Critical Analysis of National Internet Registries of Pakista, Issues with PK and Way-Forward

Abstract

With the advent of new cyber dominated technologies and swift advancements in IT field, substantial dependence on internet is being observed. Internet is an indispensable mean of communication being used in contemporary life. Moreover, it also acts as a nodal backbone of connectivity among a breed of IT based devices. Such heavy reliance on internet warrants its smooth functioning. In this connection, multifarious methods and techniques are being adapted. Domain Name System (DNS) is one of the most critical contours; that holds a pivotal position in technological paraphernalia of internet. DNS is a distributed directory that is responsible to resolve human readable web addresses/ hostnames, such as www.google.com into computer readable IP addresses, such as 172.217.19.174. Furthermore, it is also a directory of sensitive information about domain names, such as MX records of email servers, and verification details including CAA, DNSKEY, IPSECKEY, SPF, and even SSH fingerprints (SSHFP). In early 90s, internet was in its initial stage, neither spread worldwide, nor very common, especially in under developed countries like Pakistan. On other hand, the allocation of domain names at “Top Level” was administered by Researchers / Academia in order to achieve decentralized zone administration, the core principle of DNS functioning. At that time, Mr Ashar Nisar, perhaps, was an IT activist and associated with the IT industry in Pakistan. Mr Ashar raised a Company in Private Sector, with the name Pakistan Network Information Centre (with acronym PKNIC) and applied for Registry Operation / administration for country code Top Level Domain (ccTLD) .pk back in 1992, which was delegated and domain name was registered at Root Server being maintained by Internet Assigned Number Authority (IANA). The GoP was neither in knowledge nor contacted by the applicant or the organizers of DNS. At present, 38000+ sites, including GoP, commercial and academia, are operational under .pk. DNS grew vastly and decentralized, however Root Zone continued to be administered by IANA and hence regulated by the USA Government or its departments. In 1998, under international pressure, “Internet Corporation for Assigned Names and Numbers (ICANN)”, an organization, globally represented however based in the USA, was incorporated, operating in a bottom-up, consensus driven Multi-stake Model approach to coordinate the DNS management and regulate the Domain Name Industry. ICANN community holds three public meetings each year for improving Internet DNS policy work, global outreach, knowledge sharing, and conducting business deals of registries, registrars of Websites / Top Level Domains (TLDs). i.e generic (gTLD), country code (ccTLD). In 2010, ICANN had also introduced Internationalized (IDN) ccTLDs, specially encoded domain name displayed in its language – native script or Alphabets. Like .pk, acquiring of another national critical internet resource i.e IDN ccTLD was also remained ignored and sluggish in Pakistan till 2016, however, through the efforts of MoIT, IDN. پاکستان was successfully been awarded to NTC Pakistan in Feb 2017. Notwithstanding the critical importance in Internet Governance (IG), Policy Development Process (PDP) and decision making at ICANN, vulnerabilities offered by initially developed DNS protocol for cyber-crimes and attacks, GoP have been found very insignificantly and insufficiently involved in running and registry operations of ccTLDs of Pakistan. The aim of this research is to carry out an extensive literature overview related to historical perspective of DNS, ICANN, policy, management and security aspects ccTLDs. This research will highlight a number of factors and issues related to ccTLDs (.pk, IDN. پاکستان ), violations (non-accomplishment of responsibilities) committed by their Managers while running the registry operations focusing vulnerabilities that arises due absence of governmental and technical controls, hence offering security breaches or compromising cyber security. Carrying out comparison and taking guidance from international models / current practices, suggesting the interim corrections in present governance model and potential structure to be used for the ccTLDs to run the registry with responsibility, enhance cyber security and services back to internet community.