Subscribe: CircleID: Featured Blogs
http://www.circleid.com/rss/rss_comm/
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
domain names  domain  fcc  internet  law  names  net neutrality  network  neutrality  new  panavision  today  udrp  year 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CircleID: Featured Blogs

CircleID: Featured Blogs



Latest blogs postings on CircleID



Updated: 2017-12-09T04:25:00-08:00

 



A Digital 'Red Cross'

2017-12-08T20:25:00-08:00

A look into the past reveals that continuous developments in weaponry technology have been the reason for arms control conventions and bans. The banning of the crossbow by Pope Urban II in 1096, because it threatened to change warfare in favour of poorer peasants, the banning of poisoned bullets in 1675 by the Strasbourg Agreement, and the Geneva protocol banning the use of biological and chemical weapons in 1925 after world war 1, all prove that significant technological developments have caused the world to agree not to use certain weapons. Today, another technology, the cyberspace, poses a new and unique threat. Unlike in the past where there was a separate battlefield, free of civilians, the cyberspace is us, everyone using the Internet. We have seen cyber threats evolve from criminals trying out new ways of robbery and extortion to nations states increasing interested and carrying out cyber attacks. Attacks like those on Sony Pictures in 2014, just because they exercised freedom of speech, the Russian attack on the Ukranian power grid in 2015 and even the 2016 cyber attack on the American political system are testaments to this fact. With 4 billion users and multi-million dollar businesses depending on the Internet ecosystem, policies that preserve the open, stable and secure Internet is important. That is why Microsoft president, Brad Smith called for a digital Geneva Convention earlier this year. If the Microsoft President's claim, that "74 percent of the world's businesses expect to be hacked each year" are indeed true, then the private sector has reason to worry. A digital Geneva convention to protect civilians on the Internet where the private sector is neutral and first responders is necessary. A convention that mandates nations not to cyberattack the private sector nor a nation's critical infrastructure. And just like it was resolved in the 1949 Geneva convention for a neutral and independent organization to ensure humanitarian protection and assistance in times of war and conflict, the digital convention should bring together actors from public and private sectors to create a neutral and independent organization that can investigate and attribute attacks to specific nations. Publicly sharing such information might deter nations from engaging in attacks. A lot of progress has already been made by companies like Google, Microsoft and Amazon in fighting cyberattacks especially in areas like spam and phishing attacks but more still needs to be done. A collaborative effort from the private sector will achieve a lot more as first responders to nation-states cyberattacks. A commitment of a hundred percent defense and zero offense by the tech industry — as recommended by the Microsoft President, must be collectively made. Written by Tomslin Samme-Nlar, Technology ConsultantFollow CircleID on TwitterMore under: Cyberattack, Cybercrime, Cybersecurity, Internet Governance, Law, Policy & Regulation [...]



WHOIS: How Could I Have Been So Blind?

2017-12-08T07:41:00-08:00

A colleague was recently commenting on an article by Michele Neylon "European Data Protection Authorities Send Clear Message to ICANN” citing the EU Data Commissioners of the Article 29 Working Party, the grouping a determinate factor In the impending death of WHOIS. He is on point when he said: What the European Data Protection authorities have not yet put together is that the protection of people's mental integrity on the Internet is not solely due to the action of law enforcement, but a cast of others (anti-spam/abuse initiates, DDoS mitigation, etc.) who are not law enforcement but do rely upon visibility into the DNS Whois to perform their services. But then goes on to write: … it is apparent that such position lacks consideration of the impact to other fundamental rights provided by the Union. and thus misses the point, and worse yet, fails to sup upon the delicious, delicious irony. Their well-meaning initiatives are subject to a much higher court, the court that administers The Law of Unintended Consequences. Deprecate WHOIS, and so doing, deprecate the very privacy you are seeking to protect. I consider spam to be a common, but mild invasion of privacy, a misuse of personal information, better put. To expect law enforcement to magically become aware of the millions of spam attacks totaling billions of electronic messages of all types that occur daily is either naive or insane. Or so I had thought: I just now had an epiphany, a revelation! I've been looking at this all wrong. Clearly, the EU has set aside massive amounts of money to hire the army of new law enforcement personnel necessary to investigate spam attacks. Obviously, the universally beloved EU Data Commissioners have made expertly-crafted anti-spam laws and creative new international legal frameworks foremost in the docket, ready to be deployed in the coming months. I can't imagine otherwise, nor is the notion conceivable that these wise and exalted Data Commissioners, paragons in every respect, do not have a really fantastic rabbit up their sleeve (or up somewhere), to fully address the open question of what happens when the imminent WHOIS closure causes current spam protection mechanisms and operations teams, dependant to a great degree upon WHOIS to fail; unable to stop untold billions of malicious emails May 29, 2018. No. I won't have a word of it! Between the time the spam is launched at a network and the time these new super-cybercops arrest the criminals with their newly-minted laws, between those points in time, and between those spam and their intended recipients are soon-to-be hobbled spam filters that rely upon WHOIS data. But since that telemetry will be lost, the DPs (using that term in the adult video sense seems to make sense, since all this cleverness will serve to address several holes) must have some new secret technology to protect networks and individual users, slated to be launched May 28, 2018. I can't WAIT to see what they've come up with! A heretofore unknown, top-secret FUSSP* spam filter that will make up for any shortfalls choking the living crap out of WHOIS will accomplish is undoubtedly ready to roll. * Final Ultimate Solution to the Spam Problem At risk of sounding a little cynical, this is also a great personal boon. I consult with law enforcement agencies globally and train them in investigation techniques, so I expect more major new contracts than I can possibly handle. My prices must go up; I adjusted my price list for a 3 x increase June 01, 2018. Too little? So confident am I in the EU Data Commissioners, who enjoy Papal-grade infallibility to have foreseen all angles, I've put in for one of those fancy new Aston Martin Valkyries (although the new Tesla Roadster is tempting, too ... bah. I can afford them both!) It will be like having my birthday at the end of May, I'm certain. I am a little concerned about the Registrar Industry though. Their sheer selflessness, emblematic in their willingness to so readily accept the massive losses to their revenu[...]



"Restoring" Internet Freedom for Whom?

2017-12-06T12:39:00-08:00

Recently, a colleague in the Bellisario College of Communications asked me who gets a freedom boost from the FCC's upcoming dismantling of network neutrality safeguards. He noted that Chairman Pai made sure that the title of the FCC's Notice of Proposed Rulemaking is: Restoring Internet Freedom. My colleague wanted to know whose freedom the FCC previously subverted and how removing consumer safeguards promotes freedom. With an evaluative template emphasizing employment, innovation and investment, one can see that deregulation benefits enterprises that employ, innovate and invest in the Internet ecosystem. However, the Pai emphasis lies in ventures operating the bit distribution plant reaching broadband subscribers. The Chairman provides anecdotal evidence that some rural wireless Internet Service Providers have curtailed infrastructure investment because of regulatory uncertainty, or the incentive-reducing impact of network neutrality. If the FCC removes the rules, then rural ISPs and more market impactful players like Verizon and Comcast will unleash a torrent of investment, innovation and job creation. O.K. let us consider that a real possibility. Let's ignore the fact that wireless carriers have expedited investment in next-generation networks during the disincentive tenure of network neutrality requirements. To answer my colleague's question, I believe one has to consider ISPs as platform intermediaries who have an impact both downstream on end users and upstream on other carriers, content distributors and content creators. My research agenda has pivoted to the law, economics and social impact of platforms. Using the employment, innovation and investment criteria, the FCC also should have considered the current and prospective freedom quotient for upstream players. Do nearly unfettered price and quality of service discrimination options for ISPs impact upstream ventures' ability to employ, innovate and invest more? Assume for the sake of discussion that ISPs can block, throttle, drop and prioritize packets. A plausible, worst case scenario has an innovative market entrant with a new content-based business plan less able to achieve the Commission's freedom goals. Regardless whether you call it artificial congestion, the potential exists for an ISP to prevent traffic of the content market entrant from seamless transit. The ISP could create congestion with an eye toward demanding a surcharge payment, even though the market entrant's traffic had no possibility of itself creating congestion. The ISP also might throttle traffic of the innovative newcomer if its market entry might adversely impact the content market share and profitability of the ISP, its affiliates and its upstream content providers that previously agreed to pay a surcharge. Of course network neutrality opponents would object to this scenario based on the summary conclusion that an ISP would never degrade network performance, or reduce the value proposition of its service. The airlines do this and so would an ISP if it thought it could extract more revenues given the lack of competition and the inability of consumers on both sides of its platform to shift carriers. ISPs do not operate as charities. The FCC soon will enhance their freedom which translates into higher revenues and possibly more customized service options for consumers willing to pay more. Before the FCC closes shop and hands off any future dispute resolution to the generalist FTC consider this scenario. Subscribers of Netflix, or the small content market entrant discussed above, suddenly see their video stream turn into slideshows. The FTC lacking savvy as to the manifold ways ISPs can mask artificial congestion and network management chicanery orders an investigation with a "tight" six-month deadline for reported findings. Just how long after the onset of degraded service will video consumers get angry and cast about for a villain? Might the list of candidates include Congress, the FTC and FCC? Written by Rob Frieden, [...]



Eliminating Access to WHOIS - Bad for All Stakeholders

2017-12-06T09:23:00-08:00

Steeped deep in discussions around the European Union's General Data Protection Regulation (GDPR) for the past several months, it has occurred to me that I've been answering the same question for over a decade: "What happens if WHOIS data is not accessible?" One of the answers has been and remains the same: People will likely sue and serve a lot of subpoenas. This may seem extreme, and some will write this off as mere hyperbole, but the truth is that the need for WHOIS data to address domain name matters will not disappear. Without the WHOIS system to reference — including automated access for critical functions — there will be no starting point and nowhere else to turn but to the registries and registrars who would need to address requests on ad-hoc and non-standardized terms. Contracted parties concerned with the cost of doing business should take note! Today WHOIS data is used to: resolve matters involving domain name use/misuse/ownership; conduct investigations into the myriad of criminal activities involving domain names; carry-out day-to-day business transactions such as the routine tasks associated with managing domain name portfolios; buying and selling domain names; and protecting brands and IP — just to name a few uses. Creating barriers to WHOIS access for such uses would unnecessarily increase risks and disputes for domain name registrants and create enormous burdens on all stakeholders — not the least of which would include significantly increased registry and registrar compliance burdens with substantial additional expenditure of resources. Simply put, unless an automated system for obtaining or verifying registrant contact information is maintained, we are likely to force a situation where parties need to pursue unprecedented quantities of Doe suits and subpoenas, and enter into motion practice (e.g., motions to compel) to access registrant data. This is simply unnecessary! The GDPR offers bases for maintaining a system for obtaining or verifying registrant contact information, including within Art. 6(1)(b) (performance of a contract), Art. (6)(1)(e) (performance of a task carried out in the public interest), and Art. 6((1)f) (legitimate interests). Moreover, having anticipated the GDPR and debated for nearly two decades the privacy aspects and concerns raised by the WHOIS system, the ICANN community has already produced numerous detailed recommendations that go toward addressing many of the concerns under discussion today (e.g., Final Report from the Expert Working Group on gTLD Directory Services: A Next-Generation Registration Directory Service). The existing ICANN community work product should be leveraged to simplify the task of accommodating existing contractual obligations and the GDPR with a model or "Code of Conduct" that reconciles the two. A Code of Conduct (as allowed for and encouraged under Articles 40 and 41 of the GDPR) is an especially attractive and efficient means for associations or other bodies like ICANN representing controllers or processors to demonstrate compliance with the GDPR through binding and enforceable promises that can be developed, approved, and enforced in a uniform manner — reducing risk and creating market efficiencies for all involved through reliance on a uniform "code" that has European Commission approval. I'm hopeful that before our community heads down a path that could result in a system with fewer benefits for all stakeholders, we recognize that the WHOIS system is an important tool maintained and used to serve the public interest and that we work together to preserve this system in a manner that reconciles existing contractual obligations and the GDPR for the benefit of all involved. Written by Fabricio Vayra, Partner at Perkins Coie LLPFollow CircleID on TwitterMore under: Domain Names, ICANN, Law, Policy & Regulation, Whois [...]



2017 Domain Name Year in Review

2017-12-06T08:23:00-08:00

Given that it's been a few years since my last domain name year in review, I've really enjoyed looking back at this year's biggest domain name stories and seeing how this industry has evolved. This year, in particular, has seen some notable changes which are likely to impact the domain name landscape for years to come. So without further ado, here is my list for 2017: * * * 10. Mergers and acquisitions continue to shape the domain industry landscape Earlier this year, Onex Corporation and Baring Private Equity Asia announced their acquisition of MarkMonitor, and Vespa Capital announced their investment in Com Laude and Valideus. In addition, Donuts announced their acquisition of Rightside Group. It appears that more than ever, investors see the value in the domain name industry's recurring revenue models. 9. .Com domains still fetching low seven-figures on the secondary market According to DNJournal, .com domain names such as fly.com, freedom.com and ETH.com are still commanding low seven-figures on the secondary market. While there may be some softening in the market, those who can afford to wait for the right buyer can still strike it rich. 8. Some .Brands begin actively marketing with their TLDs While the floodgates haven't exactly opened, there are now a number of well-known .Brands which are actively leveraging their TLDs including Fox, Barclays and AXA with thepredator.fox, home.barclays and fizzy.axa, respectively. Although most notable is Amazon with their highly visible campaign for buildon.aws. 7. New gTLD registrations stand at 23.5 million domain names Down from a high of 29.4 million registrations in April of this year, new gTLD registrations total 23.5 million domains as of today. According to nTLDstats.com, there are 1223 new gTLDs of which the top 5 TLDs by registration are currently .xyz, .top, .loan, .club and .win. Approximately 61.4% of new gTLD registrations are parked. 6. .Com and .net new domain registration growth slows The Q2 2017 Verisign Domain Name Industry Brief reported that, ".Com and .net TLDs had a combined total of approximately 144.3 million domain name registrations" representing a 0.8 percent increase year over year. The same report for the previous year stated, that ".com and .net TLDs experienced aggregate growth, reaching a combined total of approximately 143.2 million domain name registrations" representing a 7.3 percent increase year over year. 5. Greater representation of IP interests at ICANN With the appointment of Sarah Deutsch to the ICANN Board and Heather Forrest to the Chair of the GNSO Council, representation of IP interests at ICANN has never been greater. Sarah is currently Senior Counsel at Winterfeldt IP Group, bringing more than 30 years of experience in intellectual property law. Heather Forrest is an Associate Professor in Law at the University of Tasmania. 4. Expired domain results in critical outage Always shocking are stories of outages resulting from expired domain names. While not the only outage this year, Sorenson Communications in Utah failed to renew a critical domain which resulted in an outage to critical services such as 911 for those with hearing or speech disabilities. As a result of the outage, Sorenson was required to reimburse the FCC $2.7 million and pay fines of $252,000. 3. Federal officials raid the .Cat registry amidst political turmoil In September of this year, the Spanish government ordered the .Cat Registry to remove all .cat domains being used to support the Catalan independence referendum. In a raid by federal officials, .Cat's Director of Innovation and Information Systems, Pep Masoliver was arrested and subsequently released after more than 60 hours of detention, accused with charges of embezzlement, prevarication and disobedience. 2. ICANN delays KSK rollover According to ICANN, "The changing or 'rolling' of the KSK Key was originally scheduled to occur on 11 October, but (was) delayed bec[...]



Internet Regulation in the Age of Hyper-Giants

2017-12-05T12:00:00-08:00

As we enter the seventh round of the net neutrality fight, advocates continue to make the same argument they've offered since 2002: infrastructure companies will do massive harm to little guys unless restrained by strict regulation. This idea once made intuitive sense, but it has been bypassed by reality. Standing up for the Little Guy When Tim Wu wrote his first net neutrality paper, the largest telecoms were Verizon, AT&T, and SBC; they stood at numbers 11, 15, and 27 respectively in the Fortune 500 list. Microsoft, Apple, and Amazon ranked 72, 325, and 492; Google was an unranked startup and Facebook wasn't even an idea. Today these five are America's largest corporations, with combined market caps in excess of three trillion dollars. Smaller tech companies have thrived beyond our wildest dreams. The Internet as We Knew It The rise of these powerhouse companies to economic dominance brought massive changes to the organization of the Internet. In the early days of the web, companies housed their websites on single computers located in well-connected hosting centers. They reached the Internet in essentially the same way consumers do today: companies paid specialized Internet Service Providers who connected to each other over backbones operated by still more specialized companies such as WorldCom and Level 3. The neutrality concept was limited to the connections between ISPs and backbone companies. Neutrality made sense, even if it was never the only way to run a railroad. The New Internet Backbones are disappearing from today's Internet. Small companies use Content Delivery networks such as Akamai to accelerate their pages by connecting directly to ISPs in multiple locations. The Big Five have their own private CDNs, connecting as the public providers do. Hence, the traditional distinction between scrappy content companies and Big Telecom is much less meaningful. Relationship Status: It's Complicated This is a bitter pill for career telecom policy wonks to swallow because the content vs. carriage distinction has been a hallowed principle of telecom policy since the FCC's first "Computer Inquiry" in 1966. To make things even more complicated, the Big Five are increasingly invested in providing services to competitors. Amazon's industry-leading cloud computing service, AWS, is indispensible to its video streaming rival Netflix. The End of the Internet Congress discovered net neutrality in 2005 when advocacy groups insisted offhand remarks by phone company officers were portents of doom. Congressman Ed Markey (D, Mass.) and others offered net neutrality bills touted as indispensible. Chief talking point: "It's the end of the Internet as we know it." Senator Al Franken (D, Minn.) wants to apply net neutrality to websites, and others want to apply it to new CDNs and protective infrastructure services such as Cloudflare. Calls for expansion of net neutrality's reach make a curious kind of sense, given new business models and the reorganization of the Internet. Cloudflare claims the power to reduce the speed of individual Internet users, such as FCC chairman Ajit Pai. Simple Rules for Complex Times More than anything else, net neutrality is a prediction, holding that deregulated ISPs would destroy the Internet. They're claimed to have unique incentives to harm innovation as well as unparalleled power. While the FCC has paid lip service to its importance from time to time, prior to 2015, the Commission did little of lasting significance to carry it out. The Internet has thrived in a largely deregulated legal regime regardless. But it's not devoid of problems. Not only does fake news affect elections, the Internet is friendly to crime and has become highly concentrated. The prediction that the Internet's decentralized nature would be the end of intermediaries didn't exactly pan out. In Praise of Chaos But we should never expect the Internet to[...]



Innovation Today is IN the Network

2017-12-05T11:30:00-08:00

The largest and most important global information infrastructure today by any measure is clearly the global mobile network and all of its gateways, services, and connected devices. That network is standardized, managed, and energized by a combination of the 3GPP and GSMA. The level of 3GPP industry involvement and collaboration today probably exceeds all other telecom, internet, and assorted other bodies put together… and then some. Nowhere was this better demonstrated than the stunning 3GPP standards mega-meeting this past week in Reno — and the message was clear: innovation today is *in* the network. There were 14 groups covering every segment of the global infrastructure meeting in parallel. Nearly 10,000 input contributions from 268 different companies and their subsidiaries (plus significant contributions from government agencies in China, Europe, and a few in the U.S.) were submitted. In a number of cases, companies have created a dozen different subsidiaries and sent people from all of them. There were a total of 2,756 people in Reno from basically every provider and vendor worldwide. As new network-based services and technologies like NFV and 5G scale globally, these groups now meet every 60-90 days at different locations around the world. Some groups are even holding "bis" and "ter" meetings in-between. What is even more significant, however, are the new innovative platforms being instantiated in infrastructure, services, devices, and radio access networks. 3GPP is subdivided into three major divisions: SA (infrastructure and services), CT (edge/end-user devices), and RAN (radio access networks and gateways). SA had 2,096 inputs, CT — 990, and RAN, an amazing 6,827 inputs. The security group SA3, alone, had 411 input contributions. A virtual cornucopia (no pun intended) of new capabilities are being baked into the network infrastructures and gateways that provide enhanced performance and security for end users, and greater resiliency overall to meet national and regional policy objectives. An increasingly apparent observation from multiple technical, standards, industry, and legal/regulatory developments unfolding today is that a paradigm shift is underway towards "innovation in the network." Those 10,000 input documents into the 3GPP meetings last week and the FCC's removal of 19th-century NetNeutrality regulation are prominent bellwethers. Even at the prominent university engineering schools, a new generation of professors are devising curricula and turning out a new generation of professionals and lots of published papers exclaiming that the innovation is *in* the network. In addition to all those contributions and new work items in the principal industry venue, 3GPP, vendors are also pushing new products into the provider marketplace as can be seen in the dramatic rise of network middlebox patents. Even a cursory search of Google, Google Patents, and Google Scholar produces stunning results of the trends. Of course, NFV-SDN rollouts are all about the same thing. Part of that paradigm shift arguably involves a hard reality that it will be increasingly providers in the networks or at data centers orchestrating network capabilities. The NFV industry standards organization is today the second most active body, and it works closely with 3GPP. The nonsensical myth promulgated by self-serving internet religious that innovation only occurs at the "edges" is finally disappearing down the "alt-truth" rabbit-hole. The strange internet-centric world that came into fashion 20 years ago — especially prominent in Washington — is ending. It is worth noting that a pendulum swing in network architectures has long been evident. Forty years ago, one of the real networking legends, Larry Roberts, would appear at closed government meetings hosted by MITRE with lots of charts and graphs portraying "Robert's Law." He argued that [...]



Voluntary Reporting of Cybersecurity Incidents

2017-12-05T03:47:00-08:00

One of the problems with trying to secure systems is the lack of knowledge in the community about what has or hasn't worked. I'm on record as calling for an analog to the National Transportation Safety Board: a government agency that investigates major outages and publishes the results.

In the current, deregulatory political climate, though, that isn't going to happen. But how about a voluntary system? That's worked well in avaiation — could it work for computer security? Per a new draft paper with Adam Shostack, Andrew Manley, Jonathan Bair, Blake Reid, and Pierre De Vries, we think it can.

While there's a lot of detail in the paper, there are two points I want to mention here. First, the aviation system is supposed to guarantee anonymity. That's easier in aviation where, say, many planes are landing at O'Hare on a given day than in the computer realm. For that reason (among others), we're focusing "near misses" it's less — revelatory to say "we found an intruder trying to use the Struts hole" than to say "someone got in via Struts and personal data for 145 million people was taken".

From a policy perspective, there's another important aspect. The web page for ASRS is headlined "Confidential. Voluntary. Non-Punitive” — with the emphasis in the original. Corporate general counsels need assurance that they won't be exposing their organizations to more liability by doing such disclosures. That, in turn, requires buy-in from regulators. (It's also another reason for focusing on near-misses: you avoid the liability question if the attack was fended off.)

All this is discussed in the full preprint, at LawArxiv or SSRN.

Written by Steven Bellovin, Professor of Computer Science at Columbia University

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity, Policy & Regulation




Artful Misrepresentations of UDRP Jurisprudence

2017-12-04T13:47:00-08:00

The jurisprudence applied in adjudicating disputes between mark owners and domain name holders under the Uniform Domain Dispute Resolution Policy (UDRP) is essentially a system that has developed from the ground up; it is Panel-made law based on construing a simple set of propositions unchanged since the Internet Corporation for Assigned Names and Numbers (ICANN) implemented them in 1999. Its strength lies in its being a consensus-based rather than dictated jurisprudence. That being said it should also be noted that panelists do not walk in lock-step, and since there is no "appellate" authority to correct errors of law (in the U.S. only the Anticybersquatting Consumer Protection Act (ACPA)), there are some who go their own way by applying alternative theories to find bad faith (all turned aside and rejected, incidentally). While these alternatives have caused vibrations (even consternation), they have also proved intellectually stimulating in identifying the right balance between conflicting rights. Paradoxically, we could not have arrived at the consensus-based jurisprudence we have without the intense conversations that have taken place. It is, of course, frustrating for mark owners to learn that their exclusive rights to particular strings of characters (which is what domain names are) are not sufficient to prevail on claims of cybersquatting even when the marks predate the domain names. The jurisdictional limitations of the UDRP must also be frustrating since there is no remedy under the UDRP if their claims are for trademark infringement. Of the core principles of the UDRP, the first (because it was enunciated in the first decided decision before being recanted by its author) is that the UDRP is a conjunctive model of liability (as opposed to the ACPA which is disjunctive). Principally, this means that if a domain name composed of generic terms is registered lawfully but subsequently pivots to bad faith use it is not in violation of the UDRP (although it may be a trademark infringement). Misconceived by some mark owners and panelists as bad faith is a variant of these facts in which the domain name is lawfully registered, but later pivots to bad faith use coinciding with the mark's rising reputation. There are different alternative theories depending on whether the domain names predate or postdate the existence of the mark (both theories have been rejected). It is with these variants that some panelists have applied the alternative approaches as though they represent the current state of the law. The panelists essentially focus on mark owners' "exclusive" rights to particular strings of characters rather than assessing rights according to the developed jurisprudence of the UDRP. The most recent example is Developmentex.com, Incorporated v. Manuel Schraner, FA171000 1755537 (Forum November 27, 2017) (). (I do not say, and want to be perfectly clear here, that the Panel, in this case, is not a recidivist, but here he has strayed from the principles of the UDRP jurisprudence by applying the alternative theories that I mentioned above). The facts in Developmentex.com are quite straightforward: the domain name was registered on March 7, 2005; the registration date for the mark was December 15, 2009. Complainant's application for DEVEX certifies that its first use in commerce was April 1, 2008, so there is no common law right antedating the registration of the domain name. (There is an allegation that Respondent's acquisition of the domain name is 2016, but the Panel accepts the 2005 date; possibly there was a renewal of registration in 2016, or starting in 2016 the website began including infringing links). That investors register domain names for speculative purposes in the hope of future profit is not evidence of abusive registration, unless there is proof that the respondent i[...]



The Kaljarund Commission: Building Bridges Over Troubled Cyber-Water

2017-12-02T10:51:00-08:00

There was one message which overshadowed all discussions at the 5th Global Conference on Cyber Space (GCCS) in New Delhi in November 2017: Instability in cyberspace is as dangerous as climate change. With four billion Internet users and five trillion dollars annually in digital transactions, instability in cyberspace has the potential to ruin the world. GCCS is a high-level ministerial meeting with broad multistakeholder participation. The conference was initiated by the former British Foreign Secretary William Hague during the Munich Security Conference (MSC) in February 2011 and became known as the "London Process." The London meeting was followed by conferences in Budapest (2012), Seoul (2013) and The Hague (2015). An outcome of the process is, inter alia, the establishment of the Global Forum on Cyber-expertise (GFCE) which presented its first report in New Delhi. Disagreement among Governments The GFCE collects best practices how cybersecurity can be promoted. The reality is that numerous governments preach cybersecurity, but practice policies, which undermine it. There is broad agreement that security and stability in cyberspace is an issue of first priority on the world's policy agenda. However, there is an even broader disagreement on what to do. In the absence of an intergovernmental agreement, states have entered into a cyber arms race without any clue about the unintended side-effects of their activities. This is dangerous. Is there any hope to stop the swinging pendulum? Cybersecurity has been on the agenda of UN negotiations for more than a decade. One effort, which was seen by many groups as a right step into the right direction to reduce the risks of cyber-confrontation, was the formation of a so-called "UN Group of Governmental Experts" (UNGGE). The small group, operating under the 1st Committee of the UN General Assembly, produced in 2013 and 2015 two consensus reports, which introduced a number of confidence-building measures in cyberspace (CBMCs) and recognized that international law and the UN Charter are relevant both offline and online. But in 2017, when the 5th UNGGE tried to go one step further by digging deeper, the time of consensus was over. The group was unable to agree on how international law has to be applied in cyberspace, what a cyberwar is, whether a cyberattack constitutes an act of aggression (which would trigger Article 51 of the UN Charta, that is the right to self-defense) and how the question of attribution could be answered. The issues are complicated, no doubt. But the intergovernmental disagreement emerged not as a result of the complexity of the issues. It was the absence of the political will to agree. In New Delhi, five members of the 5th UNGGE were sitting on one panel, but they spoke different languages. Nobody said that the failure of the 5th GGE is the end of the story. Cybersecurity remains on the table of global diplomacy, and the issue will not go away in the years ahead of us. However, there is no plan how to revitalize the broken process. Mutual mistrust and hidden agendas are blocking sofar any effort to find the way towards the reset button. Should there be a 6th UNGGE or a body with all 193 UN member states? Should there be a new process independent from the UN (like the one on climate change)? Would it be helpful to include — on a consultative or collaborative basis — non-governmental stakeholders? Would it be more successful to re-start "small" with regional arrangements in Europe (via the OSCE), Asia (via ASEAN) and the Americas (via OAS)? Thinking out of the Box The gap between the inability to do anything and the need to do something is growing. To rescue the situation, one has to bring new steam to the process and to think out of the box. When the Dutch government, after the GCCS in[...]



Net Neutrality: Both Sides Make Some Ridiculous Claims

2017-12-01T15:03:00-08:00

We've all heard too much about NN, which I've been reporting for 20 years. I support it because I don't want Randall Stephenson of AT&T deciding what I should watch on TV. The long-run effect is negative.

The claims from some people who agree with me are ridiculous. "According to former FCC commissioner Michael Copps, ending net neutrality will end the Internet as we know it." Michael knows I respect him, but this is ridiculous. Equally unlikely is Pai's belief this will significantly raise investment. His evidence assumes that AT&T has a time machine. They had told Wall Street they were going to cut this well before anyone thought NN was to be killed. ("We pretty much finished the LTE build so we will reduce spending.")

The only major change likely in the next few years is some video will go up in price. The actual fights are about the cost of connection for high volumes of data, mostly video. The carriers would be very stupid raising those fees so high they made much of a difference. No one is going to redirect you and me from the N.Y. Times to Breitbart News. That would be almost impossible given that most of us will have 25 meg downloads and web surfing only requires a meg or so.

Pai could discover his error by listening to John Stephens, AT&T CFO, next Tuesday at UBS. CEO Randall claimed he would raise his $22B capex if NN died. 10% of that would be about $2B. He also said he would invest another $billion if he got the tax cut.

If they were going to live up to this, Stephens would almost be required by SEC rules to tell Wall Street capex was headed up to ~$25B. He won't, but Pai is so set in his beliefs he won't be able to believe that.

Written by Dave Burstein, Editor, DSL Prime

Follow CircleID on Twitter

More under: Access Providers, Broadband, Net Neutrality, Policy & Regulation




Give Network Administrators a Zero-Impact Firmware Update Solution

2017-12-01T13:52:00-08:00

Struggles with the firmware update process are well known by Network Administrators in the cable industry. The copious tasks required to complete an end-to-end firmware update are painstaking and error-prone, often making the investment not worth the time it takes to complete the work. These manual tasks generally include: Discovering the device's current firmware version Identifying the accurate update path Scheduling the update to ensure subscriber services aren't interrupted Administering the update Verifying update success Post-update actions, often including error resolution That's already a handful of manual processes, but imagine doing that over and over for hundreds to thousands of devices, many from different vendors, each with its own unique device update path! Clearly, this complex challenge needs a solution. Future-thinking network operators are starting to employ automated firmware management solutions that significantly ease the firmware update process to not only save money but also to decrease the work required by the Network Administration team. This frees up internal resources so that more time can be spent on other vital administrative tasks. Operators of any size experience more streamlined operations after deploying these solutions, but selecting the best one for your organization can be a challenge. How can you tell which firmware management solution is the best fit? Look for solutions that go beyond simple update automation to resolve each of the challenges identified above. The best firmware management solution will perform the following actions without manual intervention: Identifying and organizing device firmware versions in a sortable library for easy lookup Accepting firmware update "recipes" that define update actions for every device on the network Administering firmware updates outside of regular usage hours to avoid accidental subscriber service interruption Performing single or mass-device firmware updates without any oversight Completing routine validation checks on device firmware versions to verify update success Correcting any errors that occur during the firmware update process and then reinitiating the firmware update Performing on-boot updates so that firmware versions are updated to the correct configuration as soon as a device enters the network Obtaining a glance of how up to date the devices on the network are so that you are confident about the firmwares that are currently active on the network Selecting a solution that can automate each of these steps will help any cable company save costs, free up resources, and reduce the impact on the Network Administration team. Written by Gareth Barnes, Product Manager at IncognitoFollow CircleID on TwitterMore under: Networks [...]



Domain Name Disputes Deja Vu: Panavision.com and Panavision.org

2017-11-30T07:44:00-08:00

History, it has been said, repeats itself. The same can be said of domain name disputes, as demonstrated by a pair of cases involving the same trademark ("Panavision") filed more than 20 years apart with remarkably similar facts. I can't hear the name "Panavision" without thinking about the origins of domain name disputes, so a decision involving — coming more than two decades after litigation commenced over — immediately made me nostalgic. The case in the mid-1990s pre-dated the creation of the Uniform Domain Name Dispute Resolution Policy (UDRP), the popular legal tool now used by trademark owners — including in the new case. Indeed, the original Panavision domain name lawsuit probably was partly responsible for the creation of the UDRP, which is a less-expensive and quicker alternative to litigation. The New Panavision Case (UDRP) Panavision International, L.P. (a photographic equipment company) won the recent UDRP dispute over . In the decision, the panel seemed largely influenced by the fact that the registrant of the domain name apparently offered to sell it to Panavision for $5 million. Also, the panel found the registrant's explanation that it obtained the domain name to offer a "view of Panama" was "not credible." Interestingly, although the UDRP decision does not discuss any history of the domain name, it appears that it has changed hands through the years since the registrant in the UDRP case registered it only in 2017. But a search of the Internet Archive's Wayback Machine shows that the domain name existed for many years prior to that. Indeed, a website using the domain name in 2001 contains an email sent by Panavision to the then-current registrant of the domain name, requesting a transfer! Whatever became of that dispute is unclear, but apparently, Panavision decided (correctly) that it could obtain a winning UDRP decision to transfer the domain name 16 years later. The Original Panavision Case (U.S. Federal Court) The original case — litigated in federal courts in California — was incredibly similar to the new case. In the earlier case, the defendant, Dennis Toeppen, used the domain name to display aerial views of Pana, Illinois and offered to sell it to Panavision for $13,000. Toeppen also had registered other domain names containing well-known trademarks (many of which resulted in other lawsuits against him), including , , and . The case was unprecedented at the time and paved the way for many domain name disputes that followed. Interestingly, because domain name disputes (and even the Internet) was new, the 1996 district court decision went to great lengths to explain what the Internet was, noting that "businesses have begun to use the Internet to provide information and products to consumers and other businesses." The case ultimately reached the U.S. Court of Appeals for the Ninth Circuit, which affirmed a district court decision that Toeppen had violated the new Federal Trademark Dilution Act, writing, "We reject Toeppen's premise that a domain name is nothing more than an address." The court concluded: Using a company's name or trademark as a domain name is also the easiest way to locate that company's web site. Use of a "search engine" can turn up hundreds of web sites, and there is nothing equivalent to a phone book or directory assistance for the Internet ... Moreover, potential customers of Panavision will be discouraged [...]



An Example of Effective Government Support for New Communication Technology

2017-11-29T21:14:00-08:00

Based on their questions and comments during the Senate Commerce, Science, and Transportation Committee hearing on the commercial satellite industry, one could not tell whether a senator was a Democrat or Republican. The US government has a history of support of telecommunication. On March 3, 1843, the US Senate passed a bill "to test the practicability of establishing a system of electro magnetic telegraphs by the United States." The bill provided $30,000 for Samuel Morse to conduct the test. He built a telegraph link between Washington and Baltimore, and the rest is history. The American Electro Magnetic Telegraph: With the Reports of Congress, and a Description of All Telegraphs Known, Employing Electricity Or Galvanism (Lea & Blanchard, 1845 / Source) US government R&D, procurement, regulation, and expertise also played an important role in the development of the Internet — see Seeding Networks, the Federal Role. (If you do not have access to the paper, send me a request for a copy). Government collaborated with universities and industry on the development of the Internet up to the time they phased out support, as shown below: Federal funding prior to the NSFNet phase out The October Senate Commerce, Science, and Transportation Committee hearing on the commercial satellite industry provides a current example of effective government support of new communication technology. The hearing focused on broadband access, primarily from low-Earth orbit (LEO) satellites. Witnesses from four companies — Intelsat, OneWeb, ViaSat and SpaceX — testified and the tone of the hearing was set by the opening statements of Committee Chairman John Thune and Ranking Member Bill Nelson. Thune began by saying "I believe we are at a critical moment in the development of satellite capability, and I am excited to hear from our panel of distinguished witnesses today." In his opening remarks, Nelson echoed Thune's optimism and among other things stated that he "would like to thank our witnesses for being here today and I look forward to discussing how we can work together to bring about this new Space Age." The senators were sincere in their desire to serve the American people, and they were asking for recommendations as to how they could craft legislation to realize the potential of satellite broadband service. A short introductory statement by each witness was followed by questions and answers. The senator's questions were constructive — trying to learn from the witnesses, not score political points with their constituents. Based on their questions and comments, one could not tell whether a senator was a Democrat or Republican. They were all constructive. I was also struck by the degree of overlap in the recommendations given by the four executives, for example: They are all in favor of sharing spectrum among themselves and with terrestrial service providers. They agree that dividing frequency bands among operators is the least desirable and most inefficient way to avoid interference. The four agree that satellite safety and debris mitigation will be critical in an era of large constellations of LEO satellites and that we need to work with International agencies to establish standards. They understand that a disastrous collision would set the entire industry back so they have a common interest in satellite safety. Global standards are needed for debris mitigation, spectrum sharing, etc. and the US, with its history and expertise at NASA and the staffs of agencies like the FCC and NTIA, can and should take the lead in establishing those international standards. The government definition of "broadband Internet" should be technology neutral. Today's g[...]



New gTLDs and Concept of a Universal Directory

2017-11-29T08:41:01-08:00

The concept of a universal directory does not exist on the Internet. There are thousands of directories of all kinds and online Yellow Pages in many countries. All of these websites are different, accessed differently and operated differently: for example, Yellow Pages in France are different from their equivalent in Spain and Italy. There is no standard directory operated behind the same name worldwide. The Universal Directory The Yellow Pages can be trademarked, but they remain a directory of data which require being maintained. Sometimes, such directories are difficult to access involving too many clicks to find information, they can be full of ads or slow to load. Also, shops and other businesses can be required to pay to be listed. A universal directory operated using a new domain name extension, and a different business model can change this. Cities are the entry point There are a lot of cities worldwide, and when searching for a hotel or a dentist, a search engine won't necessarily show all available options: it will show some of them but not the complete list of them. Also, it will show different information than the one requested: articles about the subject and… other things. When searching for a dentist in my neighborhood, a search engine will bring results, but I want more than this: I want all results and results only, I don't need articles about dentists. Using a dedicated directory for each city name worldwide using a https://cityname.TLD is something that has never been done in the history of the Internet: a game changer for digital cities. The .TEL legacy TLD and Dmoz The .TEL domain name extension was a serious innovation in the world of domain names: the only one actually. It didn't just offer a domain name but access to a platform where one could fill-in empty fields with information. It required no coding but a login and a password: no website to develop. The .TEL cost a lot to create and lost traction. The new gTLD flood did not help. With an agreement signed in 2006, its domain name registration numbers approached the 350,000 registrations. They're close to 100,000 today and the registry agreement was recently changed to allow users to do what they want with their ".tel" domain name: the exact same as what all other domain name extensions offer. The .TEL initial model was abandoned (note that it is still possible to use its platform). Dmoz has nothing to do with domain names but was a massive directory maintained by volunteers and operated using one single domain name (dmoz.org). This huge directory lost traction: data became inaccurate, volunteers just dropped the job and actually… the only way to generate cash was based on donations. Good luck with that. Dmoz closed in 2017. The universal directory is a combination of these two models, but using a new gTLD and with a completely different business model. An alternative to Google? There is no alternative to Google. Google is a search engine which does its job well. The universal directory is a platform focusing on cities, offering advantages to its residents and the people operating each directory. Google does not do that: welcome to digital cities. The universal directory also allows giving a role to cities interested in operating their directory platform. A city wants to offer its residents and businesses free services: it is what the universal directory does. For cities not interested in participating, external moderators, media agencies, and SEO experts are granted that role and will generate an extra income from managing a city: each city domain name… is unique and belongs to the network of directories operated behind a single [...]



ARIN Takes Steps Toward Greater Diversity

2017-11-28T13:41:00-08:00

For some time, the board of the American Registry for Internet Numbers (ARIN) has expressed a desire to have greater diversity across its leadership structures. Finally, steps are being taken to have representation that better reflects the diversity of the ARIN community. ARIN is one of five registries worldwide that coordinate Internet number resources. The ARIN region spans the United States, Canada and about half of the territories in the Caribbean. Yet, since ARIN was founded on April 18, 1997, two of its main oversight structures — the Board of Trustees and Advisory Council — have only been populated with persons from North America. At last, that changes. Since official results were announced on October 16, following elections for ARIN's 15-member advisory council and 7-member board of trustees, at least one milestone was already clear — for the first time the ARIN community had elected someone to the board who was not a white male. More recently, ARIN's leadership has taken the decision to add further diversity to its ranks. Two women from the Caribbean will sit on the advisory council for the first time. Jamaican-born Kerrie Ann Richards was appointed as an interim member effective immediately to fill the remainder of the unexpired term of David Huberman, who resigned from the council effective November 17. That term ends on December 31, 2018. Richards, director of education non-profit Vision for Jamaica, described the council's decision as a big win for ARIN and the Caribbean. "It's one thing for the Caribbean to be in the room, it's another thing for us to be seated at the table. Although there has been a certain level of representation of the Caribbean at international Internet governance fora like ARIN, the fact is that we as a region have not collectively let our voice be heard, even in the shaping of policies that affect our region directly. I am here to be that voice," she said. Advisory council members also voted to appoint Barbadian-born Alicia Trotman for a one-year term, starting January 1, 2018. Trotman, a senior administrator at Barbados' national telecommunications regulator, described the decision of the council as "a big step forward for Caribbean representation" at the regional Internet registry. Trotman will fill the seat made vacant by Dan Alexander, principal engineer for Comcast Cable, after he was elected to the board. Andrew Dul, David Farmer, Leif Sawyer, Chris Tacit and Chris Woodfield were also re-elected to serve three-year terms on the advisory council, starting January 1, 2018. In terms of diversity, the board elections outcome was equally important, if less surprising. Of the four candidates vying for two available board seats, only Alexander was both white and male. Of the others, two were female: Nancy Carter, CFO of Canada's National Research and Education Network; and Leslie Daigle, Principal, Thinking Cat Enterprises. And the third — Stephen Lee, CEO of Arkitechs Inc. and co-founder of the Caribbean Network Operators Group — is a Jamaican-born Afro-American. The successful candidates, Alexander and Carter, will serve three-year terms on the board of trustees, starting January 1, 2018. For her part, Trotman is already looking forward to the challenges ahead. "My role is to facilitate policy development, and so I would encourage Caribbean stakeholders to vocalize any policy changes that they want to see happen. I'm looking forward to assisting any members seeking to undertake the policy development process, in order to propose amendments or even table new policies for consideration. So, my priority is to actively listen to and sup[...]



Significant Increase in Registry Locked Names Across Top 500 Most Highly-Trafficked Sites

2017-11-28T07:58:01-08:00

A recent study conducted by Brandsight has revealed that 28% of the top 500 most-highly trafficked sites now employ registry locking. In contrast, only 15% of the top 500 most highly-trafficked sites were leveraging registry locking in 2013.

Back in 2013, only 356 of the top 500 most-highly trafficked sites could be registry locked, but that number has also risen significantly so that now 396 of the top 500 most-highly trafficked sites are eligible.

Registry locking provides an additional layer of security so that domains are protected against hacktivists from pointing domains to politically motivated content, disgruntled employees from embarrassing their employers, and inadvertent mistakes which unfortunately still happen. Registry locked domains are only editable when a unique, manual security protocol is completed between the registry and the registrar.

A number of factors have likely contributed to the increase including the adoption of registry locking by ccTLD operators, as well as strong promotion and marketing by corporate registrars.

Interestingly, across these highly-trafficked sites, only two dozen registrars appear to be supporting registry locking.

While I am glad to see the strong increase in numbers, there are still nearly 200 .com registrations across these highly-trafficked sites which are not locked at the registry. Clearly, the trend is moving in the right direction, but there is still some work to do to protect these valuable domains. And while we haven't seen any recent registrar hacks, why take the risk with such valuable assets?

Written by Elisa Cooper, SVP Marketing and Policy at Brandsight, Inc.

Follow CircleID on Twitter

More under: Domain Management, Domain Names, Registry Services




Long-held Domain Names Transferred to Complainants

2017-11-27T10:04:00-08:00

There has lately been a number of long-held investor registered domain names transferred to complainants under the Uniform Domain Name Dispute Resolution Policy (UDRP). Two of the domain names were registered 23 years ago. This has provoked several commentators to complain that the UDRP is tilted in favor of mark owners and trademark-friendly panelists expressing hostility to the domain industry. I think we have to dig deeper than this. Although the UDRP was established as a rights protection mechanism for marks (and remains the regime of choice for resolving claims of cybersquatting) it has evolved into a balancing of rights jurisprudence. It is not tilting in either direction that determines who prevails, but the particular facts each brings to the record. In many instances, losing valuable domain names or failing to secure them comes about because parties fail to appreciate the evidentiary demands of the UDRP. Mark owners only have actionable claims if their marks predate domain name registrations. This should be obvious, but they persist anyway. Charles E. Runels, Jr. v. Domain Manager / Affordable Webhosting, Inc., Advertising, FA1709001749824 (Forum October 30, 2017) (). Respondents can lose valuable assets for failure to pay attention to the contents of the resolving websites. I mentioned curation in a recent essay, and I think it's worth repeating, Vulnerabilities of Weak Marks and Uncurated Websites. Respondents cannot prevail where the contents of resolving websites carry infringing links (even if the links are strategically or for other reasons removed). No domain names identical or confusingly similar to marks (however old) are invulnerable to charges of cybersquatting. The fault is not panelists putting their fingers on the scale (although there may be examples of when they do), but respondents' failures to act in their own best interests. I have noticed in following UDRP decisions and representing clients that some investors owning fewer than vast numbers of domain names and others owning portfolios of vast numbers acquired from earlier investors, because they are not focused on curating their holdings have no defense to challenges of cybersquatting. Panels make their determinations on the factual records before them, not on the length of time respondents have owned challenged domain names. The most recent example of this is (registered 1997), Irving Materials, Inc. v. Black, Jeff / PartnerVision Ventures, FA1710001753342 (Forum November 7, 2017) (discussed in the mentioned essay. Respondent did not appear and consequently there was no counter-narrative that may have explained its choice). The Panel stated that "Complainant's screenshot confirms [that] ... the domain name contains various IMI related links and descriptions of the content located at the linked webpage." Whether Respondents in two pending proceedings for and will follow or successfully protect their assets depends entirely on the record. Even if respondents prevail in UDRP proceedings for no bad faith registration, current or past infringing use could still be actionable under the Anticybersquatting Consumer Protection Act (ACPA). The earliest example I know of is Newport News, Inc. v. Vcv Internet, AF-0238 [eResolution July 18, 2000]) in which Respondent prevailed but lost in an action under the Anticybersquatting Consumer Act (ACPA), Newport News Holdings Corporation v. Virtual City Vision, Incorporated, d/b/a Van James Bond Tran, 650 F3d 423 (4th Cir. 2011). The reason for Respondent losing <[...]



DDOS and the DNS

2017-11-26T22:58:00-08:00

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark regarding the sorry history of "landmark" DDOS attacks on the Internet. It's up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009 and of course Conficker in 2008. What made the Mirai attack so special? It was the largest we have seen so far, with an attack that amassed around 1Tb of attack traffic, which is a volume that creates not only a direct impact on the intended victim but wipes out much of the network infrastructure surrounding the attack point as well. Secondly, it used a bot army of co-opted webcams and other connected devices, which is perhaps a rather forbidding portent of the ugly side of the over-hyped Internet of Things. Thirdly, the target of the attack was aimed at the Internet's DNS infrastructure. The first two aspects of this attack are just depressing, and it might well be that there is little we can do about them. However, the tragic hopelessness of the Internet of billions of Stupid Insecure Things is a story for another time, and the ever-increasing scale of attacks is perhaps also a constant with the same grim inevitability as Moore's Law. But perhaps we can do something about the DNS making itself such an easy target. Maybe we don't have to accept that the DNS has to be a victim of such attacks. Mirai is by no means the first attack on the DNS infrastructure, and it certainly will not be the last. If causing widespread Internet mayhem is your objective, then targeting the infrastructure of the DNS is certainly one way to achieve that. It's not even necessary to take out the root server system of the DNS to cause disruption. While there are many domain names to be served, there are a far smaller number of name servers, and of these, there is an even smaller subset of these servers that serve so-called significant domain name. As was shown in the Mirai attack on the Dyn-operated name server infrastructure, a considered selection of a target of the attack can generate widespread impact to many online services. Just look at the impact list from the October 2016 Mirai attack. There are few defenses available to operators DNS server infrastructure. The attacks consist of otherwise perfectly legitimate queries. The name servers are put in the position of attempting to answer all queries that are presented to them, as there is no real way of determining what queries should be answered and what can safely be disregarded. As long as you can amass a large enough cloud of attack bots, and program them to perform DNS queries of random names within the target domain at a rate of a couple of queries per second, then the consequences can be relatively catastrophic for any name server. What we are seeing is that the DNS represents a point of vulnerability, and there are few enterprises who are in a position to mount a DNS name service that is invulnerable to such attacks as a matter of conventional online service provision. When the environment gets toxic due to the risk of attacks, we naturally retreat our valued resources to fortified castles. The thinking behind this move is that the castle builders have only a single product to offer: a haven from attack, so they can specialize in defense while leaving the enterprise to get on with their actual online business, whatever that may be. However, as with any highly specialized activity, there are not a large number of these "castle builders" out there, and not a lot of castles with sufficiently thick and high walls. As the atta[...]



Internet Religious Wars: Net Neutrality Episode

2017-11-23T10:39:00-08:00

Turning network technical protocols into religion seems like an inherently bad idea — transient and unstable at best. However, it happens. More than 40 years ago, the world of legacy telecommunications and network design formalism started the tendency with OSI (Open Systems Interconnection) and ISDN (Integrated Services Digital Networks). A few years later, the academic research community did it with their myriad host-to-host datagram protocols — eventually calling one "the Internet." A little later, still more researchers did the same thing with information exchange protocols — eventually calling one of them "the Web." Battles were waged for years for supremacy as the one true "internet" or "Web." Some of the factions turned their protocols into religious tenets; and personalities, in bouts of self-aggrandizement, went forth as Moses-like patriarchs handing down religious commandments and rewriting history. Young acolytes entering the technical, legal, and political professions were drawn to the mantras that promised unbounded wealth and world peace to the followers. Some companies and countries reaped enormous monetary and political benefits. The latest episodes in this unfortunate techno-religious proclivity are now emerging. One involves an especially egregious hyperbolic excess of the Internet Wars known as Net Neutrality. The winning internet protocol religious faction, having infused the Washington political system with their Templar Knights in 2009, baked their commandments into the embarrassing December 2010 Report & Order of the FCC as "preserving the free and open internet." "Today the Commission takes an important step to preserve the Internet as an open platform for innovation, investment, job creation, economic growth, competition, and free expression." Nevermind that they never actually defined "the Internet." They simply believed that whatever it was, the FCC as a federal government agency needed to "preserve" it as a religious belief to be imposed upon everyone. Five years later in 2015, the FCC went further and declared that preserving the prevailing internet beliefs required that "no person" providing broadband access, could "unreasonably interfere with or unreasonably disadvantage (i) end users' ability to select, access, and use broadband Internet access service or the lawful Internet content, applications, services, or devices of their choice, or (ii) edge providers' ability to make lawful content, applications, services, or devices available to end users." Just how this religious tenet turned into law would be imposed on the world outside the Commission's jurisdiction was simply ignored. Furthermore, the generic function was that of other government agencies — the Federal Trade Commission or in extreme circumstances, the Dept. of Justice. The FCC also reversed the course of network regulatory history by decreeing that anyone providing access was effectively a public utility and describing the regulatory bundle using the oxymoron term NetNeutrality. It was, of course, only "net neutrality" for providers on the edges — some of whom have ironically become the functional equivalent of public utilities. It wasn't as if the potential for abuse within transport paths might not exist. However, as many observers commented, it was an extreme solution to the problem by the wrong federal agency. Now, two years later, with the Internet Knights Templar expelled from Washington, this episode of the internet religious wars seems to be drawing to a close. Netw[...]