisms to ensure that lack of a DNSSEC delegation above a signature under their control, in the DNS hierarchy, will not interfere with their resolution. Regular Internet users, however, either will be confronted with error messages indicating that their bank’s website is an impostor or will not be notified if an attacker stands between them and their bank.

Removing the DNSSEC signature validating the delegation of a national top-level domain, whether in association with the removal of the delegation or not, may have little or no effect upon military and other high-security networks, but it would decrease law and order and make ordinary people much more susceptible to cybercrime. Tampering with DNSSEC signatures is thus '''not an effective sanction'''.

===Disablement of DNS root servers===
Root nameservers are simply those nameservers that hold a static copy of the DNS “root zone,” which is, by its very nature, public information. Essentially any nameserver may be made a root nameserver, simply by telling it to retrieve and cache copies of the DNS root zone.

Disabling specific root nameservers has no effect, since they are, by design, not uniquely privileged or in possession of unique information. Disabling all root nameservers is not feasible since it would disable the Internet for everyone, and anyone could, and would, establish new ones. Disabling root nameservers thus has '''no utility as a sanction'''.

===Withdrawal of the right to use Internet Protocol addresses===
Internet Protocol (IP) addresses, the numeric identifiers by which Internet devices find each other, are allocated by the five Regional Internet Registries that together constitute the Number Resource Organization (NRO). Réseaux IP Européens (RIPE) is the Regional Internet Registry for Europe, the Middle East, and parts of Central Asia, with responsibility for allocating IP addresses to Russian entities. It is within RIPE’s power, if directed to do so by its member organizations through its multistakeholder governance process, to create policy that would effectively withdraw the allocations of IP addresses it has made to Russian organizations.

This situation bears some similarities to the governance of domain names, yet it also contains crucial differences. ICANN’s authority extends no further into the DNS hierarchy than the root level, so actions taken by ICANN inherently affect entire top-level domains unitarily, without the possibility of “surgical” actions upon one subdomain and not another. By contrast, the Regional Internet Registries can affect policy on a per-organization (or even finer) basis. Yet rescinding an IP address allocation does not prevent its previous holder from continuing to use it. Indeed, “IP address hijacking” is a relatively commonplace problem on the Internet. Therefore, although it can be precisely targeted, simply rescinding the right to use an IP address allocation is '''not, by itself, an effective sanction'''.

Note that this process of IP address revocation and RPKI attestation revocation would be a normal consequence of an address recipient (such as the Russian military) failing to pay annual registration fees to its Regional Internet Registry, something that may in fact come to pass as a consequence of financial and banking sanctions. But such a process might take years. Another negative consequence of revoking IP address allocations is that revoked addresses will likely be allocated to a different recipient subsequently, who will then find themselves competing with the original holder for their use.

===Manipulation of routing security attestations===
A potential sanction not explicitly requested in Mr. Nabok’s letter is the manipulation of routing security attestations to produce the effect of a partial or complete disconnection from the Internet of specific networks, such as those of the Russian military or propaganda agencies.

As with domain names, technical mechanisms exist to cryptographically verify the legitimacy of use of IP addresses. Routing Policy Specification Language (RPSL) and Routing Public Key Infrastructure (RPKI) are the two primary such mechanisms. To be used for communication on the Internet, IP addresses must be “announced” through the routing system, and the routers of the larger and better-secured networks utilize these two mechanisms to ensure that invalid routes are not used by their routers. Smaller and less-secured networks do not typically implement these mechanisms.

A manipulation of RPSL and RPKI records in centralized registries would flow through to all networks employing these common routing security mechanisms, some of which would then automatically stop routing traffic to and from the specified networks, without affecting other “adjacent” civilian networks or being subject to trivial “work-arounds.”

The manipulation of RPSL and RPKI routing security attestations could be an effective sanction measure, because it appears precise, easily and quickly implemented and reversed, and reasonably effective. However, the appropriation of preexisting routing security mechanisms for use in sanctions, likely unexpected by the participating networks, could conflict with the business or regulatory requirements of those networks, and, crucially, could risk the withdrawal of networks from the system entirely. Such an exodus would both make this potential sanction less effective in the future and have the far greater cost of eroding cybersecurity for the Internet as a whole, the purpose for which the routing security systems were built in the first place. This thus constitutes an '''unacceptable risk'''.

===Other Internet-associated, non-technical sanctions===
Other sanctions related to the Internet’s operation and governance may be worth considering. These include, for example, the disallowance of sanctioned personnel from participation in Internet governance, policymaking, or standardization proceedings. Such nontechnical measures are outside the scope of this document.

===Blocklisting===
Network operators and DNS resolver operators already make use of multistakeholder-governed lists, similar to the way financial lenders use credit scoring agencies, to determine what IP addresses to route and pass traffic between, and what domain names to resolve. This is the mechanism by which persistent spammers and address hijackers are excluded from the network, and by which Internet users are protected from malware and phishing attacks.

The technical mechanisms by which such blocking information is passed are mature, robust, instantaneous, and globally standardized. Information related to IP addresses and Autonomous System Numbers is mostly carried over BGP feeds, while information related to domain names is mostly carried over RPZ feeds. Both mechanisms are implemented by essentially all large operators globally. Blocklisting IP addresses and Autonomous System Numbers has all of the advantages of address block revocation or manipulation of routing security attestations, without the drawbacks. It allows network operators to block both the acceptance of routes and the passage of traffic, each or both of which may be appropriate in different situations and in response to different threats. Blocklisting of domain names allows full precision and specificity, which is the problem that precludes action by ICANN. The system is opt-in, voluntary, consensual, and bottom-up, all values the Internet governance community holds dear. Yet, at the same time, it has achieved broad adoption.

We conclude that the well-established methods of blocklisting provide the '''best mechanism for sanctioning both IP routes and traffic and domain names''', and that this mechanism, if implemented normally by subscribing entities, has no significant costs or risks.

===Conclusion===
Our conclusion is that '''blocklisting''' of IP addresses, Autonomous Systems, and domain names upon which the multistakeholder community can establish consensus is effective and carries no inherent danger of being over-broad. Once decided upon, it is easily invoked—and equally easily rolled back once the problem is resolved. Most important, it carries no significant costs or risks and is aligned with the Internet’s multistakeholder governance values and principles.

The Open Letter

2022-03-19T01:33:14Z

Wadmin:

{{TOC right}}
On March 10, 2022, members of the Multistakeholder Internet governance community published the following open letter:
{{clear}}
----
==Multistakeholder Imposition of Internet Sanctions==
{{right|Thursday, March 10, 2022}}<br>
{{right|The Hague}}

===Executive Summary===
The invasion of Ukraine poses a new challenge for multistakeholder Internet infrastructure governance. In this statement, we discuss possible sanctions and their ramifications, lay out principles that we believe should guide Internet sanctions, and propose a multistakeholder governance mechanism to facilitate decision-making and implementation.

===Introduction===
The Internet is in its thirtieth year of transition from national to multistakeholder governance. As we encounter pivotal moments, we must decide as a community whether Internet self-governance has matured sufficiently to address such newly encountered issue. Governments have imposed sanctions throughout history, but the global Internet governance community has not yet established a process dedicated to this task.

We believe it is now incumbent upon the Internet community to deliberate and make decisions in the face of humanitarian crises. We may not responsibly dismiss such crises without consideration, nor with consideration only for the self-interest of our community’s own direct constituents; instead, maturity of governance requires that self-interests be weighed in the balance with broader moral and societal considerations. This document is the beginning of a global Internet governance conversation about the appropriate scope of sanctions, the feasibility of sanctions within the realm of our collective responsibility, and our moral imperative to minimize detrimental consequences.

===Principles for Internet Infrastructure Governance Sanctions===
We, the undersigned, agree to the following principles:

* Disconnecting the population of a country from the Internet is a disproportionate and inappropriate sanction, since it hampers their access to the very information that might lead them to withdraw support for acts of war and leaves them with access to only the information their own government chooses to furnish.

* The effectiveness of sanctions should be evaluated relative to predefined goals. Ineffective sanctions waste effort and willpower and convey neither unity nor conviction.

* Sanctions should be focused and precise. They should minimize the chance of unintended consequences or collateral damage. Disproportionate or over-broad sanctions risk fundamentally alienating populations.

* Military and propaganda agencies and their information infrastructure are potential targets of sanctions.

* The Internet, due to its transnational nature and consensus-driven multistakeholder system of governance, currently does not easily lend itself to the imposition of sanctions in national conflicts.

* It is inappropriate and counterproductive for governments to attempt to compel Internet governance mechanisms to impose sanctions outside of the community’s multistakeholder decision-making process.

* There are nonetheless appropriate, effective, and specific sanctions the Internet governance community may wish to consider in its deliberative processes.

===Recommendations===
We believe it is the responsibility of the global Internet governance community to weigh the costs and risks of sanctions against the moral imperatives that call us to action in defense of society, and we must address this governance problem now and in the future. '''We believe the time is right for the formation of a new, minimal, multistakeholder mechanism, similar in scale to NSP-Sec or Outages, which after due process and consensus would publish sanctioned IP addresses and domain names in the form of public data feeds in standard forms (BGP and RPZ), to be consumed by any organization that chooses to subscribe to the principles and their outcome.''' This process should use clearly documented procedures to assess violations of international norms in an open, multistakeholder, and consensus-driven process, taking into account the principles of non-overreach and effectiveness in making its determinations. This system mirrors existing systems used by network operators to block spam, malware, and DDoS attacks, so it requires no new technology and minimal work to implement.

We call upon our colleagues to participate in a multistakeholder deliberation using the mechanism outlined above, to decide whether the IP addresses and domain names of the Russian military and its propaganda organs should be sanctioned, and to lay the groundwork for timely decisions of similar gravity and urgency in the future.

===Signed,===
Bart Groothuis{{gray|, Member of the European Parliament, Netherlands}}<br>
Bill Woodcock{{gray|, Executive Director, Packet Clearing House}}<br>
Ihab Osman{{gray|, Non-Executive Director, Internet Corporation for Assigned Names and Numbers}}<br>
Mike Roberts{{gray|, founding President and CEO, Internet Corporation for Assigned Names and Numbers}}<br>
Jeff Moss{{gray|, President, DEFCON}}<br>
Niels ten Oever{{gray|, Postdoctoral Researcher, University of Amsterdam}}<br>
Marina Kaljurand{{gray|, Member of the European Parliament, Estonia, former ambassador to Russia and the United States}}<br>
Eva Kaili{{gray|, Member of the European Parliament, Greece}}<br>
Runa Sandvik{{gray|, security researcher}}<br>
Kurt Opsahl{{gray|, Electronic Frontier Foundation (affiliation for identification purposes only)}}<br>
 John Levine{{gray|, President, CAUCE North America}}<br>
Virendra Rode{{gray|, founder and contributor, Outages.ORG}}<br>
Stephen D. Crocker{{gray|, Edgemoor Research Institute}}<br>
Job Snijders{{gray|, board member, RIPE NCC, PeeringDB, and Route Server Support Foundation}}<br>
Moez Chakchouk{{gray|, Director of Policy, PCH, former ADG/CI UNESCO and former Tunisian minister}}<br>
Doug Madory{{gray|, Director of Internet Analysis, Kentik}}<br>
Ondrej Filip{{gray|, CEO, CZ.NIC}}<br>
Greg Rattray{{gray|, Founder, Next Peak and former cybersecurity advisor to ICANN}}<br>
Serge Droz{{gray|, in personal capacity, Director FIRST}}<br>
Mark Tinka{{gray|, board member, FranceIX}}<br>
Dmitry Kohmanyuk{{gray|, founder, Hostmaster Ltd.}}<br>
Timothy Denton{{gray|, Chairman, Internet Society, Canada Chapter}}<br>
Barry Greene<br>
Perry E. Metzger{{gray|, Managing Member, Metzger, Dowdeswell & Co. LLC}}<br>
Roelof Meijer{{gray|, CEO, SIDN}}<br>
Svitlana Matviyenko{{gray|, Associate Director, Digital Democracies Institute, Simon Fraser University}}<br>
Rabbi Rob Thomas{{gray|, CEO, Team Cymru}}<br>
Harald Summa{{gray|, CEO, DE-CIX}}<br>
Chris Gibson{{gray|, in personal capacity, CEO FIRST}}<br>
Tom Killalea<br>
The Internet Archive<br>
Philip Reiner{{gray|, CEO, Institute for Security and Technology}}<br>
Megan Stifel{{gray|, Chief Security Officer, Institute for Security and Technology}}<br>
Bart Stidham{{gray|, CEO, NAND Technologies}}<br>
Rudolf van der Berg{{gray|, Programme Manager, Stratix Consulting}}<br>
Alejandro Pisanty{{gray|, Professor, National Autonomous University of Mexico}}<br>
Henrik Kramselund{{gray|, CEO Zencurity Aps}}<br>

----

==Annex: <br>Technical Discussion of Internet Governance Sanction Measures==

This statement is occasioned by the letter Andrii Nabok (Андрій Набок) of the Ukranian Ministry of Digital Transformation addressed to the Internet Corporation for Assigned Names and Numbers (ICANN) on the morning of Monday, February 28, 2022. ICANN and RIPE replied to Mr. Nabok’s letter directly, in the narrowest possible terms, and in the negative.

In this annex, we discuss the technical specifics of each of the proposed sanctions, as well as of other possible Internet sanctions which we suggest are more effective, more precise, and carry fewer risks and lower costs.

===Analysis of Ukraine’s Request===
We respect Mr. Nabok’s professional expertise and his inclusion of Ukraine’s Internet community in the drafting of his letter in the full spirit of the multistakeholder principles by which the Internet is governed, and we express our deepest sympathies for the indescribable trauma Ukraine is experiencing as a result of Russia’s invasion, which we condemn without reservation.

Mr. Nabok’s letter requests the imposition of four Internet governance sanctions against Russia, namely:

* Permanent or temporary revocation of the country code top-level domains “.ru”, “.рф” and “.su”.
* Revocation of SSL certificates associated with those domains.
* Disablement of DNS root servers situated within the Russian Federation.
* Withdrawal of the right to use IPv4 and IPv6 addresses by Russian networks.

We commend Mr. Nabok and the Ukrainian people and government for responding to bloodshed with diplomacy and seeking deescalatory sanctions. Internet governance sanctions must, however, be selected and implemented carefully, in order to achieve the greatest effect and to avoid unanticipated consequences. In the attached appendix, we discuss each of the proposed sanctions, as well as others we consider more effective, with lower costs and risks of unintended consequences.

===Revocation of country-code Top Level Domains (ccTLDs)===
Every ISO-3166 Alpha-2 two-letter abbreviation of a national name is reserved for the use of the Internet community of that nation as a “country-code Top Level Domain,” or “ccTLD.” This reservation is made expressly for the Internet community of the nation and not the government of the nation. Geographic, political, and sociocultural allocations of “internationalized” top-level domains (such as “.рф” to the Russian Federation, or “.укр” to Ukraine) are made in parallel with the ISO-3166 mechanism.

The primary users of any ccTLD are its civilian constituents, who may be distributed globally and may be united by linguistic or cultural identity rather than nationality or national identity. Removal of a ccTLD from the root zone of the domain name system (the sanction suggested by the letter) would make it very difficult for anyone, globally, within Russia or without, to contact users of the affected domains, a group that consists almost entirely of Russian-speaking civilians. At the same time, it would have relatively little effect upon Russian military networks, which are unlikely to rely upon DNS servers outside their own control.

We therefore conclude that the revocation, whether temporary or permanent, of a ccTLD is '''not an effective sanction''' because it disproportionately harms civilians; specifically, it is ineffective against any government that has taken cyber-defense preparatory measures to alleviate dependence upon foreign nameservers for domain name resolution. In addition, any country against which this sanction was applied would likely immediately set up an “alternate root,” competing with the one administered by the Internet Assigned Numbers Authority, using any of a number of trivial means. If one country did so, others would likely follow suit, leading to an exodus from the consensus Internet that allows general interconnection.

===Revocation of certificates associated with domain names===
At least two kinds of cryptographic certificates and signatures are potential mechanisms for sanction, and we discuss each independently. First, revocation of SSL certificates, as mentioned in Mr. Nabok’s letter:

SSL (“Secure Socket Layer”), which has been succeeded by TLS (“Transport Layer Security”), is a certification mechanism principally used to authenticate and encrypt connections from web browsers to web servers. Such certificates are used in online commerce and banking, among other less visible roles. Certificates are issued by Certificate Authorities (“CAs”), of which there are many hundreds in existence, a significant number of them are controlled, directly or indirectly, by national governments or intelligence agencies. Any one of these organizations may issue a certificate to anyone, certifying that they are the authentic administrator of any domain.

The revocation of certificates associated with governmental or military domains is '''not an effective sanction''', because the targeted government is likely already using a Certificate Authority under its own control, and if it is not it can easily cause any CA under its influence to issue a replacement certificate. The revocation of certificates associated with private subdomains (for instance, redcross.ru, citibank.ru) would render communications between these organizations and their constituencies insecure and vulnerable to cybercrime until they were able to get new certificates issued; decreasing law and order and rendering a civilian population more vulnerable to crime is '''not an effective sanction'''. Alternatively, adding existing certificates for propaganda outlets to Certificate Revocation Lists or using Online Certificate Status Protocol (OSCP) to flag them as revoked would warn casual users such websites are problematic and require them to take explicit action to proceed beyond the warning. These techniques are, however, limited: they must generally be done by the same CA that issued the original certificate, which may not be outside the influence of the sanctioned government. We thus believe this to be a '''moderately effective sanction''' in the cases where it is possible to invoke: it is specific, easily centrally implemented, and has little chance of unintended broader consequences. In X.509 public key infrastructures, certificate revocation cannot be rescinded; a new certificate must be issued and deployed.

===Revocation of DNSSEC signatures on DNS delegations===
The cryptographic signatures used to authenticate domain names are known as DNSSEC, or DNS Security Extension signatures. Clients can evaluate the veracity of the mappings between domain names and IP addresses, which is what allows them to find and connect to resources on the Internet, by cryptographically validating the DNSSEC signature associated with a domain name.

If a top-level domain were removed from the DNS root, the DNSSEC signature that validates the delegation of that domain would consequently be removed as well. DNS clients or resolvers still in possession of the old information could continue to reach the websites or email addresses identified by a domain, but they would be unable to validate that they had arrived at the right place. The DNSSEC signature validating the delegation of a top-level domain could also be removed while leaving the delegation itself in place.

DNSSEC signatures prevent criminals from performing “man-in-the-middle” attacks, impersonating the website of a retail bank, for instance, to capture the user’s authentication information and empty their accounts. Military and high-security networks may use technical mechanisms to ensure that lack of a DNSSEC delegation above a signature under their control, in the DNS hierarchy, will not interfere with their resolution. Regular Internet users, however, either will be confronted with error messages indicating that their bank’s website is an impostor or will not be notified if an attacker stands between them and their bank.

Removing the DNSSEC signature validating the delegation of a national top-level domain, whether in association with the removal of the delegation or not, may have little or no effect upon military and other high-security networks, but it would decrease law and order and make ordinary people much more susceptible to cybercrime. Tampering with DNSSEC signatures is thus '''not an effective sanction'''.

===Disablement of DNS root servers===
Root nameservers are simply those nameservers that hold a static copy of the DNS “root zone,” which is, by its very nature, public information. Essentially any nameserver may be made a root nameserver, simply by telling it to retrieve and cache copies of the DNS root zone.

Disabling specific root nameservers has no effect, since they are, by design, not uniquely privileged or in possession of unique information. Disabling all root nameservers is not feasible since it would disable the Internet for everyone, and anyone could, and would, establish new ones. Disabling root nameservers thus has '''no utility as a sanction'''.

===Withdrawal of the right to use Internet Protocol addresses===
Internet Protocol (IP) addresses, the numeric identifiers by which Internet devices find each other, are allocated by the five Regional Internet Registries that together constitute the Number Resource Organization (NRO). Réseaux IP Européens (RIPE) is the Regional Internet Registry for Europe, the Middle East, and parts of Central Asia, with responsibility for allocating IP addresses to Russian entities. It is within RIPE’s power, if directed to do so by its member organizations through its multistakeholder governance process, to create policy that would effectively withdraw the allocations of IP addresses it has made to Russian organizations.

This situation bears some similarities to the governance of domain names, yet it also contains crucial differences. ICANN’s authority extends no further into the DNS hierarchy than the root level, so actions taken by ICANN inherently affect entire top-level domains unitarily, without the possibility of “surgical” actions upon one subdomain and not another. By contrast, the Regional Internet Registries can affect policy on a per-organization (or even finer) basis. Yet rescinding an IP address allocation does not prevent its previous holder from continuing to use it. Indeed, “IP address hijacking” is a relatively commonplace problem on the Internet. Therefore, although it can be precisely targeted, simply rescinding the right to use an IP address allocation is '''not, by itself, an effective sanction'''.

Note that this process of IP address revocation and RPKI attestation revocation would be a normal consequence of an address recipient (such as the Russian military) failing to pay annual registration fees to its Regional Internet Registry, something that may in fact come to pass as a consequence of financial and banking sanctions. But such a process might take years. Another negative consequence of revoking IP address allocations is that revoked addresses will likely be allocated to a different recipient subsequently, who will then find themselves competing with the original holder for their use.

===Manipulation of routing security attestations===
A potential sanction not explicitly requested in Mr. Nabok’s letter is the manipulation of routing security attestations to produce the effect of a partial or complete disconnection from the Internet of specific networks, such as those of the Russian military or propaganda agencies.

As with domain names, technical mechanisms exist to cryptographically verify the legitimacy of use of IP addresses. Routing Policy Specification Language (RPSL) and Routing Public Key Infrastructure (RPKI) are the two primary such mechanisms. To be used for communication on the Internet, IP addresses must be “announced” through the routing system, and the routers of the larger and better-secured networks utilize these two mechanisms to ensure that invalid routes are not used by their routers. Smaller and less-secured networks do not typically implement these mechanisms.

A manipulation of RPSL and RPKI records in centralized registries would flow through to all networks employing these common routing security mechanisms, some of which would then automatically stop routing traffic to and from the specified networks, without affecting other “adjacent” civilian networks or being subject to trivial “work-arounds.”

The manipulation of RPSL and RPKI routing security attestations could be an effective sanction measure, because it appears precise, easily and quickly implemented and reversed, and reasonably effective. However, the appropriation of preexisting routing security mechanisms for use in sanctions, likely unexpected by the participating networks, could conflict with the business or regulatory requirements of those networks, and, crucially, could risk the withdrawal of networks from the system entirely. Such an exodus would both make this potential sanction less effective in the future and have the far greater cost of eroding cybersecurity for the Internet as a whole, the purpose for which the routing security systems were built in the first place. This thus constitutes an '''unacceptable risk'''.

===Other Internet-associated, non-technical sanctions===
Other sanctions related to the Internet’s operation and governance may be worth considering. These include, for example, the disallowance of sanctioned personnel from participation in Internet governance, policymaking, or standardization proceedings. Such nontechnical measures are outside the scope of this document.

===Blocklisting===
Network operators and DNS resolver operators already make use of multistakeholder-governed lists, similar to the way financial lenders use credit scoring agencies, to determine what IP addresses to route and pass traffic between, and what domain names to resolve. This is the mechanism by which persistent spammers and address hijackers are excluded from the network, and by which Internet users are protected from malware and phishing attacks.

The technical mechanisms by which such blocking information is passed are mature, robust, instantaneous, and globally standardized. Information related to IP addresses and Autonomous System Numbers is mostly carried over BGP feeds, while information related to domain names is mostly carried over RPZ feeds. Both mechanisms are implemented by essentially all large operators globally. Blocklisting IP addresses and Autonomous System Numbers has all of the advantages of address block revocation or manipulation of routing security attestations, without the drawbacks. It allows network operators to block both the acceptance of routes and the passage of traffic, each or both of which may be appropriate in different situations and in response to different threats. Blocklisting of domain names allows full precision and specificity, which is the problem that precludes action by ICANN. The system is opt-in, voluntary, consensual, and bottom-up, all values the Internet governance community holds dear. Yet, at the same time, it has achieved broad adoption.

We conclude that the well-established methods of blocklisting provide the '''best mechanism for sanctioning both IP routes and traffic and domain names''', and that this mechanism, if implemented normally by subscribing entities, has no significant costs or risks.

===Conclusion===
Our conclusion is that '''blocklisting''' of IP addresses, Autonomous Systems, and domain names upon which the multistakeholder community can establish consensus is effective and carries no inherent danger of being over-broad. Once decided upon, it is easily invoked—and equally easily rolled back once the problem is resolved. Most important, it carries no significant costs or risks and is aligned with the Internet’s multistakeholder governance values and principles.

Template:TOC right/styles.css

2022-03-19T01:31:49Z

Wadmin: Created page with "/* {{pp-template}} */ /* The TOC is hidden on Minerva (mobile skin) for width < 720px so must also hide this wrapper */ @media all and (max-width: 720px) { body.skin-minerva..."

/* {{pp-template}} */
/* The TOC is hidden on Minerva (mobile skin) for width < 720px so must also hide this wrapper */
@media all and (max-width: 720px) {
body.skin-minerva .tocright {
display: none;
}

.tocright {
width: 100% !important; /* fix the inline width while at small resolution */
}
}
@media all and (min-width: 720px) {
.tocright {
float: right;
clear: right;
width: auto;
margin: 0 0 0.5em 1em;
}

.tocright-clear-left {
clear: left;
}

.tocright-clear-both {
clear: both;
}

.tocright-clear-none {
clear: none;
}
}

Template:Gray

2022-03-19T01:29:41Z

Wadmin: Created page with "<span style="color:gray">{{{1}}}</span><noinclude>  {{Documentation}}</noinclude>"

<span style="color:gray">{{{1}}}</span><noinclude>


{{Documentation}}</noinclude>

Template:Right

2022-03-19T01:29:09Z

Wadmin: Created page with "<includeonly>{{{{{|safesubst:}}}#ifeq:{{{1|a}}}|{{{1|b}}} |<div style="float:right;">{{{1|}}}</div> |style="text-align:right"{{{{{|safesubst:}}}!}}Category:Pages using right..."

<includeonly>{{{{{|safesubst:}}}#ifeq:{{{1|a}}}|{{{1|b}}}
|<div style="float:right;">{{{1|}}}</div>
|style="text-align:right"{{{{{|safesubst:}}}!}}[[Category:Pages using right with no input arguments]]
}}</includeonly><noinclude>
{{documentation}}
</noinclude>

Template:Pp-template

2022-03-19T01:28:27Z

Wadmin: Created page with "<includeonly>{{#invoke:Protection banner|main}}</includeonly><noinclude> {{documentation}}  </noinclude>"

<includeonly>{{#invoke:Protection banner|main}}</includeonly><noinclude>
{{documentation}}

</noinclude>

Template:TOC limit/styles.css

2022-03-19T01:27:41Z

Wadmin: Created page with "/* {{pp-template}} Allow limiting of which header levels are shown in a TOC; <div class="toclimit-3">, for instance, will limit to showing ==headings== and ===headin..."

/* {{pp-template}}
Allow limiting of which header levels are shown in a TOC;
<div class="toclimit-3">, for instance, will limit to
showing ==headings== and ===headings=== but no further
(as long as there are no =headings= on the page, which
there shouldn't be according to the MoS). */
.toclimit-2 .toclevel-1 ul,
.toclimit-3 .toclevel-2 ul,
.toclimit-4 .toclevel-3 ul,
.toclimit-5 .toclevel-4 ul,
.toclimit-6 .toclevel-5 ul,
.toclimit-7 .toclevel-6 ul {
display: none;
}

Template:TOC limit

2022-03-19T01:26:45Z

Wadmin: Created page with "<templatestyles src="Template:TOC limit/styles.css" /><div class="toclimit-{{{1|{{{limit|3}}}}}}">__TOC__</div><noinclude> {{documentation}} </noinclude>"

<templatestyles src="Template:TOC limit/styles.css" /><div class="toclimit-{{{1|{{{limit|3}}}}}}">__TOC__</div><noinclude>
{{documentation}}
</noinclude>

Template:TOC right

2022-03-19T01:26:00Z

Wadmin: Created page with "<templatestyles src="Template:TOC_right/styles.css" />{{#if:{{{limit|}}}|<templatestyles src="Template:TOC limit/styles.css" />}}<div class="tocright {{#if:{{{clear|}}..."

<templatestyles src="Template:TOC_right/styles.css" />{{#if:{{{limit|}}}|<templatestyles src="Template:TOC limit/styles.css" />}}<div class="tocright {{#if:{{{clear|}}}|tocright-clear-{{{clear|}}}}} {{#if:{{{limit|}}}|toclimit-{{{limit}}}}}" {{#if:{{{width|{{{1|}}}}}}|style="width: {{{width|{{{1}}}}}};"}}>__TOC__</div><noinclude>
{{documentation}}

</noinclude>

Template:Clear

2022-03-19T01:24:29Z

Wadmin: Created page with "<div style="clear:{{{1|both}}};"></div><noinclude> {{documentation}} </noinclude>"

<div style="clear:{{{1|both}}};"></div><noinclude>
{{documentation}}
</noinclude>

Template:Align

2022-03-19T01:19:18Z

Wadmin: Created page with "{{#switch: {{lc:{{{1|center}}}}} |left = <div style="float: left;{{#if: {{{style|}}} | {{{style}}};}}">{{{2}}}</div> |right = <div style="float: right;{{#if: {{{style|}}} | {{..."

{{#switch: {{lc:{{{1|center}}}}}
|left = <div style="float: left;{{#if: {{{style|}}} | {{{style}}};}}">{{{2}}}</div>
|right = <div style="float: right;{{#if: {{{style|}}} | {{{style}}};}}">{{{2}}}</div>
|center = {{center|{{{2}}}|style={{{style|}}} }}
|#default = Error in [[Template:Align]]: the alignment setting "{{{1}}}" is invalid.
}}<noinclude>
{{documentation}}
</noinclude>

MediaWiki:MainPage

2022-03-19T01:17:30Z

Wadmin:

[[Welcome to the Internet Sanctions Project]]

MediaWiki:MainPage

2022-03-19T01:14:50Z

Wadmin: Created page with "Welcome to the Internet Sanctions Project"

Welcome to the Internet Sanctions Project

Frequently Asked Questions

2022-03-19T01:06:43Z

Wadmin: /* Is anyone required to use this? */

Frequently Asked Questions

2022-03-19T01:06:26Z

Wadmin: /* Who is this for? */

=== What is the purpose of this project? ===
This project allows Internet organizations to enact precisely-targeted sanctions which affect only the military and propaganda agencies of sanctioned countries, rather than sweeping sanctions which principally effect the civilian populations of those countries.

=== Who is it for? ===
This project is operated by and for Internet organizations which are required by governmental regulation to enact sanctions.

=== How does it work? ===
The project uses standardized protocols (BGP and RPZ) to distribute lists of Internet networks and domain names in ways that Internet network operators already use for blocking spam senders, DDoS attackers, malware distribution, and other threats against the Internet's infrastructure.

=== Who runs it? ===
This is a typical Internet governance organization. It is operated by volunteers, and decisions are made by those who show up and do the work. There are no barriers to entry which would prevent any other organization from forming to perform the same function in a different way, or a competing effort in the same way.

=== Is anyone required to use this? ===
No, this is entirely voluntary. The relationship between this project and Internet network operators is exactly the same as the relationship between many preexisting organizations which provide similar blocklists identifying spam, malware, phishing, DDoS, and other forms of abuse to network operators, and the functional mechanisms are identical. Network operators choose to subscribe to the data-feeds we provide, or not, and choose to act upon the data, or not. The obligation to implement sanctions imposed by the governments of the nations in which the network operators are incorporated, however, is not voluntary, it's mandatory under law. This project gives network operators a mechanism for complying with those mandatory requirements, in countries which have accepted this mechanism as sufficient.

Frequently Asked Questions

2022-03-19T01:05:08Z

Wadmin: Created page with "=== What is the purpose of this project? === This project allows Internet organizations to enact precisely-targeted sanctions which affect only the military and propaganda age..."

=== What is the purpose of this project? ===
This project allows Internet organizations to enact precisely-targeted sanctions which affect only the military and propaganda agencies of sanctioned countries, rather than sweeping sanctions which principally effect the civilian populations of those countries.

=== Who is this for? ===
This project is operated by and for Internet organizations which are required by governmental regulation to enact sanctions.

=== How does it work? ===
The project uses standardized protocols (BGP and RPZ) to distribute lists of Internet networks and domain names in ways that Internet network operators already use for blocking spam senders, DDoS attackers, malware distribution, and other threats against the Internet's infrastructure.

=== Who runs it? ===
This is a typical Internet governance organization. It is operated by volunteers, and decisions are made by those who show up and do the work. There are no barriers to entry which would prevent any other organization from forming to perform the same function in a different way, or a competing effort in the same way.

=== Is anyone required to use this? ===
No, this is entirely voluntary. The relationship between this project and Internet network operators is exactly the same as the relationship between many preexisting organizations which provide similar blocklists identifying spam, malware, phishing, DDoS, and other forms of abuse to network operators, and the functional mechanisms are identical. Network operators choose to subscribe to the data-feeds we provide, or not, and choose to act upon the data, or not. The obligation to implement sanctions imposed by the governments of the nations in which the network operators are incorporated, however, is not voluntary, it's mandatory under law. This project gives network operators a mechanism for complying with those mandatory requirements, in countries which have accepted this mechanism as sufficient.

Welcome to the Internet Sanctions Project

2022-03-19T00:55:18Z

Wadmin: /* Participation */

Board:Oversight Board

2022-03-19T00:53:44Z

Wadmin: Created page with "The '''oversight board''' performs a final check on any resources included in the blocking feed, is responsible for announcing anything added to the feed on the (read-only) [h..."

The '''oversight board''' performs a final check on any resources included in the blocking feed, is responsible for announcing anything added to the feed on the (read-only) [https://lists.sanctions.net/mailman/listinfo/announce announcement email list], and provides overall guidance to the organization.

Policy:Guiding Principles

2022-03-19T00:49:47Z

Wadmin:

Policy:Guiding Principles

2022-03-19T00:49:31Z

Wadmin:

Policy:Guiding Principles

2022-03-19T00:46:59Z

Wadmin: Created page with "These principles were inherited from the open letter which lead to the founding of the project: * Disconnecting the population of a country from the Inter..."

OSINT:Intelligence Group

2022-03-19T00:43:46Z

Wadmin: Created page with "The '''Open Source Intelligence''' (or "'''OSINT'''") group investigates and catalogs the Internet resources held by sanctioned entities. These include the IPv4 and IPv6 addre..."

The '''Open Source Intelligence''' (or "'''OSINT'''") group investigates and catalogs the Internet resources held by sanctioned entities. These include the IPv4 and IPv6 addresses their computers and networks use to communicate, the Autonomous System numbers that identify their networks in the Internet routing system, and the domain names by which their services are reached. Equally important, the OSINT group ensures that the identified resources are ''not'' used by civilians.

The work of the OSINT group is done on the OSINT mailing list (which you're [https://lists.sanctions.net/mailman/listinfo/osint welcome to join], or you can consult its [https://lists.sanctions.net/pipermail/osint/ archives of past discussion]) and its results are published here.

E-Mail Discussion Lists

2022-03-18T17:05:55Z

Wadmin:

__NOTOC__
Six email lists are associated with the Internet Sanctions Project:

== Announce ==
The [https://lists.sanctions.net/mailman/listinfo/announce Sanctions Announce] mailing list is a read-only list on which any new actions will be announced coincident with the publication of new data in the BGP and RPZ feeds.

== Discuss ==
The [https://lists.sanctions.net/mailman/listinfo/discuss Sanctions Discuss] mailing list is the discussion forum of the policy working group, in which the sanctioning decisions of national governments are discussed and evaluated for implementation or withdrawal. Coordination of outreach and liaison activities with national governments to encourage their adoption of this mechanism as sufficient compliance with their sanction regimes is also conducted on this list.

== OSINT ==
The [https://lists.sanctions.net/mailman/listinfo/osint Sanctions OSINT] mailing list is the discussion forum of the open-source intelligence working group, in which they determine what IP addresses, Autonomous System numbers, and domain names are associated with sanctioned entities, and prepare that information for inclusion in the data feeds.

== Board ==
The [https://lists.sanctions.net/pipermail/board Sanctions Board] mailing list is the discussion forum of the oversight board, in which a final check is performed before any new data is published in the feeds, and discussion of organizational oversight occurs. It is read-only but public.

== Operations ==
The [https://lists.sanctions.net/mailman/listinfo/operations Sanctions Operations] mailing list is the discussion forum of the operations working group, where development and maintenance of the BGP and RPZ data-feed mechanisms is undertaken, and outreach to Internet network operators who are implementing the feeds is coordinated.

== Research ==
The [https://lists.sanctions.net/mailman/listinfo/research Sanctions Research] mailing list is the discussion forum of the research working group, where metrics and beaconing are discussed and implemented, and liaison with the academic community occurs.

E-Mail Discussion Lists

2022-03-18T17:05:33Z

Wadmin: Created page with "Six email lists are associated with the Internet Sanctions Project: == Announce == The [https://lists.sanctions.net/mailman/listinfo/announce Sanctions Announce] mailing list..."

Six email lists are associated with the Internet Sanctions Project:

== Announce ==
The [https://lists.sanctions.net/mailman/listinfo/announce Sanctions Announce] mailing list is a read-only list on which any new actions will be announced coincident with the publication of new data in the BGP and RPZ feeds.

== Discuss ==
The [https://lists.sanctions.net/mailman/listinfo/discuss Sanctions Discuss] mailing list is the discussion forum of the policy working group, in which the sanctioning decisions of national governments are discussed and evaluated for implementation or withdrawal. Coordination of outreach and liaison activities with national governments to encourage their adoption of this mechanism as sufficient compliance with their sanction regimes is also conducted on this list.

== OSINT ==
The [https://lists.sanctions.net/mailman/listinfo/osint Sanctions OSINT] mailing list is the discussion forum of the open-source intelligence working group, in which they determine what IP addresses, Autonomous System numbers, and domain names are associated with sanctioned entities, and prepare that information for inclusion in the data feeds.

== Board ==
The [https://lists.sanctions.net/pipermail/board Sanctions Board] mailing list is the discussion forum of the oversight board, in which a final check is performed before any new data is published in the feeds, and discussion of organizational oversight occurs. It is read-only but public.

== Operations ==
The [https://lists.sanctions.net/mailman/listinfo/operations Sanctions Operations] mailing list is the discussion forum of the operations working group, where development and maintenance of the BGP and RPZ data-feed mechanisms is undertaken, and outreach to Internet network operators who are implementing the feeds is coordinated.

== Research ==
The [https://lists.sanctions.net/mailman/listinfo/research Sanctions Research] mailing list is the discussion forum of the research working group, where metrics and beaconing are discussed and implemented, and liaison with the academic community occurs.

File:Cc-by-sa-40-grayedout.svg

2022-03-18T17:02:45Z

Wadmin: copyright license image

== Summary ==
copyright license image

Welcome to the Internet Sanctions Project

2022-03-18T16:52:54Z

Wadmin: /* Who is this for, and why does it exist? */

__NOTOC__
This is an open, Internet community governed, project which produces BGP and RPZ feeds of network resources (IP addresses, Autonomous System numbers, and domain names) associated with sanctioned entities. These feeds facilitate Internet network operators in complying with the sanction requirements imposed by their respective governments.

=== Who is this for, and why does it exist? ===
National governments enact sanctions as (usually) deescalatory punitive measures against entities, usually other nations. The private sector within each nation is responsible for enacting those sanctions. The global, transnational nature of the Internet makes compliance with diverse sanctions regimes difficult for Internet organizations. At the same time, broadly-defined nationally-imposed Internet sanctions tend to disproportionately affect the civilian population of sanctioned countries; this is both counterproductive and violates their human rights to freedom of communication and access to information. This project brings together governments and Internet organizations to provide a globally-harmonized Internet sanctions imposition mechanism which is "lighter touch" than might otherwise be mandated, and does not impinge upon civilians' access to information and communications. This project is neither pro-sanction nor anti-sanction; it exists to facilitate public-sector/private-sector coordination while ensuring that the human rights of civilians are protected.

=== Origin of the project ===
This project originated in an [[The Open Letter|open letter]] from leaders of the multistakeholder Internet governance community, calling for constructive dialog about the imposition of Internet-related sanctions, and for a principled approach to sanctions which would explicitly rule the civilian population to be not a valid target.

=== Structure ===
The project is implemented by five working groups:

* A [[Policy Group|policy group]] monitors the political situation and the sanction initiatives of national governments, and evaluates proposed sanctions in light of the project's principles. If a sanction is deemed in-scope, the policy group defines the sanctioned entities and passes them to the [[Open Source Intelligence|OSINT group]]. The policy group is also responsible for determining when existing sanctions should be repealed and for liaising with governments which are considering declaring this mechanism to be sufficient compliance with their nationally-defined sanctions.

* An [[Open Source Intelligence|OSINT group]] investigates and catalogs the Internet resources (IP addresses, Autonomous System numbers, and domain names) held by sanctioned entities.

* An [[Oversight Board|oversight board]] provides a final check on which resources are included in the blocking feed. When anything is added to the feed, an announcement will be posted to the (read-only) [https://lists.sanctions.net/mailman/listinfo/announce announcement email list], which you're welcome to subscribe to, to keep track of the project's outcomes.

* An [[Operations Group|operations group]] keeps the BGP and RPZ feed publishing mechanisms working.

* A [[Research Group|research group]] is responsible for metrics and monitoring of the system and its effectiveness, and liaison with the academic community.

=== Participation ===
This is a community volunteer effort, and your participation is welcome! Please consider subscribing to the [[E-Mail Discussion Lists|email discussion lists]].

Welcome to the Internet Sanctions Project

2022-03-18T16:49:08Z

Wadmin: /* Who is this for? */

__NOTOC__
This is an open, Internet community governed, project which produces BGP and RPZ feeds of network resources (IP addresses, Autonomous System numbers, and domain names) associated with sanctioned entities. These feeds facilitate Internet network operators in complying with the sanction requirements imposed by their respective governments.

=== Who is this for, and why does it exist? ===
National governments enact sanctions as (usually) deescalatory punitive measures against entities, usually other nations. The private sector within each nation is responsible for enacting those sanctions. The global, transnational nature of the Internet makes compliance with diverse sanctions regimes difficult for Internet organizations, and human rights considerations make nationally-imposed sanctions which affect the civilian population of sanctioned countries counterproductive. This project brings together governments and Internet organizations to provide a globally-harmonized Internet sanctions imposition mechanism which is "lighter touch" than might otherwise be mandated, and does not impinge upon civilians' access to information and communications. This project is neither pro-sanction nor anti-sanction; it exists to facilitate public-sector/private-sector coordination while ensuring that the human rights of civilians are protected.

=== Origin of the project ===
This project originated in an [[The Open Letter|open letter]] from leaders of the multistakeholder Internet governance community, calling for constructive dialog about the imposition of Internet-related sanctions, and for a principled approach to sanctions which would explicitly rule the civilian population to be not a valid target.

=== Structure ===
The project is implemented by five working groups:

* A [[Policy Group|policy group]] monitors the political situation and the sanction initiatives of national governments, and evaluates proposed sanctions in light of the project's principles. If a sanction is deemed in-scope, the policy group defines the sanctioned entities and passes them to the [[Open Source Intelligence|OSINT group]]. The policy group is also responsible for determining when existing sanctions should be repealed and for liaising with governments which are considering declaring this mechanism to be sufficient compliance with their nationally-defined sanctions.

* An [[Open Source Intelligence|OSINT group]] investigates and catalogs the Internet resources (IP addresses, Autonomous System numbers, and domain names) held by sanctioned entities.

* An [[Oversight Board|oversight board]] provides a final check on which resources are included in the blocking feed. When anything is added to the feed, an announcement will be posted to the (read-only) [https://lists.sanctions.net/mailman/listinfo/announce announcement email list], which you're welcome to subscribe to, to keep track of the project's outcomes.

* An [[Operations Group|operations group]] keeps the BGP and RPZ feed publishing mechanisms working.

* A [[Research Group|research group]] is responsible for metrics and monitoring of the system and its effectiveness, and liaison with the academic community.

=== Participation ===
This is a community volunteer effort, and your participation is welcome! Please consider subscribing to the [[E-Mail Discussion Lists|email discussion lists]].

Welcome to the Internet Sanctions Project

2022-03-18T16:48:22Z

Wadmin:

__NOTOC__
This is an open, Internet community governed, project which produces BGP and RPZ feeds of network resources (IP addresses, Autonomous System numbers, and domain names) associated with sanctioned entities. These feeds facilitate Internet network operators in complying with the sanction requirements imposed by their respective governments.

=== Who is this for? ===
National governments enact sanctions as (usually) deescalatory punitive measures against entities, usually other nations. The private sector within each nation is responsible for enacting those sanctions. The global, transnational nature of the Internet makes compliance with diverse sanctions regimes difficult for Internet organizations, and human rights considerations make nationally-imposed sanctions which affect the civilian population of sanctioned countries counterproductive. This project brings together governments and Internet organizations to provide a globally-harmonized Internet sanctions imposition mechanism which is "lighter touch" than might otherwise be mandated, and does not impinge upon civilians' access to information and communications. This project is neither pro-sanction nor anti-sanction; it exists to facilitate public-sector/private-sector coordination while ensuring that the human rights of civilians are protected.

=== Origin of the project ===
This project originated in an [[The Open Letter|open letter]] from leaders of the multistakeholder Internet governance community, calling for constructive dialog about the imposition of Internet-related sanctions, and for a principled approach to sanctions which would explicitly rule the civilian population to be not a valid target.

=== Structure ===
The project is implemented by five working groups:

* A [[Policy Group|policy group]] monitors the political situation and the sanction initiatives of national governments, and evaluates proposed sanctions in light of the project's principles. If a sanction is deemed in-scope, the policy group defines the sanctioned entities and passes them to the [[Open Source Intelligence|OSINT group]]. The policy group is also responsible for determining when existing sanctions should be repealed and for liaising with governments which are considering declaring this mechanism to be sufficient compliance with their nationally-defined sanctions.

* An [[Open Source Intelligence|OSINT group]] investigates and catalogs the Internet resources (IP addresses, Autonomous System numbers, and domain names) held by sanctioned entities.

* An [[Oversight Board|oversight board]] provides a final check on which resources are included in the blocking feed. When anything is added to the feed, an announcement will be posted to the (read-only) [https://lists.sanctions.net/mailman/listinfo/announce announcement email list], which you're welcome to subscribe to, to keep track of the project's outcomes.

* An [[Operations Group|operations group]] keeps the BGP and RPZ feed publishing mechanisms working.

* A [[Research Group|research group]] is responsible for metrics and monitoring of the system and its effectiveness, and liaison with the academic community.

=== Participation ===
This is a community volunteer effort, and your participation is welcome! Please consider subscribing to the [[E-Mail Discussion Lists|email discussion lists]].

Welcome to the Internet Sanctions Project

2022-03-18T16:47:46Z

Wadmin:

This is an open, Internet community governed, project which produces BGP and RPZ feeds of network resources (IP addresses, Autonomous System numbers, and domain names) associated with sanctioned entities. These feeds facilitate Internet network operators in complying with the sanction requirements imposed by their respective governments.

=== Who is this for? ===
National governments enact sanctions as (usually) deescalatory punitive measures against entities, usually other nations. The private sector within each nation is responsible for enacting those sanctions. The global, transnational nature of the Internet makes compliance with diverse sanctions regimes difficult for Internet organizations, and human rights considerations make nationally-imposed sanctions which affect the civilian population of sanctioned countries counterproductive. This project brings together governments and Internet organizations to provide a globally-harmonized Internet sanctions imposition mechanism which is "lighter touch" than might otherwise be mandated, and does not impinge upon civilians' access to information and communications. This project is neither pro-sanction nor anti-sanction; it exists to facilitate public-sector/private-sector coordination while ensuring that the human rights of civilians are protected.

=== Origin of the project ===
This project originated in an [[The Open Letter|open letter]] from leaders of the multistakeholder Internet governance community, calling for constructive dialog about the imposition of Internet-related sanctions, and for a principled approach to sanctions which would explicitly rule the civilian population to be not a valid target.

=== Structure ===
The project is implemented by five working groups:

* A [[Policy Group|policy group]] monitors the political situation and the sanction initiatives of national governments, and evaluates proposed sanctions in light of the project's principles. If a sanction is deemed in-scope, the policy group defines the sanctioned entities and passes them to the [[Open Source Intelligence|OSINT group]]. The policy group is also responsible for determining when existing sanctions should be repealed and for liaising with governments which are considering declaring this mechanism to be sufficient compliance with their nationally-defined sanctions.

* An [[Open Source Intelligence|OSINT group]] investigates and catalogs the Internet resources (IP addresses, Autonomous System numbers, and domain names) held by sanctioned entities.

* An [[Oversight Board|oversight board]] provides a final check on which resources are included in the blocking feed. When anything is added to the feed, an announcement will be posted to the (read-only) [https://lists.sanctions.net/mailman/listinfo/announce announcement email list], which you're welcome to subscribe to, to keep track of the project's outcomes.

* An [[Operations Group|operations group]] keeps the BGP and RPZ feed publishing mechanisms working.

* A [[Research Group|research group]] is responsible for metrics and monitoring of the system and its effectiveness, and liaison with the academic community.

=== Participation ===
This is a community volunteer effort, and your participation is welcome! Please consider subscribing to the [[E-Mail Discussion Lists|email discussion lists]].

Welcome to the Internet Sanctions Project

2022-03-18T16:00:51Z

Wadmin: /* Structure */

This is an open, Internet community governed, project which produces BGP and RPZ feeds of network resources (IP addresses, Autonomous System numbers, and domain names) associated with sanctioned entities. These feeds facilitate Internet network operators in complying with the sanction requirements imposed by their respective governments.

=== Origin of the project ===
This project originated in an [[The Open Letter|open letter]] from leaders of the multistakeholder Internet governance community, calling for constructive dialog about the imposition of Internet-related sanctions, and for a principled approach to sanctions which would explicitly rule the civilian population to be not a valid target.

=== Structure ===
The project is implemented by five working groups:

* A [[Policy Group|policy group]] monitors the political situation and the sanction initiatives of national governments, and evaluates proposed sanctions in light of the project's principles. If a sanction is deemed in-scope, the policy group defines the sanctioned entities and passes them to the [[Open Source Intelligence|OSINT group]]. The policy group is also responsible for determining when existing sanctions should be repealed and for liaising with governments which are considering declaring this mechanism to be sufficient compliance with their nationally-defined sanctions.

* An [[Open Source Intelligence|OSINT group]] investigates and catalogs the Internet resources (IP addresses, Autonomous System numbers, and domain names) held by sanctioned entities.

* An [[Oversight Board|oversight board]] provides a final check on which resources are included in the blocking feed. When anything is added to the feed, an announcement will be posted to the (read-only) [https://lists.sanctions.net/mailman/listinfo/announce announcement email list], which you're welcome to subscribe to, to keep track of the project's outcomes.

* An [[Operations Group|operations group]] keeps the BGP and RPZ feed publishing mechanisms working.

* A [[Research Group|research group]] is responsible for metrics and monitoring of the system and its effectiveness, and liaison with the academic community.

=== Participation ===
This is a community volunteer effort, and your participation is welcome! Please consider subscribing to the [[E-Mail Discussion Lists|email discussion lists]].

Welcome to the Internet Sanctions Project

2022-03-18T16:00:27Z

Wadmin: /* Structure */

This is an open, Internet community governed, project which produces BGP and RPZ feeds of network resources (IP addresses, Autonomous System numbers, and domain names) associated with sanctioned entities. These feeds facilitate Internet network operators in complying with the sanction requirements imposed by their respective governments.

=== Origin of the project ===
This project originated in an [[The Open Letter|open letter]] from leaders of the multistakeholder Internet governance community, calling for constructive dialog about the imposition of Internet-related sanctions, and for a principled approach to sanctions which would explicitly rule the civilian population to be not a valid target.

=== Structure ===
The project is implemented by five working groups:

* A [[Policy Group|policy group]] monitors the political situation and the sanction initiatives of national governments, and evaluates proposed sanctions in light of the project's principles. If a sanction is deemed in-scope, the policy group defines the sanctioned entities and passes them to the [[Open Source Intelligence|OSINT group]]. The policy group is also responsible for determining when existing sanctions should be repealed, and for liaising with governments which are considering declaring this mechanism to be sufficient compliance with their nationally-defined sanctions.

* An [[Open Source Intelligence|OSINT group]] investigates and catalogs the Internet resources (IP addresses, Autonomous System numbers, and domain names) held by sanctioned entities.

* An [[Oversight Board|oversight board]] provides a final check on which resources are included in the blocking feed. When anything is added to the feed, an announcement will be posted to the (read-only) [https://lists.sanctions.net/mailman/listinfo/announce announcement email list], which you're welcome to subscribe to, to keep track of the project's outcomes.

* An [[Operations Group|operations group]] keeps the BGP and RPZ feed publishing mechanisms working.

* A [[Research Group|research group]] is responsible for metrics and monitoring of the system and its effectiveness, and liaison with the academic community.

=== Participation ===
This is a community volunteer effort, and your participation is welcome! Please consider subscribing to the [[E-Mail Discussion Lists|email discussion lists]].

Welcome to the Internet Sanctions Project

2022-03-18T15:59:04Z

Wadmin: /* Structure */

This is an open, Internet community governed, project which produces BGP and RPZ feeds of network resources (IP addresses, Autonomous System numbers, and domain names) associated with sanctioned entities. These feeds facilitate Internet network operators in complying with the sanction requirements imposed by their respective governments.

=== Origin of the project ===
This project originated in an [[The Open Letter|open letter]] from leaders of the multistakeholder Internet governance community, calling for constructive dialog about the imposition of Internet-related sanctions, and for a principled approach to sanctions which would explicitly rule the civilian population to be not a valid target.

=== Structure ===
The project is implemented by five working groups:

* A [[Policy Group|policy group]] monitors the political situation and the sanction initiatives of national governments, and evaluates proposed sanctions in light of the project's principles. If a sanction is deemed in-scope, the policy group defines the sanctioned entities and passes them to the [[Open Source Intelligence|OSINT group]]. The policy group is also responsible for determining when existing sanctions should be repealed.

* An [[Open Source Intelligence|OSINT group]] investigates and catalogs the Internet resources (IP addresses, Autonomous System numbers, and domain names) held by sanctioned entities.

* An [[Oversight Board|oversight board]] provides a final check on which resources are included in the blocking feed. When anything is added to the feed, an announcement will be posted to the (read-only) [https://lists.sanctions.net/mailman/listinfo/announce announcement email list], which you're welcome to subscribe to, to keep track of the project's outcomes.

* An [[Operations Group|operations group]] keeps the BGP and RPZ feed publishing mechanisms working.

* A [[Research Group|research group]] is responsible for metrics and monitoring of the system and its effectiveness, and liaison with the academic community.

=== Participation ===
This is a community volunteer effort, and your participation is welcome! Please consider subscribing to the [[E-Mail Discussion Lists|email discussion lists]].

Policy:Policy Group

2022-03-18T15:51:32Z

Wadmin: Created page with "The '''policy group''' monitors the political situation and the sanction initiatives of national governments, and evaluates proposed sanctions in light of the project's Guid..."

The '''policy group''' monitors the political situation and the sanction initiatives of national governments, and evaluates proposed sanctions in light of the project's [[Guiding Principles|guiding principles]]. If a sanction is deemed in-scope, the policy group defines the sanctioned entities and passes them to the OSINT group. The policy group is also responsible for determining when existing sanctions should be repealed.

The work of the policy group is done on the discussion mailing list (which you're [https://lists.sanctions.net/mailman/listinfo/discuss welcome to join], or you can consult its [https://lists.sanctions.net/pipermail/discuss/ archives of past discussion]) and its results are published here.

Welcome to the Internet Sanctions Project

2022-03-18T15:46:07Z

Wadmin: /* Structure */

Welcome to the Internet Sanctions Project

2022-03-18T15:29:27Z

Wadmin: /* Origin of the project */

Main Page

2022-03-18T15:17:48Z

Wadmin: Redirect

#REDIRECT [[Welcome to the Internet Sanctions Project]]