Stifling Speech Through DNS Infrastructure

By Michaela Nakayama Shapiro

State censorship of the internet is nothing new. But state actors are increasingly turning to a new frontier to restrict free speech: the domain name system.

In July 2020, the websites of three Indian environmental collectives, LetIndiaBreathe.in, ThereIsNoEarthB.com, and FridaysForFuture.in, became inaccessible. The organizations were given no explanation. It took their own technical investigation to establish what had happened: a domain hold placed by India's National Internet Exchange (the top-level domain registry operator for .’in’). In January 2024, the Belarusian Association of Journalists, which had operated its website on the domain baj.by for nearly 20 years, had that domain seized by the Operational and Analytical Center (the top-level domain registry operator for .’by’) by orders of the President of Belarus shortly after BAJ published its position criticizing the government’s decision to host a regional internet governance forum in Minsk as ‘validat[ing] repression’. 

In both cases, there was no court ordered shutdown, no regulator issuing a formal ruling. The state went directly to the companies that managed these websites’ domain names. In our recent report, Damming a river to catch a fish,  at ARTICLE 19, we found that state actors are increasingly pressuring domain name system (DNS) operators  to block access to public interest content, stifling speech and censoring critical voices. 

The DNS, also known as the directory of the internet, is the often invisible infrastructure that translates  ‘article19.org’ or ‘nytimes.com’ into the machine-readable numerical IP addresses used by web browsers, making the internet easier to navigate. The system is managed by domain name operators, including registries who manage domain name databases for top-level domains, such as ‘.com’, ‘.uk’ or ‘.org’, and registrars who liaise between registries and domain owners, known as registrants. 

While infrastructure-level censorship is not new, we undertook this research to better understand the role of registries and registrars in either enabling or restricting the free flow of information and the profound consequences that domain suspension orders can have for freedom of expression. 

When DNS abuse mitigation becomes censorship

To understand the full landscape of DNS-level censorship, we must first look at the broader ecosystem governing domain operators, starting with ICANN. 

The Internet Corporation for Assigned Names and Numbers (ICANN) is the multistakeholder organization that maintains the DNS. Registries and registrars are contractually obligated to comply with ICANN policy – including its definition of DNS abuse and corresponding mitigation requirements. Within the ICAN context, DNS abuse is narrowly defined to encompass five categories:

1. Phishing – tricking people into giving sensitive information.
2. Malware distribution – spreading malicious software.
3. Botnets – networks of infected computers controlled remotely.
4. Spam (as a means of abuse) – unsolicited messages used for harm.
5. Pharming – redirecting users to fake websites.

When a registry or registrar identifies or receives a report of DNS abuse, it is required to take action – but they are often limited in what they can do. If they wish to block a particular activity or content, often their only recourse is to take down the entire domain name. Removing a domain can block all content, including lawful speech. 

ICANN’s narrow definition for DNS abuse prevents overreach in mitigation that could infringe upon lawful speech and content online. 

But beyond ICANN, defining DNS abuse is trickier than it seems.

How domain operators define DNS abuse – if they do so at all – varies drastically. This leads to a fragmented landscape of responses to domain suspension requests that has allowed governments to weaponize this varying interpretation to block access to lawful information and silence critical voices.

Additionally, registries operate under growing, often conflicting pressures. A number of factors –  including who reported the abuse, the registry’s jurisdiction and governance, and its terms and conditions can determine whether and what action the domain operator takes. Registries also must navigate ICANN contracts, national laws, court orders, law enforcement demands, and their own terms and conditions, while often lacking legal clarity about their responsibilities. 

Within this complex operating environment, the rights of registrants, the entities that own the rights to a particular domain, are often an afterthought. Most registries provide limited transparency about suspensions and virtually no appeals mechanisms. Registrants may not be aware that their domains were suspended, much less why or by whom. Without transparency or appeals mechanisms, domain suspension becomes a potentially unchecked mechanism for censorship.

Attempts to moderate content through infrastructure-level entities are expanding rapidly without safeguards to protect free expression. 

What more can stakeholders do? 

Our report sets out recommendations for what more ICANN, domain operators, and civil society can do to develop a comprehensive DNS abuse mitigation policy with strong human rights safeguards.

• Registries and registrars should establish recourse mechanisms to allow those impacted to contest domain suspension decisions, integrating appeal and dispute mechanisms. To demonstrate transparency, they should also establish clear definitions of DNS abuse and publish regular reports on domain suspension requests and decisions. 
• Civil society and media organizations, who are at highest risk of falling victim to the weaponization of domain suspension requests, can take pre-emptive safety measures to build organizations’ resilience to this mode of censorship. One easy step is to simply know who the registry and/or registrar is for your domain(s). Organizations at risk should prioritize registering their domain(s) with a registry or registrar that is transparent about its suspension policies and has clear and accessible recourse and remedy mechanisms in place. They should give preference to registries located in jurisdictions with robust protections for politically sensitive speech and consider registering with a general top-level domain (gTLD) registry operator (who operate domains such as .org) – those operators must comply with ICANN’s contractual obligations and are bound by their narrow definition of DNS abuse.
• ICANN should develop a standard dispute and recourse mechanism for registrants impacted by DNS abuse mitigation actions. This would be one way to ensure there is a contractual requirement for registries and registrars to integrate due process mechanisms into their DNS abuse mitigation policies and procedures. 

Finding a solution that balances the safety and security of the DNS and safeguards the rights of all internet users to freedom of expression and privacy online is paramount. 

The good news is that these goals are not contradictory. 

The next ICANN meeting, ICANN86, begins next week, and the timing is crucial: in March 2026, ICANN launched its first policy development process on DNS abuse mitigation, of which ARTICLE 19 is a member representing the non-commercial stakeholder group. The process presents a key opportunity for the community to consider our report’s recommendations and continue discussions on developing standard dispute and recourse mechanisms. 

Ultimately, the entire community has a role to play in ensuring concrete human rights safeguards are integrated into DNS abuse mitigation policy – so that it protects the rights of internet users and domain holders alike. 

Michaela Shapiro is a Program Officer at ARTICLE 19 focused on improving the censorship resilience of telecommunication networks and the domain name system (DNS) and developing anti-censorship standards and protocols. The role emphasizes shaping the processes and outcomes of technical standard-setting forums such as ICANN and the IETF.

From the Group Chat 👥 💬

This week in our Signal community, we got talking about:

The group shared notes from a recent Edinburgh workshop on "Rewilding the Web," which brought together technologists, ecologists, philosophers, and others to explore how lessons from biology and ecology could help build a more resilient, diverse internet. The concept of rewilding the internet originated with Maria Farrell and Robin Berjon who wrote this fantastic piece in Noema Magazine. They attended the event alongside IX contributor Heather Burns who shared her reflections.

This Week's Links