IGF Community Site feed reader

Unread items (100)

Skip to page: 1 2 3 ... 16

IGFWatch news

Multistakeholder opinions: an experiment for the IGF [draft]

Posted: May 19th, 2013, 5:31am WST

At last week's World Telecommunication/ICT Policy Forum (WTPF), a proposed opinion was tabled by Brazil titled Operationalizing the role of Government in the multi-stakeholder framework for Internet Governance. In an earlier form discussed at the ITU's Informal Experts Group (IEG) the proposal had not reached consensus. But by 16 May, the revised and much shortened version of the proposal was tabled at the WTPF drew broader interest and support. Due to lack of time however, it was not possible to reach any conclusion on the proposed opinion.

CircleID

Major New Funding Opportunities for Internet Researchers and R&E Networks

Posted: May 17th, 2013, 5:02am WST by Bill St. Arnaud

Nationally Appropriate Mitigation Action (NAMA) is a new policy program that was developed at the Bali United Nations Climate Change Conference.

As opposed to the much maligned programs like CDM and other initiatives NAMA refers to a set of policies and actions that developed and developing countries undertake as part of a commitment to reduce greenhouse gas emissions. Also unlike CDM, NAMA recipients are not restricted to developing countries. The program recognizes that different countries may take different nationally appropriate action based on different capabilities and requirements. Most importantly any set of actions or policies undertaken by a nation under NAMA will be recorded in a registry along with relevant technology, finance and capacity building support and will be subject to international measurement, reporting and verification.

Already most industrialized countries have committed funding,or intend to commit funding to NAMA projects. It is expected that by 2020 over $100 billion will be committed to NAMA programs by various nation states.

As I have blogged ad nauseam, I believe Internet researcher and R&E networks can play a critical leadership role in developing zero carbon ICT and "Energy Internet" technologies and architectures. ICT is the fastest growing sector in terms of CO2 emissions and is rapidly become one of the largest GHG emission sectors on the planet. For example a recent Australian study pointed out that the demand for new wireless technologies alone will equal the CO2 emissions of 4 1/2 million cars!

Once you get past the mental block of energy efficiency solves all problems, and realize that energy consumption is not the problem, but the type of energy we use, then a whole world of research and innovation opportunities opens up. More significantly, whether you believe in climate change or not, it is expected that within a couple of years the cost of power from distributed roof top solar panels is going to be less than that from the grid. This is going to fundamentally change the dynamics of the power industry much like the Internet disrupted the old telecom world. Those countries and businesses that take advantage of these new power realities are going to have a huge advantage in the global marketplace.

I am pleased to see that Europe is at the forefront of these developments with Future Internet initiatives like FINSENY.EU that is actively working with NRENs and Internet researchers to develop the architectural principles of building an energy Internet built around distributed small scale renewable power. My only concern is that Europe may screw it up, like they did with the early Internet, when most of the research funding went to incumbent operators.

The global Internet started in the academic research community and R&E networks. It would be great to see these same organizations play a leadership role in deploying the global "Energy Internet". Universities, in many cases have the energy profile of small cities, of which 25-40% of their electrical consumption is directly attributable to ICT. Most campuses also operate large fleets of utility vehicles that could easily be converted to dynamic charging to "packetize" power and provide it where needed and when needed on campus, especially when there is no power from the solar panels.

I dream of the day when a university announces it is going zero carbon and off the grid.
Written by Bill St. Arnaud , Green IT Networking Consultant
Follow CircleID on Twitter
More under: Access Providers, Broadband, Telecom

Regulation Watch Feed

5th World Telecom Policy Forum – stepping stone to changes in the internet governance arena?

Posted: May 15th, 2013, 8:15pm WST by Monika Ermert
818 official participants – government and sector members – 8 “guests” and some 50 members of the public are currently discussing internet related policy issues at the 5th World Telecom Policy Conference in Geneva (WTPF). While only non-binding “opinions” on “internet related public policy issues” are on the agenda, the conference is seen as a stepping stone towards potential changes in the future mandate of the International Telecommunication Union (ITU) and the role of governments in internet governance. During the World Conference on International Telecommunication (WCIT) these very issues caused a split in the membership of the International Telecommunication Union (ITU) over the level of state control necessary. Can the breach be closed this week in Geneva or will it widen even more?

The WTPF has a big advantage in bringing opposing views together: it is of a non-binding nature. The six prepared opinions it intends to pass, are the following:
- Draft opinion 1: Promoting Internet Exchange Points (IXPs) as a long term solution to advance connectivity;
- Draft opinion 2: Fostering an enabling environment for the greater growth and development of broadband connectivity
- Draft opinion 3: Supporting Capacity Building for the deployment of IPv6
- Draft opinion 4: In Support of IPv6 Adoption and Transition from IPv4
- Draft opinion 5: Supporting Multi-stakeholderism in Internet Governance
- Draft opinion 6: On supporting operationalising the Enhanced Cooperation Process
They are mere commitments and not treaty obligations. With the acknowledgment of the importance of IXPs, especially in the developing countries (the whole of Africa has only 26 exchange points at this point), the need for much more broadband connectivity and high-level support for the transition to the new internet protocol IPv6, the parties should be able to find a lot of common ground.

Several non-governmental organisations have applauded the focus on supporting the infrastructure of the network and commitments may be easy to agree on by many stakeholders on these issues. This should put the participants into a conciliable state of mind for the more controversial negotiations that remain below the surface, headmost the controversies around the role of the ITU. ITU Secretary General, Hamadoun Touré, underlined during the opening press conference of the 5th WTPF that he expected consensus results would be possible in the non-treaty “low pressure environment”.
Controversies over the multi stakeholder model and ITU role continue
Reading thought the 50 pages report of the ITU Secretary General, it becomes clear that the ITU has tapped into advice from the experts at the organisations for internet naming and numbering management. Issues like IPv4 address transfers, community discussions over secure routing or domain name system security extensions (DNSSEC) are listed as “problem issues”. At the same time, the ITU Secretary General clearly invites member states to take their concerns and input on these issues, not only to the relevant organisations, but also to the ITU. Some observers see this as a friendly form of a hostile take-over.

After the report was released, calls from both sides about a possible foul play only grew. US Congress pushed for a tiny piece of legislation to “affirm the policy of the United States regarding internet governance“ positioning itself against "increased government control over the internet“ and an undermining of the “current multi stakeholder model”, the joint responsibility of all stakeholders for the development and management of the internet.

On the other side, former “ITU hawk“ Richard Hill, now a consultant and a member of the Informal Expert Group that prepared the draft opinions, twists the knife in the inconsistent position of the “hands-off-the-internet“-camp, namely the US government keeping some of its privileges in oversight over internet resources like the central root zone of the Domain Name System (DNS).

US academic Milton Mueller, professor at Syracuse University’s School of Information Studies, added some more fuel to the fire by declaring that the debate about the cherished multi stakeholder model was flawed and devoid of meaning as long as it would not strive to limit “the power of nation-states to interfere unduly with the use and operation of the internet, and empowers individuals worldwide to govern themselves.“
Governments' and ITU's future role
Defining what multi stakeholder means and what the roles of governments are in it, can be expected to be the most controversial point over the course of this week. The Russian Federation, Brazil and several civil society members have contributed statements to this issue. Russia for example reiterated its proposals for a much stronger national grip on internet governance.

The Russian attempt to introduce “national segments of the internet“, where the respective governments could have their say on global resources, had been one of the most extremist during the failed WCIT-12 conference and provided for a lot of discussions there.

Related to this is the future mandate of the ITU in internet governance, a topic that will become key when the Plenipotentiary Conference (PP14) will decide on the future tasks and budget of the ITU for the coming four years. For many observers, the non-binding WTPF's relevance this week mainly is this: how member states position themselves in that regard.

Much more work has to be done with regard to opening ITU processes, civil society coalition Best Bits wrote in a short statement published on the eve of the WTPF. “It looks a lot like parties are eager to have an agreement here,” Wolfgang Kleinwächter, professor for International Communication Policy at the University of Aarhus and another member of the WTPF Informal Expert Group wrote after the opening session in Geneva. “We have to watch closely, for sure, but so far it does not look that bad.“

CircleID

Government Advisory Committee (GAC) Beijing Communiqué Inconsistent With ICANN's gTLD Policy

Posted: May 15th, 2013, 6:32am WST by Tom Lenard

This is an edited version of comments submitted to ICANN on the Government Advisory Committee (GAC) Beijing Communiqué of 11 April 2013.

The GAC Communiqué recommends that ICANN implement a range of regulations (which the GAC calls "safeguards") for all new generic top-level domains (gTLDs) covering areas ranging from malware to piracy to trademark and copyright infringement. The GAC proposes specific safeguards for regulated and professional sectors covering areas as diverse as privacy and security, consumer protection, fair lending and organic farming. Finally, the GAC proposes a "public interest" requirement for approval of new "exclusive registry access" gTLDs.

The GAC's recommendations raise complex issues of ICANN's mission and governance and how they relate to the laws of the jurisdictions in which the registries operate. Without getting into the details of the specific recommendations, the expansion of ICANN's role implicit in the GAC's recommendations is inconsistent with ICANN's policy of opening entry into the domain space. Opening entry into the domain name space is intended to bring the benefits of competition and greater innovation to the market for TLDs. A major benefit of a competitive market is that there is generally no need for regulation of product attributes, as the GAC is proposing. Indeed, regulation of such a market will be counterproductive to the interests of consumers.

In a competitive gTLD market, registries can be expected to provide the services their customers demand. Registries that provide those services will flourish, and those who do not will not survive. Importantly, a competitive gTLD market allows for a range of services corresponding to different preferences and needs. The type of regulation the GAC is recommending will raise costs to registries and impede the development of innovative new TLD services, ultimately harming consumers. The value of gTLDs as economic assets and the benefits of the new gTLD program will be diminished.

Included in the GAC Communiqué is the recommendation that exclusive access or closed registries for generic terms should be in the "public interest." A public interest standard is vague and difficult to define and therefore is susceptible to being applied in an arbitrary manner. As I indicated in March 6, 2013, comments to ICANN on the subject, a major benefit of the new gTLD program, in addition to providing competition to incumbents, is the ability of the entrants to develop new business models, products, and services. Valuable innovations are likely to be blocked if ICANN attaches a public interest requirement to exclusive access registries.

There may be instances where regulation is warranted. For example, the protection of intellectual property in domain names has become a major issue, particularly in connection with the introduction of new gTLDs. ICANN's trademark clearing house is an attempt to address that issue. There may be other areas where regulation is warranted, but it is unclear whether ICANN is the appropriate venue.

If ICANN wants to be more of a regulatory agency, it should adopt good regulatory policy practices. Specifically, ICANN should demonstrate that there is a significant market failure that is addressed by the proposed regulation (or safeguard), that the benefits of the regulation are likely to be greater than the costs, and that the proposal is the most cost-effective one available.

It is preferable, however, for ICANN to minimize its regulatory role. ICANN should hew closely to the technical functions involved in administering the Domain Name System — i.e., coordinating the allocation of IP addresses, managing the DNS root, and ensuring the stability of the DNS. This has historically been ICANN's essential mission and should continue to be so.
Written by Tom Lenard, President, Technology Policy Institute
Follow CircleID on Twitter
More under: ICANN, Internet Governance, Top-Level Domains
Joint Venture Promises Broadband Benefits with Potential Risks for Latin American, Caribbean Markets

Posted: May 15th, 2013, 3:03am WST by Bevil Wooding

When Columbus Networks and Cable & Wireless Communications announced the formation of their new joint venture entity at International Telecoms Week 2013, it signaled an important milestone for the telecommunications sector in Latin American and the Caribbean. The development comes at a time when the region's appetite for bandwidth is rapidly rising. The market for wholesale broadband capacity is experiencing solid growth and shows no sign of slowing anytime soon. It is no surprise then, to see consolidation in the market as service providers position themselves to take full advantage of the expected growth in demand.

Significant Development

Columbus Communications’ Submarine Cable Footprint (Click to Enlarge)
Source: Columbus CommunicationsThe two companies were already the most significant providers of wholesale bandwidth for the region. Barbados registered Columbus International, which operates in 27 markets in the greater Caribbean, Central American and Andean region, estimates that it currently manages 70% of the region's traffic. CWC Wholesale Solutions is a subsidiary of UK-based Cable & Wireless Communications, which manages a diverse set of telecommunications businesses in Central America and the Caribbean including the well-known LIME brand.

Their new arrangement is not a union of equals. CWC's assets, subject to the joint venture arrangement, had a gross asset value of US$108.2 million, and recorded a loss before tax of US$0.9 million in the year to 31 March 2013. In contrast, Columbus's assets, subject to the joint venture arrangement, had a gross asset value of US$304.6 million and recorded a profit before tax of US$29.3 million in the year to 31 December 2012. Their joint venture, called CNL-CWC Networks, will be managed by Columbus, whose share will be 72.5% to CWC Wholesale Solutions' 27.5%.

Columbus and CWC in a joint statement said, "The new joint venture company will serve as the sales agent of both Columbus Networks and CWC Wholesale Solutions for international wholesale capacity." It added, "Columbus Networks and CWC Wholesale Solutions will retain ownership and control of their respective existing networks in the region."

The companies expect that after completing necessary network interconnections, the joint venture will offer wholesale customers an expanded network platform that spans more than 42,000 kilometers and reaches more than 42 countries in the region.

Officials from both companies shared that they hope to offer customers greater IP traffic routing options, improved reliability and higher performance as the joint venture rolls out. However, for all their enthusiasm about the joint venture, the success of an enlarged Columbus/CWC is by no means guaranteed. Given the strong parent brands, there is the real possibility of potentially conflicting strategies from Columbus and CWC for development of the Caribbean market.

It remains to be seen how the enlarged entity will position itself in the market. For Columbus, the deal enables the supply of international wholesale capacity and IP services to markets the company does not currently reach, such as Grenada, Barbados, St Lucia, Antigua and St Vincent and the Grenadines. It also provides them with additional connectivity options for Dominican Republic and Jamaica. For Cable and Wireless, its current LIME territories will be able to benefit from enhanced bandwidth capacity, enabled by access to Columbus Networks sub-sea capacity.

However, both companies must await further regulatory approvals in Panama, Columbia, Cayman Islands, The Bahamas, Anguilla, Antigua and Barbuda, The British Virgin Islands, Montserrat and St Kitts and Nevis before they can begin rolling out services on behalf of the joint venture in those countries. It is anyone's guess as to how long this approval process will take.

Unanswered Questions

The promise of an expanded network that can offer greater resilience, redundancy and routing options for Caribbean and Latin American traffic is certainly laudable. So too is the possibility of improving the region's access to international capacity to better meet the increasing demand.

However, the benefits of this joint venture must be weighed against the possibility that this new entity can negatively influence pricing, competition and downstream market growth. Unhealthy collusion or price-fixing in this significant sector of the telecommunications market could deal a serious blow to already fragile economies in the region. This must not be allowed to happen.

But who is to be tasked with the responsibility of ensuring that things proceed in the interest of health market growth and economic development?

There is no official body with the means or mandate for providing oversight of the region's telecommunications sector. The small markets of the Caribbean are marked by under-resourced national regulators, more practiced in responding to local telecom wrangling than to strategically analyzing the international wheeling and dealing of trans-national players.

So the questions now are, who is going to act as watchdog to safeguard regional, national and public interests? And, who is going to ensure that the promised efficiencies and capacity increase, actually benefit the region? Hopefully, it will not be too long before the answers emerge.
Written by Bevil Wooding, Internet Strategist at Packet Clearing House
Follow CircleID on Twitter
More under: Access Providers, Broadband, Telecom
ICANN and GAC: A New Role Needed?

Posted: May 14th, 2013, 11:55pm WST by Wout de Natris

Syracuse University professor Milton Mueller published a blog under the title "Will the GAC go away if the Board doesn't follow its advice?". Having been to a number of (very limited) ICANN meetings on behalf of law enforcement cooperation, I would like to share a few — probably thought provoking — observations. The GAC should not leave ICANN but it may be more efficient if its role changed and its efforts were aimed at a different form of output.

Governments and direct influence

I know that I should explain here what ICANN and the GAC is, but this article is only of interest if you already have some background.

Over the past few years the role of the GAC, Government Advisory Committee, within ICANN, Internet Corporation for Assigned Names and Numbers, seems to have changed. Having started as an advisory board, giving an advice to the ICANN board, which can be ignored or only taken to heed in parts, GAC operates more forceful. From advice to orders it seems.

As ICANN is multi stakeholder all the way and, as most internet related organs work, bottom up and through consensus only. Perhaps the most stifling form of democracy, but democracy it is. Show up or participate remotely and your voice is heard.

In this environment governments are seeking attention for their needs and concerns over the internet. Shouldn't they ask themselves: Is this the correct place to have direct influence?

Why are governments concerned?

The internet as we know it was created outside the view and influence of governments and by the time of the commercial boom, let's say, since 1998, most western countries had liberalised the telecommunication markets. If anything was regulated it was the old telephony and access fees, not the internet.

With the rise of commercial opportunities also other opportunities arose for criminal actors, hacktivists, activists, free speech advocates, state actors, etc. The results of these opportunities concern governments (of all sorts, for different reasons) as all sorts of national interest from public safety to economic are at stake. By the time governments seriously started to look around for enforcement matters and regulations they faced a global challenge. Hence the drive to have more say on internet related policy discussions. Hence more interest in ICANN, ITU, IGF, etc., but mostly ICANN it seems. But again is ICANN the right places to have direct influence?

GAC and ICANN

What also surprises me, is that governments put all this effort into ICANN. In the end this organisation handles only one aspect of what makes the internet work. Is this because it is the best organised one? There are so much more topics and equally important ones, where there seems less involvement. The RIRs, technical internet bodies, CERT meetings, etc., are less government attended. So again is ICANN the right place to have influence?

National laws

If a government wants real influence it has to write law that is binding within its own country. It would be advisable that (several) governments coordinate on laws and regulations, e.g. the E.U., perhaps even beyond. The three times a year GAC meeting could be great for coordination. Why go national?

The internet is only as stateless as the first cable coming on/into land somewhere. Everything behind that is within a nation state. This is where influence starts or could start should a government wish to have influence.

Let's say that a government wants a ruling on:

1) a validation of (a domain name registration by) registrars and registries and resellers. It can lobby with ICANN and hope for self-regulation or it can write it in the national law;

2) abused IP addresses revocation. It can lobby with the RIRs (Regional Internet Registries) or write a regulation into national law;

3) revocation of abused domain names? Idem;

4) National organisations implementing best practices developed at the IETF, it can lobby there or oblige national organisations, e.g. ISPs, to respond and implement within six months through national law;

5) etc., etc., etc.

A national regulation, whether directly enforced or through mandatory self-regulation, would be much more effective from a government's perspective than lobbying within multi-stakeholder groups and hope for the best. Does this mean governments have to leave these groups?

A new role

I'm not claiming that governments should leave ICANN. I'm not even propagating regulatory regimes here. To the contrary, but I do think the present effort could be bettered. Governments should use ICANN meetings, and all others around the internet, to understand which topics are important, what issues are at stake, inform themselves as good as possible from all sides by asking all the right questions and to have a true understand of it all. From this understanding they can build their policies, using all that acquired information.

Policy that on the one hand aids the development of the internet and the economy while on the other assists in making it more secure. There is a fine line to walk here, but a line governments need to walk to be most effective on both sides. And, without the aid of industry it will never come about.

Conclusion

So, governments, lay down your ears and give your advice, but then go home and act on it in the best way possible. Preferably coordinated.
Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement
Follow CircleID on Twitter
More under: ICANN, Internet Governance, Policy & Regulation, Top-Level Domains

Veni Markovski - The Blog

Принципът “Това на мен няма да ми се случи!” и защо Анджелина Джоли е направила нещо изключително

Posted: May 14th, 2013, 9:35pm WST by Veni Markovski | Вени Марковски

Актрисата Анджелина Джоли си е направила двойна мастектомия (оперативно отстраняване на двете гърди), пишат нашите вестници. Понеже едва ли някой от тях ще си направи труда да преведе цялото ѝ писмо до “Ню Йорк Таймс”, пускам връзка към оригиналната статия. Прочетете я, ако не знаете добре английски, използвайте преводачa на Google.

Но искам да ви кажа и нещо повече.

Видях във Фейсбук следното мнение по адрес на Анджелина Джоли: “Това е тоталната лудост – по-голяма дори и от лифтинга и козметичните операции – слабостта на великата нация, която мисли, че може да постигне безсмъртие в рамките на масачузетския университет, а по-късно и в ел ей. Наивно, да не кажа глупаво отношение към най-важния въпрос – този за смъртта и към най-очевидния и безпорен факт от бъдещето – всички хора са смъртни. Да изрежеш и двете си гърди, защото вероятността да заболееш от рак е голяма, означава да спреш да живееш, защото вероятността да умреш във всеки следващ миг е сто милиона пъти по-голяма….Тази новина ме разби!”

Нарочно пускам цялото мнение, защото то е написано въз основа на публикуван текст в българско издание. Българското издание не просто е написало “новина”, но редакторите дори не са си направили труда да прочетат и правилно пресъздадат това, което е сторила г-жа Джоли.

Ние, българите (а и балканците) живеем на принципа “Това на мен няма да ми се случи!” Това – медицински изследвания, превантивно лечение, загриженост за това да си по-дълго с децата си… Къде ти? “Това на мен няма да ми се случи!”
Да си слагаме коланите в колата, защото може да попаднем в катастрофа? Хайде, стига де – “Това на мен няма да ми се случи!” И т.н., и т.н.

Анджелина Джоли не просто е направила нещо изключително отговорно, което изобщо несвързано с мисленето за безсмъртие, както пише Явор, а е помислила преди всичко за децата и близките си.

Можеше ли да не го прави и да продължи още няколко години да живее (не)спокойно?

Можеше, разбира се.

Но нейният принцип не е “Това на мен няма да ми се случи!”

IGP Blog

Will the GAC go away if the Board doesn’t follow its advice?

Posted: May 14th, 2013, 10:24am WST by Milton Mueller

A video was posted of an ICANN staff member interviewing the Chair of ICANN’s Governmental Advisory Committee, Heather Dryden of Canada. The interview appeared on the ICANN website one day before the deadline for public comments about the Beijing advice issued by the GAC. The Beijing Communique, hammered out in a closed room where no [...]

CircleID

ICANN at the Inflection Point: Implications and Effects Of the GAC Beijing Communique

Posted: May 14th, 2013, 2:38am WST by Philip S Corwin
Author's Foreword

Although this article was first published just a few days ago, on May 8th, there have been several important intervening developments.

First, on May 10th ICANN released a News Alert on "NGPC Progress on GAC Advice" that provides a timetable for how the New gTLD program Committee will deal with the GAC Communique.ⁱⁱⁱ Of particular note is that, as the last action in an initial phase consisting of "actions for soliciting input from Applicants and from the Community', the NGPC will begin to "Review and consider Applicant responses to GAC Advice and Public Comments on how Board should respond to GAC Advice re: Safeguards" on June 20th. This will be followed by a second phase consisting of "actions for responding to each advice given by the GAC", including development of "a GAC scorecard similar to the one used during the GAC and the Board meetings in Brussels on 28 February and 1 March 2011".

In regard to how this may affect the timeline for introduction of new gTLDs, the Alert notes, "Part 2 of the Plan is not yet finalized and, with respect to some of the advice, cannot be finalized until after the review of the Public Comments due to be completed on 20 June." Thus it is impossible to know at this point in time how much delay ICANN's response to the GAC Communique may create for the introduction of new gTLDs, especially for those subject to the additional or further targeted safeguards for stings related to regulated industries and professions — although the outlook seems to generally adhere to the projections made in the article. I would guesstimate that some strings affected solely by the GAC's basic safeguards could launch in the third quarter of 2013, while those encompassed by the additional safeguards probably face delay until the last quarter of the year at a minimum. The next meeting of the NGPC takes place on May 18th in Amsterdam, where "Resolution(s) on GAC Advice" is on the agendaⁱⁱ; any such Resolutions are more likely to be procedural than substantive — with substantive reaction, much less implementation, waiting until after GAC interaction with the Board at the mid-July ICANN meeting in Durban.

Of course, regardless of how ICANN deals with the Communique, no new gTLDs can launch until the standard Registry Agreement (RA) is made final and adopted by the Board (and it may require yet further amendment to implement GAC safeguards and other advice) — and the same steps are completed for the revised Registrar Accreditation Agreement (RAA) if, as seems likely, only registrars adopting the revised RAA will be permitted to provide domain registration services for new gTLDs.

Second, on May 10th ICANN also released a video interview — "GAC Chair Heather Dryden on the Beijing Communiqué and New gTLD Advice"ⁱⁱⁱ — in which Chairwoman Dryden makes some significant assertions:
- The safeguard advice was not an attempt to impose new obligations on registry operators but about pre-existing obligations and applicable law, and should therefore be viewed as implementation rather than new policy.
- The GAC is not suggesting a new global regulatory regime but measures that are consistent with ICANN's existing role. Responding to questions posed by Brad White, ICANN's Director of Global Media Relations, Ms. Dryden explained:
- It's really not intended to impose a new global regulatory regime. It is intended to be consistent with ICANN's existing role and serve as a reminder to those that have applied of what is really involved with implementing if they are successful a string globally as well as really wanting to emphasize that some of those strings raise particular sensitivities for governments
- The GAC believes there must be a good reason to permit exclusive registrations at a generic gTLD and encourages community discussion of the proper "public interest' standard.
- The GAC does not view the Communique as 11th hour advice but as a more detailed reiteration of general advice on gTLD string categorization that was not taken. The Communique is utilization of a standard ICANN mechanism consistent with the GAC's primary role of advising on public policy aspects of ICANN actions.
- On the overarching political considerations that will color ICANN's response to the Communique — If ICANN were to ignore the GAC advice many governments would question the usefulness of the GAC and their continued participation in and support of ICANN. Ms. Dryden stated:
  WHITE: Suppose the [ICANN] board in the end says "thank you very much for the advice, we've looked at it, but we're moving on" and basically ignores a lot of that advice?
  
  DRYDEN: I think it would be a very immediate reaction, questioning the value of participating in the Governmental Advisory Committee. If it is going to be the place for governments to come and raise their concern and influence the decision making that occurs at ICANN then we have to be able to demonstrate that the advice generated is fully taken into account or to the maximum extent appropriate taken in and in this way governments understand that the GAC is useful mechanism for them.
  ...
  WHITE: What you seem to be saying is there is concern about whether or not some governments might pull out from that multi-stakeholder model?
  
  DRYDEN: Right, right why would they come? How would they justify coming to the GAC meetings? Why would they support this model if in fact it's there aren't channels available to them and appropriate to their role and perspective as a government?
- The GAC's priorities for the July ICANN meeting in Durban are the fourteen strings specifically identified as requiring further consideration, as well as implementation of the proposed safeguards. Ms. Dryden explained:
  There may well also be aspects of safeguard advice that we would discuss further with the board or with the community or would need to, particularly the implementation aspects of some of the new safeguards that the GAC identified.
Chairwoman Dryden also concedes that the GAC advice may have been misunderstood because it was developed behind closed doors and therefore deprived members of the ICANN community of an opportunity to better understand the GAC's concerns and reasoning, and she appears to pledge that the GAC will operate with greater transparency in the future.

In addition to providing useful background on the GAC's thinking, the interview also reiterates that if ICANN fails to provide adequate response to the Communique it risks disengagement from the ICANN model by GAC member nations. In addition to providing an opportunity for demonstrating effective self-regulation, reasonable implementation of the safeguards can also head off more onerous top-down legislative and regulatory approaches. Imagine, for example, if in the absence of a meaningful response by ICANN to the GAC the European Community (EC) were to adopt legislation that incorporates the safeguards as a prerequisite for the sale of new gTLD domains by registrars operating in the Community as well as for the transaction of online business with EC consumers by their registrants?

Finally, initial public comments on the safeguards have started to be posted.iv Predictably, some support various elements while others urge rejection on the grounds that the Communique consists of tardy and ill-defined changes in policy that are at odds with the multi-stakeholder model.

Notwithstanding some negative comments and related press treatment, the overarching politics of the situation will almost surely result in a very serious ICANN process for considering the proposed safeguards and other components of the Communique, and seeking to implement them in a manner that is effective but does not impose undue or inappropriate burdens on contracted parties while maintaining ICANN's role as technical manager of the DNS in a manner that respects and enforces existing public policy but does not usurp roles that belong to legislators and regulators. New gTLD applicants, other members of the ICANN community, and interested third parties have an opportunity to influence ICANN's further consideration and implementation of the GAC advice over the next several months.

* * *

NEW TOP-LEVEL DOMAINS

(Synopsis) The Governmental Advisory Committee communique and responsive requests for comments provide an opportunity for everyone involved with the Internet Corporation for Assigned Names and Numbers and every interest affected by the new TLD program to submit final input on its proposed framework for the launch of new TLDs, the author writes. The added steps will likely cause delays and impose new duties, but will also provide a blueprint for ICANN and registry operators to work cooperatively with the global public sector in decades to come.

* * *

On the afternoon of April 11, 2013, the last day of ICANN's 46th Public Meeting in Beijing, China, its Governmental Advisory Committee (GAC) issued a long and detailed communique with significant implications for the approximately 1,400 unique applications submitted to ICANN's new TLDs program — and, based upon its implementation response, for ICANN itself.

The communique — the end product of a week of intense work undertaken by more than 100 participants from governments attending and engaging in the Beijing meeting — was foreshadowed by a March 31 GAC announcement¹ that GAC meetings in Beijing would focus on "controversial or sensitive strings and applications," with sessions organized on "safeguard advice on the basis of categories of strings" and "GAC advice/objections on specific applications."

While the GAC has reverted to holding closed door meetings — excessively in our view, within an ICANN organization dedicated to transparency and accountability — during the days before the ICANN meeting and its initial days, the GAC did reach out. The GAC met with many parties, including the GNSO Council charged with TLD policy matters, the Commercial Stakeholder Group, the ICANN Board of Directors, and others.

The GAC was striving to deliver its input before the Beijing meeting concluded. The communique arrived in the middle of the Beijing Public Forum, where individuals directly address the ICANN Board on relevant topics.

The communique elicited immediate outcry from some that its proposals constituted major changes in the rules of the new TLD game after the game had begun, would cause undue delay, fostered internet censorship — and that it should be subject to public comment. But it received support from others who believe that the GAC is best positioned to address public interest issues implicated by ICANN activities. Further, many of the issues addressed by the GAC were not clearly evident until after the sheer volume and relevant specifics of new TLD applications had been fully digested.

ICANN's Unprecedented Move

In a somewhat unprecedented move, ICANN acquiesced to the call for public comments and is even requesting two separate types.

First, on April 19, new TLD applicants were advised that they were being provided with 21 days, until May 10, to respond to the GAC advice.²

That notice, as well as the official "GAC Advice Response Form for Applicants," takes a wide open approach. The notice provides no guidance on how feedback should be structured, such as whether applicants should critique the advice, outline how they intend to comply with it, or both. The attached form asks only for the applicant's name, ID number, and applied for string — followed by "Response:" and a blank space to fill.

Shortly thereafter, on April 23, ICANN published a general notice of request for public comment from any interested party on "New TLD Board Committee Consideration of GAC Safeguard Advice," with an initial comment deadline of May 14 and a subsequent reply period closing on June 4.³

The explanation of the general public comment invitation provides this background:
On 11 April 2013, the Governmental Advisory Committee issued its Beijing Communique´ in which it provided advice on New TLDs. The Board New gTLD Committee, acting on behalf of the full Board, will now consider how to address the GAC Advice. To help inform this process, the Committee has directed staff to solicit comment on how it should address one element of the advice: safeguards applicable to broad categories of New gTLD strings. Accordingly, ICANN seeks public input on how the Board New gTLD Committee should address section IV.1.b and Annex I of the GAC Beijing Communique´.

As can be seen, the scope of comment being solicited from the general public is circumscribed, with requested input limited to the portions of the communique proposing "safeguards" — although many commenters will likely ignore that restriction and address other portions as well.

Again, ICANN has provided no further refinement of the request for comment, giving no indication as to what feedback would be most useful to the Board's new TLD program committee. This unique and noteworthy approach may well result in feedback being received from parties not normally engaged with or active within the ICANN community.

Those most directly affected by the GAC advice, new TLD applicants, may well choose to participate in both their exclusive comment forum as well as this general one — especially as the reply period for the latter extends to nearly four weeks past their own May 10 cutoff date — if they are willing to make their responses public.

Potential Implications

Before getting into the specifics of the GAC safeguard advice, the following are some guesses about the implications and effects that will flow from it.

Timing of New TLD Introductions

From now until the end of the July 14-18 ICANN meeting in Durban, South Africa, the ICANN community will consider and react to the GAC Advice.

The time from Durban until the final meeting of 2013, November 17-21 in Buenos Aires, Argentina, will likely be the period of ultimate determination as to how much of it will be accepted by ICANN's Board, followed by implementation on the part of both ICANN and applicants.

ICANN's new TLD program committee, composed of non-conflicted Board members, has scheduled discussion of a "Plan for responding to the GAC advice issued in Beijing" as the only agenda item for its May 8 meeting.⁴ But substantive reaction is likely to await receipt and consideration of applicant and public feedback as well as staff analysis of both the communique and the comments.

As the GAC wants all new TLD safeguards to be subject to "contractual oversight" by ICANN it is highly probable that additional amendments to the proposed new TLD Registry Agreement (RA) will need to be drafted and put out for public comment prior to final adoption, adding some additional delay to the rollout of new TLDs.

Registry Operator Responsibilities

Acceptance of even portions of the GAC advice will likely impose duties on registry operators to update and strengthen their terms of service.

Registries will also need to submit or update Public Interest Commitments Specifications (PICS), and assume registrant monitoring and coordination duties with regulators and industry bodies that they probably did not envision or price into their business model.

Requirements that registries immediately suspend domains in certain circumstances could re-ignite "domain censorship" due process concerns that last flared during the PIPA/SOPA internet blackout.

Role of Governments at ICANN

ICANN's and key stakeholders' reactions to the GAC communique may well determine whether governments remain engaged in and embracing of the ICANN multistakeholder model — or begin to drift away.

Internet governance options exist outside of ICANN that are generally less favorable to and welcoming of contracted parties, business, and civil society. A multi-governmental shift away from ICANN would connote negative long-term implications for its existence. It could also eventually subject the DNS to a maze of disparate national laws and policies or the more worrisome specter of intergovernmental oversight far more intrusive than GAC advice.

ICANN, with the acquiescence of its multistakeholder community, will ultimately adopt a majority of the GAC recommendations in some form as doing so is in its long-term institutional interest.

Overall, the receipt of the GAC communique and ICANN's solicitation of applicant and public comments on it marks an inflection point for the organization, and the manner in which it assimilates the advice and the responsive feedback will define its working relationships with governments through the end of the decade, and perhaps beyond.

In their video interview at the conclusion of the Beijing meeting, Board Chairman Steve Crocker stated that the communique raised "interesting issues that have to be dealt with, and we'll be quite thorough about it." CEO Fadi Chehade committed that action would be taken only following consideration of public comment from the "entire community" along with staff analysis.

As it is not at all customary to subject GAC advice to direct public comment, this will be politically sensitive, complicated, and highly detailed work invoking multiple judgment calls.

New TLD Advice on Which ICANN Has Not Requested General Public Comment

The April 18 notice to new TLD applicants solicits feedback on every aspect of the GAC communique, with applicant responses to be published and provided to the full ICANN Board.

However, it is not clear whether individual applicant responses will be made public. Should any applicant respond to the GAC by seeking to file a PICS — which raises the collateral question of whether ICANN will waive the previously expired deadline for PICS submissions — those filings are made public at the updated application status page of the new TLDs website.

GAC advice affecting new TLD strings on which applicant feedback is being explicitly solicited, but general public response is not, includes:

Targeted Advice

Targeted advice against proceeding further on a specific application for .africa and one for .gcc, as well as on applications for .islam and .halal; and advice not to proceed beyond initial evaluation for two Chinese Internationalized Domain Name (IDN) strings (.shenzhen and .guangzhou) as well as the applications for .persiangulf, .amazon (and related IDNs in Japanese and Chinese), .patagonia, .date, .spa, .yun, .thai, .zulu, .wine, and .vin.

Written Briefing

The GAC's request for "a written briefing about the ability of an applicant to change the string applied for in order to address concerns raised by a GAC Member and to identify a mutually acceptable solution."

Such a briefing should also be made publicly available, as this is a critical issue for applicants and the general public because it relates to the central question of whether and the extent to which an applicant can amend its application to comply with a relevant GAC safeguard if it is adopted by ICANN.

Community Support

The GAC's view on community support for applications, in which it advises "that in those cases where a community, which is clearly impacted by a set of new TLD applications in contention, has expressed a collective and clear opinion on those applications, such opinion should be duly taken into account, together with all other relevant information."

That seems elementary, yet it fails to resolve ongoing disputes about whether or not certain strings legitimately fall into the "community" category, as well as who can legitimately claim to speak for the impacted community.

Singulars Versus Plurals

The GAC's belief that "singular and plural versions of the string as a TLD could lead to potential consumer confusion" and the consequent advice that the Board should "Reconsider its decision to allow singular and plural versions of the same strings."

This is a reaction to the February 26 decision of ICANN's string similarity panel that singulars and plurals of the same term did not create a probability of visual similarity confusion, a conclusion that many have categorized as clueless, as well as something that is likely to receive general public comment notwithstanding it falling outside the "safeguard' category.

At the Board-GAC interaction in Beijing, the Board advised the GAC that it would not second guess the Panel's conclusion and that "the ball is now in your [the GAC's] court."

The GAC has now forcefully tossed the ball back to the Board. Some ICANN constituencies have already weighed in with the view that singular and plural versions of a string should be placed in the same contention set.

IGO Protections

Reiteration of prior advice that "appropriate preventative initial protection for the IGO [Intergovernmental Organizations] names and acronyms on the provided list be in place before any new TLDs would launch."

The RAA

Advice that "the 2013 Registrar Accreditation Agreement should be finalized before any new TLD contracts are approved' with the notation that "The GAC also strongly supports the amendment to the new TLD registry agreement that would require new TLD registry operators to use only those registrars that have signed the 2013 RAA."⁵

IOC/Red Cross Protections

Strong advice that ICANN should "amend the provisions in the new TLD Registry Agreement pertaining to the [International Olympic Committee/Red Cross-Red Crescent] IOC/RCRC names to confirm that the protections will be made permanent prior to the delegation of any new TLDs.

PICs

A request for "more information on the Public Interest Commitments Specifications [PICS] on the basis of the questions listed in annex II."

These GAC-posed questions may become critical matters to be addressed, especially for applicants seeking strings in categories raising heightened GAC concerns as well as for third parties concerned by those applications. The questions raised in Annex II are addressed later in this article.

Annex I – The GAC's Proposed Safeguards

Annex 1 of the communique addresses "Safeguards on New TLDs" with introductory advice that "The GAC considers that Safeguards should apply to broad categories of strings. For clarity, this means any application for a relevant string in the current or future rounds, in all languages applied for."

The GAC is clearly stating that its advice should be interpreted and implemented broadly, not narrowly. This introduction further advises that all the proposed safeguards should "be implemented in a manner that is fully respectful of human rights and fundamental freedoms," "respect all substantive and procedural laws under the applicable jurisdictions," and "be operated in an open manner consistent with general principles of openness and nondiscrimination."

None of that seems particularly objectionable, but even this hortatory language raises such interpretative questions as to what are the "applicable jurisdictions" for a particular string — and how should operation in an open manner be squared with later admonitions relating to strings related to regulated industries and professions where domain registrations are to be circumscribed?

Safeguards Applicable to All New TLDs

The first detailed section of the advice proposes that six specific safeguards be applicable to all TLDs and "be subject to contractual oversight" by ICANN.

At a minimum, to the extent that ICANN accepts any of this it will then need to review the existing new TLD Registry Agreement (RA) — already the subject of some controversy, especially in regard to whether ICANN should have some unilateral right to amend it — and determine whether further amendments are needed to incorporate any parts of the GAC advice that are adopted.

As ICANN is not a governmental body and all of its powers over registries and registrars are derived via contractual enforcement, this is no small matter.

On April 29, ICANN published the Proposed Final New TLD Registry Agreement for public comment, open through June 11.⁶ Yet, except in the highly unlikely event that ICANN rejects all of the GAC's safeguards proposals, adoption of any of them would seem to inevitably require further amendment of the RA to spell out related, contractually enforceable registry obligations — with such further amendment triggering yet another period of public comment.

Further, as the following analysis illustrates, the question for ICANN's Board is not just whether to accept a particular safeguard but how to implement it in a manner that is effective yet reasonable. Determining the right balance will take time.

Six Basic Safeguards

The GAC's proposed six basic safeguards are:

1. WHOIS Verification and Checks

Registry operators are to conduct statistically significant checks at least twice a year on false, inaccurate, and incomplete WHOIS registrant identification data, and notify registrars of inaccurate or incomplete data.

This appears to impose proactive oversight and enforcement duties that registry operators were probably not contemplating. It also implicates matters addressed by the just-released-for-comment final Registrar Accreditation Agreement, as well as ongoing discussions focused on increasing WHOIS registrant data accuracy. All of these approaches must ultimately be reconciled and coordinated.

2. Mitigating Abusive Activity

Registrant terms of use must "include prohibitions against the distribution of malware, operation of botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law."

No one can be in favor of such activities, but that begs the questions of whether this imposes some affirmative oversight duty on registry operators, and what steps they should take to monitor compliance with and enforce such prohibitions. Also, in some instances the issue of whether a violation has occurred may not be discernible absent other adjudicative processes.

Trademark infringement, for example, is already the subject of the UDRP and national laws. It will also be addressed by the two new rights protection mechanisms — the trademark clearinghouse and uniform rapid suspension system in new TLDs — but all these mechanisms require some judicial or expert determination of where infringement has actually occurred.

Digital copyright infringement is an evolving and muddled area of the law in which courts in the same nation have reached sharply divergent opinions on similar fact patterns. While some "piracy' may be evident from a cursory review of a website, other alleged instances invoke unsettled legal issues. Ultimately, the question is whether registry operators should wait on law enforcement authorities or adjudicative processes to verify legally actionable harm, or take their own initiatives to identify and halt it.

3. Security Checks

In a bow to law enforcement concerns, registry operators are to periodically conduct technical analyses of whether domains are being used to perpetrate security threats "such as pharming, phishing, malware, and botnets," all the while "respecting privacy and confidentiality." Such information is already available from various industry groups, with existing registry operators typically engaged in these initiatives. In addition, the new TLD registry application process already includes security checks.

Nonetheless, this could require registries to take on proactive, quasi-police cybersecurity inquiries. More disturbingly, where security risks posing "an actual risk of harm" are identified, registry operators must notify the relevant registrar. If the registrar fails to "take immediate action" then the registry operator must "suspend the domain name until the matter is resolved."

This recommendation is almost sure to be controversial, as domain suspensions are widely viewed as equivalent to internet censorship. The notion that private parties will do this on their own accord, absent any due process requirements, and with no additional definition as to how or by whom the matter will ultimately be resolved, raises significant questions concerning registrant rights.

4. Documentation

Registry operators are to maintain statistical reports on inaccurate WHOIS records or security threats and provide them to ICANN on request. This advice does not seem particularly burdensome or controversial.

5. Making and Handling Complaints

Registry operators must have a mechanism for other parties to submit complaints about domains with inaccurate WHOIS information or domains being used to facilitate bad acts. This safeguard, motivated by growing concerns in regard to cybercrime, fraud, and abuse, is not particularly burdensome, either.

But questions remain unanswered: What is the registry operator's duty to further investigate such complaints, and what action should be taken if it finds them well-founded? Will ICANN's compliance staff have an intermediary role in this area?

6. Consequences

Registry operators must, "consistent with applicable law" — to the extent it exists or is clear — "ensure that there are real and immediate consequences for "domains with false WHOIS violations or being used in breach of "applicable law," and "these consequences should include suspension of the domain name."

Domain suspension, as was seen during the PIPA/SOPA debate, is viewed by many as synonymous with internet censorship, and the requirement that registry operators assume policing oversight powers may well generate substantial controversy. The requirement may also trigger discussion of the existence and adequacy of due process protections and a defined appeals process for affected registrants.

In sum, the six basic safeguards call for various oversight and investigative responsibilities that many registry operators may not have contemplated when they constructed their business plans.
Their implementation also may imbue registry operators with certain additional domain enforcement powers that in turn raise related due process questions.

To some extent, these recommendations may be an attempt by fiscally-strapped governments to place the costs of policing and subduing negative externalities resulting from new TLDs back onto registry operators, minimizing the need for potential allocation of substantial new public sector resources focused on law enforcement and cybersecurity.

Additional Safeguards for Particular Categories of New TLDs

Beyond those six basic safeguards recommended for all new TLDs, the GAC prescribes additional safeguards for strings related to regulated or professional sectors for which end users generally anticipate targeted protections.

The communique states:

Strings that are linked to regulated or professional sectors should operate in a way that is consistent with applicable laws. These strings are likely to invoke a level of implied trust from consumers, and carry higher levels of risk associated with consumer harm.

The dozen sectors identified by the GAC for application of these additional safeguards, accompanied in the communique by a non-exhaustive list of TLD applications asserted to fall within them, are:

children,
environmental,
health and fitness,
financial,
gambling,
charity,
education,
intellectual property,
professional services,
corporate identifiers,
generic geographic terms, and
inherently governmental functions.

One may certainly question why certain TLD applications made the GAC's nonexclusive list or have been placed in particular categories.

For example, .free, .gratis, .discount and .sale are all placed in the intellectual property category even though they might attract domains with no relationship to goods and services of a primarily IP nature. And .law is given its own separate listing rather than being placed in the professional services category along with .abogado, .attorney, .lawyer and .legal.

But, for the present purpose of this analysis, all the specifically listed applications are potentially subject to the additional safeguards depending on follow-up ICANN action. Other applicants with any possible relationship to the identified sectors should presume that they may be similarly affected before this process concludes. Those applicants, along with parties with concerns about or opposed to specific strings, should thoroughly review this advice.

Proposed Additional Safeguards for Regulated, Professional Sectors

The additional safeguards proposed for regulated and professional sectors — accompanied by some observations — are:

1. Applicable Use Policies.

Registry operators will include in their acceptable use policies a requirement that registrants comply with all applicable laws, including those that relate to privacy, data collection, consumer protection, fair lending, debt collection, organic farming, disclosure of data, and financial disclosures.

It seems axiomatic that registry operators must be in compliance with applicable laws of all types.

However, the questions raised again by such general use policies is to what extent a registry operator will be expected to proactively police and directly enforce them, and what are the applicable laws for a particular domain registrant?

What is a registry operator expected to do, for example, if a registrant is accused of operating in violation of a particular nation's laws and the registrant responds that under applicable principles for determining jurisdiction it is not subject to those laws? These are roles and decisions that have traditionally been delegated to law enforcers, regulators, and judicial forums, not to private parties lacking adjudicative expertise under contract to a nonprofit corporation.

2. Notifications.

Registry operators will require registrars at the time of registration to notify registrants of this requirement.

This is a relatively straightforward requirement to implement, although it will require registrars to identify and separate out affected TLDs and provide additional disclosures at or in close proximity to the time of domain registration.

It also highlights the fact that it is registrars, not the registry operators of new TLDs, who have direct contact and contractual relations with registrants. To the extent that registrars of particular TLDs are tasked with going beyond offering a simple domain purchase interface to registrants, and must provide and obtain acceptance of particular disclosures — much less ascertain that registrants satisfy relevant registration eligibility criteria — this will both complicate the domain registration process and generate costs that must be reflected in compensation arrangements with the registry operator as well as in the prices charged to registrants.

The only exception to the registrar standing as a separate intermediary between the registry operator and the registrant will be those instances in which the registry operator has directly affiliated with a registrar, now that ICANN has relaxed the former prohibition against such relationships — although, even then, for all but ".brand" or whatever other "closed generic" TLDs are permitted, there will likely be many unaffiliated registrars offering identical domain registration and renewal services for the TLD.

3. Security for Sensitive Data.

Registry operators will require that registrants who collect and maintain sensitive health and financial data implement reasonable and appropriate security measures commensurate with the offering of those services, as defined by applicable law and recognized industry standards.

While clearly having direct bearing on registrants at strings falling within the health and fitness and financial categories, this safeguard may also implicate others — as an example, at such professional services strings as .accountant(s), .doctor, and .realtor, where registrants will likely collect and maintain confidential health and financial data.

Again, the more difficult issues are what are the "reasonable and appropriate security measures" that registrants should implement to safeguard such data, what monitoring and enforcement duties are expected of registry operators to assure compliance, and what constitutes the "applicable law and recognized industry standards' that should be looked to in establishing relevant security measures?

The proper standards for protection and disclosure of sensitive digital data remain one of the most hotly debated matters of 21st century cyberlaw and policy, with sharp disagreements between governments and with and within affected industries — yet registry operators are being asked to require the implementation of responsive security measures by their registrants.

4. Working Relationships.

Establish a working relationship with the relevant regulatory, or industry self-regulatory, bodies, including developing a strategy to mitigate as much as possible the risks of fraudulent, and other illegal, activities.

For registry operators of TLDs falling within the listed sectors this would require an ongoing, perpetual establishment of a "working relationship" — but with whom? As one example, with what financial regulatory authorities and industry self-regulatory bodies located in which nations must the operator of .retirement establish a working relationship?

Is it to be based upon the nations to which .retirement registrants direct their activities, or must it involve global outreach so that any potential future registrant and its customers will be accommodated by an already existent working relationship? And what would comprise an effective strategy to mitigate potential fraud or other illegal activities by registrants — would this require proactive engagement, monitoring, and enforcement by registry operators, who may well be asked by regulators to establish such frontline risk mitigation activities?

Overall, this safeguard must be read in conjunction with the others, with the expectation that regulators will likely seek proactive registry operator involvement in the development and implementation of risk mitigation strategies.

Further, registry operators must take into account that a TLD is a global DNS resource. A registrant eligibility policy or regulatory engagement approach too narrowly focused on a specific nation(s) or region may well and rightly be criticized by potential registrants, consumer groups, and other public and private sector entities.

5. Single Point of Contact.

Registrants must be required by the registry operators to notify them of a single up-to-date point of contact for the notification of complaints or reports of registration abuse, as well as the contact details of the relevant regulatory, or industry self-regulatory, bodies in their main place of business.

Single points of contact are already standard practice for ISPs and web hosting companies. This safeguard again places a duty upon registry operators to obtain information from registrants with whom they otherwise likely have no direct dealings or contractual relationship. While the actual information that must be obtained — the unitary contact point for urgent notifications of reported abuse at a website — is relatively simple, the question again arises regarding whether the registry operator has a duty to validate this data on an initial or continuing basis.

Further, since this safeguard relies on the registrant to designate the contact details for what it claims to be its relevant regulatory and industry self-regulatory bodies in its main place of business, is there any duty for the registry operator to investigate whether the registrant has accurately done so? And does "main place of business" just cover the jurisdiction in which the registrant is domiciled — or all the additional jurisdictions in which it conducts or may seek to conduct substantial volumes of business with customers (e.g., a Bahamas-based .insurance registrant soliciting and conducting business in the U.S., E.U., and certain Latin American nations)?

Miscellaneous 'Gripe Site Registry Advice

In related GAC advice, applicants for the .fail, .gripe, .sucks, and .wtf TLDs are singled out to "develop clear policies and processes to minimize the risk of cyber bullying/harassment."

Such "criticism" TLDs could be particularly susceptible to such abuses — though they already exist today, often centered in "closed garden" social media platforms.

Further Targeted Safeguards

In addition to the six basic safeguards and the five additional ones for regulated and professional sectors, the GAC has also proscribed three additional safeguards for at least seven of the twelve sectors listed above — financial, gambling, professional services, environmental, health and fitness, corporate identifiers, and charity.

These additional safeguards are aimed at "market sectors which have clear and/or regulated entry requirements in multiple jurisdictions," and are applicable to some of the strings in the listed sectors — although the GAC provides no guidance as to which strings might be exempt and on the basis of what criteria exemptions might be granted or denied.

These further targeted safeguards consist of:

1. Added Checks

At the time of registration, the registry operator must verify and validate the registrants' authorizations, charters, licenses, and/or other related credentials for participation in that sector.

This verification and validation duty is placed on the registry operator, rather than the registrar who interfaces with the registrant at the time of registration. While the registry operator night prefer to delegate such responsibilities to registrars with which it has established business relationships, doing so as a thousand-plus diverse TLDs launch could prove infeasible.

Thus, there are questions of how such a process would be coordinated and the status of a registrant's registration until such time as the verification/validation duty is completed. It clearly places significant new responsibilities on registry operators — although one that is already managed by many ccTLD operators — that will entail the use of in-house or outside compliance counsel and staff.

2. Consultations With Regulators

In case of doubt with regard to the authenticity of licenses or credentials, registry operators should consult with relevant national supervisory authorities, or their equivalents.

This would require each registry operator to develop policies relating to how authenticity of credentials will be evaluated, as well as establish relationships with relevant supervisory authorities in all nations in which registrants may be domiciled or otherwise have significant jurisdictional contacts.

Again, this creates additional significant new compliance responsibilities likely to require increased staffing by both registries and ICANN.

3. Post-Registration Checks

The registry operator must conduct periodic post-registration checks to ensure registrants' validity and compliance with the above requirements in order to ensure they continue to conform to appropriate regulations and licensing requirements and generally conduct their activities in the interests of the consumers they serve.

This would place a continuing, post-registration duty on registry operators to not just confirm the regulatory compliance and licensing validity of registrants but to make a subjective judgment on whether they are conducting their activities in consumers' interests.

This raises the issue of whether it is reasonable and appropriate to place such subjective judgment responsibilities on what are primarily providers of technical DNS services. On the other hand, TLDs aiming to serve specialized communities associated with regulatory and licensing requirements may wish to accept this GAC advice and address it via responsive PICs as well as cooperative engagement with ICANN compliance staff to develop reasonable yet effective enforcement mechanisms.

Restricted Registration Policies — Limited or Exclusive Strings

In addition to the above proposed safeguards, the GAC provided advice regarding restricted or exclusive access to strings.

First, as "an exception to the general rule that the TLD domain name space is operated in an open manner registration may be restricted," with such restrictions being particularly applicable for strings subject to the extra safeguards for regulated and professional sectors — especially including those with entry requirements.

However, the GAC advice proposes that such registration restrictions be administered by registry operators "in a transparent way that does not give an undue preference to any registrars or registrants, including itself, and shall not subject registrars or registrants to an undue disadvantage."

In other words, registrant entry can be restricted, but the restrictions must be geared to the relevant risks associated with the TLD. The restrictions must also be transparent and neutral under the subjective standard of not providing an "undue preference [or] disadvantage."

What this means in practice will likely be a subject of some debate, and certainly provides an opening for any party who believes that a TLD's proposed registration restrictions seek to advance goals other than legal/regulatory compliance and consumer protection — such as granting an undue competitive advantage to a subset of potential registrants, or seeking to advance policy goals within the TLD program that more properly should fall to legislators or regulators.

The second and final bit of GAC advice in annex I addresses the controversial subject of "closed generic" TLDs, for which ICANN recently conducted a public comment period which attracted one of the largest numbers of comments in recent years.⁷

That extensive public feedback has so far resulted in no formally announced ICANN policy or position. Amazon, Google, and other business applicants from both the United States and abroad have applied for generic word domains in which they hold no trademark rights yet for which they have proposed to be the sole registrant.

Critics of "closed generic' TLDs have charged that they are fundamentally incompatible with the new TLD program's stated goal of fostering innovation and competition. Google, for one, has responded to such criticism by proposing significant alterations for four of its most controversial applications.

On this hot button subject, the GAC simply states, "For strings representing generic terms, exclusive registry access should serve a public interest goal." That statement is followed by a non-exhaustive list of strings identified by the GAC as constituting generic terms.

Registry Operator Code of Conduct

It appears that this is one bit of GAC advice that ICANN may have already taken into account.

The revised RA released by ICANN on April 29 proposes to strike the phrase "that are reasonably necessary for the management, operations and purpose of the TLD" from Section 1b of Specification 9, otherwise known as the "REGISTRY OPERATOR CODE OF CONDUCT" (COC). The proposed changes would replace the provision with authorization for the registry operator to allocate up to 100 domain names for its own exclusive use.

That deleted phrase constituted the prior parameters of the exception to the general rule that a registry operator will not register domain names in its own right — and some closed generics applicants had argued that the word "purpose" permitted avoidance of seeking a sole registrant exemption under Section 6 of the COC.

Presuming that deletion carries through the public comment and Board approval process for the revised RA, it would seem that closed generic applicants may now have no way to avoid seeking a formal exemption from ICANN.

ICANN staff provided no comprehensive explanation of the intended purpose of these proposed amendments to the evolving contractual documents, so there may well be parties who interpret this alteration differently.

The exemption language of Section 6 remains unchanged in the revised RA, and allows ICANN to grant an exemption in its "reasonable discretion" if a registry operator demonstrates to ICANN's reasonable satisfaction that:
- all domain name registrations in the TLD are registered to, and maintained by, registry operator for its own exclusive use,
- registry operator does not sell, distribute or transfer control or use of any registrations in the TLD to any third party that is not an affiliate of registry operator, and
- application of the code of conduct to the TLD is not necessary to protect the public interest.
Thus, the GAC's admonition that closed generics must "serve a public interest goal" dovetails well with the Section 6 requirement that ICANN must determine that permitting closed generic operation is not adverse to the public interest — if all TLDs that propose to have the registry operator as sole registrant are indeed required to affirmatively seek an exemption.

The matter is not fully settled, as ICANN must still determine general principles to decide when application of the code of conduct is not necessary to protect the public interest. ICANN must then apply those principles on a case-by-case basis for those proposed closed registries that can still muster a convincing rationale for exemption.

It is quite possible that ICANN might find a public purpose in protecting trademarks at the top level of the DNS for non-generic, trademarked term ".brand" TLD applications.

The revised RA contains multiple, extensive additional revisions beyond the code of conduct changes that may also be highly controversial.

For example, on May 1 VeriSign Inc. filed an aggressive comment letter on the registry agreement,⁸ complaining that:

ICANN has broadened its unilateral amendment rights even further under a new and never before disclosed Section 7.7 which permits ICANN to make changes to the registry agreement on subjects that even the consensus policies are explicitly prohibited from considering — and beyond ... Under its bylaws, ICANN is to serve the Internet community based on bottom-up, transparent decision making. Sections 7.6 and 7.7 are the antithesis of lCANN's core values. They should not become part of registry agreements.

The Governmental Advisory Committee and Commerce Dept. should rein in any such unprecedented expansion of ICANN's powers. In the Affirmation of Commitments, the DOC affirms its commitment to a private sector led, bottom-up policy development process. Sections 7.6-7.7 seek the opposite.

As one example of what VeriSign purports ICANN could do unilaterally, "without governmental oversight and over the objections of registry operators," the letter states that:

ICANN unilaterally determines that no new TLDs should be operated in a closed manner and amends the agreement to require all TLDs to be open, endangering established registry business model.

However, as discussed, governments represented on the GAC have already given consensus advice that closed registries must further public interest goals — and many parties who filed public comments on "closed generics" wanted ICANN to ban them outright.

Regardless of the final provisions of the RA relevant to closed generics, the GAC's position is now clear — a string in which the registry operator is the only permissible registrant must serve a public interest goal. As for the overall RA, the new TLD program cannot go forward until all remaining disputes are resolved and it is made final, as there must be a standard contract document for registry operators to sign before their new TLDs can go forward.

Annex II – The GAC's PICs Questions

As noted earlier in this article, in the main body of the communique the GAC requests additional information on eight PICs-related questions contained in Annex II.

These questions relate to such matters as:
- Third-party and governmental intervention and objections;
- Availability of a PICs amendment process;
- Registry and public awareness of their commitments;
- Remedies for failure of a registry operator to submit PICs;
- Enforceability of PICs, whether by contract compliance or additional means; and
- ICANN criteria for acting on the recommendations of the PICs Dispute Resolution Provider (DRP).
- Remediation methods for registration policies resulting in harm.
While PICs were originally put on the table as an optional means for applicants to demonstrate their commitment to and recognition of responsibility to operate a particular TLD in a beneficial and non-abusive manner, many applicants did not file them because the self-imposed obligations result in no offsetting application award benefit.

The new TLD program rules encourage applicants for the same string in contention sets to resolve matters among themselves. Failing that, contention sets will be settled by auction where the highest bid settles matters irrespective of PICs or other qualitative applicant commitments.

Now the GAC communique may well be pushing PICs toward the status of mandatory and enforceable guarantees. Indeed, a few months ago the United States suggested that all TLD applicants should submit PICs — especially for categories of strings for which the GAC has requested additional safeguards.

If that is the case, then ICANN will eventually need to reopen the PICs submission window. Once filed, PICs are made available for public inspection — although not direct public comment — at the new TLD current application status page.⁹

Enforcement of Accepted GAC Advice

ICANN's Board consideration of the GAC communique is now clearly underway. The process raises threshold questions of whether and how various categories of GAC recommendations will be accepted, as well as multiple subsidiary issues of consideration of public comments, modification and implementation.

While we don't yet know which of the GAC advice will be accepted by ICANN, or with what modifications or implementation details, the realpolitik's of the current situation appear to dictate that a substantial number will find themselves into the final requirements for the first round of new TLDs.

That raises the question of how the safeguards and other accepted elements of GAC advice can be implemented in a manner that is "subject to contractual oversight by ICANN."

The standard approach would be to amend the RA so that the requirements for all similarly situated registry operators are uniform. But that could well require substantial additional delay in the new TLD program — first to draft concrete expressions of broad and subjective requirements and devise appropriate enforcement criteria, and then to republish the amended RA for further public comment.

The apparent controversy being generated by the April 29 RA revision drives home the possibility of extended delay.

The alternative approach would be to reopen the PICs window and require all applicants to submit initial or revised PICs that address the GAC's safeguards and other accepted advice.

But that would place an enormous review and feedback/revision burden on ICANN staff, as well as result in significantly disparate approaches and commitments from applicants seeking to operate in the same sector categories.

If a standard approach to consumer protection and harm mitigation are the main goals then a uniform approach through RA modification would seem the best route to assuring consistent implementation of safeguards.

Realpolitik 101: Substantial Portions of the GAC Communique Will Be Accepted and Implemented

Critics of the Beijing GAC communique may well assert that it comes two years too late, imposes inappropriate and vague burdens on registry operators that negatively impact their business models, gives governments an inappropriately enhanced role in ICANN's multistakeholder process, offloads governmental responsibilities onto the private sector, and will cause further delay in the new TLD program, among other complaints.

While there is some justification for those assertions, they are also beside the point.

ICANN is a unique and inherently fragile entity — a standalone nonprofit corporation imbued with authority to manage the addressing system of the most powerful global telecommunications network ever devised, dealing with issues that routinely intrude on legal and policy decisions normally the province of national governments or multinational organizations.

While freed of formal U.S. oversight in 2009, ICANN lacks the mass and velocity to escape governmental oversight of some type. Further, with ICANN no longer under the clear protective wing of a superpower, it must forge a rapprochement with the multi-governmental GAC to assure long-term viability.
Despite its CEO's articulation of "the multi-equal stakeholder model," in ICANN world, as in Orwell's Animal Farm, some stakeholders are more equal than others.

The Beijing communique can be regarded as the completion of a four-year governmental journey within ICANN since the termination of formal U.S. oversight and its replacement by the Affirmation of Commitments (AOC). There should be no surprise that it took so long — governments are by nature reactive and risk-averse entities, and the scale of the TLD program and the unexpected issues that developed added to the response time.

GAC members arrived early in Beijing and labored long hours over the course of an entire week to produce the communique. In a way, that commitment of time and effort, and the delivery and content of the document, signaled a broad multi-governmental embrace of the ICANN model and of the new TLD program. Imagine if, instead of proposing safeguards, the GAC had announced that the perceived threats to consumer protection, intellectual property, online competition and innovation, DNS stability and security, and other potential negatives generated by the program simply outweighed the potential benefits — and that therefore it should be halted. ICANN and applicants would now be in a crisis state if that had occurred.

If ICANN were now to reject the bulk of the GAC safeguards and other recommendations there might be no immediate dire consequences. What there likely would be is a collective decision by many governments that ICANN involvement is not worth the time and expense, and a drifting away of government involvement.

If, on the other hand, ICANN now adopts, with reasonable modifications, the bulk of the GAC advice it will provide the feedback that participating governments need to justify continued engagement — as well as to defend ICANN's model within other forums.

Continued Threats From ITU

The threat to ICANN's role and existence is far from dissipated — the International Telecommunication Union (ITU) will hold its World Telecommunication Policy Forum (WTPF) in Geneva this month, and the UN Internet Governance Forum is preparing for its next meeting in Bali, Indonesia. ICANN must continue to befriend governments, not alienate them.

A general embrace of the GAC communique can help ensure ICANN's long-term support from governments and thereby its survival — and, as for most organizations, self-preservation is a high priority. The survival of ICANN, whatever its flaws, is also better for business, civil society, and other constituencies than ICANN's replacement by a DNS manager in which governments have control rather than just substantial influence.

The GAC communique and responsive requests for comments provide an opportunity for everyone involved in ICANN and every interest affected by the new TLD program to submit final input on its proposed framework for the launch of new TLDs. Yes, it will likely cause some delay; and yes, it will impose unanticipated duties and responsibilities on all registry operators, particularly those seeking to operate strings related to sensitive sectors. But it also provides a blueprint for the means by which ICANN and registry operators can work cooperatively with the global public sector in decades to come.

ⁱ [www.icann.org]

ⁱⁱ [www.icann.org]

ⁱⁱⁱ [www.icann.org]

^iv [forum.icann.org]

¹ [https:]]

² [newgtlds.icann.org]

³ [www.icann.org]

⁴ [www.icann.org]

⁵ The Proposed Final 2013 RAA was issued for public comment on April 22, with the initial and reply comment periods ending on June 4 — see [www.icann.org]

⁶ [www.icann.org]

⁷ [forum.icann.org]

⁸ [forum.icann.org]

⁹ [https:]]

Copyright © 2013 by The Bureau of National Affairs, Inc.

Reproduced [or Adapted] with permission from Electronic Commerce & Law Report, Vol. 18, No. 20 (May 7, 2013). Copyright 2013 The Bureau of National Affairs, Inc. (800-372-1033) www.bna.com.
Written by Philip S Corwin, Founding Principal of Virtualaw LLC, a Washington, DC Law and Public Policy Firm
Follow CircleID on Twitter
More under: DNS, Domain Names, ICANN, Internet Governance, Law, Policy & Regulatio

What New gTLD Applicants Need Is a Quick, Lightweight Answer to the World's Governments. Here It Is.

Posted: May 11th, 2013, 5:39am WST by Kieren McCarthy
It's safe to say that with just a week to go before ICANN intended to sign the first contract for a new gTLD, the last thing anyone wanted was a 12-page document from the world's governments with 16 new "safeguards", six of which it wants to see applied to every new extension.

But what the industry shouldn't overlook, especially in the face of the expected critical responses this week and next, is that the Governmental Advisory Committee's (GAC's) formal advice from the ICANN Beijing meeting represents an opportunity for the domain name industry to lock-in self-regulation at a critical point in its evolution.

IFFOR has been focused for some time on the question of what registries will need to do in a world where domain names can end in any word. As such, we see the GAC advice as a simple reflection of genuine, and understandable, concerns from a body whose main job is to identify public policy issues.

It is also nothing new: IFFOR went through this exact process to find policy solutions to questions raised by GAC over the dot-xxx top-level domain. Many of the same issues are present in this most recent advice — something we highlighted at the beginning of the year.

So here is the good news: it is perfectly possible to find a simple, effective and lightweight solution that will meet the concerns of governments — including that it be contractually binding — while keeping ICANN firmly out of content regulation.

It is also possible to do it right now without compromising business plans, redrawing financial projections, or seeking hundreds of thousands of dollars in new investment.

So what is this solution?

As part of the process for reaching agreement with both ICANN and the GAC over the dot-xxx top-level domain, a set of "baseline policies" was created (by IFFOR) to demonstrate a clear commitment to resolving concerns.

Those baseline policies covered issues such as:
- Scanning domains for malware, spam and phishing
- Audit and compliance systems
- Enhanced trademark protections
- Handling complaints
- Registrant verification
- Tackling child abuse images
- Disqualifying applicants that consistently break the policies
The implementation of those policies was then left up to the registry operator — ICM Registry — and IFFOR was also given the role of auditing the subsequent systems.

In response to the GAC advice in Beijing, IFFOR is close to completing a new set of "Safeguard Policies" designed specifically to encompass the six most broad safeguards that the GAC wishes to see apply to all new gTLDs.

In so doing, we have drawn on our original "baseline policies" to develop policies for the gTLD market as a whole, and have used our experience as a registry policy body to ensure all six GAC safeguards are fully addressed.

In an effort to make this work as widely accessible as possible, we plan to simply license these policies for a low annual fee. As well as the right to use, publish and reference the Safeguard Policies, each license will come complete with documentation to help registries implement each policy in the way most suited to their circumstances. We will also extend IFFOR's internal information service that provides ongoing information on related policy and regulatory topics to all licensees. Again, for one, low annual fee.

We believe this approach solves a number of issues:
- It provides applicants with a simple, swift and low-cost answer to government concerns
- It answers government calls for new safeguards
- It builds on a contractual solution that has already been shown to work within the ICANN system
- It removes the need and cost for applicants to develop their own policies
- It keeps the new gTLD program on track
Perhaps most importantly, adopting such an approach will give the industry a chance to demonstrate that it is committed to be a good actor while retaining the flexibility to develop the right systems for the right markets in the right way.

The mark of a self-regulated market is how well it responds to issues identified by a third party. With the right mix of creative pragmatism, the GAC safeguard advice can act as a catalyst for this industry.

If you are interested in learning more about IFFOR's Safeguard Policies, please visit our website at [iffor.org] .
Written by Kieren McCarthy, Executive Director at IFFOR; CEO at .Nxt
Follow CircleID on Twitter
More under: DNS, Domain Names, Registry Services, ICANN, Internet Governance, Regional Registries, Top-Level Domains, Whois

Veni Markovski - The Blog

Bulgaria is responsible for the good and the evil

Posted: May 10th, 2013, 10:38pm WST by Veni Markovski | Вени Марковски

The Washington Post has published an article Bulgarian street-naming request in DC stirs broader debate over country’s role in Holocaust

The authors have properly found out that the history of the Holocaust in Bulgaria is not well known – I have to say neither in Bulgaria, nor in the US.
But I don’t believe that’s a fault of the Bulgarian Embassy. It’s a fault of the Bulgarian political elite.
Earlier this year, the Bulgarian Parliament passed a resolution (in Bulgarian), where it actually made the mistakes, described in the article. And to which the Parliament received a response from the US Holocaust Museum.
The Bulgarian Parliament stated that there has been an effort, initiated by the then deputy-chairman of the Parliament Mr. Peshev (in fact it was driven mainly by the Bulgarian East Orthodox Church), to stop the deportation of the Bulgarian Jews. But the Parliament denies that this deportation has actually already been started by the pro-fascist Bulgarian government by sending 11343 people from the territories of today’s Macedonia and Greece, which were then under Bulgarian occupation, to the Treblinka concentration camp.
The Parliament tries to waive any responsibility about the deportation from tzar and the government of Mr. Filov, by stating that the deportation was the result of the “actions of the Hitler command”, from territories that were “under German jurisdiction”. This presents a pathetic attempt to present the deportation as something bad, but for which the then pro-fascist Bulgarian government and administration in the occupied territories, are not responsible at all. As if it is not clear that Mr. Peshev started his campaign against the deportation, which was prepared, organized, and performed by… the very same Bulgarian government!

The truth is actually very sad, but at the same time simple and easy to explain:
The Bulgarian state under tzar Boris III is the one that organized and executed the deportation of our fellow Bulgarian Jews from the territories of Macedonia and Trace. Bulgaria commissioned this deportation to the Germans, and even paid them money for the transportation!
This is the same Bulgarian state, which accepted the antisemitic laws in the beginning of World War II.
And this is the same Bulgarian state, which really did something no other country did: it stopped the deportation of the other 48000 Bulgarian Jews from the territory of Bulgaria proper!

Within 3-4 years the same people did completely different things! Are you perplexed? You shouldn’t be. In 1941 the Bulgarian people were waiving Nazi flags and welcome the Nazi troops that were en route to occupy Greece, and in 1944 the same people waved Soviet flags and greeted the Soviet troops, which entered the country just a few days after the Soviet Union has declared war to Bulgaria! (Little is known that while Bulgaria declared war to the USA and the UK, it did not do that to the USSR)

The bottom line: the Bulgarian pro-fascist government is responsible for the deportation. Accepting publicly this responsibility is something, which we still have to see. But Mr. Peshev deserves to have a square named after him in Washington, DC, as he did the right thing in 1943, when initiated the protest of members of the Parliament against the deportation of of the Bulgarian Jews, and thus saved 48,000 of them.

Regulation Watch Feed

Do as the Swedes do? Internet policy and regulation in Sweden – a snapshot

Posted: May 10th, 2013, 6:40pm WST by Merlin Münch

Leading the pack
When it comes to information technology Sweden is considered to be at the forefront both in terms of technological innovation, as well as in progressive policy-making, regulation and internet freedom. In the World Wide Web Foundation’s 2012 Web Index, Sweden ranked first among 61 nations, as the nation where the internet has the most significant political, social and economical impact. There seems to be something about the ‘Swedish-way’ that sets the country apart from many of its EU confederates.

Nonetheless, as a member of the EU, Sweden too needs to commit to the implementation of certain EU-wide regulatory directives. Such directives, although uniform in their formulation, are subject to interpretation and local appropriation.

Surprisingly, as it may seem, Sweden’s interpretation of the directive on intellectual property rights enforcement (IPRED), has exceeded the directives’ scope to an extent that has caused critics to bemoan a curtailment of privacy rights. Similarly, in early 2009 passing of the so-called FRA-law - a legal measure sanctioning the surveillance of internet traffic content by state authorities - stirred considerable controversy as the law goes beyond the scope of surveillance established by the European Commission. As a result, some NGOs went as far as bringing the case before the European Court of Human Rights for human rights violations.

It seems that from a policy perspective Sweden is an interesting example, as it is both perceived as free and neutral, while at the same time pursuing a tough and much contested policy approach. The following ‘snapshot’ seeks to give a brief, yet nuanced picture of the Swedish policy landscape. With its outlook section, this article will also consider Sweden’s role as an increasingly important stakeholder in EU and international policy-decisions, as well as the desirability of emulating the legal framework that governs the Swedish ICT-landscape in other national contexts.
Connecting people
The most fundamental precondition for a vibrant internet culture, and consequently a vibrant discourse about internet policy, is access. In Sweden political intervention played a crucial role in creating a fertile ground for the development of a reliable and fast network-infrastructure as well as a stable, yet flexible legal framework to support it. Municipalities were offered subsidies for a faster development of their ICT infrastructure, in particular as an incentive for smaller communities to be able to offer high-speed connections to their residents[i]. Thus, whereas only 2% of all Swedes were connected to the internet in 1995, by 2012 89% of the population enjoyed broadband access[ii]. The most significant increase can be observed in the use of mobile connections, with an almost twofold rise from 30 to 55 percent between the years 2011 and 2012[iii]. Regulatory provisions met by the government in order to promote competition among Internet Service Providers (ISPs) in particular helped to ensure shared access to web-infrastructure and to keep prices below the European average[iv].
All bits are created equal - issues of net neutrality
In terms of net neutrality - the principle that internet service providers should treat all online content equally and not prioritise one application, platform, service user, etc. over another - there is no legal obligation for ISPs to be ‘network neutral’. Given the competitive nature of the market however, most providers declare to stick to a ‘network-neutral’ approach[v]. There are exceptions nonetheless. In their report on the state of net neutrality, the Internet Infrastructure Foundation (.SE) found that providers systematically give traffic with for instance Bittorrent file sharing protocols a lower priority[vi]. Moreover, contributing researcher at .SE Jörgen Eriksson argues, it is interesting to observe that it is extremely difficult, if at all possible, to gain an insight into what kind of content providers choose to block or prioritise[vii].

Internet and telecommunications provider TeliaSonera for instance was heavily criticised by net neutrality activists and customers alike, following a statement made by the company in early 2012, in which it announced that it was considering starting to charge customers for the use of voice over IP services, such as Skype, or to simply block access to Skype and similar services, as they deemed VoIP to be harmful to their own business model[viii]. Due to heavy opposition, the company backed down from its plans later the same year, instead announcing two separate mobile plans for the future, leaving customers to choose between a pricier high-traffic and a somewhat cheaper low-traffic connection plan[ix].
Copyright – of pirates and pioneers
Intellectual property and copyright rank high among the most passionately debated policy domains at the time. As the birthplace of the most notorious file-sharing platform, The Pirate Bay, and the first pro file-sharing ‘Pirate party’, Sweden is certainly at the heart of the debate. In principle, file sharing has always been illegal in Sweden, however offenders had little to fear as there were insufficient means for prosecutors to identify alleged file-sharers. Some have therefore argued that, “The absence of functioning legal tools, surveillance and sanctions has contributed to the development within society of a large measure of acceptance of this type of crime, and, quite simply, people have not taken the law seriously” [x]. Thus for a long time, strong social norms encouraging infringement and lacking means to monitor illegal file-sharing meant that downloading and sharing copyrighted material was common practice, in particular among younger Swedes[xi]. Some authors even see the file sharing phenomena as the continuation of a particular Swedish ‘against-the-grain’ tradition. Jonas Andersson, in his article on the origins and impacts of Swedish file-sharing, places the phenomenon within a wider frame of more general shifts towards self-governance, individualisation and personal autonomy, notions that have a particularly strong tradition in late Swedish modernity (Andersson, 2013).

In 2009, in an effort to strengthen the position of right holders, Swedish parliament was the first in Europe to pass a law implementing the intellectual property rights directive (IPRED), previously passed by the European Parliament[xii]. The most significant and with no doubt most controversial change, that the implementation of the directive brought about was that it compelled ISPs to release the identity of alleged offenders[xiii]. Users loudly objected and ISPs immediately challenged the new law before the Swedish Supreme Court. The court referred the decision on to the European Court of Justice, which in turn decided in a preliminary ruling in late 2012, that member states can indeed enact “legislation that makes it possible for ISPs to be requested to hand over subscriber information whose IP addresses have allegedly been used for intellectual property infringing purposes”[xiv]. In its ensuing verdict, the Swedish Supreme Court determined that “under current Swedish law rights holders can legitimately request the identifying information from the ISP”[xv]. Public discontent with the implementation of the directive was strong enough to help the Pirate party win their first two chairs in European Parliament the elections[xvi].

Whereas file-sharing rates initially dropped after the implementation of IPRED, at the same time there was a rather significant surge in services offering anonymity online, such as VPN-connections, causing some to argue that there need to be stronger efforts to change the social norms that justify file-sharing, instead of getting tougher on legislation[xvii]. Nonetheless, legislative measures following the implementation of IPRED likely incentivised the development of alternatives, such as music-streaming giant Spotify, or the video-on-demand service Voddler. In 2011, two out of three people in Sweden listened to music online, incidentally the same year that Spotify was officially launched. Interestingly, in 2012 the record industry saw its most profitable year since 2005, with 63% of all music purchases happening online – 90% of which came from streaming services[xviii]. It would be a bit too simplistic to establish a direct cause and effect relationship between the implementation of IPRED and the turn to and, indeed, success of legal alternatives. In particular considering the fact that downloading rates have again experienced a significant surge, reaching an all time high only months after the initial ‘IPRED-scare’. Nonetheless, the existence of alternatives such as Spotify has given legal alternatives a considerable boost, leading some to expect a potential normative shift among users in favour of such alternatives (Billing, 2013).
Privacy, surveillance & censorship
In the wake of the implementation of IPRED, the Swedish government in addition passed a legislative package that would grant the National Defense Radio Establishment (Försvarets Radio Anstalt - FRA) extensive surveillance power over online activities, in an effort to combat ‘external threats’[xix]. In effect, the laws invest the national defense intelligence agency with the authority and ability to monitor all cross-border cable-based communication (phone-calls, e-mails and other internet traffic, etc.) without a warrant - including the traffic’s content - far exceeding the scope of surveillance allowed within the EU[xxi]. NGOs, such as the Swedish Justice Centre (Centrum För Rättvisa - CFR) and the Norwegian division of the International Commission of Jurists (ICJ), have therefore argued that the law violates Article 8 and Article 13 of the European Convention on Human Rights, as well as article 12 of the Universal Declaration on Human Rights, which guarantee citizens the right to privacy and their ability to hold authorities accountable for potential human rights violations[xxii].

Similarly, a centralised block-list has been the object of controversy. The list is issued by the authorities and subsequently implemented by ISPs by means of an automated DNS-filter, above all with the intent to block access to sites hosting child pornography. Critics, such as internet researcher Marcin de Kaminski from the Sociology of Law department at Lund University, however bemoan that maintenance of the list is not at all transparent and that there is no third-party control of the lists content. Neither is there a way to legally appeal a list entry[xxiii]. Amongst other things this means that the selection of sites listed may be arbitrary in some instances and that without further checks and balances the list may become a political play-ball. In particular if a similar system would be emulated in countries with a higher extent of corruption and less trust in state authorities than in Sweden, where corruption levels are negligible and trust in the police is relatively high. An example of the potential arbitrariness of the block-list is the censoring of Finnish web-activist Matti Nikki’s homepage, lapsiporno.info, on which the author ironically criticised the move towards more censorship[xxiv].
At the forefront in E-Government but no open data policy
The problem of transparency similarly extends to the political sphere. Whereas Sweden was one of the first countries to offer e-government services like online tax-forms, as well as e-identification and various other e-services, government itself has not been at all as eager to make public data sets available. This is particularly interesting against the background of the so-called ‘Principle of Publicity’, an integral part of the Swedish constitution passed in 1766, which decrees that the general public, as well as the mass media, should “be guaranteed an unimpeded view of activities pursued by the government and local authorities”. Accordingly, Sweden is the only Scandinavian country that does not have a national open data portal. In the list of ‘open government’ countries Sweden is still lagging behind considerably[xxv].
Outlook
Sweden is often heralded as a role model for progressive policy-making, regulation and internet freedom. Governmental intervention and support for an early and swift development of an extensive and fast ICT infrastructure likely contributed to a solid basis for a vivacious internet culture - politically, socially and economically. However, as taking a closer look at some controversial policy-decisions such as the implementation of IPRED and the passing of the FRA-law has shown, Sweden’s dealing with regulation is not entirely unproblematic, leaving the country’s liberal image with a scratch. Likewise in matters of transparency there is some catching-up to do for the Swedish government.

As Sweden certainly also has an influence on EU policy-making[xxvi], it is necessary to consider in how far certain policy-decisions can only work in a particular Swedish context. Continuing on this thought consequently begs the question of how far policy decisions always need to be considered within a particular constitutional context. As the example of the block list suggests, certain institutional settings as well as trust in public institutions and a culture of free expression are preconditions to prevent the misuse of such policy implements for political, or other purposes.

One of Sweden’s greatest assets, in the end, seems to be its vibrant culture of discussion and debate about internet policy and regulation - a culture that may to an important extent have grown out of a strong opposition to what was perceived as bad policy-making. As the country actively seeks to consolidate its role as an important stakeholder and initiator in global internet policy formulation processes, it will increasingly have to reflect on how policy decisions made at home potentially reverberate in the international community.

References
[i] Olsson, T. (2006) Appropriating civic information and communication technology: a critical study of Swedish ICT policy visions

[ii] Findahl, O. (2012) Swedes and the Internet, iis.se, retreived March 29th, 2013,from � [https:]

[iii] Findahl, O. (2012)

[iv] [www.oecd.org]

[v] Geens, S. (2012)

[vi] [https:]] ätneutralitet2011.pdf

[vii] https://www.iis.se/press/pressmeddelanden/ses-rapport-om-natneutralitet-...

[viii] [www.thelocal.se]

[ix] http://zdnet.com/skype-blocking-fears-allayed-as-swedish-mobile-operator...

[x] Larsson, S., Svensson, M. (2010) Compliance or Obscurity? Online Anonymity as a Consequence of Fighting Unauthorized File sharing, Policy & Internet, Vol.2, Iss.4, p.1150

[xi] Larrson, S. Svensson, M. (2010)

[xii] [https:]]

[xiii] Svensson, M. & Larsson, S. (2010), Geens, S. (2012)

[xiv] ECJ Bonnier Audio Aftermath: Swedish Supreme Court orders ISPs to reveal identity copyright infringers, retrieved April 15th, 2013, from http://www.futureofcopyright.com/home/blog-post/2013/01/07/ecj-bonnier-a...

[xv] ibid.

[xvi] Svensson, M., Larsson, S. (2010), Geens, S. (2012)

[xvii] Larsson, S. Svensson, M. (2010)

[xviii] Billing, S. (2013), Swedes prefer streaming to downloading, The Local, retrieved April 23rd, 2013, from [www.thelocal.se]

[xix] [https:] , see; section on surveillance

[xxi] [https:] , see; section on surveillance

[xxii] Landes, D. (2009) Norwegian group joins case against Sweden’s wiretapping law, The Local, retrieved April 24th, 2013,from [www.thelocal.se]

[xxiii] Geens, S.(2012)

[xxiv] [www.effi.org]

[xxv] Geens, S. (2012)

[xxvi] [ec.europa.eu]

CircleID

Bloomberg on Netflix as World's Biggest User of Cloud Computing

Posted: May 10th, 2013, 4:39am WST by CircleID Reporter

Netflix is arguable one of the world's biggest users of cloud computing, renting all its computing power from Amazon Web Services, the cloud division of Amazon.com, which runs its own video-streaming service that competes with Netflix. Ashlee Vance from Bloomberg reports:

"Netflix has more than 36 million subscribers. They watch about 4 billion hours of programs every quarter on more than 1,000 different devices. To meet this demand, the company uses specialized video servers scattered around the world. When a subscriber clicks on a movie to stream, Netflix determines within a split second which server containing that movie is closest to the user, then picks from dozens of versions of the video file, depending on the device the viewer is using. At company headquarters in Los Gatos, Calif., teams of mathematicians and designers study what people watch and build algorithms and interfaces to present them with the collection of videos that will keep them watching."
Follow CircleID on Twitter
More under: Cloud Computing, Data Center
Hundreds of Syrian Domains Seized As a Result of Trade Sanctions

Posted: May 10th, 2013, 1:29am WST by CircleID Reporter

"In apparent observation of international trade sanctions against Syria, a U.S. firm that ranks as the world's fourth-largest domain name registrar has seized hundreds of domains belonging to various Syrian entities, including a prominent Syrian hacker group and sites associated with the regime of Syrian President Bashar al-Assad," reports Brian Krebs. "The apparently coordinated action ended with each of the site's registration records being changed to include Web.com's Florida address, as well as the notation 'OFAC Holding'."
Follow CircleID on Twitter
More under: Domain Names
America Closing Down Its Copper Network - So What's Next?

Posted: May 9th, 2013, 3:22am WST by Paul Budde

We have reported in the past on the rapid decline of the copper telecoms network in the USA. A decade ago BuddeComm predicted that it would be impossible to move two customer access networks in parallel towards the new fibre future, the one operated by the telcos and the other operated by the cable companies. At that stage we indicated that a possible outcome could be that the telcos would upgrade their networks to FttH and that the cable companies would become the key tenants on that network.

This however, turned out not to be the case. The telcos were late moving into broadband, while the cablecos embraced these new opportunities and rapidly obtained a 50%+ share in the broadband market. For a long time the market anticipated that the telcos would fight back and regain their share: this never happened and the cablecos were able to extend their lead further. With 90% cable penetration in the country they had a captive market.

Cablecos have also made considerable investments in network upgrades since 1996, including the rebuilding of around 1.6 million kilometres of cable plant. The vast majority of this infrastructure uses DOCSIS3.0 technology, which is far superior to the DSL products which telcos offer. The latest cable upgrade to DOCSIS3.1 promises a significant enhancement, which should be a great concern to telcos which, having failed to invest in FttH networks, are unable to compete with the technical ability of cable networks. Last year the telcos declared defeat and indicated that they would start closing down parts of the PSTN.

Interestingly, these developments align with the discussions I had over the last few years with the newly nominated FCC chairman Tom Wheeler. He is also on the public record on this issue, believing that the PSTN would end its life around 2018 and that the cable companies would become the key broadband providers. Of course, with his extensive background in the mobile industry he also sees a golden future for mobile communications, since these players would start taking over large parts of the PSTN, especially for telephony services.

One of the most serious problems that the telcos are facing is the escalating cost of maintaining copper plant — this is estimated to increase from $2.72 per line in 2007 to $17.50 by 2018. This rapid rise is a combination of real cost increases, because of the aging nature of the network, as also because telcos are actively reducing the number of users and so the cost has to be shared among fewer customers. Another reason for the rapid increase is that for decades past maintenance as been deferred.

Clearly the telcos are not closing down all of the PSTN willy-nilly. They do have good quality infrastructure that can deliver quality DSL services, and they will milk that infrastructure for as long as possible. This will specifically be targeted in areas where it is relatively cheaper to maintain the copper network. The main casualty here will be areas of rural America, where maintenance costs are higher and where there are relatively few competing cablecos operating. As a result, many of these telcos' customers will only have mobile networks to access both voice and data services.

Another, perhaps even more serious issue — and one that the new FCC chair will have to face — is the rapid monopolization of the fixed broadband sector, with one cableco being the sole provider. These companies operate within franchises, so there is no competition between them. Currently there are no policies in place that regulate this situation, and with the American plutocracy in full force it will be interesting to see if any action will (or can) be taken by the FCC to rein in this emerging monopoly.

In the meantime the telcos are also under attack from companies such as Google: Google alone has refigured the landscape, having invested in FttH networks with great success. These companies' high take-up rate is worrying both the telcos and the cable companies, who all charge exorbitantly high prices for services similar to the ones that Google now offers at close to half the price. They are increasingly working with municipalities around the country, many of whom either operate FttH networks or would like to do so but are blocked by court rulings forced upon them through the lobbying of vested telco and cable interests. Based on the strong American conviction that government (including local government) should not be involved in telecoms infrastructure, they get away with it. Increasingly however, citizens are asking why local councils can be involved in electricity infrastructure but not in telecoms infrastructure. There is a growing political groundswell that is providing municipalities with greater freedom to be involved in such infrastructure developments.

This could become a turning point in the American telecoms industry. Potentially it could also see the telcos returning to the market rather than retreating from it, this time starting from scratch by building new fibre infrastructure.
Written by Paul Budde, Managing Director of Paul Budde Communication
Follow CircleID on Twitter
More under: Access Providers, Broadband, Telecom
New gTLDs: Money Maker

Posted: May 9th, 2013, 2:18am WST by Jean Guillon

There are fascinating ideas about how, when and more than everything: who is going to earn money from gTLDs?

I think back-end registry providers will earn money, some applicants will earn money too but my experience launching Eurid, the registry for .EU, reminded me one thing: these days, just before launching, until the (first) Sunrise period is launched. These days are special because the entire team is prepared, has been trained, and knows what to do.

So why were these days special and what does it have to do with earning money?
Well… it is very simple but I will let you guess a little more…

I remember these days when I was working on support to Registrants. Eurid was special because we could not launch until we had, at least, one accredited Registrar from every country in the European Union and we had to be able to provide support in most languages. Though.

Support to Registrants

I talk to a lot of applicants and I like to ask this question about support and my question is very basic: "what do you do before the Sunrise period when the phone starts to ring?"

I am not sure all applicants are considering this question. I think they should and here is why.

Domain names are such a boring thing that many brand owners don't want to consider they are important until the last minute and guess what are the 2 questions your support is going to have to answer most of the time when the phone can't stop ringing before the launching:

1 - "how do I register my domain name?";
2 - "how do I protect my brand as a domain name?".

When it becomes important for a brand owner, he calls the Registry, not necessarily his Registrar.

This is where the support to Registrants (at the Registry and at the Registrar) is going to work for the Trademark Clearinghouse. In the ICANN new gTLD program, new Registries and all existing Registrars are becoming the support of the Trademark Clearinghouse who's going to take their client's money. Good deal isn't it? There should be more than a thousand of Accredited Registrars, Hundreds of Registries, and many IP providers to become the sales force of the Trademark Clearinghouse.

In the past, a Registrant did not have to go through this process. With new gTLDs, he is forced to if he wants to "protect" his brand and register in the Trademark Clearinghouse.

So Yes, the Trademark Clearinghouse is also a monopoly in the new gTLD program and I think it will be one of these organizations to earn A LOT of money.
Written by Jean Guillon, New generic Top-Level Domain specialist
Follow CircleID on Twitter
More under: Top-Level Domains
Syrian Internet Back After 19-Hour Blackout

Posted: May 9th, 2013, 2:09am WST by CircleID Reporter

The internet in Syria appears to have returned after a nationwide blackout knocked the country offline for more than 19 hours. Monitoring company Renesys noted signs of activity at around 14:30 GMT (17:30 local time) on Wednesday. Local state-run media had reported earlier that a "fault in optical fibre cables" was to blame for the blackout. However, experts dismissed this explanation as "unlikely".
Read full story: BBC
Follow CircleID on Twitter
More under: Access Providers
Government Hacking: Proposed Law in the Netherlands

Posted: May 9th, 2013, 1:55am WST by Wout de Natris

In 2012 I wrote a blog on CircleID called State hacking: Do's and don'ts, pros and cons. In this post I give some thoughts to the concept of a government "hacking back" at criminals. The reason for this was an announcement by the Dutch government that it contemplated law along these lines. The proposed law is now here: the Act Computer Criminality III.

Although the idea originally was to hack into untraceable servers that could (most like would) be based abroad, now it appears that the Dutch government has used its imagination some more. Hacking devices, the obligation to cooperate in an investigation against oneself by providing passwords, tapping devices and e.g. Skype, it's all in the concept. Not surprisingly there is a lot of commotion from privacy advocates and organisations.

Anyway, I've had my say in the mentioned blog post and reiterate that this is a very, very sensitive topic, that could cross boundaries that we as society may not want to cross. Let me provide you with some links, so you can study it yourself. Unfortunately everything is in Dutch. Below you find links to the law texts, including explanations/intentions and a link to a blog post by PHD student Jan Jaap Oerlemans of the University of Leiden who provides some excellent observations.

Here's the official government publication on the law with links to the actual texts.

Here's the link to Jan Jaap Oerleman's blog.
Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement
Follow CircleID on Twitter
More under: Cybercrime, Internet Governance, Law, Policy & Regulation, Privacy, Security

Veni Markovski - The Blog

Те са като динозаврите, но още не са го осъзнали…

Posted: May 8th, 2013, 1:16pm WST by Veni Markovski | Вени Марковски

Да им помогнем, като на 12-и гласуваме без 15-и!

Има една голяма полза от цялата тази истерия (а не история!) около изборите.

Първо – виждам, че все повече хора се осмеляват да пишат свободно срещу бившата власт. И това е прекрасно!

Второ – някои хора се разкриват не само като гербисти (подобно на фашисти, комунисти), но и като недостойни да бъдат на моята Фейсбук-страница. За такива – БАН (не, не Академията на науките, а забрана за четене и писане там).

Трето – нервите, които някои хора си изпускат, вероятно означава, че усещат края на едно мрачно време, в което обаче те вирееха добре – така, както прилепите живеят нощем и се дразнят от светлината.

Четвърто – но не по важност: озлобената и нервна реакция на практика ни показва, че тази порода хора са като динозаврите: с малките си мозъци все още не са разбрали, че времето им е изтекло, защото нервните сигнали се движат прекалено бавно от земята по големите им туловища, та го главата.

Дори да фалшифицират изборите, дори да останат още няколко години в парламента, това няма да ги спаси от изчезването.

Може и да е наивно, може и да се смеете и да си мислите каквото искате за мен, но предпочитам сред ФБ-приятелите ми да останат хората, които желаят нещо повече от това само техният собствен живот да е уреден (“на мене да ми е угодно”, както казва ББ в гнусно прославилото се интервю), но и животът на останалите около тях да е по-добър.

Ние знаем, че човек не живее изолирано и че дори вкъщи и на работа да има чудесни условия, то пътят между тези две точки, а и навсякъде другаде, зависи от обществото, зависи от това колко са бедните и онеправданите и колко от истинските престъпници са в затвора, а не колко са обявени за такива от някакъв задочник по физкултура.

Затова, за да не се разочаровате от мен, да не се ядосвате, че защитавам такива странни неща като свобода, равенство, братство, безкористност, взаимопомощ… Затова ви призовавам: ако ще гласувате за ГЕРБ, не ме четете, не ми пишете.

И не, няма смисъл да си хабите времето да ми обяснявате аз какъв съм, да ме питате защо си мисля, че мога да говоря така и др.п. Ако бях политик, щях сигурно да ви обърна внимание, щях да се боря за гласовете ви, да ви обещавам светло бъдеще, затвор за предишните и честност от моите партийни другари. Но аз не съм политик, нито съм шоумен – нямам нужда нито от рейтинг, нито от гласове.

Единственото, от което имам нужда, това е страната, дала ни подслон в труден момент, да престане да бъде робиня на посредствеността и на хората с престъпно минало и затворническо (дай, Боже!) бъдеще.

НО за да се случи това, трябва да се направи първата крачка – на 12-и без 15-и номер.

Гласувайте за всеки друг, но не за ГЕРБ.

CircleID

Bypassing Geo-Locked BYOD Applications

Posted: May 8th, 2013, 6:04am WST by Gunter Ollmann
In the wake of increasingly lenient bring your own device (BYOD) policies within large corporations, there's been a growing emphasis upon restricting access to business applications (and data) to specific geographic locations. Over the last 18 months more than a dozen start-ups in North America alone have sprung up seeking to offer novel security solutions in this space — essentially looking to provide mechanisms for locking application usage to a specific location or distance from an office, and ensuring that key data or functionality becomes inaccessible outside these prescribed zones.

These "Geo-locking" technologies are in hot demand as organizations try desperately to regain control of their networks, applications and data.

Over the past 9 months I've been asked by clients and potential investors alike for advice on the various technologies and the companies behind them. There's quite a spectrum of available options in the geo-locking space; each start-up has a different take on the situation and has proposed (or developed) a unique way in tackling the problem. Unfortunately, in the race to secure a position in this evolving security market, much of the literature being thrust at potential customers is heavy in FUD and light in technical detail.

It may be because marketing departments are riding roughshod over the technical folks in order to establish these new companies, but in several of the solutions being proposed I've had concerns over the scope of the security element being offered. It's not because the approaches being marketed aren't useful or won't work, it's more because they've defined the problem they're aiming to solve so narrowly that they've developed what I could only describe as tunnel-vision to the spectrum of threat organizations are likely to face in the BYOD realm.

In the meantime I wanted to offer this quick primer on the evolving security space that has become BYOD geo-locking.

Geo-locking BYOD

The general premise behind the current generation of geo-locking technologies is that each BYOD gadget will connect wirelessly to the corporate network and interface with critical applications. When the device is moved away from the location, those applications and data should no longer be accessible.

There are a number of approaches, but the most popular strategies can be categorized as follows:
1. Thick-client – A full-featured application is downloaded to the BYOD gadget and typically monitors physical location elements using telemetry from GPS or the wireless carrier directly. If the location isn't "approved" the application prevents access to any data stored locally on the device.
2. Thin-client – a small application or driver is installed on the BYOD gadget to interface with the operating system and retrieve location information (e.g. GPS position, wireless carrier information, IP address, etc.). This application then incorporates this location information in to requests to access applications or data stored on remote systems — either through another on-device application or over a Web interface.
3. Share-my-location – Many mobile operating systems include opt-in functionality to "share my location" via their built-in web browser. Embedded within the page request is a short geo-location description.
4. Signal proximity – The downloaded application or driver will only interface with remote systems and data if the wireless channel being connected to by the device is approved. This is typically tied to WiFi and nanocell routers with unique identifiers and has a maximum range limited to the power of the transmitter (e.g. 50-100 meters).
The critical problem with the first three geo-locking techniques can be summed up simply as "any device can be made to lie about its location".

The majority of start-ups have simply assumed that the geo-location information coming from the device is correct — and have not included any means of securing the integrity of that device's location information. A few have even tried to tell customers (and investors) that it's impossible for a device to lie about its GPS location or a location calculated off cell-tower triangulation. I suppose it should not be a surprise though — we've spent two decades trying to educate Web application developers to not trust client-side input validation and yet they still fall for web browser manipulations.

A quick search for "fake location" on the Apple and Android stores will reveal the prevalence and accessibility of GPS fakery. Any other data being reported from the gadget — IP address, network MAC address, cell-tower connectivity, etc. — can similarly be manipulated. In addition to manipulation of the BYOD gadget directly, alternative vectors that make use of private VPNs and local network jump points may be sufficient to bypass thin-client and "share-my-location" geo-locking application approaches.

That doesn't mean that these geo-locking technologies should be considered unicorn pelts, but it does mean that organization's seeking to deploy these technologies need to invest some time in determining the category of threat (and opponent) they're prepared to combat.

If the worst case scenario is of a nurse losing a hospital iPad and that an inept thief may try to access patient records from another part of the city, then many of the geo-locking approaches will work quite well. However, if the scenario is that of a tech-savvy reporter paying the nurse to access the hospital iPad and is prepared in install a few small applications that manipulate the geo-location information in order to remotely access celebrity patient records… well, then you'll need a different class of defense.

Given the rapid evolution of BYOD geo-locking applications and the number of new businesses offering security solutions in this space, my advice is two-fold — determine the worst case scenarios you're trying to protect against, and thoroughly assess the technology prior to investment. Don't be surprised if the marketing claims being made by many of these start-ups are a generation or two ahead of what the product is capable of performing today.

Having already assessed or reviewed the approaches of several start-ups in this particular BYOD security realm, I believe some degree of skepticism and caution is warranted.
Written by Gunter Ollmann, Chief Technology Officer at IOActive
Follow CircleID on Twitter
More under: Security

IGFWatch news

A conversation with the technical community

Posted: May 7th, 2013, 7:47pm WST

In my series of posts about Internet freedom in a world of states (beginning with this one), I tried to condense my thoughts on Internet governance reform into the simplest possible terms. But still I have had to clear up misunderstandings, and state my position even more starkly. I've been doing that on an ISOC mailing list, from which I present some key excerpts below. (This conversation is kicked off by Dave Burstein, but has been carried on between myself and Nick Ashton-Hart over the past couple of days.)Dave: One issue is that much of the world is angry they are effectively

Regulation Watch Feed

Reallocation of spectrum in Europe too slow, too inefficient?

Posted: May 7th, 2013, 7:08pm WST by Monika Ermert
Germany, Sweden, Spain, Italy, Portugal, France and recently The Netherlands and the UK have all allocated new spectrum in the 800 MegaHertz (MHz) band to providers of mobile broadband service, especially LTE (Long Term Evolution). With the so-called first “digital dividend” – attractive radio spectrum freed as a result of the switch from analogue to digital television – auctioned off, discussions about a second digital dividend in the 900 MHz band are already underway in Europe. Despite this new development, EU Commission Vice-President and Digital Agenda Commissioner Neelie Kroes is not satisfied. On several occasions, she has asked for more speed and efficiency in the spectrum management of the Union.

Speaking at the Global Mobile Conference earlier this year, Kroes made two points. First, she warned against a drainage of capital in the highly competitive spectrum auctions. The UK regulator Ofcom for example, will pocket 2,78 billion euro from selling frequencies in the 800 MHz band and 2.6 Gigahertz (GHz) band to EE, 3G, O2, Vodafone and BT. In the Dutch 4G spectrum auctions the gavel went down at 3,8 billion euro in sum. Kroes declared it no nice Christmas present with one of the first results being the cutting of dividends by KPN and a consecutive plunging of KPN shares by 15 percent. Germany in 2010 auctioned off a package of 358.8 Mhz.
High expenses on auctions costly for users in the end
Kroes warned that in all cases, the money raised was not used in further network infrastructure development. Using the considerable earnings for a better general budget seemed nice for citizens, but „citizens will rather sooner than later be confronted with a bill from their telecom operator“.

The Czech telecoms regulator seemed to agree with this reasoning when it stopped its auction of 800 MHz, 1800 MHz and 2.6 GHz bands in March 2013, because bids went up to 20 billion crowns (0,8 billion euro). The head of the Czech regulatory authority CTU, Pavel Dvorak said, according to Reuters, that the auctions should serve quick availability of 4G networks in the first place and not profit for the state.

High bids in the first round of mobile broadband auctions – the UMTS auctions in 2000 – resulted in years of struggling for the mobile telecoms sector, according to a statement of German telecoms industry association BITKOM. The German regulator received over 50 billion euro from six bidders in 2000. But the enormous investment made two bidders (Mobilcom and Quam) stumble and eventually lead to their frequencies being re-auctioned by the German regulator during the digital dividend auction in 2010.
Harmonising spectrum management
Kroes' second point is what she considers the slow reaction of some national regulators in making spectrum available for new mobile broadband operators. The EU in its first multiannual radio spectrum policy programme last year fixed the following milestones:
- By the end of 2012, member states should have authorised the use of the harmonised 2.5-2.69 GHz, 3.4-3.8 GHz and 900/1800 MHz bands for use by wireless broadband communications, including third and fourth generation mobile communication services.
- By 1 January 2013, all member states (unless an individual exemption has been obtained before that date), should have authorised the use of the 800 MHz band for wireless broadband communications. One of the main objectives here is to cover sparsely populated areas.
- By mid-2013 at the latest, the Commission, in cooperation with member states, will set out the details for an inventory to analyse efficient spectrum use, in the 400 MHz to 6 GHz range, in the EU. This will form the basis of possible further action on the coordinated allocation of spectrum bands to specific uses, such as wireless broadband.
Kroes now warned against piecemeal steps and delays by some member states to reach these goals. Asking for a more efficient, more effective and a more „harmonised approach“ of spectrum management in the Union, the Commissioner undoubtedly tried to make the case for a more centralised spectrum management. EU spectrum management had been on the to-do-list of the wished for EU telecoms regulatory body, which was rejected by member states. BEREC, the Body of European Regulators for Electronic Communications (BEREC), has only limited authority. National regulators still remain the de facto telecoms regulators in their respective territories.
Looking ahead to the World Radio Conference 2015
As the Commission is asking for „more harmonisation“ in spectrum policies and more spectrum for mobile broadband, mobile operators too, seem never to be satisfied with the amount of spectrum allocated. The preparations for the World Radio Conference 2015 is already underway. WRC is the international forum under the auspices of the International Telecommunication Forum in charge of coordinating international spectrum allocation. For 2015, the 700 MHz band is the target of mobile telecom operators. As they managed to get the second digital dividend on the next WRC agenda at the WRC12 closure, it is expected that part of the 700 MHz band will be opened for mobile services primarily, writes the German regulatory authority in its strategy paper. Some hurdles remain before yet another band is taken over by mobile services. In Germany for instance, existing users of the 700 MHz band and wish-lists from other stakeholders are still in the way.

CircleID

Video: Have We Found the Cure for Bufferbloat?

Posted: May 7th, 2013, 6:49am WST by Dan York

Following up on my recent post about how solving the Bufferbloat problem could dramatically increase the speed of Internet usage, I recently learned via a Google+ post by Michael Richardson of this video of a presentation by Jesper Dangaard Brouer of Red Hat at the recent DevConf.cz Brno 2013 titled: "Beyond the existences of Bufferbloat – Have we found the cure?” The slides are available for download as is the video that is embedded below.

The presentation is an interesting dive down into the technical weeds of what exactly is causing this bufferbloat problem and how it could be fixed with a combination of factors, most noticeably the CoDel (Controlled Delay) active queue management technique. I found it a useful explanation of many facets of the problem and solution and would encourage folks interested in this topic to give it a look. I'll also note as I did in my earlier post that more info about the bufferbloat problem in general can be found at www.bufferbloat.net.

Written by Dan York, Author and Speaker on Internet technologies
Follow CircleID on Twitter
More under: Access Providers, Internet Protocol
Google Adopts 'Palestine' Label for the Region's Search Page

Posted: May 7th, 2013, 3:29am WST by CircleID Reporter

Google has changed the tagline on the homepage of its Palestinian edition from "Palestinian Territories" to "Palestine". The change, introduced on 1 May, means google.ps now displays "Palestine" in Arabic and English under Google's logo.

Google spokesman Nathan Tyler, in a statement given to the BBC on Friday, said: "We're changing the name 'Palestinian Territories' to 'Palestine' across our products. We consult a number of sources and authorities when naming countries." ... "In this case, we are following the lead of the UN, ICANN, ISO and other international organisations."
Read full story: BBC
Follow CircleID on Twitter
More under: Internet Governance, Top-Level Domains, Web
BlackBerry Z10: New Products and Old Domains Don't Mix

Posted: May 7th, 2013, 12:23am WST by Josh Bourne

Type www.z10.com into your browser and you'll arrive at an Amazon page on which "Global Mobiles" sells unlocked BlackBerry Z10 phones. What? Did you expect to be directed to a BlackBerry (formerly Research In Motion) site just because the Z10 has been touted as the phone that will help make or break the struggling company? What happened?

A savvy domain speculator realized that his or her domain name had become a hot commodity well after the domain was registered, and it could be monetized in Amazon's affiliate program where commissions could be earned on Z10 sales driven to the popular ecommerce site via Z10.com. According to the Whois, the domain was created over 12 years ago, and was transferred to a registrant in Hong Kong in 2007. The Z10 phone, however, was only introduced to the U.S. market this year.

It's possible that the original owner decided to grab Z10.com because it sounded like a model of something before BlackBerry even conceived of the Z10 phone. Plus, it's well known that ALL two and three character .COMs and probably a good many four character .COMs have been gobbled up by speculators just waiting for some new whatchamacallit to debut on the market. Z10 sounds an awful lot like a car model — and if you type "Z10 car" into a search engine, you'll get hits for BMW's Z10 and Toyota's Z10 Soarer (a model sold in Japan in the '80s).

"This is fairly typical cyber-speculation activity," said Steve Levy, FairWinds' Intellectual Property Attorney. "Creative domain speculators will come up with creative names absent of a known product name. If one of those names is later adopted by a company as a brand, it can create a tough situation since there were no trademark rights at the time the domain was created and Uniform Domain-Name Dispute-Resolution Policy (UDRP) arbitration panels must reject claims when a domain name was not originally registered in bad faith. At that point it's time to explore other options such as an anonymous offer to buy the desired domain — preferably before the new product launches and price goes sky high."

There are some lessons here for companies managing the acquisition of domain names associated with the launch of a new product. Before a new brand is publicly announced, many companies will register the most obvious defensive domains. But if the product name is neither totally distinctive, nor incorporates a protected pre-existing trademark, and a domain name was registered well in advance of any trademark rights, it may be that acquisition is the only path forward apart from selecting another trademark with an available domain.
Written by Josh Bourne, Managing Partner at FairWinds Partners
Follow CircleID on Twitter
More under: Cybersquatting, Domain Names

Veni Markovski - The Blog

Майсторът и маргаритката (за интервюто на Кеворкян с Бойко Борисов)

Posted: May 6th, 2013, 10:05pm WST by Veni Markovski | Вени Марковски
Тази статия ще бъде посрещната с недоумение от някои хора, които си мислят, че Кеворк Кеворкян не е интервюирал достатъчно остро Борисов на 5-и май (Великден). Че едва ли не е трябвало да го разпъне на кръста, та той никога да не възкръсне.

Да оставим настрана, че навръх Великден, една седмица преди изборите, се прави интервю в гледано предаване, с един от кандидатите за депутати и бивш премиер и да се спрем само на няколко момента, които ще променят мнението ви.

Кеворкян показа за пореден път, че може да задава въпроси, при това такива, че на интервюирания да не му стане ясно как се превръща в едно цвете, подобно на теменужките, с които си говореше Костов навремето. Класическите политици на България от края на XIX век наричат това “Скубане на кокошката, без тя да кряка”.

В интервюто за предаването “Всяка неделя” по Нова телевизия Бойко Борисов сподели:
Да му стане жал на човек, когато чуе как Бойко започна да се оправдава… с цитати от Държавния департамент! Явно е забравил какво каза посланикът на САЩ повод Уикилийкс:
Т.е. по логиката (но не на Борисов), казаното в неформална обстановка е същото, което той споделя с българите всеки ден и неговите мисли съвпадат с мислите на българския народ.

Или с други думи – казаното от Бойко, Миро и Ники е… истината!

Но дори този шокиращ момент не може да изтрие зле прикритата обида, която Бойко таи по адрес на Цветан Цветанов. Ще кажете “Не е така!” Не е, ама е. И Бойко няма друг избор, освен в момента да се кълне, че вярва на Цветанов изцяло. Все пак идват избори, какво очаквате да каже? Какъв сигнал ще изпрати на привържениците на ГЕРБ? Че “моторът” на партията не заслужава доверие ли? Че не бива да се гордее с него ли (виж снимката вляво)?
“Винаги ми е бил помощник.”
Няма как да не си спомним, че бившият главен прокурор Филчев така го и беше определил (май пак при Кеворкян?) – като едно момче, което носеше папките на Борисов. Унижение струи от думите на Борисов. Няма начин едно момче, яло филии с мас и играло футбол по поляните на Банкя, да не е наясно, че “перфектният помощник” го е прецакал перфектно.
От всичко казано при Кеворкян, струи една нескрита обида, през която се прокрадва и омраза. Дали съм прав или не – бъдещето ще покаже, но до момента в България не е имало политически тандем, който да изкара дълго време. То и по света е така – с изключение може би на Русия, където Путин и Медведев си сменяха постовете.

И още един гвоздей при разпъването на Борисов:
Забележете – Кеворкян не го коригира, макар и добре да знае, че “империя на злото” е термин, вкаран в употреба не от комунистите, а напротив – от човека, който допринесе най-много за разпада на комунизма – щатският президент Роналд Рейгън. Гениално е просто как го закопава (друг е въпросът, че Кеворк не цитираше Станишев, а друг общественик, направил сравнението със Сталин и Берия).

Ето защо си мисля, че разговорът на Бойко Борисов с Кеворкян не е безплатен Пи Ар в полза на Борисов, а е по-скоро насочен към онези хора, които все още се колебаят и се чудят кое е по-малкото зло: ГЕРБ или някоя от останалите партии. След описанието на ГЕРБ като нещо измислено от Бойко, което не би съществувало без Бойко, то и наивните хора би трябвало да са наясно: ГЕРБ не е партия. Ако се съмнявате в моите думи, вижте какво казва самият Бойко:
Познавате ли истинска партия, която е избирала единодушно своя председател? Но познавате ли и друга партия, която да е имала само един отчетно-изборен конгрес – този, на който избра “единодушно” своя лидер? Да, доколкото разбирам, други отчетно-изборни конгреси не е имала. Пък и Бойко навремето им го каза – той ще определя кой какво прави в тази партия. Нещо повече – той дори им забрани да говорят по адрес на отделни политици, например по адрес на Първанов. Между другото – такава забрана по адрес на Плевнелиев няма. Още един факт, който беше вкаран от Кеворкян в употреба.

Но да завърша тази статия с традиционното за България заключение: Иван Костов не е прав! В разговора Кеворкян изобщо не засегна темата “Костов”. Дори подмина хапливата реплика на Бойко, който му каза, че Костов му е приятел.

Не знам какво си мисли Кеворкян, не знам какво си мисли Бойко, но знам, че от този разговор може да се направят редица изводи, кой от кой по-тъжни и мрачни за България.

Някак си не ми се иска да завършвам толкова унило статията, особено в днешния празничен ден – Гергьовден. Нищо, че президентът ни развали настроението с думите, че трябвало да харчим пари за изтребители.

Оптимистичното е, че времето е прекрасно и че само след седмица резултатите от изборите ще са ясни. Който и да ги спечели, дано да няма възможност да направи самостоятелно правителство. И дано да има достатъчно механизми за контрол върху действията на следващите властимащи. Видяхме какво се случва, когато МВР е оставено на разположение на един човек с неподходящо образования, ниска обща култура и никакво непознаване на правото: злоупотреби, обвинения, както и последващи обвинения от прокуратурата за извършени престъпления. Подобен мракобеснически режим не бива да се повтаря, иначе крехката демокрация няма да издържи. Ние не сме нито Англия, Швеция или САЩ, че да имаме векове развитие при нормални условия. Дори западните страни имат проблеми, дори и там се срещат отклонения от демократичното развитие, така че ние трябва винаги да полагаме двойно, тройно повече усилия, за да се справим с недостатъците си. Помислете само: ако се стремим към достигане на западния стандарт на живот, трябва да се движим много по-бързо, отколкото се движат по-развитите от нас страни. Няма как да стигнеш някой, който тича, ако ти ходиш пеш. Може да го стигнеш, ако той ходи пеш, а ти тичаш. И не се спираш час по час, за да смениш посоката. Няма как да станем по-демократична, по-успешна държава, ако ни управляват хора, които нарушават законите и не виждат нищо лошо в това. Които дори може би не го разбират.

Дали ще го разберат достатъчно хора – не знам, но ако не го кажа утре с право ще ме попитате “Защо мълча тогава?”

Мълчанието е най-лошото нещо, което ни се случва, а поговорките “Преклонена глава – сабя не я сече”, “Да би мирно седяло, не би чудо видяло” и “Мълчанието е злато” са само оправдание за страха, подлостта и преклонението пред силата. Да завърша и аз с едно клише:

По-добре е да дадем сила на правото, отколкото право на силата.
Той вече знае за кого както и за “ГЕРБ” в никакъв случай и за нищо на света няма да гласува…

Posted: May 6th, 2013, 1:47pm WST by Veni Markovski | Вени Марковски
(Препечатвам мнението на проф. Николай Слатински от неговия блог и с негово разрешение. Удебеленият шрифт е от мен. Вени Марковски.)

CircleID

Could You Go for a Year Without Internet Access? Paul Miller Reports on His Experiment…

Posted: May 4th, 2013, 5:29am WST by Dan York

Could you sign off of the Internet today — right now, in fact — and not come back online for 12 months? If you are a reader of CircleID, odds are pretty good that the answer is probably an emphatic "No!” This is, after all, a site for "Internet Infrastructure" and for most of us visiting the site (or writing here) the "Internet" is completely woven into the fabric of our lives… and we have a hard time thinking of a life without it.

Paul Miller did, though. Paul, a writer at The Verge, signed off on April 30, 2012, and just rejoined the rest of us this week… and being a writer naturally wrote a long piece about it: "I'm still here: back online after a year without the internet”

As he says in the article and the accompanying video, he was thinking of an escape:

I thought the internet might be an unnatural state for us humans, or at least for me. Maybe I was too ADD to handle it, or too impulsive to restrain my usage. I'd used the internet constantly since I was twelve, and as my livelihood since I was fourteen. I'd gone from paperboy, to web designer, to technology writer in under a decade. I didn't know myself apart from a sense of ubiquitous connection and endless information. I wondered what else there was to life. "Real life," perhaps, was waiting for me on the other side of the web browser.

I won't quote much more of the article because I think it's worth a read in its entirety. I did, though, find this an interesting quote:

My plan was to leave the internet and therefore find the "real" Paul and get in touch with the "real" world, but the real Paul and the real world are already inextricably linked to the internet. Not to say that my life wasn't different without the internet, just that it wasn't real life.

and this:

But the internet isn't an individual pursuit, it's something we do with each other. The internet is where people are.

I think of my own life, and the connections that I have, and the connectedness I have with so many people and with so many different facets of my life. Sure, I could go without the Internet for a year… but would I want to?
Written by Dan York, Author and Speaker on Internet technologies
Follow CircleID on Twitter
More under: Web
Tom Wheeler - New FCC Chairman

Posted: May 4th, 2013, 1:13am WST by Paul Budde

Tom Wheeler nominated by President Obama as the new chairman of the FCC.After a political and administrative process of more than a month Tom Wheeler has finally been nominated by President Obama as the new chairman of the FCC with the full support of Congress. Unlike other regulators around the world the FCC is directly accountable to the American Congress, making it a far more political body than most other regulators.

I have known Tom since 1983. He is an enormously energetic person and has been involved in the ICT industry for most of his working life, holding very senior positions within the American industry.

Currently he is the managing director at the Washington DC venture capital firm, Core Capital Partners, and before that, from 1979 to 1984, he served as president of the National Cable Television Association (NCTA) and as CEO of mobile carrier trade group CTIA from 1992 to 2004.

During all those years we have remained in touch and this connection was further strengthened when Barack Obama became President in 2008. As long as I have known Tom he has played a very active role in the Democratic Party and on one occasion I was invited to attend one of their events, which was quite an experience.

After the Obama win Tom became part of the Transition Team, overseeing the broad scale of technology, science and media. Before the election I had already discussed with Tom the idea that, if Obama were to win, I would be interested in sharing my views on telecoms with him. He took me up on that and put me in contact with Professor Susan Crawford who became the President's advisor on telecommunications. Together with an elite group of telecoms experts from America and Europe we produced several reports on telecoms infrastructure, structural separation, digital innovation and productivity.

There was also great interest in America in the developments around the Australian NBN and in 2009 I was invited to do a presentation on my views on this at a meeting in the White House. And our reports were used by the people within the FCC who wrote the American National Broadband Plan in 2010. It is interesting to see that many of the suggestions we made appeared in their plan.

The fact that Tom was part of the Transition Team, and the fact that he has shown great interest in different approaches to telecommunications, gives me a positive feeling about his appointment. Obviously an appointment like this is eliciting very strong comment in the USA — there are some who don't like the fact that Tom has such close links with the industry, while others see that as an advantage.

It is obvious that America is America, and that the political situation and the attitude to private and government investments is rather different from those in Europe and Australia. There will not be an NBN along the lines that developed in Australia, not even the tuned down-version of the Coalition.

As an American Tom is also a very strong proponent of reduced government involvement and strong support for commercial investments. While I do not always agree with his views on telecoms issues I have always been able to have very open discussions with him. My views are sometimes slightly more radical than his, but I have learned that the American way of thinking is indeed different and I can understand and respect that.

Tom's involvement in the mobile industry also gave him insight into spectrum issues, currently a hot topic in America. In the past he has challenged the broadcasters to become more active in the digital media and more innovative in using their spectrum for, among other things, mobile TV. So we can expect some fireworks there.

Of course, the really big issue in telecoms in the USA, as elsewhere, is the dominance of the vested interests and, particularly in America, their enormous influence in government policies (plutocracy). It will be interesting to see how Tom will handle these tricky issues. He will need all his diplomatic and negotiation skills to navigate a straightforward course through them.

I would like to take this opportunity to wish Tom wisdom and success in his new role.
Written by Paul Budde, Managing Director of Paul Budde Communication
Follow CircleID on Twitter
More under: Broadband, Policy & Regulation, Telecom
New Registry Agreement, All Good?

Posted: May 4th, 2013, 12:09am WST by Stéphane Van Gelder

In the run-up to the launch of new gTLDs, ICANN has been negotiating both of its main supplier contracts. The registrar contract (Registrar Accreditation Agreement or RAA) negotiations are now all but complete. A new contract draft has been posted for public comment and it now seems likely that in little over a month, this will become the official new 2013 RAA.

The registry contract (Registry Agreement or RA) negotiations have been going on for much less time and really only picked up in earnest after several registries made outspoken, sometimes angry, comments at the way they felt ICANN was handling the negotiations.

Subsequently, a registry negotiating team was set up to work with ICANN in a similar fashion to the registrars (who have been locked in negotiations with ICANN for getting on to almost 2 years now). For ICANN and new gTLD applicants, time is of the essence as the program obviously cannot launch without proper contracts in place to cover the whole domain name registration, management and distribution chain.

This impacts registries as well of course, as many of them are either applicants themselves, or working for applicants.

On April 29, ICANN's VP for DNS Industry Engagement Cyrus Namazi posted an upbeat report on the negotiations on the ICANN blog. "I am delighted to report that we have now posted a proposed final draft of the New gTLD Registry Agreement," Namazi wrote. "Similar to the proposed 2013 Registrar Accreditation Agreement (RAA) that was posted for public comment on 22 April 2013, the ICANN community is now able to review and comment on this final draft before it is approved and adopted."

Namazi's comments are clearly drafted to get the message across that all is well and that the registries and ICANN left the negotiating room as BFFs. "A new and highly spirited sense of mutual trust has catapulted us into a fresh atmosphere of collaboration," he added. "The spirit of teamwork, productive dialogue and partnership that has underpinned this negotiation process is tremendously heartwarming, as it has allowed us to bring to fruition a robust contractual framework for the New gTLD Program."

Really? In a letter sent to ICANN, senior managers at Verisign, the most powerful registry by market share, are extremely critical of the way ICANN has handled the negotiations and of the end result.

Issues appear to center around a clause which would give the ICANN Board a unilateral right to amend the contract. This has been strongly criticized by both registries and registrars, and Verisign is not happy with what it sees as a tool to allow ICANN to change the rules of engagement for its contracted parties at will.

The letter is a strongly worded as Namazi's post is lovey-dovey. So who is right? The proposed new RA was posted for public comment on April 29 for 42 days. Comments will then be collated and summarised for the ICANN Board, so that it can decide whether to approve the contract or not.

This is a major test for today's ICANN. On the one hand, it needs to show that it can control its supplier chain and provide Internet users with a safe and stable environment. But it also needs to show that it can provide the businesses in the domain industry with such an environment, especially with an expected 1,200 new TLDs coming online in the next few years. And lastly, ICANN needs to show that the bottom-up policy development process that gives it its unique position in the world of Internet governance is sacrosanct. Right now, the registries seem to think that ICANN is ready to throw the model under the bus whenever it suits its own devises.
Written by Stéphane Van Gelder, Chairman, STEPHANE VAN GELDER CONSULTING
Follow CircleID on Twitter
More under: Registry Services, ICANN, Policy & Regulation, Top-Level Domains

Veni Markovski - The Blog

Разбира ли Бойко Борисов какво значи да вярваш?

Posted: May 3rd, 2013, 8:35pm WST by Veni Markovski | Вени Марковски
Изгледайте добилия изключително бърза популярност в последните 24 часа видео клип, в който Бойко Борисов споделя през 2009 г. пред камерата на бТВ следното:
—

—

Обърнете внимание на два момента, в които той се прекръства.
Ще трябва да се напрегнете доста, защото

кръстенето му е с някакви блуждаещи движения около корема

(първото е около 3:14 мин., второто – около 3:33 мин.).

Защо ги споменавам ли? Защото а) не знае как да се прекръства и б) тъкмо след първото “прекръстване” камерата се спира върху лявата му китка, около която има вързан червен конец.

Да видим какво казват за кръстния знак:
Сами преценете дали Бойко Борисов е истински вярващ, а ако си мислите, че кръстният знак няма голямо значение, то помислете пак:
Да се спрем и на второто нещо – червения конец. Не за пръв път разбираме, че Бойко е суеверен. Ето какво казва преди две години самият той:
След подобни откровения, не ми остава нищо друго, освен да напомня десетте Божи заповеди, но май за нашия случай е по-добре да напишем и седемте смъртни гряха:

похотливост, чревоугодничество, скъперничество, леност, гняв, завистничество, горделивост.
Православната църква била добавила и суетата.

Вие си правете сами изводите кой от тези смъртни грехове е присъщ на Бойко, кой на Цецо, кой – на някой от техните другари.

И също така си задайте въпроса: Разбира ли Бойко Борисов какво значи да вярваш?

Regulation Watch Feed

Managed services – a net neutrality trap?

Posted: May 3rd, 2013, 6:31pm WST by Monika Ermert
In an April press release, Deutsche Telekom announced it would throttle IP traffic flows of its DSL customers once they cross certain data limits and to privilege their own and „partner“ content at the same time. The announcement stirred up some debate about the need for regulators and legislators to act to preserve network neutrality. Deutsche Telekom argues that its Smart TV bundle service Entertain and other „managed services“ are not part of its internet access service. International experts have warned that the so called managed services might be a shortcut to circumvent net neutrality rules in place in some countries (e.g., The Netherlands and Slovenia).

Deutsche Telekom serves DSL customers in Germany and as former incumbent also has to grant access to its DSL network to competitors. For years Deutsche Telekom management has fought the battle to have its newly built networks exempt from access obligations and has also publicly asked major internet platforms to pay for delivery of large data volumes in what it called two-sides markets.
Back to 364 Kbit/s
According to Deutsche Telekom the following rate limits will apply (even if only enforced possibly as late as 2016):
- Rates with a speed up to 16 Mbit/s: 75 GB
- Rates with a speed up to 50 Mbit/s: 200 GB
- Rates with a speed up to 100 Mbit/s: 300 GB
- Rates with a speed up to 200 Mbit/s: 400 GB
Once the user crosses the limits their connection will be slowed down to 384 Kilobit per second (Kbps). Business users would not be affected. Users could buy additional volume and Deutsche Telekom content and, the content of paying partners like big content or Internet platform providers would not be throttled.

Activists reacted swiftly warning against „castration“ of the net and against the harm to innovations in cloud computing and streaming underway. Representatives of the Green Party and the Social Democratic Party declared further legislative steps were necessary. The German telecommunication regulator confirmed it would check the new contracts in light of existing regulation.
Managed services vs. internet access
“Managed services will be delivered at a higher and guaranteed quality at an extra cost,” a Deutsche Telekom spokesman explained. The company was open “for any cooperation” and was preparing a “standardised and non-discriminatory service offer”. What is important in the dispute around net neutrality is that Deutsche Telekom argues that managed services are a “separate data stream, independent from the regular best effort internet data traffic.” The SmartTV-DSL bundle Entertain was “no internet service, but a TV service”, the spokesman underlined. “Managed services”, also called “specialised services”, are mainly defined as offered to subscribers only with granted levels of quality of service, but the lines are blurred.

By establishing the different “channels” operators regularly try to circumvent network neutrality regimes, several researchers have said. According to Barbara van Schewick, Faculty Director at the Center for Internet and Society of Stanford Law School, the ban on discriminating against “like applications” - applications of the same category be it video or email - did not protect applications from being disadvantaged with respect to network providers' offerings sold and operated separately from internet access.

An example was the Comcast's digital voice service. Van Schewick had been an ardent proponent of stricter net neutrality rules favouring only application agnostic network management to reinstall application blindness. The blindness of the net towards the application or content delivered has been said to be the cornerstone for innovations without permission. She has pointed out that if granted the option to manage like applications, operators tended to discriminate against whole classes of services like p2p. A study by the EU regulatory body BEREC showed that 20 percent of fixed network providers in the EU did pose restrictions on p2p traffic. The German telecommunication regulator in a measurement campaign found that users very often did not receive the bandwidth they paid for.
Freestanding non discrimination rules ineffective
James Speta, Associate Dean of International Initiatives at Chicago Northwestern University School of Law, pointed out that regulators for a long time had overlooked that mere non discrimination rules might have a feedback into how carriers design their services and networks in order to route around the net neutrality obligations.

Where carriers could not negotiate to share the surplus of valuable content provisions there was a clear incentive „to restrict their Internet services so that they can drive customers to the platform on which the carriers’ negotiating position is better.“ The US administration did address the respective concerns for the first time during the merger of Comcast and NBC when there was an acknowledgment that open internet protections might be weakened if broadband providers offer specialised services.

Speta's conclusion is that „nondiscrimination rules over Internet services can only work if they are backed up by reticulated behavioral limits on other services offered by integrated carriers. As a result, the only intellectual frame through which the issue can profitably be addressed is the frame of antitrust analysis. No freestanding nondiscrimination rule will be effective.“ It is something that European non-governmental organisations have to consider when they call for a better net neutrality regime.

CircleID

Noncommercial Users Ask ICANN Board to Review Decision to Expand Trademark Rights in New Domains

Posted: May 2nd, 2013, 1:38pm WST by Robin Gross

ICANN's Non-Commercial Stakeholders Group (NCSG) has filed a Request for Reconsideration with ICANN's Board of Directors regarding the staff's decision to expand the scope of the trademark claims service beyond that provided by community consensus policy and in contradiction to ICANN Bylaws.

Specifically at issue is ICANN staff's unilateral decision to adopt the "trademark +50" proposal for new domains, which would provide trademark holders who have previously won a UDRP or court decision with rights to 50 additional derivations of their trademark in ICANN's Trademark Clearinghouse (TMCH). Under staff's plan, large trademark holders that register in the clearinghouse will be provided thousands of derivations of their trademarks since each separate country's registration of the same trademark provides the brand owner with an additional 50 entries in the TMCH.¹ Entries in the TMCH trigger infringement warning notices to domain name registrants which can lead to increased liability for registrants, discourage lawful registrations, and chill speech on the Internet.

ICANN's bottom-up community-developed process for creating policy had approved of a TMCH model that allowed "exact matches" of trademarks only to be placed in the TMCH. In 2007, ICANN's GNSO Policy Council, including representatives from the Intellectual Property and Business Constituencies, approved the GNSO recommendations that created special protections for trademark rights by a supermajority vote.² As part of the multi-year consensus process, both the subsequent Special Trademarks Implementation (STI) Team and the Implementation Review Team (IRT) considered the issue of providing rights to exact matches or additional derivations, and both community-developed teams specifically opted for exact matches only to be placed into the TMCH. ICANN's CEO testified before U.S. Congress in 2012 that expanding the scope of the TMCH further would be inappropriate since it would create new rights that do not exist in law and ICANN should not be creating unprecedented rights.³

Many months after the final TMCH model of exact matches only was published in ICANN's Applicant Guidebook and new domain businesses relied on it when filing their applications, ICANN's Intellectual Property and Business Constituencies lobbied ICANN's new CEO to make drastic changes to the community-developed policy and grant additional trademark rights in the TMCH.

After the October 2012 Toronto ICANN Meeting, a "strawman solution" was proposed by ICANN's new CEO which included a number of IPC/BC's substantive policy proposals to give trademark holders additional privileges in the domain name system, including changing the exact matches only standard approved of by the community.

Yet ICANN's CEO recognized that expanding the scope of the trademark claims service was a policy matter requiring GNSO Council guidance, as he stated on his blog⁴ in December 2012; and the CEO did write to the GNSO Council to request guidance on this policy proposal. Under ICANN's Bylaws, staff may not change GNSO-approved policy, except under a strict process that involves consulting with the GNSO and a 2/3 vote of the Board of Directors.

NCSG filed comments on the proposed policy changes and warned against re-opening previously closed consensus agreements and circumventing ICANN's stated bottom-up policy development process.⁵ In addition to the flawed process for adopting this policy, NCSG also detailed substantive concerns with staff's proposal to expand trademark rights beyond anything that exists in trademark law. It came as no surprise that only members of the IPC and BC supported the strawman proposals in ICANN's comment period.⁶

In the GNSO Council's February 29, 2013 response to the CEO regarding the proposal to expand the scope of trademark claims, the GNSO Chair wrote, "the majority of the council feels that proposal is best addressed as a policy concern, where the interest of all stakeholders can be considered."⁷ Thus the GNSO Council also determined this specific proposal to be a policy matter, requiring consultation from the entire community before such a change could be made to existing GNSO Council approved policy.

Yet with only an email sent on 20 March 2013, ICANN staff announced in an attached memorandum that it would expand the scope of the trademark claims service to give trademark holders rights to 50 additional derivations of their trademark, in contradiction to GNSO developed policy of exact matches only and the subsequent requested GNSO Council guidance on the matter.⁸

Staff's only explanation for such a drastic shift in the creation of new rights: "this proposal appears to be a reasonable add on to an existing service, rather than a proposed new service". Thus with a single line of evasive text, years of hard-fought community consensus policy was brushed under the rug and the new era of policy development via ICANN staff edict was solidified.

On 19 April 2013 NCSG filed this Request for Reconsideration of the staff decision because ICANN did not follow its stated process for changing GNSO-approved policy. If ICANN wants to deviate from Supermajority GNSO-approved policy, it must follow the process outlined in the organization's Bylaws, Annex A Section 9.⁹ As an organization that holds itself out as a champion of the bottom-up policy development process, ICANN is obligated to comply with community-developed policies, unless the Board of Directors can muster the necessary 2/3rd vote to over-turn the community decision. That mandatory process was not followed by ICANN's staff or Board in over-turning the community-approved policy in favor of staff's policy to expand the scope of TMCH.

ICANN's Board Governance Committee has thirty days in which to make to a recommendation to ICANN's Board of Directors regarding the NCSG's Request for Reconsideration or report to the Board on why no final recommendation is available and provide a timeframe for making a final recommendation on the matter. ICANN's entire Board should consider the recommendation of the Board Governance Committee at its next regularly-scheduled Board meeting.

Under Article IV Section 2 of ICANN's Bylaws, the Request for Reconsideration process is a mechanism intended to reinforce ICANN's accountability to the community for operating in a manner consistent with its Bylaws.¹⁰ Because the staff's unilateral decision to change GNSO-approved policy was not consistent with ICANN's Bylaws and contradicted ICANN stated policy, NCSG filed the Request to correct the error and bring ICANN into compliance with its Bylaws and stated policies.

NCSG requests that the Board reinstate the community-developed policy of giving trademark holders rights to include exact matches of their trademark only in the TMCH, which was the policy stated in ICANN's Applicant Guidebook when ICANN accepted applications for new domains.

• NCSG's Request for Reconsideration (PDF)
• Attachments to NCSG's Request for Reconsideration (PDF)
• ICANN Website on Requests for Reconsideration

¹ http://domainincite.com/...

² http://gnso.icann.org/en/issues/new-gtlds/...

³ [www.internetcommerce.org]

⁴ [blog.icann.org]

⁵ http://ipjustice.org/wp/2013/01/14/...

⁶ [forum.icann.org] / See also:
Comments of Registrar Stakeholder Group
Comments from New TLD Applicant Group
Comments of Non-Commercial Stakeholder Group
Comments of the Internet Service Provider Constituency
Comments of Public Interest Registry

⁷ http://gnso.icann.org/bitcache/...

⁸ http://newgtlds.icann.org/en/about/trademark-clearinghouse/...

⁹ [www.icann.org]

GNSO Policy Development Process

Section 9. Board Approval Processes. a. Any PDP Recommendations approved by a GNSO Supermajority Vote shall be adopted by the Board unless, by a vote of more than two-thirds (2/3) of the Board, the Board determines that such policy is not in the best interests of the ICANN community or ICANN. If the GNSO Council recommendation was approved by less than a GNSO Supermajority Vote, a majority vote of the Board will be sufficient to determine that such policy is not in the best interests of the ICANN community or ICANN.

b. In the event that the Board determines, in accordance with paragraph a above, that the policy recommended by a GNSO Supermajority Vote or less than a GNSO Supermajority vote is not in the best interests of the ICANN community or ICANN (the Corporation), the Board shall (i) articulate the reasons for its determination in a report to the Council (the "Board Statement"); and (ii) submit the Board Statement to the Council.

c. The Council shall review the Board Statement for discussion with the Board as soon as feasible after the Council's receipt of the Board Statement. The Board shall determine the method (e.g., by teleconference, e-mail, or otherwise) by which the Council and Board will discuss the Board Statement.

d. At the conclusion of the Council and Board discussions, the Council shall meet to affirm or modify its recommendation, and communicate that conclusion (the "Supplemental Recommendation") to the Board, including an explanation for the then-current recommendation. In the event that the Council is able to reach a GNSO Supermajority Vote on the Supplemental Recommendation, the Board shall adopt the recommendation unless more than two-thirds (2/3) of the Board determines that such policy is not in the interests of the ICANN community or ICANN. For any Supplemental Recommendation approved by less than a GNSO Supermajority Vote, a majority vote of the Board shall be sufficient to determine that the policy in the Supplemental Recommendation is not in the best interest of the ICANN community or ICANN.

¹⁰ [www.icann.org]
Written by Robin Gross, Founder and Executive Director of IP Justice
Follow CircleID on Twitter
More under: Domain Names, Registry Services, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains
Reframing the Infrastructure Debate

Posted: May 2nd, 2013, 5:02am WST by Doc Searls

Fast and reliable infrastructure of any kind is good for business. That it's debatable for the Internet shows we still don't understand what the Internet is — or how, compared to what it costs to build and maintain other forms of infrastructure, it's damned cheap, with economic and social leverage in the extreme.

Here's a thought exercise… Imagine no Internet: no data on phones, no ethernet or wi-fi connections at home — or anywhere. No email, no Google, no Facebook, no Amazon, no Skype.

That's what we would have if designing the Internet had been left up to phone and cable companies, and not to geeks whose names most people don't know. What those geeks came up with was something no business or government would ever contemplate: a base infrastructure of protocols that nobody owns, everybody can use and anybody can improve. For all three of those reasons the Internet supports positive economic externalities beyond calculation.

The only reason we have the carriers in the Net's picture is that we needed their wires. They got into the Internet service business only because demand for Internet access was huge, and they couldn't avoid it. Yet, because we still rely on their wires, and we get billed for their services every month, we think and talk inside their conceptual boxes.

Remember that the telco and cableco business models are based on routing everything through billable checkpoints. Is this what we want for the rest of the Net's future?

We have to remember that the Internet isn't just a service. It's the platform for everything we connect. And the number of things we will connect over the next few years will rise to the trillions.

To understand how the Internet ought to grow, try this: cities are networks, and networks are cities.^† Every business, every person, every government agency and employee, every institution, is a node in a network whose value increases as a high multiple of all the opportunities there are for those nodes to connect — and to do anything. This is why every city should care about pure connectivity, and not just about billable phone and cable company services.

We should be building a network infrastructure that is as neutral to purpose as water, electricity, roads and sewage treatment — and that anybody, including ordinary citizens, can improve. We can't do that if we're wearing blinders supplied by AT&T, Comcast, Time Warner and Verizon.

† I came to the realization that networks are cities, and vice versa, via Geoffrey West — first in Jonah Lehrer's "A Physicist Solves The City," in the New York Times, and then in West's TED talk, "The Surprising Math of Cities and Corporations." West is the physicist in Lehrer's piece. Both are highly recommended.
Written by Doc Searls, Author
Follow CircleID on Twitter
More under: Access Providers, Broadband, Telecom, Web
US Smart Grid Networks Exploiting Infrastructure to Provide Wireless Broadband

Posted: May 2nd, 2013, 1:20am WST by Henry Lancaster

The USDA Rural Development's Rural Utilities Service (RUS) has now spent the $250 million committed for smart grid technologies. To this has been added an additional $201 million in funding approved by the Agriculture Secretary to electricity utilities in eight states to install smart grid technologies and improve their generation and transmission facilities. The beneficiaries are spread among a large number of states.

This investment is helping smart grids to become the norm across the country. A side benefit is that utilities are also developing their smart grids for telecoms over and above that used by meters to send data to network controllers.

As an example, earlier this year the utility serving Santa Clara began using its smart grid technology and infrastructure to deliver free citywide outdoor WiFi. While meters send data via an existing wireless network, a separate channel is used to provide outdoor internet access. The WiFi network is growing in scope and reach as more premises are equipped with smart meters.

The potential for expanding WiFi coverage is huge. There are about 120 municipalities with citywide WiFi networks accessible to the general public. In addition, there are about 60 cities with citywide or near citywide coverage though these networks are now limited to government applications, such as public safety. There are also about 80 or more cities with large outdoor WiFi areas, mostly located in parks and downtown zones.

A hindrance to cities aiming to develop comprehensive WiFi networks has come from the powerful telecoms industry, which employs its lobbying clout to push for laws blocking or preventing municipalities from offering WiFi or fixed broadband services.

The use of smart meters to provide WiFi using existing (and expanding) infrastructure presents a separate challenge, since the telcos would have to battle utilities rather than municipal governments.
Written by Henry Lancaster, Senior Analysts at Paul Budde Communication
Follow CircleID on Twitter
More under: Access Providers, Broadband, Telecom
Will the Trademark Clearinghouse Fulfill its Potential?

Posted: May 1st, 2013, 11:40pm WST by Thomas Barrett

ICANN created the Trademark Clearinghouse (TMCH) as a way to streamline the repetitive process forced on trademark owners during the launch of new top-level-domains. With the expected tsunami of hundreds of new TLD's starting later this year, the TMCH should generate a clear benefit for trademark owners who elect to participate in Sunrise and Claims Periods.

The side effect of introducing new TLDs is that the legacy TLDs will be making changes to make sure they are competitive against the new TLDs. This means they will be relaxing restrictions and opening up unused namespaces at the second and third-levels. Many of these will follow a Sunrise or Grandfathering process as a way to implement the changes.

Already three existing TLDs (one sTLD and two ccTLDs) have announced such policy changes and decided they would like to utilize the TMCH Sunrise tokens for their Sunrise Period. This includes .Jobs, Radio.AM and Radio.FM. Donuts, the largest applicant with over 300 TLD applications, have also indicated they will use the Sunrise token from the TMCH for a universal blocking service called Domain Protected Marks List (DPML).

All this is happening before the TMCH has even supported its first new TLD. While ICANN has welcomed the use of TMCH by .Jobs, it remains to be seen if ICANN will also welcome use of the TMCH by ccTLDs.

The eventual benefits and viability of the TMCH will hinge on a few factors:

• Will trademark owners even use it?
• Will the main driver be participation in Sunrise or Claims?
• Will other existing TLDs want to use it?

Will Trademark Owners Even Use it?

It is a given that trying to participate in every future Sunrise Period would overwhelm the budgets of nearly every trademark owner. Every sage legal advisor is counseling that the trademark owner must be ultra-selective about which Sunrise Periods they engage in.

On the other hand, a review of the Trademark Agents published on the TMCH website show a good number of law firms have already advanced the TMCH the minimum $15000 required to be an Agent. If this trend continues, then it is a clear indicator that law firms will aggressively market the TMCH to their clients. (Disclosure: My firm, TM.Biz is offering a portal for these Trademark Agents).

Will the Main Driver Be Participation in Sunrise or Claims?

Trademark Claims provides some protection in every new TLD. But it is for exact matches only and only for the first 90 days. This forces trademark owners to also subscribe to a watching service that catch confusingly similar registrations not caught by the Claims service. I predict trademark owners will elect to do both Claims and watching to ensure they catch domains that might confuse their customers.

Will other existing TLDs want to use it?

There are actually two parts to the TMCH. The validation service is performed by Deloitte and CHIP. They are issuing Sunrise tokens called Signed-Mark-Data (SMD) files to trademark owners as proof that a trademark has satisfied the requirements for the typical Sunrise Period. The Database Administrator for the TMCH is IBM. They actually help Registries and Registrars operate the Sunrise and Trademark Claims Periods. The validation service initially launched on March 26. The database part is expected to launch in July.

But there are applications for just the TMCH Sunrise tokens that do not require IBM to be used. This is because the SMD file is portable. For example, any country-code TLD who decides to change their policies and wanted to conduct a Sunrise Period first, could accept SMD files from trademark owners.

Also, any TLD that wanted to accept SMD files for a new Rights Protection Mechanism, as Donuts is planning; also do not need IBM in the process.

The .Jobs Sunrise Period

The .Jobs TLD has decided to eliminate the current restriction that .Jobs domain names must match company names. This means that product and division names will be eligible for .Jobs. Before this change takes effect, .Jobs will first conduct the Sunrise Period that is designed for new TLDs. .Jobs will utilize both parts of the TMCH. Thus they need to wait for IBM, their Back-end Registry and Registrars all to be operational before they can conduct their Sunrise Period.

The Radio Global Domains

The .AM and .FM ccTLD's, have long been re-purposed for the Radio industry. They are now introducing new namespaces, called Radio Global Domains, which are designed to target new market segments within the Radio industry. These will be radio.am and radio.fm. Before these changes take place, they will also undergo a Sunrise Period starting May 28. Validation for the Radio Global Domains Sunrise Period will be performed on either trademark data or the Sunrise tokens called Signed-Mark-Data (SMD) files issued by the TMCH. All this is happening without the need for the involvement of IBM, or even for Registrars to support the new protocols required for the new TLD Sunrise Periods. (Disclosure: My firm, TM.Biz will be handling the trademark validation, SMD validation and direct submission of Sunrise registrations to the Registry).

It is still an open issue whether the TMCH will be capable of issuing SMD files by May 28 for use by the Radio Global Domains. Or if the TMCH is capable of issuing SMD files by this date, whether ICANN will allow the TMCH to release the SMD files so that the ccTLDs can use them.

There are no doubt other ccTLDs that are interested in changing their registration rules and restrictions that might consider holding a Sunrise Period first. I predict that these ccTLDs would be interested in using the SMD files as well, if allowed by ICANN.

Additional Rights Protection Mechanisms

The largest TLD applicant, Donuts, is also planning to accept SMD files for its universal blocking service called Domain Protected Marks List, or DPML. As applicant of over 300 TLD's, with half of those uncontested, a DPML represents a good value for trademark owners.
There may be other applicants that decide to offer new Rights Protection Mechanisms that utilize the SMD file.

Hopelessly Optimistic

The Trademark Clearinghouse has enormous potential to support the domain name industry. The portability of the SMD files enables many uses that were not originally envisioned by its creators. Certainly, the days of a TLD manually checking trademark databases should be coming to an end with SMD files becoming the new de facto standard for trademark validation. It will be interesting to see how this evolves over time.
Written by Thomas Barrett, President - EnCirca, Inc
Follow CircleID on Twitter
More under: Domain Names, ICANN, Law, Top-Level Domains

Regulation Watch Feed

Taxing the cloud: introducing a new taxation system on data collection?

Posted: May 1st, 2013, 7:54pm WST by Primavera de Filippi

Information and communication technologies (ICT) are a growing source of innovation and wealth which potentially affects every sector of the economy (online and offline). Although it is important to account for the specificities of the digital environment, tax regulations should apply equally to online and offline operators. Yet, fiscal revenues derived from the commercial activities of many internet giants - such as Google, Amazon, Apple or Facebook - do not seem to follow the same trend.

Indeed, according to the French Telecom Federation, more than 5 billion euros are collected every year by these companies through their interactions with French citizens, but only a really small fraction thereof is actually accounted for when establishing the amount of taxes paid to the French government. For instance, Google alone is suspected to have achieved in 2011 a turnover between 1.25 and 1.4 billion euros (most of which is derived from advertising activities on the internet) but only paid a little bit over 5 million euros as corporate income tax to the French government[1].

Digital taxation has become an important concern for many governments, in Europe and beyond: countries such as Germany, the United Kingdom and the United States have been trying to tackle the issues of tax avoidance and profit shifting for many years, both at the national and international levels. More recently, the issue has been specifically addressed by the French government, which sets out to start a “war against tax piracy” in the cyberspace through the introduction of a new tax - which, if implemented, would effectively put France at the frontline in terms of digital taxation regulations.

In this regards, a series of verification procedures have been undertaken against large multinational groups suspected to avoid compliance with French tax regulation by billing most of their customers from abroad, so as to evaluate the amount of money owed to the French state. In addition to Microsoft - which has been requested to pay 52.5 million euro for tax evasion - the main targets are Google, Amazon, Facebook and Apple (the so-called "GAFA gang") suspected to pay only a very limited share of corporate income taxes.

In June 2011, the National tax inspection authority and French customs conducted a raid on the headquarters of Google France. After having examined several emails, invoices, and other contracts with a view to determine the amount of value-added tax (VAT) and corporate income tax which had not been paid by the company between 2008 and 2010, it appears that the U.S. company might have to pay damages for more than 100 million euros. Few months later, it is the turn of Amazon to be investigated. After thorough analysis, the Tax inspection authority asked the U.S. company to pay 198 million euros of tax arrears, interests and penalties related to the false reporting of foreign sales in France. Finally, the French tax inspection authority conducted a search in the Paris headquarters of Facebook, in order to double-check the veridicity of the company’s tax returns declaration. Like the other two companies, Facebook is suspected to divert most of its revenues through Ireland in order to benefit from laxer tax regulations.

This practice, generally referred to as the practice of tax avoidance - as opposed to tax evasion, consists in using the taxation system to one’s advantage, so as to legitimately reduce the amount of due taxes without infringing the law. This practice has become widespread on the internet, due to the ability for large online operators to circumvent an aging taxation scheme that is designed around the concept of territorial jurisdiction and geographical settings. Tax avoidance is in fact much easier to achieve in the context of cloud computing services, hosted on international servers and distributed amongst multiple data centres which are not necessarily located in the country where taxes are due.

Thus, in view of obtaining proper tax revenues from online services provided by international corporations whose business is partially carried out in France, the French government has commissioned a study (analysed in detail below) to find out how to effectively deal with internet giants that are suspected to constantly experiment with new tax optimisation schemes with the goal to reduce tax contributions to a minimum.
French reports on new taxation rules for the digital economy
After a first report filed on June 27, 2012 by French Senator Philippe Marini (Chairman of the Finance Committee) presenting the roadmap for a neutral and equitable taxation scheme for the digital world, the French government decided to address the question of “digital taxation” (fiscalité numérique) more in depth. In an interview with Le Monde, the French Minister for the digital economy, Fleur Pellerin, explains that “as Europe is increasingly turning into a tax haven for large multinational corporations”, the French government intends "to restore a balance between online and offline operators”. Thus, following Marini’s report, the French Ministries of Finance and Economic Regeneration commissioned a study aimed at fighting tax piracy in the cyberspace. The findings of this study have recently been presented in the form of a comprehensive (and slightly controversial) report - published on January 22, 2013 - which emphasises the need for new taxation rules at the national and international level[2].

Indeed, the advent of internet and digital technologies challenged the traditional approach to corporate taxation - whose rules have rapidly become obsolete with the advent of cyberspace. Many online operators rely on innovative business models with large productivity gains that do not, however, generate any revenue for the states they operate in. According to the authors of the report, this is due to three important factors: Firstly, the rapid and constant evolution of online practices and activities makes it difficult to identify specific points of stability on which to levy a tax. Secondly, these online practices systematically dissociate the place of establishment (of the company providing the service) with the place of consumption (by the user of that service). The wealth generated by these companies is, therefore, increasingly difficult to locate, and, consequently, ever more difficult to tax. Thirdly, given that most of the large online operators are either vertically or horizontally integrated, they can split their businesses into several companies so as to separate data collection activities from the activities that actually generate profits. Thus, it becomes easy for these companies to transfer their profits into offshore tax havens, where they can benefit from divergent tax regulation. Such is the case of Google, which in 2011, managed to save up to 2 billion US dollars in corporate income taxes by shifting 9.8 billion US dollars in revenues into a Bermuda shell company.

The report proposes to reform taxation systems to better comply with the way value is generated in the digital economy: at the international level, it is suggested that taxation should be calculated according to the place of interaction with end-users; at the national level, the authors suggest to introduce a transitory tax on data collection in order to promote innovation and encourage good online practices.
1. Taxation according to the place of interaction
International tax laws require corporate profits to be taxed according to the law of the country in which the corporation’s headquarters are located - which is often the country with the lowest taxation rate. Sometimes, other countries can nonetheless levy corporate taxes when the company enjoys a “permanent establishment” in that country - a concept defined by the OECD Model Tax Convention, which constitutes the basis of corporate taxation in most EU member states.

Yet, given that the concept of “permanent establishment” did not keep up with recent developments of the digital economy, its redefinition was suggested in order to better comply with the specificities of a “data-driven digital economy”. Based on the new role of users as co-creators of value in the supply chain, the notion of “permanent establishment” should not only account for the physical location of the servers on which the services are hosted, but also for the place of interaction with end-users[3] - which is where the process of value creation actually takes place.

The problem is, of course, that international taxation schemes are based on international tax treaties and mutual agreements amongst countries. The implementation of such a proposition will thus necessarily require a long period of negotiations both at European and international level.
2. Transitory tax based on data collection
In the meantime, the authors of the report suggest to intervene at the national level, in order to better account for the role of data in value creation by introducing a “transitory internet tax” based on the collection and processing of user data.

Indeed, all internet intermediaries (and cloud computing operators in particular) have the ability to collect a large variety of user data - be it data provided voluntarily by users, data derived from the systematic monitoring of user activity, or data involuntarily left behind while surfing the internet. Such data can be exploited in many ways: to provide target advertising, to make purchase recommendations, to better customise a product, to increase customer loyalty and trust, or to apply price discrimination - all activities that might lead (directly or indirectly) to greater customer satisfaction and higher profitability.

The authors claim that data - and especially personal data - “are the goldmine of the digital economy”, and should therefore be regarded as one of the main drivers of economic growth. Just like goods, data can be stored, aggregated and reused at a later time, so as to provide new value in the long term.
Internet users as cheap labour
More and more, on the internet, as users become an integral part of online business operations, the line between consumption and production begins to blur. Large social networks, such as Facebook, Youtube or Google+ strongly benefit from “the free and voluntary contribution of internet users” - which includes both personal data and user-generated-content. Yet, given that they are not paid for, user contributions (described by the authors as "free labour", as opposed to “crowdsourcing”[4]) constitutes a strategic source of revenue for many cloud operators and online intermediaries. Indeed, by leveraging on data produced by user activity, online operators can provide many of their services for free, while nonetheless making significant profits through the commercial exploitation of such data. Besides, user contributions can easily be capitalised upon to either boost advertising revenue or to increase the user-base for other complementary (paid) services. Traditional taxation schemes, however, generally fail to take these practices into account.

Hence the proposition to introduce “a tax on the collection, processing and commercial exploitation of user data” - whose rate would be determined according to the number of users and the intensity of data collection. While any company that “regularly and systematically” collects user data could potentially be affected by such a tax, it would, however, only apply “above a specific threshold of users” who are physically located in France. According to the report, the volume of data collected from French users would be determined on the basis of a self-declaration by every foreign company, but would always remain subject to inspection by the tax authorities. Failure to comply with such an obligation would result in the tax rate being calculated according the total flow of data transferred outside of France.

The advantage of using “data” as a basis for taxation is that it constitutes a “neutral tax basis” which applies to most of the activities in the online economy. Yet, establishing a tax over data collection per se would not be constitutionally valid to the extent that it would infringe the principle of tax equality[5] - which requires that every tax contribution corresponds to the contributor’s ability to pay. However, since every company does not produce the same value with the data it collects, determining the profits that potentially could derive from the exploitation of such data can be a very difficult task.

Hence, rather than as a means to increase state revenues, the idea is to design the tax as an “incentive for virtuous behaviour”.

There are, in fact, many cases in which taxation is not proportionate to the actual profits generated by the company. This is the case of all the taxes whose main purpose is to encourage contributors to behave in a way that is compliant with the general interests of society - such as, for instance, the French taxes on polluting activities (TGAP) or the “carbon tax” aimed at lowering the impact of carbon dioxide emission on the environment.[6]

Drawing from these examples, the idea suggested by the two authors is to use the proposed “internet tax” to promote business transparency and good practices, encouraging online operators to innovate without impinging upon users’ rights.

The authors, furthermore, propose that the new tax regulation would only levy a tax insofar as the company does not comply with the specific requirements of the law in terms of user privacy and empowerment and, its rate would ultimately depend on the company’s behaviour and online practices (as assessed by independent auditors). It would be adjusted to favour companies that comply with relevant data protection laws, respect individual liberties, and properly disclose their data - either to the individual concerned (smart disclosure[7]) or to society as a whole (through open data[8] or open APIs[9]) - in a format allowing for easy access and reuse. Conversely, companies collecting or exploiting personal data without providing proper notification to their user-base, or companies providing insufficient access to that data might be taxed more heavily.
Impact and international considerations
Many cloud operators - such as Google, Facebook, Apple, Amazon and Twitter - would obviously be affected by the proposed new taxation scheme. Yet, they are not the only ones. Traditional businesses (such as online banking, web-mail and e-commerce platforms, or any website that collects a large number of customer information) could also be affected by this new tax to the extent that - provided that they operate under French law - they will have to pay for the collection or processing of French user data.

The authors of the report acknowledge that an in-depth impact study is needed to ensure that the tax only applies to the type of companies it was meant for. Until then, it was suggested that, for the sake of simplicity, the tax would initially apply - on an experimental basis - only to the providers of mobile applications (such as Apple Store, Google Play Store, Blackberry’s App World, or Amazon’s Kindle Fire Apps) whose identification is easiest. These operators would thus become liable to the French state to pay for the collection of user data - with a tax rate calculated on the amount of data collected and the manner in which it has been collected.

Thus far, the report has spurred great interest and debate. While the general principle of a transitory taxation scheme for the digital economy seems relatively sound, linking this tax to the collection of user data has nonetheless generated considerable controversy both in France and abroad (such as in Germany, Spain, Italy, the U.K. and the U.S.)

The French government still has to take a position concerning the new internet tax - which might raise a large number of challenges as regards its legitimacy and practical implementation both in the national and international framework. Indeed, after having described the report as “intellectually outstanding”, Mr. Retailleau (Senator and Rapporteur of the report on behalf of the Economic and Finance Committee) expressed his concerns that the "practical and operational implementation” of these recommendations seems to be “very delicate". In this regards, the Conseil National du Numérique (CNN) - a digital affairs advisory council to the French National Assembly - has recently been requested to assess the viability and the potential consequences of such a new taxation scheme, which could potentially be introduced in the 2014 Financial Bill.

The implementation of this new tax would put France at the forefront of international policy making, by establishing a new taxation system for the digital economy. This system would not only establish more fiscal accountability for processors of personal data, it also might allow France to impose its own data protection standards on a variety of multinational online operators.

At the international level, international negotiations to adapt tax regulations to the digital economy are to be expected at the next G20 Finance summit on February 14-15th, 2014 - in the framework of the OECD’s action plan against tax avoidance.
References
[1] Greenwich Consulting Study for the French French Telecom Federation. April 2013. http://www.fftelecoms.org/sites/fftelecoms.org/files/contenus_lies/broch...

[2] The study was composed of two experts - Pierre Collin (State Councilor and specialist tax lawyer) and Nicolas Colin (Inspector of Finances) - whose mission was to propose a series of changes to national and international tax regulations so as to better account for the value created by online firms.

[3] A similar position has recently been taken by the French data protection authority (Commission nationale de l'informatique et des libertés) as regards the protection of personal data, which - it is claimed - should not be regulated exclusively according to the law of the country where the servers are located.

[4] Wikipedia defines crowdsourcing as the practice of obtaining needed services, ideas, or content by soliciting contributions from a large group of people, and especially from an online community, rather than from traditional employees or suppliers. A narrower definition is provided by web strategist Henk van Ess, according to whom crowdsourcing is "channeling an expert’s desire to solve a problem and then freely share the answer with everyone" - a definition which emphasises the ethical need to return the resulting contributions to the community.

[5] In French law, the principle of tax equality (principe d’égalité devant l’impôt) is derived from Article 1 (“Men are born and remain free and equal in rights”) and Article 13 (“A general tax [...] must be equally distributed among all citizens, in proportion to their ability to pay”) of the Déclaration des Droits des Hommes et des Citoyens, as well as Article 1 of the 1958 Constitution which states that France guarantees equality before the law for all citizens without distinction of origin, race or religion.

[6] A number of countries have implemented carbon taxes or energy taxes that are related to carbon content. Most environmentally related taxes with implications for greenhouse gas emissions in OECD countries are levied on energy products and motor vehicles, rather than on CO2 emissions directly.

[7] Smart disclosure is when a private company or government agency provides a person with periodic access to his or her own data in open formats that enable them to easily put the data to use.

[8] Open data is the idea that certain data should be freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control.

[9] The term Open API has been in use based on recent trends in social media and Web 2.0. It is currently a heavily sought after solution to interconnect websites in a more fluid user-friendly manner. Open API also applies to collaborative services environments where managed service providers can also outsource specific services to other providers via systems integration

CircleID

CERN Celebrates 20 Years of The Free And Open Web

Posted: May 1st, 2013, 11:06am WST by Dan York

Of all the many applications and services that run on top of the Internet, arguably none has been more successful than that of the World Wide Web. Invented by Tim Berners-Lee back in 1989 while he was a physicist at CERN, the "Web" has fundamentally changed almost every aspect of our life… and become a part of basically every aspect of our life. Think of a part of your life… and then think of the websites that are part of that. Whether it is social networks, banking, shopping, dating, news, reading, publishing, writing, gaming, sports and now even communicating in real-time… all are aspects that somehow involve the "Web".

Today, April 30, is a special day in the history of the Web, because, as recounted on that newly-redesigned famous website (because it was the first website), info.cern.ch, it was twenty years ago today that CERN published a statement that put the WWW technology out in the public domain for all to use. Building on the long history of openness of the Internet, CERN stated very clearly that "CERN relinquishes all intellectual property rights to this code, both source and binary form and permission is granted for anyone to use, duplicate, modify and redistribute it”.

And thus was born the wider Web ... anyone could download, use and modify the W3 server software and the W3 client and start creating new sites. And people did! By the tens… and hundreds… and on and on… changing and modifying the code to satisfy their own dreams and ideas. Keep in mind, this was before Mosaic and other graphical clients changed the Web again by introducing images along with text. The original Web was one of text. I remember telnetting to info.cern.ch back in the early '90s to see what this "World Wide Web" thing was all about - and pressing numbers to follow links. It was a very different world.

Still, from those early days - and more importantly from the openness of those early days - came everything else about the Web that we use today. Those early adopters didn't need to ask anyone for permission to innovate… they just downloaded the code and started hacking away.

Thank you, CERN, for the reminder of the importance of today - and of the incredible importance of an open Web… riding on top of an open Internet.

P.S. Vint Cerf has a great retrospective out today as well: The open internet and the web
Written by Dan York, Author and Speaker on Internet technologies
Follow CircleID on Twitter
More under: Web
CERN Recreating First Webpage to Commemorate 20th Anniversary

Posted: May 1st, 2013, 2:50am WST by CircleID Reporter

A team at the European Organisation for Nuclear Research (CERN) has launched a project to re-create the first web page. The aim is to preserve the original hardware and software associated with the birth of the web. The initiative coincides with the 20th anniversary of the research centre giving the web to the world.
Read full story: BBC
Follow CircleID on Twitter
More under: Web
Announcing the Final Terms of the First Applicant Auction for Contested gTLDs

Posted: April 30th, 2013, 8:25am WST by Sheel Mohnot

We received several emails and phone calls with thoughtful comments on the proposed plan for the first Applicant Auction and have made several small changes to the plan. The final terms will be sent to applicants who requested the RFC, and can also be requested on our website.

Here is a quick summary of the changes:

Auction prices:
Several bidders wanted a bit more certainty about how prices will be set. In response, we commit to setting the first round prices exactly as proposed (min price is 0, max price is $50,000 * number of bidders). Further, if all bidders are still bidding in the second round, then second round prices will be exactly as proposed (start price + 10% * number of bidders).

Information transparency:
We received balanced comments on the new information policy, which indicates that we found a decent compromise. In particular, most applicants accepted that preserving winning bidders' privacy by not disclosing exact winning prices was a worthwhile goal. To make this provision meaningful, we will comply with one applicants' request to contractually obligate applicants to keep the winning price confidential.

Timeline:
Finally, applicants felt that a 2-day auction was too short and that more time should be allotted to ensure that all bidders have time to familiarize themselves with the system and the process, and to think through how to bid. To accommodate this, we will make two changes:

a) As originally planned, we will offer a voluntary mock auction 3 days before the auction, scheduled for Thursday May 23rd. This will be run exactly as the real auction except that the results have no meaning, and the schedule will be heavily accelerated. We encourage all bidders to participate - the mock auction is a good test to make sure that you have the right login credentials and know how to place bids.

b) we will plan for the auction to take 3 or 4 days. The first auction round will be on May 28th and will last for 24 hours, as before. For subsequent rounds, we will do our best to set a schedule that reflects actual bidders' time zones. Rounds will last 2 hours initially, but if bidding activity during the auction indicates that not that much time is needed, we may shorten the rounds. In no case will the rounds be shorter than 30 minutes.

Deposits:
We will not allow bidders to increase their deposit during this auction. The reason is that the auction will be relatively short (4 days), that we would like to keep the first auction simple. We are open to changing this for future auctions.

A small change to mitigate order of magnitude error:
Finally, a small addition to the terms. In any round after Round 1, bidders may bid up to 9 times the Start Price of a round, or Minimum Price to Continue of a round, whichever is higher. This helps protect bidders from accidentally adding an extra "0" when typing in their bid."

We hope that these rules will be acceptable to all interested bidders and maximize participation. Any bidders who do not find these terms workable for them are invited to comment and participate in one of our future auctions. Those interested in participating in the first auction and receiving legal documentation and login credentials for the mock auction should register their interest on our website.
Written by Sheel Mohnot, Consultant
Follow CircleID on Twitter
More under: ICANN, Top-Level Domains
Can't Sell Your IPv4 Numbers? Try Leasing Them

Posted: April 30th, 2013, 5:40am WST by Brenden Kuerbis
In a "policy implementation and experience report” presented at ARIN 31 in Barbados, ARIN's staff noted that they are seeing "circumstances" related to the leasing of IPv4 number blocks. At the recent INET in Denver, ARIN's Director John Curran alleged that there is a "correlation" between address leasing activity and organizations that have been unable to complete specified transfers through the ARIN process, which requires needs-based justification.

The issue of leasing — or rather sub-leasing, because ARIN is already leasing the addresses to its members — is yet another symptom of the growing scarcity of IPv4 addresses. Subleasing is interesting, however, as another example of the way RIR's bureaucratic control of transactions between willing sellers and buyers can lead to workarounds that make the Whois directory less accurate.

It's unclear exactly how ARIN is aware of this nominally private activity. Perhaps someone involved is tipping ARIN off, or maybe its staff is observing instances where the ASN information associated with a routed block is changing while the contact information in the ARIN Whois directory remains the same. In either case, a greater degree of transparency about refused transfers and the basis for ARIN's determination would be welcome. On a related note, we sought to shed some light on the emerging transfer market in a paper last year.

What is troubling, for ARIN at least, is that the subleasing of addresses is taking place outside of the RIR address governance regime. It is understandable that ARIN would react to something that might undermine its control over address space. Part of ARIN's power stems from its ability to identify who is allocated or assigned what address block(s) via its Whois Directory Service. Practically, the Whois has also been used to identify the party actually routing an address block, although technically this is a distinct activity over which ARIN claims no control.

From an operational perspective, if the organization actually routing an address block is unable to be contacted this could be detrimental to administrators attempting to resolve networking issues, and to parties seeking to use the Whois for law enforcement or related policy matters. However, at this point it is unclear if lessees are actually unreachable. In fact, one could argue that lessors are in a better position to keep accurate lessee contact records than the address registry — they are invoicing their lessees, we assume! Whether, and under what conditions, they would release contact information is basically unknown at this point.

For now, ARIN does not seem to be too alarmed. It suggests three potential policy solutions:
1. Decide this is not an issue for ARIN to deal with
2. Create new policy requiring that the actual party using the addresses be listed as an operational contact in Whois
3. Create new policy that would prevent leasing of address space without needs based justification.
Again, absent any data on leasing, it is hard to say which way ARIN or its membership might go, although the third option seems increasingly unlikely as ARIN moves closer to IPv4 exhaustion and the RIPE region is contemplating elimination of needs based justification entirely.

It may just turn out that private subleasing transforms the address transfer market. As Addrex's Charles Lee pointed out at INET in Denver, all kinds of parties lease assets (including ARIN leasing addresses to its own customers). It serves a useful business purpose and is not a bad thing per se. The entry of large subleasing companies without any Internet operations, Lee noted, might transform the address market. It could create entirely new ways of allocating addresses and provisioning post allocation services. It might lead to innovative product offerings such as providing means to mitigate the technological obsolescence of IPv4. We just don't know. What we know for sure is that it will create governance dilemmas.
Written by Brenden Kuerbis, Fellow in Internet Security Governance, Citizen Lab, Univ of Toronto
Follow CircleID on Twitter
More under: IP Addressing
Typosquatting Claims Against Security Researcher Are Legally Complicated - Gioconda v. Kenzie

Posted: April 30th, 2013, 4:35am WST by Venkat Balasubramani

Kenzie is a security researcher who has registered numerous domain names that are typographic errors of well-known trademarks (e.g., rnastercard, rncdonalds, nevvscorp, rncafee, macvvorld, rnonster, pcvvorld). He points the domain names to the actual sites in question (e.g., rncdonalds points to mcdonalds.com), but he is looking to demonstrate how these typo domains are used for "social engineering" attacks.

Kenzie did not offer the domain names for sale, did not read the emails intended for the subject organization, and generally kept his whole scheme out of the public eye. Upon demand, he also offered to transfer the domain names to the organizations in question.

Nevertheless he was sued by Gioconda Law Group for registering Giocondolaw.com — with "o" instead of "a" [see: Gioconda Law Group v. Kenzie, 2012 US Dist LEXIS 187801 (S.D.N.Y. Apr. 23, 2013)]. In response to Gioconda's complaint, Kenzie, proceeding pro se, asserted a variety of defenses, including a critique of American privacy law. Gioconda moved for judgment on the pleadings.

The court struggles with the application of the Anticybersquatting Consumer Protection Act (ACPA) factors to this case. On the one hand, this is clearly not a case where the registrant is trying to profit by selling back the domain name. On the other hand, the court says, all non-commercial uses are not necessarily exempt from the ACPA. [Not a particularly speech friendly position.]

Ultimately, the court says that it's not a case that can be resolved on the pleadings:

Defendants's alleged ideological, scholarly, and personal motives for squatting on the [domain name], while perhaps idiosyncratic, do not fall within the sphere of conduct targeted by the ACPA's bad faith requirement, If anything, given that defendant aims to both influence plaintiff's behavior and shape public understanding of what he perceives to be an important vulnerability in cyber security systems, this case arguably falls closer to cases involving parody and consumer complaint sites designated to draw public attention to various social, political, or economic issue.

It's possible plaintiff can prevail, but it would have do to so under a more fact-specific totality of the circumstances inquiry.

This is an interesting case that highlights the problems faced by security researchers generally. While the risk of liability here is less than what security researchers generally face (e.g., liability under the Computer Fraud and Abuse Act), it still shows a judge reluctant to grant the researcher's conduct full protection as a non-commercial, First Amendment-protected venture.
Written by Venkat Balasubramani, Tech-Internet Lawyer at Focal PLLC
Follow CircleID on Twitter
More under: Cybersquatting, Domain Names, Law, Security
Arrest Made in Connection to Spamhaus DDoS Case

Posted: April 30th, 2013, 4:15am WST by CircleID Reporter

According to a press release by the Openbaar Ministerie (the Public Prosecution Office), a dutch man with the initials SK has been arrested in Spain for the DDoS attacks on Spamhaus.

Brian Krebs reports: "A 35-year-old Dutchman thought to be responsible for launching what's been called 'the largest publicly announced online attack in the history of the Internet' was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as 'SK,' was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization."
Follow CircleID on Twitter
More under: Cyberattack, Cybercrime, DDoS, Law, Security, Spam

Veni Markovski - The Blog

Що за човек е всъщност Бойко Борисов? Ето как се определя той самичък.

Posted: April 30th, 2013, 3:48am WST by Veni Markovski | Вени Марковски
Засега се хващам само за казаното от него през месец юли 2009 г., както и от наблюденията на чуждестранни журналисти (Би Би Си).
Може би тогава, преди изборите през 2009 г., не сте знаели що за човек е Бойко, но днес го знаете. И оправданията, че той е “по-малкото зло” вече не минават. Мислете преди 12-и май, защото след това ще е много, много късно.

CircleID

Why Most Discussions for Fibre Optic Infrastructure Take Place from the Wrong Perspective

Posted: April 30th, 2013, 3:44am WST by Paul Budde

Fibre-based infrastructure requires vision and recognition of the fact that many of today's social, economic and sustainability problems can only be solved with the assistance of information and communications technology (ICT). In many situations the capacity, robustness, security and quality necessary for this calls for fibre optic infrastructures. This need will increase dramatically over the next 5 to 10 years as industries and whole sectors (healthcare, energy, media, retail) carry out the process of transforming themselves in order to much better address the challenges ahead.

Most discussions regarding the need for fibre optic infrastructure take place from the wrong perspective — based on how fast people need the internet to be when they download their emails, web information, games and movies. Fibre optic technology has very little to do with this — ultimately all of that 'residential' traffic will account for less than 50% of all the traffic that will eventually flow over fibre optic networks.

The real reason this type of network is needed relates to the social and economic needs of our societies, and there are many clear examples that indicate that we are running out of steam trying to solve some of our fundamental problems in traditional ways.

For instance, at this moment discussions are taking place in every single developed country in the world about the fact that the cost of healthcare is unsustainable. These costs will grow — over the next 20 years — to 40%-50% of total government budgets — clearly impossible. So we face a dilemma. Do we lower the standard of healthcare services, at the same time making them more costly for the end-user?

If we want to maintain our current lifestyle the only solution is to make the healthcare system more effective, efficient and productive. And this can only be done with the help of ICT. To make it more productive, health needs to be brought to the people rather than the other way around, as is the case at present. Similar examples apply to the education system, the energy systems and the management of cities and countries in general. We need to create smart cities, smart businesses and smart countries, with high-speed infrastructure, smart grids, intelligent buildings, etc.

In order to manage our societies and economies better we need to have much better information about what is happening within all of the individual ecosystems, and in particular information about how these different systems interact. Currently they all operate within silos and there is little or no cooperation or coordination between them. ICT can be the bridge to bring them together; to collect data from them and process it in real time. Information can then be fed back to those who are managing the systems, and those who operate within them, such as doctors, teachers, business people, bureaucrats, politicians — and, of course, to you and me.

Some of these data interactions are already happening around smartphones, social media, traffic and crowd control and weather information. This is only the start of what is known as the Internet of Things (IoT) or machine-to-machine communication (M2M).

ICT cannot solve world hunger, but without ICT world hunger cannot be solved, and this applies to all the important social and economic problems that societies around the world are now facing.

None of this can be done overnight; it requires massive transformations of industries and sectors. There is no instant business model available that will supply an immediate return on the investment that is needed to create these smart systems. All of these investments need to be looked at over a period of 10, 20 years and even longer. No private business will take such a business risk. To make it happen government leadership and government policies are needed.

This is also the message from the UN Broadband Commission for Digital Development, and it applies to countries all over the world. More than 120 countries worldwide have now developed broadband policies, recognising that such infrastructure is critical to their development. The challenge now is to put these policies into practice/implement these policies, and at a time when government leadership around the world as at an all-time low.

Ultimately all of these developments will require national fibre optic networks. There simply is no other technology that can handle the capacity of data and applications that will be needed to run the cities and countries from today onwards. This infrastructure needs to be robust. It has to have enormous capacity. It needs to be secure and to be able to protect privacy. There is simply no other infrastructure technology that is up to that job.

So those business and government leaders who are in charge of looking towards the future do have an obligation to ask themselves, based on the above, whether we can afford not to have a fibre optic network.
Written by Paul Budde, Managing Director of Paul Budde Communication
Follow CircleID on Twitter
More under: Access Providers, Broadband, Telecom
Join Uniregistry

Posted: April 30th, 2013, 2:42am WST by Uniregistry

What happens when you take a team of experts, at the top of the naming industry, and unite them behind a single, high-minded purpose? You get the most service-based and holistic approach to registry operations that the industry has ever seen — something we call "Uniregistry."

Software Developers – We are looking for full-stack developers that are comfortable working at any level of web-development and have the initiative to see a project through from start to finish. Our technology is currently built on top of PHP, MySQL, and Javascript but we are looking for anyone who feels at the top of their game developing for web and mobile in any technology. If you fit the bill we will fly you here, interview you confidentially and deliver you a lifetime opportunity to work on things that millions of people a day will use.

Systems Specialist – A successful technology company doesn't exist without a robust and scalable foundation. Do you have what it takes to build infrastructure to handle millions of visitors a day? Then we are looking for you. Candidates should have multiple years experience managing Linux based systems, popular opensource databases, as well as have a sound understanding of networking and the services that operate over them. Being well versed in systems automation, virtualization, and mass hosting are assests as well. Big things lie ahead for the fortunate candidate who chooses the red pill.

Front-end Developers – Someone with a keen sense of aesthetics and human behavior. Can turn sketches and ideas into web reality. The right individual needs to understand the consequences of their choice in code and execution. Not just nice looking pages but the ability to turn designs into a functioning Websites. HTML, CSS, Javascript, will be your primary tools. Our facility in Cayman is world-class and right across from the beach. Swim to work and shower here. Work with people like you and live tax-free.

Marketing People – Help us find the right programmer/developers in your organization and join them here in Cayman as we grow our existing registry operations business. We will need to promote the new namespaces we're charged with operating. We are going to have all kinds of fun doing that, but first we need to finish the critical infrastructure we've started. We need a great team for that and we want you to be a part of it.

Send your resumé today: careers@uniregistry.com
Follow CircleID on Twitter
More under: Domain Names, ICANN, Top-Level Domains

IGP Blog

Can’t sell your IPv4 numbers? Try Leasing them.

Posted: April 29th, 2013, 11:02am WST by Brenden Kuerbis

In a “policy implementation and experience report” presented at ARIN 31 in Barbados, ARIN’s staff noted that they are seeing “circumstances” related to the leasing of IPv4 number blocks. At the recent INET in Denver, ARIN’s Director John Curran alleged that there is a “correlation” between address leasing activity and organizations that have been unable to [...]

Veni Markovski - The Blog

Отговорът е: Не го е срам. Не го е срам!

Posted: April 27th, 2013, 6:16pm WST by Veni Markovski | Вени Марковски
Когато преди броени часове написах набързо статията “Не ви ли е срам, г-н президент?” не очаквах, че ще получим толкова бързо отговор от страна на президента.

Не, не го е срам.

По-точно: НЕ ГО Е СРАМ, че не го е срам!

Вместо човекът* Росен Плевнелиев (Р.П.) да си каже “Добре, 15 месеца съм президент, сложен в кабинета си от Бойко, но е време за разграничаване” и да стане от стола си не като Р.П., а като президент на Република България, той се прави на ни лук ял, ни лук мирисал.
Човекът Плевнелиев, сякаш е на ракийка и салатка при съседите, казал:
ПРЕЗИДЕНТЪТ Плевнелиев трябваше да каже нещо много по-различно, нещо в духа на речите на Ф.Д. Рузвелт или Уинстън Чърчил. Някой около него трябваше да му напише малко на брой, но много силни думи**.

ПРЕЗИДЕНТЪТ Плевнелиев трябваше да надскочи гражданина Р.П. и да поеме отговорността за ДЪРЖАВАТА България, а не да празнослови:
Явно е, че човекът Р.П. все още е подчинен на бившия премиер Борисов. Едва ли ще се изненадаме, ако разберем, че Р.П. звъни сутрин на Б.Б., за да го пита “Шефе, к’во да правя днеска?”

Никой не е искал от ПРЕЗИДЕНТА Плевнелиев да дава оценка на Борисов.

Хората искат и заслужават ПРЕЗИДЕНТЪТ Плевнелиев да бъде ДЪРЖАВЕН, а не лукова ГЛАВА.

Народът иска президентът да бъде Президент, а не гражданин, попаднал случайно в Президентството. Народът, а и Европейският съюз искат и трябва да получат оценка на факта, че бивш премиер, бивш министър и бивш градски прокурор на София обсъждат как да нарушат морала и законите на страната. ТОВА е голямата и важна тема, а не СРС-тата, бръмбарите, микрофоните и това КОЙ е направил записа. Това са все маловажни неща. И те не носят заплаха за страната. Заплахата идва от мръсния, циничен и вулгарен език на човека, който бе четири години премиер, а преди това кмет, а още по-рано и главен секретар на МВР, генерал-лейтенант и доктор на науките.

Все още имам надежда, че около президента или около Р.П. има хора, които могат да му налеят малко акъл в главата.
Ако обаче не видим реакцията на ПРЕЗИДЕНТА Плевнелиев, ще останем с усещането, че и за него има СРС-та, които бившите управляващи държат на сигурно място и затова гражданинът Р.П. не смее да даде път на ПРЕЗИДЕНТА Плевнелиев.

И се чудя дали това не е по-добрата възможност.
Защото другата е Р.П. всъщност да е случайно попаднал на този пост и да не става за тази работа. И тогава вече наистина

само Господ може да опази България.

______
* – … Който, убеден съм, е готин пич, добър съпруг и родител. Б.м. Вени Марковски
** – Няма да се спирам сега на това какви биха могли (могат) да са те; има си хора за тази работа. Пък и читателите дори могат да се сетят за други примери.
Не ви ли е срам, г-н президент?

Posted: April 27th, 2013, 12:34pm WST by Veni Markovski | Вени Марковски
Смята ли президентът Плевнелиев подслушването и циничния език на бившите премиер, градски прокурор и министър на земеделието за национални приоритети?

Ще кажете, че се заяждам, но няма да сте прави.

Росен Плевнелиев сам заяви, при това през януари 2012-а година (sic!), че ще крещи, “ако не се работи по националните приоритети”.

След като не само не крещи, но не го чуваме дори и да шепти, изводът се натрапва сам:
И още нещо ни каза преди повече от година г-н президентът:
Адресирахте ли го, г-н президент?

Не Ви ли е срам, г-н президент?

=====

Единственият нормален коментар по темата за подслушването дойде не от президента, а от директора на Националната следствена служба. И беше отразен само във вестник “Сега”.
Дано вие, които го четете тук, го популяризирате достатъчно нашироко, за да стигне не до хиляди или десетки хиляди, а до стотици хиляди, дори милиони хора. Идва ден разделен – 12-и май.
Бойко Найденов: “Това е Република България, ние сме граждани на Република България, вие, аз, тези, които са се срещали, тези, които са записвали – това сме ние. Не искайте нещо по-различно. Шофьорите, които ни возят в градския транспорт, са същите българи – това сме”, коментира Найденов. На констатацията, че това са хора, които са избрани да ръководят, той каза, че затова има избори и на всеки четири години българският народ може да реши кой иска да ни управлява.”

=====

След пускането на записите, в които се чува как говорят някакви хора (вероятно Бойко, Миро и Николай), след изтеклите преди години в медиите записи, в които Бойко нарежда на Ваньо да не закача Мишо Бирата, след като чухме какво казаха прокурорите на своята пресконференция, че е възможно да се подслушва без контрол и вероятно в противоречие със закона… След като знаем, че част от съдружниците на Бойко бяха разстреляни през годините….
След всичко това не би трябвало да сме изненадани от речника на Борисов.

Но не това е най-важното.

Важното е, че в България хората – ВКЛЮЧИТЕЛНО и бъдещия президент Плевнелиев, когато беше все още министър – се отнасяха и продължават да се отнасят спокойно към презумпцията за виновност, към това, че МВР може би ги следи и подслушва. ТОВА е голямата драма на България. Ако някой (приятели ми цитираха статия на Едвин Сугарев) си мисли, че има по-голямо ЗЛО от милиционерската школа на Бойко, то той/тя явно не само живее на друга планета, не само диша друг въздух, но няма никакво усещане за добро и зло.

Не може да има по-голямо зло
от това едни цял народ да бъде обявен за “мат’рял”.

Не може да има по-голямо зло
от това всички пенсионери вкупом да бъдат обявени за непотребни унищожители на парите на държавата.

Не може да има по-голямо зло
от това в ХХI век страната-членка на Европейския съвет да бъде на последно място по всички показатели на демократичните държави не заради народа си, а заради управниците си.

Не може да има по-голямо зло
от това един днешен политик да е ксенофоб, антисемит, хомофоб и да се смее дебелашки за каквото и да е.

И не ми казвайте, че тези хора не са такива, каквито звучат по записите, защото иначе не биха били приемани от Обама, Камерън и Меркел.
Западните политици не могат и да си представят, че някой министър на вътрешните работи ще е толкова нагъл и такъв гьонсурат, че да подслушва своите съпартийци, това да стане известно и той да продължи да бъде министър. За западната култура това са абсолютно несъвместими дейности. За тях при подслушване се подава оставка (в най-добрия за политика случай) и се води истинско разследване, което може да свърши с осъдителни присъди.

Затова ви моля пак: МИСЛЕТЕ преди да гласувате на 12-и.

А ако ви трябват още мотиви защо е хубаво да се мисли ПРЕДИ да се гласува, прочетете и тази статия в “Дневник”.

CircleID

Wrap-up: ICANN 46 in Beijing

Posted: April 27th, 2013, 12:24am WST by Roland LaPlante
Earlier this April, the largest ICANN meeting ever — more than 2,500 attendees — kicked off in Beijing. Given the imminent addition of hundreds of "dot Brands" to the Internet, the topic of new gTLDs was at the top of the discussion list for all attendees. So far, well over 100 new gTLD applications have passed the Initial Evaluation stage, meaning they're on their way to becoming live domains.

At the meeting, ICANN's Government Advisory Committee (GAC) released its formal advice on new gTLDs. The GAC made a number of points to the ICANN Board including:
- A request to further review a specified list of strings and present advice at ICANN 47
- Six specific contractual safeguards that should be placed on all gTLDs, including WHOIS verification and abuse mitigation
- Contractual safeguards that should be placed on particular categories of TLDs, including consumer protection, sensitive strings, regulated markets and those with restricted registration policies
- Urging the ICANN board to reconsider its decision to allow singular and plural versions of the same strings
GAC advice is becoming the single biggest area of uncertainty for new TLD applicants. It not only appears to adjust requirements approved by the community in the Applicant Guidebook, it also is evolving with each new communique.

One reporter noted, "It looks like at least 517 new gTLD applications [may] be affected by the GAC's advice." I'm sure there will be many more discussions about this topic.

Registrar Accreditation Agreement (RAA) and Registry Agreement

ICANN CEO Fadi Chehade announced newly revised versions of both the 2013 Registrar Accreditation Agreement and Registry Agreement, which are now posted for public comment. ICANN is looking at ways to keep the debate over these contracts from delaying the overall application process.

Trademark Clearinghouse

Earlier, in March, the Trademark Clearinghouse (TMCH) opened. TMCH allows brand owners to submit their trademark data into one centralized database, prior to and during the launch of new gTLDs. Since opening, the pace of sign-ups by both individual mark owners and agents has been rapid, ensuring the long-term success of the TMCH project.

With ICANN 47 in Durban, South Africa coming up in mid-July, many of these subjects will continue to be discussed and, hopefully, resolved in the weeks ahead.
Written by Roland LaPlante, Senior Vice President and CMO at Afilias
Follow CircleID on Twitter
More under: ICANN, Internet Governance, Top-Level Domains
Will LTE Steal the Broadband Revolution?

Posted: April 26th, 2013, 3:12pm WST by Paul Budde

There is no doubt that LTE is going to take a prime position in broadband developments. With competitively priced services, innovative smartphones and an increasing range of very innovative apps this market is set to continue to boom. So how will all this impact the overall broadband market?

First of all, this is not an 'us or them' issue between fixed and mobile broadband. As a matter of fact, the companies that are rolling out LTE are increasingly dependent on deep fibre rollouts as they need to handle massive amounts of data, to which the mobile infrastructure technology is not well-suited. So the quicker they can offload their mobile traffic onto a fixed network the better. As I've said before, one of the key drivers of fibre deployment will be the growth in mobile broadband.

A similar situation will occur in the home. More and more, people are using their mobile devices rather than PCs and laptops; and more people within the home are using more and different mobile devices, so this will significantly increase the need for capacity within the home. The reality of mobile broadband is that 60%-80% of capacity usage of smartphone and tablet use is in the home, and these devices are all connected to the fixed network through the WiFi modem. People are becoming accustomed to the quality of the LTE network, so they will want a similar quality of service over the fixed network; and over the next 3-5 years the current network will start to run out of steam. And, with at least one-third of all fixed broadband connections being of such an inferior quality, these households are already facing these quality problems now.

So, while access to the internet and broadband is moving quickly towards smartphones and tablets as the preferred access devices, at the same time the majority of broadband capacity required through these devices will still need to be provided by the fixed network.

While the capacity of the mobile network is greatly improved by LTE — as well as by the upcoming extra capacity through new spectrum allocation — the physics of mobile technology is such that it will be impossible to handle all the traffic of these mobile devices over the mobile network.

Obviously the mobile operators are not sitting still. They are improving their network infrastructure in order to capture as much of the traffic as possible, and increasingly they are looking at WiFi technologies as another alternative to off-load traffic and/or add extra access points for users in high traffic areas such as shopping centres, entertainment venues, transport stations, etc. But again these WiFi access points need to be connected to the fixed network, and in the case of WiFi access points you virtually need fibre-to-the premise/business to be of any use.

So, while LTE will greatly increase the use of broadband and broadband applications, this will at the same time put increased pressure on the fixed network.

On the end-user side of the fixed broadband market — we don't have the same dynamics as in the mobile market. Few, if any, fixed network devices capture the users' attention in the way the new smartphones do. Also, there is a clear lack of exciting fixed broadband applications. Entertainment is largely captured by content providers who want to protect their existing business models, and applications in healthcare, education, energy, etc are going to take a long time to reach maturity and mass market penetration levels. So all attention is clearly on mobile and this is creating a skewed perspective on what is needed overall to ensure that these mobile developments can be used to their full potential.

The developments in mobile and LTE will generally stimulate the need for better fixed networks, but at the same time there will be a significant group of users who — at this point in time — do not have high capacity requirements, and for whom a $30 or $40 monthly mobile connection will cater for all their comms needs. This group will actually lead to stagnation, and even a decline, in fixed broadband connections. We already see this happening in the Hong Kong market. The situation will only be exacerbated if LTE becomes available in areas that have very poor fixed broadband coverage. BuddeComm estimates that up to 25% of users could simply abandon their unsatisfactory fixed broadband connection in favour of LTE. Most will eventually re-connect in 3-5 years' time, but only when important applications are becoming available over the fixed network.

These short-term developments could be interpreted by some who don't have a good understanding of the total picture as an indication that fixed broadband is not needed, and this could potentially undermine the build-out of the fixed broadband networks that are so desperately needed for the longer-term social and economic developments in the country.

If we look at the very latest smartphone devices (e.g. GalaxyS4) we see an increase in what is called machine-to-machine (M2M) or Internet of Things (IoT) applications, often linked to location-based services (LBS). What happens behind the scenes of these applications is that they gather data often from a variety of sources and process that information in real time, giving users interesting services in relation to healthcare, sport achievement, calorie intake, weather transport and traffic information and so on.

It is these M2M and IoT applications that are finally going to stimulate the sort of killer apps that are needed to drag some of the lagging sectors into the digital age — such as healthcare, education, utilities, government and business, who are at present trying to limit the impact of the digital economy, rather than embracing it. This, in turn, will start stimulating the sort of applications that require the capacity, robustness and security that can only be delivered by fibre optic networks.

All of this will come together in 5 to 10 years' time when the requirements from the mobile-based developments, the rapid growth of M2M applications, and the somewhat slower growth from the requirements following the industry and sector transformations, combined, make the need for a fibre-based infrastructure essential for the economic development and social wellbeing of any developed economy.

What is required from business leaders and politicians is that they recognise this need and start planning for it from the earliest possible opportunity. Doing this on the run is not the ideal way to make infrastructure investments that will have to last for 25-50 years.
Written by Paul Budde, Managing Director of Paul Budde Communication
Follow CircleID on Twitter
More under: Access Providers, Broadband, Mobile, Telecom, Wireless

Regulation Watch Feed

Internet filtering trends in liberal democracies: French and German regulatory debates

Posted: April 26th, 2013, 6:00am WST by Joss Wright
Note: A first version of this article was previously published at the FOCI'12 conference.
Abstract
Liberal democracies are increasingly considering internet filtering as a means to assert state control over online information exchanges. A variety of filtering techniques have been implemented in Western states to prevent access to certain content deemed harmful. This development poses a series of democratic and ethical questions, particularly when states introduce regulation mandating ISPs to block online content. In this work we examine the debates surrounding state-mandated filtering that have played out in two key European states from 2009 to 2011, France and Germany, focusing on the arguments used by opponents and proponents of internet blocking. We use these to explain and analyse the outcomes of both cases and, more broadly, the various challenges posed by internet blocking to democracy.
1. Introduction
Research into internet filtering and censorship has typically focused on authoritarian regimes [4, 10, 12, 1]. However Western states, with a long-term commitment to fundamental rights, including freedom of expression, are increasingly debating and implementing internet filtering. Filtering is a new policy tool for liberal democracies, and is increasingly becoming a global norm for asserting state sovereignty online [9, 22, 32].

The issue is more nuanced than whether or not the internet can and should be regulated. For liberal democracies, it is a question of finding the right balance between sometimes diverging principles, such as ensuring security and public safety without restricting other democratic principles such as freedom of expression and privacy. In many Western societies, internet regulation is becoming an increasingly politicized issue. Contrary to authoritarian regimes, liberal democracies are subject both to the rule of law, and to democratic principles and norms including public debate. These principles are increasingly invoked and debated when states or corporations attempt to alter the flow of information through the internet. As a result, issues such as child abuse images, copyright, and network neutrality have become central to decision-makers, industry lobbyists, and contending social groups, many of whom resort extensively to digital communications to mobilize supporters [3, 20, 26].

Internet filtering takes the shape of self-, co- or state-regulatory arrangements. Finland, Sweden, Norway, Denmark, the UK, Italy, the US, Canada and New Zealand have all established self- or co-regulatory blocking systems to prevent access to child abuse content. Australia has one of the most severe internet policies and practices of Western states [12]. However, a mandatory internet filtering policy has met opposition and been delayed repeatedly. Regulatory attempts at introducing internet filtering of child abuse images legislation in France, Germany and at the European Union level have equally encountered strong opposition that resulted in the revocation and abandonment of the measure in Germany and the EU, not in France.

Such state regulation offers a privileged moment of analysis to comprehend the framing of internet filtering in democracies. We assess internet filtering in terms of democratic principles such as accountability, legitimacy and transparency. We then provide an original analysis of the debates surrounding the internet filtering measures in France and Germany contemplated between 2009 and 2011. We argue that internet filtering is increasingly contested, often successfully, when states choose legislative reform that allows for a variety of stakeholders to intervene in the policy-process. Self-regulatory mechanisms, which exist in most liberal countries, however, largely evade public oversight and are thus questionable from a viewpoint of democratic principles.
1. 2. Democratic principles and internet filtering
Filtering, or censorship, represents one of the more far-reaching and politically sensitive interactions between nation states and the internet. The assertion of state control over the internet is increasingly being shaped by technological solutions to political issues, as in Lessig’s concept of ‘code as law’ [19]; by indirect enforcement through intermediaries; and by a tendency towards self-regulation over legislation [22]. The internet poses new challenges to regulation that have led to serious failures of traditional approaches as states attempted to legislate an unfamiliar and global medium [6]. It is thus not surprising that various forms of self-regulation have proven more successful than state-based approaches, especially when dealing with illegal content [17].

While the nature of filtering is undoubtedly driven by practical concerns such as cost, the scale of blocking, the expectations with respect to ease of bypass, and the available technology may also affect the choice of a given filtering approach. Murdoch and Anderson categorize filtering into four types with varying degrees of flexibility and resource requirements: DNS poisoning, IP header filtering, deep packet inspection, and hybrid approaches (see [24]). In practice, many filtering regimes employ a combination of the above approaches, forming a hybrid filter [10, 12], as used for instance by British Telecom’s Cleanfeed system.

In the European context DNS filtering based on the CIRCAMP [22] blocklist, which makes use of DNS filtering, is becoming the de facto standard, despite the ease by which it can be bypassed. This arguably represents the desire for states to filter quickly and cheaply, without concerns regarding those who may bypass the filter. As we discuss later, this is tacitly acknowledged in the shift in political dialogue from the removal of harmful content, to the prevention of accidental access by innocents.

End-user filtering is not included in this analysis. In the US and Europe, ISPs have traditionally been exempted from liability for the content carried if unaware of potential infringements and if they comply with notifications of take-down. The importance of this principle has been repeatedly underlined by a number of advocacy groups and international organisations [27, 25]. Internet filtering and blocking fundamentally contravenes with this principle by deputising ISPs to effectively intervene in the content carried [5]. By relying on intermediaries to block illegal or undesirable content the administrative and technical burden of filtering, as well as any political backlash, on government can be reduced, whilst providing a new form of crime prevention [22]. This clearly raises serious issues of accountability, due to the lack of public or governmental oversight in the implementation of such methods of control.

Arguably the most important concern is transparency of filtering, yet considerations such as overblocking, accountability and oversight are also causes of concern. It is not typically considered acceptable for a filtering agency to publish a list of filtered domains. This is largely due to such lists including direct links to illegal content, and therefore providing an unacceptably valuable resource for those who seek to access such content. How the transparency of such blocklists could be resolved, from a combination of technical and political means, is an interesting open question.

In blocking content the information provided to the user is also a key question. This aspect of filtering can be achieved through silence, error or notification. Silent blocking, as seen in China, provides no overt notification to a user that their connection has been filtered. As reported by Clayton [7], triggering a filter results in a TCP reset packet being sent to both parties in the connection, although it has been noted that DNS filtering is also widespread [31]. Error-based blocking presents the user with some form of error when filtered material is encountered. For web access, which makes up the majority of userfocused filtering, HTTP error codes are used by some filtering regimes. These are commonly either a 404 (‘file not found’) or 403 (‘access denied’) code, although Microsoft parental controls provide a nonstandard 450 (‘Blocked by Windows Parental Controls’) error message for their own host-based filter. Arguably a 503 (‘service unavailable’) error would be more meaningful. This approach allows a user some notification that their request has failed but may not provide them with a meaningful way to distinguish between filtered content and simple network errors. Notification of blocking, as seen in many European filters based on the CIRCAMP list, redirect users to a notification page that informs the user that the content is filtered, and may provide a means through which the user can gain further information or challenge a block. This approach, of those examined here, clearly provides the greatest transparency to the user, although the provision of a technical error code for automatic processing would be desirable at the network level. To discuss these issues on a concrete basis, the next section focuses on the main debates surrounding the attempt to introduce state-mandated internet blocking in France and in Germany.
3. Internet blocking debates in France and Germany
France and Germany are liberal democracies with a long-standing commitment to freedom of expression and privacy. However, as in many European countries, freedom of expression is not unlimited but balanced against other principles such as the safeguard of public order or the protection of individuals. Compared with US first amendment protections, the protection of free speech in these states is noticeably weaker. In particularly, hate speech regarding race, religion or sexual orientation, as well as denial of the Holocaust and, in France, the Armenian genocide is prohibited. The protection of minors is also a concern for both countries. German and French courts have continually enforced these limitations on freedom of expression, leading to a certain number of internet access restrictions.

Both countries have contemplated state-mandated measures to block child abuse images (for an extended analysis of both debates, see [2]). The German government first contemplated a selfregulatory filtering system of child abuse images in early 2009. Despite resistance from the internet industry, concerned about their liability and the constitutionality of such a measure, an agreement was signed between the government and five leading ISPs to block online child abuse images on April 22, 2009. The agreement met widespread resistance from ISPs and the left-wing social-democrat coalition partner, who were concerned about the lack of a legislative basis, as well as experts and citizens, who claimed that the law was a threat to freedom of expression and democracy. An online petition ‘no monitoring and blocking of internet pages’ (‘Keine Indizierung und Sperrung von Internetseiten’ ) reached 50,000 signatures in only four days and became Germany’s most successful online petition up to that date, with 134,015 signatures in total. To overcome these criticisms, a legislative proposal was prepared to extend the blocking system to all ISPs and was adopted, as the Access Impediment Act (Zugansgserschwerungsgesetz, or ZugErschwG) on June 18, 2009.

Nonetheless, Internet filtering became an electoral issue, most notably for the liberal party that replaced the social-democrats in the ruling coalition with the conservative ruling party in 2009. The liberals promised to revoke internet blocking, and eventually enacted this through the adoption of a separate law in December 2011. Although the internet blocking law has been formally adopted, it has never been applied. The government prefers the removal of child abuse material at its source over blocking, a point that has been successfully argued by actors rejecting blocking measures.

On the contrary, in France, opposition to the law on guidelines and programming for the performance of internal security, commonly referred to as LOPPSI 2, was not successful; the national assembly allowed blocking of access to sites with ‘obvious’ child pornography, without a court order, in early 2011. This law adds to a growing number of security measures adopted in France since the terrorist attacks of September 2001 that have continually extended the powers of police forces, the amount of surveillance and the strengthening of criminal sanctions. France had previously signed an agreement to block access to child abuse images, racial violence or terrorism in 2008 [11], however concrete internet filtering measures were first discussed in May 2009 when the government introduced them as one part of a wide-ranging law concerned with security and criminality in general. Among the multiplicity of issues raised by the law, internet filtering was not the most controversial. There was widespread critique of criminal sanctions, notably the establishment of a complementary punishment for foreign criminals or the forced evacuation of illegal settlements [18]. In February 2011, a record number of thirteen articles of the bill were ruled unconstitutional [8]. However, the provisions regarding internet filtering were ruled proportionate in terms of balancing public order and freedom of communication. Although the socialist party declared in his presidential program to revoke the LOPPSI 2 bill, it is highly uncertain if this constitutes a priority for the newly elected French president [16].
3.1 Methods
The analysis focuses on the debates surrounding the two legislative proposals requiring ISPs to filter online child abuse images in France (Loppsi 2 ) and Germany (ZugErschwG). Using Lexis/Nexis, all articles referring to internet filtering measures in the French and German quality press were searched from August 2008 to December 2011. In total, 76 articles from the French quality newspapers Le Monde, Libération and Le Figaro and 270 from the German quality newspapers Tageszeitung, Frankfurter Rundschau, Süddeutsche Zeitung, Frankfurter Allgemeine Zeitung and Die Welt were relevant. The corpus thus holds articles from left, center as well as right-wing news sources [14, 13]. While it must be acknowledged that much public debate takes place on online platforms such as mailing lists or social media sites, the focus of analysis is limited to quality newspapers that are the main source of information for political decision-makers, hence of greater influence to policy-making [21]. Even in today’s highly diverse media environment, the mass media remain important sources for political information [15]. Both the French and the German corpus were coded for statements for or against internet filtering measures. In total, thirteen frames were identified for the French articles, sixteen for Germany.

Following collective action theory, frames are ‘organizing ideas’ that are used to simplify and socially construct a given problem and propose solutions and means for achieving these [30, 29]. A frame is an "interpretative schemata that simplifies and condenses the ’world out there’ by selectively punctuating and encoding objects, situations, events, experiences, and sequences of actions within one’s present or past environment" ([28] p. 137). Frames manifest as demands, proposals, critiques or actions that are not necessarily consciously perceived as belonging to a broader interpretive schemata by the actors expressing them. The following section presents preliminary findings from this study. Compared to Germany, there was far less debate about internet filtering in France, especially when considering only the print edition of newspapers. Online editions of these publications have been included in the analysis, despite a risk of bias towards the opponents of internet filtering.
3.2 Findings
In France, the governing right-wing party was the main proponent of internet blocking measures and found support from the telecommunications industry. Opposition principally stemmed from civil society actors and, to a lesser extent, journalists, the opposition and representatives of the internet industry. In Germany, the main driver of the measures was the conservative Christian-Democrat Party, supported by EU institutions, the police and child protection groups. Digital rights groups were strongly opposed to the measure, and highly vocal about it. They were echoed by all opposition parties, including the liberal party, journalists and parts of the internet industry. References to the need to fight child abuse were made in both cases, by proponents and opponents of the blocking measures and have not been included in the analysis.

The main arguments in both cases referred to principled as well as practical arguments [22]. From the practical side, actors debated whether or not internet blocking is an effective solution for dealing with online child abuse images. Most other arguments related to democratic principles such as the constitutionality and legality of the measure, as well as questions of transparency, public oversight, due process, liability, the subsidiarity principle and striking the appropriate balance between different fundamental human rights.
France
In France, the debate focused on two main arguments: effectiveness and constitutionality or legality of internet blocking. The opponents of internet filtering dominated ten out of thirteen categories, using a wide variety of frames during the debate. They made a total of 168 statements, compared to 92 statements in favour of internet blocking. The opponents’ master frame was that internet filtering was not effective to deal with child abuse images. To a lesser extent, they argued that DNS blocking would threaten freedom of expression and generate collateral damage, as well as being unconstitutional. Here, they insisted on the need for prior judicial review, a claim that had dominated the earlier HADOPI debates [3]. Also, opponents repeatedly criticized the proponents of the debates by stating that the government was pursuing a hidden agenda in attempting to introduce a censorship infrastructure and that the Sarkozy government was not to be trusted in any case. They also claimed that blocking would harm civil liberties, especially freedom of expression, and that the blocking would be detrimental to the open architecture of the internet and to net neutrality. Their critique was thus based on a diversity of frames, dominated by practical arguments, with the addition of principled ones.

In contrast, proponents of internet filtering were less visible in general, with fewer claims compared to the opponents of internet filtering. Their arguments referred to three main frames. They clearly dominated the arguments concerning constitutionality and legality, claiming that internet filtering was both legal and constitutional. This was eventually confirmed by the review of the French Constitutional Council, that had been seized by the opposing socialist party, stating that internet blocking of child abuse images was proportionate even without prior judicial review. Proponents also dominated the frame that internet blocking would protect internet users and prevent crime. They argued that blocking was effective, but received far less visibility than their opponents on this matter. Overall, proponents used a narrow set of frames but dominated the debate on the main principled argument regarding the constitutionality and legality of internet blocking. They hardly engaged at all in discussions concerning the practical side of internet blocking, which was dominated by opponents.
German
In Germany, opponents to filtering successfully occupied both principled and practical arguments, while proponents attempted to emotionalize the debate and opposed one another on the best type of regulation to introduce internet blocking. The debate was dominated by the opponents to internet filtering measures with 814 statements against compared to 678 statements in favour of internet blocking. Compared to the limited number of statements in France, the German debate was far more politicized, with both sides engaging intensively and most categories being heavily disputed. Opponents argued that internet blocking of child abuse images was not effective, especially through DNS filtering as this could be easily circumvented, and that most exchanges took place through peer-to-peer networks. They also argued that removing the material at the source would be a far more efficient way of dealing with the problem, providing proof that most child abuse material was actually hosted in countries where such content was illegal and police cooperation possible, such as the US or the Netherlands. This would allow for efficient removal through directly contacting the providers. Opponents also claimed that the proposed measures would lead to a censorship infrastructure detrimental to freedom of speech. All three frames were highly complementary and integrated, and proposed a clear alternative that was referred to by an increasing number of actors.

Proponents argued that internet blocking was an adequate and necessary measure to deal with child abuse images on the internet. This concept includes the repeated attempts by conservative politicians to emotionalize the debate, as manifested by the very controversial projection of child abuse images at a press conference introducing the blocking measures [23]. Leading conservative politicians put forward the argument that all opponents to internet blocking were in fact consumers of child abuse material, but were increasingly criticized for doing so, mainly because the opponents kept pushing for the alternative of takedown over blocking, which established itself as a new master frame of the debate. Proponents rapidly had to recognize that circumvention of blocks was possible and that blocking would simply ‘hinder’ access to such material, and not remove it from the internet. This was reflected in the final name given to the law: ‘access impediment’. Proponents also lost on the grounds of the type of regulation that was necessary. The minister for families, supported by the police, initially advocated a ‘voluntary’ agreement with ISPs that was signed with five major German ISPs on April 22, 2009. However, a self-regulatory regime was contested by all but the christian-democrats and the police, including actors that were not against internet blocking per se. These objections focused mainly on ISP concerns over liability, and socialist democrats arguments that legislation was the correct approach.
4. Conclusions
In this paper, we have examined the political debate surrounding key European states’ attempts to control online information flows. While many countries choose self- or co-regulatory mechanisms to block internet content, others such as France, Germany, Australia and the EU, have attempted to introduce internet blocking through legislation. State regulation is time intensive and has proven insufficient in effectively regulating global internet traffic. Its main advantage, however, is the opportunity for citizens to debate and question aspects of filtering, in terms of democratic principles such as freedom of expression and the rule of law, and in terms of its effectiveness.

The case of Germany demonstrates that internet blocking is not only a highly politicized issue but can also be successfully countered through democratic debate. This is not always the case, as illustrated in France, where internet blocking of child abuse images is legislated and has received the approval of the Constitutional Council. It is also notable that the question of technical efficacy for filtering was avoided entirely by proponents of filtering in France, while in Germany proponents engaged with this frame but were unable to justify the argument and so forced to backtrack in their claims. Despite this, the technical means of filtering never entered the debate, nor was the choice of DNS filtering as a means to achieve blocking ever questioned.

Clearly, both cases would gain from being contrasted with debates (or the absence thereof) in countries opting for self- or co-regulative measures. Self-regulation and regulation through code have several advantages in dealing with internet issues. Code can more directly and preemptively control human behaviour and allows states to avoid spending administrative and technical resources on doing so, whilst simultaneously avoid a great part of the political fallout from being seen to regulate free speech.

Most worrying, however, is that by displacing the executive choice to filter internet connections from the government to the private sphere, relying on market forces to regulate the type and nature of filtering, serious questions are raised regarding the democratic accountability, legitimacy, and potential for abuse of such an approach. Organized civil society is the most vocal actor in defending civil liberties in the digital realm but are effectively avoided when states deputise ISPs to regulate the internet without a clear legal framework. All stakeholders need to be reminded of the necessity to safeguard democratic principles and rights. If market players are increasingly in charge of surveillance and filtering online traffic, the need for an independent control mechanism of these systems becomes ever more urgent.
References
- [1] Boas, B. (2006). Weaving the authoritarian web: The control of internet use in non-democratic regimes. In J. Zysman & A. Newman (Eds.), How revolutionary was the digital revolution? National responses, market transitions, and global technology (pp. 361-378). Stanford University Press.
- [2] Breindl, Y. (2012). Discourse networks on statemandated access blocking in France and Germany. Paper presented at the 7th GigaNet Symposium, November 5, Baku, Azerbadjian, November 5 2012. Retrieved from [api.ning.com] BCSNea6XOKiwMm0EnUHMyIxk4XOG368wPQkDYWVd28yZPLmoZQ4pbugPpRtuoEpsAn6DKamKW/Breindl_Discourse_networks.pdf.
- [3] Breindl, Y., & Briatte, F. (2010). Digital network repertoires and the contentious politics of digital copyright in France and the European Union. Paper presented at the "Internet, Politics, Policy: An Impact Assessment" Conference, September 16-17, Oxford Internet Institute, UK, September 16-17 2010.
- [4] Brown, I. (2008). Internet filtering - be careful what you ask for. In S.Kirca & L.Hanson (Eds.), Freedom and prejudice: Approaches to
- media and culture (pp. 74-91). Istanbul: Bahcesehir University Press.
- [5] Brown, I. (2010). Internet self-regulation and fundamental rights. Index on Censorship, 1, 98-106.
- [6] Brown, I., & Marsden, C. (2013). Regulating code: Good governance and better regulation in the information age. The MIT Press, MA. Castells, M. (2001). The internet galaxy: Reflections on the internet, business, and society. Oxford University Press.
- [7] Clayton, R., Murdoch, S. J., & Watson, R. N. M. (2006). Ignoring the great firewall of china. In G. D. &. P. Golle (Ed.), Privacy enhancing
- technologies workshop (PET 2006), LNCS. Springer-Verlag.
- [8] Constitutionnel, C. (2011). Loi d’orientation et de programmation pour la performance de la sécurité intérieure [loppsi 2] : décision numéro 2011-625 dc. [www.conseil-constitutionnel] . fr/conseil-constitutionnel/francais/ actualites/2011/seance-du-10-mars-2011-[loppsi-2].94818.html, 10 March 2011.
- [9] Deibert, R. J., & Rohozinski, R. (2010). Beyond denial: Introducing next generation information access controls. In Information Revolution
- and Global Politics: Access controlled: The shaping of power, rights, and rule in cyberspace. The MIT Press, MA.
- [10] Deibert, R. J., Palfrey, J. G., Rohozinski, R., & Zittrain, J. (2008). Information Revolution and Global Politics: Access denied: The practice
- and policy of global internet filtering. The MIT Press, MA.
- [11] Deibert, R. J., Palfrey, J. G., Rohozinski, R., & Zittrain, J. (2010a). Information Revolution and Global Politics: Access contested: Security,
- identity, and resistance in asian cyberspace. The MIT Press, MA.
- [12] Deibert, R. J., Palfrey, J. G., Rohozinski, R., & Zittrain, J. (2010b). Information Revolution and Global Politics: Access controlled: The
- shaping of power, rights, and rule in cyberspace. The MIT Press, MA.
- [13] Eilders, E. (2000). Media as political actors? Issue focusing and selective emphasis in the german quality press. German Politics, 9(1),
- 181-206.
- [14] Heinderyckx, F. (1998). L'europe des médias. Bruxelles: Editions de Université de Bruxelles.
- Held, D., McGrew, A., Goldblatt, D., & Perration, J. (1999). Global transformations: Politics, economics and culture. California: Stanford
- University Press.
- [15] Hindman, M. (2008). The myth of digital democracy. Princeton University Press.
- [16] Karayan, R. (2012). Les chantiers numériques qui attendent françois hollande. L'Express.
- [17] Kleinsteuber, H. J. (2004). The internet between regulation and governance. In OSCE (Ed.), The media freedom internet cookbook (pp. 61-75). Vienna: OSCE Representative on Freedom of the Media.
- [18] Le Monde (2010). Loppsi 2 : Le retour de la double peine. Le Monde.
- [19] Lessig, L. (1999). Code: And other laws of cyberspace. Cambridge, MA: Basic Books.
- [20] Löblich, M., & Wendelin, M. (2012). ICT policy activism on a national level: Ideas, resources and strategies of german civil society in
- governance processes. New Media & Society, 14(3).
- [21] McCombs, M., & Shaw, D. (2010). The agenda-setting function of mass media. Public Opinion Quarterly, 36(2), 176-187.
- [22] McIntyre, M. (2012). Child abuse images and cleanfeeds: Assessing internet blocking systems. In Research handbook on governance of the
- internet. Cheltenham: Edward Elgar.
- [23] Meister, A. (2011). Zugangserschwerungsgesetz: Eine Policy-Analyse zum Access-Blocking in Deutschland. Master’s thesis, Humboldt Universität zu Berlin.
- [24] Murdoch, S. J., & Anderson, R. (2008). Tools and technology of internet filtering. In R. J. Deibert, J. G. Palfrey, R. Rohozinski, & J.
- [25] OECD. (2011). Communiqué on principles for internet policy-making. Retrieved from [www.oecd.org]
- [26] Postigo, H. (2010). Information communication technologies and framing for backfire in the digital rights movement: The case of dmitry
- skylarov's advanced e-book processor. Social Science Computer Review, 28, 232-350.
- [27] Rue, F. L. (2011). Report of the special rapporteur on the promotion and protection of the right to freedom of opinion and expression.
- [28] Snow, D. A., & Benford, R. D. (1992). Master frames and cycles of protest. In Frontiers in social movement theory (pp. 133-155). Yale
- University Press.
- [29] Snow, D. A., Rochford, E. B., Worden, S. K., & Benford, R. D. (1986). Frame alignment processes, micromobilization, and movement
- participation. American Sociological Review, 51(4), 464-481.
- [30] de Donk, W. B. J. V., Loader, B. D., Nixon, P. G., & Rucht, D. (2004). Cyberprotest: New media, citizens, and social movements. London:
- Routledge.
- [31] Wright, J., de Souza, T., & Brown, I. (2011). Fine-Grained censorship mapping -- information sources, legality and ethics. In Proceedings of
- freedom of communications on the internet workshop.
- [32]
- Zittrain, J., & Palfrey, J. G. (2008). Internet filtering: The politics and mechanisms of control. In R. J. Deibert & R. Rohozinski (Eds.), Information Revolution and Global Politics: Access denied: The practice and policy of global internet filtering (pp. 29-56). The MIT Press, MA.

CircleID

Different Focus on Spam Needed

Posted: April 26th, 2013, 2:26am WST by Martijn Grooten

It is surprisingly difficult to get accurate figures for the amount of spam that is sent globally, yet everyone agrees that the global volume of spam has come down a lot since its peak in late 2008. At the same time, despite some recent small decreases, the catch rates of spam filters remain generally high.

Spam still accounts for a significant majority of all the emails that are sent. A world in which email can be used without spam filters is a distant utopia. Yet, the decline of spam volumes and the continuing success (recent glitches aside) of filters have two important consequences.

The first is that we don't have to fix email. There is a commonly held belief that the existence of spam demonstrates that email (which was initially designed for a much smaller Internet) is somehow 'broken' and that its needs to be replaced by something that is more robust against spam.

Setting aside the Sisyphean task of replacing a tool that is used by billions, proposals for a new form of email tend either to put the bar for sending messages so high as to prevent many legitimate senders from sending them, or break significant properties of email (usually the ability to send messages to someone one hasn't had prior contact with).

Still, if spam volumes had continued to grow, we would have had little choice but to introduce a sub-optimal replacement. The decline in spam volumes means we don't have to settle for such a compromise.

Secondly, current levels of spam mean there is little threat of a constant flow of spam causing mail servers to fall over.

At the same time, one would be hard-pressed to find a user whose email is not filtered somewhere — whether by their employer, their provider, or their mail client.

Thus, looking at the spam that is sent isn't particularly interesting as it provides us with little insight into the actual problem. What matters is that small minority of emails that do make it to the user — whether because their spam filter missed it, or because they found it in quarantine and assumed it had been blocked by mistake.

Equally important is the question of which legitimate emails are blocked, and why — and what can be done to prevent this from happening again in the future.

It is tempting to look at all the spam received by a spam trap, or by a mail server, and draw conclusions from that. They certainly help paint a picture, but in the end they say as much about what users see as the number of shots on target in a football match says about the final result.

Despite the doom predicted by some a decade ago, email is still with us — and we have won a number of important battles against spam. But if we want to win the war, we need to shift our focus.
Written by Martijn Grooten, Email, web security tester
Follow CircleID on Twitter
More under: Email, Spam
Breaking Down Silos Doesn't Come Easy

Posted: April 25th, 2013, 1:51am WST by Wout de Natris

"We need to break down silos", is a phrase often heard in national and international meetings around cyber security and enforcing cyber crime. So it is no coincidence that at the upcoming NLIGF (Netherlands Internet Governance Forum), the IGF, but also an EU driven event like ICT 2013 have "Breaking down silos" and "Building bridges" on the agenda. But what does it mean? And how to do so?

The internet and borders

People often refer to the internet as borderless and that there is a need to cooperate cross border between police agencies and other agencies regulating or enforcing the internet. This falls under the category "This needs a global solution" or the "this is cross border, we can not do anything!" type of comments.

Breaking down silos goes way beyond this. It is a national, organisational as well as international problem. Specific organisations work within their own remit and have, in some cases extreme, difficulty to reach out to other organisations. Others are not aware of each others capabilities. This discussion is about mental borders as well as legal, organisational and state ones.

The worst example

Usually the police is pointed to as a hard partner to work with. "We never hear anything back" or "We never receive information from them" are often heard comments. It is my impression that police organisations (and prosecutors) could have more understanding of what the capabilities of other enforcement agencies are, in order to coordinate actions in a better way. (What happens when two or three different organisations investigate the same botnet at the same time?!)

Law enforcement is more than enforcing the law from a penal code objective. Other agencies may be better equipped to solve a specific cyber crime than police on the basis of enforcing their "own" law. A "serious" crime could be dealt with through e.g. a Consumer Protection Act also. Or together there is a higher chance at success. These are important lessons. Break down your silos!

Cyber security

Cyber security organisations like Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Services (Csirt) secure and monitor governmental and industry ICT systems, alert and respond to breaches, e.g. like ddos attacks or hacks. They have a lot of information and evidence that could actually assist enforcement agencies in doing their work. At the same time they can act on certain breaches in ways that law enforcement never could.

Cooperation between the two is not something which comes easily. For dozens of reasons. Hence the need to break down silos and create understanding.

Industry

And what about industry? What is the information it has on cyber crimes? If industry does not see the incentive to report all, let's say relevant, breaches to the proper authority, enforcement and security will never get the priority it deserves. Hence another reason to break down silos.

Who needs to act?

In the report of De Natris Consult (click here to view) called "National cyber crime and online threats reporting centres. A study into national and international cooperation." it is clearly shown that for an individual organisation it is nearly impossible to break a silo down. Simply because it's to difficult and not a part of the organisations primary task. So despite the fact that it is in the direct interest of a single organisation to be able to cooperate, it is nearly impossible to break through on your own when no one hears you knocking. It is important however to report your impossibilities to those who can make a difference. How will people who can actually make a difference ever know otherwise? Start breaking down your own silo in the right places.

So who needs to act then?

There are a few options. (My apologies for non-EU readers. I'm a bit EU-centric here, but please allow your imagination to run to your corner of the world and the options it provides.)

1. National government
This would help at national level. E.g. in a national strategy on cyber security a national coordinating body is foreseen and instituted by the national government. E.g. The Netherlands created the National Cyber Security Centre. It is very interesting to see the developments going on. Embedded officers from different agencies, industry and vital infrastructure work part time within the centre.

Some questions could be asked that can make a difference over time. How does the centre change knowledge and perceptions with time? Does it make a solid inventory of skills, complementary powers and different possibilities that different laws supply to fight cyber crimes? Does it take a closer look at whether present laws supply the needed powers to fight the different forms of cyber crime?

2. International bodies
ENISA currently plays a role in bringing CERTs and police agencies together. Could it play that role in a broader sense? So for other LEAs and police and CERTS?

EC3 could open itself to more enforcement entities, e.g. by providing common trainings, coordinate cyber actions, etc. It does not so at present, but it would be a good thing if EC3 looked into this option in the very near future. Who invites them to break down their silo?

Fill in your option here .....

3. International projects
What will a project like ACDC (Advanced Cyber Defense Centre) do to international cooperation? In this case it is about fighting botnets. From disinfecting end users computers to gathering, analysing and sharing data on botnets, botnet traffic and command and control servers in and through the central clearing house. What will aggregated data do in the fight against cyber crime and more so, what will it do for cooperation and understanding between different entities both public and private?

Conclusion

Why are all these questions so relevant? Because my bet is that all these agencies, from the military to secret services and from police to consumer fraud, spam and privacy agencies are all looking for the same people who make the internet not a very safe place to do business and pleasure today. There is, well there should be, a strong need to cooperate and coordinate.

Breaking down silos will not come easy. For many a reason. Still, if people responsible for this task are to make serious business with it, it is important to start asking the right questions. Let's do so at NLIGF this June, in Bali in October (I will do so here as moderator) and Vilnius in November and in all places where you think it is possible and necessary to do so. I'm always happy to discuss further or help out creating strategies or programs. The time seems right.
Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement
Follow CircleID on Twitter
More under: Cybercrime, DDoS, Internet Governance, Law, Malware, Policy & Regulation, Spam

Matthias C. Kettemann's International Law and the Internet

A Revolution for Small Print: Using Human Rights to Modernize Terms of Service of Internet Companies

Posted: April 24th, 2013, 8:26pm WST by Matthias C. Kettemann
No service? I'm exploring how to improve terms of service of Internet companies [Former passport control point at the Buchs, Switzerland, railway station](c) Kettemann, 2013
I'm in Paris next week for the first Internet&Jurisdiction Observatory meeting. The workshop is devoted to the question "What is the Geography of Cyberspace?" and we'll assess cross-border Internet, national jurisdictions and the quest for appropriate frameworks.

At the workshop I'll present some ideas related to private and public spaces online and the international legal limits to terms of service.

My ideas - with the overall title "New Terms for Terms of Service. A Human Rights-Based Approach to Solving Jurisdictional Conflicts in Social Networks" - will develop on research I have conducted for a book on freedom of expression online for the Council of Europe.

I'll share some of what I'll present in this blog entry and look forward to discussions at the workshop and to comments from readers.

Background

In 2012, the tension between national laws, grounded in human rights, and terms of service of Internet companies resulted in a number of cases that evidence a worrying phenomenon. Among the cases I&J covered were the following three:
- In Brazil, in May 2012, Facebook posts of women showing their breast in a protest again sexual violence in the “March of Women” were removed.
- In the US, Twitter first refused to hand over the message history of a user involved in the Occupy Wall Street protests, arguing that their users, not they themselves, owned the tweets, but later changed course.
- On 24 January 2013, a French court ruled that Twitter had to identify authors of anti-Semitic messages “within the framework of its French site”. The ruling had come after France’s Union of Jewish Students had sued Twitter to police more effectively the misuse of the site as a forum for anti-Semitic slurs under the hashtag #unbonjuif (#agoodjew). On 20 March 2013, UEJF announced that it would invoke criminal liability of Twitter and its president, Dick Costolo, for not having identified the authors of anti-Semitic tweets. Additionally, the association demanded € 38,5 million as penalties.
These examples show that private terms of service and public laws, ensuring human rights, often clash, as the distinction between private communicative spaces and spaces dedicated to public discourse, which need to be protected because of their importance for democratic decision-making, is blurred.
Further, different national laws apply to the activities of social media companies. National courts, administrative bodies, data protection authorities, ombudspersons charge themselves with applying norms to private spaces and, as the examples have shown, often come to different conclusions. Jurisdictional conflicts ensue and attempts to harmonize national laws dealing with private online spaces based on international human rights standards become more instead of less difficult. A new foundation for safeguarding freedom of expression in private spaces across jurisdictions is therefore necessary.
Such protection can be achieved by considering that these private spaces are developing into semi-public (or public spaces) where human rights norms apply as a baseline across jurisdictions. Human rights-sensitive terms of service would minimize the problem of different treatment of online content across jurisdictions and ensuing court battles with diverging results which bring legal uncertainty. We thus need new terms for Internet companies’ terms of service.
A Call for New Terms for Terms of Service
Preliminary Observations
Social networks play an essential role in creating and increasing the value of the Internet as a multifaceted and energetic discourse forum. They enable the exercise of human rights, especially the freedom of expression (but also of assembly) and can act as a catalyst for democratic participation and thus for democracy. But human rights may be threatened on social networks through terms of service that are insensitive to human rights.
One of the key roles of the Internet with regard to freedom of expression is its enabling function. The Internet enables the exercise of freedom of expression by creating a huge resonance space, by allowing people to share ideas and concerns, wishes and complaints. The Internet is a discourse space that transcends borders, a progressive public sphere made up of private spheres where, nevertheless, issues of public interest are discussed.
In providing a space for such discussions (especially in times where carbon-based media are experiencing declines in readership and newspapers are shut down) the Internet’s public service value continues to grow. This implies certain duties for states. These include adopting human rights-consistent Internet policies, ensuring access, affirming freedom of expression and the free circulation of information on the Internet (and balancing them, where necessary, with other legitimate rights and interests) and ensuring that ICT content is reflective of all regions, countries and communities in order to ensure representation of all peoples, nations, cultures and languages. Terms of service are sometimes in violation of human rights, especially privacy rights. Companies have to face the dilemma of navigating between keeping users happy, ensure universal (or quasi-universal) availability and making money. Though they may profess do no evil, this is just one aspect of a viable business model.
Both American law and the case law of the European Court of Human Rights contain arguments for the case for turning private spheres into semi-public spheres under certain conditions. In New Jersey Coalition Against War in the Middle East v. J.M.B. Realty Corp. (1994), the Supreme Court of New Jersey established the right of individuals to hand out protest literature in private shopping malls. The Court held that owners of shopping centers have to allow leaflets with expressive speech within their malls, if they are de facto public forums. Given that they are, it would be unreasonable to allow private parties (the owners of the mall) to limit free speech. New Jersey’s Supreme Court backtracked from this more limited understanding of property rights in the 2000 case The Green Party of New Jersey v. Hartz Mountain Industries, Inc. and adopted a test in which private property rights of mall owners have to weighed against the rights to free speech and assembly.
Across the Atlantic, in its only relevant case so far, the European Court of Human Rights has followed a similar approach, even if it appears to be less sensitive to freedom of expression concerns (and allows state a broader margin of appreciation, a notion that did not matter for the New Jersey Supreme Court). In Appleby, the Court had to weigh between the right to property of a mall owner and the freedom of expression of a group wishing to collect signatures for a petition inside the mall. Confirming that the freedom of expression constituted one of the preconditions for a functioning democracy, the Court nevertheless pointed out that freedom of expression was not necessarily linked to a particular forum (the shopping mall), if alternative means were feasible. In that case they were. The applicants could have, the Court ruled, “employed alternative means, such as calling door-to-door or seeking exposure in the local press, radio and television”. In the New Jersey case, the mall had become a de facto public forum exactly because no real alternatives were available.
Ten New Terms for Terms of Service
I have ten points I would like to put forward in my call for new terms for terms of service. These can inform the multistakeholder-based, human rights-sensitive debate we need to lead.
1. Different jurisdiction offer differ public law-based normative orders in which private Internet companies have developed terms of service. But these terms of service are often applied independent of jurisdictions because users come from different countries. Even if a US company has its European headquarters in a EU member state, the terms of service still tend to be heavily influenced by the original terms of service drafted with a view to US free speech laws and the company’s corporate construct of its self-identity.
2. Applying the normative order of one country to Internet-related activities within that country, a sovereign right, can lead to jurisdictional conflicts in light of the open geography of cyberspace.
3. Terms of service are formulated within the normative space national public law allows for private activity. This normative space is (also) limited by human rights. But when it comes to freedom of expression in social networks (private) platform rules are often more restrictive than national (public) laws. Conversely, in some countries national laws, based on diverging religious, historical and cultural reasons, may make different value judgments which conflict with the terms of service formulated within the normative sphere influenced by a different country’s public law. Therefore, taking recourse to human rights as a normative frame of reference and baseline make sense. Though certain core rights must always be respected and the essence of no right may be violated, states must be accorded a certain margin of appreciation as developed in the (insofar generalizable) case-law of the European Court of Human Rights.
4. Internet companies will often censor perfectly legal content because they feel it might diminish the user experience of mainstream users (‘makes users unhappy’) and thus reduces their commercially valuable positive attention.
5. This is problematic because non-mainstream views are less in need of protection than views which, according to the European Court of Human Rights in its Handysidecase, “shock, offend and disturb”. As the importance of social media as providers of the discursive sphere necessary for democracy grows (and they reify insofar the Internet’s public service value), the corporate social responsibility of private companies is engaged.
6. The right of Internet companies to design terms of service as they see fit is limited by two factors: First, human rights apply in all spaces – online, just as offline. Second, as the importance of Internet-based communication for exercising freedom of expression increases (their public service value), the public service responsibility of private companies grows.
7. Ultimately, a de facto monopolization of public discourse in private spaces (‘no alternatives for meaningful democratic discourse outside of private forums’) may lead to demands for partial de-privatization of private forums. This could lead, eventually, to qualifying ‘private spaces’ as public (or semi-public).
8. This qualification would lead to a bigger role for national law, reflective of, and grounded in, international human rights standards.
9. In aggregating and articulating information, a growing number of private and public spaces compete on the international sphere. The cross-border online spaces are full of jurisdictional boundaries and become more fragmented as states start to assert more aggressively their jurisdiction over online speech. Some states also resist attempts of regional harmonization, as the example of the British opposition against the EU’s new proposal for a Data Protection Regulation (with the controversial Article 17 and its right to be forgotten in social media contexts) illustrates.
10. A new foundation for safeguarding freedom of expression in private spaces across jurisdictions is necessary as is a fair process framework. We therefore need both formal and substantive rules that can be applied to the semi-public and public places of the Internet. Such a new foundation must be based on human rights norms which can become a baseline across jurisdictions. Human rights-sensitive terms of service would minimize the problem of different treatment of online content across jurisdictions and ensuing court battles with diverging results which bring legal uncertainty.
Next Steps
While a commitment to transparency of Internet companies regarding removal requests has become widespread, a similar comprehensive and nuanced commitment to international standards of freedom of expression is still missing. This needs to be remedied and reflected in the terms of service.
In cooperation with Internet companies, a dialogue should be started on ensuring that terms of service are as sensitive to human rights as their growing importance as forums of increasingly public value-oriented online discourse requires. The protection of a discourse space has to be commensurate to its importance in aggregating and articulating opinions. Importantly, human rights protection in online discourse forums needs to extend both to the material and the formal dimensions of protection.
Though different self- and co-regulatory mechanisms have already been set to develop and discuss standards to be used by social network providers, it is essential to include a right for users to be heard and to appeal against decisions by social network providers. These might include, in appropriate cases, the pursuance of legal measures within state judiciaries. But any causes of action need to be in line with internationally accepted human rights in order to minimize the potential for jurisdictional conflicts.
Summing up, a human rights-based reformulation of terms of service
- respects both the sovereignty of states (especially sovereignty as responsibility to protect its citizens) and recognizes the borderless geography of cyberspace whose competing normative orders are framed by human rights (and international law);
- ensures the interoperability of different private (and semi-private regimes), and statal, self- and co-regulatory mechanisms on a firm foundation of human rights, recognizing the importance of the margin of appreciation (and its conceptual counterparts); and
- holds, on a micro-network scale, that users have basic fair process rights thus minimizing jurisdictionally problematic individual court cases with the potential of diverging opinions and conflicts related to execution.

CircleID

Spanish Joint-Network Investment in FttH Seeing Returns

Posted: April 24th, 2013, 10:34am WST by Henry Lancaster

Spain's economic anguish has had a number of repercussions for the country's telcos, with stable or declining revenue causing much nervousness as operators struggle to fund essential investment in spectrum and both fixed-line and mobile networks. Earlier this year Vodafone felt the pinch, announcing plans to cut its Spanish workforce by up to 1,000. Though general economic conditions have not helped, the move partly resulted from its own decisions. The company saw revenue drop for several quarters and so decided to save money by cutting handset subsidies. The ploy backfired: by the end of 2012 the company had lost 2.29 million mobile subscribers in the year, and as a result revenue dropped from £5 billion to £4.2 billion.

Yet Vodafone is one of the key players in Spain's surging fibre market, where investment in networks is a precondition of customer growth and financial reward. In common with development elsewhere (not least in the mobile sector), Vodafone is not going it alone, but is sharing the cost with other parties. In Spain, it has partnered with Orange. Unlike many other European markets, where operators have tended to concentrate on high-density towns (Paris, Milan, Amsterdam), in Spain FttH is more widely available in smaller towns and rural areas, often guided by the policies of regional governments. In this market there is plenty of room for smaller players to co-exist with the incumbent.

Orange launched an FttH pilot in Madrid as early as 2010, and earlier this year teamed up with Vodafone to invest up to €1 billion on a joint fibre network covering 50 of the largest cities. With complementary footprints, the fibre is owned independently though the companies share technical specifications to ensure compatibility as a single network. Each operator provides access to its own footprint, making the entire network available to each other. Orange recently switched on its fibre for commercial services, initially in Madrid, and planned to have some 800,000 premises connected to the network by March 2014, rising to three million by September 2015 and six million by 2017. In Madrid alone, up to 40,000 homes could be connected to the network.

The Orange/Vodafone joint network is open to co-investing third parties to share, which could dramatically extend the availability of fibre to Catalonia and Asturias where there are already extensive deployments through existing projects.

These developments are encouraging, and show that telcos operating through long-term economic doldrums are reassured that sensible investment strategies will provide dividends down the track.
Written by Henry Lancaster, Senior Analysts at Paul Budde Communication
Follow CircleID on Twitter
More under: Access Providers, Broadband, Mobile, Telecom

IGP Blog

WTF? WTPF! The continuing battle over Internet governance principles

Posted: April 24th, 2013, 3:39am WST by Milton Mueller

Remember all the businesses, internet techies and NGOs who were screaming about an “ITU takeover of the Internet” a year ago? Where are they now? Because this time, we actually need them. May 14 – 21 is Internet governance week in Geneva. We have declared it so because there will be three events in that [...]

CircleID

gTLD Contention Auction in May: Request for Comments

Posted: April 23rd, 2013, 8:15am WST by Sheel Mohnot

Many gTLD applicants with strings in contention have already heard about the Applicant Auction, a voluntary private auction for resolving string contention that my colleagues and I are organizing. In this post we'd like to share some updates on our progress.

Most importantly, we realized that more than just an escrow agent is needed for the success of a private auction of this scale, and we have partnered with Morrison & Foerster, LLP, a global law firm, who will be acting as the neutral party for our auctions.

We had the opportunity to talk to many applicants in Beijing last week, and we received some great feedback and suggestions. We have distilled these conversations into a more detailed proposal, covering the schedule, policies on which information is published and which is kept confidential, the procedure for handling withdrawals, the handling of bid deposits, and more.

Although many applicants have been asking us to hold an auction as soon as possible and several have already committed to participate in the first auction, we would like to give all applicants a chance to review the proposal and submit final comments, until Thursday this week (11pm UTC).

Based on the applicants' input, the final schedule and rules for the first auction will then be published by Tuesday, April 30, and applicants interested in participating can then sign up their TLDs in an online enrollment system.

We have summarized some of the suggested changes below, and we encourage participants to take a look at the full RFC and send us comments:

Schedule:

We propose beginning Thursday, May 2, with publication of the auction rules and other legal documents, and we plan to hold the auction on Thursday, May 23. Interested parties will need to commit online by May 8. Dates are subject to change with input from participating applicants.

Information policy:

As presented in the workshops, all bidders participating in a given auction can see the number of bidders still bidding for a domain in each round, for all domains being auctioned. However, the winning price is not disclosed to all bidders; only bidders for a particular domain can see the price at which the domain was sold. Amounts of bids and deposits will be kept strictly confidential.

Withdrawal procedure:

Several applicants asked: What if I don't win in the auction, and, as required, I withdraw my application, but some of my fellow non-winning competitors don't? We took this concern very seriously and propose the following solution:

Before the auction, bidders irrevocably authorize the neutral party to request a withdrawal with ICANN on their behalf. In addition, bidders that do not win are required to withdraw their applications via ICANN's online system and send a screenshot to the neutral party, along with a withdrawal statement signed by bidder and two witnesses confirming that the seller performed the withdrawal. A bidder who does not submit proof of withdrawal will forfeit their deposit, and Morrison & Foerster LLP will take legal steps, if necessary, to execute the withdrawal. For bidders who do submit proof, the deposit is held until the neutral party has ensured that the withdrawal took place. ICANN has assured us that withdrawals will be made public within 48 hours, and the neutral party will not release any payments or deposits until withdrawals have been confirmed by ICANN.

Deposit:

Each applicant must make a deposit of at least 20% of the maximum amount the applicant would like to be able to bid, as noted previously. The deposit must be at least $80,000. The purpose of the minimum deposit is to help ensure that bidders who didn't win in the auction withdraw their application. To level the playing field for single-domain applicants who had requested this, we also made an important change from the previously proposed policy: the effective deposit does not increase if participant becomes a seller for a TLD, and payments received from one TLD cannot be used to pay for another TLD within that auction. Applicants who are participating in the auction with more than one TLD must make the minimum deposit for each TLD.

We hope that the procedure we proposed adequately captures the feedback we received from applicants. Overall, there were surprisingly few topics on which we had to come up with a compromise; in most cases, applicant's preferences were in agreement. Where we did have to find a balance between different perspectives, we hope we have found solutions that will satisfy all applicant's concerns.

We look forward to receiving comments to the Request For Comments posted on the applicant auction website.
Written by Sheel Mohnot, Consultant
Follow CircleID on Twitter
More under: ICANN, Top-Level Domains
SIP Network Operators Conference (SIPNOC) Starts Tonight in Herndon, Virginia

Posted: April 23rd, 2013, 8:03am WST by Dan York
Tonight begins the third annual SIP Network Operators Conference (SIPNOC) in Herndon, Virginia, where technical and operations staff from service providers around the world with gather to share information and learn about the latest trends in IP communications services — and specifically those based on the Session Initiation Protocol (SIP). Produced by the nonprofit SIP Forum, SIPNOC is an educational event sharing best practices, deployment information and technology updates. Attendees range from many traditional telecom carriers to newer VoIP-focused service providers and application developers.

The SIPNOC 2013 agenda includes talks on:
- VoIP and communications security
- Business strategies for service providers
- Regulatory and policy issues
- Multiple sessions about WebRTC and how that will change IP communications
- IPv6 and VoIP
- HD audio
- Standards relating to VoIP and SIP
The main sessions begin tomorrow with a keynote presentation from FCC CTO Henning Schulzrinne where I expect he will talk about some of the challenges the FCC has identified as they continue to push the industry to move away from the traditional PSTN to the world of IP communications.

I've very much enjoyed the past SIPNOC conferences and will be back there again this year leading sessions about: IPv6 and VoIP; how DNSSEC can help secure VoIP; and a couple of sessions related to VoIP security. I'm very much looking forward to the discussions and connections that get made there — and if any of you are attending I look forward to meeting you there.

SIPNOC 2013 will not be livestreamed, but if you are in the DC area (or can easily get there), registration is still open for the event. I suspect you'll also see some of us tweeting with the hashtag #sipnoc.
Written by Dan York, Author and Speaker on Internet technologies
Follow CircleID on Twitter
More under: DNS Security, IPv6, Security, Telecom, VoIP
ICANN Releases 5th Round of Initial Evaluation Results - 169 TLDs Pass

Posted: April 22nd, 2013, 11:37pm WST by CircleID Reporter

Mary Iqbal writes to report that ICANN has released the fifth round of Initial Evaluation results, bringing the total number of applications that have passed the Initial Evaluation phase to 169. ICANN is targeting completing Initial Evaluation for all applicants by August 2013. To learn more, see: [www.getnewtlds.com]
Follow CircleID on Twitter
More under: ICANN, Top-Level Domains
Why Donuts Should Win All Wine New gTLD Applications

Posted: April 22nd, 2013, 11:30pm WST by Jean Guillon

There are 2 reasons why Donuts, applicant for more than 300 Top-Level Domains, should become the official Registry for wine applications.

• It is not because of the content of its application: There are 3 applicants in total and all of them followed the rules provided by ICANN in its applicant guidebook.
• It is not because they protect the wine industry: the Applicant Guidebook did not "force" applicants to do so.
• It is not because they are American: there are also very good wines in Gibraltar and Ireland. In Gibraltar in particular.

So what are the reasons why Donuts is the right Registry for wine applications?

1) Donuts applied for both .VIN and .WINE Top-Level Domains.

I already imagine a Registrant (the person to buy these domain names) who would face the situation of being able to register a domain name in .VIN and not .WINE. It is what will probably happen if .VIN is owned by an applicant and .WINE by another. The same applies if rules are different, if Registrars are not the same, if launching dates are different (note this will probably happen anyway). If Donuts "wins" both applications, chances are high that a Registrant like you will probably get the chance to be served first to acquire his .wine domain name if he had previously registered his .vin domain.
Both wine applications in the hand of the same Registry is far more interesting for the end user: you don't want to buy your next car in 2 different garages.

2) Donuts is now experienced

Some institutions and myself, involved in the protection of wine Geographical Indications, asked ICANN about this question: "how are wine Geographical Indications going to be protected?" Note this is not the only issue here, wine Trademarks won't be better protected neither but at least, our voice has been heard on one question.
The result of this long information to wine institutions, Project dotVinum, their public comments, my publications in the paper and online press, their questions to ICANN and more ended to a GAC Advice.

"GAC" stands for "Governmental Advisory Committee": basically, it is a group founded by ICANN which represents Governments on such questions. Countries have their word to say when a question related to new gTLDs is a problem. The GAC advice is very important because the problem of protecting wine Geographical Indications is a serious issue for the wine Community and the GAC now seems to be the only body able to force ICANN to "do something about it". It started in 2010 with the dotVinum project. Only in 2013 ICANN listens to it…

So, why Donuts and not another applicant?

Donuts, through the GAC Early Warning Procedure, was asked by France and Luxembourg to offer a protection mechanism for wine Geographical Indications on its .VIN application or to remove it. No solution was found between applicant and French Government and this situation lead to the same question for both .WINE and .VIN. There have been many exchanges on this question. There is now a deadline set in July 2013 to answer this question and...all this is going through the public comment procedure.
Donuts is the right applicant because it is the one facing these questions with Governments and unless ICANN drops it in Durban, it appears on the reports I have on my desk that Donuts is now the most experienced applicant to help find a solution… or not.

Many things can now happen:

• ICANN could "drop it" by not paying so much attention to this question on Durban. This would lead to no protection for wine Geographical Indications. I wrote to its CEO with a solution but it looks like they do not want to confirm they received it;
• Donuts could drop its .VIN application: after all, they have more than 300 so why bother;
• ICANN could block, at the source, second level domains to be registered in all new registries to be launched;
• ICANN could force .WINE and .VIN applicant(s) to protect wine Geographical Indications in their TLD only.
• With all the promotion I am doing on both .WINE and .VIN, other applicants could decide to "bid high" to win .WINE or find an arrangement with other applicants and myself to make these TLDs a success;
• ICANN could decide to reject all wine applications because they do not offer sufficient protection mechanisms;
• ...

As a reminder, the .VIN application has prioritization number 618 on a list of 1917, would a solution be found fast on the wine Geographical Indication question, it could… not be delayed.
Written by Jean Guillon, New generic Top-Level Domain specialist
Follow CircleID on Twitter
More under: Top-Level Domains
A Primer on IPv4, IPv6 and Transition

Posted: April 22nd, 2013, 4:57am WST by Geoff Huston

There is something badly broken in today's Internet.

At first blush that may sound like a contradiction in terms, or perhaps a wild conjecture intended only to grab your attention to get you to read on. After all, the Internet is a modern day technical marvel. In just a couple of decades the Internet has not only transformed the global communications sector, but its reach has extended far further into our society, and it has fundamentally changed the way we do business, the nature of entertainment, the way we buy and sell, and even the structures of government and their engagement with citizens. In many ways the Internet has had a transformative effect on our society that is similar in scale and scope to that of the industrial revolution in the 19th century. How could it possibly be that this prodigious technology of the Internet is "badly broken?" Everything that worked yesterday is still working today isn't it? In this article I'd like to explain this situation in a little more detail and expose some cracks in the foundations of today's Internet.

You see it's all about addresses. In a communications network that supports individual communications it's essential that every reachable destination has its own unique address. For the postal network it's commonly your street address. For the traditional telephone network it's your phone number. This address is not just how other users of the network can select you, and only you, as the intended recipient of their communication. It's how the network itself can ensure that the communication is correctly delivered to the intended recipient. The Internet also uses addresses. In fact the Internet uses two sets of addresses. One set of addresses is for you and I to use. Domain names are the addresses we enter into web browsers, or what we use on the right hand side of the @ in an email address. These addresses look a lot like words in natural languages, which is what makes them so easy for we humans to use. The other set of addresses are used by the network. Every packet that is passing through the Internet has a digital field in its header that describes the network address of the packet's intended delivery address: it's "destination address." This address is a 32 bit value. A 2 bit field has four possible values, a 3 bit field has eight possible values, and by the same arithmetic a 32 bit field has 2 to the power 32, or some 4,294,967,296 unique values.

If every reachable device on the Internet needs a unique address in order to receive packets, then does that mean that we can only connect at most some 4 billion devices to the Internet? Well, in general terms, yes! And once we reach that hard limit of the address size, should we expect to encounter problems? Well, in general terms, yes!

Running out of addresses in any communications network can pose a massive problem. We have encountered this a number of times in the telephone network, and each time we've managed to add more area codes, and within each area we've added more in-area digits to telephone numbers to accommodate an ever-growing population of connected telephone handsets. Every time we've made this change to the address plan of the telephone network we needed to reprogram the network. Luckily, we didn't needed to reprogram the telephone handsets as well. We just had to re-educate telephone users to dial more digits. With care, with patience, and with enough money this on-the-fly expansion of the telephone system's address plan can be undertaken relatively smoothly. But this approach does not apply to the Internet. The address structure of the Internet is not only embedded into the devices that operate the network itself, the very same address structure is embedded in every device that is attached to the network. So if, or more correctly, when, we run out of these 32 bit addresses on the Internet we are going to be faced with the massive endeavour of not only reprogramming every part of the network, but also reprogramming every single device that is attached to the network. Given that the Internet today spans more than 2.3 billion users and a comparable number of connected devices then this sounds like a formidable and extremely expensive undertaking.

Frank Solensky's Report on Address Depletion, Proceedings of IETF 18, p. 61, Vancouver, August 1990 (PDf)If running out of IP addresses is such a problem for the Internet then you'd like to hope that we could predict when the ominous event would occur, and then give ourselves plenty of lead time to dream up something clever as a response. And indeed we did predict this address depletion. Some 23 years ago, in August 1990, when the Internet was still largely a research experiment and not the foundation bedrock of the global communications enterprise we saw the first prediction of address runout. At the time Frank Solensky a participant in the Internet Engineering Task Force (IETF) extrapolated the growth of the Internet from the emerging experience of the US National Science Foundation's NSFNET, and similar experiences in related academic and research projects, and predicted that the pool of addresses would run out in some 6-10 years time.

The technical community took this message to heart, and started working on the problem in the early 1990's.

From this effort emerged a stop gap measure that while it was not a long term solution, would buy us some urgently needed extra time. At the time the Internet's use of address use was extremely inefficient. In a similar manner to a telephone address that uses an area code followed by a local number part, the Internet's IP address plan divides an IP address into a network identifier and a local host identifier. At the time we were using an address plan that used fixed boundaries between the network identification part and the host identification part. This address plan was a variant of a "one size fits all" approach, where we had three sizes of host addresses within the network: one size was just too big for most networks, one size was too small, and the only one that left was capable of spanning an Internet of just 16,382 networks. It was this set of so-called "Class B" address blocks that Frank Solensky predicated to run out in four year's time.

So what was the stop gap measure? Easy. Remove the fixed boundaries in the address plan and provide networks with only as many addresses as they needed at the time. It was hoped that this measure would give us a few more years of leeway to allow us to develop a robust long term answer to this address problem. The new address plan was deployed on the Internet in early 1993, and for a couple of years it looked like we were precisely on track, and, as shown in Figure 2, this small change in the address plan, known as Classless Inter-Domain Routing (CIDR), would buy us around 2 or 3 years of additional time to work on a longer term approach to IP address exhaustion.

Figure 2 – CIDR and Address Consumption

As things turned out, we were wrong in that 2 — 3 year estimate.

The reason why we were wrong was that a second stop gap measure was also developed in the early 1990's. This new technology cut right to the heart of the architecture of the Internet and removed the strict requirement that every attached device needed its own unique address on the Internet.

The approach of Network Address Translators (NATs), allowed a collection of devices to share a single public IP address. The devices that were located "behind" a NAT could not be the a target of a new communication, so that, for example, you could not host a web service if you were behind a NAT, but as long as the devices behind the NAT initiated all communications, then the NAT function became invisible, and the fact that an IP address was being shared across multiple devices was effectively irrelevant. In a model of clients and servers, then as long as you only placed the clients behind a NAT then it was possible to share a single IP address across multiple clients simultaneously.

The emerging retail ISP industry took up this NAT technology with enthusiasm. The provisioning model for retail Internet services was for a single IP address provided for each connected service, which was then shared by all the computers in the home using a NAT that was embedded into the DSL or cable modem that interfaced the home network to the service provider network. The IP address consumption levels dropped dramatically, as it was no longer a case of requiring a new IP address for each connected device, but instead requiring a single IP address for each connected service. And as the home collected more connected devices, none of these devices drew additional addresses from the IP address pool.

Instead of buying a couple of years of additional breathing space to design a long term solution to address depletion, the result of the combination of classless addressing and NATs was that it looked like we had managed to push the issue of address depletion out by some decades! The most optimistic prediction of address longevity in around 2001 predicted that IPv4 address depletion might not occur for some decades, as the address consumption rate had flattened out, as shown in Figure 3.

Figure 3 – CIDR, NATs and Address Consumption

Perhaps it may have been an unwarranted over-reaction, but given this reprieve the industry appeared to put this entire issue of IP address depletion in the Internet onto the top shelf of the dusty cupboard down in the basement.

As events turned out, that level of complacency about the deferral of address depletion was misguided. The next major shift in the environment was the mobile Internet revolution of the last half of the 2000's. Before then mobile devices were generally just wireless telephones. But one major provider in Japan had chosen a different path, and NTT DOCOMO launched Internet-capable handsets onto an enthusiastic domestic market in the late 1990's. Their year-on-year rapid expansion of their mobile Internet service piqued the interest of many mobile service operators in other countries. And when Apple came out with a mobile device that included a relatively large well-designed screen and good battery life, an impressive collection of applications and of course a fully functional IP protocol engine, the situation changed dramatically. The iPhone was quickly followed by a number of other vendors, and mobile operators quickly embraced the possibilities of this new market for mobile Internet services. The dramatic uptake of these services implied an equally dramatic level of new demand for IP addresses to service these mobile IP deployments, and the picture for IP address depletion one more changed. What was thought to be comfortably far into the future problem of IP address depletion once more turned into a here and now problem.

Figure 4 – Address Consumption

Even so, we had exceeded our most optimistic expectations and instead of getting a couple of years of additional breathing space from these stop gap measures, we had managed to pull some 15 additional years of life out of the IPv4 address pool. But with the added pressures from the deployment of IP into the world's mobile networks we were once more facing the prospect of imminent address exhaustion in IPv4. So it was time to look at that long term solution. What was it again?

During the 1990's the technical community did not stop with these short term mitigations. They took the address depletion scenario seriously, and considered what could be done to define a packet-based network architecture that could span not just billions of connected devices but hundreds of billions of devices or more. Out of this effort came version 6 of the Internet Protocol, or IPv6. The changes to IPv4 were relatively conservative, apart from one major shift. The address fields in the IP packet header were expanded from 32 bits to 128 bits. Now every time you add a single bit you double the number of available addresses. This approach added 96 bits to the IP address plan. Yes, that's 340,282,366,920,938,463,463,374,607,431,768,211,456 possible addresses!

This approach to IPv6 appeared to adequately answer the need for a long term replacement protocol with enough addresses to fuel a rapacious silicon industry that can manufacture billions of processors each and every year. However, there was one residual annoying problem. The problem arises from one of the underlying features of the Internet's architecture: IP is an "end-to-end' protocol. There is no defined role for intermediaries in packet delivery. In the architecture of the Internet, what gets sent in a packet is what gets received at the other end. So if a device sends an IPv4 packet into the network, what comes out is an IPv4 packet, not an IPv6 packet. Similarly, if a device sends an IPv6 packet into the network then what comes out at the other end is still an IPv6 packet. The upshot of this is that IPv6 is not "backward compatible" with IPv4. In other words setting up a device to talk the "new" protocol means that it can only talk to other devices that also talk the same protocol. This device is completely isolated from the existing population of Internet users. What were these technology folk thinking in offering a new protocol that could not interoperate with the existing protocol?

What they were thinking was that this was an industry that was supposedly highly risk averse, and that once a long term replacement technology was available then the industry would commence broad adoption well before the crisis point of address exhaustion eventuated. The idea was that many years in advance of the predicted address exhaustion time, all new Internet devices would be configured to be capable of using both protocols, both IPv4 and IPv6. And the idea was that these bilingual devices would try to communicate using IPv6 first and fall back to IPv4 if they could not establish a connection in IPv6. The second part of the transition plan was to gradually convert the installed base of devices that only talked IPv4 and reprogram them to be bilingual in IPv6 and IPv4. Either that, or send these older IPv4-only devices to the silicon graveyard!

The transition plan was simple. The more devices on the Internet that were bilingual the more that the conversations across the network would use IPv6 in preference to IPv4. Over time IPv4 would essentially die out and support for this legacy protocol would be no longer required.

However one part of this plan was critical. We were meant to embark on this plan well before the time of address exhaustion, and, more critically, we were meant to complete this transition well before we used that last IPv4 address.

Figure 5 – The IPv6 Transition Plan

And to some extent this is what happened. Microsoft added IPv6 to its operating systems from the mid 2000's with the Windows Vista and Windows Server 2008 products. Apple similarly added IPv6 into their Mac OSX system from around 2006. More recently, IPv6 support has been added into many mobile devices. These days it appears that around one half of all devices connected to the Internet are bi-lingual with IPv6 and IPv4. This is indeed a monumental achievement, and much of the effort in re-programming the devices that are attached to the Internet to speak the new protocol has been achieved. So we are all ready to switch over the Internet to use IPv6, yes? Well, no, not at all.

So what's gone wrong?

Many things have not gone according to this plan, but perhaps there are two aspects of the situation that deserve highlighting here.

Firstly, despite the addition of IPv6 into the popular computer platforms, the uptake of IPv6 in the network is just not happening. While there was a general view that the initial phase of IPv6 adoption would be slow, the expectation was that the use of IPv6 would accelerate along exponentially increasing lines. But so far this has not been all that evident. There are many metrics of the adoption of IPv6 in the Internet, but one of the more relevant and useful measurements is that relating to client behaviour. When presented with a service that is available in both IPv4 and IPv6, what proportion of clients will prefer to use IPv6? Google provide one measurement point, that measures a sample of the clients who connect to Google's service. Their results are shown in Figure 6.

Figure 6 – IPv6 Adoption (Source)

Over the past four years Google has seen this number rise from less than 1% of users in early 2009 to a current value of 1.2%. It's one of those glass half-full or half-empty stories. Although in this case the glass is either 1% full or 99% empty! If broad scale use of IPv6 is the plan, then right now we seem to be well short of that target. On a country-by-country basis the picture is even more challenging. Only 9 countries have seen the proportion of IPv6 users rise above 1%, and the list has some surprising entries.

Figure 7 – IPv6 Adoption (Source)

It's hard to portray this as evidence of broad based adoption of IPv6. Its perhaps more accurate to observe that a small number of network providers have been very active in deploying IPv6 to their customer base, but these providers are the minority, and most of the Internet remains locked deeply in IPv4. If a significant proportion of the end devices support IPv6 then why are these use metrics so unbelievably small? It appears that the other part of the larger network re-programming effort, that of enabling the devices sitting within the network to be IPv6-capable, has not taken place to any significant extent. It's still the case that a very large number of ISPs do not include IPv6 as part of their service offering, which means that even if an attached computer or mobile device is perfectly capable of speaking IPv6, if the access service does not support IPv6 service then there is effectively no usable way for the device to use IPv6. And even when the service provider supplies IPv6 as part of its service bundle, it may still be the case that the user's own network devices, such as the in-home NAT/modems and other consumer equipment that supports in in-home networks, such as a WiFi base station or a home router may only support IPv4. Until this equipment is replaced or upgraded, then IPv6 cannot happen. The result is as we seen in the IPv6 usage metrics today: when offered a choice between IPv4 and IPv6, some 99% of the Internet's connected devices will only use IPv4.

Secondly, we've now crossed into a space that was previously regarded as the unthinkable: we've started to run out of IPv4 addresses in the operating network. This address exhaustion started with the central address pool, managed by the Internet Assigned Numbers Authority (IANA). The IANA handed out its last address block in February 2011. IANA hands out large blocks of addresses (16,777,216 addresses per "block") to the Regional Internet Address Registries (RIRs), and in February 2011 it handed out the last round of address blocks to the RIRs. Each of the five RIRs operates independently, and each will themselves exhaust their remaining pool of IPv4 addresses in response to regional demand. APNIC, the RIR serving the Asia Pacific region, was the first to run out of addresses, and in mid April 2011 APNIC handed out its last block of "general use" IPv4 addresses. (as a side remark here, APNIC still had 17 million addresses held aside at that point, but the conditions associated with allocations from this so-called "final /8" are than each recipient can receive at most an allocation of a total of just 1,024 addresses from this block.) This represented an abrupt change in the region. In the last full year of general use address allocations, 2010, APNIC consumed some 120 million addresses. In 2012, the first full year of operation under this last /8 policy the total number of addresses handed out in the region dropped to 1 million addresses. The unmet address demand from this region appears to be growing at a rate of around 120 — 150 millions addresses per year.

The region of Europe and the Middle East has been the next to run out, and in September 2012 the RIPE NCC, the RIR serving this region, also reached its "last /8" threshold, and ceased to hand out any further general use IPv4 addresses. The process of exhaustion continues, and the registry that serves Northern America and parts of the Caribbean, ARIN, has some 40 million addresses left in its address pool. At the current consumption rate ARIN will be down to its last /8 block 12 months from now, in April 2014. LACNIC, the regional registry serving Latin America and the Caribbean, currently has some 43 million addresses in its pool, and is projected to reach their last /8 slightly later in August 2014. The African regional registry, AFRINIC, has 62 million addresses, and at its current address consumption rate, the registry will be able to service address requests for the coming seven years.

Figure 8 – IPv4 Address Depletion (Source)

So if the concept was that we would not only commence, but complete the process of transition to use IPv6 across the entire Internet before we got to that last IPv4 address, then for Europe, the Middle East, Asia and the Pacific this is not going to happen. It's just too late. And for North and South America it's also highly unlikely to happen in time.

And the slow pace of uptake of IPv6 points to the expectation that this "running on empty" condition for the Internet address plan may well continue for some years to come.

We are now entering into a period of potential damage for the Internet. If the objective of this transition from IPv4 to IPv6 was to avoid some of the worse pitfalls of exhaustion of the IPv4 address space in the internet, then we've failed.

The consequence of this failure is that we are now adding a new challenge for the Internet. It's already a given that we are meant to sustain continued, and indeed accelerating, growth in terms of the overall size of the network and the population of connected devices. The pace of this growth is expressed as a demand for some 300 million additional IP addresses per year, and the figures from the device manufacturers point to a larger figure of some 500 — 700 million new devices being connected to the Internet each year. And the number grows each year. We are expanding the Internet at ever faster rates. As if riding this phenomenal rate of growth on the existing infrastructure and existing technology base wasn't challenging enough, we also have the objective not just to maintain, but to accelerate the pace of transition to IPv6. These two tasks were already proving to be extremely challenging, and we've been slipping on the second. But we now have the additional challenge of trying to achieve these two objectives without the supply of any further IPv4 addresses. At this point the degree of difficulty starts to get uncomfortably close to ten!

This situation poses some architectural consequences for the Internet. Until now we've managed to push NATs out to the edge of the network, and make address compression something that end users did in their home networks. The consequences of failure of such devices and functions are limited to the edge network served by the NAT. We are now deploying mechanisms that allow this NAT function to be performed in the core of the carriage networks. This introduces a new set of unquantified factors. We've little experience in working with large scale NAT devices. We have no idea of the failure modes, or even the set of vulnerabilities in such an approach. We are still debating the appropriate technical approach in the standards bodies, so there are a variety of these service provider NAT approaches being deployed. Each NAT approach has different operational properties, and different security aspects. But now we don't have the luxury of being able to buy more time to explore the various approaches and understand the relative strengths and weaknesses of each. The exigencies of address exhaustion mean that the need for carrier level NAT solutions is now pressing, and given that this is a situation that we never intended to experience, we find ourselves ill-prepared to deal with the side effects from this subtle change in the network's architecture. The greater the level of complexity we add into the network, and the wider the variation in potential network behaviours as a result, the greater the burden we then place on applications. If the network becomes complex to negotiate then applications are forced to explore the local properties of the network environment in order to provide the user with a robust service.

If the hallmark of the Internet was one of efficiency and flexibility based on a simple network architecture, then as we add complexity into the network what we lose is this same efficiency and flexibility that made the Internet so seductively attractive in the first place. The result is a network that is baroquely ornamented, and one that behaves in ways that are increasingly capricious.

We are hopelessly addicted to using a network protocol that has now run out of addresses. At this point the future of the Internet, with its projections of trillions of dollars of value, with its projections of billions of connected silicon devices, with its projections of petabytes of traffic, with its projections of ubiquitous fibre optics conduits spanning the entire world is now entering a period of extreme uncertainty and confusion. A well planned path of evolution to a new protocol that could comfortably address these potential futures is no longer being followed. The underlying address infrastructure of the network is now driven by scarcity rather than abundance, and this is having profound implications on the direction of evolution of the Internet.

There really is something badly broken in today's Internet.
Written by Geoff Huston, Author & Chief Scientist at APNIC
Follow CircleID on Twitter
More under: IP Addressing, IPv6
What May Happen to GAC Advice? 3 Fearless Predictions

Posted: April 21st, 2013, 4:25pm WST by Dirk Krischenowski

1. Prediction: A Lesson in Story Telling.

Many TLD applicants are likely to respond to the GAC Advice in a manner that is like story telling: Based on a mixture of fiction garnished with some facts from their applications, applicants will write savvy responses with only one aim — to calm down the GAC's concerns and survive the GAC Advice storm. The "duck and cover" strategy.

Background:

According to the Applicant Guidebook, material changes to applications need to go through a Change Request process. In contention sets Change Requests that are advantageous to a specific applicant are not likely to pass due to competitor's opposition. Even in non-contentious cases Change Requests may not pass, as they could be anti-competitive. Also, the permanent opportunity for applicants in contention sets to amend their applications (by PICs, Change Requests or by the response to a GAC Advice) raises serious anti-competitive questions, as there is very limited space to make changes to an application according to the Applicant Guidebook.

Proposed solution:

No fiction — only facts! Applicants who have not been able to determine privacy issues, consumer protection issues or other issues associated with their TLD application over 12 months after filing their application raise serious concerns whether they are the appropriate entity to operate a TLD.

2. Prediction: Pass the hot potatoes, Joe.

Close to no decisions will be made to reject applications that are included in the GAC Advice. It is to be expected that only a handful of applications, where there is overwhelming support for a rejection (such as those in IV 1. In the Beijing Communiqué), will actually be rejected. This might happen due to legal and liability issues or simply lack of a clear-cut process

Background:

Governments demanded instruments — namely GAC Early Warning and GAC Advice — to prevent applications they were unhappy with. Now the GAC filed an Advice for more than 500 applications, asking for more security, more accountability and more appropriate operation of regulated industries TLDs, among other issues. According to the Applicant Guidebook, the consequence of not fulfilling the GAC Advice (without the option to distort the application to an noncredible extent) would be a dismissal of the gTLD.

Unfortunately, the current GAC Advice process poses loopholes for all parties involved which offer the chance not to be responsible for this dismissal but instead not make any decision at all. This could be the next occasion where ICANN does not serve the Public Interest and the Community but those that play hardball in this application process by their lobbying and financial power.

Proposed solution:

GAC and ICANN Board should accept the responsibilities they asked for!

3. Prediction: Time and tide wait for no man.

GAC Advice has to be executed before contention resolution for applicants in contention sets starts. Otherwise an applicant might succeed in the Contention Set who will be thrown out because of GAC Advice later in the process. This timing would not make sense.

Background:

The GAC Advice process should take into account the process and timing of the whole Application Process. The process following the execution of GAC Advice has to be finished before the Contention Resolution Process is being initiated. Otherwise an applicant who is willing to provide the safeguards being asked for in the GAC Advice may have been eliminated in the process (e.g. by an auction), while the winner of the Contention Resolution is an applicant who is not willing to abide by the GAC Advice. A TLD could then not be awarded at all although a suitable candidate was in place, making the GAC Advice meaningless.

Proposed solution:

Don't wait! We have attached a detailed proposal (PDF chart here) for the harmonization of the GAC Advice process with the New gTLD Application Process. The chart clearly demonstrates how both processes may run in parallel and come together before the contention resolution.
Written by Dirk Krischenowski, Founder and CEO of dotBERLIN GmbH & Co. KG
Follow CircleID on Twitter
More under: ICANN, Internet Governance, Top-Level Domains
Questions About the Robustness of Mobile Networks

Posted: April 21st, 2013, 2:54am WST by Paul Budde

With mobile phones having become a utility, people are beginning to rely completely on mobile services for a large range of communications. All mobile users, however, are aware of some level of unreliability in these phone systems. Blackspots remain all around the country, not just outside the cities, and in busy areas the quality of the service goes down rather quickly. Drop-outs are another fairly common occurrence of mobile services.

In most cases these are annoyances that we have started to take for granted. This is rather odd, as people do not have the same level of tolerance in relation to their supply of landline communication or, for example, electricity.

At the same time, in almost ever disaster situation the mobile network collapses, simply because it can't handle the enormous increase in traffic. The latest example was the collapse of the mobile services in Boston shortly after the bombing.

The trouble is that in such events this is not simply an annoyance. At these times communications are critical, and sometimes a matter of life and death. The fact that we now have many examples of network meltdowns indicates that so far mobile operators have been unable to create the level of robustness needed to cope with catastrophic events.

Then there are the natural disasters, when it is more likely that infrastructure will be extensively damaged or totally destroyed. However, as we saw during the Brisbane floods two years ago, essential infrastructure has been built in areas that are known to be flood-prone. Infrastructure like mobile towers may not necessarily be physically affected but if the electricity substations are positioned in those areas mobile service operation will be affected.

There are also very few official emergency arrangements between electricity utilities and mobile operators, or for that matter local authorities.

Bucketty in the Hunter Valley, where my office is based, is in a bushfire-prone area and we have been working with Optus — the local, and only, provider of mobile services in the area — to prepare ourselves for bushfire emergencies, to date with limited result. Our idea was to work with the local fire brigade to get access to the mobile tower in emergency situations so that we could install a mobile back-up generator in case the power is cut off.

We were unable to get that organised as Optus insists it can provide these extra emergency services itself. Based on our experience, however, roads are closed in times of emergency and it would be impossible for anyone from the outside to come into the area to assist. This has to be organised on a local level, but large organisations don't work that way.

All of these examples show that the utility and emergency functions of mobile services have not yet been taken seriously enough, and so these problems will continue unless a more critical approach is taken towards guaranteeing a much higher level of robustness to our mobile services. The mobile communication meltdowns during disasters that we have witnessed over the last few years were largely preventable if mobile operators had prepared their network for such events, and if better emergency plans had been developed between various authorities involved in such emergencies, together with policies and procedures to address these issues.

With an increased coverage of WiFi — linked to fixed networks — we see that, particularly in cities, such services are proving to be more reliable, especially for the data services that are required almost immediately to locate people and provide emergency communication services. The social media play a key role in this. In Boston Google responded instantly with a location finder for those affected and their friends and family, and access was largely provided through hotspots.

With an increase of total reliance on mobile networks, especially in emergency situations, it is obvious that far greater attention will need to be given to the construction of mobile networks with disaster events in mind. So far the industry on its own has failed to do this and it will be only a matter of time for government authorities to step in and try to fix these problems.

Other problems — based in particular on experience in the USA — that will need to be addressed include the unfamiliarity with SMS, especially among older people. During a network meltdown it often is still possible to send SMSs and they are the best method of communication. Also, with the increase of smartphones people tend to no longer remember telephone numbers, and often in those emergency situations the batteries of smartphones quickly run to empty.

Smartphone manufacturers, as well as the society at large, will have to think of solutions to these problems.

This is a good interview with my American colleague Brough Turner on why cell phone (and other phone) networks get congested in time of crisis.
Written by Paul Budde, Managing Director of Paul Budde Communication
Follow CircleID on Twitter
More under: Mobile, Wireless

Veni Markovski - The Blog

Не се страхувайте! Управляващите ни тикви могат да загубят много повече: свободата си!

Posted: April 20th, 2013, 1:03pm WST by Veni Markovski | Вени Марковски
Преди четири дни пуснах във Фейсбук следното съобщение – на личната и на публичната си страница:
Моля и читателите тук, в моя блог, да престанат да го четат, ако са решили на 12-и май да гласуват за ГЕРБ. И ако се чудите за кого да гласувате, ето какво пуснах преди 3 дни във Фейсбук:
Вчера един мой приятел ми каза, че преди да хареса публикацията ми във Фейсбук, за момент се поколебал. Той не е на държавна работа, не зависи от държавата, но е живял при социализма достатъчно време, за да има изградена автоцензурна имунна система. Разбирате ли, уважаеми читатели, че щом хората, които са свободни духом, се колебаят дали да споделят едно мнение срещу властта, има много други, които не са свободни и предпочитат да живеят с преклонена главица, за да не я отсече мечът на полицията. На същата тази полиция, която трябваше да ни пази, но вместо това ни подслушва и следи. БЕЗКОНТРОЛНО.

Не знам колко от вас биха се съгласили, че е по-добре да умреш изправен на крака, отколкото да живееш на колене, но изглежда, че все още има немалък брой хора, които са на принципа “да би мирно седяло, не би чудо видяло”.
Говорете с близките, с роднините, с приятелите си:

нека на 12-и май направим чудо!

Нека изненадаме неприятно политическите инженери – физкултурници. Нека се явим и използваме правото си да гласуваме свободно.
Не се страхувайте от нищо, дори и от вашия собствен страх. Преодолейте го така, както преодолявате всичко ново, непознато, притеснително.
В тази битка ние – народът – няма какво да изгубим, а те – управляващите ни тикви – могат да загубят всичко, включително и свободата си!

CircleID

Are There Countries Whose Situations Worsened with the Arrival of the Internet?

Posted: April 20th, 2013, 2:18am WST by Philip N. Howard

Are there countries whose situations worsened with the arrival of the internet? I've been arguing that there are lots of examples of countries where technology diffusion has helped democratic institutions deepen. And there are several examples of countries where technology diffusion has been part of the story of rapid democratic transition. But there are no good examples of countries where technology diffusion has been high, and the dictators got nastier as a result.

Over twitter, Eric Schmidt, Google CEO, recently opined the same thing. Evgeny Morozov, professional naysayer, asked for a graph.

So here is a graph and a list. I used PolityIV's democratization scores from 2002 and 2011. I used the World Bank/ITU data on internet users. I merged the data and made a basic graph. On the vertical axis is the change in percent of a country's population online over the last decade. The horizontal axis reflects any change in the democratization score — any slide towards authoritarianism is represented by a negative number. For Morozov to be right, the top left corner of this graph needs to have some cases in it.

Change in Percentage Internet Users and Democracy Scores, By Country, 2002-2011
(Look at the Raw Data)

Are there any countries with high internet diffusion rates, where the regime got more authoritarian? The countries that would satisfy this condition should appear in the top left of the graph. Alas, the only candidates that might satisfy these two conditions are Iran, Fiji, and Venezuela. Over the last decade, the regimes governing these countries have become dramatically more authoritarian. Unfortunately for this claim, their technology diffusion rates are not particularly high.

This was a quick sketch, and much more could be done with this data. Some researchers don't like the PolityIV scores, and there are plenty of reasons to dislike the internet user numbers. Missing data could be imputed, and there may be more meaningful ways to compare over time. Some countries may have moved in one direction and then changed course, all within the last decade. Some only moved one or two points, and really just became slightly more or less democratic. But I've done that work too, without finding the cases Morozov wishes he had.

There are concerning stories of censorship and surveillance coming from many countries. Have the stories added up to dramatic authoritarian tendencies, or do they cancel out the benefits of having more and more civic engagement over digital media? Fancier graphic design might help bring home the punchline. There are still no good examples of countries with rapidly growing internet populations and increasingly authoritarian governments.
Written by Philip N. Howard, Professor in the Department of Communication at the University of Washington
Follow CircleID on Twitter
More under: Censorship, Internet Governance, Privacy
US Fibre Projects: Go-Aheads Omit the Major Telcos

Posted: April 20th, 2013, 12:58am WST by Henry Lancaster

As the recent Senate vote on gun reform legislation has shown (wherein 42 of the 45 dissenting senators had recently received donations from gun industry lobbyists), getting things done for the good of the people is a hard task where legislation is concerned. It has been thus with the US's broadband infrastructure for years.

A number of states have legislated against community broadband networks, often resulting from the lobbying efforts of the main telcos affected. State Legislatures commonly pass bills revoking local decision-making authorities from communities, effectively making them dependent on the dominant cableco and DSL provider. The National Institute on State Politics has made a clear connection between industry contributions to politicians and hamstrung bills restricting competition to these telcos.

Following the success of Google's FttH offering in Kansas City, the FCC has promoted the so-called 'Gigabit City Challenge', aimed at encouraging broadband providers and state and municipal officials to provide communities in each state with a 1Gb/s service by 2015.Yet alternatives to the major telcos is gaining ground. Following the success of Google's FttH offering in Kansas City, the FCC has promoted the so-called 'Gigabit City Challenge', aimed at encouraging broadband providers and state and municipal officials to provide communities in each state with a 1Gb/s service by 2015. These would serve as hubs for innovation, and act as regional drivers for economic growth. Thus far there are more than 40 gigabit communities in 14 states. As part of its support, the FCC is holding workshops on best practices to lower costs and develop greater efficiencies in building the networks. In tandem with municipal efforts, the GigU initiative has helped develop gigabit networks in a number of university campuses.

The prospect for increased municipal involvement has improved with Google's expansion of its 1Gb/s service to Austin, Texas and Provo, Utah, where (in a change from its other deployments) Google acquired an existing municipal fibre-optic system (iProvo, set up several years ago, palmed off to a series of investors and largely hobbled by difficulties which included restrictions imposed by the local telco). The network is currently connected to less than a third of premises, but the job will be completed by Google, which will also upgrade the network to be on a par with those in Kansas City and Austin. It is expected that the same subscriber offer will prevail: a 1Gb/s broadband service for $70 per month, with the option of TV for an additional fee, and with a Google Nexus 7 tablet thrown in. Free broadband at a scaled-down speed may also be provided if subscribers pay an installation fee.

Google has looked at partnering with other municipalities that would reach hundreds of thousands of people across the country.

Many of these municipalities, as well as rural communities, are either developing new schemes of looking anew at earlier schemes. New schemes include United Services' 'United Fiber' FttH network in rural Missouri, while Palo Alto is looking to rekindle its longstanding effort to build a citywide fiber network. In its earlier incarnation, the fiber project was hobbled by the economic crash which led to the withdrawal of a partnered consortium and the nervousness of the city fathers to subsidise the scheme. Yet the city by the end of 2013 is expected to have accumulated $17 million in its project fund. The mood has become far more favourable, partly due to the encouragement from developments elsewhere. If other cities can work on delivering FttP as a community service and economic driver, and as a side benefit provide free WiFi, then why can't we?

Despite the obstructionism of the main telcos in realising municipal and rural broadband schemes, the can-do attitude which the US is known for is encouraged by developments thus far, and the snowball effect will be harder for telcos to stop.
Written by Henry Lancaster, Senior Analysts at Paul Budde Communication
Follow CircleID on Twitter
More under: Access Providers, Broadband, Policy & Regulation, Telecom
Plural TLDs: Let's Stop Throwing Spanners in the Works!

Posted: April 19th, 2013, 11:54pm WST by Stéphane Van Gelder

I don't have strong religion on plural TLDs.

For that matter, I don't have strong feelings for or against closed generics either, an other new gTLD issue that has recently been discussed even though it is not mentioned in the rules new gTLD applicants had to rely on.

What I do care about is predictability of process.

Yet, as Beijing showed, the ICANN community has an uncanny ability to throw last-minute wrenches at its own Great Matter, as Cardinal Wolsey called Henry VIII's plan to divorce Catherine of Aragon.

And we should all remember that the new gTLD program is our own master plan. It is born out of the community's bottom-up process for developing policy. We all own it. We all sanctioned it when it came up through our community and was given a green light by the people we elected to represent us on the GNSO Council, the body responsible for making gTLD policy. So we should now all feel responsible for seeing it to fruition.

Impressed by governments

So can this issue of plural TLDs that came out of nowhere during the ICANN Beijing meeting week cause yet more delays to the Great Matter that is the new gTLD program?

First of all, I was surprised to see it mentioned in the GAC Communiqué which provides the ICANN Board with Advice on the new gTLD program as required by the program's Bible, the Applicant Guidebook. The GAC said it believes: "that singular and plural versions of the string as a TLD could lead to potential consumer confusion. Therefore the GAC advises the ICANN Board to (...) Reconsider its decision to allow singular and plural versions of the same strings."

For governments to react so quickly shows that they now have the pulse of what goes on outside their own circle like never before. I digress here, but I think this is an extremely important development we should all take great pride in. The government representatives that attend ICANN meetings are knowledgeable and engaged in the community they are part of in a way that is probably unique in the world of governance. The rest of us may not always agree with their decisions or opinions, but we cannot disagree with their level of commitment. To the point that individual GAC members coming straight out of a gruelling 8 days of meetings will not hesitate to stand up in the public forum and give voice to their own personal opinions only a few minutes after the GAC Beijing Communiqué was published. I am impressed.

But what about that advice? Will plural TLDs give rise to user confusion and should this debate even be opened at this time? And make no mistake, having GAC Advice on the matter is not the same as discussing it over coffee. Section 1.1.2.7 of the Applicant Guidebook is very clear: "If the Board receives GAC Advice on New gTLDs stating that it is the consensus of the GAC that a particular application should not proceed, this will create a strong presumption for the ICANN Board that the application should not be approved. If the Board does not act in accordance with this type of advice, it must provide rationale for doing so."

Stay the course

So will this advice from governments cause the new gTLD program to be delayed whilst its rules are rewritten for the umpteenth time? Not necessarily. ICANN is definitely learning fast these days. With a new business-oriented CEO to provide guidance on the importance of managing a project of this magnitude with some measure of predictability, the Board itself is showing increasing confidence to stay the course. ICANN Chairman Steve Crocker has said that as far as the ICANN Board is concerned, although the word of governments carries weight, it is not the be all and end all. "We have a carefully constructed multi-stakeholder process," Crocker explained in a video interview recorded at the end of the Beijing meeting. "We want very much to listen to governments, and we also want to make sure there's a balance."

That is reassuring. The Applicant Guidebook makes no mention of plural TLDs. Not one. These are the rules by which applicants have constructed their submissions for a TLD to ICANN. It is on the basis of this guidebook that they have defined their business models and done what ICANN itself was asking them to do: build a viable business and operational plan to operate a TLD.

The rules simply cannot be changed every couple of months. In what world is it OK to ask applicants to follow a process and then, once that process is closed, revisit it time and again and force change on those applicants? Would governments tolerate this in their own business dealings? Would those community members who call for rules revisions on a despairingly regular basis put up with it in their everyday commercial ventures?

So now governments have called upon the ICANN Board to act. But the Board always intended to keep TLD evaluations independent from those with interests in the outcomes. That is why evaluation panels were constituted, instead of getting ICANN Staff to evaluate applicants directly. And that is why we should not attempt to reopen and rearrange decisions of an expert panel basing its analysis on the program's only rulebook, the Applicant Guidebook as it stood when the new gTLD application window closed. After all, parties that disagree with panel outcomes have the objection process to address their concerns.

Singularity or plurality?

And anyway, is there really a case for prohibiting singular and plural TLDs? After all, singulars and plurals have always existed together at the second level and no-one ever took exception to that. Why is the fact that the domains car.com and cars.com are not owned and operated by the same entity less confusing to users than the equivalent singular/plural pair as a TLD? Wouldn't trying to limit the use of singular and plural TLDs amount to attempted content control and free speech limitations?

Isn't this call to limit singular and plural use just a very English-language centric view of the new gTLD world? Is it true that adding or taking away the letter "S" at the end of a string means going from a singular to a plural form in every language, for every alphabet, for every culture? And if not, then how can a level playing field be guaranteed for applicants and users alike if new rules are introduce that prohibit singular/plural use in languages and alphabets that the mostly English-speaking ICANN community understands, but the wider world is not suited to?

Can it really be argued that plurals are confusing, but phonetically similar strings aren't? Aren't we over-reaching if we try to convince anyone that .hotel, .hoteles, and .hoteis belong in the same contention set? And if that's true, why isn't it true for their second-level counterparts, like hotel.info, hoteles.info and hoteis.info?

As I've stated, I have no real preconceived opinion on the matter. So to try and form one, I am more than happy to listen to the people that have spent months, sometimes years, coming up with realistic ideas for new gTLDs. The applicants themselves.

Uniregistry's Frank Shilling thinks that "the GAC (while well-intentioned) has made an extraordinarily short-sighted mistake. For the entire new GTLD exercise to thrive in the very long run, the collective right-of-the-dot namespace simply must allow for the peaceful coexistence of singulars and plurals. There are words with dual meaning that will be affected, this will significantly and unnecessarily hem in future spectrum. Consumers expect singulars and plurals to peacefully coexist. If we want to move to a naming spectrum with tens of thousands of new G's in the future — a namespace which is easy, intuitive and useful for people to navigate, there is just no long term good that can come from setting such a poor precedent today."

Donuts, another new gTLD applicant, argues that the Applicant Guidebook sets an appropriately high threshold for string confusion as it is drafted now. Section 22112 of the Guidebook defines a standard for string confusion as being (text highlighted by me) "where a string so nearly resembles another visually that it is likely to deceive or cause confusion. For the likelihood of confusion to exist, it must be probable, not merely possible that confusion will arise in the mind of the average, reasonable Internet user. Mere association, in the sense that the string brings another string to mind, is insufficient to find a likelihood of confusion."

Donuts suggest that string similarity exists in today's namespace without leading to user confusion. ".BIZ and .BZ, or .COM and .CO or .CM, for example," says Donuts. "At first glance, association of these strings might suggest similarity, but reporting or evidence that they are visually or meaningfully similar clearly does not exist, and the standard of confusion probability is not met. By these examples, it is clearly difficult to confuse the average, reasonable Internet user. Broader Internet usage, growth in name space, and specificity in identity and expression are the foundation of the new gTLD program, and are suitable priorities for the community. In the interest of consumer choice and competition, multiple strings and the variety and opportunity they present to users should prevail over all but the near certainty of actual confusion."

Obviously, these quotes from applicants will have critics dismissing them just because they are from applicants. I can hear now saying "well they would say that, they want new gTLDs to come out asap." Right! And what's wrong with that? Why is it out of place for the people we, the community, have drawn into this through the policy development we approved, to want to get to the end point in a stable and predictable manner after they have invested so much time, effort and resources into this?

A professional ICANN is a strong ICANN

As usual with these calls for last-minute rule changes, we see the recurring argument that the rest of the world is watching ICANN and waiting for it to trip up and mess this up. And as usual, if we listen to those making this argument, the "this" is such a crucial issue that if it is ignored, the world as we know it may very well end. Really? Aren't ICANN critics more likely to be impressed by the organisation displaying an ability to properly project manage and get to the finish line? After having started a process which has brought in over $350 million in application fees, introduced the ICANN ecosystem to global entities, major companies and international organisations who are used to seeing rules being followed, after having shone the outside world's spotlight on itself like never before, wouldn't that be a real sign that ICANN deserves to be overseeing the Internet's namespace?

At this stage, with only a few weeks to go until ICANN declares itself in a position to approve the first TLD delegations, I contend that the real danger to the organisation is lack of predictability in the process being imposed by artificial limitations to the program's scope and rules.
Written by Stéphane Van Gelder, Chairman, STEPHANE VAN GELDER CONSULTING
Follow CircleID on Twitter
More under: Domain Names, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains
Video: Watch This Bufferbloat Demo and See How Much Faster Internet Access Could Be!

Posted: April 19th, 2013, 5:01am WST by Dan York

What if there was a relatively simple fix that could be applied to home WiFi routers, cable modems and other gateway devices that would dramatically speed up the Internet access through those devices? Many of us may have heard of the "bufferbloat" issue where buffering of packets causes latency and slower Internet connectivity, but at IETF 86 last month in Orlando I got a chance to see the problem with an excellent demonstration by Dave Täht as part of the "Bits-And-Bytes" session (as explained in the IETF blog).

My immediate reaction, as you'll hear in the video below, was "I WANT THIS!” We live at a time when it's easy to saturate home Internet connections… just think of a couple of people simultaneously streaming videos, downloading files or doing online gaming. To be able to gain the increase in web browsing speed you see in the video is something, that to me, needs to be deployed as soon as possible.

To that end, Dave Täht, Jim Gettys and a number of others have been documenting this problem — and associated solutions — at www.bufferbloat.net for some time now and that's a good place to start. If you are a vendor of home routers, cable modems or other Internet access devices, I would encourage you to look into how you can incorporate this in your device(s).

Meanwhile, enjoy the demonstrations and information in this video: (and for the truly impatient who just want to see the demo, you can advance to the 3:08 minute mark)

Written by Dan York, Author and Speaker on Internet technologies
Follow CircleID on Twitter
More under: Broadband, Web
Horse's Head in a Trademark Owner's Bed

Posted: April 19th, 2013, 1:12am WST by James Delaney

Recently, the Internet Corporation for Assigned Names and Numbers (ICANN) unveiled its Trademark Clearinghouse (TMCH), a tool it proposes will help fight trademark infringement relating to another of its new programs — generic top level domain (gTLD).

As Lafeber describes, criticism of ICANN's gTLD program and subsequent TMCH database is mounting. Skeptics have noted that given the significant cost of registering a gTLD — the application fee is $185,000 and subsequent annual fees are $25,000 — the program appears to be solely a cash cow, without adding much value to Internet users. In fact, Esther Dyson, ICANN's founding chairwoman, was quoted in August 2011 (during the nascent stages of the gTLD program's development) as saying:

"Handling the profusion of names and TLDs is a relatively simple problem for a computer, even though it will require extra work to redirect hundreds of new names (when someone types them in) back to the same old Web site. It will also create lots of work for lawyers, marketers of search-engine optimization, registries, and registrars. All of this will create jobs, but little extra value."

While the gTLD program lacks intrinsic value-added, and may in fact have anticompetitive effects given its exorbitant fees, I think there may be something more nefarious at play here. Essentially, ICANN has positioned itself as the Corleone family of the Internet space, making an offer no one can refuse. ICANN created a market in which individuals can launch new gTLDs, even using another's trademark-protected brand as their domain extension. Subsequently — and here's where the mafia-like "protection" arises — it has "offered" trademark owners the ability to head off infringements by either buying their gTLDs or receiving notification if an infringing gTLD is registered by another party.

Programs to monitor the use of one's brand in a domain name have long existed. The TMCH charges subscribers $95 to $150 annually to be notified of the registration of infringing gTLDs. Instead of extorting fees to be the watchdog for illegal activity ICANN itself facilitates, it could more ethically operate its gTLD program by mining publicly available government databases and instituting a freeze on registration of questionable domain names. Moreover, it could even provide a valuable service by offering a clearly defined resolution process for trademark disputes.

The gTLD-TMCH pairing is the proverbial horse's head in a trademark owner's bed.
Written by James Delaney, Chief Operating Officer at DMi Partners
Follow CircleID on Twitter
More under: Domain Names, ICANN, Policy & Regulation, Top-Level Domains
Massive Spam and Malware Campaign Following Boston Tragedy

Posted: April 18th, 2013, 7:48am WST by CircleID Reporter

On April 16th at 11:00pm GMT, the first of two botnets began a massive spam campaign to take advantage of the recent Boston tragedy. The spam messages claim to contain news concerning the Boston Marathon bombing, reports Craig Williams from Cisco. The spam messages contain a link to a site that claims to have videos of explosions from the attack. Simultaneously, links to these sites were posted as comments to various blogs.

The link directs users to a webpage that includes iframes that load content from several YouTube videos plus content from an attacker-controlled site. Reports indicate the attacker-controlled sites host malicious .jar files that can compromise vulnerable machines.

On April 17th, a second botnet began using a similar spam campaign. Instead of simply providing a link, the spam messages contained graphical HTML content claiming to be breaking news alerts from CNN.

Cisco became aware of a range of threats forming on April 15th when hundreds of domains related to the Boston tragedy were quickly registered. Regarding the botnet spam-specific threat – from a volume perspective – peaks approach 40% of all spam being sent. (Source: Cisco)
Follow CircleID on Twitter
More under: Malware, Security, Spam
Correlation Between Country Governance Regimes & Reputation of Their Internet Address Allocations

Posted: April 18th, 2013, 7:19am WST by kc claffy

[While getting his feet wet with D3, Bradley Huffaker (at CAIDA) finally tried this analysis tidbit that's been on his list for a while.]

We recently analyzed the reputation of a country's Internet (IPv4) addresses by examining the number of blacklisted IPv4 addresses that geolocate to a given country. We compared this indicator with two qualitative measures of each country's governance. We hypothesized that countries with more transparent, democratic governmental institutions would harbor a smaller fraction of misbehaving (blacklisted) hosts. The available data confirms this hypothesis. A similar correlation exists between perceived corruption and fraction of blacklisted IP addresses.

CAIDA's Country IP Reputation Graphs (Click to Enlarge)
See the interactive graph and analysis on the CAIDA website

For more details of data sources and analysis, see:
http://www.caida.org/research/policy/country-level-ip-reputation/
Written by kc claffy, Director, CAIDA and Adjunct Professor, UC, San Diego
Follow CircleID on Twitter
More under: Cyberattack, Cybercrime, IP Addressing, Policy & Regulation, Spam
Over 80 European Organizations Demand Protection for Net Neutrality

Posted: April 18th, 2013, 3:37am WST by CircleID Reporter

Today, more than 80 organizations, represented by The European Consumer Organization (BEUC) and European Digital Rights (EDRi), sent a letter [PDF] to the European Commission demanding the end of dangerous experimentation with the functioning of the Internet in Europe and the protection of the principles of openness and neutrality.

"The Internet's unique value is openness. The experimentation by certain European access providers with blocking, filtering and throttling of services creates borders in an online world whose key value is the absence of borders." explains Joe McNamee, Executive Director of EDRi. "This reckless experimentation will continue unless the European Commission puts a stop to it."
Follow CircleID on Twitter
More under: Access Providers, Net Neutrality, Policy & Regulation
Live Today - "IPv4 Exhaustion and the Path to IPv6" from INET Denver

Posted: April 18th, 2013, 1:26am WST by Dan York
If you are interested in the current state of IPv4 address exhaustion within North America as well as the current state of IPv6 deployment, there will be a live stream today, April 17, of the sessions happening at INET Denver starting at 1:00pm US Mountain Daylight Time (UTC-6). The event is subtitled "IPv4 Exhaustion and the Path to IPv6” and you can view the live stream at:

http://www.internetsociety.org/events/inet-denver/inet-denver-livestream

Sessions include:
- IPv4 Exhaustion Update
- IPv4 Exhaustion at ARIN
- Address Policy Workshop
- Evaluation of Current Transfer Market
- TCO of IPv6
- Internet Society Initiatives and How To Get Involved
The list of speakers includes people from ARIN, CableLabs, Internet Society, Time Warner Cable, Google and more.

It sounds like a great event and I'm looking forward to watching it remotely. It will be recorded so that you will be able to watch it later if you cannot view it live.
Written by Dan York, Author and Speaker on Internet technologies
Follow CircleID on Twitter
More under: Internet Protocol, IP Addressing, IPv6, Policy & Regulation
High-Performing Cloud Networks Are Critical to M2M Success

Posted: April 17th, 2013, 2:58am WST by Mariana Agache
Machine to machine (M2M) communications may not be new, but with the rapid deployment of embedded wireless technology in vehicles, appliances and electronics, it is becoming a force for service providers to reckon with as droves of businesses and consumers seek to reap its benefits. By 2020, the GSM Association (GSMA) predicts that there will be 24 billion connected devices worldwide, while Forrester predicts that mobile machine interactions will exceed the number of mobile human interactions more than 30 times. To ensure competitive advantage, service providers must invest in their networks to enable M2M services more quickly, economically, securely and assuredly.

The principle of M2M communications is straightforward. Sensors are installed on consumer or commercial hardware to transfer application-relevant information to other sensors and/or to a centralized storage facility. Using this information, complicated algorithms infer decisions relevant to the specific application, and are executed accordingly. While this is simple in theory, in-practice, it actually requires the construction of a complex network, with a clear path between devices and storage; the ability to store, process and analyze large amounts of data; and the ability to take action based on this intelligence.

As evidenced by recent reports, it's clear that the industry believes that cloud computing is becoming a viable service option for mission critical business applications. In a 2012 survey conducted by North Bridge Venture Partners, and sponsored by 39 cloud companies including Amazon Web Services, Rackspace, Eucalyptus, and Glasshouse, found a meager 3% considered adopting cloud services to be too risky — down from 11% the previous year. In addition, only 12% said the cloud platform was too immature, and that's down from 26% the year prior. This evolution of the computing industry towards cloud has enabled the storage of vast amounts of data from devices and also made the analysis of this data more feasible. In fact, Microsoft recently said that its Azure cloud has more than four trillion objects stored in it, a fourfold increase from a year before. Its Azure cloud averages 270,000 requests per second, while peaking at 880,000 requests per second during some months. The requests per second have increased almost threefold in the past year, a Microsoft official wrote in a blog post. As a comparison, Amazon Web Services said that just its Simple Storage Service (S3) holds 905 billion objects, and was growing at a rate of one billion objects per day, while handling an average of 650,000 requests per second. As cloud becomes the de facto model for M2M communications, M2M vendors must understand what it takes to enable secure and reliable transfer of information via that vehicle.

It is also important to note that M2M communications can be triggered by both planned and unplanned events. For example, in a smart grid application, smart meters can send information about electricity consumption to a centralized database at pre-scheduled times. Sensors can also be designed to react to unplanned events, such as extreme weather conditions, and trigger increased communication in a certain geography or location. As such, the network that connects these devices to each other, and to the cloud, has to perform in both instances, adapting to both forecasted increases in traffic and random spikes, with automatic, assured performance.

Cloud Infrastructure Requirements for M2M Communications

The network platform that enables M2M communications has multiple segments: the access segment (wireless radio or wireline-based), backhaul to the cloud and the cloud network.

Figure 1: Information from billions of sensors is captured in data centers for processing. Sensor data is transmitted over a wireless access network, mobile backhaul and core network to the data centers.

Sensor data travels to the cloud over wireless/radio or wireline access infrastructures. The aggregation network has to provide highly resilient, scalable and cost-effective backhaul either from mobile or wireline access to be effective. If not the case, M2M communications would be unreliable and many of the new-age applications could never be fully realized.

In order to enable cloud as a platform for M2M adoption, innovation and communication, the cloud has to serve as a high-performance computing platform, often referred to as an enterprise-grade or carrier-grade cloud. High-performance cloud networks need terabit-level connectivity to be able to withstand the projected volume of M2M traffic. These networks will require a provisioning tool so that administrators can allocate resources to where and when they are needed, and also ensure that network assets are available to support delivery of bandwidth-rich applications and services. And, finally, data centers and the cloud backbone need to function as a seamless, single network — a data center without walls — to optimize performance and economics.

Widespread availability of M2M technology has already spurred innovative use cases across different industries, such as: smart grid in energy/utilities; communication between various devices for security and industrial/building control; environmental monitoring; and many applications in the consumer domain ranging from retail to home appliance intelligence.

For example:
- In healthcare, mobile platforms can be connected wirelessly to a patient's body or garments for doctors to observe glucose, blood pressure, temperature, EKG and imaging data to alert staff to any abnormalities without the patient having to be checked into the hospital.
- Innovative "green" solutions including, solar-powered, wireless parking meters that allow credit card payments to a web-based irrigation control system, which protects the environment and saves money and time for businesses and consumers.
- Fleet management specialists can optimize fleet performance through integrating GPS capability, vehicle diagnostics and wireless communications to provide real-time field status information, including current location and diagnostics alerts. Fleet managers are able to monitor and manage driving behavior to improve safety and reduce risk, as well as log drivers' hours to ensure they comply with regulations.
Keys to success

To foster adoption of M2M-enabled technology, initiatives such as GSMA's Connected Life regularly bring together thought leaders within the M2M ecosystem to share their insights to help increase availability of anywhere, anytime connectivity.

The successful adoption of M2M depends on the maturity of multiple elements in the ecosystem, including the wireless technology and business system; the network connectivity that connects the machines and sensors to the cloud; the cloud computing platform; and the software applications that translate the huge amount of data into useful intelligence.

To build an enterprise or carrier-grade cloud platform that can support the projected volume of M2M traffic, the underlying network that connects enterprise data centers, and data centers to the cloud, has to be reliable, high-performing, connection-oriented and have low latency. It must be responsive and integrated into the cloud ecosystem to satisfy connectivity requirements of storage and compute cloud subsystems. It must also enable elastic/liquid bandwidth to ensure the performance and economic benefits of the cloud are realized. Carrier-class network infrastructure — with the ability to scale to 100G today and terabit capacities in the future and with multiple levels of resiliency enabled by an intelligent control plane — will be critical to enabling these cloud networks.
Written by Mariana Agache, Director of Service Provider Industry Marketing at Ciena
Follow CircleID on Twitter
More under: Cloud Computing
What's the Best IPv6 Transition Option for You?

Posted: April 17th, 2013, 1:58am WST by Stephane Bourque
After decades of talk, the time for IPv6 has finally arrived. There are several transition options available, but whatever approach you choose, the challenge will be to make sure that your subscribers don't experience a reduction in quality of service.

IPv4 is likely to co-exist with IPv6 for some time, so a native dual-stack migration strategy will be the best transition option for most providers. Dual-stack mode allows both IPv4 and IPv6 to run simultaneously over the network, which lets end-user devices communicate via whichever protocol they are equipped for. With dual-stack mode, there is no disruption to the service if a client requests an IPv4 address. Clients that receive both an IPv4 and IPv6 address will prefer to access the IPv6 network, if it's available. The DNS can determine whether the service is reachable over IPv6 or whether to fall back to IPv4.

Of course, dual-stack provisioning isn't perfect. Service disruptions can occur if you don't have enough IPv4 addresses to hand out to new subscribers. This is because dual-stack systems require devices to have both an IPv4 and IPv6 address. If this is a problem for you, it may be possible to use a tunneling technique or network address translation (NAT).

NAT, however, comes with its own set of problems, including:
- Impaired quality of service for internal and external systems
- Increased network complexity and fragmentation
- Security concerns when multiple subscribers share a single, public IPv4 address
- Difficulty with law enforcement compliance
Despite these issues, you may find it difficult to implement native dual-stack mode without NAT if you continue to delay your IPv6 preparations. The sooner that you can begin handing out IPv6 addresses to new customers, the sooner you will be able to store IPv4 resources to provide addresses to older subscriber devices. This means you need to start your IPv6 preparations now — even if you still have plenty of IPv4 resources.

If you're interested in learning more about dual-stack migration or want to explore other transition options, download our free ebook: IPv6 eBook Series: Migration.
Written by Stephane Bourque, Founder, CEO and President at Incognito Software
Follow CircleID on Twitter
More under: IP Addressing, IPv6
ICANN gTLDs: When Names Are Borrowed from an Atlas

Posted: April 16th, 2013, 11:17pm WST by Naseem Javed

When names are borrowed from an Atlas, things happen. Use of Geographic names have always caused some problems for two reasons; one they are in the public domain so anyone else can use them and two they connote that business is confined to just that geographic area. Like Paris Bakery, Waterloo Furniture or London Bank. Geographic naming was the biggest thing during last couple of centuries, as using name of a village or a city as a moniker was considered being on top of the hill. The sudden worldwide expansion of markets due to ease of communications in the early Computer Society created a massive exit of businesses from geographical names.

Back in 1985, ABC Namebank conducted a major study of all of the corporate names listed in Fortune 500. Starting from the first ever list of 500 published in 1955 all the way to 1985 and concluded by this 30 year by year comparison that why most corporations replaced geographic names with appropriately border-less names to reach an international audience.

Amazon as a brand name for online book retailer is the largest and most successful. At this stage, it's not important where and why that business name was chosen; originally from ancient Greece for big breasted female warriors, or the Amazon River, the fact remains it's now a geographical name in public domain. So who should get the super power gTLD dot.amazon, the book store or the region of Amazon in Brazil? Names borrowed from the Atlas often face sudden crossroads.

ICANN gTLD name evaluations policy has only two clear options; either follow the proven rules of trademark registrability or follow the first-come, first-served 'lawless' rule of early domain name registrations.

To go granular on this early lawless domain name approval system, let's clarify two things: if the 'no questions asked' and 'first-come, first-served' original policy created massive domain name expansion, did it also not create some 25 thousand of UDRPs conflict resolution proceedings and also created a multi-billion dollar defensive name registration industry? Who are the real beneficiaries of such lawless registrations? When a legit multi-billion dollar company buys a name for a business, say ibm.com the same system allows a kid to buy myibm.com, next in line. Is this a way to earn few dollars on a sale or is it a plan to fuel massive global litigation and speculative markets on Intellectual Properties? Under this lawless thinking trademark system would have collapsed couple centuries ago. Now let's fast forward.

Name-centricity clashes with global branding

"A complete breakdown of the domain name registration system, a type of anarchy on the Internet, as allowing anybody to register anything. Registrars throw up the towels. Trademark offices threaten to shut down. Intellectual property becomes public domain. The part-time guy at the local Pizza Hut answers the phone "Hello this is IBM — how can I help you" Battalions of lawyers will band around the word, declaring war on each other, and forcing conflicting points of views in endless battles will win trademarks. This war, would be a great windfall for the profession, as monthly billings would only become perpetual ones." —Excerpted from Domain Wars, by Naseem Javed, Linkbridge Publishing 1999.

Back to gTLDs, on another example; if ICANN approves the name for the athletic brand Patagonia, already objected by the Region of Patagonia of South America, it will cause serious damage to the credibility of a gTLD ownership. Once it's cracked there will be no end as every tenth gTLD name poses special conflicting issues and giving in would chip away gTLD quality.

If, on the other hand, ICANN recognizes geographic gTLDs as rightly belonging to the locals and regions, it will send a shock-wave to all the global name brands with words borrowed from the atlas.

There are at least 10% very tough name approval decisions in the big list of 1930 pending applications. If this alone does not place ICANN in the eye of a storm of naming complexity than where else is it headed? ICANN is now approaching the crossroads where the seriousness and fairness of the usage of names under trademark laws must be clearly declared or it will crack the gTLD program where litigious and hyper-defensive registration mechanisms suck out the positive energy. The Trademark clearing house without such clarity and direction is poised to become the Achilles Heels on the gTLD battlefield.

ICANN slowly approaches the crossroads and so are the global brands with borrowed words from the atlas but still both sides need good maps.
Written by Naseem Javed, Expert: Global Naming Complexities, Corporate Nomenclature, Image & Branding
Follow CircleID on Twitter
More under: Domain Names, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains
China and the United States Agree on Forming Joint Cybersecurity Working Group

Posted: April 16th, 2013, 1:10am WST by CircleID Reporter

China and the United States will set up a working group on cybersecurity, U.S. Secretary of State John Kerry said on Saturday, as the two sides moved to ease months of tensions and mutual accusations of hacking and Internet theft. Speaking to reporters in Beijing during a visit to China, Kerry said the United States and China had agreed on the need to speed up action on cyber security, an area that Washington says is its top national security concern.
Read full story: Reuters
Follow CircleID on Twitter
More under: Cyberattack, Cybercrime, Internet Governance, Security
Fourth Round of Initial Evaluation Results for New TLDs

Posted: April 15th, 2013, 11:58pm WST by CircleID Reporter

Mary Iqbal writes to report that ICANN has released the fourth round of Initial Evaluation results, bringing the total number of applications that have passed the Initial Evaluation phase to 131. ICANN is targeting completing Initial Evaluation for all applicants by August 2013. To learn more, see http://www.getnewtlds.com/news/Third-Round-of-Initial-Evaluations.aspx.

Follow CircleID on Twitter
More under: ICANN, Top-Level Domains

Veni Markovski - The Blog

Тумор в МВР!

Posted: April 15th, 2013, 9:19pm WST by Veni Markovski | Вени Марковски
ОТ БГНЕС

Не само Цветанов е виновен за подслушването, а и Борисов

„Цветанов е тумор за правосъдието; ако някой все още не го е разбрал, след разкритията на прокуратурата едва ли ще се съмнява в това“

Сега политиците ще яхнат (и с право!) разследването на прокуратурата по отношение на незаконното подслушване от страна на МВР. Ние предупредихме, че подобно нещо ще се случи още в началото на управлението на ГЕРБ, когато Народното събрание прие промените в Закона за електронните съобщения, с които даде право на милицията (някак си не върви да я наричаме полиция, нали?) – този репресивен орган на държавната власт – да следи комуникациите в Интернет без контрол.
Но все пак този скандал е нещо напълно естествено. Спомняте ли си с каква наслада Цветанов чете в Парламента (!) разпечатки от СРС-та и как обвини български лекари за убийци! Не знам дали си давате сметка, че единственият друг политик, отправил подобно несправедливо обвинение срещу български медици в най-новата ни история е… Муамар Кадафи?!
Цветанов трябва да бъде гонен не само заради подслушването на политици, бизнесмени и обикновени граждани – нещо, за което аз, а и мнозина други експерти сме писали и говорили публично.

Цветанов трябва да бъде изгонен позорно от политиката и от обществения живот дори само заради едно-единствено нещо, че

като министър обвини лекари за убийци.

Направи го умишлено, преднамерено, с присъщия му цинизъм и удовлетворение, че е свършил нещо хубаво. Така са действали Берия и Вишински, по времето на Сталин. Покойният либийски ръководител си беше башка луд, а и търсеше начин да спечели нещо от цялата параноя около нашите медици в Либия. Не го оправдавам, но нали не искате пък вие да оправдаете Цветанов с това, че е невменяем? Представяте ли си – човекът, «получил» признанието на братските служби, ходил на срещи с премиери и министри по целия свят и изведнъж – невменяем? Не става!
Прочетете стенограмата от Парламентарното заседание, в което той запозна цялата страна с начина на работа на МВР – незаконно подслушване на лекари (едва ли някой си спомня, че лекарите не бяха подслушвани, защото са замисляли престъплението, в което ги обвини министърът?), обвинения, отправени от най-високата трибуна на страната. И… липса на каквато и да е отговорност за постъпките.

Дори и да е било законно, това четене на СРС-та е абсолютно неморално. Цветанов обаче прилича на човек, който няма морална ценностна система. Какво да кажем за морала на човек, който с готовност натопи родителите на съпругата си, когато му се наложи да оправдава огромните си и все още необясними доходи, с които е купил прословутите 6 апартамента?

Цветанов е зло, което не бива да се връща във властта под никаква форма.

Само вижте как започва този нещастник изложението си пред депутатите:

“…Много ще Ви моля за в бъдеще – нека да се придържаме към нормални етични норми на поведение, защото сами разбирате, че има разследвания, които не могат да бъдат оповестявани, информация, свързана с разследването, което тече по дадени криминални случаи.
Молбата ми е към вас, защото все пак всички ние като представители както на изпълнителната, така и като представители на законодателната власт, трябва не да говорим за полицейщина в страната, а всички да се стремим към гарантиране правовия ред и към това – който нарушава законите на страната да понесе своята отговорност за това, което е направил и е причинил.
Искам да бъда съвсем ясен и конкретен в това, което ще ви прочета. Това са разговори от досъдебното производство, които касаят дейността на тези доктори, които казаха, че са били задържани и че вървим към полицейщина спрямо българските лекари.
Няма българин, който да не се нуждае от професионализма на лекарите. Няма българин, който да не оценява това, което правят българските лекари, но всичко това минава през призмата на разбирането, че всеки един от тях трябва да се придържа към Хипократовата клетва и всеки един трябва да проявява максимален професионализъм и това, че трябва да дава всичко от себе си, за да запази живота и да даде шанс на всеки един новороден живот….”

Кажете, нормално ли е човек, който може да изговори нещата, да обяви лекарите за убийци, след това спокойно да се прибере в един от шестте си апартамента, да се нахрани и да заспи като къпан?
Но тези негови думи показват и още нещо – че той самият никога не си е мислел, че ще бъдат използвани срещу него. Всеки министър се мисли за вечен, но някои доказват, че единственото вечно нещо е човешката глупост. Твърди се, че Айнщайн бил казал, че две неща са безкрайни – Вселената и човешката глупост и той не бил сигурен за първото. С поведението си Цецерон доказа, че Айнщайн е прав.

Неговото министерстване – противно на мнението на някои служители на МВР – бе катастрофално за държавността. Желанието му (описано под лозунга: акция – картинка, т.е. провеждат акция, снимат «престъпниците» и им провалят живота) да правораздава показва, че УНСС трябва спешно да закрие следдипломните си курсове по право или поне да не допуска до тях задочници по физкултура от ВИФ. Непознаването на правната материя е едно – и то може да бъде извинено, дори и за министър на вътрешните работи. Но злоупотребата с право, когато гордо си окичил в биографията си, че си учил право, трябва да се наказва с цялата строгост на закона. За съжаление, подозирам, че нашият закон няма да накаже Цвинокио достатъчно. Затова единственото, което можем да направим като хора е да го накажем ние. На изборите. Както е казал поетът:
Само така можем да излекуваме тумора и да се опитаме да спасим и малкото останало достойнство на МВР. Защото там покрай нарушителите на закона работят и читави хора, които със сигурност виждат какво става и се опитват да се съпротивляват – анонимното писмо до Станишев го доказва. Но и те са подложени под натиска на неправилно поставения от Цветанов избор «Свобода или сигурност». Т.е., за да има сигурност, трябва да лишат гражданите от някои техни свободи, сред които е и неприкосновеността на комуникациите. Само че Цветанов явно не е чел достатъчно, за да знае, че рано или късно всички инсинуации, манипулации и фалшификации излизат наяве. В този конкретен случай е по-скоро рано, отколкото късно, но все пак

окончателното разчистване на авгиевите обори ще се извърши на 12-и май.

От нас, гражданите. От това как гласуваме, ще стане ясно дали България се е преборила с раковото заболяване или ще продължи да боледува.

IGP Blog

An Internet ‘free from Government Control:’ A worthy principle

Posted: April 15th, 2013, 2:14am WST by Milton Mueller

On Wednesday, April 10, a bill “to Affirm the Policy of the United States Regarding Internet Governance” was marked up in the U.S. House of Representatives. The bill is an attempt to put a formal policy statement into statute law. The effective part says simply: It is the policy of the United States to promote [...]

Veni Markovski - The Blog

Чудовищно обвинение: Според Бойко Борисов пенсионерите са изхарчили фискалния резерв!!?

Posted: April 14th, 2013, 5:58am WST by Veni Markovski | Вени Марковски
Понеже няма олио
и хлябът е от мъката по-чер
Един е лозунгът:
“Всеки друг, но не и ГЕРБ”

Мислех, че не съм разбрал правилно (пък и самият Бойко нали опроверга казаното от самия него), но изгледах и видеото.
Оказа се, че нещата са значително по-гнусни и отвратителни, отколкото предадоха медиите вчера. Нищо чудно, като се има предвид, че медиите вече четири години са с хомоти.
Няма да се спирам на това как разкритикува режима на Живков, за който самият той беше казал (прочетете материала на Иван Бакалов!), че 1 % от него да бил постигнал, пак добре.

Няма да се спирам и на това как се сърди, че на последното заседание на кабинета Станишев били вдигали пенсиите, а как самият Борисов вдигна пенсиите от 1-ви април – точно по същия начин.

Между другото – знаете ли с колко са вдигнати пенсиите тогава? Забравили сте, нали? Да ви припомня: с 9 (девет) процента! САМО! Човек като слуша Бойко, си мисли, че увеличението трябва да е било поне със 100 %. Социалната пенсия от 92,53 лв. става на.. 100,86 лв. Не се шегувам!

Защото

Бойко явно си мисли, че ние сме идиоти като тиквите около него

и няма да се сетим да го попитаме нещо, което нито един журналист не смее да му зададе като въпрос:
Аз ще ви кажа с какво е по-хубаво: с това, че пенсионерите ще получат първите увеличени пенсии преди изборите на 12-и май.

Докато Станишев, който явно не си е правил такива сметки, а е гледал какво има в хазната (не е случайно, че Орешарски е кандидатът на левицата за премиер!), ги е вдигнал от 1-ви юли, а изборите бяха на 5-и юли, т.е. преди който и да е от пенсионерите да е видял увеличението. Но това е разбираемо за нас, които мислим, а не за тиквите, които говорят без да мислят.

Бойко твърди, че “4 милиарда от фискалния резерв заминаха в увеличението на пенсиите. Елементарна е сметката”.

Прав е, елементарна е, но само за човек, който е решил, че фискалният резерв е нещо, което е получил наготово, за негово собствено харчене – така, както си пожелае. Всъщност, гледайки решенията на правителството – а на практика едва ли някой се съмнява, че това не са тъкмо Бойковите решения – човек може да се замисли, че май е по-добре, дето пенсионерите получиха увеличението си преди Борисов да стане премиер. Нали се сещате, че след като се жалва толкова много, че е трябвало да ги плаща, значи той е нямало и да ги вдигне. По същия начин, по който ги вдигна едва тогава, когато някой друг ще ги плаща.

Но сметката, за която той твърди, че е елементарна, всъщност може да се окаже доста по-сложна. Според Борисов добавянето на 9 % към всички пенсии води до 1 млрд. лева годишно повече за пенсии. Разбира се, фискалният резерв беше 8 милиарда лева, така че останалите четири явно са се изгубили някъде, защото Бойко не говори за тях – ама хич. Но ако 9 % са равни 1 милиард годишно, значи общите разходи за пенсиите е трябвало да бъдат (преди увеличението) 11 милиарда лева. Само че според НОИ за пенсии, след увеличението, се плащат общо 6,98 милиарда лева. Следователно Борисов просто… лъже. Или сметката не е толкова елементарна, че да може да я сметне.

Но цинизмът е още по-голям: това не са пари на Бойко, че той да казва за какво да се харчат. Парите са за нашите майки и татковци, баби и дядовци. Това са парите, които всички ние сме решили, че трябва да се отпускат всеки месец, за да могат по-възрастните от нас да оцелеят. Разбира се, че става дума само за оцеляване, а не за достоен живот.

Но ето, такъв е резултатът от управлението на Борисов и Цветанов –

изчезна като яко дим прогласената от депутатите от Великото народно събрание “решимост да създадем демократична, правова и социална държава”.

Понеже държавата ни не е нито правова, нито демократична, се оказва, че не може да бъде и социална – според Борисов, защото това било харчене на парите от фискалния резерв.

Този цветан на мисълта изобщо не се и замисля, че парите във фискалния резерв не са се появили с някаква магия. Това са т.нар. бели пари за черни дни. И използването им тъкмо за подпомагането на най-онеправданите е не само желателно, но и задължително – по това се различаваме от хищниците, нали:

не убиваме старите и болните, а се грижим за тях!

Но за Бойко такива грижи изглежда няма!
Не вярвам, че нормален човек е способен на подобно отношение към родителите си!

Не вярвам, че министрите на Борисов не са знаели и все още не знаят, че пенсионерите в страната изнемогват и разчитат на щедростта на децата си.

Не всеки има родители като съпругата на Цветанов, които да могат да подпомогнат зетя или детето си с пари за 5-6 апартамента.

Ако тези хора не са знаели, че пенсионерите гладуват, значи не им е било мястото в състава на Министерски съвет. Ако пък са знаели, но са мълчали, значи са съучастници в престъпленията на властта.

И затова пак ви призовавам – мислете ПРЕДИ да гласувате, а не след това!

Понеже няма олио
и хлябът е от мъката по-чер
Един е лозунгът:
“Всеки друг, но не и ГЕРБ”

IGFWatch news

My proposal to the CSTD Working Group on Enhanced Cooperation

Posted: April 13th, 2013, 10:04pm WST

I was shortlisted though not ultimately selected for the CSTD's Working Group on Enhanced Cooperation, but I intend to participate an an observer and by feeding ideas to the civil society representatives who were selected, through a new Best Bits working group.

CircleID

SPECIAL: Updates from the ICANN Meetings in Beijing

Posted: April 13th, 2013, 1:43am WST by CircleID Reporter

CircleID, once again, in collaboration with the team from Dyn Inc. and ICANN Wiki, brings you video blogs and updates from the 46th ICANN meeting in Beijing, China (7-11 April 2013).

Stay tuned as we keep this page updated through out the meetings.

Comments and questions? Please post them below in the comment section of the page or send us an email.

* * *

Update / Apr 12, 2013 — Ray King of ICANNWiki talked with Ben Crawford, CEO of CentralNic.

Update / Apr 12, 2013 — Dyn's Rich Peterson talked with UNH School of Law's Mary Wong.

Update / Apr 12, 2013 — As part of our ICANN 46 coverage, Ray King of ICANNWiki chats with Chuck Gomes, a member of the Registries Stakeholder Group.

Brought to you in partnership with Dyn Inc and ICANN Wiki. Please add your feedback and suggestions using the comment form provided on this page or contact us directly.

Video Coverage of past ICANN meetings:
ICANN 44 Meetings in Toronto
ICANN 44 Meetings in Prague
ICANN 43 Meetings in Costa Rica
ICANN 42 Meetings in Dakar
ICANN 41 Meetings in Singapore
ICANN 38 Meetings in Brussels
ICANN 37 in Nairobi, Kenya
ICANN 36 in Seoul, South Korea
ICANN 35 in Sydney, Australia
ICANN 34 in Mexico City
Follow CircleID on Twitter
More under: Domain Names, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains
DNS Bug Disclosure: ICANN Releases New Guidelines

Posted: April 12th, 2013, 7:01am WST by Evan Daniels

The Internet Corporation for Assigned Names and Numbers (ICANN) has released new guidance concerning the reporting and disclosure of bugs that affect the Domain Name System, including information of how ICANN itself will behave in response to vulnerabilities.

Until recently, ICANN, which is responsible for maintaining the root domain servers at the heart of the DNS system, had no specific guidelines for the reporting of vulnerabilities, leaving responsible disclosure protocols up to the researchers who discovered the bugs. With the release of the Coordinated Vulnerability Disclosure Reporting [PDF] document they hope to instigate a more unified and consistent process for disclosure.

The guidelines are intended to:

"define the role ICANN will perform in circumstances where vulnerabilities are reported and ICANN determines that the security, stability or resiliency of the DNS is exploited or threatened. The guidelines also explain how a party, described as a reporter, should disclose information on a vulnerability discovered in a system or network operated by ICANN."

The document outlines procedures that ICANN will follow in various roles, including as an affected party, where the vulnerability directly impacts ICANN's operations; as a reporter, when ICANN researchers discover vulnerabilities; and as a coordinating party.

Security vulnerability reporting is a controversial topic, with some researchers advocating immediate full disclosure, and others opting for responsible disclosure where vendors and stakeholders are notified privately before a full release is made only following the patching of relevant software. There is also a thriving black market for security vulnerabilities, where the information is disclosed only to the highest bidder for use in hacking attacks.

As an essential and ubiquitous part of Internet's infrastructure, the security of the Domain Name System is of particular interest to hackers and those engaged in industrial or state-sponsored espionage. ICANN is advocating a system of responsible disclosure with ICANN itself acting as a coordinator in some cases. Bugs that impact DNS can be reported directly to ICANN, who will then inform affected vendors or service providers.

Public disclosure is strongly discouraged until vendors have been informed of the vulnerability and have fixes in place. However, the methodology recommended by ICANN makes it clear that in the case of vendors who fail to respond to attempts at coordination, researchers may choose to disclose vulnerabilities.

None of these recommendations is binding, and researchers are still free to choose how to react to discovered vulnerabilities. However, the creation of these guidelines is a positive move towards a unified and coordinated system for handling security vulnerabilities in the DNS.
Written by Evan Daniels
Follow CircleID on Twitter
More under: DNS, ICANN, Security

Regulation Watch Feed

WSIS+10: the self-praising feast of multi-stakeholderism in internet governance

Posted: April 12th, 2013, 6:20am WST by Francesca Musiani
The World Summit on the Information Society (WSIS), two United Nations-sponsored conferences about information, communication and the establishment of a 21st century “information society”, took place in 2003 in Geneva and in 2005 in Tunis. “We, the representatives of the peoples of the world, assembled in Geneva [...] declare our common desire and commitment to build a people-centred, inclusive and development-oriented Information Society [1],” began the Geneva Declaration of Principles, one of WSIS’ founding documents, setting the foundations for a “multi-stakeholder” approach to global governance of information and communication technologies (ICTs).

Ten years after the Geneva meeting, the first review meeting of the Summit, nicknamed WSIS +10, was held in February 2013 at the United Nations Educational, Scientific and Cultural Organization (UNESCO) headquarters in Paris, France. UNESCO Director General Irina Bokova inaugurated the meeting with the following words: “New technologies are opening tremendous possibilities for mutual understanding, for creating and sharing knowledge – everyone, everywhere, should have the skills and opportunities to participate in building this inclusive, knowledge society[2].” With the exception of the shift from “information society” to “knowledge society”, a change we will come back to later in the article, not a lot appears to have changed content-wise in the ten years of existence of the WSIS process. Nonetheless, the WSIS+10 review meeting has provided an interesting occasion for scholars of internet governance arrangements like this author, who has started her career as a researcher investigating the WSIS process and its offspring, the Internet Governance Forum (IGF). It has been an occasion to assess, with more knowledge and experience at our disposal, the present state of what was ten years ago – and still is – a set of experimental formats, procedures and processes for the governance of ICTs, seeking to reunite the private sector, governments and inter-governmental institutions, and civil society, under the auspices of “multi-stakeholderism”.
WSIS, the landmark for multi-stakeholderism in internet governance
Arguably, the WSIS can be considered the first large-scale instance of the multi-stakeholder doctrine’s application to the governance of ICTs. As defined by the Earth Summit Forum in 2002, multi-stakeholder processes “aim to bring together all major stakeholders [in a complex issue] in a new form of communication, decision-finding (and possibly decision-making) on a particular issue. They are also based on recognition of the importance of achieving equity and accountability [and] on democratic principles of transparency and participation, and aim to develop partnerships and strengthened networks between stakeholders [3].” The requirement that internet governance should be conducted according to multi-stakeholder principles was first stated at the WSIS summit, “arguably setting a new norm of customary international law [and marking] a departure from the earlier prevailing norm—expressed even by some governments (most notably the United States) — that internet governance was predominantly a private sector responsibility[4].”

WSIS’s “summit” status (thus, not that of a permanent intergovernmental organisation), only enabled it to make recommendations crafted by consensus. However, because of the novelty of its approach and the vocabulary used to convey the urgency of addressing ICT issues in the global political arena, WSIS is widely regarded as having introduced, in the first half of the 2000s, a shift in the understanding and the appropriations of ICT-related changes and the development of the internet. In terms of procedures, the entry into the discussions of organised civil society was noteworthy, and was considered by many as the first instance in which this relevant stakeholder for the future of ICTs had reclaimed its right to be heard (and even listened to!), alongside governments and private companies. In regard to internet governance, the most notable outcome of the WSIS process was the creation of the WGIG, the Working group on internet governance, and eventually, the Internet Governance Forum – both entities embodying the principle of multi-stakeholderism, albeit in different ways.
WGIG and the Internet Governance Forum
The WGIG, a multi-stakeholder group itself, which had among its mandates the development of a “working definition of Internet governance[5]”, further detailed the definition of multi-stakeholderism during its proceedings, identifying three main groups of actors and actions that they found to be particularly suited for policy development. Governments fit the “coordination and implementation” of public policy; the private sector’s role expands beyond the “technical and economic fields” that the Geneva Declaration of Principles had talked about, to participate in the development of policy proposals. Finally, civil society’s role is to engage in, and contribute to, “policy processes and policies that are more bottom-up, people-centred and inclusive[6]”. In addition to producing the above-mentioned working definition of internet governance, which is still one of the most widely agreed upon and, which sets that “Internet governance is the development and application by governments, the private sector, and civil society, in their respective roles, of shared principles, norms, rules, decision making procedures and programmes, that shape the evolution and utilization of the Internet[7]”, the WGIG further detailed that internet governance included, as well, important issues related to global politics, such as critical internet resources, security and safety of the global network, and issues related to its development and use. The implication that these critical issues, primarily technical but with important political implications, should fall under the multi-stakeholder approach, was not exempt from controversy – especially when, noting that “no global multi-stakeholder forum [existed] to address Internet-related public policy issues[8],” the WGIG report proposed the creation of a multi-stakeholder IGF linked to the United Nations. The establishment of the IGF, whose first meeting was held in Athens, Greece in 2006[9], can still be considered as one of the most prominent outcomes of the early WSIS processes. The Forum has since then met six other times, the last being Baku, Azerbaijan in 2012[10], and has seen its mandate renewed after the fifth meeting. The renewal of the mandate has been approved despite very tepid assessments by some governments, China first and foremost, of what the multi-stakeholder approach has been capable to achieve beyond its alluring label [11]. A detailed discussion of the controversial appraisals of the IGF would go beyond the scope of this article, but will be the subject of a future one.
WSIS+10: the multi-stakeholder feast of non-binding recommendations
Several UN instances left their stamp on the WSIS process - but coming from different standpoints and promoting different ideas. The organisation of the WSIS was assigned in 2003 and 2005 to the International Telecommunication Union (ITU), a UN agency of technical standardisation for the telecommunications sector, gathering states and private entities. In this context, the UNESCO - at the time a competing UN agency, more open to civil society participation and focused on “soft” themes of education, empowerment and communication rights - had maintained a low-profile, highlighting the limitations of the concept of “information society”, widespread at the time, preferring to speak of “knowledge society”.

Ten years later, for the recent WSIS+10 meeting in Paris, UNESCO’s wish has been granted as, taking the lead in the organisation of WSIS’s ten-year review meeting, the Organisation set the official theme of the gathering as “Towards Knowledge Societies for Peace and Sustainable Development”, aimed at surpassing the emphasis placed on information itself, and going on to address aspects related to its structure, organisation and circulation. The final intended outcome of the meeting? A UNESCO statement, “Information and Knowledge for All an Expanded Vision and a Renewed Commitment”, that would incorporate inputs from all parallel sessions, with the idea to inform and contribute to the WSIS review process. The major events in this process will be an evaluation in 2014, coordinated by the ITU, and the final review by the UN General Assembly, in 2015. The WSIS+10 participants’ input to this process would take the form of “a non-binding recommendation grounded on a broad multistakeholder support[12]”.
Highs and lows of the WSIS +10
Proceedings opened on February 25, 2013, and in the UNESCO headquarters’ hallways, conversations between a few academics that had witnessed with interest the beginnings of the WSIS/IGF process (and a few that, like this author, were born as researchers by witnessing them) revealed curiosity and expectation vis-à-vis both the content and the format of the meeting.

In particular at the end of the first, very formal day, the sensation of living a solemn moment could not prevent this author and her colleague[13] from feeling that they were simply been brought ten years back, when WSIS discourses were unveiling a somewhat naïve penchant for the digital as the vector of all utopias and hopes. The plenary sessions contributed to this impression, as well as the so-called “high-level debates”, a misleading label actually indicating declarations by government officials, representatives of the private sector and organised civil society following one another’s steps on the stage, with no time for questions and answers among them, or by the audience.

Columbia University professor Jeffrey Sachs’ keynote introductory speech, about the necessity to bridge the inequalities of current ICT development, did little to mitigate this impression of déjà-vu, by repeatedly hammering the “digital revolution” label on the UNESCO Auditorium attendees. Even commentators more optimist about the overall relevance and usefulness of this gathering, like Humanity in Action Fellow Amy Hong – whose assessment is that WSIS+10 “drove home several central messages about the impact of information and communication technologies on our everyday lives and on our future prospects as a global society of interconnected citizens, […and] helped explore is the progress the world has made in the last decade” – note that the meeting was “heavy on buzzwords such as ‘the mobile revolution’ and ‘digital native’”[14].

Those delegates hoping for a more determined entrance into a renewed debate, where the diversity of the multi-stakeholder gathering could be fully leveraged, had some partial satisfaction during the next two days of the meeting, 26 and 27 February 2013, when dozens of parallel sessions took place to illustrate the hopes contained in ICTs, but also the challenges they bring about. Multilingualism, cultural and linguistic diversity, the promotion of freedom of expression, development of cyberscience, online privacy, digital security, ethical and societal current and emerging challenges of the information society: the parallel sessions explored in a more detailed and at times original way the issues and challenges, as well as the promises, of ICTs. Some of them, including one on “Contested Governance” organised by internet governance scholar Divina Frau-Meigs[15], and for which this author was a speaker, occasionally delved into a much-needed meta-reflection about the role of different stakeholders in global governance, and emphasised that one of the main goals for internet governance scholars and academics today should be to increase the awareness, by other stakeholders, that the definition of internet governance needs to be broadened beyond a handful of very codified and somewhat repetitious international gatherings, to take into account current core issues (transparency, openness, diversity, interoperability) and incorporate new central ones (infrastructure-based copyright enforcement, ownership, labour, content regulation, accountability)[16].
Multi-stakeholderism or “HappyTown”?
“I did at least expect that there would be some attempt at a ‘stocktaking’ […] What we are having instead is three days of ‘happytalk’ folks talking ‘happy’ about this that and the other[17],” community informatics scholar Michael Gurstein commented with sour irony at the end of the meeting. Even without going so far as defining WSIS+10 a Disneyland revival, or a HappyTown artificially preserved for the good of the “usual suspects”[18] who are materially able to visit Paris “on expense accounts”[19] – something that is, however, a serious barrier to in-person attendance to international gatherings for several stakeholders, one that should not be dismissed – the UNESCO-led meeting does not paint a very bright future for the multi-stakeholder format of engagement in global governance of the internet.

Opening up the dialogue to several, if not all[20], internet governance stakeholders, and codifying formats and procedures to do so, was in itself an important achievement of the WSIS/IGF process, and the answer to its shortcomings is certainly not to dispose of it entirely. Yet, the most important lesson we should take home from the Paris WSIS+10 meeting is that, ten years later, reaffirming the worthy existence of the arrangement is not enough.

As internet governance scholar Bill Drake has recently pointed out, “a substantial chunk of the actual decision-making that shapes the Internet and its use at both the national and global levels remains outside the ambit of the model of multistakeholderism […] as such, that model is best conceived of as a critically important component of the distributed institutional architecture of Internet governance, rather than the embodiment of a ‘paradigm shift’[21]”. Hailed as such in the early days of the WSIS/IGF process, multi-stakeholderism in ICT governance is now in sore need of a realistic and thorough assessment, one that gets down to the “nitty gritty” details, day-to-day struggles, and material constraints of who participates, when, for what reasons, and how the practical results of this participation can be measured and leveraged for concrete next steps. This may entail, among other things, revisiting the “categories” of stakeholders outlined by WSIS, in favour of a more nuanced approach (what actors are regrouped under the label of civil society particularly comes to mind) that would acknowledge, in turn, the gap between “nominal and effective participation”[22] and devise creative tools to address it. Otherwise, as internet governance researcher Françoise Massit-Folléa and this author wrote a few years ago after having attended the fourth IGF in the fashionable Sharm-el-Sheikh, “the considerable weight of decisions taken elsewhere [is likely to] soon reduce this international forum” - as well as the broader processes shaping tomorrow’s information society - “ to a friendly conversation between true and false naives, under the disguise of enlightened debates[23]”.
- [1] [www.itu.int]
- [2] [unesdoc.unesco.org]
- [3] [www.earthsummit2002.org]
- [4] Malcolm, Jeremy (2008). Multi-Stakeholder Governance and the Internet Governance Forum. Wembley, WA: Terminus Press. (p. 322).
- [5] Geneva Plan of Action.http://www.itu.int/wsis/documents/doc_multi.asp?lang=en&id=1160|0
- [6] WGIG (2005). Report of the Working Group on Internet Governance, p. 18.
- [7] WGIG, ibid.
- [8] WGIG, ibid.
- [9] [www.intgovforum.org]
- [10] [www.intgovforum.org]
- [11] [rconversation.blogs.com]
- [12] [www.ifla.org]
- [13] Schafer, Valérie (2013). Première réunion d’examen du SMSI+10. Institut des Sciences de la Communication du CNRS. [www.iscc.cnrs.fr]
- [14] Hong, Amy (2013). WSIS+10: The Global Information Boom Leaves Billions Behind. MediaShift, [www.pbs.org]
- [15] “Contested Governance: Exploring the Evolving Policy‐making Environment and Considering Collaborative Solutions from the Netroots”, WSIS+10 session organised by Divina Frau-Meigs, February 27th, 2013.
- [16] Author’s notes from the session, February 27th, 2013.
- [17] Gurstein, Michael (2013). Making HappyTalk in Paris; Disneyland and the WSIS+10 Review. � [gurstein.wordpress.com]
- [18] Drake, William (2011). Multistakeholderism: External Limitations and Internal Limits. MIND: Multistakeholder Internet Dialog, Co:llaboratory Discussion Paper Series No. 2, Internet Policymaking, 68-72, Berlin: Co:llaboratory.
- [19] Gurstein, ibid.
- [20] Hintz, Arne and Stefania Milan (2009). “At the Margins of Internet Governance: Grassroots Tech Groups and Communication Policy”, International Journal of Media and Culture Policy, 5 (1-2): 23-38.
- [21] Drake, ibid.
- [22] Drake, ibid.
- [23] Massit-Folléa, Françoise and Francesca Musiani (2009). Recollections of Egypt. Comments on the Fourth Annual Meeting of the Internet Governance Forum, Vox Internet, [www.csi.ensmp.fr]

CircleID

New TLDs: Time For a Do-Over on Plural Similarity

Posted: April 12th, 2013, 12:13am WST by Steve DelBianco

Mandarin is a tricky language, but ICANN may want to learn the expression chóngfù before leaving the Beijing meeting. Chóngfù means "do-over" and that's what ICANN needs to forestall an entirely preventable disaster in the delegation of new top-level domains (TLDs).

The issue of "string similarity" seems straightforward. Nobody inside ICANN or out there in the real world wants Internet users to be confused by new TLDs that are confusingly similar. Imagine hearing an ad offering low rates at car.loans but you encounter something completely different at car.loan instead? And what would stop somebody from launching a new TLD by just tacking an "s" onto popular domains like .com or .org?

The Government Advisory Committee (GAC) is catching a lot of flack for it's Beijing Communiqué, but one thing the GAC got right was its advice that singular/plural strings are confusingly similar.

So how did we get to a point where ICANN inexplicably failed to find confusing similarity for 24 pairs of singular and plural forms of the same words, including .web /.webs, .game/.games, and .hotel/.hotels? More important, how do we fix this?

Chóngfù is hard for westerners to say and will be even harder for ICANN to do.

For starters, a little transparency is probably in order. The string-similarity review process was opaque by design. But many in the community want to know how ICANN's experts either failed to recognize the plurality issue — which would be troubling — or decided that single and plural gTLD strings can successfully coexist — which would be ludicrous.

Thankfully, the World Intellectual Property Organization (WIPO) has basic guidance on similarity: "words used in the singular include the plural and vice versa, as the context may require." That's the kind of common sense ICANN could use to correct the Guidebook and do a quick do-over on those 24 pairs of singular/plural TLDs.

ICANN may get a convenient backdoor out of this dilemma from the International Centre for Dispute Resolution, which is reviewing string confusion objections on seven of the single/plural pairs. If ICDR makes the right ruling, ICANN should apply that rule to all 24 single/plural pairs.

And if all else fails, there's always ICANN's "reconsideration" process for a formal chóngfù.

ICANN's critics at the United Nations and within many governments are waiting for a highly visible misstep in the ambitious expansion of top-level domains. That could be used to justify having governments displace the private sector in its leadership role on growing and governing the Internet.

Better that ICANN find a way to do-over on singular/plurals, than to risk having governments impose a bigger do-over on ICANN itself.
Written by Steve DelBianco, Executive Director at NetChoice
Follow CircleID on Twitter
More under: Domain Names, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains

Regulation Watch Feed

Time to take stock: twelve internet and jurisdiction trends in retrospect

Posted: April 11th, 2013, 9:28pm WST by Paul Fehlinger

With the growing tension between the cross-border internet and the patchwork of national jurisdictions, it becomes crucial to keep track of key global trends that drive the debate on appropriate frameworks. Based on the 2012 monitoring work of the Internet & Jurisdiction Project, twelve high-level patterns can be identified.

These tendencies have been detected through an evaluation of 240 cases from all over the world. All cases were curated and ranked according to their relevancy via an innovative crowd-based filtering process by the Internet & Jurisdiction Observatory, a network of selected international experts. The goal? Inform participants of the global multi-stakeholder dialogue process on the top 20 emerging trends every month. The complete case compilation “2012 in Retrospect” is available here.
I. THEMATIC TRENDS Pacesetter: national copyright enforcement
The cross-border Internet naturally challenges the geographic nature of intellectual property rights. As illustrated by national ISP blockings of torrent libraries, graduated response schemes and proposals for multilateral cooperation treaties, copyright has become a major pacesetter for the enforcement of national jurisdiction over the internet. Several proposed measures raised significant human rights and privacy concerns, as exemplified by the SOPA/PIPA bills and the Anti-Counterfeiting Trade Agreement (ACTA), which was rejected in the EU's jurisdiction in July 2012.
Cloud-based services: global platforms versus local privacy laws
Different conceptions of online privacy clash as states and sub-national authorities increasingly try to enforce their laws on cross-border platforms. Local standards can extend globally if the operator of a platform is established within the territory of a given jurisdiction. Thus, the US Federal Trade Commission and the "Sponsored Stories" Facebook settlement in California de facto determine opt-out and consent privacy rules for all international users. At the same time, a growing number of states demands local compliance: In the EU, privacy commissioners examined Google's 2012 Terms of service changes and Facebook deleted all facial recognition data of EU users in reaction to an audit by the Irish privacy watchdog and investigations by a regional Data Protection Authority in Germany.
Hate speech: viral outbursts and digital wildfires
In the absence of appropriate cross-border standards for takedown norms and procedures, viral online outbursts and "digital wildfires" of hate speech across multiple jurisdictions have become a major concern. The Innocence of Muslims video on YouTube, and "doctored images” that caused unrest in Indian regions showed that solutions like entire platform blocks via national ISPs can be disproportionate and do not take the granularity of online content into account.
In search of standards: defamation and libel tourism
Prominent online defamation cases are on the rise, while criteria for liability, publishing locations and adjudicatory jurisdiction remain vague. In Australia, Twitter was directly sued as the publisher of a defamatory tweet that was sent by one of its users. In the UK, a citizen of New Zealand won a Twitter defamation case against an Indian citizen residing in England and a former British politician took action against 10.000 Twitter users who tweeted or retweeted a false rumor. Moreover, a bill in the Philippines and demands by Swedish authorities indicated the growing trend of criminalising online defamation.
II. TRANSBOUNDARY IMPACTS OF SOVEREIGNTY Still neutral? The DNS as content control panel
There are attempts to leverage the Domain Name System (DNS) layer to enforce national jurisdiction over foreign online content when the DNS operator is located within a state's territory. A US court ordered VeriSign, the manager of .com, to take down the Canadian bodog.com site. The US Immigration and Customs Enforcement (ICE) agency seized the .com and .org domains of the Spanish link library Rojadirecta without a court order. The agency justified its action with the argument that the domains had been bought through a US registrar, although the site had been declared to operate legally by courts in the Spanish jurisdiction. ICE subsequently released these domains without explanation. This potentially causes transboundary impacts of national sovereign decisions.
Limitless sovereignty? Jurisdiction over foreign citizens
Extraterritorial extensions of jurisdiction over foreign citizens are rising in the absence of clear competence criteria. In California, a series of similar copyright cases was divided between two judges. They disagreed on having personal jurisdiction over an Australian resident. The actions were filed by a Korean rights holder, which argued that the defendant's use of US-based social media platforms constituted a sufficient connection to the American jurisdiction. Are there limits to the exercise of sovereignty over a shared common infrastructure?
III. FRAMEWORKS AND PROCEDURAL INTERFACES National laws vs. platform rules: the role of terms of service
Terms of service provisions regarding freedom of expression, defamation or privacy increasingly morph into the law of "digital territories". Tensions arise, as internet users are both subject to the laws of their jurisdiction and to the rules of the platforms they use. In Brazil, Facebook deleted the account of a topless female rights protester for infringements of its Terms of service. Meanwhile in the US, Twitter refused to disclose the identity of “Occupy tweeters” to authorities since its Terms of service specify that the company does not own tweets.
Lack of interoperability: procedural interfaces and MLATs
Enforcing territorial sovereignty can carve up the internet. Due process for takedowns, seizures or Local Education Agencies (LEA) access to private data emerges as a major concern for all stakeholders, but viable interoperability frameworks to manage the internet commons do not yet exist. In search of solutions to handle interactions on state-platforms, India called for a dispute resolution forum attached to the UN after local riots were triggered by online content. Pakistan claims to be obliged to continue the DNS block of the entire YouTube site for one objectionable video, due to the lack of appropriate procedures in the absence of a Mutual Legal Assistance Treaty (MLAT) regime with the US.
IV. TECHNOLOGIES AND TOOLS Data territoriality: the location of servers matters
Despite the global availability of most cloud-based platforms, the location of their data centres matters. Thus, US authorities seized the file locker Megaupload via its US-based servers, although the Hong Kong-based platform was operated by a German citizen residing in New Zealand. Equally enforcing national jurisdiction over servers, Ukrainian authorities shut down a platform operated from Mexico. Wikipedia explained that it does not operate servers in the UK because of certain jurisdictional risks due to strict local defamation laws.
Localizing the internet: Geo-IP filtering and ccTLD migration
Facing difficulties to simultaneously respect 192+ national laws, cross-border platforms create "localized experiences" to be in compliance with territorial laws. Twitter developed a tool to block unlawful content in certain jurisdictions through geo-IP filtering and used it for the first time to block a Nazi account in Germany. Google's Blogspot uses the DNS and launched an automatic country code top-level domain (ccTLD) redirection scheme to prevent cross-border impacts of local compliance on platform users from other jurisdictions.
Cybertravel: the legality of proxies and VPNs
The ability to freely cross jurisdictional borders on the internet becomes challenged, as states strive to enforce local laws online. The spread of ISP domain blocks and geo-IP filtering increases the use of VPNs and proxies to circumvent national access limitations. Whereas a New Zealand ISP offers "US internet" by default, cybertravel technologies become increasingly contested or criminalised as China, Russia and Iran target VPNs. Likewise, The Pirate Bay proxies in the UK and the Netherlands are being shut down.
Notice and staydown: the rise of automated filters
Courts increasingly demand the use of automated filters on cross-border platforms to ensure that content complies with local jurisdictions, especially in cases where the same or similar infringing content is uploaded again. An Argentine judge ordered Google to "permanently" remove defamatory pictures of a model. Concerning copyright, views diverge as a German court ordered YouTube to develop a notice-and-staydown mechanism for protected songs, while a French court ruled that upload-filters are unnecessary.
Download the "2012 in Retrospect" Case Collection
Note: A variation of this article was originally published on the Internet & Jurisdiction platform in early April 2013: internetjurisdiction.net

IGP Blog

Who needs the ITU when you have a GAC?

Posted: April 11th, 2013, 7:10pm WST by Milton Mueller

If anyone doubted our recurring warnings that ICANN’s GAC is evolving into an intergovernmental organization, they should have come to Beijing for ICANN 46. A new GAC communique was released in the middle of the public comment forum. As people downloaded and read it, they discovered that GAC’s “advice” is really a complete redesign of [...]

CircleID

Google Does the Right Thing Opening Several Closed Generic TLD Applications

Posted: April 11th, 2013, 3:03am WST by Michele Neylon

Over the last few months one of the areas of attention in the new TLD project has been "closed generics". I've written about this several times in the past and I've also raised the issue in as many fora as possible.

Yesterday ICANN published a letter they'd received from Google with respect to several of their new TLD applications.

Whereas Google had made it clear previously that they intended to operate domain extensions such as .blog, .cloud, .search and .app in a closed fashion or "walled garden" this is no longer the case, as outlined in their submissions on the topic of closed generics last month.

The letter, which runs to 41 pages, includes a fairly concise explanation of Google's planned changes as well as the full text of the requested changes to their applications.

So what are they planning to do? Bearing in mind that they've got competition with several of these applications, so there is no guarantee that they'll be even granted to Google.

.search is planned to be a "dotless" domain:

Our goal for .search is to provide an easily-identifiable namespace for firms that provide search functionality and to allow Internet users a unique and simple mechanism to access the search functionality of their choice. Google intends to operate a redirect service on the "dotless" .search domain [search] that, combined with a simple technical standard will allow a consistent query interface across firms that provide search functionality, and will enable users to easily conduct searches with firms that provide the search functionality that they designate as their preference.

I'm not sure how that will look, but it sounds kind of funky.

.app will be for developers of apps

We intend for .app to be a TLD dedicated to application developers. The term "app" is used in a variety of contexts, including mobile applications, browser-based applications and even desktop applications. We intend for the .app TLD to be restricted for use by relevant developer communities, but to be inclusive of the full range of application development communities and not to restrict registration to developers on a particular platform

So "app" will have the widest meaning possible, though how they'll actually "police" that isn't clear. Intent? Use?

.blog is one of the "closed generics" that bugged me the most. I blog. The string describes the content you are expecting to find on the domain. Being forced to use a specific blogging platform in order to access a .blog domain name was not how I'd like to see that extension used.

So Google's latest proposal for .blog is a lot more palatable to me:

We have two principal goals for the .blog TLD. First, users navigating to domains within the TLD should reasonably expect to reach a blog when they access a .blog domain name. Second, it should be simple and easy for .blog registrants to associate their secondlevel domain with their blog on the blogging platform of their choice. To this end, we are working with others in the blogging community to develop a simple set of technical standards that will allow users to automatically link their domain name to their blog at the time of registration. Registrations within the TLD will be limited to those with blogs adhering to these technical standard.

I'm not sure how this "standard" is going to look or how registrars and hosting providers are going to be able to implement it, but I like the concept.

The .cloud application is the fourth one that Google is planning to tweak:

As with .blog, our goal for .cloud is to create a clear association between .cloud names and projects hosted in cloud platforms, while simultaneously allowing registrants to more easily link domain names with the cloud offering of their choice. We are in the earlier stages of discussions with others in the cloud community, but intend to develop similar technical standards as with .blog

So with Google changing at least some of their applications to be more open and inclusive, will other new TLD applicants see the light and tweak theirs? What about Amazon? Symantec? L'Oreal?

And what about ICANN's board? Will they be able to find a way of dealing with the issue in a fair, transparent and equitable manner?
Written by Michele Neylon, MD of Blacknight Solutions
Follow CircleID on Twitter
More under: Domain Names, ICANN, Top-Level Domains
Information and Communication Technologies (ICT) Industry Soon to Be Largest Source of Co2 Emissions

Posted: April 10th, 2013, 4:49am WST by Bill St. Arnaud

There has been a lot of discussion lately on the environmental impact of the proposed Keystone-XL pipeline that is intended to carry heavy oil from the tar sands in Alberta to refineries on the US Gulf Coast.

I suspect at the end of the day the US government will approve the pipeline as GDP growth and potential job losses will always trump concerns over the environment.

However, the US government has been putting on a lot pressure on Alberta to improve its environmental standards as a quid pro quo for approving the pipeline. In response Alberta is exploring expanding their current CO2 emissions program to a $40/tonne carbon levy. In the past, all of the funds raised by Alberta's carbon emissions program was returned to industry to invest in dubious energy efficiency programs. But Alberta could really have a much more meaningful impact in terms of reducing CO2 emissions, that would more than compensate the emissions from the oil carried in the Keystone XL pipeline, if it invested some of this money into its local universities and R&E network — Cybera.

Although on the production side the tar sands are one of the biggest sources of CO2 emissions, the Information and Communication Technologies (ICT) industry, globally is the fastest growing and soon will be the largest source of CO2 emissions on the consumption side of the equation. ICT emissions are produced indirectly from the coal generated electricity that is used to power all of our devices. Currently it is estimated that ICT consumes around 10% all electrical power growing at about 6-10% per year. According to the OECD and other studies ICT equipment in our home now consumes more energy than traditional appliances.

New studies suggest that the growth in wireless networks could be the single largest component of that growth in CO2 emissions from the ICT sector. In a recent report by the Centre for Energy-Efficient Communications, at the University of Melbourne-based research centre claimed that by 2015, the energy used to run data centres will be a "drop in the ocean", compared to the wireless networks used to access cloud services. The report predicts that by 2015 energy consumption associated with 'wireless cloud' will reach 43 terawatt-hours, compared to 9.2 terawatt-hours in 2012. This is an increase in carbon footprint from 6 megatonnes of CO2 in 2012, up to 30 megatonnes of CO2 in 2015, which is the equivalent of an additional 4.9 million cars on the road, the report states.

More worrisome is another report from Sweden KTH that predicts will need to increase the density of wireless base stations by 1000 times to meet the insatiable demand for the "wireless cloud". If this came to fruition, it would be incredibly huge jump in the demand of electricity by the ICT sector.

The wireless industry in particular is an ideal sector to be powered by local renewable energy sources such as solar panels and windmills. Already many wireless towers in the developing world are powered by renewable energy (but unfortunately often with diesel backup). Because of it is inherently distributed, lower power architecture the wireless industry is ideally suited to be powered by local renewable energy.

I have long advocated that universities and R&E networks are the ideal environment for deploying wireless networks that are powered solely by local renewable power sources. By integrating WIfI and 4G networks with multiple over lapping cells it would be possible to provide seamless service zero carbon wireless services.

For more details see:

High Level Architecture for Building Zero Carbon Internet Networks , ICT products and services

Alberta could be a world leader in deploying such zero carbon networks starting first at universities in partnership with Cybera. The global CO2 impact of developing such technology in terms of removing additional 4.9 million cars from the road would be much greater than expected emissions from the oil to be carried in the proposed Keystone XL pipeline

Additional pointers:

Cloud's real ecological timebomb: Wireless, not data centres

Thousand times greater density of base stations
J. Zander, P. Mähönen, "Riding the Data Tsunami in the Cloud – Myths and Challenges in Future Wireless Access", IEEE Communications Magazine, Vol 51, Issue: 3 (March 2013), pages 145-151 [theunwiredpeople.com]

Solar powered WiFi allows control of bugs instead of using pesticides

ICT industry on track to be largest sector for CO 2 emissions

Solar Powered DIY Portable HotSpot

More on revenue opportunities for R&E and open access networks – building next generation "5G" wireless network
Written by Bill St. Arnaud , Green IT Networking Consultant
Follow CircleID on Twitter
More under: Access Providers, Broadband, Cloud Computing, Data Center, Wireless
An Amazing Number - China Now Has 564 Million Internet Users: 75% Are Mobile

Posted: April 10th, 2013, 12:00am WST by Dan York

One of the staggering numbers introduced during the opening remarks at ICANN 46 here in Beijing by multiple speakers, including ICANN CEO Fadi Chehade and speakers from the Chinese government, was this:

China now has over 564 million Internet users!

Think about that for a minute.

Most estimates these days are that there are around 2 billion people around the world using the Internet. We have no real way of knowing exactly how many people are online, but the estimate most of us use is "2 billion".

So if we go with that estimate, these latest numbers out of China would mean that China represents around 25% of all Internet users. A rather amazing growth given that the ICANN 46 welcoming remarks also indicated that in 2002 China only had 59 million Internet users.

Less surprising to me was the stated fact that 75% of Chinese users are mobile Internet users. I think most of us can clearly see both in industry trends and in our own personal usage that Internet usage is increasingly moving to a mobile-centric world.

Still, let's think about the scale of that percentage: 75% of 564 million represents 423 million mobile Internet users — about the size of the entire population of the USA and Mexico combined.

A rather huge number of people.

I sat there thinking about those numbers and my mind immediately turned to all of those of us who are publishing content on the Internet. This is yet another sign that mobile consumption of content is increasingly dominant — how well does your website work for mobile users? And while English may be the primary language many of us may use for our websites, how well do those sites work for viewers for whom English is not their main language? And what multi-lingual capabilities does your website have? Or what are you planning to add?

Truly an amazing number of users… and it will only continue to grow!
Written by Dan York, Author and Speaker on Internet technologies
Follow CircleID on Twitter
More under: ICANN, Mobile, Web
ICANN's NomCom 2-Stage (R)evolution

Posted: April 9th, 2013, 5:15pm WST by Stéphane Van Gelder

ICANN's Nominating Committee (NomCom) is both a strange animal and a precious resource. Having a committee charged with first recruiting, then selecting suitable candidates to hold key positions within ICANN is something that is often little, or even mis, understood. Within the ICANN community itself.

By the very nature of its recruitment role, the NomCom has to remain secretive. About who the candidates are, at any rate. But that doesn't mean the rest of the NomCom's processes must remain so.

The feeling that the NomCom has at times lacked transparency became very evident last year, when the 2012 NomCom Chair Elect — the person chosen by the ICANN Board to be the NomCom Chair for the following year — refused to take up that position.

The ensuing debate, and sometimes stinging criticism, has clearly energised this year's NomCom to execute significant changes. Under the auspices of the 2013 NomCom Chair Yrjö Länsipuro, blessed with both information sharing and people skills (he was a journalist and a diplomat), the NomCom has significantly changed its approach.

A general 2-stage transition has been initiated. Stage 1 is becoming more transparent. Stage 2 should be looking at the actual recruitment processes used by the NomCom to ensure that high-level candidates do not baulk at the complexities of filling in online application forms and dealing with the application system.

Since the start of the 2013 NomCom's tenure, the committee has been putting out a Report Card after each of its official meetings. This is the first time ICANN's NomCom has produced written accounts of its meetings.

History was also made at the ICANN Beijing meeting this week, where the NomCom has scheduled several open meetings, including its main planning meeting. This is the first time that the NomCom's deliberations have ever been held in public to such an extent.

These are important steps towards for what is a crucial committee for ICANN because it is designed to help bring new blood into the ICANN universe, which otherwise might be in serious danger of sclerosis.
Written by Stéphane Van Gelder, Chairman, STEPHANE VAN GELDER CONSULTING
Follow CircleID on Twitter
More under: ICANN, Internet Governance, Policy & Regulation
Evolving ICANN Carries Great Promise for Internet Users

Posted: April 9th, 2013, 4:30am WST by Tom Galvin

The headlines out of ICANN's meeting in Beijing may be all about new domains, but it is the quiet, systemic evolution of ICANN itself that holds the greatest promise for Internet users globally.

ICANN President Fadi Chehadé opened the meeting by announcing that it was ICANN's "season to evolve," and setting forth a series of programs, restructuring efforts and policy initiatives intended to make ICANN more responsive to the needs of its stakeholders, and by extension, to the needs of all Internet users, everywhere in the world.

Mr. Chehadé's ambitious agenda provides a unique opportunity for ICANN to holistically review and strengthen its role in upholding the safety of Internet users.

Historically, ICANN's focus has been on Internet security almost to the exclusion of Internet safety. During the early stages of ICANN's evolution this narrow focus on security was both natural and likely necessary, given the organization's resources and scope.

The threats against the Internet's core technical infrastructure are significant, and ICANN's work in mitigating them is critical. But as ICANN's scope and resources expand, so to does its obligation to address the more granular threats to Internet users that arise from systemic abuse and exploitation of the Domain Name System.

Global cybercrime is at an all-time high, and shows no signs of abating. An independent study conducted by eight researchers for the U.S., UK, Germany, and the Netherlands presented at the Workshop on the Economics of Information Security (WEIS) 2012 placed the global cost of cybercrime at just over $225 Billion per year. And it could get much worse — a 2012 survey by the National Cyber Security Alliance (NCSA) and digital security firm Symantec showed the 83 percent of U.S.-based small businesses have no formal cybersecurity plan, even though the 2011 NCSA/Symantec survey showed that cyberattacks cost small and medium-sized business an average of $188,242. Almost two-thirds of the victims were shut down within six months after the attack.

The vast majority of the fraud and scams conducted by international cyber-syndicates shares a common characteristic of gaming the openness and accessibility of the Internet's addressing system to exploit the most vulnerable users.

Within its existing technical scope, ICANN has a tremendous platform to address these significant safety challenges. Simply enforcing existing contract terms with registrars and registries could have a dramatic global impact on cybercrime. Strengthening those contracts, and their enforcement mechanisms, would only magnify that effect.

ICANN is already making significant strides in the right direction. The new registrar accreditation agreement seems to hold great promise for Internet users globally, as does the registrants "bill of rights and responsibilities" that Chehadé discussed in his speech.

But part of ICANN's evolution should be systematizing these efforts so that Internet safety is not addressed piecemeal, but as part of a broader effort to address the safety needs of Internet users, including the millions who lack the wherewithal to participate in ICANN's policymaking process.

When the ICANN community sets its will to something, history demonstrates that it can be remarkably effective at accomplishing it. We've seen that in its strides on Internet security, and will likely have another demonstration soon in the form of new gTLDs.

If the community can embrace the Internet safety challenge with the same vigor with which they approached new gTLDs, we will look back years from now and mark the critical importance of ICANN's "season to evolve."
Written by Tom Galvin, Executive Director at Digital Citizens Alliance
Follow CircleID on Twitter
More under: ICANN, Internet Governance, Security
Total Domain Names Pass 252 Million Worldwide

Posted: April 9th, 2013, 2:15am WST by CircleID Reporter

More than six million domain names were registered in the fourth quarter of 2012, bringing the total number to more than 252 million domain names worldwide across all top-level domains (TLDs) as of Dec. 31, 2012, according to the latest Domain Name Industry Brief from Verisign. The increase of 6.1 million domain names globally equates to a growth rate of 2.5 percent over the third quarter of 2012, and marks the eighth straight quarter with greater than 2 percent growth. Worldwide registrations have grown by 26.6 million, or 11.8 percent, year over year.

Follow CircleID on Twitter
More under: Domain Names
How Will Banks Ensure the Safety of Our Money? DDoS Attacks on NL Banks

Posted: April 8th, 2013, 10:37pm WST by Wout de Natris

This week bank costumers of The Netherlands were shocked when they realised that online banking may not be as safe as they thought. Perhaps some were surprised to hear that what they think is money, is nothing but digits, something that does not exist. Their money only exist because we all act as if it exists and accept transactions between each other aided by software run by banks, if they haven't outsourced that function. The good people found out the hard way that by, in this case involuntarily, changing a few digits, their money just disappeared (and some became millionaires without being able to access this money).

The next day new malfunction of banks' websites were reported. For the first time it was openly admitted that all our banks' and payment intermediary iDeal's website were down, due to an attack in the form of a DDoS attack, making the website of the respective banks unreachable for regular traffic. The assailants tried to log in also.

This resulted in headlines, Tweets, blogs and opening news items, the one at the 8 o'clock news on the public channel ending with: "in the USA this happens nearly every day". In the following I'd like to take a look at a few related comments, a tweet by a politician, before coming to some questions. The main one reflects the title most: "Who's responsible for cyber security?"

Public outcry

If anything the chaos or perceived chaos in banking transitions led to angry or confused people, famous short fuses and loads of attention from the media. The cyber security world is waiting for years for a major cyber incident. One causing great damages, in the hope governments and companies start moving in the right direction. Some experts are even totally resigned to this way of thinking. This is not that incident. Sure, it shocked end users, led to some reactions from politicians, but in the end nobody seems to have lost money and there are so many other issues calling out for attention.

The news

Tax evasion
In the past week high level tax evasion by multi nationals, top-executives, politicians, etc., let's say the top of societies, was prominent in the news. A conclusion in a column in NRC Handelsblad stated, to this problem decisions at world level are needed. (If I'm cynical, look at the list at the start of this section and ask yourself the following question: Who decides on worldwide solutions?) What struck me, also, is that this is the exact same conclusion that is derived at when talking about Internet governance, international cooperation against cyber crime, spam and malware enforcement, etc., etc. In short, what I recently heard someone call "the glass ceiling of Internet governance". Most discussions stop here. Another variant to this discussion is: "we need to break own silos!". Okay, but who is "we"? Is someone made responsible for this breaking down, silos or ceilings? What are the right questions to ask here? Questions that lead to answers that could take the discussion forward and actually change the outcome? A topic for the upcoming IGF in Bali I'd say.

The near future
The comment in the 8 o'clock news cited above, caught my attention most. "This happens nearly every day in the US". I read somewhere that 267 out 365 days there were problems accessing major banks' websites. In other words this is something we are to expect also? Are there contingency plans? Do governments allow that payments can't be made (parts of) 267 days in the year? The economic impact is gigantic. Does it matter then whether the attacks stem from criminals, free speech advocates, "fun hackers" or state-to-state activities? I'd say not.

How can banks ever guaranty the safety of our money?
...is the question Dutch parliamentarian Kees Verhoeven (D66) asked on Twitter. (This is the Tweet: "Heftig. De storing blijkt nu een #DDoS aanval! De vraag is hoe banken de veiligheid van ons geld kunnen blijven garanderen. #cybersecurity"). I responded to him that this was totally the wrong question to ask. There is nothing banks can do against DDoS attacks, beyond preventive measures. The attackers, the tools they use, the infected PCs and other devices used, the command and control servers hosted anywhere in the world, are all far beyond the control of banks. As long as banks run state of the art security measures (even if they don't), they are victims and not attackers. Perhaps the banks need support from other entities on and around the Internet to solve this problem.

The tools used are infected PCs of end users, companies, governments, industry, etc. and other devices like smart phones, smart TVs, up to a hacked chip in your cat's collar (and this is no joke). There are a million reasons why these devices are infected. From irresponsible use by end users, flawed software, a lack of security by design in anything with "i" in front if it, negative incentives to deal with botnet mitigation or notice and take down requests, a lack of understanding in general, right up to a lack of government regulation, enforcement or incentives. All measures or better a lack of measures, banks have no influence over at all. They have an influence over the quality of the products they buy themselves in the future, over internal policy and security measures and perhaps they can reach out more to discuss Internet governance actively, which I advice them to do, but it stops there.

So, taking this all in, can banks guarantee the safety of our money? Answer this question yourself and continue to ask yourself the question who is responsible for cyber security? A virtual plethora of parties involved and where to start? What I have to conclude is that almost every single decision is to be made in the private sphere. In a competitive world. Where does that leave governments? Where does this leave decisions consciously made with the common good in mind?

So, who's responsible?

I'm not going to answer this question here. Those who follow me on my blog, here on CircleID or read my articles in Virus Bulletin know my points of view. What I'd like to ask you is to think about this question for one minute and share your thoughts with me here on within an(y) other context. It may just get a discussion going.
Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement
Follow CircleID on Twitter
More under: Cyberattack, Cybercrime, DDoS, Internet Governance, Security
Third Round of Evaluation Results for New TLDs

Posted: April 8th, 2013, 12:50am WST by CircleID Reporter

Mary Iqbal writes to report that ICANN has released the third round of initial evaluation results, bringing the total number of applicants to pass Initial Evaluation to 93. ICANN has now completed the initial evaluation of all but 13 IDN Top Level Domains. To learn more, see http://www.getnewtlds.com/news/Third-Round-of-Initial-Evaluations.aspx.
Follow CircleID on Twitter
More under: ICANN, Top-Level Domains

Matthias C. Kettemann's International Law and the Internet

Can you prove somebody is an idiot? Defamation between freedom of expression and protection of reputation

Posted: April 7th, 2013, 6:13pm WST by Matthias C. Kettemann

Virgil's Fama is fleet-winged and swift-footed.
Defamatory statements on the Internet, too.(c) Kettemann 2013
Just as the fama in Virgil’s Aeneid (the etymological root of defamation) negative rumors harmful to someone's reputation prosper on the Internet.
"Fama, malum qua non aliud velocius ullum: mobilitate viget virisque adquirit eundo, parva metu primo, mox sese attollit in auras ingrediturque solo et caput inter nubila condit. [...] progenuit pedibus celerem et pernicibus alis, monstrum horrendum, ingens, cui quot sunt corpore plumae,tot vigiles oculi subter [...] tot linguae, totidem ora sonant, tot subrigit auris."
“[Fama] flourishes by speed, and gains strength as she goes: first limited by fear, she soon reaches into the sky, walks on the ground, and hides her head in the clouds.[…] fleet-wingedand swift-footed, […] who for every feather on her body has as many watchful eyes below […], as many tongues speaking, as many listening ears.”
Many tongues speaking indeed, many listening ears, many writing fingers on keybords and watchful eyes for youTube videos. For a study on freedom of expression on the Intenret to be published by the Council of Europe I've looked at the issue in some more depth. What follows are a few important markers. But for an overview of the jurisprudence towards a "right to reptutation" I encourage you to have a look at Stijn Smet's excellent article on Freedom of Expression and the Right to Reputation: Human Rights in Conflict, American University International Law Review 26 (2011) 1, 183-236.

But let's get back to fama and her wings and feet.

One thing is clear: Internet platform providers, site moderators and bloggers have to take care not to engage in defamation and journalists reporting on events and news have to be careful not to publish content that is objectively defamatory. They have to avoide giving fama wings and feet, a forum and a multiplication vector.
As I have argued in two previous postings (here and here), liability may ensue - and the liability regime established by some national courts is problematic; a definite answer by the European Court of Human Rights is still out though there are some positive indications in its previous case-law.
Now, why is defamation such a problem.
While truth is an absolute defense against a claim of defamation, very often it can be difficult to establish or very costly do so. A customer on a travelling forum, for instance, might say that a specific hotel was a bad choice because of the small rooms and the broken appliances. This may be their opinion (‘bad choice’) but it also contains a statement of facts (‘broken appliances’). Once the hotel identified in the review published on the site asks the website owner to take down the post (on the argument that it is defamatory) the owner has a clear choice: either delete the post and thus arguably infringing upon the freedom of expression of its users or keeping the post and thus, having ‘owned up to it’, risk a defamation-based suit by the hotel.

The risk in the defamation suit is to prove the veracity of the statement. Unfortunately for the owner of the travelling website that duty now falls upon them. Thought the original poster may help, they are difficult to be legally forced to do so. The website owner - by themselves - will usually have a very hard time indeed proving that at a certain date in, say, 2011, the appliances in one specific hotel room in a small village somewhere in, say, California were faulty.

Voicing opinions (value judgments) online cannot amount to defamation, only statements of fact can be defamatory. As the European Court of Human Rights ruled in Lingens, “[t]he existence of facts can be demonstrated, whereas the truth of value judgments is not susceptible of proof”.

However, the Court will look the context of a statement to determine whether it is a true opinion or rather a statement of facts disguised as a value judgment.

Freedom of expression and the right to reputation as a weapon against defamation often conflict. The European Convention on Human Rights only mentions reputation in Article 10 (2) as a legitimate aim that would allow a restriction of freedom of expression: “for the protection of the reputation or the rights of others”. In a number of cases, centrally Pfeifer v. Austria (with regard to Article 8) however, the Court has developed a right to reputation from this basis as being part of a person’s right to respect for private life.
More recently, in Karakó v. Hungary Court seemed to qualify its strong position in Pfeifer arguing that only “factual allegations [of a] seriously offensive [with an] inevitable direct effect on the applicant’s private life” warrant protection a position it largely held in Polanco Torres and Movilla Polanco v. Spain.

In Polanco Torres (regarding an article alleging unlawful dealings and dirty money published first in the El Mundo newspaper) the Court ruled that the journalist had sufficiently verified the veracity allegations contained in the article. Their right to impart information that was in the general interest was given more weight than the right of reputation.
What makes this case especially interesting for freedom of expression online is that the article under review was republished by another newspaper, Alerta, that was also charged with defamation but unlike El Mundo convicted of it in the national courts because the journalists at Alerta had simply copied the article from El Mundo without checking the veracity of the allegations. We see: Merely republishing defamatory allegations without ensuring their veracity is highly problematic.
In the 2011 case of Editorial Board of Pravoye Delo and Shtekel v. Ukraine the Court had another opportunity to assess the limits of defamation. The Court ruled that Article 10 must be interpreted as to imposing on states obligations to create an appropriate regulatory framework to ensure effective protection freedom of expression on the Internet for journalist. Pravoye Delo is therefore to journalistic freedom online what K.U. v. Finland is to protection of minors on the Internet.
The editorial board of the Ukrainian newspaper had been fined for publishing defamatory statements taken from the Internet accompanied by an editorial in which they distanced themselves from them. The Court found fault with the reluctance of the local courts to apply protections regarding offline media to online surroundings. The Court agreed that

“[the] risk of harm posed by content and communications on the Internet to the exercise and enjoyment of human rights and freedoms, particularly the right to respect for private life, is certainly higher than that posed by the press. Therefore, the policies governing reproduction of material from the printed media and the Internet may differ. The latter undeniably have to be adjusted according to the technology’s specific features in order to secure the protection and promotion of the rights and freedoms concerned.”
Just because the legal treatment of offline and online publications may differ, not applying safeguards at all is a violation of Article 10. This does not mean, however, that newspapers have to make individuals aware of potentially defamatory information. In the 2011 case Mosley v. the United Kingdom the Court ruled that the United Kingdom cannot be faulted in not giving a public figure whose sexual activities had been recorded and published in form of images and videos on a newspapers’ website the possibility of an injunction to prevent publication, even if the publication was violative of his right to private life.
Taken together the case law of the European Court of Human Rights contains important markers for navigating between the right of freedom of expression and the right to private life, between legitimate publications in the public interest and defamatory comments. A key lesson, however, is – again – that states need to apply offline free expression protection guarantees to online situations, even if they have to developed in recognizance of the special impact Internet publications can have.

Gurstein's Community Informatics

Community Innovation and Community Informatics

Posted: April 7th, 2013, 4:36am WST by Michael Gurstein

Innovation is the buzzword of the moment. Countries large and small, rich and poor, international agencies, private companies even individuals are pre-occupied with finding the key to "innovation". What precisely is meant by "innovation" of course, varies from context to context and even within contexts it is difficult to find a hard and fast definition that goes beyond simply referring to "change" of some sort and hopefully change for the better or change that builds on what has gone on before.

CircleID

Much Ado About Nothing

Posted: April 7th, 2013, 1:42am WST by David Balto

Much ado about nothing; why the Uniregistry request for antitrust immunity is meaningless and its conclusions misleading

With much fanfare last month, Uniregistry announced that proposals for dispute resolution between New TLD applicants in lieu of ICANN's so-called "Auction of Last Resort" posed significant antitrust risks. Their claim of concern was not based on any critical antitrust analysis, but rather on the fact that they had sought a "Business Review" letter from the Antitrust Division of the U.S. Department of Justice (DOJ), and, according to Uniregistry, the DOJ failed to provide them a positive response and discussed the issue with them.

I am a former trial attorney in the DOJ Antitrust Division and the former Policy Director of the Federal Trade Commission (FTC). At the FTC, I was in charge of the business review letter process and authored several of these letters. The specter of concern raised by Uniregistry is based on a misinterpretation of the business review process and not sound antitrust analysis.

Uniregistry suggests that simply the fact that they failed to receive a positive response from the DOJ suggests that enforcement action is likely. That is hardly the case. The DOJ has very high standards for issuing business review letters. Review letters are typically only issued where the facts and the law are fairly clear cut and demonstrate that there are no potential competitive concerns raised by the proposed conduct. Because of these very high standards, the DOJ typically receives numerous review letter requests, but issues only two or three business review letters a year. The fact they did not grant Uniregistry's request did not mean the conduct raised substantial competitive concerns. In my experience, it simply means that the DOJ lacked the unambiguous compelling facts to say that there were no competitive issues.

If the DOJ saw some potential competitive problems it would have responded with a letter articulating those concerns. In fact, one week after the Uniregistry announcement, the DOJ did exactly that, turning down a business review request on a patent exchange system because of potential competitive concerns. See [www.justice.gov] . The DOJ's failure to respond formally to Uniregistry certainly does not support the allegation that they have competitive concerns over the dispute resolution system.

Contrary to Uniregistry's suggestion, the DOJ's refusal to issue a positive letter does not suggest the conduct at issue is likely to lead to antitrust enforcement. If the DOJ thought there were competitive concerns sufficient to bring enforcement action, its procedures instruct that they would respond clearly in that fashion. Rather, according to Uniregistry, they simply responded that the conduct is not wholly immune from scrutiny. Stated another way, the failure to secure a business review letter does not mean the DOJ is likely to bring a law enforcement action. Indeed, in over 40 years there has never been a case where a rejected business review letter request led to an enforcement action, even when the DOJ has suggested that the conduct at issue could potentially present antitrust issues.

Moreover, the key to any analysis of proposed conduct from the perspective of the antitrust laws is whether consumers or other parties may be harmed by the conduct at issue. In this case, it seems fairly unambiguous that ICANN will not be harmed by the dispute resolution system. In fact, they designed the dispute resolution system pursuant to which they encourage applicants to engage in dispute resolution in order to avoid the ICANN auctions. Indeed, there never has been a successful antitrust case brought where the alleged plaintiff was the party that actually designed the restraints at issue.

Uniregistry's request was unusual in another important respect. Typically business review letters are requested by the parties proposing the conduct or those that have created the arrangement, but in this case ICANN did not go to the DOJ. A critical part of any analysis of a proposed arrangement is the "purpose and intent," but Uniregistry was in no position to answer those critical questions.

In any case, regardless of how Uniregistry might want to interpret DOJ's non-action, there's little antitrust risk posed by anticipated private auctions or the registry dispute resolution system as a whole. First, as suggested earlier, the only entity that could be harmed by the system is ICANN, which designed the system. ICANN effectively cannot be harmed by this system, and this is key, as it is deliberately avoiding any type of revenue from the auctions of these new registries. Second, the dispute resolution system cannot harm consumers. There is no fashion in which the method of dispute resolution ultimately would lead to higher prices or less innovation or output. Without some clear-cut harm to consumers, it is difficult to fathom any antitrust violation. Third, the dispute resolution system is akin to many types of joint ventures that have been approved by the DOJ in which competitors have collaborated in order to improve how the market works. The ultimate question asked by the DOJ is whether a system helps to make markets function more effectively and certainly the ICANN dispute resolution system, including private auctions, would meet that requirement.

Finally, although Uniregistry or others might be able to envision some other form of dispute resolution system, it is not the DOJ's role to engage in economic policy engineering and suggest how ICANN should restructure those rules. They simply are obligated to stop conduct that will harm consumers through higher prices or less innovation. The current ICANN dispute resolution system does not pose these risks; that is why antitrust enforcement would be highly unlikely. Any suggestion otherwise is most likely just in Uniregistry's business interests.
Written by David Balto, Antitrust Lawyer
Follow CircleID on Twitter
More under: ICANN, Law, Top-Level Domains

Skip to page: 1 2 3 ... 16

IGF Community Site feed reader

Feeds

Unread items (100)

Posted: May 19th, 2013, 5:31am WST

Posted: May 17th, 2013, 5:02am WST by Bill St. Arnaud

Posted: May 15th, 2013, 8:15pm WST by Monika Ermert

Posted: May 15th, 2013, 6:32am WST by Tom Lenard

Posted: May 15th, 2013, 3:03am WST by Bevil Wooding

Posted: May 14th, 2013, 11:55pm WST by Wout de Natris

Posted: May 14th, 2013, 9:35pm WST by Veni Markovski | Вени Марковски

Posted: May 14th, 2013, 10:24am WST by Milton Mueller

Posted: May 14th, 2013, 2:38am WST by Philip S Corwin

Posted: May 11th, 2013, 5:39am WST by Kieren McCarthy

Posted: May 10th, 2013, 10:38pm WST by Veni Markovski | Вени Марковски

Posted: May 10th, 2013, 6:40pm WST by Merlin Münch

Posted: May 10th, 2013, 4:39am WST by CircleID Reporter

Posted: May 10th, 2013, 1:29am WST by CircleID Reporter

Posted: May 9th, 2013, 3:22am WST by Paul Budde

Posted: May 9th, 2013, 2:18am WST by Jean Guillon

Posted: May 9th, 2013, 2:09am WST by CircleID Reporter

Posted: May 9th, 2013, 1:55am WST by Wout de Natris

Posted: May 8th, 2013, 1:16pm WST by Veni Markovski | Вени Марковски

Posted: May 8th, 2013, 6:04am WST by Gunter Ollmann

Posted: May 7th, 2013, 7:47pm WST

Posted: May 7th, 2013, 7:08pm WST by Monika Ermert

Posted: May 7th, 2013, 6:49am WST by Dan York

Posted: May 7th, 2013, 3:29am WST by CircleID Reporter

Posted: May 7th, 2013, 12:23am WST by Josh Bourne

Posted: May 6th, 2013, 10:05pm WST by Veni Markovski | Вени Марковски

Posted: May 6th, 2013, 1:47pm WST by Veni Markovski | Вени Марковски

Posted: May 4th, 2013, 5:29am WST by Dan York

Posted: May 4th, 2013, 1:13am WST by Paul Budde

Posted: May 4th, 2013, 12:09am WST by Stéphane Van Gelder

Posted: May 3rd, 2013, 8:35pm WST by Veni Markovski | Вени Марковски

Posted: May 3rd, 2013, 6:31pm WST by Monika Ermert

Posted: May 2nd, 2013, 1:38pm WST by Robin Gross

Posted: May 2nd, 2013, 5:02am WST by Doc Searls

Posted: May 2nd, 2013, 1:20am WST by Henry Lancaster

Posted: May 1st, 2013, 11:40pm WST by Thomas Barrett

Posted: May 1st, 2013, 7:54pm WST by Primavera de Filippi

Posted: May 1st, 2013, 11:06am WST by Dan York

Posted: May 1st, 2013, 2:50am WST by CircleID Reporter

Posted: April 30th, 2013, 8:25am WST by Sheel Mohnot

Posted: April 30th, 2013, 5:40am WST by Brenden Kuerbis

Posted: April 30th, 2013, 4:35am WST by Venkat Balasubramani

Posted: April 30th, 2013, 4:15am WST by CircleID Reporter

Posted: April 30th, 2013, 3:48am WST by Veni Markovski | Вени Марковски

Posted: April 30th, 2013, 3:44am WST by Paul Budde

Posted: April 30th, 2013, 2:42am WST by Uniregistry

Posted: April 29th, 2013, 11:02am WST by Brenden Kuerbis

Posted: April 27th, 2013, 6:16pm WST by Veni Markovski | Вени Марковски

Posted: April 27th, 2013, 12:34pm WST by Veni Markovski | Вени Марковски

Posted: April 27th, 2013, 12:24am WST by Roland LaPlante

Posted: April 26th, 2013, 3:12pm WST by Paul Budde

Posted: April 26th, 2013, 6:00am WST by Joss Wright

Posted: April 26th, 2013, 2:26am WST by Martijn Grooten

Posted: April 25th, 2013, 1:51am WST by Wout de Natris

Posted: April 24th, 2013, 8:26pm WST by Matthias C. Kettemann

Posted: April 24th, 2013, 10:34am WST by Henry Lancaster

Posted: April 24th, 2013, 3:39am WST by Milton Mueller