Subscribe: CircleID: Featured Blogs
Added By: Feedage Forager Feedage Grade A rated
Language: English
china  data  domain names  domain  global  information  internet  ndash  percent  state  times  viewed times  viewed  year 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CircleID: Featured Blogs

CircleID: Featured Blogs

Latest blogs postings on CircleID

Updated: 2018-01-19T19:45:00-08:00


Tips for Ecommerce to Survive and Thrive with GDPR


The regulatory environment for brands and retailers that do business online is getting stricter thanks to regulatory changes in Europe with the General Data Protection Regulation (GDPR), as well as existing regulations in the U.S. Companies that adapt quickly can turn these changes into a competitive advantage. As we grapple worldwide with the implications of the incredible amount of personal data generated every day, consumers are pressuring brands and legislators alike for more control over their information. This becomes increasingly complicated as a larger number of businesses pivot towards subscription models, where customer-brand relationships are fluid, longer-term, and involve more uses of personal data and consumer behavior information. Neglecting the privacy desires of these consumers puts brands at risk of everything from fines and penalties to a loss of trust with their customers. There are a number of key compliance obligations that organizations should consider as they adopt new business models and expand to new geographies. Get ready for GDPR The GDPR, passed by the European Parliament and Council in 2016, bolsters data protection measures for Europeans. The regulation, which becomes enforceable May 25, 2018, gives these individuals greater control over their personal data and is expected to simplify the regulatory environment for brands operating online by providing uniformity across Europe. The ripples caused by this legislation will reach every corner of the global retail market, including the U.S. According to Ovum, 70 percent of global IT decision-makers expect to increase spending to meet data protection requirements. The GDPR will force companies that process or receive European data (even if your business is located outside Europe) to transform their information handling practices to meet a new, higher standard. For instance, part of the regulation calls for data portability, allowing an individual to request transfer of their personal data from one processing system to another in a commonly used format. Though this regulation is not enforceable for a few months, brands that process European data should already be preparing. Once the regulations go into effect, the penalties are steep. Organizations that do not comply with certain GDPR articles can incur fines of 20 million euros, or 4 percent of total global revenue, whichever is greater. In the U.S., no state is the same In the U.S., there is no single, comprehensive federal law like the GDPR that regulates the collection and use of personal data. Instead, the U.S. has a patchwork system of federal and state laws and regulations that sometimes overlap. Many guidelines have been developed by governmental agencies and industry groups, but they are not enforceable by law. They are however, part of self-regulatory guidelines considered "best practices." These frameworks include accountability components increasingly used as a tool for regulatory alignment. Although there isn't a comprehensive federal U.S. data privacy law, there are a number of federal privacy-related laws that regulate the collection and use of personal data. Some apply to particular categories of information, such as financial or health data, or electronic communications. Others apply to activities that use personal information, such as telemarketing and commercial email. Particular states like California require websites that collect user data to communicate the type of information being collected, the types of third-parties they might share that information with, and their online tracking practices. Connecticut and Massachusetts also have stringent laws protecting consumers' data and requiring companies to safeguard that information. The risk of noncompliance The penalties for noncompliance vary depending on the type and severity of the violation, ranging, for example, from very high fines and delays in payment processing to civil lawsuits. Often, companies that have not maintained compliance struggle to catch up, giving significant competitive advantage to [...]

Preventing 'Techlash' in 2018: Regulatory Threats


U.S. Chamber of Commerce President Thomas J. Donohue on January 10, 2018, warned that "techlash" is a threat to prosperity in 2018. What was he getting at? A "backlash against major tech companies is gaining strength — both at home and abroad, and among consumers and governments alike." "Techlash" is a shorthand reference to a variety of impulses by government and others to shape markets, services, and products; protect local interests; and step in early to prevent potential harm to competition or consumers. These impulses lead to a variety of actions and legal standards that can slow or change the trajectory of innovations from artificial intelligence to the Internet of Things (IoT) to business process improvements. According to Mr. Donohue, "[w]e must be careful that this 'techlash' doesn't result in broad regulatory overreach that stifles innovation and stops positive advancements in their tracks." Here are a few examples of the challenges ahead: Global privacy and security regulations impose compliance obligations and erect barriers to the free flow of data, products, and services. Examples include the European Union's General Data Protection Regulation (GDPR), its Network Information Security Directive (NIS Directive), e-Privacy initiative, and a nascent effort on IoT certifications. "A growing number of countries are making it more expensive and time consuming, if not illegal, to transfer data overseas." [1] China's new cyber law "requires local and overseas firms to submit to security checks and store user data within the country." [2] Such efforts may be intended to level the playing field with large U.S. technology companies, but whatever their impetus, they create enormous compliance costs and impediments to multinational operations. [3] Emerging regulation around the world may do more harm than good, particularly to U.S.-based organizations. Premature regulation and oversight drives up the costs of doing business, particularly for new entrants or disruptors. Government should act only when it has evidence of actual harms to consumers or competition and the benefits outweigh the costs. When government rushes in with a technical mandate, innovation suffers. Likewise, if the government demands business changes without evidence of anti-competitive effects, it distorts the marketplace. Premature regulations impose unnecessary compliance burdens, so governments should exercise "regulatory humility” and wait for experience and evidence. Unjustified class action litigation over technology strikes fear in the hearts of innovators. The growth of "no injury" lawsuits in targeting the technology sector likewise is a concern. Class action plaintiffs were quick to sue GM and Toyota after news reports of a vulnerability in Jeeps, and dozens of plaintiffs immediately sued Intel after chip processor vulnerabilities named Meltdown and Spectre were reported. [4] While courts have generally rejected suits based on "risk of hacking," [5] plaintiffs continue to push these theories, along with novel "economic loss" claims from "overpaying for" [6] vulnerable devices. Legal uncertainty about such claims, and the rush to obtain damages awards and attorneys' fees, threatens to increase costs and chills companies' willingness to engage. State laws, such as those attempting to impose "net neutrality" and online privacy obligations at the state level, threaten to balkanize regulation of technology. "Lawmakers in at least six states, including California and New York, have introduced bills in recent weeks that would forbid internet providers to block or slow down sites or online services." [7] State-by-state regulation of global ISP and carrier network practices is likely to create major inefficiencies. Likewise, state privacy laws create complexity for organizations whose operations, products, and customers cross state lines. Industry has decried "balkanized privacy regulation at the state level" which creates "a hazardous web of conflicting state-by-state laws for any company operating in the on[...]

The Over-Optimization Meltdown


In simple terms, Meltdown and Spectre are simple vulnerabilities to understand. Imagine a gang of thieves waiting for a stage coach carrying a month's worth of payroll. There are two roads the coach could take, and a fork, or a branch, where the driver decides which one to take. The driver could take either one. What is the solution? Station robbers along both sides of the branch, and wait to see which one the driver chooses. When you know, pull the resources from one branch to the other, so you can effectively rob the stage. This is much the same as a modern processor handling a branch — the user could have put anything into some field or retrieved anything from a database, that might cause the software to run one of two sets of instructions. There is no way for the processor to know, so it runs both of them. To run both sets of instructions, the processor will pull in the contents of specific memory locations, and begin executing code across these memory locations. Some of these memory locations might not be pieces of memory the currently running software is supposed to be able to access, but this is not checked until the branch is chosen. Hence a piece of software can force the processor to load memory it should not have access to by calling the right instructions in a speculative branch, exposing those bits of memory to be read by the software. But my point here is not to consider the problem itself. What is more interesting is the thinking that leads to this kind of software defect being placed into the code. There are, in all designs, tradeoffs. For instance, in the real (physical) world, there is the tradeoff between fast, cheap, and quality. In the database world, there is the tradeoff between consistency, accessibility, and partitionability. I have, for many years, maintained that in network design, there is a tradeoff between state, optimization, and surfaces. What meltdown and spectre represent is the unintended consequence of a strong drive towards enhancing performance. It's not that the engineers who designed speculative execution, and put it into silicon, are dumb. In fact, they are brilliant engineers who have helped drive the art of computing ever faster forward in ways probably unimaginable even twenty years ago. There are known tradeoffs when using speculative execution, such as: Power – some code is going to be run, and the contents of some memory fetched, that will not be used. Fetching these memory locations, and running this code, is not free; there is some amount of power used, and heat generated, in speculative execution. This was actually a point of discussion early in the life of speculative execution, but the performance gains were so solid that the power and heat concerns were eventually set aside. Real Estate – speculative execution requires physical real estate in the processor. It makes processors larger, and uses silicon gates that could be used for something else. Overall, the most performance enhancing use of the available real estate was shown to be the most economically useful, and thus speculative execution became an important part of chip design. State – speculative execution drives the amount of state, and the speed at which that state is changing, much higher than it would otherwise be. Again, the performance gains were strong enough to make the added state worth the effort. There was one more tradeoff, we now know, that was not considered during the initial days and years when speculative execution was being discussed — security. So maybe it is time to take stock and think about lessons learned. First, it is always the unexpected consequence that will come back to bite you in the end. Second, there is almost always an unexpected consequence. The value of experience is in being bitten by unexpected consequences enough times to learn to know what to look for in the future. Well, in theory, anyway. Finally, if you haven't found the tradeoffs, you haven't looked hard enough. Anytime y[...]

What is the Future for Mobile Network Operators?


The telecommunication industry is continuing to resist structural changes, but the reality is that if they don't transform, technology will do it for them. We have seen the fixed telecom operators slowly being pushed back into the infrastructure utility market. Mobile networks are moving in that same direction — that is, the largest part of their network will be a utility, with currently two, three or four mobile infrastructure providers per country and little economic sense for overbuilding the basic infrastructure, the industry is facing serious problems. The major use of mobile phones is in data (95%+) and the use of data will only increase. This means that in order to handle the capacity, the underlying backbone network needs to be fibre-based. Already most mobile base stations in cities are linked to fibre optic networks, with more and more connected to fibre year by year. 5G will only speed up that development as only a fibre network will be able to handle the increased broadband traffic. Independent mobile tower operators are increasingly taking over more and more of these towers, as it doesn't make economic sense for every mobile operator to deploy its own towers and build its own fibre network to these towers. With mobile towers closer and closer to the end users, there is an opportunity for the mobile operators to offer effective high-speed broadband competition with the fixed network operators. Most fixed network connections are still based on the copper network, and this creates an opportunity for mobile operators with deep fibre networks and, for example, a last mile 5G connection. The next step for the fixed operators will be to decide how to proceed beyond the copper or the HFC networks. Fibre-to-the-home and fibre-to-the-curb are the most likely options here, and 5G is certainly one of the options to drive proper high-speed broadband into people's homes. So a convergence is taking place. Increasingly the backbone networks for the mobile operators will mimic the fixed ones, and there will be little room for duplication of these networks. So wireless will increasingly be a retail element rather than a basic network. These changes are already reflected in the evaluation of some of the mobile network operators (MNOs) and mobile tower operators. Those of the MNOs are going down while those of the tower operators are going up. This is a clear indication of where the financial market sees the market moving to. So, rather than resisting change, the MNOs should take a leadership role in the transformation of the industry. Especially with the inevitable changes that are going to occur in the fixed network. A holistic approach will be needed instead of one that is aimed at protecting a sharp divide between mobile and fixed networks. Written by Paul Budde, Managing Director of Paul Budde CommunicationFollow CircleID on TwitterMore under: Access Providers, Mobile Internet, Networks, Wireless [...]

Recalling 2017: The Year in Domain Data


It is safe to say that 2017 was a turbulent year in more ways than one. There was the ongoing clash between WHOIS information and user privacy, the hope that top-level domains would finally take off and multiple hacks of large corporations that reignited talks about cybersecurity. While many of these topics are essential and will likely resurface again in the coming year, it is also important to look back at 2017 through unambiguous data. That is why we have analyzed more than 60 million domains we found and indexed for the first time in 2017 for comprehensive insights. Generic top-level domains maintain their popularity It was June 2017 when the capacity of the dot Com domain became a point of contention. An article published by Quartz claimed that we were running out of useable dot Com names rapidly, and it seemed to cause a stir in other media. It was also, however, soon debunked by those mentioning the domain aftermarket and the frequent reselling of valuable domain names. If we look back at last year, it's clear that the end of the dot Com domain is indeed not yet here. The most successful top-level domain was still dominant among new websites and used for almost 60 percent of all domains created last year. Nearly half of these domains were registered in the United States, followed by 16 percent in China and only 5 percent in Canada. Other generic top-level domains seemed to rule as well, with gTLDs making up roughly 70 percent of all registered domains in 2017. They were followed by new generic top-level domains with a market share of 17 percent, with the most registrations for dot Loan and dot XYZ. Country-code TLDs were falling behind and accounted for only 14 percent of all created domains. No stopping eCommerce growth It will come as no surprise that the online retail industry is still on the up. Many reports already mentioned this, and our data can confirm these claims. We noticed almost 660000 new online stores in our database during 2017. These mostly appeared in the United States (28.1 percent), but China (18.5 percent) and Canada (10.3 percent) also played a big part in last year's eCommerce developments. It seems that payment provider PayPal is still a considerable player in the market. Their payment method was available in 70 percent of all online stores created last year. In comparison: Chinese competitor AliPay was detected in only 5 percent of eCommerce websites founded in 2017. Almost a third of these online stores preferred an in-house developed or moderated shopping cart system, but we also saw a definite rise of the out-of-the-box eCommerce solution. Systems like Shopify (24.1 percent) and WooCommerce (15.7 percent) had a significant share of the market. What is perhaps more surprising given the recent popularity of cryptocurrency, is the fact that the digital coin's rise to fame does not seem to translate into actual use. Of all online stores first created in 2017, only 2.5 percent accepts Bitcoin in return for their goods or services. This is a very slim share compared to the availability of PayPal (70 percent), Visa (60 percent) and MasterCard (46 percent) as payment options. Almost 60 percent of websites developed There is, of course, a big difference between registering a domain name and developing that domain into a site. In 2017, we saw that just 60 percent of all domains turned into a website. This number corresponds to the overall average we see in our entire database — around 60 percent of all domains become websites. Of these developed websites, WordPress was undoubtedly the most popular CMS used. Almost 55 percent of the sites built using this system, which has a massive lead over competitors such as WIX (11 percent) and Squarespace (7 percent). The most popular scripting language found was ASP used on half of all websites, followed directly by PHP (42 percent). Many Internet users now use mobile browsing to visit the web, but website owners do[...]

In Memoriam:


I have hesitated in writing this memorial for because I did not want to announce a demise that may not be true or the fear that my saying it will make it so. The website went dark for a short period in 2017, before being restored after a brief shutdown, and (I thought) it could happen again. I was waiting for history to repeat itself. But, the website remains dark, without explanation, and I fear it will not return. We lost it on or about January 6, 2018. I did not record when first appeared, but my guess is somewhere around 2010 or 2012. It has been an invaluable research tool for the reason that it made basic information accessible across providers so that if I wanted to find cases that contained a certain word ("denied" or "credible" for example) it brought me all of them. For his having created and maintained I thank you Dave Lahoti (Virtual Point), and I am sure the domain name and trademark community and those following the development of domain name jurisprudence (including innocent research drudges) thank you also for your generosity in providing and maintaining the database for so many years. Its loss is (will be) lamented by all! (This is not an obituary of Mr. Lahoti who is very much alive, and for whom I wish many more years of entrepreneurial success). is not the only research tool to publish domain name decisions. Paragraph 4(j) of the Uniform Domain Name Dispute Resolution Policy (Policy) mandates in part that "All decisions under this Policy will be published in full over the Internet." Also, Rule 16(b) of the Rules of the Policy states that "the Provider shall publish the full decision and the date of its implementation on a publicly accessible web site." Each of the providers maintains search functionality for decisions filed by their Panels, all free as mandated (not equally good, incidentally), but until the fatal day only captured decisions from all the providers in a consolidated database. (ICANN had tried such a consolidation (I remember) but abandoned it.) The home page now resolves to a page that proclaims "Think Outside the Dot," which is all very well, but not so wonderful if you want to think Within the Dot. In its plain-vanilla way, it was the best of all, and I mourn its demise. The reader may ask, why lament something that is only "plain-vanilla"? The answer lies partly in Mr. Lahoti's genius for simply collecting information and in another part also in his modest goals. is (was) simply a collection of information, awake all the time, receiving and announcing new cases and new decisions (UDRP and URS), providing in column form domain names "transferred," "denied," or "withdrawn," and who won and who lost. All very basic; very simple. And just like the myth of Earth ultimately resting on firm ground with a column of "turtles all the way down" comprehended the present, the intermediate, and the remote past (all the way down to the first decided case), and not just from providers that are still with us. It was a database of decisions without discrimination of their sources. It had a search field that was primitive (searching for one word!) but adequate. We will only see its light again if a patron steps forward. There are, of course, a number of subscription domain name search resources but they are not really within reach of small investors and advisors. A recent free service collects only WIPO decisions (, but is useful because it provides a statistical breakdown of information. There is also a service that collects reverse domain name hijacking cases, Reverse Domain Name Hijacking Information. On top of this, there are the highly valuable blog postings from a number of investor/writers that keep the community informed, but these complemented rather than replace

Using Gerrymandering Technology to Fight Gerrymandering


In 1991, eight high-level Soviet officials attempted a coup that failed after two days. During those two days, citizen journalists and activists used Usenet newsgroups to carry traffic into, out of and within Russia (70 cities). News spread and protests were organized in Russia. In the west, we saw images of Boris Yeltsin speaking to demonstrators while standing on top of a tank and the Russians saw that we were aware of and reporting on the coup. The coup was defeated, democracy prevailed, and we naively concluded that computer networks were a tool for democracy, political transparency, freedom of speech, etc. We also believed dictators would face a dilemma — having to accept democratic information sharing in order to reap the economic and social benefits of the Internet. Today it is clear that we naively overlooked the fact that the Internet is a useful tool for dictators as well as Democrats. We have seen it used by terrorists to target rockets and for censorship, propaganda, surveillance and lying. Another anti-democratic political practice, gerrymandering — defining voting districts to favor one party or candidate — is in the news because a panel of federal judges has ordered North Carolina to redraw its gerrymandered congressional map. The panel struck down North Carolina's congressional map, saying it was unconstitutional because it violates the 14th Amendment guarantee of equal protection. Judge James A. Wynn Jr., in a biting 191-page opinion, said that Republicans in the North Carolina legislature had been "motivated by invidious partisan intent" as they carried out their obligation in 2016 to divide the state into 13 congressional districts, 10 of which are held by Republicans. The ruling will be appealed directly to the Supreme Court, which is also hearing Wisconsin and Maryland gerrymandering cases. The Wisconsin case is similar to South Carolina's, which is based on the 14th amendment, challenges the state district map and is pro-Democratic while the Maryland case challenges the redrawing of a single district, is based on the 1st Amendment and is pro-Republican. Gerrymandering is not new — Patrick Henry tried to defeat James Madison in 1788 by drawing an anti-federalist district. He failed because he did not have good data and computers, but today's politicians have geographic information system software and the data they need to automate efficient, precise gerrymandering. The Republican party has used Internet-enabled gerrymandering to gain a congressional advantage. The Democratic party might be tempted to fight fire with fire, but that would be slow and undemocratic. The North Carolina judicial panel has a better solution. They gave the legislature until January 24 to present a "remedial plan," and the court will institute its own map if it finds the new district lines unsatisfactory. If that happens, the court can use use the same sorts of tools and data that have been used to produce gerrymandered districts. Instead of using the technology to optimize in favor of either party, they will seek maps that equalize district populations, minimize geographic perimeters, respect natural boundaries like rivers, maximize racial diversity, etc. In general, courts are more likely to be non-partisan than legislatures. As I said at the start, the Internet is a tool that can be used by good guys and bad guys. Update, Jan 19, 2018: The U. S. Supreme Court granted a stay in the court order requiring North Carolina lawmakers to produce a revised congressional voting map within two weeks. This temporary delay probably means the current map will be used in the 2018 election. In a related case, the Pennsylvania state supreme court is currently hearing a gerrymandering case which could result in the redrawing of their district map in time for the 2018 election. Republicans won 13 of Pennsylvania's 18 seats in the U[...]

A Tipping Point for the Internet: 10 Predictions for 2018


The year 2018 represents a tipping point for the Internet and its governance. Internet governance risks being consumed by inertia. Policy decisions are needed if we want to prevent the Internet from fragmenting into numerous national and commercial Internet(s). Geopolitical shifts, in particular, will affect how the Internet is governed. The Internet is made vulnerable by the fragmentation of global society, which is likely to accelerate in response to the ongoing crisis of multilateralism. If this crisis leads to further restrictions in the movement of people, capital, and goods across national borders, the same is likely to happen with the digital economy, including the cross-border flow of data and services. Filling policy gaps The first sign of a crisis in multilateralism in digital policy was the failure of the 5th UN Group of Governmental Experts (UN GGE) to reach consensus on a final report. Towards the end of 2017, the World Trade Organization (WTO) failed to agree on any mandate for e-commerce negotiations during the WTO Ministerial meeting in Buenos Aires. The gaps in global rules are increasingly being filled by bilateral and regional arrangements, in particular on cybersecurity and e-commerce. Plurilateral digital trade arrangements are being considered as an alternative to the shortcomings of the WTO e-commerce negotiations. In 2018, national legislation and courts will have a major impact on the global Internet. The main regulation with global impact will be the entry into force of the EU's General Data Protection Regulation on 25 May, which will determine how data is governed beyond the shores of Europe. Using divergences to reach convergences There are a few elements on which to build constructive solutions and some optimism. First, interests in digital policy are now more clearly defined than a few years ago, when digital ideologies focused only on blue-sky thinking and an 'unstoppable march into a bright digital future'. Governments need to deliver prosperity, stability, and security as part of their social contracts with citizens. The industry needs to make a profit, whether it is by selling services online or by monetizing data. Citizens have a strong interest in having their dignity and core human rights protected online as they should be offline. A common thread binds them all: actors have a strong interest in preserving a safe, stable, and unified Internet. A clear delineation of the interests of all actors, a healthy interdependence, and complementarity between those actors is a good basis for negotiations, compromise, and ideally, consensus, on how the Internet should further develop as a technological enabler of a stable and prosperous society. Secondly, the diversity of the Internet is reflected in the diversity of interests and, ultimately, negotiating positions in digital geo-politics. While the USA, China, and Russia disagreed on the future of cybersecurity regulation within the UN GGE, they did agree about the need for digital commerce regulation in the WTO. All three countries are part of the WTO plurilateral negotiations on digital commerce. This variable geometry in the positions of the main actors in digital policy could create more space for potential trade-offs and compromise. The 2018 forecast of the 10 main digital policy developments is set against this broad backdrop that makes progress and retreat equally possible. It draws on continuous monitoring of digital policy carried out through the GIP Digital Watch observatory and further discussed during the GIP's monthly briefings. For a more in-depth analysis, read the full article. * * * 1. GDPR: Data in the centre of digital politics – Data will dominate digital policy in 2018. Entering into effect on 25 May, the EU's General Data Protection Regulation (GDPR) will reshape the way companies, and institutions han[...]

The Meeting That Changed the DARPA Datagram Internet


The National Science Foundation awarded a small contract to the IEEE to host a small two-day meeting on 30 Sept 1994 of selected invitees at the IEEE's Washington DC 18th Street offices on "Name Registration For The '.COM' Domain." Being part of the InterNIC contract oversight committee, I was one of the eight invitees. It turned out in many ways to be the single most important meeting in the long, checkered history of what is today referred to as "the internet," that made an extraordinarily bad decision. Prelude What is today commonly referred to as "the internet," traces its origins back to a 1972 project undertaken by Bob Kahn shortly after he took over the Information Processing Techniques Office (IPTO) within DARPA from the legendary Larry Roberts, to build on the datagram internet ideas of France's eminent researcher Louis Pouzin undertaken previous year. DARPA Director Stephen Lukasik approved and funded the effort, and the TCP/IP technique was first published in 1974 at the "host-to-host" protocol. (Twenty years later, Director Emeritus Lukasik would come to regret that approval and led the first efforts to deal head-on with the profound national infrastructure protection and cybersecurity threats that were already emerging in the mid-90s. Ten years after then, for similar reasons, Larry Roberts would attempt to introduce a secure internet datagram protocol in the ITU-T.) Sometime around 1980, Kahn's protocol began to be called the "DARPA internet" and generated minor interest within the U.S. DOD and research communities - even as the banking community amusingly trademarked the term for their global ATM network internet. Pouzin's datagram internet ideas captivated and drove research establishments around the world to develop many diverse datagram internet protocols. It resulted in the U.S. chief national security networking office, NCS, to declare in 1976 that the protocols should form the backbone for critical national infrastructure in the U.S. The result was a widespread effort undertaken among all the major companies, research establishments, and national governments to cooperate internationally through the ITU and ISO to establish a broad array of formal standards to implement all the elements for trusted, secure, national and global datagram internet infrastructures for public use. This included transport and network security, trusted eMail, PKI encryption, directory, IoT, and identity management services to support an array of offerings including "web-like" services. The specifications are still all there in the X-Series Recommendations. This was collectively known as the OSI internet. The U.S. commitment to the OSI internet also extended to joining with most of the world's nations to cooperate in a 1988 treaty conference in Melbourne to enable datagram internet services to be publicly deployable globally, as they're use for public access was unlawful — especially because of cybersecurity concerns. The potentially dire consequences of datagram internets were underscored by the release of the first large-scale attack known as the Morris Worm in the weeks preceding the Melbourne Conference on the DARPA internet. This resulted in negotiations instantiating an array of cybersecurity provisions in the treaty as a quid pro quo for legalizing global public internets. The DARPA internet platform, however, continued to have ardent followers within the academic networking research communities — especially those funded by the National Science Foundation plus some counterparts in other countries. The platform was especially attractive because it was a kind of completely open, free, anarchy among a small research community unfettered with any of the constraints required for widespread public use. Because of these enormous liabilities, as well as the global commitment to the OSI inte[...]

China Sends a Wake-Up Call to All Multinationals - Are You Awake?


If you visit Marriott's China website today, you're likely to see this (screenshot below). I dumped the text within this page into Google Translate and included below is what it loosely said. Loose translation: We are currently updating the website. For reservations, Please call: Mainland China: 4008 844 371 Hong Kong Special Administration Region of China: 800 908 290 Or visit Marriott International respects China's sovereignty and territorial integrity. We will absolutely not support any separatists organizations that will undermine China's sovereignty and territorial integrity. We apologize for any act that may give rise to misunderstandings in the above position. So what exactly happened here? According to Skift, Marriott sent a survey in Mandarin to its Chinese loyalty members that referred to Tibet, Macau, and Taiwan as "countries." As readers of this site might know quite well by now, in the eyes of Chinese authorities, this is no trivial oversight. It appears that this shutdown could last a week. I can only imagine the lively conversations being held at the highest levels within Marriott right now. This should be a wake-up call to all organizations I'm working on the 2018 edition of the Web Globalization Report Card and have compiled a list of a number of websites that are currently vulnerable to the wrath of China. For the record, I don't agree with China. And I know many execs at Western-based multinationals don't as well. But it doesn't matter what we think. If you want to do business in China, you have to play by its rules. In Marriott's defense, its website did not list Taiwan as a country — but it appears that someone in marketing was not well versed on this very delicate geopolitical issue. This would be a good time for any company that does business, not just in China, but anywhere outside of its native country, to consider planning regular Globalization Summits. I've participated in a number of these over the years and find they go a long way in raising awareness to a range of geopolitical issues — as well as the sharing of best practices. Contact me if you'd like more information — I also now include copies of Think Outside the Country. Written by John Yunker, Author and founder of Byte Level ResearchFollow CircleID on TwitterMore under: Censorship, Internet Governance, Policy & Regulation, Web [...]

New UDRP Filing Fees at Czech Arbitration Court


The Czech Arbitration Court (CAC) has long offered the least expensive (by far) filing fees for complaints under the Uniform Domain Name Dispute Resolution Policy (UDRP), but its fee are about to become more expensive, at least in most cases. CAC's base UDRP filing fee (for a dispute involving up to five domain names and a single-member panel) will increase on February 1, 2018, from 500 euros to 800 euros. As of this writing, that's equivalent to about U.S. $600. "This fee schedule reflects more the actual costs and time spent on the proceedings," according to a statement on the CAC website. While the increase is significant — sixty percent — it's still the cheapest among all five of the UDRP service providers, whose base fees are shown here (in U.S. dollars): WIPO: $1,500 ACDR: $1,500 The Forum: $1,300 ADNDRC: $1,300 CAC: $600 (approx.) Fees at all of the UDRP providers increase as the number of disputed domain names increase, as well as if a three-member (instead of single-member) panel is selected by the Complainant or Respondent. However, CAC is the only UDRP provider that has two fee schedules depending upon the complexity of the proceeding and whether a response is filed. The 800 euro filing fee at CAC is described as an "initial" fee. An "additional" fee will continue to apply if a response is filed or if "the Panel determines that it is appropriate for the Complainant to pay the Additional UDRP Fees, having regard to the complexity of the proceeding." Interestingly, while the initial fee is increasing from 500 euros to 800 euros, the additional fee is decreasing (as of February 1, 2018) from 800 euros to 300 euros. Therefore, the combined initial and additional fees for a base UDRP case at CAC will decrease from 1,300 euros to 1,100 euros. However, I believe that few cases historically have been required to pay an additional fee, so — if that practice continues — most complainants at CAC will be subject to a higher (initial-only) fee. CAC's low filing fees have been attractive to some trademark owners, with about 240 decisions in 2017. Still, WIPO and the Forum remain the most popular UDRP providers, handling thousands of cases each year. Of course, filing fees are just one factor to consider when choosing a UDRP service provider. Written by Doug Isenberg, Attorney & Founder of The GigaLaw FirmFollow CircleID on TwitterMore under: Domain Management, Domain Names, UDRP [...]

A Year in Review: 14,000 Routing Incidents In 2017


How was the state of the Internet's routing system in 2017? Let's take a look back using data from BGPStream. Some highlights: • 13,935 total incidents (either outages or attacks like route leaks and hijacks) • Over 10% of all Autonomous Systems on the Internet were affected • 3,106 Autonomous Systems were a victim of at least one routing incident • 1,546 networks caused at least one incident An 'incident' is a suspicious change in the state of the routing system that can be attributed to an outage or a routing attack, like a route leak or hijack (either intentional or due to a configuration mistake). BGPStream is an operational tool that tries to minimize false positives, so the number of incidents may be on the low side. Let's look at just a few examples of incidents picked up by the media. March 2017 – SECW Telecom in Brazil hijacked prefixes of Cloudflare, Google, and BancoBrazil causing some outage for these services in the region. April 2017 – Large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian telecom. For several minutes, Rostelecom was originating 50 prefixes for numerous other Autonomous Systems, hijacking their traffic. August 2017 – Google accidentally leaked BGP prefixes it learned from peering relationships, essentially becoming a transit provider instead of simply exchanging traffic between two networks and their customers, causing large-scale internet disruption. It hit Japanese users the hardest, slowing or blocking access to websites and online services for dozens of Japanese companies. October 2017 – Another BGP mishap caused reachability and performance problems for networks such as Twitter, Google, and others. For almost 20 minutes, traffic for many large CDNs was rerouted through Brazil, caused by a BGP leak.BGP mishap caused reachability and performance problems for networks such as Twitter, Google, and others. For almost 20 minutes, traffic for many large CDNs was rerouted through Brazil, caused by a BGP leak. November 2017 – Leve3 BGP routing issues causing large scale network service degradation in North America for slightly more than 90 minutes. Another route leak. December 2017 – Several high-profile sites (Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games) were rerouted to a previously unused Russian AS. Two BGP routing incidents only lasted about three minutes each. Not a single day passed without an incident. While none of the incidents was catastrophic, all of them continue to demonstrate the lack of routing controls like those called for in MANRS that could have prevented them from happening. And this is just a small fraction of what happened in the routing system in 2017. Rather than measure routing security by anecdotal evidence, let's look at the data. Routing Incidents Of the 13,935 total incidents, 62% were classified as outages and 38% were considered routing attacks like route leaks and hijacks. These statistics are only counting the number of incidents and not factoring in duration or number of prefixes affected, which may indicate the impact of these incidents. 6,128 Autonomous Systems were involved, which is more that 10% of all announced ASNs on the Internet. If we look at the outages, almost half of them happened to Brazilian operators. Let us look to incidents that represent a potential attack, be it malice or a configuration mistake. It is interesting to analyze such routing incidents by the roles a network played — whether it was a victim, a culprit, or an accomplice. The U.S. ranks first among countries where networks became a victim of an in[...]

Cuba's Odd Emphasis on the National Intranet


In 2014, Cuba embarked on a program for the "informatization" of society and "advances in the informatization of society" was the theme of the short videos by ETECSA president Mayra Arevich Marín and Vice Minister of Communications Wilfredo González, which are at the end of this post. The following are some of the points they made: Some e-government – paying taxes, recording of births and marriages, court information, etc. is now online. Mobile banking and bill paying has been tested by 20,000 users and will be rolled out this year. Cuban content continues to be developed. There are now 11,980 home DSL subscribers. (This is a drop in the bucket, but more than I would have expected). Connectivity at hospitals and medical facilities have improved — 200 clinics and 190 pharmacies now have connectivity. School connectivity at all levels has improved and all universities have fiber links. They will offer mobile phone access to the Internet this year. I was struck by the emphasis on the Cuban national intranet, as opposed to the global Internet, in nearly all of this. This emphasis is reflected in the relatively low price of intranet access and the continued development of Cuban content and services. Popular Cuban national intranet sites The speakers mentioned Cuban services like the Ecured encyclopedia, Redcuba intranet portal and search engine, Reflejos blog site, CubaEduca teaching site and Andariego maps, which are somewhat like Cuban counterparts to Internet sites like Wikipedia, Google, Wordpress, the Khan Academy and Google Maps respectively. González even mentioned Mi Mochila, the state-sanctioned offline competitor to El Paquete, which is arguably the largest private employer and most pervasive source of digital information in Cuba. Comparison of Wikipedia and Ecured articles on José Martí, Cuba's national hero.I say these Cuban services are "somewhat like" corresponding Internet services because, given Cuba's population and resources, they can never hope to match the scope and functionality of their global counterparts. For example, Ecured is the closest of these services in design and function to its global counterpart, Wikipedia (both are based on the same software), but the number of Wikipedia articles and size and variety of its editor community are not comparable. Similarly, Redcuba is limited to the national intranet rather than the global Internet. Copyright considerations also limit the eventual scope of the national intranet. For example, El Paquete distributes pirated Internet material. Some intranet services may also depend upon pirated software. For example, Andariego uses ESRI's ArcGIS geographic information system software — do they pay for it? Well, that is what jumped out at me — you can watch the videos for yourself and see what strikes you. President of ETECSA, Mayra Arevich Marín: style="margin:10px auto;" width="644" height="362.25" src="" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen> Vice Minister of Communications, Wilfredo González: style="margin:10px auto;" width="644" height="362.25" src="" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen> Written by Larry Press, Professor of Information Systems at California State UniversityFollow CircleID on TwitterMore under: Access Providers, Internet Governance, Policy & Regulation [...]

First Do No Harm: Ensuring Compliance with the EU's GDPR While Preserving Access to WHOIS Data


There is growing concern about how ICANN will comply with the EU General Data Protection Regulation (GDPR), whose enforcement sanctions come into force in May of 2018. How will ICANN comply with GDPR without unduly restricting global Internet users' access to the public WHOIS database? For nearly the past 20 years, Internet users, businesses, law enforcement and consumer protection agencies have relied on WHOIS as a necessary resource. GDPR compliance is challenging, but choosing the right compliance model is essential to the stability and security of the Internet. Choosing the wrong model — such as the draft eco model — could pose a longer term, existential threat to ICANN and its contracted parties. Why is access to WHOIS essential? Law enforcement agencies regularly use WHOIS to investigate online criminal activity. WHOIS is a key tool for consumer protection agencies to investigate and enforce against online fraud, phishing attacks and deceptive schemes. Cyber-security teams regularly use WHOIS to assess urgent threats to the safety and security of the Internet and combat online attacks. Every day consumers also check the WHOIS database to ensure that the party behind a particular website is legitimate and not affiliated with a scam. Accurate and accessible WHOIS data is equally vital to trademark and copyright owners to identify alleged infringers and protect the public from counterfeits and illegal content, which can contain malware. Trademark owners, for example, use WHOIS data to identify "cybersquatters" who register domain names that are identical to or are common misspellings of trademarks. In order to prove bad faith under the U.S. Anti-Cybersquatting Consumer Protection Act or to bring a UDRP or URS action, trademark owners must rely on WHOIS data to investigate the identity of the registrant, the registrant's country and location of origin, and their email and physical address. WHOIS is also used as a tool to show a pattern of bad faith infringements, including in establishing that the defendant has unlawfully "warehoused" a variety of domain names targeting well-known trademarks. These are just some examples of the many legitimate uses by global stakeholders relying on access to WHOIS today. These uses play an important public interest and consumer protection function. It is important to keep in mind that checking the WHOIS database is often just the necessary first step users take before pursuing any further action. Stripping away access to that critical first step would create a domino effect of negative consequences for all stakeholders. Online fraud, serious crimes and security risks will continue to proliferate. But law enforcement and consumer protection agencies will no longer have the self-help tools they need to effectively protect the public. IP owners will no longer be able to investigate infringements and will need to presume that every domain name is a potential infringement. Serving millions of subpoenas on ICANN, registrars and registries and incentivizing lawsuits is not in anyone's interests. So, how will ICANN face this challenge? With the deadline for GDPR compliance looming, ICANN is moving quickly to solicit various possible compliance models. ICANN has urged the community to submit different models with the goal of "ensur[ing] compliance with the GDPR while maintaining WHOIS to the greatest extent possible." [1] ICANN is correct that inherent in any acceptable compliance model is the goal of maintaining access to WHOIS data to the greatest extent possible. The question is now how ICANN will ensure that appropriate access to WHOIS data is preserved. Although many models have been, and will likely soon be submitted to [...]

Lawful Registrations of Domain Names


Doug Isenberg notes in a recent CircleID essay that two records in domain name disputes were broken in 2017, namely number of cybersquatting claims (3,036 in 2016, 3,073 in 2017) and number of domain names implicated (5354 in 2016, 6370 in 2017). (Update: John Berryhill reminds me in a twitter after this essay was posted that another record was also broken in reverse domain name hijacking sanctions, 2017 had 45 cases and 2016 had 37 cases.) Fairly consistently from year to year, approximately twenty percent of filings are terminated (withdrawn): whether by settlement or nolo contendere we don't know. (All of these statistics come from the World Intellectual Property Organization (WIPO). It may be, as Mr. Isenberg says, "that cybersquatting is still a lucrative activity," although what is meant by "lucrative" is anyone's guess. In 2016, a shade under 74% of domain names were transferred (the highest number it has ever reached, incidentally, and 185 complaints denied); but in 2017 that percentage dropped to a shade over 60%, with 139 complaints denied. (The percentages are of complaints as a whole without subtracting the withdrawns, which in 2016 were 541 and in 2017 were 437). These numbers suggest both, less cybersquatting, and more complaining. (The numbers that don't come from WIPO directly are statistics calculated by DNDisputes). These numbers should be view against the extraordinary rise in the number of domain names, from approximately 10 million in 2000 (the first year of the UDRP) to approximately 190 million today (legacy and new TLDs not including country code TLDs, 144.7 million) so that although the number of filings has essentially doubled from the first full year (1500 +) the rise in filings has been incremental rather than astronomical. The filing has not risen in proportionate to the rise in TLDs. Of the total number of annual filings, approximately 90% of claims that make it to award are indefensible. (An expensive irritant for trademark owners which, although quickly relieved, are costly to maintain particularly if they are frequent targets and opt for transfer). In its implementation document, the Internet Corporation for Assigned Names and Numbers (ICANN) does not explicitly detail what constitutes unlawful registrations (Paragraph 4.1(c)), but the WIPO Final Report at Paragraph 172 offers two examples of innocent behavior: small businesses that are able to show "through business plans, correspondence, reports, or other forms of evidence, that [they] had a bona fide intention to use the [domain] name[s] in good faith" [recent example, AGIRC, ARRCO v. Roustom, Aboudi, Aarrco Inc., D2017-1805 (WIPO December 19, 2017) (ARRCO and ]; and "Domain name registrations that are justified by legitimate free speech rights or by legitimate non-commercial considerations would likewise not be considered to be abusive" [recent example, CPA Global Limited v. Perfect Privacy, LLC / Kobre and Kim LLP, D2017-1964 (WIPO December 26, 2017) (]. Of the approximately 10% to 12% of arguably defensible registrations, these two groups of innocent behavior are a small percentage of the whole. A third kind of dispute is described by WIPO as being in "[g]ood faith" It involves "disputes between competing right holders or other competing legitimate interests over whether two names were misleadingly similar but these dispute would not fall within the scope of the procedure” (emphasis added). The implementation document ends with the warning that "only cases of abusive registrations are intended to be subject to the streamlined administrative dispute-resolution procedu[...]

Q&A With Rami Schwartz, Founder and CEO of .tube


After its initial launch in 2016 and with over 1,800 domains registered, the .tube TLD recently released over 25,000 previously reserved domains as part of a broader re-launch of its business and brand. I spoke with Rami Schwartz, Founder and CEO of .tube about the journey so far and about what's in store for .tube in the New Year. Can you tell us a little about the story of .tube so far? Through Latin American Telecom LLC, I've been in the Internet business for over 20 years. I'm also a writer with three published books and numerous articles, so I have a strong interest in and passion for language. In 2006, Google acquired YouTube and video was becoming a major trend on the Internet. The word 'tube' was becoming synonymous with online video. Initially, we invested heavily in the term 'tube' by buying thousands of relevant domain names — such as, and so on — and creating a parking facility for those names. We also registered the brand 'TUBE' in 2011 to support our strategy. Shortly after, when ICANN announced the opening up of the domain naming space for new Top-Level Domains we applied for '.tube'. This was a historic period for the internet. No longer would we be confined to non-descript domain endings like .com or .net! After three years of battling two other applicants for the extension, it went to private auction, and we secured the TLD. Ever since we've been developing the .tube TLD as a viable destination for video-oriented online projects. What have been some of the successes and challenges for .tube so far? We've established .tube as a credible TLD option and have built a good reputation in the industry. Registrars have a good perception of the string and have expressed a lot of potential for it, which we've supported by building a strong corporate image and really defining out target market. We're used to fighting against companies much larger than us and prevailing — our history has seen us come up against the likes of the Mexican Government and Google — but the regulatory environment of the domain name industry has been a major obstacle. The application process drained a lot of energy and capital from the company. Because of the way it played out, we missed the chance to enjoy a first-mover advantage, and by the time .tube was able to sell its first name, there was a sense of exhaustion and confusion in the market. However, we're steadily gaining adoption and recognition, and have been successful in building a solid infrastructure and working with the largest Registrars in the world to sell our names. We have the gasoline, gunpowder and the wick; now we are working hard on getting the spark to see this explode. What opportunity does .tube offer for today's digital creators? Aside from selling .tube domain names, we've developed a set of tools to easily create video-driven Internet channels hosted on your own .tube website. The two different website creation tools are for all levels of ability, from the novice (see to the sophisticated, and both have the capability to create sites that overcome some of the limitations of other public video platforms. These include limited control over 'look and feel' and therefore branding; censorship; lack of monetization; and lack of ownership of the audience. A site created with our tools on a .tube domain can complement existing channels, so we see it as a great companion to public platforms. Who is using .tube domains? We've had some really great examples of .tube adoption, such as,, and One user we're reall[...]

Deadline of Feb 1 for Nominations for Public Interest Registry (.ORG Operator) Board of Directors


Would you be interested in helping guide the future of the Public Interest Registry (PIR), the non-profit operator of the .ORG, .NGO and .ONG domains? If so, the Internet Society is seeking nominations for three positions on the PIR Board of Directors. The nominations deadline is 23:00 UTC on Thursday, February 1, 2018.

More information about the positions and the required qualifications can be found at:

As noted on that page:

The Internet Society is now accepting nominations for the Board of Directors of the Public Interest Registry (PIR). PIR's business is to manage the international registry of .org, .ngo, and .ong domain names, as well as associated Internationalized Domain Names (IDNs).

In 2018 there are three positions opening on the PIR Board. Two directors will serve a 3-year term that begins mid-year 2018 and expires mid-year 2021. One director will fill a vacant seat as soon as practical and serve until mid-year 2020.

If you are interested in being considered as a candidate, please see the form to submit toward the bottom of the info page.

P.S. In full disclosure, the Internet Society is my employer but I have no direct connection to PIR and am passing this along purely because I think members of the CircleID community of readers might be excellent candidates for these positions.

Written by Dan York, Author and Speaker on Internet technologies - and on staff of Internet Society

Follow CircleID on Twitter

More under: Domain Management, Domain Names, Registry Services, New TLDs

China's Pursuit of Public International Cybersecurity Law Leadership


There are relatively few venues today for the development of public international cybersecurity law among Nation States. One was the United Nations Group of Governmental Experts (UNGGE) at which the U.S. several months ago announced its de facto withdrawal with some concern expressed. A much older, well-established venue is newly assuming considerable significance — the Expert Group on the International Telecommunication Regulations (EG-ITRs). The EG-ITRs activity has the ability to shape the evolution of public international cybersecurity law that has existed over many decades to which most of the nations of the world accede and generally abide by. Indeed, within that treaty provision ensemble, it was the 1988 version of the ITRs that enabled datagram internets to be lawfully implemented across borders globally when the provisions came into effect in July 1990. China has rarely undertaken a role in developing public international cybersecurity law over the many years the provisions have existed. Only once did it submit a formal proposal — fifteen years ago to the 2002 Plenipotentiary Conference where it introduced a resolution concerning "rapid Internet growth [that] has given rise to new problems in communication security." Thus, a China formal submission to the upcoming third EG-ITRs meeting on 17-19 January 2018 in Geneva is significant in itself. Furthermore, what China did submit represents a cogent, visionary focus on the key challenges of cybersecurity today, and it deals with the most critical issues facing every nation. Additionally, the participation from China in the EG-ITRs includes knowledgeable senior staff from its key Ministry of Industry and Information Technology (MIIT), with a supporting submission from China Telecom. The action suggests that China seems now willing and able to assume leadership in the evolution of public international cybersecurity law. The step also is also bolstered by its investing more resources globally in collaborating on related technical specifications in multiple international industry activities than any other nation over the past decade. The principal focus of the China EG-ITRs submission is cybersecurity — with so-called Over the Top (OTT) virtual services as the prime example. China notes that "the safety and security of the world telecommunications/ICT networks have become a global concern in respect of sovereignty, security and development interests of all nations." It goes on to observe that "there's a severe lack of [public international cybersecurity law] relation to the governance of the international telecommunications/ICT network security." The OTT exterritoriality example that China chose is compelling. OTT implementations present some of the most difficult public international law challenges today because they enable any arbitrary party from outside a Nation State's jurisdiction to autonomously engage in an unfettered array of network-based actions within that Nation State, including deployment of software agents and management of IoT devices. Some of those actions are commercial in nature or otherwise benign, albeit within the remit of most countries to control as public offerings. Other actions are frequently criminal and cause significant harm on remote systems or devices through malware. OTT implementations through encrypted tunnels — which frequently occur — are especially problematic. The concern was underscored by statistics provided at a recent international meeting in Singapore by a leading cybersecurity vendor which noted that half of al[...]

CircleID's Top 10 Posts of 2017


It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2017 participants for sharing their thoughts and making a difference in the industry. 2017 marked CircleID's 15th year of operation as a medium dedicated to all critical matters related to the Internet infrastructure and services. We are in the midst of historic times, facing rapid technological developments and there is a lot to look forward to in 2018. Top 10 Featured Blogs from the community in 2017: #1Internet Governance Outlook 2017: Nationalistic Hierarchies vs. Multistakeholder Networks?Wolfgang Kleinwächter – Jan 06, 2017Viewed 37,265 times#2Slovaks Worry About the Future of Their Country's .SK TLDOndrej Jombík – Aug 02, 2017Viewed 12,441 times#3Sorry, Not Sorry: WHOIS Data Must Remain PublicNeil Schwartzman – Apr 27, 2017Viewed 12,323 times#4The Hack Back Bill in Congress is Better Than You'd ExpectJohn Levine – Oct 23, 2017Viewed 11,878 times#5Preliminary Thoughts on the Equifax HackSteven Bellovin – Sep 17, 2017Viewed 11,827 times#6The Darkening Web: Is there Light at the end of the Tunnel?Wolfgang Kleinwächter – Oct 15, 2017Viewed 11,627 times#7Legal Controls on Extreme End-to-End Encryption (ee2ee)Anthony Rutkowski – Oct 24, 2017Viewed 11,378 times#8The IoT Needs a Paradigm Shift from Security to Safety of Connected DevicesMartin Unger – Aug 23, 2017Viewed 11,373 times#98 Reasons Why Cybersecurity Strategy and Business Operations are InseparableNiel Harper – May 13, 2017Viewed 11,279 times#10Shedding Light on How Much Energy the Internet and ICTs ConsumeMichael J. Oghia – Mar 21, 2017Viewed 10,988 times Top 10 News in 2017: #1Security Researchers are Warning About a New IoT Botnet Storm BrewingOct 31, 2017Viewed 11,496 times#2IBM Launches Quad9, a DNS-based Privacy and Security Service to Protect Users from Malicious SitesNov 16, 2017Viewed 11,215 times#3Domain Registries to Discuss Possibility of ICANN Fee Cuts in Private Meeting This MonthSep 05, 2017Viewed 11,055 times#4New Wave of Ransomware Spreading Rapidly Through Russia, Ukrain and Other NationsOct 24, 2017Viewed 10,610 times#5Equifax Breach Blamed on Open-Source Software FlawSep 11, 2017Viewed 9,868 times#6EFF Resigns from World Wide Web Consortium (W3C) over EME DecisionSep 19, 2017Viewed 9,504 times#7Cyberattacks Against Abortion Clinics on the RiseOct 05, 2017Viewed 9,331 times#8China to Create National Cyberattack DatabaseSep 15, 2017Viewed 8,873 times#9Equifax Hacked, Nearly Half of US Population AffectedSep 07, 2017Viewed 8,722 times#10Russian Behind Massive LinkedIn, Dropbox Hack Subject of Extradition Fight Between US and RussiaNov 26, 2017Viewed 8,720 times Top 10 Industry News in 2017 (sponsored posts): #1The Rise and Fall of the UDRP Theory of 'Retroactive Bad Faith'Internet Commerce Association – May 08, 2017Viewed 6,966 times#2Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?Internet Commerce Association – Jun 14, 2017Viewed 6,628 times#32016 Year in Review: The Trending Keywords in .COM and .NET Domain RegistrationsVerisign – Mar 10, 2017Viewed 6,193 times#4Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016Verisign – Feb 13, 2017Viewed 6,035 times#5A Look at How the New .SPACE TLD Has Performed Over the Past 2 YearsRadix – Feb 15, 2017Viewed 5,874 times#6Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last [...]

Internet Governance Outlook 2018: Preparing for Cyberwar or Promoting Cyber Détente?


In 2018, Internet Governance will be one of the top priorities in the geo-strategic battles among big powers. In today's world, every global conflict has an Internet-related component. There is no international security without cybersecurity. The world economy is a digital economy. And human rights are relevant offline as well as online. It is impossible to decouple cyberspace from the conflicts of the real world. 20 years ago, Internet governance was a technical issue with political implications. Today, it is a political issue with a technical component. This shift is challenging the institutional balance within the global Internet Governance ecosystem. Intergovernmental networks like G20, G7 and BRICS or organizations like WTO, ILO and NATO, which in the past had only little to do with Internet Governance, are now becoming key players. This does not mean that technical organizations like ICANN, IETF, ISOC, RIRs, W3C, IEEE, 3GPP, etc. will lose their roles — on the contrary, the whole process gets more complex. And the re-balancing of power within the Internet Governance Ecosystem leads to a growing need for enhanced cooperation among governmental and non-governmental stakeholders, among code-makers and law-makers, both nationally and globally. 2018 will see more political, economic and cultural conflicts in cyberspace than ever before. Whether those conflicts will escalate into something like a global cyberwar or whether the Internet community will be strong enough to stop such an escalation and to turn the confrontational trends into a cyber detente, is undecided. Probably, 2018 will become another year in transition. Big Cyberpowers Relationships The relationship between the two cyber-superpowers — China and US — is complicated. On the one hand, both sides have declared to cooperate to enhance cybersecurity. They have reaffirmed their 2015 commitment to stop economic espionage online. And during the two 2017 meetings between president Trump and president Xi (in Florida and Bejing), cyber was defined as a space for dialogue. In October 2017, the first "US-China Law Enforcement and Cybersecurity Dialogue" took place in Washington. On the other hand, both sides see themselves more as adversaries and competitors in cyberspace. State-to-State cyberespionage continues. There are fundamental differences if it comes to issues like attribution, hacking back, human rights and international institutional mechanisms. And we will see probably an extension of the US-Chinese cyberconflicts into the digital economy. So far the Silicon Valley-based AMAFAGs (Apple, Microsoft, Amazon, Facebook and Alphabet's Google) dominated the digital western world. Their Chinese competitors — the BATs (Baidu, Alibaba and Tencent) — became international giants thanks to a huge domestic market with 800 million Internet users. But now, Chinese corporations are going beyond the great firewall (see Alibaba's opening of a European Hub in Belgrad) and the US companies want to have more from the Chinese markets (see Apple's Tim Cooks speech in Wuzhen in December 2017). And there will be a growing battle for the next billion Internet users, which will come from the developing world. Recently, the New York Times reported about a clash between Alibaba and Amazon in Singapore. Will Google clash with Baidu in Africa? Or Facebook with Tencent in Latin America? Russia does not have such a strong digital economy, but it has advanced capacities to organize hidden cyberattacks with global impacts. It is a little bit[...]