Subscribe: CircleID
Preview: CircleID


Latest posts on CircleID

Updated: 2017-06-22T12:37:00-08:00


Cisco Introduces Intent-Based Network That Can Learn, Adapt and Mitigate Threats



Cisco has launched an intent-based networking solution designed to be intuitive and adapt; a new approach claimed to be one of the most significant breakthroughs in enterprise networking. "This new network is the result of years of research and development by Cisco to reinvent networking for an age where network engineers managing hundreds of devices today will be expected to manage 1 million by 2020. ... Today companies are managing their networks through traditional IT processes that are not sustainable in this new age. Cisco's approach creates an intuitive system that constantly learns, adapts, automates and protects, to optimize network operations and defend against today's evolving threat landscape."

This approach is believed to change the fundamental blueprint for networking, says Cisco: "The intuitive network is an intelligent, highly secure platform — powered by intent and informed by context."

Intent: "Intent-based networking allows IT to move from tedious traditional processes to automating intent, making it possible to manage millions of devices in minutes — a crucial development to help organizations navigate today's ever expanding technology landscape."

Context: "Interpreting data in context is what enables the network to provide new insights. It's not just the data that's important, it's the context that surrounds it — the who, what, when, where and how. The intuitive network interprets all of this, resulting in better security, more customized experiences and faster operations."

Intuition:” The new network provides machine-learning at scale. Cisco is using the vast data that flows through its networks around the world, with machine learning built in, and unleashing that data to provide actionable, predictive insights."

Follow CircleID on Twitter

More under: Cybersecurity, Networks

How to Dispute a Third-Level 'Country-Code' .com Domain Name (Such as


Shortly after I recently wrote about WIPO's new role as a domain name dispute provider for the .eu ccTLD, the Forum published its first decision on another type of "eu" domain name: The decision involved the domain name What makes this case interesting is that it represents one of the few .com domain name disputes that includes a country-code in the second-level portion of the domain name. To be clear, the .com top-level domain is subject to the UDRP — which means that domain names in the second level (such as "example" in can be disputed under the UDRP. But, historically, third-level .com domains (such as "three" in have been considered outside the scope of the UDRP. CentralNic Dispute Resolution Policy Despite this, the registrants of a handful of second-level domain names that correspond to country codes have adopted domain name dispute policies for third-level domain names. Most of these second-level domain names are controlled by CentralNic, a registry operator: Third-level domain names registered within these second-level domains are subject to the CentralNic Dispute Resolution Policy ("CDRP"). In addition, the operator of the domain name has adopted the UDRP for third-level domain names. CDRP v. UDRP The CDRP is very similar, but not identical, to the UDRP. Here are a few key differences: The CDRP defines a "domain name" as "any domain name registered under a sub-domain provided by CentralNic," while the UDRP applies to second-level domains within those top-level domains that have adopted the UDRP (such as .com, .net, .org and all of the new gTLDS). The CDRP requires a trademark owner to participate in a 10-day free CentralNic mediation process before filing a CDRP complaint. The UDRP contains no such mediation process. The third element of the CDRP requires only that a trademark owner prove that the domain name "should be considered as having been registered or being used in bad faith" (emphasis added), but the UDRP requires a trademark owner to prove both registration and use in bad faith. The Forum (formerly the National Arbitration Forum) is the only CDRP-approved dispute resolution provider and has handled about a dozen CDRP cases since 2015. But the case was the first one involving the "eu" second-level domain. The Decision The panel in the case apparently found the dispute straightforward, writing that "Complainant's NIKE trademark is well-known and registered in many countries throughout the world" and noting that "Respondent uses the domain name to perpetrate a phishing scheme whereby website visitors, who may also be Complainant's customers, are deceived into revealing proprietary personal data such as email addresses and account passwords." As a result, the panel ordered the domain name transferred to Nike, Inc. A Reminder for Trademark Owners While there's nothing novel in the decision, the case is an important reminder that some third-level domain names within .com (and also .net and .org — as the list above shows) are subject to a very useful dispute policy. Trademark owners should consider these policies if a dispute arises. Written by Doug Isenberg, Attorney & Founder of The GigaLaw FirmFollow CircleID on TwitterMore under: Cybersquatting, Domain Names, Top-Level Domains, UDRP [...]

Three Reasons Why Broadband Is So Unreliable


We all take the predictability and reliability of other utilities for granted. So why is broadband such a frustrating exception? Why do our Skype calls fail mid-way? What makes Netflix buffer like crazy? How come our gaming sessions are so laggy? No real experience intention Imagine if the design of your electrical supply was optimised to apply the biggest possible voltage and current to anything that was plugged in. That would clearly be ridiculous! Imagine if the design of your kitchen tap was optimised to deliver as much water as possible at the highest possible pressure the moment you turned it on. That would clearly be ridiculous! Imagine if the design of your gas cooker was optimised to burn everything to a crisp as fast as possible in a white hot inferno. That would clearly be ridiculous! So, why have we optimised broadband to deliver as much bandwidth as possible? That's clearly ridiculous! In order to work, applications need enough packets to arrive "fresh" enough. In other words, they are sensitive to quality, and need a sufficient quantity of good enough quality. Instead, we've aimed to deliver a maximum quantity with an undefined quality. This is disconnected from what the user values, unlike all the other utilities. There is no specific experience intention, merely a "you get what you get". Missing engineering specification With a domestic AC power supply, we primarily define its quality through having a stable voltage and frequency. With gas we have a regulated composition and energy content. With water, it has to be potable and delivered under sufficient pressure. So what's the specification for the quality of broadband? It is, and please don't laugh too hard, purely accidental. Yup, the quality of all current ISPs is an emergent property of random processes. Whilst it may be a stable and managed property, it is (unlike all those other utilities) not engineered to a specification with a known safety margin. The quality of your broadband can and will suddenly shift (under load) in ways your ISP has effectively no control over. Some genius came up with the PR term of "best effort" to describe "out of control" and "not engineered". Inappropriate operational mechanisms With power, gas and water we understand that there are switches, valves and taps to regulate flow. With networks we have buffers. And we've chosen the wrong kind. Absolutely everywhere. Honest! In every network you are likely to encounter, the default policy is to send as many packets as quickly as possible. After all, we wouldn't want any expensive data link to become sinfully idle, would we? We want a network that is busy, busy, busy! Regrettably, this is a really dumb thing to do. Other industries figured this out decades ago with their 'lean' revolutions. More work in progress and busyness is not the same as delivering value. What is happening is that we are sending packets into networks faster than downstream data links can process them. The excess "work" we do can only have one effect: those packets get in the way of other data being delivered, without creating any value. So we have optimised our networks for instability and overload, not for smooth flow of packets within the inherent limits of the system. This architecture error (called "work conservation") is ubiquitous. The core (and mistaken) industry belief that the job of the network is to create as much "bandwidth" as possible by delivering as many packets as fast as possible. It doesn't matter whether it is cable, cellular, DSL, fibre or any other bearer: everyone is selling on bandwidth with unpredictable quality. This is not the same as delivering a predictable user experience. Whoever first switches to an outcome-centric and engineered performance model may well revolutionise the broadband industry. Written by Martin Geddes, Founder, Martin Geddes Consulting LtdFollow CircleID on TwitterMore under: Access Providers, Broadband [...]

Honda Halts Domestic Car Production Plant Due to WannaCry Virus in Computer Network


Production at a Honda domestic vehicle plant was halted for a day this week as a result of the discovery of WannaCry ransomware in the computer network, the company reports. Reported today in Reuters: "The automaker shut production on Monday at its Sayama plant, northwest of Tokyo, which produces models including the Accord sedan, Odyssey Minivan and Step Wagon compact multipurpose vehicle and has a daily output of around 1,000 vehicles. Honda discovered on Sunday that the virus had affected networks across Japan, North America, Europe, China and other regions ... despite efforts to secure its systems in mid-May."

Follow CircleID on Twitter

More under: Cyberattack

Cloud Computing and Digital Divide 2.0


Internet connectivity is the great enabler of the 21st century global economy. Studies worldwide unequivocally link increases in Internet penetration rates and expansion of Internet infrastructure to improved education, employment rates, and overall GDP development. Over the next decade, the Internet will reinvent itself yet again in ways we can only imagine today, and cloud computing will be the primary operating platform of this revolution. But not for everyone. Worldwide, the estimated Internet penetration rate ranges between 44% and 50%, much of which is through less productive mobile devices than desktop workstations. Overall, Internet penetration rates in developed countries stand at over twice that of underdeveloped economies. For many, high-quality Internet services are simply cost-prohibitive. Low-quality infrastructure and devices, unreliable connectivity, and low data rates relegate millions to a global online underclass that lack the resources and skills necessary to more fully participate in the global economy. First recognized as early as the 1990s, these persistent quantitative inequities in overall availability, usability, etc., demarcate a world of Internet "haves" and "have not's" known commonly as the "Digital Divide". In the decade to come, cloud computing and computational capacity and storage as a service will transform the global economy in ways more substantial than the initial Internet revolution. Public data will become its own public resource that will drive smart cities, improve business processes, and enable innovation across multiple sectors. As the instrumented, data-driven world gathers momentum, well-postured economies will begin to make qualitative leaps ahead of others, creating an even greater chasm between the haves and have not's that we will call Digital Divide 2.0. At one end of the chasm are modern information-driven economies that will exploit the foundational technologies of the initial Internet revolution to propel their economies forward as never before. In particular, cloud technologies will unleash new capabilities to innovate, collaborate and manage complex data sets that will facilitate start-ups, create new jobs, and improve public governance. Meanwhile, many in the developing world will continue to struggle with the quantitative inequities of the first Digital Divide. Developing economies will very likely continue to make some progress; however, their inability to rapidly bridge the Internet capacity gap will inhibit them from fully participating in the emerging, instrumented economies of the developed world. Failing to keep pace, these economies will continue to face the perennial problems of lack of investment, lack of transparency within public institutions, and a persistent departure of talent to more developed economies. In the early 1990s, there was much sloganeering — and some real public policy—in the United States regarding the development of "information superhighways" that would connect schools and libraries nationwide. Information sharing across educational institutions provided the critical mass for launching today's emerging information economy. However, implementation was uneven, and since that time there remain winners and losers, both nationally and globally. As cloud computing emerges as the principal operating platform for the next-generation information economy, we are again challenged by many of the same questions from two decades ago: who will benefit most from the upcoming revolution? Will progress be limited solely to wealthy urban and suburban centers, already hard-wired with the necessary high-capacity infrastructure, and flush with raw, university-educated talent? Will poorer and rural economies be left to fall that much further behind? Not necessarily. Industry experts and economists worldwide broadly recognize the tremendous latent economic value of cloud. Clever public-private partnerships in cloud adoption [...]

Bloomberg: Pricing of New TLDs Seem "Kind of Random", Sector in "Flux"


"What does it mean that a web address ending in .pizza costs more than one ending in .beer? Or that .bar costs more than .academy?" Bloomberg's Economic Editor, Peter Coy, suggests that the new Top-Level Domain pricing seen in the market today appears to represent a big pricing experiment in a sector of the economy "that's in flux". So why the various TLDs vary so much in price? Coy writes: "One reason seems to be that the market is young, and both buyers and sellers are trying to feel their way toward what’s good value for the money. Entrepreneurs that spent a lot of money for top-level domain names may try to price higher to recoup their costs, which can be tricky because customers don’t really care about their suppliers’ costs."

Follow CircleID on Twitter

More under: Domain Names, Top-Level Domains

Trump's Cuba Policy and Its Impact on the Cuban Internet


President Trump showing a signed executive order on Cuba policy, Fri, 16 Jun 2017 in MiamiOverall, I don't see anything in Trump's policy that will directly impact the Cuban Internet, but it will have an indirect impact by delaying the eventual rapprochement between the US and Cuba. On June 12th, I speculated on Trump's forthcoming Cuba policy and its impact on the Internet. He outlined his policy in a June 16th speech (transcript) and the Treasury Department published a FAQ on forthcoming regulation changes. It looks like my (safe) predictions were accurate. I predicted he would attack President Obama, brag about what he had done, make relatively minor changes that would not upset businesses like cruise lines, airlines, and telecommunication and hotel companies. I also said he would criticize Cuban human rights, while hypocritically ignoring the issue in other countries. For example, he slammed President Obama and bragged that "I am canceling the last administration's completely one-sided deal with Cuba." This does not come close to passing a fact-check. He said he was going to restrict people-to-people travel and stop people from doing business with companies owned by the Cuban Military, but that is far from canceling President Obama's "deal," which included little things like establishing diplomatic relations, reducing constraints on remittances, dropping the wet-foot, dry-foot policy, allowing US companies to do business with self-employed Cubans, allowing US companies to sell telecommunication equipment and services in Cuba, taking Cuba off the list of state-sponsors of terrorism, etc. You get the idea — he canceled none of this. His statements on Cuban human rights are either 100% hypocritical, or he has changed his mind since his speech in Saudi Arabia last month. At that time, he promised that "America will not seek to impose our way of life on others but to outstretch our hands in the spirit of cooperation and trust." If he really has changed his live-and-let-live human-rights policy, we can expect a spate of new sanctions, from Manila to Moscow. I had one surprise — his singling out hotels and other businesses operated by the military-run conglomerate, Grupo de Administración Empresarial S.A. (GAESA). Officials say existing hotel deals will not be effected, but the detailed regulations have not yet been released. This change will cut Cuban worker's jobs and GAESA's profit, but I guess the ban is good news for AirBnB and any future Trump hotel or resort in Cuba. How about changes affecting the Cuban Internet? I read the Fact Sheet on Cuba Policy, looking for changes that would affect the Internet, and did not find much. The first "key policy change" is "allowing American individuals and entities to develop economic ties to the private, small business sector in Cuba." Someone should let him know that President Obama made such changes some time ago, for example in allowing software imports from the private sector. In fact, someone should read him President Obama's 2009 Fact Sheet – Reaching out to the Cuban people. That document introduced many changes which enhance the ability of Cuban private, small businesses to "develop ties to the US," for example by authorizing "greater telecommunications links with Cuba to advance people-to-people interaction at no cost to the U.S. government." The fact sheet lists seven concrete telecommunication policy changes, none of which were "canceled" by Trump. He has canceled none of President Obama's changes to encourage private Cuban business and added nothing new himself. One change he did make is stopping "self-directed, individual travel" to Cuba. That will force would-be tourists to join fake groups and fake their travel reports or go to Aruba instead of Cuba, but it will not slow the deployment of Chinese telecommunication infrastructure. I hope Trump's policy will no[...]

New Standard for Reverse Domain Name Hijacking


Uniform Domain-Name Dispute-Resolution Policy (UDRP) Rule 1 defines Reverse Domain Name Hijacking (RDNH) as "using the Policy in bad faith to attempt to deprive a registered domain name holder of a domain name" (further defined in Rule 15(c)). There has been a mixed history in granting and denying this remedy for overreaching rights. Some Panels consider RDNH regardless whether it has been requested (even if respondent defaults in responding to the complaint); others will only consider the issue if requested. There are also variant views on the burden of proof. Some panelists simply ignore the request even though dismissing the complaint. In Impossible BV v. Joel Runyon, Impossible Ventures, D2016-0506 (WIPO May 22, 2016) () the majority denied RDNH over the objection of the third-member: I am conscious that the Panel majority do not regard the issue of RDNH as being of any great relevance in the context of this dispute. I fundamentally disagree. The reasons for this fundamental disagreement (from one of the veteran panelists) are interesting and I'll come back to them further below. In the recently released WIPO Overview 3.0 the editors now acknowledge that "following some early cases to the contrary, panels have more recently clarified that, for an RDNH finding to be made, it is not necessary for a respondent to seek an RDNH finding or prove the presence of conduct constituting RDNH" (Paragraph 4.16). It would appear from this that the standard has tightened in favor of RDNH although there continue to be baffling examples, as noted by Andrew Allemann in Domain Name Wire: "I can't believe it's not RDNH:" referring to Entertainment Technology Investments, Inc. d/b/a Gloo, LLC v. Contact Privacy Inc. Customer 011945202 / K Blacklock, D2017-0606 (WIPO May 31, 2017). The surprise in this case of not finding RDNH is that the registration of predated the mark by many years. (The Panel didn't even bother to explain itself!) Granting standing to complainants whose trademarks were not distinctive at the time of the domain name registration is now been woven into the fabric, but it should be a de rigour finding that overreaching mark owners be slapped with sanctions. The one constant of marks not distinctive at the time of domain name registration is that by definition the registrations could not have been in bad faith regardless how subsequently they may have been used. There should be a rule (memorialized in the UDRP Rules or accepted by consensus) that complainants of this stripe be marked with an "A" (abusive) for commencing the proceeding. See also EBSCO Industries, Inc. v. WebMagic Staff / WebMagic Ventures, LLC., FA1703001722095 (. RDNH requested and granted); Platterz Inc. v. Andrew Melcher, FA1705001729887 (Forum June 19, 2017) (. RDNH requested and granted). The only reason for granting standing it to give complainants the opportunity to prove common law rights predating registration of the domain name. WIPO Overview 3.0 points out "NB, parties may be aware that unlike in the UDRP system, certain national courts may (where invoked) impose monetary penalties (including punitive damages) where the equivalent of RDNH is found" (Paragraph 4.16). While domain name holders have prevailed in district court in direct cases under the Anticybersquatting Consumer Protection Act (ACPA) up to now there have been no cases in which they have commenced an action for damages after winning RDNH. (There are cases in which domain holders lost in UDRPs and prevailed in ACPA actions). There is now a case in which a prevailing Respondent with RDNH in hand has filed an action under the ACPA for $75,000, CORPORACION EMPRESARIAL ALTRA S.L. v. Development Services, Telepathy, Inc., D2017-0178 (WIPO May 15, 2017) (). See here for copy of[...]

Data on Nearly 200 Million Potential Voters in U.S. Found Fully Exposed


According to reports released today, databases containing information on close to 200 million potential U.S. voters were found unsecured and exposed to the Internet, allowing anyone to download it without a password. The data analytics contractor Deep Root Analytics employed by the Republican National Committee (RNC) has taken full responsibility for the situation. Joe Uchill reporting in The Hill: "The databases were part of 25 terabytes of files contained in an Amazon cloud account that could be browsed without logging in. The account was discovered by researcher Chris Vickery of the security firm UpGuard. The files have since been secured. ... 'In terms of the disc space used, this is the biggest exposure I've found. In terms of the scope and depth, this is the biggest one I've found,' said Vickery."

Follow CircleID on Twitter

More under: Cybersecurity

Overview of the Global Domain Market, Afnic Study



Internet Governance for Sustainability


Sustainability is a difficult term to avoid these days. With that in mind, it's somewhat surprising that last week's European Dialogue on Internet Governance (EuroDIG), now in its tenth year, featured one of its first workshops looking at the subject. But while the workshop focused on issues of energy usage and e-waste, the concept of sustainability raises some much broader and likely difficult questions for the Internet governance community. The one thing that is abundantly clear after two days of workshops and sessions at EuroDIG is that "Internet governance" is hard to pin down — in one session you'll be talking social policies for employment, in another, international trade arrangements, another will delve into industrial and manufacturing policy, while in the next room you'll find a multistakeholder discussion on law enforcement practices. This is a natural reflection of the fact that the Internet has effectively infiltrated all spheres of human activity. But what then is Internet governance? Practically, these kinds of Internet governance events are about sharing and consolidating knowledge and information — everyone comes away better informed and more able to contribute in venues where policymaking actually takes place (whether it's national government, international standards organisations or elsewhere). But as participants share information across such diverse range of topics, we also see the emergence of a broader consensus on themes, approaches or priorities — not solid policy outcomes or even recommendations, but rather approaches for governance relating to the Internet. And sometimes it can be about changing dominant paradigms. When we think about the Internet, we think of growth. More than perhaps any other area of human activity, the Internet has been defined by growth, graph lines racing "up and to the right" as we marvel at the speed with which the Internet has developed, spread and transformed our societies. Internet governance has reflected this — one of the primary motivations for the initial World Summit on the Information Society (WSIS) discussions was that the Internet grows so quickly and dynamically that new processes and structures were needed for its governance. That growth is also an underlying premise of the Internet governance community's focus on "development", an effort to address the inescapable fact that despite the rate of growth, the benefits of Internet access have not been evenly spread. "IG4D" (Internet governance for development), prioritising efforts to steer growth and development towards under-served populations, has been one of IGF community's most important contributions to the global Internet governance discussion. Looking at Internet governance in this way, and reflecting on the EuroDIG session on e-waste, I wonder if it's time to consider a new paradigm, parallel, but separate to the idea of development: Internet governance for sustainability. At the mention of sustainability, people immediately think of issues like e-waste, Internet energy consumption and environmental impact. But an Internet governance sustainability paradigm could (and must) go beyond these relatively straightforward environmental concerns to larger questions of how we can ensure the continued viability of the Internet and its benefits, based on finite resources. In doing so, it would inevitably raise deeper questions about the limits of "growth" in the Internet context. Is our current approach to the Internet and its governance sustainable? A model that focuses on growth may not immediately appear unsustainable, but even based on the discussions at EuroDIG last week, I think there are some troubling indicators visible in the current trends. Consider just two: In discussions on the Internet of Th[...]

Questions About Cuba's 3G Mobile Expansion


ETECSA, Cuba's telecom provider and sole operator of fixed telephony, mobile, and data in the country, is rolling out 3G mobile service in Havana and elsewhere in the country. Telegeography reports there are now 229 3G base stations in Cuba. Where and how extensive is the coverage? ETECSA says 3G coverage is available in all of Havana, provincial capitals and tourist resorts. AT&T says there is GSM/GPRS coverage for 85% of national territory. Here is a crowdsourced 3G coverage map of Cuba as of February 17, 2017: Strong signal: received signal strength indicator (RSSI) > -85dB, Weak: RSSI < -99dB Again, this is a crowd-sourced map, so it represents a lower bound on coverage, but it paints an unsurprising picture of 3G deployment — near a backbone and strongest in cities. Who has access to the 3G network and what can they access? Google Fi service was available earlier this year.Tourists and foreign business travelers have had expensive Internet access while roaming in Cuba for some time. For example, AT&T and T-Mobile charge $2 per megabyte. Recently Digicel recently announced much lower cost roaming on a "dedicated tourist-only 3G mobile network," which sounds like the network described by ETECSA above. They charge between 17 and 25 cents per megabyte, depending on the size of the prepaid order. The best deal of all was fleetingly offered by Google on their Fi mobile service. Earlier this year, users reported that Google was treating roaming data the same as domestic data — $10 per gigabyte. Unfortunately, that capability has been turned off, but it may be a hint of things to come. But which Cubans — other than Raúl Castro — have 3G access? I have been told that some people have 3G access because of their work, but have no confirmation of that. I've also been told that some hackers have been able to get 3G access, but, again, have no confirmation. Assuming that some Cubans have access to the 3G network, are they able to see the global Internet or are they restricted to services offered on the national network? (I bet Raúl has international access). How about speed? Source: Carpe DiemArmando Camacho ran a number of 3G speed tests in Havana (near the corner of Patrocinio and 10 de Octubre) and observed ping time to a server in Miami as ranging from 91 to 127 milliseconds, upload speed from .48 to 1.58 Mbps and download speed from .85 to 10.42 Mbps. He observed considerable speed variance, suggesting that others were sharing the same radio or backhaul resources. What is the interim plan for 3G access? Today the 3G network serves tourists, foreign business people, and perhaps some Cubans at work or in government. ETECSA may be planning to extend the service to subscribers as a much-needed supplement to their current public-access centers. I don't know what their plans are, but more 3G will require more fiber and microwave connectivity for backhaul. Only ETECSA knows what they are installing today. They may also be planning to extend 3G mobile to rural areas. In April, the Ministry of Agriculture announced plans to bring Internet connectivity and other computer services to rural areas beginning in Granma, Ciego de Ávila and Isla de la Juventud. Will 3G be part of this promised rural coverage? Again, backhaul would have to be provided. What is the long-run mobile plan? Regardless of the short-run, 3G technology is only an interim step. Since Cuba has so little legacy infrastructure, they are in a position to leapfrog today's 4G technology and plan for 5G mobile connectivity. If that is the case, they should be investing in fiber for backhaul in places that microwave can serve today — long, microwave "daisy chains" will not have the speed or capacity fo[...]

Chinese Scientists Have Built First Quantum Network With No Danger of Being Decrypted


(image) The 600-kilogram payload now onboard the Chinese satellite that is producing pairs of quantum entangled photons. Image source: Xinhua

A paper published by researchers from the Chinese Academy of Sciences, reports a successful demonstration of satellite-based entanglement distribution to receiver stations separated by more than 1200 km — the results illustrate the possibility of a future global quantum communication network. Ian Sample, Science editor of The Guardian, writes: "Researchers believe that by linking particles together in this way, encrypted information could be sent from place to place across a quantum network with no danger of it being decrypted and read by others, as can be done on the existing internet. ... The work obliterates the previous world record for sending pairs of photons that are connected to one another by a strange rule of quantum physics first spotted by Einstein. Until now, the farthest researchers had ever sent entangled photons stood at a mere 65 miles."

Follow CircleID on Twitter

More under: Broadband, Cybersecurity, Telecom

North Korea's Spy Agency Behind WannaCry


According to a report from The Washington Post, the NSA has linked the North Korean government to the creation of the WannaCry ransomeware that resulted in affecting over 300,000 people in almost 150 countries last month. "The assessment [...] is based on an analysis of tactics, techniques and targets that point with 'moderate confidence' to North Korea's spy agency… WannaCry was apparently an attempt to raise revenue for the regime, but analysts said the effort was flawed. Though the hackers raised $140,000 in bitcoin, a form of digital currency, so far they have not cashed it in, the analysts said."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime

Trademark Owner Loses Two Domain Name Disputes - On Same Domain Name


I've said many times that winning a domain name dispute under the Uniform Rapid Suspension System (URS) is much more challenging than under the Uniform Domain Name Dispute Resolution Policy (UDRP). But, that doesn't mean trademark owners should take the UDRP for granted. One complainant learned that lesson an especially hard way — first by losing a URS determination and then by losing a UDRP decision on the same domain name. The complainant, Bloomberg Finance, is the owner of the well-known Bloomberg trademark and has significant experience in filing (and even winning) both UDRP and URS cases (about 170 of them) through the years. Many of the cases involve variations of its Bloomberg trademark, and, increasingly, the company has filed complaints involving new top-level domain names, such as, and But Bloomberg lost a URS determination for on March 15, 2017, and then a UDRP decision for on June 8, 2017. To be clear, there's nothing wrong with filing a UDRP complaint after filing a URS complaint on the same domain name. Indeed, the URS states that a "URS Determination shall not preclude any other remedies available to the appellant, such as UDRP (if appellant is the Complainant)." This rule makes it possible, as I've written before, for a trademark owner to use the URS as a sort of preliminary injunction, getting a domain name suspended quickly and then later transferred under the UDRP. Unfortunately for Bloomberg, however, neither the URS nor the UDRP was helpful for the domain name A review of the decisions raises questions about whether the domain name was really appropriate for a legal dispute and, if so, whether Bloomberg made its strongest possible arguments. What the URS and UDRP Decisions Said First, in the URS determination, the examiner wrote that Bloomberg's complaint was "devoid of any allegations or proof of facts tending to show, even prima facie, either that Respondent has no right to or legitimate interest in the domain name, or that the domain name was registered and is being used by Respondent in bad faith." As a result, the examiner refused to suspend the domain name. Undeterred, Bloomberg then filed a UDRP complaint for the same domain, apparently hoping that the UDRP's lower burden of proof (and perhaps the UDRP's more generous filing guidelines) would result in a better outcome. However, the UDRP panel found numerous faults in Bloomberg's case, calling an exhibit in the complaint on trademark rights "poorly presented" and containing "inadequate proof of registered trademark rights." But Bloomberg's fatal mistake was on the UDRP's "bad faith" element. Apparently, Bloomberg failed to learn any lessons from its URS loss, because the UDRP panel wrote that "an inference of likely bad faith use could here only rest on supposition." Although UDRP case files are not publicly available, this language from the decision would indicate that Bloomberg failed to present factual evidence or legal arguments as to why the panel should have found bad faith — and, the panel appropriately saw no need to go out of its way to make the complainant' arguments for it, noting that Bloomberg "is a common family name which might remain open to use in good faith by any number of traders." The UDRP panel concluded with some harsh words for Bloomberg: ...Complainant, having failed with its URS complaint, took nothing from the experience and again did not present argument concerning bad faith use in these proceedings. The Panel finds that Complainant has not met even the lower burden of proof o[...]

Experience is Paramount at the 2017 ANGA COM


Right as May turned into June, we joined thousands of attendees at the latest edition of ANGA COM in Cologne, Germany. Over the course of three days, I had the opportunity to listen and gain insights on the challenges faced today in the industry. As we're already aware, data consumption and demand continue to march upwards. This is further evident by the sheer amount of FTTx-related vendors and solutions present at the show. Cable service providers can look at DOCSIS 3.1 or tilt their HFC towards FTTx. Regardless of what access network technology is in place, the bandwidth throughput will be ample for today's demands. However, due to the widespread adoption of disruptive services such as HDR OTT video, advanced gaming platforms, virtual reality consoles, and the Internet of things (IoT), the requirements and expectations for quality of service (QoS) and quality of experience (QoE) will continue to inch upwards. There is certainly an imperative to maintain subscriber satisfaction and mitigate churn rates. I noticed more attention being driven towards the customer network experience. Communication service providers (CSPs) need to perform to subscriber expectations to bridge content providers with their audiences (the subscribers). Many years ago, subscribers may have tolerated the occasional outage — Internet connectivity wasn't considered as vital as it is now. Today, a short interruption or quality downgrade will lead to subscribers scrambling to find their provider's toll-free number. High-fidelity media like 4K streaming is more vulnerable to interruptions on the network. Buffering can only achieve so much, especially when premium subscribers won't accept a lengthy "buffer" from the start. Allocating more funds and time into call centers and maintenance crews is not the ideal answer, it's a bandaid solution at the cost of revenue. Deploying systems that can actively monitor key performance indicators (KPIs) and provide the notifications necessary to proactively keep tabs on network performance puts CSPs one step closers. Many service providers already have such solutions in place — but it is also important to ensure that the right KPIs are being tracked and acted upon. Furthermore, a network analytics suite can help service providers understand subscriber usage patterns and network resource utilization, paving the way to congestion minimization and traffic management policy development. Properly implemented, service providers can also see CAPEX and OPEX benefits through well-informed decisions on the network. Device management has been the go-to, a standard answer for years — especially when it comes to WiFi quality in the premises. Devices that support diagnostic tests and return mission critical parameters can also give service reps better insight on the state of the network beyond the demarcation line. These solutions are just fundamentals towards an excellent customer network experience. The data and analytics produced can be used to feed an existing support or ticketing system, providing additional context that can assist customer service representatives. Whether it's knowing the ideal next steps to resolve issues or having better empathy of the situation, customer service representatives (CSRs) can be empowered to drive better support. On top of that, the combined effort of multiple analytics, reporting, and diagnostics will enable better prioritization of network maintenance and repair efforts. With DOCSIS 3.1 and FTTx, service providers already have good throughput options to address increased demand for data. For customer experiences, there are several subjective factors[...]

Donuts, Rightside Group Merge in a $213M Acquisition Deal


Donuts Inc., a leading domain name registry for new top-level domains and Rightside Group today announced a merger agreement; Donuts has agreed to acquire Rightside for $10.60 per share in an all-cash tender offer, for an aggregate purchase price of approximately $213MM. According to the release, the Merger Agreement was "unanimously approved by Rightside's Board of Directors following a comprehensive review of strategic and financial alternatives that Rightside announced in the first quarter of 2017." Bruce Jaffe, Donuts chief executive officer: "We believe that the combined company will be well positioned to serve our registrar customers and the millions of businesses and individuals who are embracing new ways to brand their online identities."

"The deal will give Donuts an additional 40 top level domain names, Rightside’s technical registry system (that currently powers Donuts’ domains), domain name registrar, and a portfolio of about 300,000 (mostly .com) domain names." –Andrew Allemann, Domain Name Wire / Jun 14

"There was talk of a split last year, with Donuts apparent endorsement of Google’s Nomulus platform, but the two companies reaffirmed their relationship earlier this year. ... [Rightside] faced criticism from shareholders over the last year or so over their relatively poor performance. Activist investor J Carlo Cannell, who owns almost 9% of Rightside, has been pressuring the company’s board to take radical action for the last 15 months." Kevin Murphy, Domain Incite / Jun 14

Follow CircleID on Twitter

More under: Domain Names, Registry Services, Top-Level Domains

FBI, DHS Release Technical Details on North Korea’s DDoS Botnet Infrastructure


U.S. Department of Homeland Security (DHS) and the FBI today released a technical alert based joint-effort analysis of methods behind North Korea’s cyberattacks. From today's release: "This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. ... DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity, DDoS, Malware

Microsoft Releases Patches to Fix Close to a Hundred Flaws, Including for Unsupported Windows XP


Microsoft has released security updates for close to a hundred security vulnerabilities in a number of Windows operating systems. From Krebs on Security, Brian Krebs writes: "One bug is so serious that Microsoft is issuing patches for it on Windows XP and other operating systems the company no longer officially supports. ... 27 of the 94 security holes Microsoft patches with today's release can be exploited remotely by malware or miscreants to seize complete control over vulnerable systems with little or no interaction on the part of the user. ... It is this very 'wormlike' capability — a flaw in Microsoft's SMB service — that was harnessed for spreading by WannaCry, the global ransomware contagion last month that held files for ransom at countless organizations and shut down at least 16 hospitals in the United Kingdom."

Follow CircleID on Twitter

More under: Cybersecurity, Malware

Building a Case for Cybersquatting Under the UDRP


A number of recent UDRP decisions remind trademark owners (and counsel) that cybersquatting cases have to be built from the ground up. Each stage has its evidentiary demands. The first two demand either/or proof; the third, the most demanding, requires proof of unified or conjunctive bad faith registration and bad faith use of the accused domain name. Priority, which intuitively would be thought a factor under the first stage (as it is under the ACPA) is actually a factor under the third stage. Entertainment Technology Investments, Inc. d/b/a Gloo, LLC v. Contact Privacy Inc. Customer 011945202, D2017-0606 (WIPO May31, 2017) (); Technologies Sensopia Inc. v. BLUE NOVA INC, FA1704001725217 (Forum June 9, 2017) (). For the third stage, any proof less than both is insufficient to establish infringement. Charles A. Saunders / Saunders Archery Company v. Lisa Katz / Domain Protection LLC., FA1704001727959 (Forum May 31, 2017) (&llt;>); Gabs S.r.l. v. DOMAIN ADMINISTRATOR — NAME ADMINISTRATION INC. (BVI), CAC 101331 (ADReu February 26, 2017) (). Among country code-anticybersquatting policies including the U.S.'s statutory scheme, the ACPA the UDRP's insistence on conjunctive bad faith is sui generis. Under these other policies, bad faith (or abusive registration) can be established with evidence of either registration or use (add "trafficking in" under the ACPA). But for the first two stages of the UDRP complainants succeed by offering either/or proof of standing — the domain name is either identical to a mark in which complainant has a right or it is confusingly similar (paragraph 4(a)(i) of the Policy) — or respondents have neither rights nor legitimate interests in the accused domain names (paragraph 4(a)(ii)) (respondents have the shifted burden of rebutting complainant's prima facie case by proving the either/or of rights or legitimate interests). I'm going to address only the first stage. It's a low bar to prove standing; not a no-bar. There's no magic in understanding the term "identical": if the characters of the SLD match the characters of the mark character for character, it is identical (all of the above domain names fit this description). If there's no perfect match, but there's some identity of characters, perhaps differently arranged or combining a dictionary word with the dominant element of the mark, then it's most likely to be confusingly similar. Open Society Institute v. Gil Citro, FA1007001333304 (Forum April 24, 2010) (OPEN SOCIETY INSTITUTE and ). The burden for proving standing is so low that Panels ordinarily find complainants satisfy the requirement, but this is not always the case. SportSoft Golf, Inc. v. Sites to Behold Ltd., FA 94976, (Nat. Arb. Forum July 27, 2000); Fabricators & Manufacturers Association, International v. Domain Administrator / Namefind, LLC, FA1704001728625 (Forum June 1, 2017) (disclosure: I was Respondent's counsel in this matter). There are SLDs that incorporate non-dominant elements of the mark, similarity alone is not sufficient to support standing. SportsSoft Golf is an early example of defining the boundary between similar and confusingly similar, similar but not confusingly so. In its decision, the Panel held that (consisting as it does of two generic words) was not confusingly similar to GOLF SOCIETY OF THE US. The former clearly references to the generic nature of a society interested in golf or the general body or community of g[...]