Public participation site

The internet in Syria appears to have returned after a nationwide blackout knocked the country offline for more than 19 hours. Monitoring company Renesys noted signs of activity at around 14:30 GMT (17:30 local time) on Wednesday. Local state-run media had reported earlier that a "fault in optical fibre cables" was to blame for the blackout. However, experts dismissed this explanation as "unlikely".

Read full story: BBC

Follow CircleID on Twitter

More under: Access Providers

The internet in Syria appears to have returned after a nationwide blackout knocked the country offline for more than 19 hours. Monitoring company Renesys noted signs of activity at around 14:30 GMT (17:30 local time) on Wednesday. Local state-run media had reported earlier that a "fault in optical fibre cables" was to blame for the blackout. However, experts dismissed this explanation as "unlikely".

Read full story: BBC

Follow CircleID on Twitter

More under: Access Providers

In 2012 I wrote a blog on CircleID called State hacking: Do's and don'ts, pros and cons. In this post I give some thoughts to the concept of a government "hacking back" at criminals. The reason for this was an announcement by the Dutch government that it contemplated law along these lines. The proposed law is now here: the Act Computer Criminality III.

Although the idea originally was to hack into untraceable servers that could (most like would) be based abroad, now it appears that the Dutch government has used its imagination some more. Hacking devices, the obligation to cooperate in an investigation against oneself by providing passwords, tapping devices and e.g. Skype, it's all in the concept. Not surprisingly there is a lot of commotion from privacy advocates and organisations.

Anyway, I've had my say in the mentioned blog post and reiterate that this is a very, very sensitive topic, that could cross boundaries that we as society may not want to cross. Let me provide you with some links, so you can study it yourself. Unfortunately everything is in Dutch. Below you find links to the law texts, including explanations/intentions and a link to a blog post by PHD student Jan Jaap Oerlemans of the University of Leiden who provides some excellent observations.

Here's the official government publication on the law with links to the actual texts.

Here's the link to Jan Jaap Oerleman's blog.

Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement

Follow CircleID on Twitter

More under: Cybercrime, Internet Governance, Law, Policy & Regulation, Privacy, Security

In the wake of increasingly lenient bring your own device (BYOD) policies within large corporations, there's been a growing emphasis upon restricting access to business applications (and data) to specific geographic locations. Over the last 18 months more than a dozen start-ups in North America alone have sprung up seeking to offer novel security solutions in this space — essentially looking to provide mechanisms for locking application usage to a specific location or distance from an office, and ensuring that key data or functionality becomes inaccessible outside these prescribed zones.

These "Geo-locking" technologies are in hot demand as organizations try desperately to regain control of their networks, applications and data.

Over the past 9 months I've been asked by clients and potential investors alike for advice on the various technologies and the companies behind them. There's quite a spectrum of available options in the geo-locking space; each start-up has a different take on the situation and has proposed (or developed) a unique way in tackling the problem. Unfortunately, in the race to secure a position in this evolving security market, much of the literature being thrust at potential customers is heavy in FUD and light in technical detail.

It may be because marketing departments are riding roughshod over the technical folks in order to establish these new companies, but in several of the solutions being proposed I've had concerns over the scope of the security element being offered. It's not because the approaches being marketed aren't useful or won't work, it's more because they've defined the problem they're aiming to solve so narrowly that they've developed what I could only describe as tunnel-vision to the spectrum of threat organizations are likely to face in the BYOD realm.

In the meantime I wanted to offer this quick primer on the evolving security space that has become BYOD geo-locking.

Geo-locking BYOD

The general premise behind the current generation of geo-locking technologies is that each BYOD gadget will connect wirelessly to the corporate network and interface with critical applications. When the device is moved away from the location, those applications and data should no longer be accessible.

There are a number of approaches, but the most popular strategies can be categorized as follows:

1. Thick-client – A full-featured application is downloaded to the BYOD gadget and typically monitors physical location elements using telemetry from GPS or the wireless carrier directly. If the location isn't "approved" the application prevents access to any data stored locally on the device.
2. Thin-client – a small application or driver is installed on the BYOD gadget to interface with the operating system and retrieve location information (e.g. GPS position, wireless carrier information, IP address, etc.). This application then incorporates this location information in to requests to access applications or data stored on remote systems — either through another on-device application or over a Web interface.
3. Share-my-location – Many mobile operating systems include opt-in functionality to "share my location" via their built-in web browser. Embedded within the page request is a short geo-location description.
4. Signal proximity – The downloaded application or driver will only interface with remote systems and data if the wireless channel being connected to by the device is approved. This is typically tied to WiFi and nanocell routers with unique identifiers and has a maximum range limited to the power of the transmitter (e.g. 50-100 meters).

The critical problem with the first three geo-locking techniques can be summed up simply as "any device can be made to lie about its location".

The majority of start-ups have simply assumed that the geo-location information coming from the device is correct — and have not included any means of securing the integrity of that device's location information. A few have even tried to tell customers (and investors) that it's impossible for a device to lie about its GPS location or a location calculated off cell-tower triangulation. I suppose it should not be a surprise though — we've spent two decades trying to educate Web application developers to not trust client-side input validation and yet they still fall for web browser manipulations.

A quick search for "fake location" on the Apple and Android stores will reveal the prevalence and accessibility of GPS fakery. Any other data being reported from the gadget — IP address, network MAC address, cell-tower connectivity, etc. — can similarly be manipulated. In addition to manipulation of the BYOD gadget directly, alternative vectors that make use of private VPNs and local network jump points may be sufficient to bypass thin-client and "share-my-location" geo-locking application approaches.

That doesn't mean that these geo-locking technologies should be considered unicorn pelts, but it does mean that organization's seeking to deploy these technologies need to invest some time in determining the category of threat (and opponent) they're prepared to combat.

If the worst case scenario is of a nurse losing a hospital iPad and that an inept thief may try to access patient records from another part of the city, then many of the geo-locking approaches will work quite well. However, if the scenario is that of a tech-savvy reporter paying the nurse to access the hospital iPad and is prepared in install a few small applications that manipulate the geo-location information in order to remotely access celebrity patient records… well, then you'll need a different class of defense.

Given the rapid evolution of BYOD geo-locking applications and the number of new businesses offering security solutions in this space, my advice is two-fold — determine the worst case scenarios you're trying to protect against, and thoroughly assess the technology prior to investment. Don't be surprised if the marketing claims being made by many of these start-ups are a generation or two ahead of what the product is capable of performing today.

Having already assessed or reviewed the approaches of several start-ups in this particular BYOD security realm, I believe some degree of skepticism and caution is warranted.

Written by Gunter Ollmann, Chief Technology Officer at IOActive

Follow CircleID on Twitter

More under: Security

Following up on my recent post about how solving the Bufferbloat problem could dramatically increase the speed of Internet usage, I recently learned via a Google+ post by Michael Richardson of this video of a presentation by Jesper Dangaard Brouer of Red Hat at the recent DevConf.cz Brno 2013 titled: "Beyond the existences of Bufferbloat – Have we found the cure?” The slides are available for download as is the video that is embedded below.

The presentation is an interesting dive down into the technical weeds of what exactly is causing this bufferbloat problem and how it could be fixed with a combination of factors, most noticeably the CoDel (Controlled Delay) active queue management technique. I found it a useful explanation of many facets of the problem and solution and would encourage folks interested in this topic to give it a look. I'll also note as I did in my earlier post that more info about the bufferbloat problem in general can be found at www.bufferbloat.net.

Written by Dan York, Author and Speaker on Internet technologies

Follow CircleID on Twitter

More under: Access Providers, Internet Protocol

Google has changed the tagline on the homepage of its Palestinian edition from "Palestinian Territories" to "Palestine". The change, introduced on 1 May, means google.ps now displays "Palestine" in Arabic and English under Google's logo.

Google spokesman Nathan Tyler, in a statement given to the BBC on Friday, said: "We're changing the name 'Palestinian Territories' to 'Palestine' across our products. We consult a number of sources and authorities when naming countries." ... "In this case, we are following the lead of the UN, ICANN, ISO and other international organisations."

Read full story: BBC

Follow CircleID on Twitter

More under: Internet Governance, Top-Level Domains, Web

Google has changed the tagline on the homepage of its Palestinian edition from "Palestinian Territories" to "Palestine". The change, introduced on 1 May, means google.ps now displays "Palestine" in Arabic and English under Google's logo.

Google spokesman Nathan Tyler, in a statement given to the BBC on Friday, said: "We're changing the name 'Palestinian Territories' to 'Palestine' across our products. We consult a number of sources and authorities when naming countries." ... "In this case, we are following the lead of the UN, ICANN, ISO and other international organisations."

Read full story: BBC

Follow CircleID on Twitter

More under: Internet Governance, Top-Level Domains, Web

Type www.z10.com into your browser and you'll arrive at an Amazon page on which "Global Mobiles" sells unlocked BlackBerry Z10 phones. What? Did you expect to be directed to a BlackBerry (formerly Research In Motion) site just because the Z10 has been touted as the phone that will help make or break the struggling company? What happened?

A savvy domain speculator realized that his or her domain name had become a hot commodity well after the domain was registered, and it could be monetized in Amazon's affiliate program where commissions could be earned on Z10 sales driven to the popular ecommerce site via Z10.com. According to the Whois, the domain was created over 12 years ago, and was transferred to a registrant in Hong Kong in 2007. The Z10 phone, however, was only introduced to the U.S. market this year.

It's possible that the original owner decided to grab Z10.com because it sounded like a model of something before BlackBerry even conceived of the Z10 phone. Plus, it's well known that ALL two and three character .COMs and probably a good many four character .COMs have been gobbled up by speculators just waiting for some new whatchamacallit to debut on the market. Z10 sounds an awful lot like a car model — and if you type "Z10 car" into a search engine, you'll get hits for BMW's Z10 and Toyota's Z10 Soarer (a model sold in Japan in the '80s).

"This is fairly typical cyber-speculation activity," said Steve Levy, FairWinds' Intellectual Property Attorney. "Creative domain speculators will come up with creative names absent of a known product name. If one of those names is later adopted by a company as a brand, it can create a tough situation since there were no trademark rights at the time the domain was created and Uniform Domain-Name Dispute-Resolution Policy (UDRP) arbitration panels must reject claims when a domain name was not originally registered in bad faith. At that point it's time to explore other options such as an anonymous offer to buy the desired domain — preferably before the new product launches and price goes sky high."

There are some lessons here for companies managing the acquisition of domain names associated with the launch of a new product. Before a new brand is publicly announced, many companies will register the most obvious defensive domains. But if the product name is neither totally distinctive, nor incorporates a protected pre-existing trademark, and a domain name was registered well in advance of any trademark rights, it may be that acquisition is the only path forward apart from selecting another trademark with an available domain.

Written by Josh Bourne, Managing Partner at FairWinds Partners

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names

Could you sign off of the Internet today — right now, in fact — and not come back online for 12 months? If you are a reader of CircleID, odds are pretty good that the answer is probably an emphatic "No!” This is, after all, a site for "Internet Infrastructure" and for most of us visiting the site (or writing here) the "Internet" is completely woven into the fabric of our lives… and we have a hard time thinking of a life without it.

Paul Miller did, though. Paul, a writer at The Verge, signed off on April 30, 2012, and just rejoined the rest of us this week… and being a writer naturally wrote a long piece about it: "I'm still here: back online after a year without the internet”

As he says in the article and the accompanying video, he was thinking of an escape:

I thought the internet might be an unnatural state for us humans, or at least for me. Maybe I was too ADD to handle it, or too impulsive to restrain my usage. I'd used the internet constantly since I was twelve, and as my livelihood since I was fourteen. I'd gone from paperboy, to web designer, to technology writer in under a decade. I didn't know myself apart from a sense of ubiquitous connection and endless information. I wondered what else there was to life. "Real life," perhaps, was waiting for me on the other side of the web browser.

I won't quote much more of the article because I think it's worth a read in its entirety. I did, though, find this an interesting quote:

My plan was to leave the internet and therefore find the "real" Paul and get in touch with the "real" world, but the real Paul and the real world are already inextricably linked to the internet. Not to say that my life wasn't different without the internet, just that it wasn't real life.

and this:

But the internet isn't an individual pursuit, it's something we do with each other. The internet is where people are.

I think of my own life, and the connections that I have, and the connectedness I have with so many people and with so many different facets of my life. Sure, I could go without the Internet for a year… but would I want to?

Written by Dan York, Author and Speaker on Internet technologies

Follow CircleID on Twitter

More under: Web

Tom Wheeler nominated by President Obama as the new chairman of the FCC.After a political and administrative process of more than a month Tom Wheeler has finally been nominated by President Obama as the new chairman of the FCC with the full support of Congress. Unlike other regulators around the world the FCC is directly accountable to the American Congress, making it a far more political body than most other regulators.

I have known Tom since 1983. He is an enormously energetic person and has been involved in the ICT industry for most of his working life, holding very senior positions within the American industry.

Currently he is the managing director at the Washington DC venture capital firm, Core Capital Partners, and before that, from 1979 to 1984, he served as president of the National Cable Television Association (NCTA) and as CEO of mobile carrier trade group CTIA from 1992 to 2004.

During all those years we have remained in touch and this connection was further strengthened when Barack Obama became President in 2008. As long as I have known Tom he has played a very active role in the Democratic Party and on one occasion I was invited to attend one of their events, which was quite an experience.

After the Obama win Tom became part of the Transition Team, overseeing the broad scale of technology, science and media. Before the election I had already discussed with Tom the idea that, if Obama were to win, I would be interested in sharing my views on telecoms with him. He took me up on that and put me in contact with Professor Susan Crawford who became the President's advisor on telecommunications. Together with an elite group of telecoms experts from America and Europe we produced several reports on telecoms infrastructure, structural separation, digital innovation and productivity.

There was also great interest in America in the developments around the Australian NBN and in 2009 I was invited to do a presentation on my views on this at a meeting in the White House. And our reports were used by the people within the FCC who wrote the American National Broadband Plan in 2010. It is interesting to see that many of the suggestions we made appeared in their plan.

The fact that Tom was part of the Transition Team, and the fact that he has shown great interest in different approaches to telecommunications, gives me a positive feeling about his appointment. Obviously an appointment like this is eliciting very strong comment in the USA — there are some who don't like the fact that Tom has such close links with the industry, while others see that as an advantage.

It is obvious that America is America, and that the political situation and the attitude to private and government investments is rather different from those in Europe and Australia. There will not be an NBN along the lines that developed in Australia, not even the tuned down-version of the Coalition.

As an American Tom is also a very strong proponent of reduced government involvement and strong support for commercial investments. While I do not always agree with his views on telecoms issues I have always been able to have very open discussions with him. My views are sometimes slightly more radical than his, but I have learned that the American way of thinking is indeed different and I can understand and respect that.

Tom's involvement in the mobile industry also gave him insight into spectrum issues, currently a hot topic in America. In the past he has challenged the broadcasters to become more active in the digital media and more innovative in using their spectrum for, among other things, mobile TV. So we can expect some fireworks there.

Of course, the really big issue in telecoms in the USA, as elsewhere, is the dominance of the vested interests and, particularly in America, their enormous influence in government policies (plutocracy). It will be interesting to see how Tom will handle these tricky issues. He will need all his diplomatic and negotiation skills to navigate a straightforward course through them.

I would like to take this opportunity to wish Tom wisdom and success in his new role.

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Broadband, Policy & Regulation, Telecom

In the run-up to the launch of new gTLDs, ICANN has been negotiating both of its main supplier contracts. The registrar contract (Registrar Accreditation Agreement or RAA) negotiations are now all but complete. A new contract draft has been posted for public comment and it now seems likely that in little over a month, this will become the official new 2013 RAA.

The registry contract (Registry Agreement or RA) negotiations have been going on for much less time and really only picked up in earnest after several registries made outspoken, sometimes angry, comments at the way they felt ICANN was handling the negotiations.

Subsequently, a registry negotiating team was set up to work with ICANN in a similar fashion to the registrars (who have been locked in negotiations with ICANN for getting on to almost 2 years now). For ICANN and new gTLD applicants, time is of the essence as the program obviously cannot launch without proper contracts in place to cover the whole domain name registration, management and distribution chain.

This impacts registries as well of course, as many of them are either applicants themselves, or working for applicants.

On April 29, ICANN's VP for DNS Industry Engagement Cyrus Namazi posted an upbeat report on the negotiations on the ICANN blog. "I am delighted to report that we have now posted a proposed final draft of the New gTLD Registry Agreement," Namazi wrote. "Similar to the proposed 2013 Registrar Accreditation Agreement (RAA) that was posted for public comment on 22 April 2013, the ICANN community is now able to review and comment on this final draft before it is approved and adopted."

Namazi's comments are clearly drafted to get the message across that all is well and that the registries and ICANN left the negotiating room as BFFs. "A new and highly spirited sense of mutual trust has catapulted us into a fresh atmosphere of collaboration," he added. "The spirit of teamwork, productive dialogue and partnership that has underpinned this negotiation process is tremendously heartwarming, as it has allowed us to bring to fruition a robust contractual framework for the New gTLD Program."

Really? In a letter sent to ICANN, senior managers at Verisign, the most powerful registry by market share, are extremely critical of the way ICANN has handled the negotiations and of the end result.

Issues appear to center around a clause which would give the ICANN Board a unilateral right to amend the contract. This has been strongly criticized by both registries and registrars, and Verisign is not happy with what it sees as a tool to allow ICANN to change the rules of engagement for its contracted parties at will.

The letter is a strongly worded as Namazi's post is lovey-dovey. So who is right? The proposed new RA was posted for public comment on April 29 for 42 days. Comments will then be collated and summarised for the ICANN Board, so that it can decide whether to approve the contract or not.

This is a major test for today's ICANN. On the one hand, it needs to show that it can control its supplier chain and provide Internet users with a safe and stable environment. But it also needs to show that it can provide the businesses in the domain industry with such an environment, especially with an expected 1,200 new TLDs coming online in the next few years. And lastly, ICANN needs to show that the bottom-up policy development process that gives it its unique position in the world of Internet governance is sacrosanct. Right now, the registries seem to think that ICANN is ready to throw the model under the bus whenever it suits its own devises.

Written by Stéphane Van Gelder, Chairman, STEPHANE VAN GELDER CONSULTING

Follow CircleID on Twitter

More under: Registry Services, ICANN, Policy & Regulation, Top-Level Domains

ICANN's Non-Commercial Stakeholders Group (NCSG) has filed a Request for Reconsideration with ICANN's Board of Directors regarding the staff's decision to expand the scope of the trademark claims service beyond that provided by community consensus policy and in contradiction to ICANN Bylaws.

Specifically at issue is ICANN staff's unilateral decision to adopt the "trademark +50" proposal for new domains, which would provide trademark holders who have previously won a UDRP or court decision with rights to 50 additional derivations of their trademark in ICANN's Trademark Clearinghouse (TMCH). Under staff's plan, large trademark holders that register in the clearinghouse will be provided thousands of derivations of their trademarks since each separate country's registration of the same trademark provides the brand owner with an additional 50 entries in the TMCH.1 Entries in the TMCH trigger infringement warning notices to domain name registrants which can lead to increased liability for registrants, discourage lawful registrations, and chill speech on the Internet.

ICANN's bottom-up community-developed process for creating policy had approved of a TMCH model that allowed "exact matches" of trademarks only to be placed in the TMCH. In 2007, ICANN's GNSO Policy Council, including representatives from the Intellectual Property and Business Constituencies, approved the GNSO recommendations that created special protections for trademark rights by a supermajority vote.2 As part of the multi-year consensus process, both the subsequent Special Trademarks Implementation (STI) Team and the Implementation Review Team (IRT) considered the issue of providing rights to exact matches or additional derivations, and both community-developed teams specifically opted for exact matches only to be placed into the TMCH. ICANN's CEO testified before U.S. Congress in 2012 that expanding the scope of the TMCH further would be inappropriate since it would create new rights that do not exist in law and ICANN should not be creating unprecedented rights.3

Many months after the final TMCH model of exact matches only was published in ICANN's Applicant Guidebook and new domain businesses relied on it when filing their applications, ICANN's Intellectual Property and Business Constituencies lobbied ICANN's new CEO to make drastic changes to the community-developed policy and grant additional trademark rights in the TMCH.

After the October 2012 Toronto ICANN Meeting, a "strawman solution" was proposed by ICANN's new CEO which included a number of IPC/BC's substantive policy proposals to give trademark holders additional privileges in the domain name system, including changing the exact matches only standard approved of by the community.

Yet ICANN's CEO recognized that expanding the scope of the trademark claims service was a policy matter requiring GNSO Council guidance, as he stated on his blog4 in December 2012; and the CEO did write to the GNSO Council to request guidance on this policy proposal. Under ICANN's Bylaws, staff may not change GNSO-approved policy, except under a strict process that involves consulting with the GNSO and a 2/3 vote of the Board of Directors.

NCSG filed comments on the proposed policy changes and warned against re-opening previously closed consensus agreements and circumventing ICANN's stated bottom-up policy development process.5 In addition to the flawed process for adopting this policy, NCSG also detailed substantive concerns with staff's proposal to expand trademark rights beyond anything that exists in trademark law. It came as no surprise that only members of the IPC and BC supported the strawman proposals in ICANN's comment period.6

In the GNSO Council's February 29, 2013 response to the CEO regarding the proposal to expand the scope of trademark claims, the GNSO Chair wrote, "the majority of the council feels that proposal is best addressed as a policy concern, where the interest of all stakeholders can be considered."7 Thus the GNSO Council also determined this specific proposal to be a policy matter, requiring consultation from the entire community before such a change could be made to existing GNSO Council approved policy.

Yet with only an email sent on 20 March 2013, ICANN staff announced in an attached memorandum that it would expand the scope of the trademark claims service to give trademark holders rights to 50 additional derivations of their trademark, in contradiction to GNSO developed policy of exact matches only and the subsequent requested GNSO Council guidance on the matter.8

Staff's only explanation for such a drastic shift in the creation of new rights: "this proposal appears to be a reasonable add on to an existing service, rather than a proposed new service". Thus with a single line of evasive text, years of hard-fought community consensus policy was brushed under the rug and the new era of policy development via ICANN staff edict was solidified.

On 19 April 2013 NCSG filed this Request for Reconsideration of the staff decision because ICANN did not follow its stated process for changing GNSO-approved policy. If ICANN wants to deviate from Supermajority GNSO-approved policy, it must follow the process outlined in the organization's Bylaws, Annex A Section 9.9 As an organization that holds itself out as a champion of the bottom-up policy development process, ICANN is obligated to comply with community-developed policies, unless the Board of Directors can muster the necessary 2/3rd vote to over-turn the community decision. That mandatory process was not followed by ICANN's staff or Board in over-turning the community-approved policy in favor of staff's policy to expand the scope of TMCH.

ICANN's Board Governance Committee has thirty days in which to make to a recommendation to ICANN's Board of Directors regarding the NCSG's Request for Reconsideration or report to the Board on why no final recommendation is available and provide a timeframe for making a final recommendation on the matter. ICANN's entire Board should consider the recommendation of the Board Governance Committee at its next regularly-scheduled Board meeting.

Under Article IV Section 2 of ICANN's Bylaws, the Request for Reconsideration process is a mechanism intended to reinforce ICANN's accountability to the community for operating in a manner consistent with its Bylaws.10 Because the staff's unilateral decision to change GNSO-approved policy was not consistent with ICANN's Bylaws and contradicted ICANN stated policy, NCSG filed the Request to correct the error and bring ICANN into compliance with its Bylaws and stated policies.

NCSG requests that the Board reinstate the community-developed policy of giving trademark holders rights to include exact matches of their trademark only in the TMCH, which was the policy stated in ICANN's Applicant Guidebook when ICANN accepted applications for new domains.

• NCSG's Request for Reconsideration (PDF)
• Attachments to NCSG's Request for Reconsideration (PDF)
• ICANN Website on Requests for Reconsideration

1 http://domainincite.com/...

2 http://gnso.icann.org/en/issues/new-gtlds/...

3 http://www.internetcommerce.org/ICANN_Amnesia

4 http://blog.icann.org/2012/11/a-follow-up-to-our-trademark-clearinghouse-meetings/

5 http://ipjustice.org/wp/2013/01/14/...

6 http://forum.icann.org/lists/tmch-strawman/msg00096.html / See also:
Comments of Registrar Stakeholder Group
Comments from New TLD Applicant Group
Comments of Non-Commercial Stakeholder Group
Comments of the Internet Service Provider Constituency
Comments of Public Interest Registry

7 http://gnso.icann.org/bitcache/...

8 http://newgtlds.icann.org/en/about/trademark-clearinghouse/...

9 http://www.icann.org/en/about/governance/bylaws#AnnexA

GNSO Policy Development Process

Section 9. Board Approval Processes. a. Any PDP Recommendations approved by a GNSO Supermajority Vote shall be adopted by the Board unless, by a vote of more than two-thirds (2/3) of the Board, the Board determines that such policy is not in the best interests of the ICANN community or ICANN. If the GNSO Council recommendation was approved by less than a GNSO Supermajority Vote, a majority vote of the Board will be sufficient to determine that such policy is not in the best interests of the ICANN community or ICANN.

b. In the event that the Board determines, in accordance with paragraph a above, that the policy recommended by a GNSO Supermajority Vote or less than a GNSO Supermajority vote is not in the best interests of the ICANN community or ICANN (the Corporation), the Board shall (i) articulate the reasons for its determination in a report to the Council (the "Board Statement"); and (ii) submit the Board Statement to the Council.

c. The Council shall review the Board Statement for discussion with the Board as soon as feasible after the Council's receipt of the Board Statement. The Board shall determine the method (e.g., by teleconference, e-mail, or otherwise) by which the Council and Board will discuss the Board Statement.

d. At the conclusion of the Council and Board discussions, the Council shall meet to affirm or modify its recommendation, and communicate that conclusion (the "Supplemental Recommendation") to the Board, including an explanation for the then-current recommendation. In the event that the Council is able to reach a GNSO Supermajority Vote on the Supplemental Recommendation, the Board shall adopt the recommendation unless more than two-thirds (2/3) of the Board determines that such policy is not in the interests of the ICANN community or ICANN. For any Supplemental Recommendation approved by less than a GNSO Supermajority Vote, a majority vote of the Board shall be sufficient to determine that the policy in the Supplemental Recommendation is not in the best interest of the ICANN community or ICANN.

10 http://www.icann.org/en/about/governance/bylaws#IV

Written by Robin Gross, Founder and Executive Director of IP Justice

Follow CircleID on Twitter

More under: Domain Names, Registry Services, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains

Fast and reliable infrastructure of any kind is good for business. That it's debatable for the Internet shows we still don't understand what the Internet is — or how, compared to what it costs to build and maintain other forms of infrastructure, it's damned cheap, with economic and social leverage in the extreme.

Here's a thought exercise… Imagine no Internet: no data on phones, no ethernet or wi-fi connections at home — or anywhere. No email, no Google, no Facebook, no Amazon, no Skype.

That's what we would have if designing the Internet had been left up to phone and cable companies, and not to geeks whose names most people don't know. What those geeks came up with was something no business or government would ever contemplate: a base infrastructure of protocols that nobody owns, everybody can use and anybody can improve. For all three of those reasons the Internet supports positive economic externalities beyond calculation.

The only reason we have the carriers in the Net's picture is that we needed their wires. They got into the Internet service business only because demand for Internet access was huge, and they couldn't avoid it. Yet, because we still rely on their wires, and we get billed for their services every month, we think and talk inside their conceptual boxes.

Remember that the telco and cableco business models are based on routing everything through billable checkpoints. Is this what we want for the rest of the Net's future?

We have to remember that the Internet isn't just a service. It's the platform for everything we connect. And the number of things we will connect over the next few years will rise to the trillions.

To understand how the Internet ought to grow, try this: cities are networks, and networks are cities.† Every business, every person, every government agency and employee, every institution, is a node in a network whose value increases as a high multiple of all the opportunities there are for those nodes to connect — and to do anything. This is why every city should care about pure connectivity, and not just about billable phone and cable company services.

We should be building a network infrastructure that is as neutral to purpose as water, electricity, roads and sewage treatment — and that anybody, including ordinary citizens, can improve. We can't do that if we're wearing blinders supplied by AT&T, Comcast, Time Warner and Verizon.

† I came to the realization that networks are cities, and vice versa, via Geoffrey West — first in Jonah Lehrer's "A Physicist Solves The City," in the New York Times, and then in West's TED talk, "The Surprising Math of Cities and Corporations." West is the physicist in Lehrer's piece. Both are highly recommended.

Written by Doc Searls, Author

Follow CircleID on Twitter

More under: Access Providers, Broadband, Telecom, Web

The USDA Rural Development's Rural Utilities Service (RUS) has now spent the $250 million committed for smart grid technologies. To this has been added an additional $201 million in funding approved by the Agriculture Secretary to electricity utilities in eight states to install smart grid technologies and improve their generation and transmission facilities. The beneficiaries are spread among a large number of states.

This investment is helping smart grids to become the norm across the country. A side benefit is that utilities are also developing their smart grids for telecoms over and above that used by meters to send data to network controllers.

As an example, earlier this year the utility serving Santa Clara began using its smart grid technology and infrastructure to deliver free citywide outdoor WiFi. While meters send data via an existing wireless network, a separate channel is used to provide outdoor internet access. The WiFi network is growing in scope and reach as more premises are equipped with smart meters.

The potential for expanding WiFi coverage is huge. There are about 120 municipalities with citywide WiFi networks accessible to the general public. In addition, there are about 60 cities with citywide or near citywide coverage though these networks are now limited to government applications, such as public safety. There are also about 80 or more cities with large outdoor WiFi areas, mostly located in parks and downtown zones.

A hindrance to cities aiming to develop comprehensive WiFi networks has come from the powerful telecoms industry, which employs its lobbying clout to push for laws blocking or preventing municipalities from offering WiFi or fixed broadband services.

The use of smart meters to provide WiFi using existing (and expanding) infrastructure presents a separate challenge, since the telcos would have to battle utilities rather than municipal governments.

Written by Henry Lancaster, Senior Analysts at Paul Budde Communication

Follow CircleID on Twitter

More under: Access Providers, Broadband, Telecom

ICANN created the Trademark Clearinghouse (TMCH) as a way to streamline the repetitive process forced on trademark owners during the launch of new top-level-domains. With the expected tsunami of hundreds of new TLD's starting later this year, the TMCH should generate a clear benefit for trademark owners who elect to participate in Sunrise and Claims Periods.

The side effect of introducing new TLDs is that the legacy TLDs will be making changes to make sure they are competitive against the new TLDs. This means they will be relaxing restrictions and opening up unused namespaces at the second and third-levels. Many of these will follow a Sunrise or Grandfathering process as a way to implement the changes.

Already three existing TLDs (one sTLD and two ccTLDs) have announced such policy changes and decided they would like to utilize the TMCH Sunrise tokens for their Sunrise Period. This includes .Jobs, Radio.AM and Radio.FM. Donuts, the largest applicant with over 300 TLD applications, have also indicated they will use the Sunrise token from the TMCH for a universal blocking service called Domain Protected Marks List (DPML).

All this is happening before the TMCH has even supported its first new TLD. While ICANN has welcomed the use of TMCH by .Jobs, it remains to be seen if ICANN will also welcome use of the TMCH by ccTLDs.

The eventual benefits and viability of the TMCH will hinge on a few factors:

• Will trademark owners even use it?
• Will the main driver be participation in Sunrise or Claims?
• Will other existing TLDs want to use it?

Will Trademark Owners Even Use it?

It is a given that trying to participate in every future Sunrise Period would overwhelm the budgets of nearly every trademark owner. Every sage legal advisor is counseling that the trademark owner must be ultra-selective about which Sunrise Periods they engage in.

On the other hand, a review of the Trademark Agents published on the TMCH website show a good number of law firms have already advanced the TMCH the minimum $15000 required to be an Agent. If this trend continues, then it is a clear indicator that law firms will aggressively market the TMCH to their clients. (Disclosure: My firm, TM.Biz is offering a portal for these Trademark Agents).

Will the Main Driver Be Participation in Sunrise or Claims?

Trademark Claims provides some protection in every new TLD. But it is for exact matches only and only for the first 90 days. This forces trademark owners to also subscribe to a watching service that catch confusingly similar registrations not caught by the Claims service. I predict trademark owners will elect to do both Claims and watching to ensure they catch domains that might confuse their customers.

Will other existing TLDs want to use it?

There are actually two parts to the TMCH. The validation service is performed by Deloitte and CHIP. They are issuing Sunrise tokens called Signed-Mark-Data (SMD) files to trademark owners as proof that a trademark has satisfied the requirements for the typical Sunrise Period. The Database Administrator for the TMCH is IBM. They actually help Registries and Registrars operate the Sunrise and Trademark Claims Periods. The validation service initially launched on March 26. The database part is expected to launch in July.

But there are applications for just the TMCH Sunrise tokens that do not require IBM to be used. This is because the SMD file is portable. For example, any country-code TLD who decides to change their policies and wanted to conduct a Sunrise Period first, could accept SMD files from trademark owners.

Also, any TLD that wanted to accept SMD files for a new Rights Protection Mechanism, as Donuts is planning; also do not need IBM in the process.

The .Jobs Sunrise Period

The .Jobs TLD has decided to eliminate the current restriction that .Jobs domain names must match company names. This means that product and division names will be eligible for .Jobs. Before this change takes effect, .Jobs will first conduct the Sunrise Period that is designed for new TLDs. .Jobs will utilize both parts of the TMCH. Thus they need to wait for IBM, their Back-end Registry and Registrars all to be operational before they can conduct their Sunrise Period.

The Radio Global Domains

The .AM and .FM ccTLD's, have long been re-purposed for the Radio industry. They are now introducing new namespaces, called Radio Global Domains, which are designed to target new market segments within the Radio industry. These will be radio.am and radio.fm. Before these changes take place, they will also undergo a Sunrise Period starting May 28. Validation for the Radio Global Domains Sunrise Period will be performed on either trademark data or the Sunrise tokens called Signed-Mark-Data (SMD) files issued by the TMCH. All this is happening without the need for the involvement of IBM, or even for Registrars to support the new protocols required for the new TLD Sunrise Periods. (Disclosure: My firm, TM.Biz will be handling the trademark validation, SMD validation and direct submission of Sunrise registrations to the Registry).

It is still an open issue whether the TMCH will be capable of issuing SMD files by May 28 for use by the Radio Global Domains. Or if the TMCH is capable of issuing SMD files by this date, whether ICANN will allow the TMCH to release the SMD files so that the ccTLDs can use them.

There are no doubt other ccTLDs that are interested in changing their registration rules and restrictions that might consider holding a Sunrise Period first. I predict that these ccTLDs would be interested in using the SMD files as well, if allowed by ICANN.

Additional Rights Protection Mechanisms

The largest TLD applicant, Donuts, is also planning to accept SMD files for its universal blocking service called Domain Protected Marks List, or DPML. As applicant of over 300 TLD's, with half of those uncontested, a DPML represents a good value for trademark owners.
There may be other applicants that decide to offer new Rights Protection Mechanisms that utilize the SMD file.

Hopelessly Optimistic

The Trademark Clearinghouse has enormous potential to support the domain name industry. The portability of the SMD files enables many uses that were not originally envisioned by its creators. Certainly, the days of a TLD manually checking trademark databases should be coming to an end with SMD files becoming the new de facto standard for trademark validation. It will be interesting to see how this evolves over time.

Written by Thomas Barrett, President - EnCirca, Inc

Follow CircleID on Twitter

More under: Domain Names, ICANN, Law, Top-Level Domains

Of all the many applications and services that run on top of the Internet, arguably none has been more successful than that of the World Wide Web. Invented by Tim Berners-Lee back in 1989 while he was a physicist at CERN, the "Web" has fundamentally changed almost every aspect of our life… and become a part of basically every aspect of our life. Think of a part of your life… and then think of the websites that are part of that. Whether it is social networks, banking, shopping, dating, news, reading, publishing, writing, gaming, sports and now even communicating in real-time… all are aspects that somehow involve the "Web".

Today, April 30, is a special day in the history of the Web, because, as recounted on that newly-redesigned famous website (because it was the first website), info.cern.ch, it was twenty years ago today that CERN published a statement that put the WWW technology out in the public domain for all to use. Building on the long history of openness of the Internet, CERN stated very clearly that "CERN relinquishes all intellectual property rights to this code, both source and binary form and permission is granted for anyone to use, duplicate, modify and redistribute it”.

And thus was born the wider Web ... anyone could download, use and modify the W3 server software and the W3 client and start creating new sites. And people did! By the tens… and hundreds… and on and on… changing and modifying the code to satisfy their own dreams and ideas. Keep in mind, this was before Mosaic and other graphical clients changed the Web again by introducing images along with text. The original Web was one of text. I remember telnetting to info.cern.ch back in the early '90s to see what this "World Wide Web" thing was all about - and pressing numbers to follow links. It was a very different world.

Still, from those early days - and more importantly from the openness of those early days - came everything else about the Web that we use today. Those early adopters didn't need to ask anyone for permission to innovate… they just downloaded the code and started hacking away.

Thank you, CERN, for the reminder of the importance of today - and of the incredible importance of an open Web… riding on top of an open Internet.

P.S. Vint Cerf has a great retrospective out today as well: The open internet and the web

Written by Dan York, Author and Speaker on Internet technologies

Follow CircleID on Twitter

More under: Web

A team at the European Organisation for Nuclear Research (CERN) has launched a project to re-create the first web page. The aim is to preserve the original hardware and software associated with the birth of the web. The initiative coincides with the 20th anniversary of the research centre giving the web to the world.

Read full story: BBC

Follow CircleID on Twitter

More under: Web

A team at the European Organisation for Nuclear Research (CERN) has launched a project to re-create the first web page. The aim is to preserve the original hardware and software associated with the birth of the web. The initiative coincides with the 20th anniversary of the research centre giving the web to the world.

Read full story: BBC

Follow CircleID on Twitter

More under: Web

We received several emails and phone calls with thoughtful comments on the proposed plan for the first Applicant Auction and have made several small changes to the plan. The final terms will be sent to applicants who requested the RFC, and can also be requested on our website.

Here is a quick summary of the changes:

Auction prices:
Several bidders wanted a bit more certainty about how prices will be set. In response, we commit to setting the first round prices exactly as proposed (min price is 0, max price is $50,000 * number of bidders). Further, if all bidders are still bidding in the second round, then second round prices will be exactly as proposed (start price + 10% * number of bidders).

Information transparency:
We received balanced comments on the new information policy, which indicates that we found a decent compromise. In particular, most applicants accepted that preserving winning bidders' privacy by not disclosing exact winning prices was a worthwhile goal. To make this provision meaningful, we will comply with one applicants' request to contractually obligate applicants to keep the winning price confidential.

Timeline:
Finally, applicants felt that a 2-day auction was too short and that more time should be allotted to ensure that all bidders have time to familiarize themselves with the system and the process, and to think through how to bid. To accommodate this, we will make two changes:

a) As originally planned, we will offer a voluntary mock auction 3 days before the auction, scheduled for Thursday May 23rd. This will be run exactly as the real auction except that the results have no meaning, and the schedule will be heavily accelerated. We encourage all bidders to participate - the mock auction is a good test to make sure that you have the right login credentials and know how to place bids.

b) we will plan for the auction to take 3 or 4 days. The first auction round will be on May 28th and will last for 24 hours, as before. For subsequent rounds, we will do our best to set a schedule that reflects actual bidders' time zones. Rounds will last 2 hours initially, but if bidding activity during the auction indicates that not that much time is needed, we may shorten the rounds. In no case will the rounds be shorter than 30 minutes.

Deposits:
We will not allow bidders to increase their deposit during this auction. The reason is that the auction will be relatively short (4 days), that we would like to keep the first auction simple. We are open to changing this for future auctions.

A small change to mitigate order of magnitude error:
Finally, a small addition to the terms. In any round after Round 1, bidders may bid up to 9 times the Start Price of a round, or Minimum Price to Continue of a round, whichever is higher. This helps protect bidders from accidentally adding an extra "0" when typing in their bid."

We hope that these rules will be acceptable to all interested bidders and maximize participation. Any bidders who do not find these terms workable for them are invited to comment and participate in one of our future auctions. Those interested in participating in the first auction and receiving legal documentation and login credentials for the mock auction should register their interest on our website.

Written by Sheel Mohnot, Consultant

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

In a "policy implementation and experience report” presented at ARIN 31 in Barbados, ARIN's staff noted that they are seeing "circumstances" related to the leasing of IPv4 number blocks. At the recent INET in Denver, ARIN's Director John Curran alleged that there is a "correlation" between address leasing activity and organizations that have been unable to complete specified transfers through the ARIN process, which requires needs-based justification.

The issue of leasing — or rather sub-leasing, because ARIN is already leasing the addresses to its members — is yet another symptom of the growing scarcity of IPv4 addresses. Subleasing is interesting, however, as another example of the way RIR's bureaucratic control of transactions between willing sellers and buyers can lead to workarounds that make the Whois directory less accurate.

It's unclear exactly how ARIN is aware of this nominally private activity. Perhaps someone involved is tipping ARIN off, or maybe its staff is observing instances where the ASN information associated with a routed block is changing while the contact information in the ARIN Whois directory remains the same. In either case, a greater degree of transparency about refused transfers and the basis for ARIN's determination would be welcome. On a related note, we sought to shed some light on the emerging transfer market in a paper last year.

What is troubling, for ARIN at least, is that the subleasing of addresses is taking place outside of the RIR address governance regime. It is understandable that ARIN would react to something that might undermine its control over address space. Part of ARIN's power stems from its ability to identify who is allocated or assigned what address block(s) via its Whois Directory Service. Practically, the Whois has also been used to identify the party actually routing an address block, although technically this is a distinct activity over which ARIN claims no control.

From an operational perspective, if the organization actually routing an address block is unable to be contacted this could be detrimental to administrators attempting to resolve networking issues, and to parties seeking to use the Whois for law enforcement or related policy matters. However, at this point it is unclear if lessees are actually unreachable. In fact, one could argue that lessors are in a better position to keep accurate lessee contact records than the address registry — they are invoicing their lessees, we assume! Whether, and under what conditions, they would release contact information is basically unknown at this point.

For now, ARIN does not seem to be too alarmed. It suggests three potential policy solutions:

1. Decide this is not an issue for ARIN to deal with
2. Create new policy requiring that the actual party using the addresses be listed as an operational contact in Whois
3. Create new policy that would prevent leasing of address space without needs based justification.

Again, absent any data on leasing, it is hard to say which way ARIN or its membership might go, although the third option seems increasingly unlikely as ARIN moves closer to IPv4 exhaustion and the RIPE region is contemplating elimination of needs based justification entirely.

It may just turn out that private subleasing transforms the address transfer market. As Addrex's Charles Lee pointed out at INET in Denver, all kinds of parties lease assets (including ARIN leasing addresses to its own customers). It serves a useful business purpose and is not a bad thing per se. The entry of large subleasing companies without any Internet operations, Lee noted, might transform the address market. It could create entirely new ways of allocating addresses and provisioning post allocation services. It might lead to innovative product offerings such as providing means to mitigate the technological obsolescence of IPv4. We just don't know. What we know for sure is that it will create governance dilemmas.

Written by Brenden Kuerbis, Fellow in Internet Security Governance, Citizen Lab, Univ of Toronto

Follow CircleID on Twitter

More under: IP Addressing