Add to these impressive stats the finding from earlier this year that 61 percent of smartphone users search for local business information on-the-go with their mobile devices and you have quite the compelling reason to make sure your local business listings are up to snuff — in both geosocial services and in local search.

Here is a great infographic created by the teams at Localeze, 15miles and comScore featuring some mind-blowing mobile usage stats. You can also download the 5th Annual 15miles/Localeze Local Search Usage Study Conducted by comScore, which was released February 2012, for more information on the importance of So/Lo/Mo for businesses.
2012 Local Search Usage Study – The annual Local Search Usage Study, done in partnership by 15miles and Localeze (conducted by comScore) is a measurement of consumers' search behaviors and how such behaviors affect media-usage trends. (Click to Enlarge)

Written by Erin Bush, Managing Editor at Neustar

Follow CircleID on Twitter

More under: Mobile, Web

Follow CircleID on Twitter

More under: ICANN, Internet Governance

The civil society groups are asking the ITU to:

• Allow sharing of WCIT documents and all preparatory materials, including proposed revisions to the International Telecommunication Regulations (ITRs);
• Open the preparatory process to meaningful participation by civil society in its own right
• Facilitate remote participation in the meeting
• Ask its Member States to open up processes at the national level to solicit public input on the proposed ITR amendments

The interaction between civil society groups and the ITU closely resembles the controversy over the so-called Anti-Counterfeiting Trade Agreement (ACTA). The ACTA treaty was negotiated in secret so that its provisions could reflect the concerns of special interest groups, namely the copyright and intellectual property lobby. The closed process, however, gave the resulting treaty a lack of legitimacy, and that lack of legitimacy led to organnized opposition, the suspension of its ratification in Europe and resistance elsewhere.

There is an important difference between the WCIT and ACTA negotiations, however. In ACTA, the US government and a major segment of the business community (the IPR interests) did not want civil society involved. Indeed, the same pattern is being repeated in negotiating the Trans-Pacific Partnership, another closed negotiating process that sacrifices consumer and exporters’ interests in expanding trade on the altar of intellectual property monopolies.

In the case of WCIT, both the US government and most Internet industry interests want academics and civil society involved. They want their help fending off more control by intergovernmental institutions. Indeed, the U.S. is repeatedly touting “multi-stakeholderism” as the principle underlying its challenge to greater regulation of the Internet by the UN and ITU. But they seem less concerned with the MS principle when copyright, trademark and patent interests are involved. This incident thus demonstrates the inconsistency of US policy regarding global governance institutions. Nevertheless, the reform of the ITU into a more open, accessible process is a worthy goal in and of itself, so allies from industry and government are welcome, whatever their points of departure.

It is unlikely that the ITU will fully accede to the demands put forward in the letter. Speaking at the WSIS Forum in Geneva yesterday, an ITU spokesperson provided rather negative answers to the demand for more openness. According to notes of the meeting, the ITU cannot release documents for free because it conflicts with the ITU business model in which access to documents and participation rights are granted in exchange for membership fees which sustain the organization. He added that the current constitution and legal framework of the ITU doesn’t allow open participation or the release of the documents, and member states have not been willing to change these provisions in the past.

So the civil society letter throws down the gauntlet. Any revision of the ITRs that is produced without the demanded level of transparency and participation is likely to run into the same obstacles as ACTA. Only the obstacles will be much greater, because many industrial and governmental parties who supported (or felt they had to go along with) ACTA would be explicitly opposed to a WCIT-12 revision of the ITRs that had ill effects on the freedom or openness of international telecommunications.

Read full story: SC Magazine

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, DNS, DNSSEC, Malware, Security

The case studies, which cover the Former Yugoslav Republic of Macedonia, Panama, the Philippines, and Romania, look at the effect of broadband connectivity on economic growth and access to basic services like education and health. They offer regulatory guidance and best practices, showcasing success stories and lessons learned.

Romania and TFYR Macedonia both provide strong examples of how adopting pro-ICT policies, establishing effective regulatory frameworks and developing strategic private and public partnerships can play a key role in boosting broadband access, affordability and demand.

A nation with a strong commitment to connectivity as a driver of national growth, TFYR Macedonia already boasts an impressive broadband penetration rate of 32%. Internet access in schools and Wi-Fi-based public Internet access points have been rolled out throughout the country, including remote areas. Schools now offer one Web-enabled computer for every 1.45 children, while university students and academics can freely access knowledge and research resources via the academic network MARnet.

Meanwhile, near-neighbour Romania ranks among the top countries in the world for broadband speed, and scores well for affordability too. The average cost of a baseline monthly broadband subscription represents less than 5% of average monthly income — well within the global targets established by the Broadband Commission last October. Public access is promoted through initiatives like 'Biblionet', which was launched in 2009 and which provides free library-based access through some 795 public libraries equipped with 3,318 computers.

Case studies on Panama and the Philippines, meanwhile, explore the impact of broadband on the economy and on job creation. Both studies evaluate the development of e-applications in the areas of education, public health, media and government services — all of which can help further stimulate broadband adoption.

In Panama, fixed broadband is having a significant economic impact. Analysis of a structural econometric model for the period 2000-2010 indicates that fixed broadband now contributes an annual 0.44% of GDP, with the indirect effects of fixed broadband use estimated to have contributed almost 9.6% of total national economic growth. Accelerating take-up means that this impact has now almost doubled to reach 0.82% of annual GDP, and contributed 11.3% of all economic growth over the decade.

In the Philippines' case study, analysis over the same 10-year period indicates that mobile broadband adoption has contributed an annual 0.32% to GDP, representing 6.9% of total GDP growth for the economy over the past decade. Given the acceleration of mobile broadband penetration since 2005, this impact has also now almost doubled, reaching 0.61% of GDP, representing 7.3% of total economic growth over the decade.

Download the full set of case studies at:
www.broadbandcommission.org/work/documents/case-studies.aspx

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Broadband, Mobile

Talking technical is easy. Distilling technical detail, complex threats and operation nuances down to something that can be consumed by people whose responsibility for dealing with cybercrime lays three levels below them in their organizational hierarchy is somewhat more difficult. Since so many readers here have strong technical backgrounds and often face the task of educating upwards within their own organizations, I figured I'd share 4 slides from my recent presentation that may be helpful in communicating how the world has changed.

The overall context of the hour long presentation was related to the paradigm change from protection back to detection — given the scope and capabilities of modern organized crime. The following slides came from the first quarter of the hour — setting the scene for how protection technologies have failed and what organizations need to do in light of that failure.

In essence, this slide talks about how that adversary has changed from old. Gone are the days of a single hacker looking to break in to an organization and toast all the systems. Sure, some of these guys still exist, but that's not where the threat lies today by any statistical analysis. Instead, what organizations are facing is a complex ecosystem where expertise is plentiful and available for relatively low prices. Most importantly, the adversary is now a professional in every sense of the word and needs to be respected for such. Failure to do so is at your peril.

While the adversary has changed for the worse, so too has the target. Consumerization of IT and BYOD, while buzzwords in every sense of the word, really are fundamentally changing the threat landscape and the ability of organizations to combat sophisticated threats. Speaking with lots of people charged with defending their corporations from within, they really do feel powerless to combat Mac threats, Android malware, etc. or enforce application and desktop policies (for whatever that means in the world of iPads and App stores).

Everything is playing in to the bad guys hands. The devices their targets are using are varied and widespread, they roam and bridge networks, they have hundreds of applications yet few are patched in a timely manner, and the threat of personal information being leached has ensured that encryption of communications is the norm — too bad that those nosey IT security guys can inspect traffic for malicious attacks.

In essence, the onus of securing the enterprise has slipped from the corporate IT folks and landed firmly in to the hands of their enabled workforce — who happen to be poorly suited to the task.

Oh, and then there's the "Cloud". Not the Cloud supplying cheap processing power and high availability mission-critical applications at a fraction of the cost of legacy systems. Rather the Cloud that is the 2nd millennium USB stick — the mechanism for transporting infected files between one device and the next.

IT security departments have invested millions of dollars in their defense in depth strategies. Multiple layers of "protection" (and expense), overlapping redundancies and a continuous stream of alerts have had debilitating effects on thinly-stretched security teams.

Even if those layers of defense had been working, the "solution" for the bad guys was (and is) to "attack in depth". The tools and techniques they now employ are multi-facetted and their complexity is hidden from the attacker. The hard work of innovation and coding was done by some expert far away, and their expertise (along with dozens of others) has been combined into a single campaign.

Last but not least, I talked about the "marginalization of protection". My objective in this part of the discussion was to point out that trying to protect everything has never worked, and will be even less successful going forward. The consumerization of IT and the diversity of devices out there have also forced organizations (including vendors) into an area in which it is simply uneconomical to try and secure.

While effort still needs to be applied to "protecting" the enterprise, my advice is to consolidate those expensive resources around the most valuable things of the organization and only grow outwards from there if you're successful.

In response, organizations need to assume that they are compromised and will continue to be compromised many times over, and often in many interesting ways. The onus shifts to how an organization can rapidly detect a compromise and how seamless the remediation needs to become.

I used to say that the most economical course of action was to simply reimage the computer when you were able to confirm the compromise. Nowadays that may not be quick enough, nor appropriate. Today you should reimage when your threshold of suspiciousness has been reached and, if you can't reimage (e.g. iPads, etc.), then remotely reset the device to factory defaults and wipe any stored content so it can't re-infect itself.

What about those critical devices — such as the CFO's laptop — which can't be reimaged without a lot of disruption? Let's be clear, just because you detected one piece of malware or remote control agent on the device doesn't mean that it's the only one installed. And if you're thinking you can safely remove everything related to the infection, then you're either ill-informed or it wasn't a threat to begin with.

Frankly, if you have critical devices that cannot be reimaged for any reason at the turn of a hat, then you've got bigger problems with your IT operations than mere breaches by professional criminals, and your organization needs to reevaluate its security operations at a fairly fundamental level. If a device is so critical that it cannot be recovered, it most certainly shouldn't be a roaming laptop, accessible via the Internet, and is operated by personnel with higher than average probabilities of being targeted.

Written by Gunter Ollmann, VP of Research at Damballa

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Malware, Security

Yet that's an incomplete picture. At the other major UDRP arbitration provider, the National Arbitration Forum (NAF), 2011 case filings were down 4% in 2011, declining from 2,177 cases in 2010 to 2,082 in 2011. The vast majority of these cases (96.2%) involved gTLDs like .com and .net; cases were concluded an average of 35 days after filing, but some were resolved in as few as 20 days — and 17%, a full one-sixth of filed complaints, were resolved directly by the parties with no need for panel arbitration. (That noteworthy record again raises the question of why a supplemental Uniform Rapid Suspension (URS) process is even needed for new gTLDs, but that's a separate subject.)

So, overall, the WIPO 2.5% increase was balanced out by the NAF 4% decrease and total UDRP filings at the two principal ICANN-accredited arbitration providers were essentially flat in 2011.

The Internet Commerce Association's (ICA's) Code of Conduct condemns intentional cybersquatting, so we are happy to see filings stabilize and would be delighted to see them decline further in the future. But we do think these filing figures need to be calmly placed in the broader context of total domain registrations. And, according to VeriSign's December 2011 Domain Name Industry Brief, domain registrations increased by 8.9 percent in the preceding year.

So, we think it's quite significant that total 2011 UDRP case filings did not increase notwithstanding a near-9% increase in total domain registrations. This marks yet another year in which UDRP filings declined as a percentage of all domain registrations.

While the NAF press release does not include the total number of domains involved in the cases filed with them we can guesstimate that, when we also include the additional second tier UDRP arbitration providers, approximately 9,000 domains were at issue in all 2011 cybersquatting cases filed with all UDRP providers.

That's 9,000 out of a total of about 220 million registered domain names. In other words, for each million domain registrations there are about 41 domains alleged to be cybersquatting in UDRP cases.

We expect that trademark interests will counter that the number of UDRP filings represents just "the tip of the iceberg" of abusive domain registrations, and will also point out that some but not all ccTLDs are subject to UDRP. And we'll concede those points — while also noting that .com and .net registrations totaled 112 million, just over half of all domains, and that these are the gTLDs that attract the most Internet traffic and are therefore most likely to be abused by intentional cybersquatters. So, while UDRP filings are not an exact proxy for the full extent of cybersquatting, they are the best measure we have of instances in which the resulting harm or domain value were judged sufficient by a trademark owner to invest the relatively modest sums of a $1300 filing fee plus associated attorney fees.

We are also well aware of studies — like this from Sophos — indicating that major brand names are subject to significant typosquatting. Despite finding that malware was virtually nonexistent on such websites, that study nonetheless observed that "typosquats are by no means harmless". Yet, other than the 2.7% of typosquatted domains that "fell into the loose category of cybercrime", a significant portion of the remainder of typosquatted websites appear to fall outside the scope of the "bad faith registration and use" standard required for a successful UDRP filing. So it's not just that rights holders have concluded that a particular typosquatted domain isn't worth the monetary cost of filing and pursuing a UDRP — they may have also concluded that they would not prevail. That is, those domains may fall more into the category of annoying nuisance rather than bad faith infringement, and are not generally associated with criminal activities such as phishing or with bad acts such as malware distribution.

Notwithstanding this contextual decline of 2011 UDRP filings, we are quite sympathetic to the costs imposed on brand owners of maintaining portfolios of defensively registered domain names that could be easily cybersquatted if released back for public sale. Reducing this cost is a subject that could certainly be addressed by an open and inclusive UDRP reform process within ICANN — if trademark interests will ever stop working to defer the initiation of such a process.

We'd also point out that if even one-one-hundredth of one percent of all domains registered today were cybersquatting in a manner sufficient to justify a UDRP filing that would currently total about 22,000 domains, and the actual number of UDRP filings last year involved less than half as many domains. In other words, based just on UDRP filings, more than 99.995 percent of all domains are not cybersquatting. That's right, 2011 UDRP filings involved less than one-two-hundredth of one percent of all registered domains. Even if the filed cases understate the incidence of UDRP-violating cybersquatting by a factor of one hundred, the problem would rise to just under one-half of one percent of all domains, with the remaining 99.5 percent being non-infringing.

We note all this not to excuse cybersquatting but to indicate that the problem appears to be small, manageable, and diminishing as a percentage of registered domains year after year based on UDRP filings — and that the UDRP provides a relatively fast and inexpensive alternative to litigation in court. So any trademark interest advocacy for 'rights protections' that are more numerous and stringent than what's already available is not strongly supported by the available evidence.

We'd also note that many ICA member providers of "parking" or other domain monetization services, as well as of secondary domain marketplaces, have established either formal or informal means by which trademark owners can bring alleged infringement claims to their attention and block clearly infringing domains. These services are available at no cost to trademark owners, and should often be their first recourse in advance of filing a UDRP claim.

As for the WIPO press release declaration that, "With the domain name coordinating body, ICANN, allowing for a massive increase in the number of new domains, brand owners' resources will likely be stretched further.", that seems entirely speculative for now — especially since brand owner resources were not stretched further in 2011 with total UDRP filings being flat, and actually declining in the context of an expanding DNS environment. WIPO's statement also ignores the fact that the Trademark Clearinghouse will let trademark owners secure, block, and issue warnings in regard to new gTLD domains in an unprecedented manner to reduce cybersquatting.

So let's wait and see what applications are actually filed for new gTLDs, and then wait to see what registrants they attract and what visitor traffic they generate, and then make a judgment on the impact of new gTLDs on trademark owners that is informed by facts rather than speculation. (We note in passing that NAF's statement makes no similar gloomy predictions regarding cybersquatting at new gTLDs.)

One final thing to remember is that arbitration providers like WIPO can affect the number of UDRP filings by allowing its panelists to alter long-established practices and thereby change UDRP policy in a one-sided manner. For example, recently a WIPO panel ruled that ceat.com must be transferred to CEAT Ltd., an Indian tire company, even though there was scant evidence that the domain had been registered, much less used, in bad faith (See: CEAT Limited, CEAT Mahal, v. Vertical Axis Inc. / Whois Privacy Services Pty Ltd). Another WIPO panel recently ruled in FACI Industries v. BuyDomains.com, Inventory Management that faci.com be transferred to the non-famous metal casting firm of FACI Industries of Bolingbrook, Illinois even though there was ample evidence that the registrant exercised due diligence to avoid infringing the complainant's trademark rights (See: FACI Industries v. BuyDomains.com, Inventory Management). As the dissenting panelist in CEAT stated, "To hold that such a valuable word cannot be used as a domain name simply because "the domain name is a trademark and has no descriptive meaning" is not supported by the Policy and is a very severe restriction on the right to register a domain name that is not contemplated by ICANN in its policies or practices… That is simply a rewriting of the Policy that is entirely unsupported. Clearly, registering a word that both parties say is an acronym and using it for purposes unconnected with the Complainant or its activities does not violate the Complainant's trademark rights or the Policy.”

These rulings open the door to any short domain name that can constitute an acronym for one or multiple organizations being subject to "first to file" UDRP actions encouraged by trademark attorneys. We are already seeing an uptick of new UDRPs related to acronym domains, and if this becomes a flood in the remainder of 2012 — encouraged by the ceat.com and faci.com rulings, which deviate from years of UDRP practice related to acronym domains — does that mean that cybersquatting is up, or that cybersquatting has been unilaterally redefined down by WIPO panelists and that as a result the trademark bar sees a new UDRP opportunity to bring to clients' attention?

These disturbing and controversial acronym domain rulings again illustrate why WIPO and other UDRP providers should reconsider allowing panelists deemed "neutrals' to also serve as advocates for complainants or registrants, given the clear potential for conflicts of interest, and the certain appearance of potential conflicts. It also illustrates that prior decisions should have a more binding precedential effect that they are accorded under the current WIPO Overview. The UDRP process should remain an available remedy for squelching a declining pool of infringing domains, but not permitted to be a mercurial full employment program for creative trademark attorneys.

ICA will continue to press for meaningful UDRP reform, including changes to assure that arbitration "neutrals" do not have inherent conflicts. But for now we are happy to note that total UDRP filings continue to decline as a percentage of all domains and remain a tiny fraction of the overall DNS infrastructure. That's something worth remembering the next time you see allegations that cybersquatting is out of control.

Mr. Corwin serves as Counsel to the Internet Commerce Association

Written by Philip S Corwin, Founding Principal, Virtualaw LLC; Counsel, Internet Commerce Association

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names, ICANN, Internet Governance, Law, Policy & Regulation, Top-Level Domains

So where should we look to find a business case for IPv6?

Over the last year or two, the shift towards cloud computing paradigm has started to make some pretty impressive waves. Although still at a relatively early stage, we are seeing both service providers and enterprises coming out with brand new strategies for public and private clouds. Based on the recent developments, we estimate that by 2015, the way in which applications and network services are consumed will be very different from what it is today. The discontinuity here will be just as big as the Internet was some 15 years ago.

As far as the IPv6 business case is concerned, not many people have realized how critical IP addresses and DNS is for the cloud orchestration process. To commission or decommission a virtual machine, one needs to reserve or to free an IP address, preferably within a window of 300 milliseconds. Further, in order for that newly commissioned virtual machine to be easily accessed, a DNS entry is also needed. With Infrastructure 1.0 utilizing IPv4 spaces managed with Excel spreadsheets, the cloud doesn't scale.

To address this issue, anyone serious about cloud computing will have to come to accept that Infrastructure 2.0 is required in order for the cloud computing paradigm to work as intended. If someone is to make a considerable investment in cloud environment, protecting the investment for at least the next 10 years becomes essential. And the way I see it, this is where IPv6 comes in.

In this light, IPv6 can be viewed as a similar enabler to the cloud as IPv4 was for the Internet. From the business perspective, IPv6 enables the cloud to scale into the foreseeable future. Furthermore, by making IPv6 a standard feature in clouds, organizations investing in them can make sure that their basic architecture will stand the test of time, thereby optimizing the cloud ROI.

Written by Juha Holkkola, Managing Director of Nixu Software

Follow CircleID on Twitter

More under: Cloud Computing, Internet Protocol, IP Addressing, IPv6

Thought leaders across the industry are focusing on transition topics that matter: from economic lifecycles, security, and business continuity to the promising future of the Internet of Things. This is what drives most of us, and those on the front lines in the IPv6 evolution have every right to rise up and celebrate. It's not only a great technological milestone, but a testament to their collective abilities to work together for the greater good of the connected planet.

Today's Internet is the foundation for everything we do and the IPv6 Internet will be too but unfortunately some things never change. While the majority have been busy working on IPv6 for the greater good, evidence makes clear we're likely to come face to face with a growing number of technologists (aka criminals) with malicious intentions. IPv6 hinders them in some ways, but helps them in others. If you have any doubts, a quick search will show a growing number of software tools intended to break or exploit IPv6. Everything we build offers potential for those who are malicious to use their skills for disruption. Security is a continuum and experience suggests it might be worth some cycles to make sure your IPv6 project does not end up on your CEO's shortlist of things that keep them up at night.

Preparing for the transition requires looking beyond just software support and interoperability testing to identifying strategic partners and understanding the long-term cost of ownership. If IPv6 is important to your future you owe it to your business, investors and customers to make sure you have the best technology but are also on the right path with the best, forward looking partners. It's refreshing to see that on the Internet, as has always been the case, a global initiative can transcend the boundaries of political, social, and economic agendas. Maybe we can all even learn a lesson or two from IPv6 on how to tackle some of the critical long-term social and economic challenges facing the world today.

Want to learn more about the transition to IPv6, join us at our webinar on May 30. Click here.

Written by Craig Sprosts, General Manager of Fixed Broadband Solutions at Nominum

Follow CircleID on Twitter

More under: IP Addressing, IPv6, Security