Subscribe: CircleID
Added By: Feedage Forager Feedage Grade B rated
Language: English
bfr  circleid twittermore  data  domain  internet  new  public  rights  satellites  security  service  services  udrp  years 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CircleID


Latest posts on CircleID

Updated: 2017-10-16T13:41:00-08:00


Security Flaw in TPM Chips Allows Attacks on RSA Private Keys


Details of Infineon’s RSA key generation vulnerability was made public today after several announcements by vendors last week. The bug makes it possible for an attacker to calculate a private key by having a target’s public key. The flaw was detected by Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec and Vashek Matyas at Masaryk University in the Czech Republic. Dan Goodin reporting in Ars Technica: "The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity

KRACK Attack Can Affect All Modern WiFi Networks, Researchers Have Disclosed


(image) As a proof-of-concept researchers executed a key reinstallation attack against an Android smartphone demostrating how the attacker is able to decrypt all data that the victim transmits.

Security researchers Mathy Vanhoef and Frank Piessens have detected a major vulnerability in the WPA2 protocol that secures all protected Wi-Fi networks. Details of the exploit named KRACK were published today depicting how the weakness can be exploited by attackers to steal sensitive information like passwords or credit card numbers. "We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks," writes Vanhoef. He adds:

"An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites. The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. ... Note that if your device supports Wi-Fi, it is most likely affected.

But don't panic, says Steven Bellovin: "Encryption flaws are sexy and get academics very excited, but they're rarely particularly serious for most people. That's very true here. In fact, at a guess, the most widespread problem, with WiFi, will have fewer serious consequences than the RSA problem."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity

Civil Society Groups Call for Deletion of Internet Filtering Provision in EU Copyright Proposal


The European Digital Rights (EDRi) and 56 other civil society organizations, sent an open letter today to EU decision-makers calling for the deletion of the Article 13 of the Copyright Directive proposal, pointing out that monitoring and filtering of internet content that it proposes breach citizens’ fundamental rights. Joe McNamee, Executive Director of EDRi, says: "The censorship filter proposal would apply to all online platforms hosting any type of user-uploaded content such as YouTube, WordPress, Twitter, Facebook, Dropbox, Pinterest or Wikipedia. It would coerce platforms into installing filters that prevent users from uploading copyrighted materials. Such a filter would require the monitoring of all uploads and would be unable to differentiate between copyright infringements and legitimate uses of content authorized by law. It undermines legal certainty for European businesses, as it creates legal chaos and offers censorship filters as a solution."

Follow CircleID on Twitter

More under: Censorship, Intellectual Property, Internet Governance, Policy & Regulation

Two More Crypto Holes


If you work in computer security, your Twitter feed and/or Inbox has just exploded with stories about not just one but two new holes in cryptographic protcols. One affects WiFi; the other affects RSA key pair generation by certain chips. How serious are these? I'm not going to go through the technical details. For KRACK, Matthew Green did an excellent blog post; for the other, full details are not yet available. There are also good articles on each of them. What's more interesting are the implications. As I've said before about crypto, don't panic. Encryption flaws are sexy and get academics very excited, but they're rarely particularly serious for most people. That's very true here. In fact, at a guess, the most widespread problem, with WiFi, will have fewer serious consequences than the RSA problem. The reason that crypto issues are not in general very serious is that someone who wishes to exploit them needs both the flaw and access — and access is rarely easy. For this new WiFi attack, remember that the range of WiFi is about 100 meters; this is not something that the attackers can do over the Internet. (Yes, with a good, directional antenna you can manage about a kilometer. That's still not much, and since the attack depends on sending a packet to the target machine you need very precise aim on someone's phone or computer.) There's a really important public policy angle to this, though. We're hearing lots of calls for "exceptional access", a mechanism for lawful government access to encrypted content. I and my colleagues have long warned that this is dangerous because cryptographic protocols are very subtle. In retrospect, this new flaw is blindingly obvious — very bad things happen if you replay message 3 of a 4 message sequence — but it took 13 years for it to be noticed, in a protocol that is used by literally billions of devices. (Btw — by "blindingly obvious" I'm not insulting the discoverer, Mathy Vanhoef. He did wonderful work finding it when no one else had, by asking himself, "I wonder what happens if....".) Oh yes — the protocol was mathematically proven correct — but the proof didn't cover what the attack actually does. Cryptographic protocols are hard. So who is affected by this, and what should you do? The problem is on the client side; WiFI access points are not affected. You need to install software updates on every one of your WiFi devices. Apparently, iOS and Windows are not as seriously affected, because they didn't completely follow the (flawed!) spec. Android phones are vulnerable and are less likely to be updatable. Internet of Things devices are the most at risk, given their poor history of being updated. Again, though, most consumers are not at risk. Businesses are, and ones with many devices, e.g., credit card readers, connected by WiFi have a lot of scrambling to do. The other flaw appears to be more academically interesting and — for some of those affected — far more serious. Briefly, in the RSA encryption algorithm, one has to generate a "public key"; this key is (in part) the product of two large, random primes. We normally write this as n = pq Normally, n is public; however, p and q must be kept secret. The problem seems to be in the way p and q were generated. Normally, you generate large, random numbers and test them for primality. It appears that the code library used with a particular chip had something wrong with the process for generating primes, resulting in an n that is easy to factor into its constituent p and q. Interestingly, it's possible to detect these weak values of n very cheaply and easily, without trying to factor them. So — who is affected by this bug? First, remember the access issue. An attacker needs access to your encrypted traffic or encrypted device. That's not easy. Furthermore, if you used 2048-bit keys — and that's been standard for a fair number of years — the attack isn't cheap. On a 1000-cor[...]

ARIN Board Challenged to Diversify


Before the American Registry for Internet Numbers' 40th Public Policy Meeting closed last week, members were reminded that the elections for two seats on its Board of Trustees was an opportunity for needed change.

The opening of polls last Thursday marked the end of an era. The clue was the candidates. For the first time in ARIN’s history, at least one seat on its board would not be filled by an elected white male.

Of the four vying, only Dan Alexander, principal engineer for Comcast Cable, was both white and male. Of the others, two were female: Nancy Carter, CFO of Canada’s National Research and Education Network; and Leslie Daigle, Principal, Thinking Cat Enterprises. And the third is a Jamaican-born, Afro-American Stephen Lee, CEO of Arkitechs Inc. and a co-founder of the Caribbean Network Operators Group.

By its very composition, the pool promises an unprecedented outcome.

“This is the first time that we will have elected someone who is not yet-another-white-guy,” said Bill Woodcock, who served on the Board of Trustees for 15 years before stepping down at the ARIN meeting in San Jose, California.

“It has been 20 years of only white guys. Twenty years,” he said, in an interview immediately after the San Jose meeting, adding that the coming change was not coincidental but calculated.

“I stepped down because I can’t solve the problem of diversity on the board by remaining on the board myself. I am yet another white guy.”

As Woodcock sees it, his push for greater diversity in ARIN’s top-tier leadership serves the body's best interest.

“It’s a matter of selecting from the best possible pool of candidates. If we take the entire pool of candidates and we throw out everyone who is not a white guy before we fill the available seats, we get a mediocre Board. If we could get two really good candidates this time instead of two mediocre ones, the board would improve. If we could do that again next year, the board would improve again. Then we may be at an extraordinary board, rather than an average one. That’s what I’m hoping for,” he said.

Written by Gerard Best, Development Journalist

Follow CircleID on Twitter

More under: Internet Governance

The Role of the BFR in SpaceX's Satellite Internet Service


SpaceX started with their Falcon 1 booster followed by several versions of the Falcon 9. The Falcon Heavy will fly later this year, and the rocket that will take the first person to Mars is called, for now, the Big F***ing Rocket or BFR. The 150-ton BFR payload will be ten times that of the Falcon 9. It will have an extra landing-guidance engine for reliable reusability and SpaceX also expects to be able to soft-land and reuse the second-stage payload rocket as well as its protective nose cone, substantially reducing cost per launch. (Note that Boeing is also planning a Mars mission so they may be planning their own BFR). The following is speculation, but I think the BFR will play a significant role the SpaceX satellite Internet service. SpaceX applied to launch their 4,425 satellites in two phases — an initial deployment of 1,600 satellites and a final deployment of 2,825. That is a lot of satellites, and the FCC has required licensees to deploy their full constellations within six years of their grant, but last month they relaxed that constraint, establishing milestones of launching 50% of a constellation within six years and allowing another three years to complete the constellation. The FCC has delayed licensing SpaceX's plan until spectrum sharing agreements are reached by satellite operators, so the clock has not yet started running on their six and nine-year milestones. SpaceX plans to send a BFR to Mars in December 2022, and they won't give me any details, but they will surely be used "locally" before that. They plan to begin launching operating Internet satellites in 2019, and those will be launched by Falcon 9 or Falcon Heavy rockets, but the BFR should be available to launch many of the planned 4,425 satellites before the FCC deadline. SpaceX estimates the satellite mass as 386 kg, and the BFR can carry a 150-ton payload so, if they fit perfectly, a BFR could launch about 350 satellites at a time, but they won't fit perfectly, so let's say 300 per launch. SpaceX Senior Director Tom Ochinero says they will be capable of up to six launches per month. Using the BFR, 4,425 satellites in nine years sounds feasible and relatively cheap. (Elon Musk has estimated that future versions of the BFR may carry up to 1,000 tons). The BFR may also play a role in debris mitigation. When they are taken out of operation, satellites are de-orbited, and they burn up in the atmosphere, but there is some risk of debris hitting the Earth. Bloomberg reported that the FCC had challenged SpaceX's assessment of risk of human casualty from falling debris and SpaceX responded the following month. Recently two Senators have also asked the FCC to investigate the risk of collisions and debris. The BFR may render the debate moot. In a recent presentation, Elon Musk speculated that the BFR might be used to capture orbiting satellites and return them to Earth, as illustrated here: SpaceX hopes to recapture satellites in the future (source) I will conclude with the following image that illustrates how the BFR got its name — it is a BFR. If you are interested in the BFR and its role in Elon Musk's plan to colonize Mars, you should definitely read the post this illustration is taken from. Still not sure how big it is? Check out this view of a BFR in Boston: Written by Larry Press, Professor of Information Systems at California State UniversityFollow CircleID on TwitterMore under: Broadband, Wireless [...]

The Darkening Web: Is there Light at the end of the Tunnel?


In his book "The Darkening Web: The War for Cyberspace" (Penguin Books, New York 2017), Alexander Klimburg, an Austrian-American academic, gives "Internet Dreamers" a "Wake Up Call". He tells us the background-story why people start to be "anxious about the future of the Internet", as the recent ISOC Global Internet Report "Paths to Our Digital Future" has recognized. Klimburg refers to Alphabets CEO Erich Schmidt, who once said that "the Internet is the first thing that humanity has built that humanity does not understand". A Book of Dreams Klimburg has labeled his book a "book of dreams." He could have called it also a "book of broken dreams." More than 20 years ago, the dream of visionaries like John Peter Barlow was, that the "promised land" of the 21st century is the cyberspace. "We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth. We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity" so Barlow in his "Davos Declaration of Cyberindependence". Already ten years later, Harvard´s Jonathan Zittrain dropped some water into the wine by sending an early warning in his book "The Future of the Internet and how to stop it." Now, the future has arrived. And Klimburg argues that we have to readjust our dreams. He is not without hope. But — viewing our planet earth from an eagle's perspective — the reality is that the road to paradise is crossed by some highways to hell. The Evils of Cyberspace Klimburg takes us on a tour to visit the evils of cyberspace: Cybercrime, Cyberterrorism and Cyberwar; Censorship, Mass Surveillance and Fakenews. He has collected all the "bad news" from the last 40 years and shows us the arsenal, what could happen, if the unmeasurable opportunities of the digital revolution come into the wrong hands: I Love Virus, Stuxnet, Cyberattacks against Estonia, DDoS, Ransomware, Killer Apps, Lethal Autonomous Weapons, and, and and… The good thing in his book is that he puts this dark side of the Internet not only into the historical context of the Internet development itself since the times of ARPANET, but also into the broader political context of global geo-politics and the never-ending struggle between big powers. This does not change the real threats, but it helps us to understand better what is going on and why. He argues that a military cyberattack against the critical infrastructure of a country could have disastrous consequences, could ruin a national economy and put a democratic society into total chaos. The window of vulnerability of a network society is growing with the level of connectivity in a country. The incalculable risk with cyberwar is, that we have an imbalance between offense and defense. Such an imbalance never before existed in military scenarios. In cyberspace, it is cheap to attack but expensive to defend. This also makes the difference, if one compares cyberwar and nuclear war. In the nuclear age, there was a balance of power among the big players with a safeguard called "Mutual Assured Destruction" (MAD). Such a MAD does not exist in cyberspace. A cyberwar could be a hybrid process, very decentralized and with different layers. And its target would not be primarily "death and destruction", as we know it from conventional wars. Chaos and collapse of institutions on the enemy side could create enough damage to get supremacy in such a conflict. But it could come even worse. Klimburg writes: "The worst possible cyberevent may not be, that the lights go out, but they will never go out, that we will slip into a totally controlled environment of Orwellian proportions." This is, unfortunately, not new, but Klimburgs book summarizes all the arguments and links it to the challenges for global diplomacy. Insof[...]

ADNDRC Launches "Guide to HKIAC Domain Name Dispute Resolution"


In celebration of Hong Kong Arbitration Week (15-20 October 2017), the Asian Domain Name Dispute Resolution Centre (ADNDRC) at the Hong Kong International Arbitration Centre (HKIAC), the first ICANN accredited Uniform Domain Name Dispute Resolution Policy (UDRP) provider based in Asia, will launch its landmark Guide to HKIAC Domain Name Dispute Resolution (the "Guide"). Notably, in addition to UDRP disputes, the ADNDRC provides domain name dispute resolution services in relation to ".hk" and ".香港" (Hong Kong); ".cn" and ".中国" (China); and ".ph" (Philippines) country code top level domains (ccTLDs), among other dispute resolution schemes.

The 40-page Guide provides a wealth of information, from the most basic to the more challenging procedural and substantive issues that arise in internet domain name disputes, and is replete with helpful flow charts, relevant statistical tables and citations to previous panel decisions. For counsel and panelists who find themselves at the vortex of domain name disputes in the Asian region, the Guide also includes sections explaining how experienced panels deal with domain names comprising Chinese characters or Chinese Pinyin representations, translations or abbreviations of registered trademarks. This allows users of the Guide to take advantage of years of accumulated knowledge and "best practice" in the field.

Kudos to HKIAC for this milestone publication. The Guide is a "must read" for every serious domain name enthusiast. When it is available, HKIAC will post a link to its website, where you can download the Guide.

Written by David Kreider, Independent International Arbitrator

Follow CircleID on Twitter

More under: Domain Names, UDRP

Cloud Computing Growing Faster Than Expected, Reached $260 Billion in 2017


The global public cloud services market revenue is expetec to grow by 18.5 percent in 2017 reaching $260.2 billion, up from $219.6 billion in 2016, according to the latest report from Gartner, Inc. From the report: "Final data for 2016 shows that software as a service (SaaS) revenue was far greater in 2016 than expected, reaching $48.2 billion. SaaS is also growing faster in 2017 than previously forecast, leading to a significant uplift in the entire public cloud revenue forecast. ... SaaS revenue is expected to grow 21 percent in 2017 to reach $58.6 billion… The acceleration in SaaS adoption can be explained by providers delivering nearly all application functional extensions and add-ons as a service. ... The highest revenue growth will come from cloud system infrastructure services (infrastructure as a service, IaaS), which is projected to grow 36.6 percent in 2017 to reach $34.7 billion."

Worldwide Public Cloud Services Revenue Forecast:
(Billions of U.S. Dollars / Source: Gartner – October 2017)

Cloud Business Process Services (BPaaS)39.642.245.849.553.6
Cloud Application Infrastructure Services (PaaS)9.011.414.217.320.8
Cloud Application Services (SaaS)48.258.671.284.899.7
Cloud Management and Security Services7.18.710.312.013.9
Cloud System Infrastructure Services (IaaS)25.434.745.858.472.4
Cloud Advertising90.3104.5118.5133.6151.1
Total Market219.6260.2305.8355.6411.4

Follow CircleID on Twitter

More under: Cloud Computing

Inevitability of Global Standards for Non-Terrestrial Spectrum Sharing


Will we have global standards for Internet satellite spectrum sharing one day? Three companies, SpaceX, OneWeb and Boeing have announced ambitious plans to put thousands of Internet-service satellites in non-geostationary low-Earth orbit (NGSO) and other companies like ViaSat and SES are currently operating hundreds of communication satellites in medium-Earth and higher, geostationary orbits. With so many satellites orbiting in different planes and at different altitudes, there are bound to be frequent "inline events" when two satellites are simultaneously above an area both are communicating with — causing potential radio interference. Terrestrial radio interference has historically been handled by setting limits on transmitter power and granting exclusive rights to organizations, so, for example, in the Los Angeles area radio station KPCC has the exclusive right to broadcast at 89.3 MHz. Since transmitter power is also regulated, KPCC does not interfere with stations broadcasting at the same frequency in distant cities. Technology has improved since the early days of radio and we are entering an era when smart radios can be programmed to cooperatively share the same spectrum (range of frequencies) by quickly changing frequencies, power levels, antenna focus, etc. (You can see a quick overview of the frequency ranges these companies wish to use here). Last month, the US Federal Communication Commission (FCC) voted to delay SpaceX's application to launch satellites, saying they would defer to the International Telecommunication Union (ITU) on how these new satellite systems should coordinate and share spectrum. Since OneWeb had already been granted permission to launch their satellites, Bloomberg and others speculated that the issue of potential interference might pose a significant problem for SpaceX. It would have been a problem in the past, but today's regulators recognize that we need new rules for the spectrum-sharing era. In 2015, the ITU came out in favor of coordination between operators stating that they did not intend "to state an order of priorities for rights to a particular orbital position and the coordination process is a two way process" and last month FCC chairman Ajit Pai agreed, saying "given recent trends in the satellite industry and changes in satellite technology, the Commission began a review last year of the rules governing NGSO fixed-satellite service operations to better accommodate this next generation of systems." What this means is that OneWeb and other early applicants who have been approved by the ITU and FCC as having priority access to frequency bands do not have exclusive rights to that spectrum, just that SpaceX will have to negotiate and define a sharing mechanism that satisfies them. That process has begun. For example, OneWeb has a patent pending on progressive pitch technology, a technique to avoid interference between their low-Earth orbit constellation and geostationary satellites, which orbit around the equator at relatively high altitudes. Their satellites will automatically change orientation and power level as they pass over the equator to avoid interference with geostationary satellites orbiting above them. OneWeb technique to avoid inference with geostationary satellites SpaceX has proposed that NGSO operators share data [FCC PDF Download] to indicate the steering angle of each beam within a satellite's footprint. As shown below, they assert that this data sharing would drastically reduce the occurrence of inline events between their 4,425 satellites and a ViaSat geosynchronous satellite. Inline events (red dots) without and with information sharing This effort to enable efficient spectrum sharing by OneWeb, SpaceX, Boeing and operators of other satellites (and one day perhaps balloons, drones and other[...]

Celebrating 167 Years of Public International Law for Cyber Security


Interstate agreement between the Austro-Hungarian Monarchy, Prussia, Bavaria and Saxony, 25 July 1850.Original / EnglishOn 30 September 1850 at Dresden, the first international treaty was issued among the first sovereign nations to internet their national electronic communication networks. It was known as the Dresden Convention, and culminated several weeks hammering out basic requirements and techniques to implement an internet spanning the Austro-German European continent at the time, and established a continuing "Union" of signatories to evolve the provisions of the treaty. The Dresden Convention was a remarkable achievement that necessarily included basic elements of cyber security that persist today. The endurance of the treaty provisions and the collaborative process for cyber security were underscored over the decades by applying the provisions to each new communications technology and an expanding array of nation states that emerged. The network security provisions included those relating to sovereignty over national communication networks and service provisioning, protecting network infrastructure against harm, and sovereign rights to inspect and stop communication harmful to national security. Over the generations, the technologies included telephone networks, undersea cables, radiocommunication, radio sensing, broadcasting, out-of-band signalling, television and cable video, satellite communication, data communication, public mobile, and datagram internets, ICTs, cloud data centres and network-service virtualisation. In the 1930s, the treaty signatories would give themselves the name International Telecommunication Union. Today, literally every nation on earth has accepted today's ITU cyber security treaty provisions that originated in 1850. Indeed, despite multiple attempts to develop new global cyber security instruments, few have been successful, and none have been as enduring or ubiquitous as the ITU provisions. Worth special note is the adjunct ITU cyber security treaty instrument that emerged at the 1988 Melbourne Convention known as the International Telecommunication Regulations. The emergence of multiple datagram-based internets at that time for research and intergovernmental use such as the OSI Datagram and DARPA TCP/IP platforms, resulted in the ITU convening a conference to legalize transnational public internets for commercial offerings. The late Secretary-General Richard Butler convened most of the world's nations in his home town, and after five contentious weeks and two conference chairs, a treaty instrument was produced that legalized international public internets for the first time. Butler himself took considerable pride in writing and personally negotiating the internet key treaty provision known as Article 9. From a cyber security law development standpoint, what was especially significant was unleashing of the Morris Worm on the DARPA Internet weeks before the Melbourne conference — which played out in the International Herald Tribune daily. The concern was exacerbated by an enterprising New York Times reporter discovering that Morris' father was a noted U.S. national security official. The infamous malware incident resulted in many delegations — especially the cyber security experts on the USSR delegation — insisting Butler include multiple new cyber security provisions before they would agree to any treaty legalizing public internets and services. The provisions were added and based on innovative adaption of a continuum of cyber security treaty provisions that had existed over the decades. After the treaty was signed by most of the world's nations, ITU senior officials led efforts at nation levels to amend their national laws to enable international public internet implementations. Unfort[...]

Trademark Rights Paramount to Contract Rights for Domain Names


UDRP decisions come down from providers (principally from WIPO and the Forum) at the rate of 7 to 10 a day. Complainants mostly prevail; this is because in 90% of the cases (more or less that percentage) respondents have no plausible defense and generally don't bother appearing, although default alone is not conclusive of cybersquatting; there must be evidence of infringement. When complainants do not prevail, it is not because they lack rights; it is because, in the balancing of rights, complainants either do not have sufficient evidence of bad faith, or respondents have persuasive arguments that their registrations are lawful. The reason for stressing that trademark rights are paramount to contracts for domain names rests on the value societies attach to identifiers of source and the universal policy of governments to protect the integrity of marks from being used opportunistically for gain at the expense of mark owners and the public. This does not diminish contract rights lawfully acquired, although the challenge of rights demands proof. In challenging registrants complainants start with two advantages, namely 1) the UDRP is a rights protection mechanism designed for them; and 2) they own statutorily protected marks while registrants have only contractual rights to their domain names. The legal challenge can be mounted at any time, regardless the length of holding, and when challenged registrants have no choice (other than defaulting or removing the dispute to a court of competent jurisdiction) except to protect their interests in a UDRP proceeding. (Removal to a court of competent jurisdiction is extremely rare, incidentally although losing registrants have prevailed in actions under the ACPA). The 90% forfeiture rate mostly involves domain names incorporating marks distinctive--not just, or not only because they are necessarily well-known or famous, but because knowledge of them (directly or inferentially) cannot plausibly be denied. However, as marks descend on the classification scale, complainants' proof of cybersquatting must correspondingly be of higher quality. The reverse is true as marks ascend on the classification scale, there is a correspondingly higher demand on respondents to explain their registrations. It may come as a hard lesson for respondents insistent of their contract rights that they may be inferior to complainants' rights if they cannot convincingly explain their lexical and numeric choices or if their explanations lack credibility. The issue comes into focus in two recent cases. There are (one would think) rules for acquiring domain names. One rule is that the acquirer should undertake due diligence before making a purchase, or risk losing both the domain name and the purchase price. In National Cable Satellite Corporation, d/b/a C-SPAN vs. Michael Mann / Omar Rivero, FA1707001741966 (Forum September 20, 2017) the real party in interest (Rivero) acquired from a well-known investor (Mann) for $75,000. Mann acquired the domain name many years earlier, although the acquisition postdated Complainant's WASHINGTON JOURNAL mark by many years (registration, 1997). (There is no indication in the record of any due diligence before Rivero purchased the domain name, and if not it violates the first rule of acquiring property). Respondent contended that, Complainant does not have the exclusive rights in the terms WASHINGTON JOURNAL, and there are several other registrations that contain or bear the precise terms "WASHINGTON" and "JOURNAL." [Respondent gave as an example WASHINGTON BUSINESS JOURNAL]. And It is clear that the Complainant does not have the exclusive rights in the terms WASHINGTON JOURNAL across a broad range of goods and/or services. Without the exclusive rights in the terms WASHI[...]

Will October Be Our Biggest Month Yet for .brand TLDs?


I'll admit I tend to get evangelical when I'm talking about .brands. To me and the team at Neustar, every development in this space is exciting and significant and we're always eager to share the latest news and insights. But you don't have to be a .brands nut to see that the last few weeks have shown some serious signs of momentum. And it makes me wonder, with everything that's developed in just the last week or two, could we be set for October to be the biggest month in .brands we've ever seen? Here's just a taste of the headlines: Brands and Domains The Brands and Domains conference took place in The Hague last week, and I was lucky enough to present among an awesome collection of speakers representing all facets of domains, marketing, branding and business. One particularly great session was a panel on .brands in social media, featuring Kevin Audritt of HSBC and Katie Espinoza of Rebrandly. This topic is really fascinating, and will actually be the focus of Neustar's next .brands webinar in early November. Amazon Web Services goes mainstream with .aws You may have seen my recent blog on this — Amazon Web Services has shown some serious marketing mettle, recently launching a widespread advertising campaign featuring a .aws domain. The 'Build On' campaign includes billboards and posters in major airports and train stations across the U.S. as well as television commercials that even ran during NFL football. AXA's new service, Fizzy This global insurance firm has used Blockchain technology to launch a new service that helps travelers gain instant, hassle-free compensation for delayed flights. You can see more about the service on its super eye-catching landing page at Australia Post innovates on .auspost In another example of a brand aligning its .brand TLD with its future company strategy, Australia's oldest, continually-operating organization is trialing an innovative new system to securely deliver packages and parcels without relying on a delivery driver. The 'Mobile Parcel Locker' will be rolled out first in Queensland, and all the information can be found at Barclays continues to lead Barclays Bank was the first brand to fully transition its primary web page to a .brand domain — when it moved to In recent weeks, Barclays has rolled out even more .barclays domains for internal and public initiatives, such as, and There are more awesome examples over at the Showcase on MakeWay.World. The Showcase is booming Speaking of the MakeWay.World Showcase; new .brand sites are launching so quickly we're barely keeping up! The organizations featured come from all over the globe and represent almost every industry sector, including Microsoft, Globo, Philips, Kia, Schwarz, Lamborghini, State Bank of India, Emerck, Sandvik, Bridgestone....the list goes on! I really could go on for pages about the activity we've seen recently in the .brands space, but I'll just say this: momentum is a powerful thing. It seems the snowball is gaining speed and growing by the minute, and soon those who aren't activating their .brand TLD will truly be in the minority and risk being left behind. I for one can't wait to see what the rest of the month holds. Written by Tony Kirsch, Head of Professional Services at NeustarFollow CircleID on TwitterMore under: Domain Names, Intellectual Property, Top-Level Domains [...]

FCC Approves Google's Project Loon Balloons for Puerto Rico and the Virgin Islands


Project Loon balloons travel approximately 20 km above the Earth's surface in the stratosphere, well above airplanes, wildlife, and weather events. (Source: X Development) The FCC has granted Alphabet's Project Loon an experimental license to operate in Puerto Rico and the US Virgin Islands for the purpose of helping the islands regain Internet connectivity. According to the license, "[t]he purpose of the STA is to support licensed mobile carriers' restoration of limited communications capability in areas of Puerto Rico and the United States Virgin Islands (MTA025) affected by Hurricanes Irma and Maria." The special temporary licence is eligible between October 6, 2017, and April 4, 2018. Percent Cell Sites Out-of-Service By CountyPuerto Rico, 10/8/2017 - FCCAccording to the latest FCC report, 81.7% (virtually no change from 81.9% yesterday) of cell sites are out of service in Puerto Rico. "All counties in Puerto Rico, except Bayamon, Catano, Carolina, Guaynabo, San Juan, and Toa Baja, have greater than 75% of their cell sites out of service. 22 (same as yesterday) out of the 78 counties in Puerto Rico have 100% of their cell sites out of service. Wireless communications providers are deploying to Puerto Rico Cell Sites on Wheels and Cell Sites on Light Trucks." Follow CircleID on TwitterMore under: Access Providers, Mobile Internet, Telecom, Wireless [...]

EU Privacy Case Could Backfire, Turn EU into Data Island, Say Experts


Experts fear European Union court case attempting to keep personal data private could backfire and prove damaging to Europe. Joe Uchill reporting in The Hill writes: "Irish courts referred the latest chapter of a longstanding legal challenge between activist Max Schrems and Facebook to the European Union courts. At issue are 'model' contractual clauses Facebook uses that are supposed to replicate the protection EU citizens have within Europe. Without model clauses, it is typically illegal to store EU citizen's data outside of Europe. Schrems argues that U.S. surveillance operations make it impossible for the model clauses..."

Follow CircleID on Twitter

More under: Data Center, Law, Policy & Regulation, Privacy

"Keep Those Eyebrows Up!" - Cybersecurity at the Global Women's Forum


News of cyberattacks is slowly becoming a new normal. We are still at a stage where high-profile cases, like the recent attack against the American credit reporting company Equifax, in which 145.5 million users had their personal information compromised, raise eyebrows. But we need those eyebrows to stay up because we should never accept cyber threats as the new normal. This week in Paris, hundreds of leaders met at the Women's Forum to discuss some of the key issues that will shape the future of a world in transition, including cybersecurity. But this topic is not just a concern for the experts — it's a concern to all men and women leading any business today. New risks on the horizon A recent report by the Internet Society, "Paths to Our Digital Future", points out that now is a big moment for the Internet. The revolution we already see could accelerate in the coming years, not only due to the increasing digitalization of services and businesses, but also through the expansion of objects being connected to the Internet — the Internet of Things (IoT). By 2020 more than 20 billion "things" could be connected. Suddenly it's not only your computer but also your toaster or car that's online! The convergence of the physical and the digital world promises a whole range of opportunities on the horizon. But in the interconnected communities we live in, cybersecurity becomes increasingly about personal and societal security. Organisations are only as secure as their weakest link What this means is that security needs to be everyone's concern in the management chain. For leaders, cybersecurity must become a strategic priority. Business executives need to ensure that their organisations have the capacity and skills to address online threats — a challenge in itself due to the current deficit of qualified professionals. In fact, some estimates point towards a global shortage of 2 million cybersecurity professionals by 2019, with a stronger gender divide than in any other industry. Security is not a concern that can be delegated to experts either, hoping that all will be fine. Today there is a psychological barrier among many non-experts who believe that security is something that their IT department is solely responsible for. This narrow view misses the point that cybersecurity is dependent on a variety of actors — including individuals. The majority of cyber incidents are actually due to human error, through social engineering attacks such as email phishing to an employee, or even the accidental disclosure of private data. This means that basic security practices must be understood by non-experts as well. Shaping a trustworthy Internet ecosystem The ecosystem also needs to offer incentives for good behavior. Take the example of data breaches. While they are a risk to both companies and customers, the risks do not align. As we showed in our 2016 Global Internet Report, the organisations that handle customer data may be at reputational or legal risk to a data breach, but they are not likely to bear the same level of costs as the customers or users who may have their data lost or stolen in a breach. This means we have to shape the ecosystem to better align the risks among users, manufacturers and service providers. While there are several ways to do this, such as clarifying liability laws, a key way is through better security signaling: recognizable, trusted methods for signaling levels of security so that consumers can factor it into their buying habits. Everyone has a role to play to shape a trustworthy Internet. To secure data and online devices through their lifetimes, The Interne[...]

Software Has Already Eaten Telecoms (It Just Has Indigestion)


The unconscious and near-universal belief is that packet networks are a telecoms service, and one that constructs an 'additive' resource called 'bandwidth'. This is demonstrably technically false. They deliver distributed computing services, as they calculate how to divide up an underlying telecoms transmission resource. The ubiquitous error is a failure to recognise that the hardware platform has already been devoured by the software industry. Computer science is now the core of communications, not the underlying transmission mechanisms. The result of this error is an inappropriate focus on packet forwarding ahead of packet scheduling. This, in turn, causes much of the latent value of that physical transmission resource to be lost. The potential returns from the capital assets of the telecoms industry are far higher than what is presently being delivered. * * * The historical model of telecoms The basic model of telecoms is rooted in building physical plant: "holes and poles" that traverse the landscape. It involves getting out there in difficult terrain and inclement weather, and doing archetypally butch and manly things. This physical plant is then festooned with technical mechanisms, from Morse code keys to pulsed lasers. These have generally been produced by the endeavours of yet more men (with some notable exceptions), who get praised for their masculine inventiveness. Grand prizes and accolades have been handed out by the hundreds to people who could capture and control the power of electromagnetism. The operational role of dividing up the transmission resource, such as with switchboard operators, was seen as rather girly, and was dominated by women when done physically. Even today, incoming demand for conversations is given mainly to female-dominated call centre and receptionist work, which is typically low-paid. The final act of consuming the resource required humans to invest their time in direct proportion to the number of bits demanded, be it telegraphy or telephony. The packet data era arrives We soon moved from humans listening to the telephone earpiece to computers, who have far more patience and can be made in factories. Whereas the network previously only had to support your chatty auntie, it now had to support hordes of replicant processors, capable of gluttonously devouring unlimited data. The bursty nature of computer data meant the circuit resource sharing model had to change in order to be sustainable. When we wrapped circuits with packets, we moved from fixed time slots to variable delay (and the potential for packet loss). In turn, this created variability to be managed in a distributed system at short timescales, where there had previously been none. Because nobody really wants to have their information lost or delayed, the values and the rewards remained as they were. Customers seemed to be happiest when you forwarded all packets as fast as possible. The internal rewards were all configured to give social status and financial benefit to anyone who manufactured more packet "bandwidth". The work ethic run amok An accident of timing and transition meant that this belief their job to be done was "bandwidth" was reinforced. The arrival of broadband coincided with great innovations in applications, notably the Web, which created a surge in demand as part of a virtuous cycle. It also coincided with the arrival of fibre optics and resource sharing using light frequencies, providing a corresponding leap in supply. This flood of capacity meant it was temporarily possible to use idleness to manage quality, masking the underlying protocol scaling pr[...]

Virgina Governor Announces Facebook Investing $1 Billion for New Data Center in Henrico County


(image) Rendering of the Facebook data center to be build in Henrico County

Virgia governor Terry McAuliffe today announced Facebook will spend $750 million to establish a 970,000-square-foot data center in the White Oak Technology Park in Henrico County. In addition, "hundreds of millions of additional dollars will be invested in the construction of multiple solar facilities in the Commonwealth to service Facebook's Henrico Data Center with 100 percent renewable energy." The compnay is the latest tech giant to use its leverage to increase solar power in Virginia — virtually non-existent a few years ago. Amazon and Microsoft also signed deals in Virginia reliant on new solar construction. Facebook currenlty has data centers in Oregon, North Carolina and Iowa. New centers in Fort Worth, Texas; Los Lunas, New Mexico; and New Albany, Ohio are under construction.

Follow CircleID on Twitter

More under: Data Center

Cyberattacks Against Abortion Clinics on the Rise


Over the past few years, cyberattacks and internet harassment have escalated against abortion clinics intended to disrupt services, intimidate providers and patients. Rebecca Grant reports on the "The Disturbing Rise of Cyberattacks Against Abortion Clinics," published in the Wired today: "While hate speech and online harassment have long plagued abortion providers — including over 42,500 incidents of hate speech in 2016 alone, according to the National Abortion Federation — actual hacking represents a serious escalation. Even organizations like Planned Parenthood, which have significant resources and manpower, struggle to prevent attacks from a loosely organized but determined group of 'hacktivists' and extremists. ... anti-abortion groups have used tactics like this since the early days of the internet, but the vulnerability landscape has broadened and diversified."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime

'Beyond the Scope' of the UDRP


Not all domain name disputes are appropriate for resolution under the Uniform Domain Name Dispute Resolution Policy (UDRP). While the UDRP is clearly the "go-to" legal tool for trademark owners pursuing cybersquatters, some disputes are about larger — or different — issues than the UDRP was designed to address. As stated in WIPO's Overview: Depending on the facts and circumstances of a particular case, and irrespective of whether the parties may also be engaged in court litigation, in some instances (e.g., complex business or contractual disputes) panels have tended to deny the case not on the UDRP merits but on the narrow grounds that the dispute between the parties exceeds the relatively limited "cybersquatting" scope of the UDRP, and would be more appropriately addressed by a court of competent jurisdiction. 'Contractual and Trademark Dispute' A UDRP panel addressed this exact issue in a dispute over the domain name . The UDRP complaint was filed by the owner of the trademark TONINO LAMBORGHINI "in numerous countries all over the world" for use in connection with, among other things, cell phones, according to the decision. The respondent in the case claimed, "that he is an official dealer of the Complainant through an authorization letter from the Complainant's licensee." While the panel had no problem finding the disputed domain name confusingly similar to the TONINO LAMBORGHINI trademark (the first element of the UDRP), the panel had concerns about even addressing the second and third elements of the UDRP (that is, whether the registrant had rights or legitimate interests in the domain name; and whether the registrant registered and used the domain name in bad faith). As a result, the panel wrote: The Panel notes that this dispute seems to be part of a contractual and trademark dispute that is outside the scope of the Policy. In this case, it is not clear whether or not the Respondent was an authorized agent of the Complainant or of a licensee of the Complainant when it registered the disputed domain name in 2015. The Respondent has submitted several contract and authorization letters which do not clarify this. It is beyond the scope of the Policy to interpret agreements between the Parties or to determine whether they have breached the Complainant's trademark. Therefore, the panel dismissed the complaint, allowing the registrant to retain the domain name. Complex Facts, Breaches of Contract, and Business Relationships The conclusion in the LAMBORGHINI case — that the dispute was "beyond the scope" or "outside the scope" of the UDRP — has appeared repeatedly in UDRP decisions through the years. For example: A very early UDRP decision raised interesting issues, including a discussion about two criminal cases in Estonia related to a possible unlawful transfer of the disputed domain name . "Under these proceedings the complete correct facts can probably not be proved," the panel wrote, also noting that it "cannot know on this record the full extent of the relationship between the parties." Thus, the panel allowed the registrant to keep the domain name because the "case is much more complex, factual and judicial than the domain name disputes suitably solved under the Policy." In another early UDRP decision, involving the domain name , the respondent was actually a co-founder of the company that filed the UDRP complaint and purchased the domain name "on the Complainan[...]