Subscribe: CircleID: Featured Blogs
Added By: Feedage Forager Feedage Grade A rated
Language: English
access  data  domain  facebook  gdpr  icann  internet  model  network  public whois  time  users  whois  wireless  world 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CircleID: Featured Blogs

CircleID: Featured Blogs

Latest blogs postings on CircleID

Updated: 2018-04-17T18:38:00-08:00


ARIN Seeks Caribbean candidate for Board of Trustees


Persons from the Caribbean seeking to contribute to the governance ecosystem of the global Internet can now volunteer for an appointment to the board of trustees of the American Registry for Internet Numbers (ARIN). The call for volunteers will close on April 30 at 5 pm EDT. ARIN is one of five registries worldwide that coordinate Internet number resources. Its region spans the United States, Canada and many countries in the Caribbean. The move by ARIN is intended to address the absence of any representation of the Caribbean region at the board of trustees. "This is in keeping with the ARIN bylaws, which allow the board of trustees at its discretion to appoint an additional voting member to the board for a term not to exceed one year so as to provide more diversity in the board's composition," ARIN said in an April 12 online post. In March, the seven-member ARIN board formed a special committee to recruit and recommend potential candidates for the appointment of an eighth member, from the Caribbean. It is the first time that ARIN is using its bylaws to improve Caribbean regional representation at the highest level of its leadership. The development appears to be part of a deliberate strategy by ARIN to invest in policies and practices that are more representative of its entire service region. "We recognise that our policy development process can only benefit from the inclusion of more voices and perspectives from our constituents in the Caribbean," ARIN President and CEO John Curran said at the registry's public policy meeting in San Jose, California last October. Since then, two women from the Caribbean have been appointed for the first time to ARIN's next-highest decision making body, the Advisory Council. Advisory Council members voted to appoint Barbadian-born Alicia Trotman for a one-year term, starting January 1. Trotman, a senior administrator at Barbados' national telecommunications regulator, described the decision of the council as "a big step forward for Caribbean representation" at the regional Internet registry. Jamaican-born Kerrie Ann Richards was also appointed as an interim member to fill the remainder of the unexpired term of David Huberman, who resigned from the council effective November 17, 2017. Richards' term ends on December 31. In February, to further engage its stakeholders in the Caribbean, ARIN launched an ongoing series of workshops designed to raise awareness of ARIN services and to better understand the needs of the region. On April 19, ARIN is launching a dedicated Caribbean Forum, which will run in parallel with the regional meeting of the Caribbean Network Operators Group, to be held in Miami from April 18 to 20. The registry has also announced plans to expose an even wider Caribbean audience to its mission and community later this year. "The needs of the Caribbean can be very different to those of the US and Canada. For number policy decisions to best reflect the entire ARIN Community, those decisions must include perspectives and participation drawn from the Caribbean," said Wooding. The ARIN call for volunteers to serve on its board of trustees is open to anyone of Caribbean background. No ARIN affiliation or membership is required in order to be considered. But the organisation's website specifies that the desired skill set of potential appointees includes demonstrated leadership experience, relevant board experience, and experience in relevant industry sectors, such as Internet or Telecommunications. "I am really happy that this has happened, although it is unfortunate that it took so long," said Bill Woodcock, who served on the board for 15 years before voluntarily stepping down at the end of 2017. "ARIN used this appointment mechanism at the beginning of 2017 to bring a woman onto the board, and in the election at the end of 2017, ARIN members elected a woman for the first time in twenty years. So we've seen that this path works to overcome the almost insurmountable advantage incumbents have in ARIN elections. I think it's completely logical to use it a[...]

DNS Complexity Lessons


Recently, Bert Hubert wrote of a growing problem in the networking world: the complexity of DNS. We have two systems we all use in the Internet, DNS and BGP. Both of these systems appear to be able to handle anything we can throw at them and "keep on ticking."

But how far can we drive the complexity of these systems before they ultimately fail? Bert posted this chart on the APNIC blog to illustrate the problem —


I am old enough to remember when the entire Cisco IOS Software (classic) code base was under 150,000 lines; today, I suspect most BGP and DNS implementations are well over this size. Consider this for a moment — a single protocol implementation that is larger than an entire Network Operating System ten to fifteen years back.

What really grabbed my attention, though, was one of the reasons Bert believes we have these complexity problems —

DNS developers frequently see immense complexity not as a problem but as a welcome challenge to be overcome. We say 'yes' to things we should say 'no' to. Less gifted developer communities would have to say no automatically since they simply would not be able to implement all that new stuff. We do not have this problem. We're also too proud to say we find something (too) hard.

How often is this the problem in network design and deployment? "Oh, you want a stretched Ethernet link between two data centers 150 miles apart, and you want an eVPN control plane on top of the stretched Ethernet to support MPLS Traffic Engineering, and you want..." All the while the equipment budget is ringing up numbers in our heads, and the really cool stuff we will be able to play with is building up on the list we are writing in front of us. Then you hear the ultimate challenge — "if you were a real engineer, you could figure out how to do this all with a pair of routers I can buy down at the local office supply store."

Some problems just do not need to be solved in the current system. Some problems just need to have their own system built for them, rather than reusing the same old stuff because, well, "we can."

The real engineer is the one who knows how to say "no."

Written by Russ White, Network Architect at LinkedIn

Follow CircleID on Twitter

More under: DNS, Networks

Is Blockchain Causing More Cybersecurity Attacks in the Financial Industry?


There's a lot of misunderstanding about blockchain. A recent study by HSBC, for example, found that 59 percent of customers around the world had never heard of it. Yet, while that alone is quite telling, it's probably more alarming to consider the fact that very same poll revealed that 80 percent of people who had hard of blockchain did not understand what it is. This level of confusion isn't confined to the general population either. Politicians in charge of setting the law around this sort of technology and some traders who are perfectly at home with currency futures are equally in the dark about what this technology is and what it means for the financial industry. There are some who fear that this technology - a digital transaction ledger in which each block is protected by cryptography - poses a security risk. That hasn't been helped, it has to be said, by a number of scams in this market which have caused some to associate blockchain with risk. CoinDesk, for example, demonstrates seven key incidents that attracted attention in 2017 alone. The incidents it highlights — including wallet hacks, ICO fraud and software bugs — cost investors nearly $490 million. But, while it's understandable that these sorts of incidents cause alarm, the general fear around blockchain is misplaced, probably not helped by the fact that this technology is proving 'disruptive' to the old order, promising drastic change to the speed and ease of money transfers. Far from being the cause of problems for the financial industry, this technology might well offer a solution to make the industry safer. Medium writer Redactor demonstrates four key ways in which blockchain technology is improving cybersecurity. These are: Mitigating attacks such as DDoS with a decentralized structure and by not having a single point of failure Protection for IoT devices, which can communicate with enterprise-defined ledgers based on blockchain Providing transparency with permanent records that cannot be altered without creating a data trail (in order for transactions to be finalized they need to be approved more than half of the systems in a network and, when this occurs, the block is given a time stamp and is immutable) Allowing for digital identities, greater encryption and more robust authentication It's fair to say that blockchain is here to stay. It isn't 'just' the technology that underpins Bitcoin and other cryptocurrencies — although this is probably what its most known for — but it is a form of technology that has much wider potential for use in the finance sector and beyond. Rather than ignore it — or treat it as a security threat — the industry needs to identify the potential of blockchain and set to work to use this as a way to add security. This, increasingly, is the case, with banks and big tech firms working on ways to harness blockchain to shelter the data of financial firms and customers alike. Clearly scams shouldn't be ignored — and work needs to be done to crack down on these — but nor should the positive potential of blockchain as a force for security. Written by Patrick Vernon, WriterFollow CircleID on TwitterMore under: Blockchain, Cyberattack, Cybersecurity [...]

GDPR and WHOIS - We've Heard from the Article 29 Working Party, Now What?


Well, here we are on Friday the 13th and I couldn't think of a better way to spend the day than providing an update on GDPR, WHOIS and ICANN. There's lots to cover, so let's dive right in. As we have been talking about for a number of months now, the EU's new General Data Privacy Regulation (GDPR) will become enforceable on May 25th. The ICANN community has been struggling with how GDPR will impact the WHOIS system. This week, ICANN engaged with the Article 29 working party (an advisory board made up of representatives of each of the data protection authorities of each EU member state) to obtain guidance on whether its proposed model is GDPR-compliant. The community was eagerly awaiting this feedback and it was provided to ICANN. The feedback received was, in some ways, predictable. The working party applauded ICANN for proposing an interim model which included an accreditation program for access to non-public WHOIS information; however, the group indicated the purposes for collection of personal data was not sufficiently detailed, and it urged "ICANN to revisit its current definition of "purposes" in light of these requirements." It also stressed to ICANN the need to link each specific purpose of the collection of data to a relevant legal basis. The group also raised concerns with how the access to non-public WHOIS information would be granted and what data elements would be available to those parties. Again, the notion of specific legal basis for access to this data was highlighted, in addition to points about unauthorized access and the overall security of that data. For those who were hoping for some sort of enforcement moratorium or forbearance of GDPR relative to registrars and registries, there was no such mention of that in the communication to ICANN. In the eyes of the Article 29 working party, the enforcement date of May 25th will not be changing. To underscore the scrutiny this subject is getting, the US Commerce Secretary has sent a letter to the European Commission asking for help, "in securing temporary forbearance from GDPR enforcement on the process of WHOIS information." So where does this leave us? At this point, that IS the million-dollar question, and I'd like to make the following observations: While May 25th may be the date of enforcement, that clearly will not mark the end date of this. In its response back to the working party, ICANN boldly stated, "...we are studying all available remedies, including legal action in Europe to clarify our ability to continue to properly coordinate this important global information resource." No one is quite sure what legal action, in this case, would even look like, but that was a rather stunning statement for ICANN to make. And with high-level government officials now getting involved, who knows where this will lead? The WHOIS system, as it has been known for two decades, will cease to exist. Unfettered access to registration information for gTLDs is simply not going to be possible going forward after May 25th. Yes, there are still questions as to what the final model ICANN puts forth will be, but it will certainly drastically change how WHOIS will function. In addition to the global WHOIS system becoming fragmented, I believe that the ICANN community itself will become increasingly fragmented. The contracted parties (registrars and registries) are on the hook for severe penalties for violation of GDPR. They are being conservative in their approach, which is understandable. The main users of WHOIS (namely the Intellectual Property Constituency and the Business Constituency) have proposed an accreditation model for access to non-public WHOIS information to ensure access for purposes such as cybersecurity, intellectual property, and law enforcement, but there has been push-back on that proposal as it was developed by two specific groups within the community and is being done outside of the standard process for policy development. With an enforcement date of May 25th, it[...]

US Congress Re-Launches Treaty Talks on Internet Economy


Final echoes of the US Senate committee's questions of Facebook this week will only fade in the UN Security Council where, in a few years, Member States will adopt a treaty on regulation of the Internet Economy. By opening wide the door to questions on privacy, revenue, security and purpose, Congress showed its well-placed concern and signaled that others can too. Companies must either prepare themselves for the consequences, which follows the predictable arc of most revolutions, or collaborate to try to change the almost inevitable. Bastille Week The Congressional line of questioning will now be repeated — earnestly, tragically, and sometimes farcically — by governments around the world. That has already begun, and portends a patchwork of individual national solutions: a prohibition on fake news in Malaysia, a proposed transaction tax in Europe, a tax on social media use in Uganda. These will confront the Internet Economy with the risk of wildly balkanized rules and regulations that will limit access, curtail content and commerce, and disconnect millions of daily users. Rule of the Moderates Internet companies will react and take the fight to the front lines — many already have. They will (rightly) play for time launching inquiries, listening tours, and testing models of self-regulation. Sheryl Sandberg will wear out two Gulfstream 550s as she makes the case for her firm from Brussels to Bujumbura where, with cohorts of economists, content creators and local stakeholders, she will ably prove again the economic worth and multiplier effect that Internet companies enable. Along the way, she will re-confirm the conviction of many politicians in the local wealth that companies such as hers create. In this way, and for a while, governments will be cowed or convinced that the greatest tool of economic growth yet developed is something not to be handled too roughly. Some will be branded bad actors (as some will be most certainly be), others proclaimed outliers or — a banal moniker that can nonetheless tease the very food from little mouths — unwelcoming investment destinations. For a time, Internet companies will be able to demonstrate that the net cost of regulating them is great, but that the benefits of under-regulation are greater. Reign of Terror Then, as surely as Josh Bolton will unfriend Mike Pompeo, governments that were told they were mistaken in their views will box Internet companies into a checkmate. These questions are too big for Uganda to answer on its own? Regulatory balkanization is a risk to your business model? Then let us reach for an international standard. This is achieved within the UN General Assembly and associated bodies where some tough questions will get answered: how much regulation is too little, how shall I protect my culture, when do I limit citizen access to these addictive tools, and what revenue-transfer model is too lax? And so, after years of waiting to be asked to dance, the General Assembly will launch itself on a wide and graceful reel that will come to a breathy end at the treaty table. Reign of Virtue There, in the multilateral environment, where malign actors will let the International Community take the lead in creating standards for regulation of the Internet and cloud, and (why not, while we're at it?) artificial intelligence, Internet companies will be obliged to negotiate the most favourable terms under which to operate worldwide because that choice will look better than 200 different national codes. Also in that room, defensive now, and showing signs of exasperation, the United States will once again speak eloquently in defence of the Internet companies — their hapless teen years long behind them — after which the delegate from Uganda will click on a forbidden 2018 YouTube link of Senator Chuck Grassley, now in peaceful retirement in Des Moines, and remind the United States who showed them the way. Written by Greg[...]

7th Registration Operations Workshop (ROW), Vancouver, Thursday May 17th 2018


The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system.

The 7th ROW will be held in Vancouver, Canada on Thursday, May 17th 2018 in the afternoon, at the end of the GDD Industry Summit, in the same venue: Richmond Conference Centre, Richmond, BC, Canada. Here is a short list of topics that will be presented and discussed. Others are being confirmed.

  • Verisign's RDAP Pilot Implementation
  • WHOAMI – A Decentralised Alternative to WHOIS
  • Enhancing RDAP filtering capabilities
  • RDAP: Post-GDPR Protocol for Registries

Those speakers are from CentralNic, Registry Central Europe (RyCE), ICANN, IIT-CNR/, Verisign. The attendance is free but registration is required . The ROW Series workshops are sponsored by Verisign and ICANN.

Written by Marc Blanchet, Internet Network Engineer and Consultant

Follow CircleID on Twitter

More under: Domain Management, DNS, Domain Names, ICANN, Registry Services, New TLDs

Why Getting Awards Wrong Undermines the Integrity of the UDRP


The integrity of any legal system depends on the quality of mind of those appointed to administer it. There are expectations that the one judging the facts and applying the law knows what the facts are and what law to apply. Panels appointed to adjudicate disputes under the Uniform Domain Name Dispute Resolution Policy (UDRP) are not held to any lower standard than the judges of courts of competent jurisdiction. They are expected to be neutral and competent. An overall assessment of the decisions from UDRP Panels is that it works well and the decisions are fair. But, from time to time, there are decisions so clearly wrong they demand another look, but the UDRP has no in-house mechanism for appeal. Respondents who have the means have taken their grievances to U.S. district courts under the Anticybersquatting Consumer Protection Act (ACPA) (where there is jurisdiction) and complainants have learned the hard way the cost of overreaching their rights. (If any readers have information about "appeals" to other national courts I would like to hear from you). (Respondents also learn the costs when they defend against UDRP complaints wrongfully dismissed). Unfortunately, not all respondents in UDRP disputes have the resources to "appeal." Such a one (I suspect) will be the Respondent in T & P Holding Company, LLC v. Wendy Webbe and Ancient Holdings, LLC, FA1802001773041 (Forum April 6,2018) (). This is a case so wrongly decided that it has to be discussed and error explained. The Panel is a long-term veteran on the Forum roster of panelists. He has denied a good number of complaints, so he has weighed the difference between "predators and parasites" and "innocent and good faith registrants." These are the bookends the World Intellectual Property Organization wrote into its Final Report (April 1999). What went wrong in this case? First of all, what is the error? The facts as the Panel recites them are 1) Respondent defaulted, 2) Complainant owns an unregistered trademark for YOU ARE OK that dates from 2010, and 3) the domain name does not resolve to an active website. For the Panel item, 3 is the significant factor. However, a significant fact the Panel does not recite is the creation date of the domain name: 2009-01-01 (which he must have known because it is standard practice to include the WhoIs information as an Annex to the Complaint). Paragraph 4(a)(i) requires complainant to prove it has a right. This is easy with registered marks because complainant simply has to attach a copy of the registration to the Annex but not so easy with an unregistered mark which has to be evidenced by some other form of documentary proof. Standing to maintain a UDRP proceeding depends on proof that the mark was used in commerce earlier than the registration of the domain name. The analysis in CSP International Fashion Group S.p.A. v. Domain Administrator, NameFind LLC, D2018-0163 (WIPO March 13, 2018) (claiming cybersquatting for the common expression,) gives a good account of the requirement: Before the Complainant can claim unregistered or trademark status in "myboutique", it must therefore demonstrate that it has acquired secondary meaning. That in turn requires the Complainant to prove that the term "myboutique", in the context, distinctively identifies primarily the Complainant with the goods or services it supplies. The consensus view of UDRP panels as to the sort of evidence required in order to establish unregistered or common law rights is described in WIPO Overview 3.0 at section 1.3 as including "a range of factors such as (i) the duration and nature of use of the mark, (ii) the amount of sales under the mark, (iii) the nature and extent of advertising using the mark, (iv) the degree of actual public (e.g., consumer, industry, media) recognition, and (v) consumer surveys". The Panel in CSP International found Complain[...]

Game Over for Public Whois? Article 29 Gives ICANN the Advice It Asked For


We've talked about the conflicts between our ICANN contract and privacy law in the past. Not once, not twice, but multiple times. We refused to sign the 2013 Registrar Accreditation Agreement (RAA) with ICANN until we'd received a data retention waiver. That decision probably cost us money, but if we have to choose between operating legally or illegally our path is clear. We've also been talking a bit about GDPR, and how WHOIS and various other obligations imposed on us, either directly by ICANN or indirectly through its contracts with the domain name registries, are problematic. So who decides what is permissible when it comes to privacy rules? Short answer: the data protection authorities. If you want to know what the general view of something is, then you need to talk to all the EU DPAs at once which is where the Article 29 Working Party comes into play. They're the body where all the DPAs in the EU go, and they often issue advice as a collective group. If the Article 29 WP make a formal statement on something (and they regularly do), then that statement carries the weight of all 28 data protection authorities of the European Union member states. So you need to take it very seriously. So ICANN decided to ask Article 29 for some specific guidance about WHOIS and how ICANN plans to deal with it in light of GDPR. You can read the original letter here. Article 29 were meeting in Brussels this week, and they not only discussed the ICANN request, but issued formal advice in response to ICANN's letters. The advice is pretty damn clear and isn't exactly "news" for those of us who've been reading Article 29's missives to ICANN over the past decade (and more). There are a few bits in the response that are worth highlighting, but this one, in particular, struck me as being worthy of attention (emphasis added): ICANN should take care in defining purposes in a manner which corresponds to its own organisational mission and mandate, which is to coordinate the stable operation of the Internet's unique identifier systems. Purposes pursued by other interested third parties should not determine the purposes pursued by ICANN. The WP29 cautions ICANN not to conflate its own purposes with the interests of third parties, nor with the lawful grounds of processing which may be applicable in a particular case Basically what they're saying is that ICANN's attempts to retrofit current usage of WHOIS data to data protection law is fundamentally flawed. ICANN's mandate is narrow and if 3rd parties want access to data for reasons outside that narrow mandate ICANN should not be acting as their proxy. Over the past couple of months we've had notifications from multiple country code domain name registries (ccTLDs) about how they're changing the collection, processing, and publication of domain name registration data (I have a separate blog post in the works that will cover a lot of this!) and it's very clear that the current "status quo" is simply not viable. So what does all of this mean? Come the end of May, public whois as we know it will be dead. Game over. This does not come as a surprise to many of us — we've been raising issues with it going back for years. However, the upcoming changes to public whois will upset some people. What will ICANN do? It's not yet 100% clear, but it's pretty clear that they'll have to follow the advice that they requested. (Be careful what you ask for!!) Registrars and registries, including ourselves, are not interested in operating outside the law. Why? It's the law. (Sorry — I couldn't resist the Judge Dredd reference!) ICANN's "interim model" may not be 100% perfect in every way, but with some tweaks, many of us believe it could be viable. Will the "death" of public whois lead to problems? Sure, but let's be realistic and not hysterical about it. There will be some issues th[...]

Holocaust Remembrance Day


Today is Holocaust Remembrance Day. Today we remember that the Nazis rounded up Jews, Roma, political dissidents, and other "undesirables" using the best data and technology of the day and sent them off to concentration camps. We don't normally deal with this type of political reality in ICANN, but now is the time to do so. In 1995, the recently formed European Union passed the EU Data Protection Directive. It was a commitment to the idea that society would never again misuse its data in the destruction of its citizens. Privacy is a fundamental human right. It's true in Europe, and with the passage of comprehensive data protection laws in more than 120 countries, it's been secured as such around the world. On Tuesday, Mark Zuckerberg, Facebook's founder and CEO, sat in front of a joint session of Senate Committees for more than five hours. Again and again, he admitted to his company's sale of the personal data of tens of millions of Facebook users to a private contractor, where it was grossly misused. Zuckerberg was told by Senator Markey and others that new privacy laws are being drafted in the US and, with a pause, he agreed to support many of them. These laws will help raise the privacy rights of US citizens to the level of the rest of the world. But Mark Zuckerberg's company has already been the subject of review. It was Facebook's misuse of European citizens' data that led Austrian lawyer Max Schrems to sue in the European Court of Justice, which led this highest court to strike down the EU-US Safe Harbor as illegal — reaffirming that the transmission of data from Europe to the US and elsewhere must be done in accordance with the law and must be done in ways that protect fundamental right of privacy of EU citizens. Yet privacy rights were not the issue raised in the discussion convened by the IPC/BC on their proposed model for 'accreditation' to access Whois data. Instead, last Friday, we heard - yet again - how to give unlimited access to Whois data to any law enforcement, any cybersecurity firm, any trademark owner; basically to anyone who seeks it. The potential that journalists might use the non-public WHOIS data was recognized and credited; the potential that journalists might be the subject of a fishing expedition by a government or individual they criticized in a publication was not. The IPC/BC lawyers heading the meeting then heard that the GDRP rejects unlimited access to data — and they, in turn, unilaterally rejected the interpretation and advice of the legal advisor to ICANN, in the Hamilton Memo (#3). They told 150 people listening to the meeting that ICANN could give unlimited access to non-public Whois data to those the IPC/BC chose in their accreditation model. We need real community consultation and on neutral ground — at ICANN — where we can again discuss what the law requires and what real compliance involves. Most importantly, we need to stop talking about who wants access to domain name data and start talking about how to respect the privacy rights of registrants. On this day of all days, on this week of all weeks, it's time for ICANN to be on the right side of law, the right side of principle and the right side of history. We hold the personal and sensitive data of almost 200 million domain name registrants. Today we must recognize that the privacy of this data could be the difference between protection and suppression. Written by Kathy Kleiman, President, Domain Name Rights Coalition (DNRC)Follow CircleID on TwitterMore under: Cybercrime, DNS, Domain Names, ICANN, Internet Governance, Law, Policy & Regulation, Privacy, Whois [...]

Routing Attacks on Internet Services


This article was co-authored by Yixin Sun, Annie Edmundson, Henry Birge-Lee, Jennifer Rexford, and Prateek Mittal In this post, we discuss a recent thread of research that highlights the insecurity of Internet services due to the underlying insecurity of Internet routing. We hope that this thread facilitates important dialog in the networking, security, and Internet policy communities to drive change and adoption of secure mechanisms for Internet routing. The underlying infrastructure of the Internet comprises physical connections between more than 60,000 entities known as Autonomous Systems (such as AT&T and Verizon). Internet routing protocols such as the Border Gateway Protocol (BGP) govern how our communications are routed over a series of autonomous systems to form an end-to-end communication channel between a sender and receiver. Unfortunately, Internet routing protocols were not designed with security in mind. The insecurity in the BGP protocol allows potential adversaries to manipulate how routing on the Internet occurs. For example, see this recent real-world example of BGP attacks against Mastercard, Visa, and Symantec. The insecurity of BGP is well known, and a number of protocols have been designed to secure Internet routing. However, we are a long ways away from large-scale deployment of secure Internet routing protocols. This status quo is unacceptable. Historically, routing attacks have been viewed primarily from the perspective of an attack on availability of Internet applications. For example, an adversary can hijack Internet traffic towards a victim application server and cause unavailability (see YouTube's 2008 hijack). A secondary perspective is that of confidentiality of unencrypted Internet communications. For example, an adversary can manipulate Internet routing to position itself on the communication path between a client and the application server and record unencrypted traffic: In this post, we argue that conventional wisdom significantly underestimates the vulnerabilities introduced due to insecurity of Internet routing. In particular, we discuss recent research results that exploit BGP insecurity to attack the Tor network, TLS encryption, and the Bitcoin network. BGP attacks on anonymity systems/Tor: The Tor network is a deployed system for anonymous communication that aims to protect user identity (IP address) in online communications. The Tor network comprises of over 7,000 relays which together carry terabytes of traffic every day. Tor serves millions of users, including political dissidents, whistle-blowers, law-enforcement, intelligence agencies, journalists, businesses and ordinary citizens concerned about the privacy of their online communications. Tor clients redirect their communications via a series of proxies for anonymous communication. Layered encryption is used such that each proxy only observes the identity of the previous hop and the next hop in the communication, and no single proxy observes the identities of both the client and the destination. However, if an adversary can observe the traffic from the client to the Tor network, and from the Tor network to the destination, then it can leverage correlation between packet timing and sizes to infer the network identities of clients and servers (end-to-end timing analysis). Therefore, an adversary can first use BGP attacks to hijack or intercept Internet traffic towards the Tor network (Tor relays) and perform traffic analysis of encrypted communications to compromise user anonymity. It is important to note that this timing analysis works even if the communication is encrypted. This illustrates an important point — the insecurity of Internet routing has important consequences for traffic-analysis attacks, which allo[...]

The 500M Wireless-Only Connections


Around 500M Africans, Indonesians, and Indians are regular Internet users without a landline. Brazil, Indonesia, and Mexico add about 200M more. In total, something like 1B people were wireless-only at the end of Q3 2017. I'm comparing the number of Facebook users (over 250M in India) with the number of landlines (less than 20M in India) for a rough guess at how many are wireless only. In the developed world, 70-90% of all homes have a landline connection, implying fewer than 100M are wireless only. The Global South has about 500M "connections," approximately 450M wireless and 50M wired. The Global North has about 450M. About 65% of Internet users are now in the Global South. The gap is increasing by about 50M/year. With many wireless users on 4G LTE at more than 10 megabits down, wireless needs to be considered to understand the primary connections to the Internet today. In particular, the Global North dominates ICANN, 3GPP (until recently,) and the Internet Society. The U.S. under Trump continues to demand these groups make the rules for the net. The 65% of the world in the Global South think that's reprehensible, particularly as the economic terms of "Internet Governance" are set by the richer countries. In 2012, I predicted that systems virtually excluding the majority of Internet users would prove unstable; we've seen the development of the World Internet Conference & the BRICS events become more important. Russia is setting up their own Internet root. Wired connections are shared among the household. I'm therefore adjusting from ~1B people using wireless only to ~500M "connections." The U.S. in January 2018 had 105M landline net connections and 240M Facebook users. 72% of Americans on the Internet use Facebook. The figure is probably lower where English is not the primary language. That's useful for an approximation, understanding there is at least a 10% margin of uncertainty. I have from Point-Topic the number of landlines and reasonable estimates from GSMA on the wireless phone side. I could have refined these figures with a little more work, as an analyst report would. But the primary sources on the wireless side have a large margin of error. The definition of "Regular Internet User" is unclear. If someone signs on to Facebook and reads the news every day, but uses a 2G phone, should she be included? There are over 100M 2G mobiles on Facebook. Better data welcome. Here are the Facebook figures via Statista and Hootsuite: Originally published in Wireless One. Written by Dave Burstein, Editor, DSL PrimeFollow CircleID on TwitterMore under: Access Providers, Broadband, Telecom, Wireless [...]

Is It Time for a Data Sharing Clearinghouse for Internet Researchers?


Today's Senate hearing with Facebook's Mark Zuckerberg will start a long discussion on data collection and privacy from Internet companies. Although the spotlight is currently on Facebook, we shouldn't forget that the picture is broader: companies from device manufacturers to ISPs collect network traffic and use it for a variety of purposes. The uses that we will hear about today are largely about the widespread collection of data about Internet users for targeted content delivery and advertising. Meanwhile, yesterday Facebook announced an initiative to share data with independent researchers to study social media's impact on elections. At the same time Facebook is being raked over the coals for sharing their data with "researchers" (Cambridge Analytica), they've announced a program to share their data with (presumably more "legitimate") researchers. Internet researchers depend on data. Sometimes, we can gather the data ourselves, using measurement tools deployed at the edge of the Internet (e.g., in-home networks, on phones). In other cases, we need data from the companies that operate parts of the Internet, such as an Internet service provider (ISP), an Internet registrar, or an application provider (e.g., Facebook). If incentives align, data flows to the researcher. Interacting with a company can work very well when goals are aligned. I've worked well with companies to develop new spam filtering algorithms, to develop new botnet detection algorithms, and to highlight empirical results that have informed policy debates. If incentives do not align, then the researcher probably won't get the data. When research is purely technical, incentives often align. When the technical work crosses over into policy (as it does in areas like net neutrality, and as we are seeing with Facebook), there can be (insurmountable) hurdles to data access. How an Internet Researcher Gets Data Today How do Internet researchers get data from companies today? An Internet operator I know aptly characterizes the status quo: "Show Internet operators you can do something useful, and they'll give you data." Researchers get access to Internet data from companies in two ways: (1) working for the company (as an employee), or (2) working with the company (as an "independent" researcher). Option #1: Work for a Company. Working for a company offers privileged access to data, which can be used to mint impressive papers (irreproducibility aside) simply because nobody else has the same data. I have taken this approach myself on a number of occasions, having worked for an ISP (AT&T), a DNS company (Verisign), and an Internet security service provider (Damballa). How this approach works. In the 2000s, research labs at AT&T and Sprint had privileged access to data, which gave rise to a proliferation of papers on "Everything You Wanted to Know About the Internet Backbone But Were Afraid to Ask". Today, the story repeats itself, except that the players are Google and Facebook, and the topic du jour is data-center networks. Shortcomings of This Approach. Much research — from projects with a longer arc to certain policy-oriented questions — would never come to light if we only relied on company employees to do it. By the nature of their work, however, company employees lack independence. They lack both autonomy of selecting problems and in the ability to take positions or publish results that run counter to the company's goals or priorities. This shortcoming may not matter if what the researcher wants to work on and what the company wants to accomplish are the same. For many technical problems, this is the case (although there is still the tendency for the technical community to develop tunnel vision around areas where there is an [...]

The Color of the Net Has Changed


About 65% of 1.5B Internet "connections" are in the Global South, led by the BRICS. The actual number of users is probably twice that. Three quarters are not native English speakers. China has three times as many as the United States. India has more Facebook users than the United States. Vietnam has the fastest growth. See some figures below for why I'm confident Indonesia has more than 100M wireless only. The worldwide figure is greater than 1B wireless only data users, or about 500M "connections," a figure I use for comparisons. Across most of Africa, India, and Indonesia, there are remarkably few landlines. In the early years of broadband, America & Europe strongly dominated. Then Korea and Japan boomed, passing the U.S. by some measures. By 2013, North and South were about even. China had close to twice as many connections as the U.S. Today, China has about three times as many as the U.S. India now has as many users as the U.S. has people, or soon will. The gap is growing because the growth is limited in the developed countries. It's predictable that 75% of Internet users will be in the South. These details from Indonesia are illustrative. The 261M Indonesians nominally have 386M mobile SIMs. Some of that is company exaggeration, and some people have multiple SIMS. There are only 10.4M landlines, including 5.3M with data (source: Point-Topic). 90+% are covered by 4G; 60% can choose from five LTE carriers. There are about ~150M people between age 15 & 54. Most have a cell phone with data. Telcomsel subscribers connect to 4G over 90% of the time, comparable to AT&T in Open Signal testing. There are over 700 languages. The people are Javanese 40.1%, Sundanese 15.5%, Malay 3.7%, Batak 3.6%, Madurese 3%, Betawi 2.9%, Minangkabau 2.7%, Buginese 2.7%, Bantenese 2%, Banjarese 1.7%, Balinese 1.7%, Acehnese 1.4%, Dayak 1.4%, Sasak 1.3%, Chinese 1.2%, other 15%, 95% are literate. 10.3M live in the capital, Jakarta. The economy has been growing at ~5% each of the last four years. The savings rate is a high 32%. A third of the people are still in agriculture. The $12,400 per capita income is comparable to Peru, Venezuela, & Tunisia, but over 20% of youths are unemployed. Income is distributed more equally than, for example, the United States (Gini coefficient of 37 vs. 45). That implies the poor and lower middle class are closer to the average income, affording cell phones. Originally published in Net Policy News. Written by Dave Burstein, Editor, DSL PrimeFollow CircleID on TwitterMore under: Access Providers, Broadband, Mobile Internet, Telecom, Wireless [...]

Today's Internet: More BRICS Than Westerners


55%-60% of landline broadband users are in the "Global South," about 500M. The South is 65%-70% if you include "wireless-only" many of which are 4G LTE at 10 megabits or more (see chart below). The gap is widening rapidly and will increase by well over 70M in 2018. Six large developing countries grew at 5% or more in the last year, compared to only one in the developed world. China is adding ~30M more each year. Most developed countries are between 75% and 95% connected. That leaves little room for growth (see chart below). The strong majority are not native English speakers or European in ancestry. The blue dominating the chart is China, with 313M broadband landlines. That's more than three times as many as the U.S., in red. India added 160M 4G subs in the last five quarters. The developed countries are adding new users slowly if at all. Brazil, Mexico, and Indonesia are less than half connected and can grow at a ferocious rate. Brazil and Africa are flat but will grow again as the economy improves. I wrote this article when questioned about my comment, "Many Internet users, in my opinion, a majority, believe that decisions about the Internet should not be dominated by the U.S. and allies. (Among those who consider the subject.)" The U.S. and Western Europe are now only about ~25% of the Internet, a figure well known to experts. China is about 1/3rd of the Internet. India soon will pass the U.S. in users if it hasn't already. Africa as well. I made a point of saying "in my opinion" because there is no hard data, particularly on the overlap between wireless and wired Internet users in much of the world. 2/3rds of the governments in the world, representing approximately the same % of the world population, identified with the global South in 2012 at the ITU WCIT, which I attended. What do I mean saying Global North & South? Since at least 2012, there has been a clear split among nations on how to govern the Internet. The most common terms are the Global North & the Global South, although the split is not precisely geographical. Australia usually votes with the North and Russia with the South. On the State Department ITAC, the parties are referred to as "The Group of 77" versus "us." The BRICS have taken a leadership role, backed by almost all of Africa, Latin America, the Arab World and Asia. Sometimes It's described as "The Developing World" vs. "The Developed World." It's taboo to say "Rich Countries" vs. "Poor Countries." The essence of the debate is whether the decisions should be made by existing institutions like ICANN, 3GPP, and the giant multinationals ("the market") or by institutions more representative of the world Internet today. There is no way to accurately estimate whether the Internet users in each country agree with their government. My guess is that many of the people in that 2/3rds of the world agree with their governments on this, and hence a majority of the world Internet users. At international events I've attended, the sentiment has often been expressed. I remember sitting with a group of Africans in Dubai. One said, "The Americans, they are so greedy." Heads nodded. But this is anecdotal. It makes sense for most people in poorer parts of the world to not think things should be dominated by the richer countries, especially the U.S. The giant multinationals, most of which are American, rarely higher locally, evade taxes with remarkable efficiency, and moving an increasing amount of income from poorer countries to their home base. I think this isn't right. I have a Rawlsian sense of justice. In addition, while the public presentation of the U.S. is freedom and democracy, the actions of the U.S. government are far more [...]

GDPR and WHOIS - Winners and Losers


I think we are all hoping that when ICANN meets with the DPAs (Digital Protection Authorities) a clear path forward will be illuminated. We are all hoping that the DPAs will provide definitive guidance regarding ICANN's interim model and that some special allowance will be made so that registrars and registries are provided with additional time to implement a GDPR-compliant WHOIS solution. But given that a major registry has recently announced their intention to essentially remove all contact data from publicly accessible WHOIS — things are not looking good for the future of WHOIS. In a week's time, we are likely to know where things stand, but a week is a long time to wait, especially when we are talking about something that has so many different implications and consequences. Instant access to free, publicly-available WHOIS information has been the norm for over 20 years — so to say the coming changes aren't significant is to vastly underestimate what's about to happen. With that, let me gaze into my infamous crystal ball and share with you who I think the GDPR and WHOIS winners and losers will be. The Winners Privacy Advocates – GDPR is a huge win for privacy advocates. For years, these folks have stood up at ICANN meetings and eloquently spoken about the WHOIS system flying in the face of one's right to basic privacy online. They have argued the simple act of registering a domain name should not come with the requirement to publish one's personal contact information in a publicly-available WHOIS database. With GDPR, it becomes clear that registration of a domain name will no longer require publication of personal data in a free and open database. Individuals Who Own Domain Names – If you've registered a gTLD for your personal use within the last few years, you know where I am going with this. The amount of spam and phone calls you've probably received has reached new heights. Under GDPR, while you may still receive unwanted email to an anonymized email address or via a web form, hopefully, phone calls from telemarketers taking advantage of WHOIS details should cease. Fraudsters – While I've long said that information contained within WHOIS records for domains that are used to conduct fraud generally do not contain accurate information, there are sometimes breadcrumbs left behind which can be helpful in tracking down actual individuals, or at a minimum finding associated domain names. Regardless, with GDPR, uncovering ownership becomes much more difficult, and tying groups of domains together will become potentially impossible. Infringers – Undoubtedly, there are registrants who unknowingly register domains containing a famous brand. And of course, there are those who are registering domains leveraging the rights of others to drive traffic to their sites. In either case, these registrants win as it will become much more difficult to identify the individuals who have registered these names, and that may cause a drastic decrease in enforcement actions taken against these domain owners. The ICANN Community – This may seem like an odd one, but the topic of WHOIS and access to domain name registration data has been a topic of debate and contention at ICANN since early on in its history. While maybe not the ideal process for doing so, GDPR may finally "solve" the WHOIS discussion. Clearly not every segment of the ICANN community is going to be pleased with the outcome, but if this is the impetus behind real change that can still result in access to some limited amount of registration data, let's call that a win. The Losers Brand Owners – Without a doubt, enforcement of brands and[...]

Parsing Predatory and Parasitical from Innocent and Good Faith Domain Name Registrants


When the World Intellectual Property Organization began deliberating in 1998 and 1999 about creating an arbitral regime that the Internet Corporation for Assigned Names and Numbers transformed into the Uniform Domain Name Dispute Resolution Policy the curse words of choice were "predators" and "parasites" to describe cybersquatters. (In an early UDRP decision a Respondent who had also featured as a defendant in a trademark case asserted he had "just as much right to own the Domain Names [with typographic variations of the mark] as the person who owns the correct spelling of [the mark]" — Dow Jones & Company, Inc. and Dow Jones LP v. John Zuccarini, D2000-0578 (WIPO September 10, 2000) — he was quickly disabused). Although WIPO recognized in its Final Report that there were also "innocent and good faith registrants" (Paragraph 172), there was no clear law at that time parsing the shades of difference distinguishing good faith registrants from parasites. At the time, the focus was primarily on threats to well-known and famous marks (as it was, incidentally, in the U.S. Congress; the Senate Hearing Report on the Anticybersquatting Consumer Protection Act stated that "[f]amous and well-known marks have been the special target of a variety of predatory and parasitical practices on the Internet.'") The metes and bounds of innocent and good faith registration began with Panels separating the wheat from the chaff by explaining and distinguishing different circumstances such as strength and reputation of mark, location of the parties, manner of use, priority, and other factors that had to be taken into account. This steady accumulation of principles and factors are the marrow of a living jurisprudence we now have. Respondents like the one in the Dow Jones case learned what conduct was predatory; trademark owners similarly learned (or should from the case) that simply having a mark is insufficient to prevail on a claim of cybersquatting.Burden is not a figure of speech! A good example is the overreaching by Guess? in Guess? IP Holder L.P. and Guess? Inc. v. The Web Group, FA1802001770358 (Forum March 20, 2018) (). The Panel found Complainants' arguments were an "attempt[ ] to obfuscate the true facts and to mislead this Panel." "Abusive registration" is applied to registrants who are found (after a merits assessment of the facts) to have infringed complainants' rights by targeting their trademarks or service marks. While the ultimate determination in a UDRP adjudication is a yes or no on cybersquatting, the means of reaching that conclusion passes through a critical assessment of 1) complainant's evidence, not just contentions; and 2) respondent's proof that it has rights or legitimate interests in the domain name or if it does not that it lawfully registered the domain name (as for example it has priority over complainant for the string of characters alleged to be infringing). The WIPO Final Report gave as an example of innocent and good faith registration "[small businesses that are able to show] through business plans, correspondence, reports, or other forms of evidence, that [they] had a bona fide intention to use the [domain] name[s] in good faith." The perception of "small business" conjures a commercial enterprise offering traditional goods and services--there was no secondary market at that time for the buying and selling of domain names so there was no conception in 1999 that Panels would one day construe "small business" to include domain name sellers, although one U.S. federal judge presciently noted that domain names could have independent monetary value unrelated to identical o[...]

A 5G Community Network Strategy for Cuba (and Other Developing Nations)


In a previous post, I suggested that Cuba might be able to leap over 4G to 5G wireless infrastructure using satellite and terrestrial networks for backhaul. While that would require political and policy change, it would be a good fit with Cuban culture and skills. Before talking about Cuba, let me say a bit about wireless generations. Each mobile technology generation used new technology and enabled new applications: 1G: Voice calls 2G: Digital data for text and sending small images 3G: Smartphones for low-quality video, Web browsing, and GPS 4G: High speed, lower latency communication for video streaming and chat and interaction with complex Web content Fifth-generation wireless will be much faster than today's 4G, and latency will be on the order of 1 ms within the 5G network. Radios will be capable of beamforming — rapidly switching focused beams among large numbers of devices — and simultaneous two-way (full duplex) transmission at a given frequency. This will enable real-time applications like control of autonomous vehicles, remote medical procedures and augmented and virtual reality as well as fast file transfer and streaming and other, un-imagined applications. Do not think of this as the evolution of the cell-phone network; think of it as a discontinuity in wireless communication to mobile and fixed users. In addition to enabling new applications, each mobile computing generation uses different frequency bands, and 5G is being designed to use very high frequencies. High-frequency radio waves enable high-speed transmission and small antennas. Being able to fit multiple small, cooperating antennas in a phone or other device (multiple inputs and outputs (MIMO) increases transmission range and speed. However, there is a high-frequency tradeoff — low-frequency waves travel farther and are better able to penetrate obstacles like buildings and trees than high-frequency waves. Small cell on the terrace of a building in BangaloreHigh-frequency networks will require a multi-tier architecture. With the current cellular network, phones and other devices communicate with a relatively distant base station that is connected by fiber or high-speed wireless to the Internet. Fifth-generation wireless will require many "small cell" radios that communicate with those high-capacity base stations. Now back to Cuba (and other developing nations). As of last year, there were 879 cellular base stations in Cuba, 358 of which had been upgraded to support 3G communication. As of 2016, 85.3% of the population was covered by 2G cellular and 47% of the population had 3G coverage. (Note that 2G coverage has barely increased since 2010 and it has been flat since 2012). If they continue rolling out 3G, it should reach the 85.3% fairly soon, but new base stations will have to be added to cover the entire population. Upgrading from 2G to 3G requires new equipment and also more backhaul capacity between a base station and the Internet because 3G transmission speeds are greater than 2G and 3G applications use more data. For most Cubans, it would also require the purchase of a new phone. High-speed, 5G service would require much more backhaul capacity and new phones. In densely populated areas it will be economically feasible to provide that backhaul using fiber, but fiber to support 5G capacity throughout the island would be very expensive. In many locations, satellite connectivity may turn out to be a better backhaul medium than fiber. SES Networks (O3b) will be offering connectivity using their middle-Earth orbit satellites before Cuba is ready for 5G and by the time they are read[...]

We Need to Disconnect from Facebook Right Now


I disconnected for 15 days and it was a gratifying experience... The smartphone has effectively transformed us into cyborgs, we have in our hands a highly efficient computing device equipped with a photo and video camera, microphone, GPS, accelerometer, gyroscope, magnetometer, light and proximity sensors, as well as other features that allow creation of increasingly useful, impressive and addictive applications. Twenty years ago, when we were still "went in" on the Internet through our computers, the maximum mobility was achieved with cumbersome laptops, with their mobility limited to a physical network connection. Today we literally carry the world in our pockets. Our devices are connected twenty-four hours a day, seven days a week, and the whole year, even while we are asleep. We are aware of this new layer, of this new sense  —  our devices can be perceived as a new sense, the eighth sense, since there are theoretical lines that affirm that there is a seventh sense. We live so connectedly that we do not realize we're always carrying a bionic device, the smartphone, wherever we go, literally anywhere. We are always checking our networks, notifications that jump on the screen with their characteristic noises, and when we are not paying attention, they vibrate in our pocket to get our attention. This bionic device, through your apps, offers us many free features such as getting the best route to any destination, making it possible to travel anywhere in the world, measuring and recording our physical and physiological data using other bionic devices connected to our body, or monitor our home through connected devices, interact through social networks, surf the internet, plan anything, manage our work, and more, all we have to do is give our data and our autonomy in return. And the social networks? They call it social interaction, an individual looking at a color screen, socializing through a kind of metaverse, where he can interact silently in a frenetic and noisy environment. It is undoubtedly a metaverse because all socialization in these networks is mediated by complex algorithms. These algorithms, or better, a set of algorithms, take care of recording everything you do, every click, like, comment, sharing, reading, friend, group, page, absolutely everything they record. These records are compared to countless others that have been collected from other users, creating such a precise profile that only about 300 likes allow Facebook know more about you than your partner. Knowing it so well, the algorithms will offer you such rewarding social experiences, which will keep you ever more faithful, and addicted. In addition to giving him good experiences, Facebook's algorithms can influence his mood, his opinion, his perception of the world, his main goal is to obtain revenue for his interactions, only from July to September last year he earned 10.14 billion of dollars in advertising, for this he needs you to interact more, and according to neuroscientist Molly Crocket, the most efficient way to do this is to present a post that literally provokes you. By doing this, it ensures that you will react and produce a buzz in your personal bubble of friends. According to Crocket, social networks in this process provoke us into an emotional roller coaster, and the consequences of this are not yet known. In fact, Facebook is the largest social laboratory in the world, studying and recording absolutely everything about more than 2 billion people (profiles), it has super detailed profiles by segments and even individuals of the most diverse cultures, t[...]

Facebook vs. Domain Names: Lessons from Cambridge Analytica


The current revelations about Cambridge Analytica's use of Facebook data illustrate an important drawback to using a Facebook account as your business' online presence: Facebook knows and sells your customers! Millions of companies — especially small companies and start-ups — rely on a Facebook account for their online presence. On the surface, it seems like a great idea: it's free; it's interactive; lots of prospects have access; and it makes you look savvy. In the aftermath of the Cambridge Analytica meltdown, however, business owners are wise to reconsider this reliance on Facebook for 3 reasons: Facebook owns all the data about your Facebook presence: they collect it, they study it, they package it. They know everyone who "likes" you, all their comments, all THEIR friends, everything! Facebook shares little of this information with YOU: yes, you can see how many likes you get, but that's about it. These are YOUR customers, but the information about them is NOT yours — it's a Facebook asset. Remember the adage: if the product is free, YOU are the product. Facebook will sell your customers to your competitors: Your competitors can target YOUR customers with ads. If your competitors buy this service, they can put ads in front of your customers whenever your customers log into Facebook. Do you want your customers to be precisely targeted by your competitors? The easy, affordable and sustainable alternative is to buy your own domain name and put up your own website. Today, there are over a thousand alternative "extensions" to meet your needs. If you want to show information, choose a .info site; if you are a professional, choose a .pro; if you are a club, choose a .club — domain names today include may descriptive terms to help customers find and remember you. For less than $50 a year, you can recapture control of your online identity. Many online domain name retailers also have easy website builders, email services and other tools to help you get a credible, useful internet presence that YOU own (not Facebook). You'll get all the data about your visitors, and they will be protected from Facebook's data mining and selling practices. With your own domain name and site, you don't need to worry about Facebook collapsing — your online presence is in your control, not theirs. Today's Facebook revelations are a good reason to review your online presence and make sure it serves YOU, and not Facebook and your competitors. A version of this post was originally published in The Domain Name Association (DNA) blog. Written by Roland LaPlante, Senior Vice President and Chief Marketing Officer at AfiliasFollow CircleID on TwitterMore under: Domain Names, Privacy, Web [...]

ICANN IPC & BC to Host Cross-Community Call on Accreditation/Access Model for Non-Public WHOIS Data


The ICANN Intellectual Property Constituency (IPC) and Business Constituency (BC) will be hosting a community-wide discussion regarding the proposed accreditation and access model for non-public WHOIS data, which was first circulated to the community during ICANN 61. The discussion will take place via ICANN-supported remote participation and/or audio bridge this Friday, April 6, 2018, from 1400-1600 UTC. Please find the formal invitation regarding this event below with the pertinent participation details. In addition to this initial community-wide discussion, stakeholders can provide written comments on the accreditation model proposal to, with a copy to INVITATION: DISCUSS THE ACCREDITATION AND ACCESS MODEL FOR NON-PUBLIC WHOIS DATA Friday 6 April, 1400 – 1600 UTC On Friday 6 April at 1400 UTC, the Business and Intellectual Property Constituencies are hosting a two-hour call to seek further input on the Accreditation and Access Model for Non-Public WHOIS Data. The goal of the call is to seek additional comment and stakeholder participation in evolving the model for accreditation and access to non-public WHOIS data, which is to be implemented in parallel with the Proposed Interim Model for GDPR Compliance and other efforts to comply with the General Data Protection Regulation (GDPR). To join this call, please send an email to Community participation is key, so feel free to distribute this invitation. Please come prepared to discuss the Accreditation and Access Model and comments, and help the community meet the above-stated goal. Also, please note that the call will be recorded, transcribed, and publicly posted and archived. The discussion of a potential accreditation model began during ICANN 61 in San Juan and will surely continue after this week, so there will be ongoing opportunities to provide feedback regarding the accreditation model. This effort is not a GNSO-chartered policy project and is separate from the work of the GNSO's Policy Development Process Working Group on a Next-Generation Registration Directory Service to Replace WHOIS. Written by Brian Winterfeldt, Founder and Principal at Winterfeldt IP GroupFollow CircleID on TwitterMore under: DNS, Domain Names, ICANN, Internet Governance, Policy & Regulation, Whois [...]