Decentralized Domain Summit: Policy Approaches to Web3 Addressing
2:24PM Jun 15, 2023
Speakers:
Tim Lordan
Chjango Unchained
Ram Mohan
Ray King
Kurt Opsahl
Christian Dawson
Owen Fletcher
Keywords:
icann
domain name
people
decentralized
web
trademark
blockchain
domains
space
protocol
system
handshake
talking
domain
policy
crypto
address
technology
censorship resistance
registrar
Our goal is to kind of bring more attention and policy attention to the emerging decentralized Web. Were looking at everything from
Web3, blockchain, cryptocurrencies, we're looking at the entire ecosystem of technologies. And we're actually focusing on things other than cryptocurrencies. But for us in my organization is kind of antediluvian. In the internet policy space. We've been doing congressional briefings on internet policy since 1996. So we have kind of been through that, that entire arc of the development of internet policy, and we see the decentralized web as kind of a new frontier in internet policy, and we don't feel like there's a lot of policy attention being paid to it. So welcome. This is the Decentralized Domain Summit, which is kind of a lofty title. But we're looking at policy approaches to the web to web three addressing I have to apologize, because
we can just customize, better.
Is this better? Okay. I apologize for that. I'm at the same time as this is going on. There's another note that went three domain summit going on across town, called the elephant in the root. And I think it's called something like is is blockchain domain names a threat to the DNS? We're not saying there's a threat going on. We're just saying we're trying to look at the rules of the road for this emerging space. So that's I didn't, by the way, as I said, everybody, we picked this date at random. We did not know that was going on. I wasn't trying to supplant anybody or conflict with anybody. So I apologize for that. I think when it comes to let me just introduce you to the people that we have here. We want to have a just a good conversation about where this is all going. Explain what kind of decentralized web addressing is like, and then maybe talk about, how does this all work? Where is it all gonna go? And then NASA get some questions to the audience about about these issues. I have a great group of people here. I have Kurt Opsahl, who's with the he's Associate General Counsel for Cybersecurity and Civil Liberties with filecoin Foundation. We have Chjango Unchained, who's the executive director at the DWeb foundation and head of ecosystem at Cosmos Networks. And then we have Ram Mohan, who just arrived from a digital drum from identity identity digital, we have Ray King, not Ram, but Ray King. And he's the CEO of Porkbun. And next to me is Christian Dawson, who is the CEO of i2 Coalition. Executive Director, Executive Director. Yes, yeah. So, just let me let me set the stage. I think this, this audience skews heavily I can so I don't need to explain to you like how we got to the domain name system, the way it was with the IETF, creating some protocols, rough consensus that brown 1987 1980, we had a Clinton Administration green paper, NTIA wrote some plans, and then eventually the ICANN Board was formed and everything went smoothly from there on. We can argue about whether everything's smooth or not. But it is a multistakeholder process. And by and large, it seems to kind of work. It's, so that's kind of how we got here. And so when we look at the emergence of the decentralized web, we see a lot of tons of different addressing systems happening, right? There's all sorts of them in this particular space. And there doesn't seem to be a lot of movement on a consensus on how to deal with it. It doesn't seem like a lot of action out of NTIA, I don't see a presidential green paper coming, or anything like that. And so we're trying to figure out like, how does this all work? How are these? How are these addressing systems being created? How are they governed? What are the dispute resolution, the dispute resolution mechanism for them? And where does it go from here? So let me just maybe start off with with Chjango to maybe talk about, you know, how do like addressing systems work like dot eth? And how do people view web three addresses, whether it be through a browser or how does that work?
Yes, so Web3 addresses are actually very simple in concept in crypto, you have an address. If it's on the Ethereum network, it starts with a 0X. You might have seen that right? Have you seen that? Right? So that's, that's just your, your wallet address. And right now, Web3 domain names are a vanity, you know, human readable name, that indexes to those addresses. So it's not really being used for websites in the way that it's being used in the you know, traditional Internet in that space. So that's just a high level overview. Yeah. And
they're just long they long strings of numbers not unlike an Internet Protocol address was before. But they resolved something, how did they resolve to get you the content that you want, whether it be like an IP IPFS, interplanetary file system address, or whether it'd be like a dot wallet, wallet address.
So, so there's a couple of things if if it's an ENS address, it ends with dot ETH, and that's actually on ICANN right Ethiopia TLD. So that actually renders over DNS, but there's other vanity addresses like Osmo, like dot Osmo, dot Cosmos, dot stars, these things that are completely just on chain. And the way that someone would be able to interact with them is only if a browser currently integrates them. And the current state of that is, you know, in order for a browser to support that name, it's pay to play. So you just pay Brave Browser, a couple $100,000 integrated and somebody with a Web3 Metamask wallet could use that. And currently doesn't render doesn't resolve or for actual DNS.
So what are the what are the major players in the space, the space, there's, you mentioned ens, which is Ethereum Name Service, there's Unstoppable, like, name a few ways that people are doing this type of addressing and the web three space.
Yeah, so there's a couple of projects and it could get a little confusing, but there's ENS. And that's the dot ETH, there's Handshake, which is the only one that actually augments the ICANN route, and opens that space up to almost anything. Anything you can imagine outside of the 1000 or so TLDs that it has. And then there's actually there's a project called Urbit. That's a whole other rabbit hole on its own. If you're laughing Do you have you? Do you know about Urbit? Yeah. So they've got like, planets, galaxies, and the galaxies is their analog to top level domains so that the galaxies are the most valuable and all that, but also currently doesn't render resolve to DNS. And then there's Unstoppable Domains. And Unstoppable Domains is a fork of ENS. It doesn't resolve over dot ETH except it mints, like dot x, or dot NFT, dot, you know, dot wallet, dot crypto, dot coin. And it leverages the, like the legal traditional space to kind of protect the trademark on those names. And that's how they're trying to maintain domicile over those names. And that's largely frowned upon in in what the web3 space.
And I've been referring to this as kind of domain names. And is there a danger for us to be calling these things? Domain names? Is that a problem?
I think I think it's kind of a misnomer.
for policymakers or in for people in the space and consumers. Why is that a problem? And anyone can answer this and Ram...
Thank you. You can hear me? Yep. Okay, great. So, you know, what a domain name is, you know, you know, what most people don't actually know, right? Most people just say, I'm gonna go to a website, or, you know, just go to whatever.com, or send an email to, you know, something@redcross.org, right, it's mainstream. The way we interact, is all mainstream. And over the last 25-30 years, there's been a great deal of credibility that has been created in what a domain name, this credibility that has been created, and what a insight in the insights speak, what is a TLD? What is a top level domain? What is a second level domain, there is a nomenclature, there is context around it. And there is trust in that. So what that means is that, you know, if you're in Africa and you you send an email to somebody with something@redcross.org, you have a reasonable expectation that it will actually reach that person. Right? If you type in an address on a browser or some device, there's a reasonable expectation, it'll just get there. It will resolve rendered resolved, right? When you have another system that comes in, appropriates all of those words, and all of that nomenclature, and then goes to the consumers goes to users and says, it's just the same as this other thing. It's the same thing. And for the user who's only been used to knowing that a domain name is something that just works on a browser, email or something that you just send something and it just goes to the other side. And then you sell The bill of goods that says it's going to work just like and you don't have to save words, just like because you actually just use the same name. You call it a domain name. You call it a TLD. Right now, if I'm buying it, in my opinion, that's kind of false advertising, because you're giving me something that actually doesn't work that in, not in a similar way, much less the same way. Right? So I would say, if you're going to use something in the web authoring space, perhaps, you know, try not to leverage the credibility that has already been created. And come up with it with a different set of terms. Otherwise, I think the real problem is one of stability. Because we're all used to a stable operating environment for what is a domain name? What is a website how to communicate, you know, on this medium, and that is, I think,
I welcome anybody else in the panel to comment on on Ram's comment about stability, predictability, we're in the new this is a new space, it's a Wild West, it's rapidly innovating. What is that? What are the trade offs there?
I can comment on. So I run a registrar, a traditional registrar called Porkbun. And I've been in the ICANN process for a long time. So I'm institutionalized to to Web 2. But we found I see you doing that the back. Am I okay? Okay. And we elected to begin selling Handshake domains. Because we felt that our audience would like to be able to maybe experiment with a newer technology. And I agree with everything Ram said, I think that's all true. But Handshake domains do, in essence, kind of promise a similar future. But right now, it's extremely typical to put up a website, you have to use a browser or a special website to find them, it's super difficult to use them. And I think the argument might be, well, that's how putting up a website, wasn't it? 97 as well. So this is just early times. But I completely agree that you don't want to fool the buyers. So I could pork but we have a gigantic warning, which basically says these are experimental. And it's not designed to serve a person who's like, hey, I want to buy a dot stars or something. I just happen to see it alongside .org and .com. But it's designed for people, we want to allow our users to be able to experiment, say, Well, I would like to try one of these names, I would like to see if I can make it work. Because, you know, maybe an early adopter or something like that.
Ray I applaud what would you doing on your site, where you're saying this is experimental may not work, etc. But I don't know that most others are doing that. And I mean, to me, the real world analogy is, you know, buying 400 acres of land and putting a sign that says coming soon, Disney. Like, except it's not any of that, right? So that's the experience that users are going to get there. From afar, and it's going to be advertised, it's advertised as if it is, you know, this amazing land of adventure, and you get there and it's pretty barren.
Yeah, I would add to that. So as with any cryptocurrency project, there's always the outright scams. And as people in the crypto space, you know, we're self regulating. So we call out the scans, you know, at the top rooftops, and the scans typically will do what you said. And I completely agree that's actually a net negative for the domain that they're advertising in and selling users against. And, and crypto as a whole. But then, also in crypto, there's this undercurrent of actual technological innovation that's actually truly valuable. I mean, show of hands, how many of you are satisfied with the ICANN process? This? Yeah, so So there's Yeah, I mean, there's some room for improvement, right? Like, what if, what if the process to registering a TLD were shortened to a matter of, I don't know, months, two weeks instead of maybe 10 years? You know, what if it were more democratic it you know, it was more cost effective than spending hundreds of 1000s to millions of dollars for a top level domain. So you know, things like that. Blockchain tech actually does help to democratize it. And from our, you know, the crypto standpoint, it's about trustlessness. You know, if you're perfectly happy with trusting someone like ICANN, perfectly fine ICANN is for you. But then there's also this element of trust lessness, where maybe you don't need to defer to the authority of, you know, one giant organization. There may be this is not the audience for that. But there's this crypto people who like software to be kind of that organization that that administers these things.
And how does that work with Web3 decentralized technologies, whether it be smart contracts, or DAOs? or anything like that? How does how does the governance work? And that system?
Yeah, so there's, there's, there's a spectrum, actually. So if it's a smart contract, typically, it's actually pretty centralized, even though they say it's decentralized. Because usually how a smart contract works is the deployer basically has unilateral control over that contract. And so it's not actually that decentralized. But then there's also other blockchains, like Handshake that are really, really decentralized, and really doesn't have any, any leadership. So I mean, there's, there's a leadership void, but also you, there's no one who could rub pull you who could like take away your demeanor. Yeah.
And I can attest that, we spent four months trying to find a representative from Handshale and couldn't do it.
I think one of the one of the things to make sure we're not doing is having some kind of a have a false comparison that says, innovation only happens in the Web3 space and Web 2 spaces, traditional, and therefore there isn't innovation happening there. From from my perspective, I think technology is definitely going to evolve, we ought to be embracing that and not, you know, putting anybody's head in the sand and saying, you know, only this and not that, but number one, but I think the important from my perspective and important reason why the the identifier space, as we know it today with, you know, what would you call it a Web 2 one of the reasons why it's actually been prevalent and interoperable and works reasonably well, is because they're actually some there's a rules based order around those a set of processes and rules. Should it take 10 years? Definitely not? Should it take, you know, 10 months? I don't know. But I think really, the important thing is, how long does it take? It's actually about how long does it stand to the test of time. And from my perspective, that ought to be the metric and the litmus test than anything else.
Well, one of the challenges if you're saying the test of time is your metric that makes it so that new players can never meet the test, as they haven't passed the test of time, they are new players. And one of the advantages, at least some of the new decentralized technologies is to go away from a single point of failure. Having a centralized entity that is in control of the space gives a central point of contact for people who want to solve things. So people like that, but also that can be misused. And one of the things that, you know, I come from a civil liberties background, I know one of the things I care about a lot is the use of going after domain name registrars for purposes of censorship to make it so that something is hard to find. And there's a single point of failure. At the end of the day, what any of these names systems, whether you call it a traditional domain name, whether it's a new thing, it is a way of making a human readable thing, go to either get an address, or in the case of IPFS a piece of content, but like to help people find something which has an otherwise unmemorable are hard to understand. And this is a is a useful thing. And to have that be decentralized. So it is not under control of one entity. So democratizes, the availability of information is a good thing for for freedom of expression for having a diversity of things. But yeah, for any of these new new systems, they're going to have to build that trust, you can build that trust of the test of time or some of these ideas is trying to build that trust by saying, well, we've written out the code, this is how it works. It's open source, you can look at the code, you will know how it works, and you can trust based on that. But still, ultimately, a naming system is going to be effective if people take that human readable, understandable name, and that goes to the content that they're expecting it using.
Oh, I'd like to add, you know, you made a very important point, which is censorship resistance, and that's the value prop of blockchains. How many of you read the proposal recently that ICANN wrote to with the DOJ to that the government could basically take away your top level domain, or your domain names. You have just one person in the audience. That was a pretty thank
you for your service. Yeah.
Yeah, I would have expected. Yeah, I would recommend you guys look that up they this proposal for basically, if the government says that it's going to fence off your domain name, it can unilaterally. So that's been proposed. So I think that the urgency for you know, an alternative, outside of having one single point of failure for something as important as your digital namespace is going to be an important topic in the next few years.
I'm interested in finding out more about that particular proposal. I mean, I can we so we do a lot of policy work, US government, in Brussels and throughout the ICANN space. And we focus a lot, trying to make sure that that like we're making, we're helping make a stronger, better, safer internet moving forward to unpack a little bit about round Ram was what Ram was saying, when he was talking about standing the test of time, I think what we're acknowledging is that most of the global economy is built off of web 2. And it needs to be somewhat, you know, stable, and it needs to be predictable in how it operates. And so making sure that, you know, if you think of it being like on a cruise ship, you don't want to turn it on a dime. That's pretty smart, when it's the basis for most most of the digital economy, which is pretty much the entire economy these days. But like, what I want to say is that the web 2 environment, definitely benefited from an environment when it was starting out of having a very light touch regulatory system, where like, there weren't a lot of rules and regulations that let it sort of have a lot have the space to figure out where it was going to go. And I understand what you're saying about like, hey, there's some really compelling things about this environment that hasn't reached that level of ubiquity, where it's got the importance of carrying the entire digital economy, like, give us some space. And don't be jumping all over this, I totally understand that. I work with an organization that doesn't do any Web3 policy, I wasn't sure what I was sort of brought here to talk about. But as things mature in that environment, like there are gonna be chance times for us to spend time talking about what what the policy implications of it are. But I want to say to you, because you're talking about the white, the green paper, I think there was a long period of time between like, the web starting out. And the green paper the times that was like Jon Postel and his notebooks and his file cards and shoe boxes. And that period of time is like the period of time that we're going through right now with web3, where we don't need to spend a lot of time figuring out like, what the policies need to be, at least until it starts causing problems, like your freedom to swing your arm, you know, stops when it when it hits my nose. Right. And so probably the first times that we're going to spend times talking about policy for Web3 is when it's hurting other systems.
I think I think the question that we have is that there's a when it comes to ICANN, as far as I can tell, there was a conflict with the ICANN speaker we invited, we invited them obviously, but as far as they're concerned is like when you start having collisions at TLD, you know, call us, right? Whereas Ram is basically saying, well, there's a lot of opportunity for confusion and fraud and things like that. So I think there's what we're talking about here is the pros and cons of these different types of systems. Yeah,
I think I'm, I'm less concerned about the development of new identifier technologies and new identifier spaces. This is a good thing on the whole. But I'm actually arguing for stability, and I'm arguing for, hey, we ought to know how we ought to understand have some level of predictability and the litmus test shouldn't be How quickly can you make, you know, the next thing go out that should not be the litmus test at the same time, but should also not be, you know, take 10 years to make stuff happen, right? What I'm really trying to say is if you want a system with Web3 identifiers, web 4 identifiers, web 2 identifiers, whatever they are, whatever kind of identifiers we want to develop, and, you know, think about and innovate. It's really important to make sure that there is a focus on the foundation of interoperability of foundation on the focus of stability, and you have to really put yourself not in this in the mind space of either the companies developing this or the companies profiting from this on all sides, you really have to put yourself in the space of the person who is going to buy this and use this. And do they have a reasonable expectation that this is going to work the way it was advertised to the ask how it should work? Right? That I think so user confusion, I think is actually the foundational thing that we have to
talk about. I will note I didn't, we didn't get an intellectual property attorney for this panel, which may be a good thing or a bad thing. But there is a there's an aspect of trademark law and intellectual property at play here, right.
Let me ask you this, how many of you in the audience have taken a commercial flight? Every single one of you 100 years ago, how many of you would have taken a flight? Maybe in between the FAA developed and then now flights became ubiquitous. So these things take time.
And let's let's let's talk about like maybe, you know, dispute resolution. So let's say things start happening in the space. And how do people deal with disputes in the kind of decentralized web naming space? How to honor these disputes get resolved? Was the process of a different across different ecosystems and different blockchains? Or whatever software created those particular naming solutions?
Yeah, it's, it's all very disparate, and it is the Wild West. So anybody who wants to spin up a smart contract and have your, like the subnet sub level name show up at something like Osmo? You know, it doesn't resolve over DNS, it doesn't actually mean anything outside of just a vanity name. So that's currently the state of Web3 days. And, yeah, it's not, it's not very legitimate. And most people who are honest in this space, say that this is a toy, and it's just a vanity address for you. But then there are projects like Handshake where it actually does augment the root. And so it's kind of apples and oranges. And there's there's a lot of players involved in a lot of confusion. i
I heard something in the halls of ICANN, that is probably unverified but I'll share it anyway. I had heard that that NameCheap, who does sell handshake domains, has decided to experiment with the use of UDRP on their handshake and at least a fraction of their handshake domains as a dispute resolution process, just testing out how it would work for that as well. So that's an interesting experiment there.
And do we think that I can will allow that or how to Well,
it's a process so I'm, I'm certain that if they're leveraging the process
or using UDRP? We have to WIPO whether they're going to allow it right, or they're going to take the arbitration? Yeah, yeah.
So let's get to so I guess the question is, like, what are the rules of the road here? Right? Should we have rules of the road? Or is it is it fine the way it is somewhere between where it is right now? And the ICANN process on the other end? Like somewhere in the middle? Right? What what who should be thinking about the rules of the road? Are we are we at the 100 years ago when it comes to aviation? And you know, we're at the early stage, or are we in the 1970s?
Well, the 1970s on domain names was kind of the wild west as well. Whether you can convince Jon Postel to make a change, right. So these things evolve over time, and they will probably evolve in this space. You know, if they want to use the the UDRP, as as a dispute resolution fine, we're gonna have other forms of arbitration could be going through, but these are the sorts of things that will will evolve, there are existing dispute resolution processes that people can try to use, the guy in any of these projects can also build his own dispute resolution process. I think the incentives are there, if you want to have a successful domain or identity management, successful program for translating human readable names into addresses. It has to be something that people have competence in getting to your point and also you get to get trademark law and the the underlying rationale for trademark law is consumer confusion, too. So you know, say something is a Coca Cola when it's actually a Pepsi. And that if you're going to have people using your system, they need to have the confidence that it's going to work. And so I think that would be you know, in the interest of a lot of these people who are coming up with new systems To have something which gives consumers you're using it a confidence that it's going to be, you know, what they expect. And also that maybe you don't people what to expect to have a better understanding of that. I think you can do that without having to build all of the other mechanisms that we've been using domain names to resolve disputes that aren't about the domain name, where the dispute is about the content that's at this domain. And the domain is a method that is easy and convenient to train to prevent people from getting
at. Now you've done it, you've opened up that can of worms. Oh, yeah.
One of the things I wanted to point out as I want to distinguish between, you know, things that we need to talk about in this realm, that are external to the this ecosystem, and the things that are happening within the ecosystem, we external the ecosystem, I think we all should start talking right away, if we're not already talking about, about, about name, confusion, about name collision, and about the kinds of things that affect people outside of this ecosystem, it the reasonable conversations to have, and we should be doing those things. Right away things within the ecosystem, you know, the kinds of things that you were talking about things that they need to do to make sure that they've got a safe and stable environment? Well, you know, the smart leaders that are trying to drive the technology are naturally going to, you know, head down that path, if they expect to get to that level of ubiquity, or they're just not. The truth is that when new technologies start, there's, you know, there's a lot of people that rush in, and a lot of them are always people that are looking to exploit those systems. That's natural. And that happened with web 2. And there are still plenty of people looking to exploit these systems, but we put a tremendous amount of effort into trying to fight those exploitations. Right. And you don't get to a level of ubiquity, without a heck of a lot of effort towards combating those levels of abuse. So you're either going to do that within that ecosystem. And if you want to succeed, or you're not, I think right now, the only things that we need to focus on outside the ecosystem are the things that can hurt things outside the ecosystem.
I think your point about like, you know, your rights are, what do you say, your you can swing your arm
and your freedom to swing, your arm stops at my nose, right?
And I think that you've got that coming up, because you've got like Unstoppable Domains is basically saying, Hey, we we now have trademark rights on dot wallet, and eight other TLDs or something like that. And you know, those are gonna be applied for in the next round. But we're all talking about three blocks away, right? So that's gonna be a crash right there.
But something like wallet is not really a trademark, that's just a descriptive term. And I mean, I think this is one of the one of the challenges is like, it's can be very straightforward when you have like unique trademark domain names only mean one, one company, but there's a lot more difficult governance issues when you have generic names like wallet. And you know, who gets that and I don't think ICANN or anyone has a trademark in wallet. So
what they're basically saying is that they have, because of all their integrations and stuff, now they have established trademark and that and would seek to stop anyone else, anywhere else in the web3 space space, or anyone else in the web 2 space, which is coming up from registering that , same, we'll call the TLD for lack of a better term.
Yeah, so unfortunately, in the web3 space, the actors who seek to do what you said, right with complying and creating stability, and all of that, and playing in the rules of the system. They tend to be strongly correlated with the actors that are selling vaporware to users. So the tough part is, you know, actually, if you have a decentralization mindset, then you don't have an organization actively pushing for these things. So it's kind of a catch 22. Unfortunately,
and this is the point where I remind everybody that we didn't get an intellectual property person on the panel. But establishing a domain name for lack of a decentralized domain name, or a regular domain name does have implications or doesn't have implications at the USPTO. I think they have a ruling on whether that actually creates a trademark right or not.
And then also the decentralized environment. How do you go after someone registers your trademark?
So I'm gonna go to the audience for a few questions, feel free. I'll bring you bring your microphone, but Kurt raised, not the elephant in the room. But kind of the challenging that I get all the time. Every time I talk with these issues is how do you deal with issues like copyright protection, abuse, things like that? national security? I correct. In my introduction, I didn't mention that Kurt has been the general had been the General Counsel of of the Electronic Frontier Foundation for many, many, many years decades. So Kurt comes at it from that perspective. On the other side, folks are like, you know, you can use the domain name system as a tool for censorship, censorship and things like that. On the other side, how do you deal with some of those issues related to copyright, national security, and safety and sexual abuse images and things like that? Anybody?
I mean, this is this is a challenge. And the question is, you know, do you use domain names as a tool, because it's a convenient tool when the issue is not the domain name. And I think there's a lot of people who have a temptation to do that, because they're looking for the most convenient tool, we've seen this a lot in the intellectual property space, where people are, see issues, and they are trying to find the fastest and most convenient way of dealing with them. And in many cases, misusing, and like, you know, this is this is a challenge and the you know, the ideally, you would have the person who's like done the bad thing, be responsible, and not the the registrar or the intermediary, who has, like, if you're making something you might be old enough to remember phone books, that had you know, the name of a person and their phone number, the name of a business and and its phone number. And like, that was just a factual thing about the world like I was, what someone's phone number, and in some sense, that's what a domain name system is, it is a, you know, a list of names, and then the associated ip ip number on it. And is that the tool that you go after somebody is, you know, if their business is doing some bad thing? Do you take away their phone number or just remove them from the phonebook, of course, you still have the number. And so it's an ineffective tool as well, if you're trying to use a domain name system to try to stop someone from from getting at it, you just means that they, you know, someone can still go to them based on the IP address, they can, they can find it anyway, it is. So it's not a very effective tool. And it is getting to infrastructure, getting into like, a factual thing about the world, or at least here in the US. There's a notion that, you know, saying truthful information is heavily protected by freedom of expression. And it is truthful information to say, you know, this domain is located at this IP address, and then to say, Well, you can't tell anybody that we have now decided that that is secret information. So it really, you know, it cuts against it to use this as a tool and you put, oh, there are many problems in this world. And there's a lot of bad content out there. And this is all true. But that doesn't necessarily mean that every single possible tool that you can use, is the right tool to be using to get after that, especially when it is going after infrastructure that people might want to be able to depend on about factual information about where information is located.
I think the important thing, regardless of whether it is the real domain names, or or the, you know, the these web3 identifiers is, is the recourse, you know, when harm is done, is the recourse? Is there visibility? And is there a way to actually be able to respond, be responsive, and all reactive, right, so whoever is coming up with an identifier space, I think it's important in the design principles to design that recourse and responsiveness, those have to be built in, rather than to go in and say, it's the Wild West, it's, it is what it is, and it's not touchable at all, because the real world will have a way of rearing up and saying, Actually, harm is being done in these places.
Yeah, actually, blockchains are really transparent. So if harm was actually done, and it could be associated with someone's Web3 address, and maybe that's it's connected to some exchange, where they're, they're able to be identified, then it's actually quite easy to track them. And so every person who's done harm in the past, who's, you know, for example, hacked Mt Gox, in 2013. They found them eventually and they're, their justice is being served. So eventually, we, you know, we have the tools to be able to do that. But you know, at the infrastructure level, there's there's shouldn't be like a censorship play. Because it's like saying, Oh, well, you know, what, which telephone lines should we control if bad information is transmitted through them,
then are you like reliant on the DAO or whatever project it is to like, there's a bad actor and it's
no not not not a DAO. So So I mean, you know, for example, you know, Mt Gox gets hacked, it gets, it gets siphoned through multiple different addresses. And then concentrated into one address because they have to off ramp into an exchange because they've stolen the money. How do you how do you realize that the gains eventually you get found out you know, if you try to off ramp it and then the authorities figure out who you are what you're real identity is, where you are in the world. If you stopped at an airport, they they've identified you then you're caught, right? If your
system is and someone uses an identifier Louis Vuitton or something like that, and they get a little bit of exposure and they're doing harm to that company. How does how does that company get to shut that down?
So it's through aggregators right now with like NFT marketplaces, you know, if your name is being sold on Open Sea, the the you're the marketplace on Ethereum and for selling these names, Open Sea actually curates this list. So if you're an unverified, you know, Louis Vuitton on Open Sea, they will delist you.
I have a question from the audience. Sure.
I'm Philip Corwin. I'm Policy Counsel at VeriSign. I'm not an IP attorney. But I play one in Washington. Real quick, I want to talk about this trademark issue because I think it's a huge issue for your industry that you're going to have to deal with. And that went to dealt with from day one. I just want to note that VeriSign next month was celebrating 26 years of running dot com without one second of downtime. So we have that trust and for my registering, that they can build their businesses and everything else on our domains and they're going to resolve 24/7 month after month. Web 2, trademark protection was built into the DNA of the DNS from day one. The Anti Cybersquatting Protection Act was passed the year before I can was split out of the Commerce Department. And the UDRP was the first consensus policy adopted by ICANN at its first meeting. So trademark protections, though is built in I'm going to just reel off some facts about what's going on with people that may not be aware of. In October, the CEO of an ICANN accredited registrar, who sells Web3 domains, spoke to the annual assembly of the panelists to administer the UDRP for WIPO, and told them that trademark infringement on Web3 was rampant exclamation point, and that the estimates were at 90% plus of all, Registered Web3 domains were either identical to or confusingly similar to global trademarks. In April, the intellectual property section at the American Bar Association unanimously adopted a resolution calling on Congress to enact legislation and regulation to bring the same ACPA and UDRP protections to web3 domains that exists for web 2 domains. So their lobbyists are going to be up on the Hill, talking to Judiciary Committees. Last month, the International Trademark Association in Singapore their board adopted a similar resolution on trademark protection for new technologies. This morning, WIPO and someone from Handshake announced that someone from Namecheap announced that they would now have agreed with WIPO to apply UDRP to all the Handshake domains. These are not those sold by other registrar's, but it certainly sets a tone. So my final point is one, you got to deal with this trademark, massive trademark infringement issue, if you ever want to have businesses to build anything on web3 domains. And number two, I represented the file sharing companies. If you read the Grokster, which was unanimous from the Supreme Court, if you don't fix it, someone's gonna charge you with building a business model by inducing trademark infringement. And you could get the same result from the Supreme Court. So I just would be interested in hearing when the web3 sector is gonna start making serious efforts to deal with the rapid trademark infringement going on there. Because powerful organizations are up on Capitol Hill talking about the thinking.
That was a question with some points or some points with a question. Feel free to comment. I think that's a classic question or set of comments we get in Washington DC that Things are gonna happen and people are going to be unhappy and ... What is the path for doing those
things? Yeah, I mean, to be perfectly frank, I do not have an answer for this at all. And honestly, the people building these web3 domain protocols aren't even thinking in these terms, because there's a huge disconnect between Washington and web three. And that's the honest answer. However, as these become more, these regulations become more pressing, I'm sure that that's something that becomes more of a topic within these teams.
And we didn't put you up to be the sole representative of the decentralized Web. Chjango is not here. For that. Let me just
say, I rise in respect of my colleagues. And as I'm a consultant to freename.io, which is also one of these. One, I'm sorry, web3 spaces. And, you know, we do have a plan to deal with trademarks. But I would also say, I believe there's a burden being placed on the web3 spaces that exist in the web 2, Vision Pro came out last week, between last week and this week, 380 extensions were registered in Vision Pro. That's a trademark term. To say that there's a burden on web3 to fix trademarks, that's not being fixed in the SLDS that exists. Currently, when I look at the list of the most extensions registered, I see trademark term trademark term trademark term trademark term trademark term. So yes, we in our attempt, do have a process. But I would say that expecting web 3 potentially to do something that web 2 even though it has these processes that have last for a long time, isn't quite effecting, I think maybe too high of a burden. But yes, we do plan to be able to have some process to be able to be commercially viable, as you suggested, at least at ours. And I think in some of the other ones, too.
We could spend another two hours if we had just intellectual property attorneys talk about this. But we're just trying to just kind of laid the foundation for what decentralized web names and addressing looks like and then try to figure out where it goes from here. And obviously intellectual property is a huge issue as it is in web 2.0.
Thank you. I'm Jeff, I am not a trademark attorney. And I don't claim to be and this question is not about that. The concept of trust has come up a couple times here. And trust is a funny thing. You know, I've been in large software systems since the 80s. And I don't trust software any more than I can throw a Vax. So you know, it trust is in the eye of the beholder. The you made the comment about the the interaction between ICANN and DOJ and you know, taking away things and such. So a funny thing is, you know, if you look at ICANN's, behavior, they've actually been enormously resistant to government interaction over the years, right, the XXX thing back in the Bush administration and the recent Ukraine, right. So, you know, trust is earned. Right. And you know, the system, right has been enormously resilient. So it's just a factor to keep in mind. That was the comment. The question is, what what can I do with a web3 domain? That I can't do with a with 2 domain, for lack of a better term? Is this is this Tylenol? Or is it Viagra? Can I do something I couldn't do before? Or does it is the objective of a web3 domain to get around? I can, and to get out of the the ICANN ecosystem? And I don't get anything else? That's the question.
Well, the first thing is to get access to new extensions, without having to go through the whole I can process. But also, I think I can get it. Right, right, just like as Chjango said, it costs a little more, and takes a little bit longer. But I also think that like a lot of like, what I see happening is if we just separate domains from identifiers, there is there are little ecosystems, especially ENS, I think is a good example, there are people exchanging ETH and using it as wallets for other NFT's and things. And that's all happening. And that's just like, hey, I want to use this as my identifier. And I think that's valuable in that context. But then if you say, Well, my identifier is Ray dot stars or just using your example. And that's cool, then it would be nice to also have that in the web 2 world and be able to make that my domain name and my email address and just like have just one thing I'm a Business RT. So I think that's the, it's like you get the benefit of aspirin and Viagra at the same time. And I think maybe in the past, we thought about the alternate routes that were attempting to put out new TLDs as alternatives and maybe in contrast, or choose this or that, like someone has to win. And now, we think a little bit in terms of this concept of dual route where you can essentially have, if you can solve the issue of collision, and unique as you can, I'd like my business card to say one thing, and have that work for all my web three stuff, and my traditional website and email.
I guess the way I look at it is, it's promising Viagra, but what you're getting is a sugar pill. And you'll get a little high for a while, but, but doesn't mean that it won't have any effect or any use at all. It's early days yet. And I think we That's why you hear me talk about, you know, be predictable, have recourse, you know, do those kinds of things. Because we I don't think we should dismiss this whole thing and say it's not doesn't, because it doesn't necessarily have all the use cases built out today, it won't have tomorrow. But in the meanwhile, I think some significant amount of caution in how it is sold, how it is marketed. How it is used is what is necessary,
right? Like, the FDA makes sure that stuff doesn't arrive on the supermarket shelves without some oversight, because you don't know what's consumer, you know, what's going to work. And what's not,
I would hesitate about living in a world in which there was like a federal software agency that had to review all software before it got out there. Like I don't know if the FDA is the metaphor we want to use for software development. But I think the thing is that like this is saying like it is new, there's new things coming along. And not all of them are just going to be a replacement for domain names, or some of the the ideas I've seen have been other forms of identity or like what the dot ETH, they could go to a wallet address. And then you could put a wallet address on a domain name, but you can't, you don't have the same kind of direct functionality. Whereas with the IPFS protocol, it's content identifiers. So it's not a location with like an IP address, but a hash of a particular piece of content, you can make human readable names for a particular file instead of a particular location. These different ways of doing things may allow for for new innovations that are go beyond what a domain name, system as is, can do, which is very much focused on mapping human readable to an IP address. And from that, maybe, you know, may 1,000, flowers bloom, right, there could be a lot of innovation. But it's early days, whether that will pan out, some might, some might not. And you'll have to either take a wait and see approach or try some out and see to see if they work out along the way.
When you think of a domain name, you think about a website. But what's less obvious to probably most of you, if not all of you in the audience is that users in the decentralized space are increasingly using their wallets as the gateway like the login access to everything in web web3. So that means there they could be using their web3 names to log into access defi protocols to trade. Most of these things are on chain, you're doing options you're doing whatever. So imagine using your domain name, to log into Wall Street and trade and broker or whatever. And as well as manage your NFT's you know, right now, NFT's are toys, but imagine 10, 15, 20 years into the future where NFT's are actually mapped to real world assets, you know, titles, these these types of things. And then your web3 name through your, through your Metamask through your whatever lends you access and allows you to sign and authenticate and do all of the things that you typically need a middleman to do. But now you could do it peer to peer, transferring, you know, selling a house, getting getting crypto, and on off ramping into US dollars, all of that. Imagine that in 20 years, it's quite compelling. Right now it's just a toy, but 20 years from now, you're going to be able to do a lot of things within you know, minutes to seconds upon block finalization that you you would have to do within months
sounds like a personal personal identity management tool of sorts.
Yeah, that's, that's where it's heading.
Question. Hi, I'm Owen Fletcher. I'm from NTA. Thanks for everything I'm learning today. So I have two questions. One Chango. You mentioned web3 being censorship resistant. I think I know what you mean in a technical sense. But you also talked about how someone could track the identity of any actor who did something on on on a blockchain, which would seem to undermine the promise of censorship resistance when you're talking about case of an authoritarian regime willing to track down people issuing dissenting opinions or something like that. So I'm wondering if you can say more about censorship resistance?
Yeah, so censorship resistance, meaning no one entity or even state level actor can come in and stop the blockchain or take control over it. But auditability it's completely on chain, you could see when someone transfers something over to another address, and you can completely follow the, like, the trail of money, basically. So that's, that's that, you know, auditability doesn't necessarily mean it's not sent, you know, it's that it's sensible.
But it also raises some other issues, right, which are that like, you know, enforcement is a manner of chilling speech, it's a little bit different from taking down speech, right. So if you have control over don't have a domain name, and you can remove the information that has a different effect than having a chilling on the person who put it up who might fear the consequences of what they do. And this is, you know, it's also same thing, you get a billboard or whatever, like, you face the consequence of what it is, but it would be difficult to get a prior restraint order to take down the billboard. And so censorship resistance becomes like an example was during the Catalan referendum. That was in August 2017. The dot cat domain, the the Catalan language domain, had some information about where election sites were. And there, the Spanish government went after the domain name registrar for dot cat to take down the site. And during a time period right before the referendum, so that people wouldn't be able to find them and go go vote for independence for catalog. And they could have used some methods to figure out who posted them and then you know, go go prosecuted and court of law, if that was if that was possible for their legal system. But by being able to go to the registrar, that was about immediately right now denying people access to that information, which is, which has a different effect, an absolutely authoritarian can track you down can see your address on the blockchain can get some control over you, that can be very chilling to someone doing it. And that is something we should care about as free expression advocates. But I would categorize it a different way from the ability to stop it. And in the right here right now. stop people from access to already access at least to that information.
Yeah, I mean, what's what's important, you know, go to the technical details about how like blockchain operates. But you know, typically like for Bitcoin, for example, why hasn't the United States, the most powerful government in the world have, you know, have been able to stop Bitcoin, even though it's a threat to the dollar hegemony, it's because of how it works, you know, it's proof of work, you need machines to run the logic, and you need a lot of it to have a certain amount of network hash power, so on and so forth. What I'm trying to get at is, you know, the technology underlying some of these chains, is so compelling that it ensures it no single actor can centralize it and take it over. You know, even if you bought 90% of the bitcoins in the world, you can't take over the blockchain, the protocol continues to run as prescribed.
I respect that there's no central authority that can go ahead, take it over, I guess, here's where I would like to learn a little bit more about how the systems work. And I'd like to take the example of CSAM as something that like we all think is bad and should not be relevant, which should not be easily available. Right. And in the web 2 system, you want to be able to get that unavailable as as quickly as possible when it's identified. And that can happen through domain name mechanisms. But we're also a network of networks. So you can go straight to the place that it is housed, and you can get it taken down and not everybody pays attention. Like not all admin departments are really like quick to say yes, I will go ahead and identify this content and take it down. But since we're a network of networks, all of them rely upon other good actors and eventually somewhere in the chain, somebody is going to apply pressure and you can usually get something take can get taken down even if it's not just taken down online, but actually, like removed from the Internet. And I'm wondering if sort of similar mechanisms exist in the web3 space? Yeah,
one thing that's really important to know is that blockchains are nowhere near as large as you know, the web 2 space. You can't host CSAM or any type of video like you cannot store that on the blockchain. So you know, if anyone has a web3 domain name, and they're serving that on their website, it's being stored on AWS.
So my second one was, we haven't talked a lot about how people are accessing Web 2 domains, and wondering what the future of that is, if it's going to be like in your browser, you can choose from a drop down menu, like which blockchain you want the so called domain name to resolve through? And is there anyone out there who wants web three domains to be implemented into the normal DNS like you want normal DNS records to be modified to have some kind of, like signifier that points to the right one somehow?
Yeah, so right now, the only project that does that is Handshake. And the other ones that are smart. So Handshake is its own blockchain. And all it does is it manages the root. And it's just like a set of disparate miners that are running the blockchain, basically acting as a decentralized ICANN basically. The other smart contract based Web3 domain naming protocols like Unstoppable Domains, or like ENS. They don't, I don't see that like that's not on their roadmaps at all, to resolve in DNS. They want to bypass that entire system, and straight have integrations with the browsers to show to have it work. So they are building Mars as its own island without any bridge back to Earth. Earth is DNS. Whereas Handshake is kind of more that bridge
was smart also, because you invented TPP. What which allows registrar's to, to basically sell a domain name the way they would the traditional registry. So you're on both sides of the equation.
They have a hard time hearing in the back of my sorry, Reg.
I just said that Handshake is was smart in their implementation because they use EPP so registrar's can, Reg, so that the reg names got the traditional manner.
Yeah, so So handshake is the only actual web3 domain name that was meant for like websites, like you would think all the rest of them are actually just vanity crypto addresses that aren't meant to resolve over DNS. And they're just meant to send crypto to crypto and like one single network like Ethereum.
Hi, my name is Luke Hogg with the Foundation for American Innovation. There's been a lot of really important conversation today about predictability and stability. And I think one of the things that gives the Web 2 environments such predictability, stability is consensus around particular protocols and standard setting bodies that create interoperable standards. Web3 is notorious for having lots of different protocols that sometimes don't really play very well together. So I'd love anyone's opinions about kind of what the role of domestic or international standard setting bodies are, and whether we should start trying to coalesce around one protocol or if we should be looking towards a more kind of a system of international interoperable standards to kind of drive these things forward.
I think that having a lot of different protocols that interoperate with each other is sort of a better system than just having the default, why this is the idea behind some of the decentralization it will be a better future if there are multiple options, and some will succeed and some will fail. But you will have different options. Having them interoperate with each other also allows for competition. And so especially if it's easy to switch from one protocol to another, depending on what one is succeeding, that might be good for competitive purposes. And to just have one single protocol, you know, one one ring to bind them all. raises some of those centralized points of failures or points of attack that can as historically have been problematic.
Yeah, I guess I find it peculiar curious that all of these new systems, the web3 systems, the primary, it seems to me from where I said the primary advertising point is that it, it will eventually if it either today or it'll eventually interoperate not with each other, but with the DNS with with that system, right? Because that is actually where, you know, the commerce that is actually work communication actually happens, right. So if anything, it feels like the way all the decentralized systems are going, I'd be skeptical if all the decentralization gurus are going to come together and say let's centralize on a decentralized thing. But I think it's far more likely that the base function here is that the DNS is already that centralized protocol that everybody knows works and works well. So I think that's kind of going to be the forcing function. My fear is that we have a lot of energy building bridges to nowhere. So
with that, thank thank you for all those incredible questions. And some comments. We have filled raised the specter of you know, we're here in Washington, DC, and it has a life of its own
famous for building bridges to nowhere.
Right? Good call.
And Phil kind of said that the pieces of the chessboard are being moved. There are things happening. Let me just ask you guys to finish each of you with your own comments on where you think Washington engagement or ICANN engagement is going? And what are the there gonna be rules of the road over the next 10 years use whatever metaphor you want, maybe not a pill, a metaphor, a transportation, whatever, to kind of explain it just predict where do you think this is all going to go in what level of engagement is going to be necessary, from Washington or to Washington?
Sure, I'm happy to start. So I'm gonna go back to what I was saying at the beginning, where we were talking about how the web two environment did benefit greatly from having a light touch environment led such regulatory environment where we didn't have lawmakers going out there, and trying to micromanage how new technologies were being developed. And I think that generally, that is still the way that that allows innovation to flourish, people should be able to figure out how these new technologies should evolve without without having to be micromanaged. Unless, and they go back to the analogy unless that swinging fist hits the nose, you know, unless it's in an environment where you're seeing direct harm coming from the things that they're experimenting with. And so, you know, when it comes to areas where we've got major, you know, areas where there's, like, identified fraud, right, where people are going out there and advertising false things, and they should get called out legally for advertising false things. And there should be problems. When we're talking about issues surrounding intellectual property, I do understand that there are going to be people that are going to take a close look at who they can hold accountable for those things. And if they are businesses, those businesses are going to need to decide very quickly Am I can step up to trying to try to find my own ways to buy into existing systems systems, like the WIPO system that put these things through UDRP and try to resolve processes by engaging in things that we already know. Or am I going to bury my head and eventually draw legislation very quickly. But ultimately, you know, for the most part, I think that less legislation is going to be better. In general, we don't need to rush with a lot of this, right.
I actually agree with everything is that I think you have to let the experimentation happen. Because we don't know what we don't know, when we don't know what people are going to come up with. What they think is also interesting is that I mean, clearly there's some cool new technology here. And I wonder if any of that can be kind of reverse incorporated back into what we're doing in the quote web two world to bring some of the advantages of blockchain to what we're doing in the web two world.
Yeah, one thing note is that with every single bull market we have, so in crypto, like with stock markets, everything we have boom and bust cycles, and with every boom cycle, it becomes much more profitable to issue these types of projects and you know, be another Unstoppable domains or something like that. So the the it's going to be difficult to stop this energy when there's so much in financial incentive to do this, and like sell vaporware, potentially, right. So that's the unfortunate thing. But then what's, what's hopeful is that we could continue having these conversations and you know, I'm especially appreciative of what you're doing, Tim, by bringing, you know, web3 advocates to Washington so that there's a bi directional conversation, so that at least people in the crypto space understand how Washington is thinking about things, and vice versa. So that's important, I think that having these ongoing conversations is going to bear more fruit than if we were kind of siloed.
So I think I'll just riff off that a little bit. I think that one of the things that's very important for engaging with Washington is doing the best to educate people in Washington about how the technology works, that even if there's gonna be some policy disagreement, it's better to have those policy disagreements with somebody who understands what the technology is, and then you can have a disagreement over sort of the merits and the substance of it. And one of the the risks with new technology is that the the regulators and legislators, those who were making some of the rules from it are doing from a from a point of not really fully understanding whether what it is or what it could be. So by providing that information, talking to people speak tech to power, like to give them the information necessary, answer the questions, and trying to get at least as informed a debate as possible. As it moves forward with new technologies, it's going to lead to better results, even if you don't, are gonna agree on every part,
like stick speak tech to power, I'm gonna use that.
Look, if you're a regulator, or you know, in that policy space, the important thing is to pose a set of questions that those who are driving innovation can understand and then respond to, I think it's hard when you're trying to invent something new or create some new technology, and then you're held accountable for something that you didn't think about. And then you're so I think, from a record from a regulatory point of view, or a policymakers point of view. Questions, some of the things I was speaking about, you know, how do you work on user confusion? How do you ensure there is recourse? How do you ensure that there is security by design? Those kinds of questions I think, ought to be clearly laid out as table stakes. And if you cannot answer those things, then you should expect that you will have close scrutiny. And it may result in those promised financial outcomes, you know, not presenting them, maybe resulting in pinstripes.
Thank you. Thank you for this, this closing comments and checking, I think, and Kurt, you're saying that the learning curve is enormous, right. So I would say to people in Washington, I have found the learning curve to be astounding, far more than when I started learning about the Internet when I was when I was younger. It's a new technology differentiated from telephony and from cable and from broadcast from satellite that it seemed very, very complicated and that was very complicated for people in Washington to deal with was this new protocol out there?