Subscribe: CircleID
Added By: Feedage Forager Feedage Grade B rated
Language: English
circleid twittermore  domain names  domain  fcc  gac  internet  names  new  overview  policy  rights  service  udrp  wipo 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CircleID


Latest posts on CircleID

Updated: 2017-05-26T12:17:00-08:00


Help Shape the Future of the Internet


This year, the Internet Society celebrates its 25th anniversary. Our own history is inextricably tied to the history of the Internet. We were founded in 1992 by Internet pioneers who believed that "a society would emerge from the idea that is the Internet" — and they were right. As part of the celebration, this September we will launch a comprehensive report that details the key forces that could impact the future of the Internet. The report will also offer recommendations for the Future and we need your input. Our work on this started last year, when we engaged with a broad community of Members, Chapters, Internet experts and partners. We conducted two global surveys that generated more than 2,500 responses representing the business, public policy, civil society, Internet development, academic and technology communities from 160 countries and economies. Individuals from 94% of the Internet Society's global chapters participated in the survey. We interviewed more than 130 Internet experts and hosted 15 virtual roundtables. My colleague Sally Wentworth has shared some thoughts on these conversations as she presented the project to UN trade experts in April, in Geneva. Throughout the project, our community reaffirmed the importance of six "Drivers of Change" and identified three areas that will be significantly impacted in the future: Digital Divides; Personal Freedoms and Rights; and, Media, Culture and Society. These "Impact Areas" are core to the Internet Society's focus on putting the user at the forefront when considering the future of the Internet. This has been community-driven from the beginning to the end, and as we reach the final stage, we would like your input on recommendations for Internet leaders and policy makers to ensure the development of an open, trusted, accessible, and global Internet in the future. We'll discuss these recommendations in September at our global membership meeting, InterCommunity 2017. It's open to all. Unleash your imagination. Tell us how we can address emerging issues while harnessing the opportunities that the future will bring. Note: This post originally appeared on the Internet Society blog. Written by Constance Bommelaer, Senior Director, Global Internet Policy, Internet SocietyFollow CircleID on TwitterMore under: Internet Governance, Policy & Regulation [...]

What It Takes to Prove Common Law Rights in UDRP Complaints


The Uniform Domain Name Dispute Resolution Policy now has seventeen years of history. A high percentage of disputes are indefensible and generally undefended. As the history lengthens, early registrants of dictionary word-, common phrase-, and arbitrary letter-domain names have been increasing challenged in two circumstances, namely by businesses who claim to have used the unregistered terms before respondents registered them and later by emerging businesses with no history prior to the registrations of the domain names. I have discussed the latter in earlier essays. Some examples from recently decided cases of the former include "gabs" (the only recent dictionary word case); phrases include "Gotham construction," "Minute Clinic," "Stage Coach," and "Desert Trip" and for random letters (acronyms to complainants) "atc" and other three-character domains. Some of these second level domains are discussed further below. Claiming unregistered rights is a recurring motif, important because it affects whether complainants have standing, discussed in an earlier essay, UDRP Standing: Proving Unregistered Trademark Rights). Typical complainant allegations of common law rights confess they never registered their marks but their priority in the marketplace ought nevertheless to support abusive registration of the corresponding domain names. However, as a general rule complainants alleging common law rights have to work harder to overcome the distance of time. To prevail in a UDRP proceeding parties have to be alert to their evidentiary demands. When a complainant alleges priority in using a mark currently being exploited by a respondent arguably violating its representations and warranties, it has to prove "reputation in and public recognition of the trademark" prior to the registration of the domain name (the now versus then burden). The quotation comes from the Gotham construction case, Joel I. Picket v. Niyazi Palay / Gotham Constructions, FA1702001717501 (Forum April 10, 2017). Put another way—Stacy Hinojosa v. Tulip Trading Company, FA1704001725398 (Forum May 24, 2017) (): [A] date of first use alone is not enough to establish common law rights in a mark. In order to have common law rights, a complainant must establish secondary meaning. Secondary meaning requires establishing that the public primarily associates the mark in question with certain goods or services originating from the purported mark holder." The underlying rationale is simple: if prior to the registration of the domain name the unregistered mark had no reputation, it follows respondent could not have registered the domain name in bad faith. It's worse for a complainant who had no reputation in the past, and has none now! But these failures are frequently traceable to complainants not understanding what has to be proved, and argued by pro se disputants. The term "rights" in paragraph 4(a)(i) of the Uniform Domain Name Dispute Resolution Policy — "[the] domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights" — encompasses unregistered as well as registered rights but whereas a complainant with a registered mark by definition has a "right" complainant with an unregistered right has to prove something more than simple priority. It may indeed have had a market presence, but who knew about it? This is the kind of knowledge only a complainant would have, and if it doesn't have (or doesn't offer) documented proof it will be read negatively that silence means there is no proof to offer; and if there is no proof, it loses. It has been said that Panels generally "approach[] the issue of proof of [unregistered] trademark 'rights' ... in a slightly more relaxed manner than does the USPTO when it requires proof of secondary meaning." NJRentAScooter v. AM Business Solutions LLC, FA0909001284557 (Nat. Arb. Forum November 4, 2009). However, "slightly more relaxed" has to be understood in a relative sense. The weak[...]

5G Frequency Fees Are Waived in Singapore to Help Drive Market Tests


Singapore government has waived telecom frequency fees for 5G trials until December 2019 in order to catalyze market growth and discovery of potential use cases. According to a ZDNet report, industry regulator, Infocomm Media Development Authority (IMDA), says this would lower regulatory barriers and encourage industry players to explore potential applications of 5G networks. "Singapore's Minister for Communications and Information Yaacob Ibrahim said such enhancements would be critical to support the deployment of key components such as Internet of Things (IoT), which was one of four technology focus areas IMDA had identified as critical in the nation's digital transformation. ... other focus areas were artificial intelligence (AI) and data science, cybersecurity, and immersive media, which included virtual reality (VR) and augmented reality (AR) technologies."

Follow CircleID on Twitter

More under: Mobile Internet, Policy & Regulation, Telecom, Wireless

Al-Jazeera, HuffPost Arabi Among 21 News Sites Blocked by Egypt, Plus Possible Legal Action


At least 21 news sites critical of the government in Egypt, including the Qatari channel Al-Jazeera and Huffington Post’s Arabic-language site HuffPost Arabi, have been blocked. Ruth Michaelson reporting in The Guardian: "The state-run news agency Mena announced late on Wednesday night that 21 websites had been blocked because they were 'spreading lies' and 'supporting terrorism'. The full list of banned sites was not provided, but Mena added that legal action against the outlets was forthcoming. ... The blocking of the 21 sites followed raids on several news sites in Cairo, even those with little history of critical coverage."

Follow CircleID on Twitter

More under: Censorship, Internet Governance

Emergency Patch Issued for Samba, WannaCry-type Bug Exploitable with One Line of Code


The team behind the free networking software Samba has issued and emergency patch for a remote code execution vulnerability. Tom Spring reporting from Threatpost writes: "The flaw poses a severe threat to users, with approximately 104,000 Samba installations vulnerable to remote takeover. More troubling, experts say, the vulnerability can be exploited with just one line of code." The Samba team which issued the patch on Wednesday, says "all versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."

"Comparisons are being made between the WannaCry ransomware attacks... because like WannaCry, the Samba vulnerability could be a conduit for a 'wormable' exploit that spreads quickly. Also, any exploit taking advantage of the Samba vulnerability would also take advantage of bugs in the same SMB protocol used by the NSA exploits used to spread WannaCry." –Tom Spring, Threatpost, 25 May 2017

No signs of attacks yet in the 12 hours since its discovery was announced. "[I]t had taken researchers only 15 minutes to develop malware that made use of the hole. ... This one seems to be very, very easy to exploit ... more than 100,000 computers [are found] running vulnerable versions of the software, Samba, free networking software developed for Linux and Unix computers. There are likely to be many more." –Jeremy Wagstaff and Michael Perry, Reuters, 25 May 2017

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity, Malware

WIPO's UDRP 'Overview' Gets Bigger (and Better)


Just as the number of domain names and domain name disputes have expanded significantly in recent years, so, too, has WIPO's "Overview," which has been updated to address the growing complexity of cases under the Uniform Domain Name Dispute Resolution Policy (UDRP). WIPO has just published the third edition of its "WIPO Overview of WIPO Panel Views on Selected UDRP Questions” — commonly referred to as "WIPO Jurisprudential Overview 3.0." The document addresses some of the most common, important and difficult issues that frequently arise in UDRP cases. WIPO Overview 3.0 is the first update to this document in six years — a time period in which a lot of changes have come to the domain name system, including the arrival of more than 1,200 new generic top-level domains (gTLDs) and a new domain name dispute policy (the Uniform Rapid Suspension System, or URS). "Following a review of thousands of WIPO panel decisions issued since WIPO Overview 2.0, this edition has been updated to now include express references to over 800 representative decisions (formerly 380) from over 250 (formerly 180) WIPO panelists," according to an introduction to WIPO Overview 3.0. "The number of cases managed by the WIPO Center has nearly doubled since its publication of WIPO Overview 2.0; as a result, the number of issues covered in this WIPO Jurisprudential Overview 3.0 has significantly increased to reflect a range of incremental DNS and UDRP case evolutions." New and Expanded Topics New or expanded topics addressed in WIPO Overview 3.0 include the following: The relevance of a top-level domain name – a topic I have written about before. The Overview says: "Where the applicable TLD and the second-level portion of the domain name in combination contain the relevant trademark, panels may consider the domain name in its entirety for purposes of assessing confusing similarity (e.g., for a hypothetical TLD '.mark' and a mark 'TRADEMARK', the domain name would be confusingly similar for UDRP standing purposes)." The relationship between the UDRP and the URS – another topic I have written about before. Citing a decision in which I successfully represented a trademark owner in both a URS and a UDRP proceeding, the Overview says, "There have… been UDRP proceedings filed where the same domain name was previously subject to a URS case. In such event, the UDRP complaint should make this clear." WIPO's role in implementing a UDRP decision — an issue that occasionally arises when a registrar fails to transfer a domain name despite a UDRP order to do so. In my experience, this is often attributable to ignorance, not defiance, but in either case enlisting WIPO's assistance can be helpful. Although the Overview makes clear that WIPO's role "normally ends upon notification of a panel decision to the parties and registrar," it also says that parties may "raise such implementation matters to the WIPO Center's attention." The Role of the Overview In any event, WIPO Overview 3.0 should be helpful to any party filing or defending a UDRP complaint. Not only does the document explain the consensus view on many issues, it also provides numerous citations to relevant decisions, which can provide a useful resource for additional research. Still, as the Overview itself makes clear, not all UDRP issues are entirely settled, and (as in all legal proceedings) the facts of each case will be important. As the Overview states, the document "cannot serve as a substitution for each party's obligation to argue and establish their particular case under the UDRP, and it remains the responsibility of each party to make its own independent assessment of prior decisions relevant to its case." Therefore, parties would be wise to consult the newly expanded and even more helpful Overview — but, they still must conduct appropriate research and analysis to prepare and presen[...]

ICANN to Release Hundreds of Domain Names Matching Country Names


Hundreds of country and territory domain names are likely to be finally released this year based on the new resolution that calls for ICANN to take "all steps necessary" to do so. Kevin Murphy reporting in Domain Incite: "The ICANN board last week passed a resolution calling for the organization to clear a backlog of over 60 registry requests to start selling or using country and territory names in their gTLDs. Some of the requests date back to 2014. They’ve all been stuck in red tape while ICANN tried to make sure members of the Governmental Advisory Committee was cool with the names being released."

Follow CircleID on Twitter

More under: Domain Names, ICANN, Policy & Regulation

Be Agile or Be Edged Out: "Live" from TM Forum 2017


I like a conference that's "Live". Not just a lively crowd coalescing together to passionately discuss and debate matters of common interests, but more so in the sense of physical presence: things you can feel and touch. In the case of the TM Forum Live! 2017 event, held last week at Nice, France, it's the Catalyst Pavilions where innovative solutions, best practices, and even exploratory experimentations were on full display. Do I mean that for an IT Operation Support Systems (OSS) and Business Support Systems (BSS) trade show, you can touch it? Yep. "Touching" in the sense that you can see and interact with real tools, platforms, and live demonstrations from live telecom networks, in real life deployments. You can see how concepts are developed into operational tools; you can touch tools that became operational platforms powering network and service convergences for service providers; you can come and visualize how disparate, siloed processes and manual work are being automated and integrated; and you can interact and even challenge why innovations haven't delivered the results promised. "Hands-on" is what really grabbed my attention. IT operations optimization, data analytics, service quality improvements, customer-centric processes, interfaces, APIs — you can touch them all under one roof. That "hands-on" engagement is what makes TMF feel close: touch it, play with it, see how it would apply in your own world. Demonstrations and examples range from IT operation process automation, Quality of Services (QoS) for customer-centric operations models, to the Internet of Things (IoT), data analytics, platforms, and APIs. So much has changed and evolved from the traditional OSS/BSS to what is now the OSS/BSS of the Network Function Virtualization (NFV) and Software-Defined Networking (SDN) landscape. The stodgy old OSS/BSS is challenged to go through a transformative change, which is driven by the demand for business agility. Business agility is a reality for any IT department and for service providers who need to survive in a world quickly transformed by increasingly interactive service provider/subscriber relationships. Consumer demand for access is high, leading to fierce competition amongst providers for subscriber loyalty and creating business drivers for fast new service launches, targeted and personalized service packages, easy and on-demand self-service and self-authentication of services, and promotional sign-ons. As a result, the collaboration between the Chief Marketing Officers' (CMOs) department, Chief Information Officers' (CIOs) department and Chief Technology Officers' (CTOs) department has intensified. IT is no longer satisfied with being handed down business requirements by business groups such as Sales and Marketing and Product Management. IT has to strive to be a business partner. Service providers aligning their organization to achieve business agility are merging their traditional Network Engineering functions and back-office IT organization all under one executive branch of the CTO. The goal is to drive DevOps agility and faster time to deployment. Leveraging technology to create business agility is easier said than done, as often lamented by people working in the trenches. A lot of it has to do with integrating legacy systems, but it's also related to what I would call "self-inflicted" processes and workflows built for yesterday's market and subscribers. Today, the combination of 4G LTE fast speed broadband connections, Google searches that put information at consumers' fingertips, the omnipresent and accessibility of information as organizations digitize their assets, and the power of video from companies like Google, YouTube, Facebook, and Twitter are changing our lives. This reflects and changes the way service providers interact with their target audiences. Business agility is not simply[...]

U.S. Federal Communications Commission Votes 2-1 for Net Neutrality Rollback


"The U.S. Federal Communications Commission voted 2-1 on Thursday to advance a Republican plan to reverse the Obama administration's 2015 'net neutrality' order." David Shepardson reporting in Reuters: "The public will have until mid-August to offer comments before the FCC votes on a final plan. [FCC chairman] Pai wants public input on whether the FCC has the authority or should keep its 'bright line' rules barring internet companies from blocking, throttling or giving 'fast lanes' to some websites. He has not committed to retaining any rules, but said he favors an 'open internet.'"

Follow CircleID on Twitter

More under: Net Neutrality, Policy & Regulation

Hidden in Plain Sight: FCC Chairman Pai's Strategy to Consolidate the U.S. Wireless Marketplace


While couched in noble terms of promoting competition, innovation and freedom, the FCC soon will combine two initiatives that will enhance the likelihood that Sprint and T-Mobile will stop operating as separate companies within 18 months. In the same manner at the regulatory approval of airline mergers, the FCC will make all sorts of conclusions sorely lacking empirical evidence and common sense. FCC Chairman Pai's game plan starts with a report to Congress that the wireless marketplace is robustly competitive. The Commission can then leverage its marketplace assessment to conclude that even a further concentration in an already massively concentrated industry will not matter. Virtually overnight, the remaining firms will have far less incentives to enhance the value proposition for subscribers as T-Mobile and Sprint have done much to the chagrin of their larger, innovation-free competitors AT&T and Verizon who control over 67% of the market and serve about 275 million of the nation's 405 million subscribers. Like so many predecessors of both political parties, Chairman Pai will overplay his hand and distort markets by reducing competition and innovation much to the detriment of consumers. He can get away with this strategy if reviewing courts fail to apply the rule of law and reject results-driven decision making that lacks unimpeachable evidence supporting the harm free consolidation of the wireless marketplace. Adding to the likely of successful overreach, is the possibility of a muted response in the court of public opinion. So how will the Pai strategy play out? First, the FCC soon will invite interested parties to provide evidence supporting or opposing a stated intent to deem the wireless marketplace sufficiently accessible and affordable throughout the nation. The FCC has lots of evidence to support its conclusion, but plenty of countervailing and inconvenient facts warrant a conditional conclusion, particularly in light of future market consolidation. Wireless carriers have invested billions in network infrastructure and spectrum. Rates have significantly declined as the industry has acquired scale and near full market penetration. Bear in mind that all of this success has occurred despite, or possibly because of a federal law requiring the FCC to treat wireless carriers as public utility telephone companies. Congress opted to treat wireless telephone service as common carriage, not because of market dominance, but because it wanted to maintain regulatory parity with wireline telephone service as well as apply essential consumer safeguards. How ironic — perhaps hypocritical — of Chairman Pai and others who surely know better to characterize this responsibility as the product of overzealous FCC regulation that has severely disrupted and harmed ventures providing wireless services. Just how has common carrier regulation created investment disincentives for wireless carriers when operating as telephone companies? Put another way, how would removal of the consumer safeguards built into congressionally-mandated regulatory safeguards unleash more capital investment, innovation and competitive juices? U.S. wireless carriers regularly report robust earning and average revenue per user that rival any carrier worldwide. Of course industry consolidation would further improve margins while relaxation of network neutrality and privacy protection safeguards would create new profit centers. T-Mobile shareholders get a big payout, while the remaining carriers breath a sigh of relief that their exhaustively competitive days are over. Will the court of public opinion detect and reject the FCC's bogus conclusion that common carrier regulation has thwarted wireless investment and innovation? That requires a lot of vigilance and memories of the bad old days when n[...]

Registered Your DMCA Contact Address Yet?


It is not much of an exaggeration to say that the Digital Millenium Copyright Act of 1998 makes the Internet as we know it possible. The DMCA created a safe harbor that protects online service providers from copyright suits so long as they follow the DMCA rules. One of the rules is that the provider has to register with the Copyright Office to designate an agent to whom copyright complaints can be sent. The original process was rather klunky; send in a paper form that they scan into their database, along with a check. This year there is a new online system, and as of December, they will no longer provide the old paper database. So if you are a provider (run web servers, for example) and want to take advantage of the safe harbor, you have to register or re-register. Fortunately, the process is pretty simple. You visit the new DMCA site at, click Registration Account Login at the upper right, then the "register here" link on the login page. Then you set up an account with yourself as a primary contact, and if you want, a secondary contact. It sends a confirmation message to the e-mail you provide, and once you click the link, you have an account. Then you log in and add a service provider which will generally be you or your company, and a designated agent which will generally also be you. Then you add all the names by which someone might look for your company, which can include your business name, any other names your business uses, and all the domain names you use. There is as far as I can tell, no limit to the number of alternate names, so be comprehensive. Then you pay $6 by credit card, and you're done. If you later want to make changes, such as adding new alternate names, that's another $6 so take a few minutes and think of them all before pushing the pay button. After three years they will send you a reminder to renew, which will cost another $6. When the Copyright Office set up the new process, there was a certain amount of grousing that the old registrations were allegedly permanent while the new registrations have to be renewed every three years. While there is some merit to this complaint, it must be noted that the old registrations cost $140 while the new ones are $6, so if your business lasts for less than 70 years, the new scheme is cheaper. For six bucks, it's cheap insurance against even unlikely copyright suits. Written by John Levine, Author, Consultant & SpeakerFollow CircleID on TwitterMore under: Intellectual Property [...]

Security Costs Money. So - Who Pays?


Computer security costs money. It costs more to develop secure software, and there's an ongoing maintenance cost to patch the remaining holes. Spending more time and money up front will likely result in lesser maintenance costs going forward, but too few companies do that. Besides, even very secure operating systems like Windows 10 and iOS have had security problems and hence require patching. (I just installed iOS 10.3.2 on my phone. It fixed about two dozen security holes.) So — who pays? In particular, who pays after the first few years when the software is, at least conceptually if not literally, covered by a "warranty". Let's look at a simplistic model. There are two costs, a development cost $d and an annual support cost $s for n years after the "warranty" period. Obviously, the company pays $d and recoups it by charging for the product. Who should pay $n·s? Zeynep Tufekci, in an op-ed column in the New York Times, argued that Microsoft and other tech companies should pick up the cost. She notes the societal impact of some bugs: As a reminder of what is at stake, ambulances carrying sick children were diverted and heart patients turned away from surgery in Britain by the ransomware attack. Those hospitals may never get their data back. The last big worm like this, Conficker, infected millions of computers in almost 200 countries in 2008. We are much more dependent on software for critical functions today, and there is no guarantee there will be a kill switch next time. The trouble is that n can be large; the support costs could thus be unbounded. Can we bound n? Two things are very clear. First, in complex software, no one will ever find the last bug. As Fred Brooks noted many years ago, in a complex program patches introduce their own, new bugs. Second, achieving a significant improvement in a product's security generally requires a new architecture and a lot of changed code. It's not a patch, it's a new release. In other words, the most secure current version of Windows XP is better known as Windows 10. You cannot patch your way to security. Another problem is that n is very different for different environments. An ordinary desktop PC may last five or six years; a car can last decades. Furthermore, while smart toys are relatively unimportant (except, of course, to the heart-broken child and hence to his or her parents), computers embedded in MRI machines must work, and work for many years. Historically, the software industry has never supported releases indefinitely. That made sense back when mainframes walked the earth; it's a lot less clear today when software controls everything from cars to light bulbs. In addition, while Microsoft, Google, and Apple are rich and can afford the costs, small developers may not be able to. For that matter, they may not still be in business, or may not be findable. If software companies can't pay, perhaps patching should be funded through general tax revenues. The cost is, as noted, society-wide; why shouldn't society pay for it? As a perhaps more palatable alternative, perhaps costs to patch old software should be covered by something like the EPA Superfund for cleaning up toxic waste sites. But who should fund the software superfund? Is there a good analog to the potential polluters pay principle? A tax on software? On computers or IoT devices? It's worth noting that it isn't easy to simply say "so-and-so will pay for fixes". Coming up to speed on a code base is neither quick nor easy, and companies would have to deposit with an escrow agent not just complete source and documentation trees but also a complete build environment — compiling a complex software product takes a great deal of infrastructure. We could outsource the problem, [...]

Google Launches IoT Service for Managing Devices at Scale


Google today announced a fully-managed Google Cloud Platform (GCP) service called Google Cloud IoT Core, aimed at allowing companies to securely connect and manage IoT devices at scale. Indranil Chakraborty, Google Cloud Product Manager says: "Many enterprises that rely on industrial devices such as sensors, conveyor belts, farming equipment, medical equipment and pumps — particularly, globally distributed ones — are struggling to monitor and manage those devices for several reasons." Those reasons Chakraborty says include: operational cost and complexity, patchwork security, and data fragmentation. "Cloud IoT Core is designed to help resolve these problems by removing risk, complexity and data silos from the device monitoring and management process."

Follow CircleID on Twitter

More under: Cloud Computing, Internet of Things

Balancing Rights: Mark Owners, Emergent Businesses, and Investors


Is there any act more primary than naming? It comes before all else and makes possible what follows. For the most part, names are drawn from cultural assets: collections of words, geographic locations, family names, etc. They can be valuable, which is why they are guarded, protected, and hoarded. The balancing of rights among those competing for names is a deliberate feature of the Uniform Domain Name Dispute Resolution Policy (UDRP). The jurisprudence is "concerned [quoting from WIPO Final Report at paragraph 13] with defining the boundary between unfair and unjustified appropriation of another's intellectual creations or business identifiers." While businesses have statutory protection for the names, they use to identify themselves in the marketplace their choices of dictionary words and common expressions (excluding coined words) are nonexclusive. So for example "Prudential," "United," and "American" (to take the most obvious) are shared by many companies in different Classes. Coined words such as Google stand apart. Although it may be said (in a colloquial sense) that dictionary word-marks are "owned", it can never be equated with owning the grammatical constituents from which they are composed. (Virgin Enterprises and Easy Group have no monopoly on the dictionary words "virgin" and "easy" although they and other companies with long and/or deep presences in their marketplaces have been particularly successful in shutting down any use of their dictionary word-marks (combined or not with other grammatical elements) as domain names.) This sharing of names under the trademark system works because each of the sharers operates in and is confined to Classes that define the metes and bounds of their rights. (Non-shared marks higher on the classification scale can also be lawfully used in combination with other words in both the actual and virtual marketplaces (noted below), so they too are not entirely exclusive.) Since the Internet is class-less and there are no gatekeepers (as there are in obtaining trademarks), complainants are put to the test of proving breach of registrants' warranties and representations. It is not sufficient merely to show that domain names are identical or confusingly similar to marks in which complainants have rights. For all the successes of major brands in policing their marks, it is not unlawful to register dictionary words or letters as domain names as long as there is no intention to take advantage of or traffic in already established marks. Just as "sharing" names in commerce is balanced by protecting those with priority of use, so are there tests of rights under the UDRP. Basic to this assessment is a recognition that "[i]n the Internet context, consumers are aware that domain names for different Web sites are quite often similar, because of the need for language economy, and that very small differences matter." Entrepreneur Media, Inc. v. Smith, 279 F.3d 1135, 1147 (9th Cir. 2002). The boundary that defines "small differences" has been tested in a variety of factual circumstances: dictionary words ( and and common expressions (such as ) as well as defenses based on nominative fair use or similar concepts under other legal traditions such as "valid and honest competition" discussed below in Franke Technology and Trademark Ltd v. hakan gUlsoy, CAC 101464 ( May 11, 2017). The Panel in Gabs S.r.l. v. DOMAIN ADMINISTRATOR — NAME ADMINISTRATION INC. (BVI), CAC 101331 (ADReu February 26, 2017) found that "[t]he word 'gabs' is a common English word based on 'gab', meaning 'talk, prattle, twaddle' (Concise Oxford Dictionary) and it is used to [...]

Bell Canada Discloses Loss of 1.9 Million Email Addresses to Hacker, Says No Relation to WannaCry


Bell Canada, nation’s largest telecommunications company, disclosed late on Monday the illegal access of Bell customer information by an anonymous hacker. The information obtained are reported to include email addresses, customer names and/or telephone numbers. From the official release: "There is no indication that any financial, password or other sensitive personal information was accessed. ... The illegally accessed information contains approximately 1.9 million active email addresses and approximately 1,700 names and active phone numbers. ... This incident is not connected to the recent global WannaCry malware attacks."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity, Email

Net Neutrality Is a Smashing Success by FCC's Preferred Metric, Reports Free Press Researcher


"If investment is the FCC's preferred metric, then there's only one possible conclusion: Net Neutrality and Title II are smashing successes," says Free Press Research Director S. Derek Turner, author of a new report released by the consumer advocacy group. The report titled, "It's Working: How the Internet Access and Online Video Markets Are Thriving in the Title II Era," examines internet-industry developments in the two years since the Federal Communications Commission's February 2015 Open Internet Order which resulted in the adoption of strong Net Neutrality rules and reclassification of broadband-internet access as a Title II telecommunications service. — "The restoration of Title II for broadband-internet access was designed to preserve what the FCC rightly calls the internet's virtuous cycle of investment and innovation," says Turner. "All available data indicate that the 2015 decision to adopt strong rules on a sound legal footing is working as intended, benefiting internet users, broadband-access providers and the myriad businesses that distribute services over the open internet." — The centerpiece of President Trump's FCC chairman, Ajit Pai, "is his demonstrably false claim that the mere existence of Title II authority has caused a reduction in broadband investment. ... This claim is both false on its face — aggregate investment by publicly traded ISPs is up since the FCC's vote — and completely illogical. –Turner Other findings from the report: — "Aggregate capital investments at publicly traded ISPs were 5 percent higher during the two-year period following the FCC’s Open Internet vote when compared to the two years prior to the vote. Claims of a decline are based on manipulated data, and in any event, do not support a causal impact from Title II." — "Capital investments were higher at 16 of the 24 publicly traded ISP firms (or units) following the FCC’s vote. These increases are due primarily to continued core network expansion." — "During the two years following the adoption of the Open Internet Order, cable-industry physical network investments increased 48 percent compared to the amount invested during the two prior years. Cable ISPs’ core network investments accelerated dramatically during 2016, representing the highest single-year jump since 1999." — "Telecom-company spending on fiber-to-the-home network terminals and terminal ports rose nearly 50 percent during 2016." Follow CircleID on TwitterMore under: Access Providers, Broadband, Net Neutrality, Policy & Regulation [...]

WikiLeaks Releases CIA Malware Implants Called Assassin and AfterMidnight


The recent heavy news coverage of WannaCry has overshadowed the latest WikiLeaks release of critical CIA malware documentation: user manuals for two hacking tools named AfterMidnight and Assassin. Darlene Storm reporting in Computerworld writes: "WikiLeaks maintains that 'Assassin' and 'AfterMidnight' are two CIA 'remote control and subversion malware systems' which target Windows. Both were created to spy on targets, send collected data back to the CIA and perform tasks specified by the CIA… The leaked documents pertaining to the CIA malware frameworks included 2014 user's guides for AfterMidnight, AlphaGremlin — an addon to AfterMidnight — and Assassin. When reading those, you learn about Gremlins, Octopus, The Gibson and other CIA-created systems and payloads."

Follow CircleID on Twitter

More under: Cybersecurity, Malware

WannaCry: Patching Dilemma from the Other Side


WannaCry, originated firstly in state projects but spread by other actors, has touched upon myriads of infrastructure such as hospitals, telecommunication, railroads that many countries have labelled as critical. IT engineers are hastily presenting patching codes in various localized versions. The other patch needed, however, is more than technical. It is normative and legislative. The coding of that patch for a situation like this is in two layers of dilemma. The first dilemma is about the appropriateness and legitimacy of state's exploitation of industrial software vulnerabilities. For the government experts who are writing the norms for responsible state behavior in cyberspace at the UN level, should such exploitation be considered as responsible or reasonable or as damaging cyber stability? There is a general division of ideas about this point among different nations. Many cyber powers have actually acknowledged and approved the legitimacy of state behavior like that. The fact that they have founded their cyber force implies that message. Many other nations are uncomfortable about the militarization of the cyberspace and choose to condemn any behavior towards such a direction. They either have not fully grasped the complexity of the situation or lack the capability to face the strategic challenges. This division has significantly reduced room for UN GGE talks on norms of state behavior. The second dilemma is about non-proliferation of the state's cyber weapons. The previous GGE report has recommended that States should seek to prevent the proliferation of malicious ICT tools and techniques and the use of harmful functions. However, unlike nuclear weapons or missiles, the spread of the malware is much easier and faster, taking a non-conventional route. Compared with the conventional weapons, the cyber ammunition of a state seems to be much more vulnerable to invasion from other actors. An individual Robin Hood could shake the whole system. This has made future talks on disarmament and non-proliferation of cyber weapons harder. The division of opinions on the first dilemma has made it even more difficult to solve the dilemma on non-proliferation. An interesting phenomenon in the case is that Microsoft is presenting patches both in terms of code and in terms of policy and law by calling for, on earlier occasions this year, a Digital Geneva Convention, a Tech Accord, and an Attribution Council. Written by Peixi (Patrick) XU, Associate Professor, Communication University of ChinaFollow CircleID on TwitterMore under: Cyberattack, Cybercrime, Cybersecurity, Internet Governance, Malware, Policy & Regulation [...]

The 2-Character Answer to this GAC Advice Should be "No"


Overview: ICANN's Governmental Advisory Committee (GAC) has reacted to the ICANN Board's November 2016 decision to authorize the release of two-character domains at new gTLDs with advice to the Board that does not have true consensus backing from GAC members and that relates to procedure, not policy. The Board's proper response should be to just say no, stick to its decision and advise the GAC that it will not consider such advice. Instead, the Board has, against the preliminary advice of the policy-making Generic Names Supporting Organization (GNSO) Council, initiated discussions with aggrieved GAC members that may reopen its decision. Continuing down this dangerous path may provide governments with far more leverage over ICANN policy decisions than was ever envisioned or intended by the long debated and carefully crafted new Bylaws language addressing the Board's responsibility to give attention to GAC advice. Here's the full story — On March 15, 2017 ICANN's Governmental Advisory Committee (GAC) issued its Communique at the ICANN 58 meeting in Copenhagen, Denmark. Section VI of that document contains what purports to be GAC Consensus Advice to the Board, and the fourth item on which such advice is rendered is 2-Character Country/Territory Codes at the Second Level. Such policy advice would arguably be in order as a valid response to the ICANN Board's decision of November 8, 2016 relating to "Two-Character Domain Names in the New gTLD Namespace", in which it authorized the delegation of 2-chacter domains at new gTLDs, subject to certain conditions and safeguards. The adopted Resolution makes clear that the GAC's prior advice on this matter had been duly taken into account, and thereby the Board had fulfilled its duty under the relevant Bylaws provision. That Board Resolution contains this important passage relating to the GAC's input on this matter: Whereas, the GAC has issued advice to the Board in various communiqués on two-character domains. The Los Angeles Communiqué (15 October 2014) stated, "The GAC recognized that two-character second level domain names are in wide use across existing TLDs, and have not been the cause of any security, stability, technical or competition concerns. The GAC is not in a position to offer consensus advice on the use of two-character second level domains names in new gTLD registry operations, including those combinations of letters that are also on the ISO3166-1 alpha 2 list.” (Emphasis added) The GAC's Copenhagen Communique shows that it is still not in a position to offer consensus policy advice on the use of two-character second level domains. The Copenhagen advice regarding 2-character country codes (CCs) is clearly procedural in nature as it merely requests that the Board negotiate with certain disaffected GAC members; noting the "serious concerns expressed by some GAC Members" and advising the Board to "engage with concerned governments by the next ICANN meeting to resolve those concerns" and "immediately explore measures to find a satisfactory solution of the matter to meet the concerns of these countries before being further aggravated". This does not constitute substantive policy advice. By its own terms, it makes clear that only some governments have serious concerns regarding the Board's decision and that the engagement sought is not with the full GAC but with that relative handful of disaffected governments. ICANN's Board should properly provide the simple 2-character response of 'No' to this GAC advice. That's No as a firm word of rejection; not .NO, the ccTLD o[...]

It's Up to Each of Us: Why I WannaCry for Collaboration


WannaCry, or WannaCrypt, is one of the many names of the piece of ransomware that impacted the Internet last week, and will likely continue to make the rounds this week. There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let me tie those to voluntary cooperation and collaboration which together represent the foundation for the Internet's development. The reason for making this connection is because they provide the way to get the global cyber threat under control. Not just to keep ourselves and our vital systems and services protected, but to reverse the erosion of trust in the Internet. The attack impacted financial services, hospitals, medium and small size businesses. It was an attack that will also impact trust in the Internet because it immediately and directly impacted people in their day-to-day lives. One specific environment raises everybody's eyebrows: Hospitals. Let's share a few takeaways: On Shared Responsibility The solutions here are not easy: they depend on the actions of many. Solutions depend on individual actors to take action and solutions depend on shared responsibility. Fortunately, there are a number of actors that take their responsibility. There is a whole set of early responders, funded by private and public sector, and sometimes volunteers, that immediately set out to analyze the malware and collaborate to find root-causes, share experience, work with vendors, and provide insights to provide specific counter attack. On the other hand, it is clear that not all players are up to par. Some have done things (clicked on links in mails that spread the damage) or not done things (deployed a firewall, not backed up data, or upgraded to the latest OS version) that exaggerated this problem. When you are connected to the Internet, you are part of the Internet, and you have a responsibility to do your part. On proliferation of digital knowledge The bug that was exploited by this malware purportedly came out of a leaked NSA cache of stockpiled zero-days. There are many lessons, but fundamentally the lesson is that data one keeps can, and perhaps will, eventually leak. Whether we talk about privacy related data-breaches or 'backdoors' in cryptography, one needs to assume that knowledge, once out, is available on the whole of the Internet. Permissionless innovation The attackers abused the openness of the environment — one of the fundamental properties of the Internet itself. That open environment allows for new ideas to be developed on a daily basis and also allows those to become global. Unfortunately, those new innovations are available for abuse too. The uses of Bitcoins for the payment of ransom is an example of that. We should try to preserve the inventiveness of the Internet. It is also our collective responsibility to promote innovation for the benefit of the people and to deal collectively with bad use of tools. Above all, the solutions to the security challenges we face should not limit the power of innovation that the Internet allows. Internet and Society Society is impacted by these attacks. This is clearly not an Internet-only issue. This attack upset people, rightfully so. People have to solve these issues, technology doesn't have all the answers, nor does a specific sector. When looking for leadership, the idea that there is a central authority that can solve all this is a mistake. The leadership is with us all, we have to tackle these issues with urgency, in a networked way. At the Internet Society [...]