Public participation site

Kenzie is a security researcher who has registered numerous domain names that are typographic errors of well-known trademarks (e.g., rnastercard, rncdonalds, nevvscorp, rncafee, macvvorld, rnonster, pcvvorld). He points the domain names to the actual sites in question (e.g., rncdonalds points to mcdonalds.com), but he is looking to demonstrate how these typo domains are used for "social engineering" attacks.

Kenzie did not offer the domain names for sale, did not read the emails intended for the subject organization, and generally kept his whole scheme out of the public eye. Upon demand, he also offered to transfer the domain names to the organizations in question.

Nevertheless he was sued by Gioconda Law Group for registering Giocondolaw.com — with "o" instead of "a" [see: Gioconda Law Group v. Kenzie, 2012 US Dist LEXIS 187801 (S.D.N.Y. Apr. 23, 2013)]. In response to Gioconda's complaint, Kenzie, proceeding pro se, asserted a variety of defenses, including a critique of American privacy law. Gioconda moved for judgment on the pleadings.

The court struggles with the application of the Anticybersquatting Consumer Protection Act (ACPA) factors to this case. On the one hand, this is clearly not a case where the registrant is trying to profit by selling back the domain name. On the other hand, the court says, all non-commercial uses are not necessarily exempt from the ACPA. [Not a particularly speech friendly position.]

Ultimately, the court says that it's not a case that can be resolved on the pleadings:

Defendants's alleged ideological, scholarly, and personal motives for squatting on the [domain name], while perhaps idiosyncratic, do not fall within the sphere of conduct targeted by the ACPA's bad faith requirement, If anything, given that defendant aims to both influence plaintiff's behavior and shape public understanding of what he perceives to be an important vulnerability in cyber security systems, this case arguably falls closer to cases involving parody and consumer complaint sites designated to draw public attention to various social, political, or economic issue.

It's possible plaintiff can prevail, but it would have do to so under a more fact-specific totality of the circumstances inquiry.

This is an interesting case that highlights the problems faced by security researchers generally. While the risk of liability here is less than what security researchers generally face (e.g., liability under the Computer Fraud and Abuse Act), it still shows a judge reluctant to grant the researcher's conduct full protection as a non-commercial, First Amendment-protected venture.

Written by Venkat Balasubramani, Tech-Internet Lawyer at Focal PLLC

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names, Law, Security

According to a press release by the Openbaar Ministerie (the Public Prosecution Office), a dutch man with the initials SK has been arrested in Spain for the DDoS attacks on Spamhaus.

Brian Krebs reports: "A 35-year-old Dutchman thought to be responsible for launching what's been called 'the largest publicly announced online attack in the history of the Internet' was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as 'SK,' was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, DDoS, Law, Security, Spam

According to a press release by the Openbaar Ministerie (the Public Prosecution Office), a dutch man with the initials SK has been arrested in Spain for the DDoS attacks on Spamhaus.

Brian Krebs reports: "A 35-year-old Dutchman thought to be responsible for launching what's been called 'the largest publicly announced online attack in the history of the Internet' was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as 'SK,' was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, DDoS, Law, Security, Spam

Fibre-based infrastructure requires vision and recognition of the fact that many of today's social, economic and sustainability problems can only be solved with the assistance of information and communications technology (ICT). In many situations the capacity, robustness, security and quality necessary for this calls for fibre optic infrastructures. This need will increase dramatically over the next 5 to 10 years as industries and whole sectors (healthcare, energy, media, retail) carry out the process of transforming themselves in order to much better address the challenges ahead.

Most discussions regarding the need for fibre optic infrastructure take place from the wrong perspective — based on how fast people need the internet to be when they download their emails, web information, games and movies. Fibre optic technology has very little to do with this — ultimately all of that 'residential' traffic will account for less than 50% of all the traffic that will eventually flow over fibre optic networks.

The real reason this type of network is needed relates to the social and economic needs of our societies, and there are many clear examples that indicate that we are running out of steam trying to solve some of our fundamental problems in traditional ways.

For instance, at this moment discussions are taking place in every single developed country in the world about the fact that the cost of healthcare is unsustainable. These costs will grow — over the next 20 years — to 40%-50% of total government budgets — clearly impossible. So we face a dilemma. Do we lower the standard of healthcare services, at the same time making them more costly for the end-user?

If we want to maintain our current lifestyle the only solution is to make the healthcare system more effective, efficient and productive. And this can only be done with the help of ICT. To make it more productive, health needs to be brought to the people rather than the other way around, as is the case at present. Similar examples apply to the education system, the energy systems and the management of cities and countries in general. We need to create smart cities, smart businesses and smart countries, with high-speed infrastructure, smart grids, intelligent buildings, etc.

In order to manage our societies and economies better we need to have much better information about what is happening within all of the individual ecosystems, and in particular information about how these different systems interact. Currently they all operate within silos and there is little or no cooperation or coordination between them. ICT can be the bridge to bring them together; to collect data from them and process it in real time. Information can then be fed back to those who are managing the systems, and those who operate within them, such as doctors, teachers, business people, bureaucrats, politicians — and, of course, to you and me.

Some of these data interactions are already happening around smartphones, social media, traffic and crowd control and weather information. This is only the start of what is known as the Internet of Things (IoT) or machine-to-machine communication (M2M).

ICT cannot solve world hunger, but without ICT world hunger cannot be solved, and this applies to all the important social and economic problems that societies around the world are now facing.

None of this can be done overnight; it requires massive transformations of industries and sectors. There is no instant business model available that will supply an immediate return on the investment that is needed to create these smart systems. All of these investments need to be looked at over a period of 10, 20 years and even longer. No private business will take such a business risk. To make it happen government leadership and government policies are needed.

This is also the message from the UN Broadband Commission for Digital Development, and it applies to countries all over the world. More than 120 countries worldwide have now developed broadband policies, recognising that such infrastructure is critical to their development. The challenge now is to put these policies into practice/implement these policies, and at a time when government leadership around the world as at an all-time low.

Ultimately all of these developments will require national fibre optic networks. There simply is no other technology that can handle the capacity of data and applications that will be needed to run the cities and countries from today onwards. This infrastructure needs to be robust. It has to have enormous capacity. It needs to be secure and to be able to protect privacy. There is simply no other infrastructure technology that is up to that job.

So those business and government leaders who are in charge of looking towards the future do have an obligation to ask themselves, based on the above, whether we can afford not to have a fibre optic network.

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Access Providers, Broadband, Telecom

What happens when you take a team of experts, at the top of the naming industry, and unite them behind a single, high-minded purpose? You get the most service-based and holistic approach to registry operations that the industry has ever seen — something we call "Uniregistry."

Software Developers – We are looking for full-stack developers that are comfortable working at any level of web-development and have the initiative to see a project through from start to finish. Our technology is currently built on top of PHP, MySQL, and Javascript but we are looking for anyone who feels at the top of their game developing for web and mobile in any technology. If you fit the bill we will fly you here, interview you confidentially and deliver you a lifetime opportunity to work on things that millions of people a day will use.

Systems Specialist – A successful technology company doesn't exist without a robust and scalable foundation. Do you have what it takes to build infrastructure to handle millions of visitors a day? Then we are looking for you. Candidates should have multiple years experience managing Linux based systems, popular opensource databases, as well as have a sound understanding of networking and the services that operate over them. Being well versed in systems automation, virtualization, and mass hosting are assests as well. Big things lie ahead for the fortunate candidate who chooses the red pill.

Front-end Developers – Someone with a keen sense of aesthetics and human behavior. Can turn sketches and ideas into web reality. The right individual needs to understand the consequences of their choice in code and execution. Not just nice looking pages but the ability to turn designs into a functioning Websites. HTML, CSS, Javascript, will be your primary tools. Our facility in Cayman is world-class and right across from the beach. Swim to work and shower here. Work with people like you and live tax-free.

Marketing People – Help us find the right programmer/developers in your organization and join them here in Cayman as we grow our existing registry operations business. We will need to promote the new namespaces we're charged with operating. We are going to have all kinds of fun doing that, but first we need to finish the critical infrastructure we've started. We need a great team for that and we want you to be a part of it.

Send your resumé today: careers@uniregistry.com

Follow CircleID on Twitter

More under: Domain Names, ICANN, Top-Level Domains

Earlier this April, the largest ICANN meeting ever — more than 2,500 attendees — kicked off in Beijing. Given the imminent addition of hundreds of "dot Brands" to the Internet, the topic of new gTLDs was at the top of the discussion list for all attendees. So far, well over 100 new gTLD applications have passed the Initial Evaluation stage, meaning they're on their way to becoming live domains.

At the meeting, ICANN's Government Advisory Committee (GAC) released its formal advice on new gTLDs. The GAC made a number of points to the ICANN Board including:

• A request to further review a specified list of strings and present advice at ICANN 47
• Six specific contractual safeguards that should be placed on all gTLDs, including WHOIS verification and abuse mitigation
• Contractual safeguards that should be placed on particular categories of TLDs, including consumer protection, sensitive strings, regulated markets and those with restricted registration policies
• Urging the ICANN board to reconsider its decision to allow singular and plural versions of the same strings

GAC advice is becoming the single biggest area of uncertainty for new TLD applicants. It not only appears to adjust requirements approved by the community in the Applicant Guidebook, it also is evolving with each new communique.

One reporter noted, "It looks like at least 517 new gTLD applications [may] be affected by the GAC's advice." I'm sure there will be many more discussions about this topic.

Registrar Accreditation Agreement (RAA) and Registry Agreement

ICANN CEO Fadi Chehade announced newly revised versions of both the 2013 Registrar Accreditation Agreement and Registry Agreement, which are now posted for public comment. ICANN is looking at ways to keep the debate over these contracts from delaying the overall application process.

Trademark Clearinghouse

Earlier, in March, the Trademark Clearinghouse (TMCH) opened. TMCH allows brand owners to submit their trademark data into one centralized database, prior to and during the launch of new gTLDs. Since opening, the pace of sign-ups by both individual mark owners and agents has been rapid, ensuring the long-term success of the TMCH project.

With ICANN 47 in Durban, South Africa coming up in mid-July, many of these subjects will continue to be discussed and, hopefully, resolved in the weeks ahead.

Written by Roland LaPlante, Senior Vice President and CMO at Afilias

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Top-Level Domains

There is no doubt that LTE is going to take a prime position in broadband developments. With competitively priced services, innovative smartphones and an increasing range of very innovative apps this market is set to continue to boom. So how will all this impact the overall broadband market?

First of all, this is not an 'us or them' issue between fixed and mobile broadband. As a matter of fact, the companies that are rolling out LTE are increasingly dependent on deep fibre rollouts as they need to handle massive amounts of data, to which the mobile infrastructure technology is not well-suited. So the quicker they can offload their mobile traffic onto a fixed network the better. As I've said before, one of the key drivers of fibre deployment will be the growth in mobile broadband.

A similar situation will occur in the home. More and more, people are using their mobile devices rather than PCs and laptops; and more people within the home are using more and different mobile devices, so this will significantly increase the need for capacity within the home. The reality of mobile broadband is that 60%-80% of capacity usage of smartphone and tablet use is in the home, and these devices are all connected to the fixed network through the WiFi modem. People are becoming accustomed to the quality of the LTE network, so they will want a similar quality of service over the fixed network; and over the next 3-5 years the current network will start to run out of steam. And, with at least one-third of all fixed broadband connections being of such an inferior quality, these households are already facing these quality problems now.

So, while access to the internet and broadband is moving quickly towards smartphones and tablets as the preferred access devices, at the same time the majority of broadband capacity required through these devices will still need to be provided by the fixed network.

While the capacity of the mobile network is greatly improved by LTE — as well as by the upcoming extra capacity through new spectrum allocation — the physics of mobile technology is such that it will be impossible to handle all the traffic of these mobile devices over the mobile network.

Obviously the mobile operators are not sitting still. They are improving their network infrastructure in order to capture as much of the traffic as possible, and increasingly they are looking at WiFi technologies as another alternative to off-load traffic and/or add extra access points for users in high traffic areas such as shopping centres, entertainment venues, transport stations, etc. But again these WiFi access points need to be connected to the fixed network, and in the case of WiFi access points you virtually need fibre-to-the premise/business to be of any use.

So, while LTE will greatly increase the use of broadband and broadband applications, this will at the same time put increased pressure on the fixed network.

On the end-user side of the fixed broadband market — we don't have the same dynamics as in the mobile market. Few, if any, fixed network devices capture the users' attention in the way the new smartphones do. Also, there is a clear lack of exciting fixed broadband applications. Entertainment is largely captured by content providers who want to protect their existing business models, and applications in healthcare, education, energy, etc are going to take a long time to reach maturity and mass market penetration levels. So all attention is clearly on mobile and this is creating a skewed perspective on what is needed overall to ensure that these mobile developments can be used to their full potential.

The developments in mobile and LTE will generally stimulate the need for better fixed networks, but at the same time there will be a significant group of users who — at this point in time — do not have high capacity requirements, and for whom a $30 or $40 monthly mobile connection will cater for all their comms needs. This group will actually lead to stagnation, and even a decline, in fixed broadband connections. We already see this happening in the Hong Kong market. The situation will only be exacerbated if LTE becomes available in areas that have very poor fixed broadband coverage. BuddeComm estimates that up to 25% of users could simply abandon their unsatisfactory fixed broadband connection in favour of LTE. Most will eventually re-connect in 3-5 years' time, but only when important applications are becoming available over the fixed network.

These short-term developments could be interpreted by some who don't have a good understanding of the total picture as an indication that fixed broadband is not needed, and this could potentially undermine the build-out of the fixed broadband networks that are so desperately needed for the longer-term social and economic developments in the country.

If we look at the very latest smartphone devices (e.g. GalaxyS4) we see an increase in what is called machine-to-machine (M2M) or Internet of Things (IoT) applications, often linked to location-based services (LBS). What happens behind the scenes of these applications is that they gather data often from a variety of sources and process that information in real time, giving users interesting services in relation to healthcare, sport achievement, calorie intake, weather transport and traffic information and so on.

It is these M2M and IoT applications that are finally going to stimulate the sort of killer apps that are needed to drag some of the lagging sectors into the digital age — such as healthcare, education, utilities, government and business, who are at present trying to limit the impact of the digital economy, rather than embracing it. This, in turn, will start stimulating the sort of applications that require the capacity, robustness and security that can only be delivered by fibre optic networks.

All of this will come together in 5 to 10 years' time when the requirements from the mobile-based developments, the rapid growth of M2M applications, and the somewhat slower growth from the requirements following the industry and sector transformations, combined, make the need for a fibre-based infrastructure essential for the economic development and social wellbeing of any developed economy.

What is required from business leaders and politicians is that they recognise this need and start planning for it from the earliest possible opportunity. Doing this on the run is not the ideal way to make infrastructure investments that will have to last for 25-50 years.

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Access Providers, Broadband, Mobile, Telecom, Wireless

It is surprisingly difficult to get accurate figures for the amount of spam that is sent globally, yet everyone agrees that the global volume of spam has come down a lot since its peak in late 2008. At the same time, despite some recent small decreases, the catch rates of spam filters remain generally high.

Spam still accounts for a significant majority of all the emails that are sent. A world in which email can be used without spam filters is a distant utopia. Yet, the decline of spam volumes and the continuing success (recent glitches aside) of filters have two important consequences.

The first is that we don't have to fix email. There is a commonly held belief that the existence of spam demonstrates that email (which was initially designed for a much smaller Internet) is somehow 'broken' and that its needs to be replaced by something that is more robust against spam.

Setting aside the Sisyphean task of replacing a tool that is used by billions, proposals for a new form of email tend either to put the bar for sending messages so high as to prevent many legitimate senders from sending them, or break significant properties of email (usually the ability to send messages to someone one hasn't had prior contact with).

Still, if spam volumes had continued to grow, we would have had little choice but to introduce a sub-optimal replacement. The decline in spam volumes means we don't have to settle for such a compromise.

Secondly, current levels of spam mean there is little threat of a constant flow of spam causing mail servers to fall over.

At the same time, one would be hard-pressed to find a user whose email is not filtered somewhere — whether by their employer, their provider, or their mail client.

Thus, looking at the spam that is sent isn't particularly interesting as it provides us with little insight into the actual problem. What matters is that small minority of emails that do make it to the user — whether because their spam filter missed it, or because they found it in quarantine and assumed it had been blocked by mistake.

Equally important is the question of which legitimate emails are blocked, and why — and what can be done to prevent this from happening again in the future.

It is tempting to look at all the spam received by a spam trap, or by a mail server, and draw conclusions from that. They certainly help paint a picture, but in the end they say as much about what users see as the number of shots on target in a football match says about the final result.

Despite the doom predicted by some a decade ago, email is still with us — and we have won a number of important battles against spam. But if we want to win the war, we need to shift our focus.

Written by Martijn Grooten, Email, web security tester

Follow CircleID on Twitter

More under: Email, Spam

"We need to break down silos", is a phrase often heard in national and international meetings around cyber security and enforcing cyber crime. So it is no coincidence that at the upcoming NLIGF (Netherlands Internet Governance Forum), the IGF, but also an EU driven event like ICT 2013 have "Breaking down silos" and "Building bridges" on the agenda. But what does it mean? And how to do so?

The internet and borders

People often refer to the internet as borderless and that there is a need to cooperate cross border between police agencies and other agencies regulating or enforcing the internet. This falls under the category "This needs a global solution" or the "this is cross border, we can not do anything!" type of comments.

Breaking down silos goes way beyond this. It is a national, organisational as well as international problem. Specific organisations work within their own remit and have, in some cases extreme, difficulty to reach out to other organisations. Others are not aware of each others capabilities. This discussion is about mental borders as well as legal, organisational and state ones.

The worst example

Usually the police is pointed to as a hard partner to work with. "We never hear anything back" or "We never receive information from them" are often heard comments. It is my impression that police organisations (and prosecutors) could have more understanding of what the capabilities of other enforcement agencies are, in order to coordinate actions in a better way. (What happens when two or three different organisations investigate the same botnet at the same time?!)

Law enforcement is more than enforcing the law from a penal code objective. Other agencies may be better equipped to solve a specific cyber crime than police on the basis of enforcing their "own" law. A "serious" crime could be dealt with through e.g. a Consumer Protection Act also. Or together there is a higher chance at success. These are important lessons. Break down your silos!

Cyber security

Cyber security organisations like Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Services (Csirt) secure and monitor governmental and industry ICT systems, alert and respond to breaches, e.g. like ddos attacks or hacks. They have a lot of information and evidence that could actually assist enforcement agencies in doing their work. At the same time they can act on certain breaches in ways that law enforcement never could.

Cooperation between the two is not something which comes easily. For dozens of reasons. Hence the need to break down silos and create understanding.

Industry

And what about industry? What is the information it has on cyber crimes? If industry does not see the incentive to report all, let's say relevant, breaches to the proper authority, enforcement and security will never get the priority it deserves. Hence another reason to break down silos.

Who needs to act?

In the report of De Natris Consult (click here to view) called "National cyber crime and online threats reporting centres. A study into national and international cooperation." it is clearly shown that for an individual organisation it is nearly impossible to break a silo down. Simply because it's to difficult and not a part of the organisations primary task. So despite the fact that it is in the direct interest of a single organisation to be able to cooperate, it is nearly impossible to break through on your own when no one hears you knocking. It is important however to report your impossibilities to those who can make a difference. How will people who can actually make a difference ever know otherwise? Start breaking down your own silo in the right places.

So who needs to act then?

There are a few options. (My apologies for non-EU readers. I'm a bit EU-centric here, but please allow your imagination to run to your corner of the world and the options it provides.)

1. National government
This would help at national level. E.g. in a national strategy on cyber security a national coordinating body is foreseen and instituted by the national government. E.g. The Netherlands created the National Cyber Security Centre. It is very interesting to see the developments going on. Embedded officers from different agencies, industry and vital infrastructure work part time within the centre.

Some questions could be asked that can make a difference over time. How does the centre change knowledge and perceptions with time? Does it make a solid inventory of skills, complementary powers and different possibilities that different laws supply to fight cyber crimes? Does it take a closer look at whether present laws supply the needed powers to fight the different forms of cyber crime?

2. International bodies
ENISA currently plays a role in bringing CERTs and police agencies together. Could it play that role in a broader sense? So for other LEAs and police and CERTS?

EC3 could open itself to more enforcement entities, e.g. by providing common trainings, coordinate cyber actions, etc. It does not so at present, but it would be a good thing if EC3 looked into this option in the very near future. Who invites them to break down their silo?

Fill in your option here .....

3. International projects
What will a project like ACDC (Advanced Cyber Defense Centre) do to international cooperation? In this case it is about fighting botnets. From disinfecting end users computers to gathering, analysing and sharing data on botnets, botnet traffic and command and control servers in and through the central clearing house. What will aggregated data do in the fight against cyber crime and more so, what will it do for cooperation and understanding between different entities both public and private?

Conclusion

Why are all these questions so relevant? Because my bet is that all these agencies, from the military to secret services and from police to consumer fraud, spam and privacy agencies are all looking for the same people who make the internet not a very safe place to do business and pleasure today. There is, well there should be, a strong need to cooperate and coordinate.

Breaking down silos will not come easy. For many a reason. Still, if people responsible for this task are to make serious business with it, it is important to start asking the right questions. Let's do so at NLIGF this June, in Bali in October (I will do so here as moderator) and Vilnius in November and in all places where you think it is possible and necessary to do so. I'm always happy to discuss further or help out creating strategies or programs. The time seems right.

Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement

Follow CircleID on Twitter

More under: Cybercrime, DDoS, Internet Governance, Law, Malware, Policy & Regulation, Spam

Spain's economic anguish has had a number of repercussions for the country's telcos, with stable or declining revenue causing much nervousness as operators struggle to fund essential investment in spectrum and both fixed-line and mobile networks. Earlier this year Vodafone felt the pinch, announcing plans to cut its Spanish workforce by up to 1,000. Though general economic conditions have not helped, the move partly resulted from its own decisions. The company saw revenue drop for several quarters and so decided to save money by cutting handset subsidies. The ploy backfired: by the end of 2012 the company had lost 2.29 million mobile subscribers in the year, and as a result revenue dropped from £5 billion to £4.2 billion.

Yet Vodafone is one of the key players in Spain's surging fibre market, where investment in networks is a precondition of customer growth and financial reward. In common with development elsewhere (not least in the mobile sector), Vodafone is not going it alone, but is sharing the cost with other parties. In Spain, it has partnered with Orange. Unlike many other European markets, where operators have tended to concentrate on high-density towns (Paris, Milan, Amsterdam), in Spain FttH is more widely available in smaller towns and rural areas, often guided by the policies of regional governments. In this market there is plenty of room for smaller players to co-exist with the incumbent.

Orange launched an FttH pilot in Madrid as early as 2010, and earlier this year teamed up with Vodafone to invest up to €1 billion on a joint fibre network covering 50 of the largest cities. With complementary footprints, the fibre is owned independently though the companies share technical specifications to ensure compatibility as a single network. Each operator provides access to its own footprint, making the entire network available to each other. Orange recently switched on its fibre for commercial services, initially in Madrid, and planned to have some 800,000 premises connected to the network by March 2014, rising to three million by September 2015 and six million by 2017. In Madrid alone, up to 40,000 homes could be connected to the network.

The Orange/Vodafone joint network is open to co-investing third parties to share, which could dramatically extend the availability of fibre to Catalonia and Asturias where there are already extensive deployments through existing projects.

These developments are encouraging, and show that telcos operating through long-term economic doldrums are reassured that sensible investment strategies will provide dividends down the track.

Written by Henry Lancaster, Senior Analysts at Paul Budde Communication

Follow CircleID on Twitter

More under: Access Providers, Broadband, Mobile, Telecom

Many gTLD applicants with strings in contention have already heard about the Applicant Auction, a voluntary private auction for resolving string contention that my colleagues and I are organizing. In this post we'd like to share some updates on our progress.

Most importantly, we realized that more than just an escrow agent is needed for the success of a private auction of this scale, and we have partnered with Morrison & Foerster, LLP, a global law firm, who will be acting as the neutral party for our auctions.

We had the opportunity to talk to many applicants in Beijing last week, and we received some great feedback and suggestions. We have distilled these conversations into a more detailed proposal, covering the schedule, policies on which information is published and which is kept confidential, the procedure for handling withdrawals, the handling of bid deposits, and more.

Although many applicants have been asking us to hold an auction as soon as possible and several have already committed to participate in the first auction, we would like to give all applicants a chance to review the proposal and submit final comments, until Thursday this week (11pm UTC).

Based on the applicants' input, the final schedule and rules for the first auction will then be published by Tuesday, April 30, and applicants interested in participating can then sign up their TLDs in an online enrollment system.

We have summarized some of the suggested changes below, and we encourage participants to take a look at the full RFC and send us comments:

Schedule:

We propose beginning Thursday, May 2, with publication of the auction rules and other legal documents, and we plan to hold the auction on Thursday, May 23. Interested parties will need to commit online by May 8. Dates are subject to change with input from participating applicants.

Information policy:

As presented in the workshops, all bidders participating in a given auction can see the number of bidders still bidding for a domain in each round, for all domains being auctioned. However, the winning price is not disclosed to all bidders; only bidders for a particular domain can see the price at which the domain was sold. Amounts of bids and deposits will be kept strictly confidential.

Withdrawal procedure:

Several applicants asked: What if I don't win in the auction, and, as required, I withdraw my application, but some of my fellow non-winning competitors don't? We took this concern very seriously and propose the following solution:

Before the auction, bidders irrevocably authorize the neutral party to request a withdrawal with ICANN on their behalf. In addition, bidders that do not win are required to withdraw their applications via ICANN's online system and send a screenshot to the neutral party, along with a withdrawal statement signed by bidder and two witnesses confirming that the seller performed the withdrawal. A bidder who does not submit proof of withdrawal will forfeit their deposit, and Morrison & Foerster LLP will take legal steps, if necessary, to execute the withdrawal. For bidders who do submit proof, the deposit is held until the neutral party has ensured that the withdrawal took place. ICANN has assured us that withdrawals will be made public within 48 hours, and the neutral party will not release any payments or deposits until withdrawals have been confirmed by ICANN.

Deposit:

Each applicant must make a deposit of at least 20% of the maximum amount the applicant would like to be able to bid, as noted previously. The deposit must be at least $80,000. The purpose of the minimum deposit is to help ensure that bidders who didn't win in the auction withdraw their application. To level the playing field for single-domain applicants who had requested this, we also made an important change from the previously proposed policy: the effective deposit does not increase if participant becomes a seller for a TLD, and payments received from one TLD cannot be used to pay for another TLD within that auction. Applicants who are participating in the auction with more than one TLD must make the minimum deposit for each TLD.

We hope that the procedure we proposed adequately captures the feedback we received from applicants. Overall, there were surprisingly few topics on which we had to come up with a compromise; in most cases, applicant's preferences were in agreement. Where we did have to find a balance between different perspectives, we hope we have found solutions that will satisfy all applicant's concerns.

We look forward to receiving comments to the Request For Comments posted on the applicant auction website.

Written by Sheel Mohnot, Consultant

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

Tonight begins the third annual SIP Network Operators Conference (SIPNOC) in Herndon, Virginia, where technical and operations staff from service providers around the world with gather to share information and learn about the latest trends in IP communications services — and specifically those based on the Session Initiation Protocol (SIP). Produced by the nonprofit SIP Forum, SIPNOC is an educational event sharing best practices, deployment information and technology updates. Attendees range from many traditional telecom carriers to newer VoIP-focused service providers and application developers.

The SIPNOC 2013 agenda includes talks on:

• VoIP and communications security
• Business strategies for service providers
• Regulatory and policy issues
• Multiple sessions about WebRTC and how that will change IP communications
• IPv6 and VoIP
• HD audio
• Standards relating to VoIP and SIP

The main sessions begin tomorrow with a keynote presentation from FCC CTO Henning Schulzrinne where I expect he will talk about some of the challenges the FCC has identified as they continue to push the industry to move away from the traditional PSTN to the world of IP communications.

I've very much enjoyed the past SIPNOC conferences and will be back there again this year leading sessions about: IPv6 and VoIP; how DNSSEC can help secure VoIP; and a couple of sessions related to VoIP security. I'm very much looking forward to the discussions and connections that get made there — and if any of you are attending I look forward to meeting you there.

SIPNOC 2013 will not be livestreamed, but if you are in the DC area (or can easily get there), registration is still open for the event. I suspect you'll also see some of us tweeting with the hashtag #sipnoc.

Written by Dan York, Author and Speaker on Internet technologies

Follow CircleID on Twitter

More under: DNS Security, IPv6, Security, Telecom, VoIP

Mary Iqbal writes to report that ICANN has released the fifth round of Initial Evaluation results, bringing the total number of applications that have passed the Initial Evaluation phase to 169. ICANN is targeting completing Initial Evaluation for all applicants by August 2013. To learn more, see: http://www.getnewtlds.com/news/Fifth-Round-of-Initial-Evaluations.aspx

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

Mary Iqbal writes to report that ICANN has released the fifth round of Initial Evaluation results, bringing the total number of applications that have passed the Initial Evaluation phase to 169. ICANN is targeting completing Initial Evaluation for all applicants by August 2013. To learn more, see: http://www.getnewtlds.com/news/Fifth-Round-of-Initial-Evaluations.aspx

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

There are 2 reasons why Donuts, applicant for more than 300 Top-Level Domains, should become the official Registry for wine applications.

• It is not because of the content of its application: There are 3 applicants in total and all of them followed the rules provided by ICANN in its applicant guidebook.
• It is not because they protect the wine industry: the Applicant Guidebook did not "force" applicants to do so.
• It is not because they are American: there are also very good wines in Gibraltar and Ireland. In Gibraltar in particular.

So what are the reasons why Donuts is the right Registry for wine applications?

1) Donuts applied for both .VIN and .WINE Top-Level Domains.

I already imagine a Registrant (the person to buy these domain names) who would face the situation of being able to register a domain name in .VIN and not .WINE. It is what will probably happen if .VIN is owned by an applicant and .WINE by another. The same applies if rules are different, if Registrars are not the same, if launching dates are different (note this will probably happen anyway). If Donuts "wins" both applications, chances are high that a Registrant like you will probably get the chance to be served first to acquire his .wine domain name if he had previously registered his .vin domain.
Both wine applications in the hand of the same Registry is far more interesting for the end user: you don't want to buy your next car in 2 different garages.

2) Donuts is now experienced

Some institutions and myself, involved in the protection of wine Geographical Indications, asked ICANN about this question: "how are wine Geographical Indications going to be protected?" Note this is not the only issue here, wine Trademarks won't be better protected neither but at least, our voice has been heard on one question.
The result of this long information to wine institutions, Project dotVinum, their public comments, my publications in the paper and online press, their questions to ICANN and more ended to a GAC Advice.

"GAC" stands for "Governmental Advisory Committee": basically, it is a group founded by ICANN which represents Governments on such questions. Countries have their word to say when a question related to new gTLDs is a problem. The GAC advice is very important because the problem of protecting wine Geographical Indications is a serious issue for the wine Community and the GAC now seems to be the only body able to force ICANN to "do something about it". It started in 2010 with the dotVinum project. Only in 2013 ICANN listens to it…

So, why Donuts and not another applicant?

Donuts, through the GAC Early Warning Procedure, was asked by France and Luxembourg to offer a protection mechanism for wine Geographical Indications on its .VIN application or to remove it. No solution was found between applicant and French Government and this situation lead to the same question for both .WINE and .VIN. There have been many exchanges on this question. There is now a deadline set in July 2013 to answer this question and...all this is going through the public comment procedure.
Donuts is the right applicant because it is the one facing these questions with Governments and unless ICANN drops it in Durban, it appears on the reports I have on my desk that Donuts is now the most experienced applicant to help find a solution… or not.

Many things can now happen:

• ICANN could "drop it" by not paying so much attention to this question on Durban. This would lead to no protection for wine Geographical Indications. I wrote to its CEO with a solution but it looks like they do not want to confirm they received it;
• Donuts could drop its .VIN application: after all, they have more than 300 so why bother;
• ICANN could block, at the source, second level domains to be registered in all new registries to be launched;
• ICANN could force .WINE and .VIN applicant(s) to protect wine Geographical Indications in their TLD only.
• With all the promotion I am doing on both .WINE and .VIN, other applicants could decide to "bid high" to win .WINE or find an arrangement with other applicants and myself to make these TLDs a success;
• ICANN could decide to reject all wine applications because they do not offer sufficient protection mechanisms;
• ...

As a reminder, the .VIN application has prioritization number 618 on a list of 1917, would a solution be found fast on the wine Geographical Indication question, it could… not be delayed.

Written by Jean Guillon, New generic Top-Level Domain specialist

Follow CircleID on Twitter

More under: Top-Level Domains

There is something badly broken in today's Internet.

At first blush that may sound like a contradiction in terms, or perhaps a wild conjecture intended only to grab your attention to get you to read on. After all, the Internet is a modern day technical marvel. In just a couple of decades the Internet has not only transformed the global communications sector, but its reach has extended far further into our society, and it has fundamentally changed the way we do business, the nature of entertainment, the way we buy and sell, and even the structures of government and their engagement with citizens. In many ways the Internet has had a transformative effect on our society that is similar in scale and scope to that of the industrial revolution in the 19th century. How could it possibly be that this prodigious technology of the Internet is "badly broken?" Everything that worked yesterday is still working today isn't it? In this article I'd like to explain this situation in a little more detail and expose some cracks in the foundations of today's Internet.

You see it's all about addresses. In a communications network that supports individual communications it's essential that every reachable destination has its own unique address. For the postal network it's commonly your street address. For the traditional telephone network it's your phone number. This address is not just how other users of the network can select you, and only you, as the intended recipient of their communication. It's how the network itself can ensure that the communication is correctly delivered to the intended recipient. The Internet also uses addresses. In fact the Internet uses two sets of addresses. One set of addresses is for you and I to use. Domain names are the addresses we enter into web browsers, or what we use on the right hand side of the @ in an email address. These addresses look a lot like words in natural languages, which is what makes them so easy for we humans to use. The other set of addresses are used by the network. Every packet that is passing through the Internet has a digital field in its header that describes the network address of the packet's intended delivery address: it's "destination address." This address is a 32 bit value. A 2 bit field has four possible values, a 3 bit field has eight possible values, and by the same arithmetic a 32 bit field has 2 to the power 32, or some 4,294,967,296 unique values.

If every reachable device on the Internet needs a unique address in order to receive packets, then does that mean that we can only connect at most some 4 billion devices to the Internet? Well, in general terms, yes! And once we reach that hard limit of the address size, should we expect to encounter problems? Well, in general terms, yes!

Running out of addresses in any communications network can pose a massive problem. We have encountered this a number of times in the telephone network, and each time we've managed to add more area codes, and within each area we've added more in-area digits to telephone numbers to accommodate an ever-growing population of connected telephone handsets. Every time we've made this change to the address plan of the telephone network we needed to reprogram the network. Luckily, we didn't needed to reprogram the telephone handsets as well. We just had to re-educate telephone users to dial more digits. With care, with patience, and with enough money this on-the-fly expansion of the telephone system's address plan can be undertaken relatively smoothly. But this approach does not apply to the Internet. The address structure of the Internet is not only embedded into the devices that operate the network itself, the very same address structure is embedded in every device that is attached to the network. So if, or more correctly, when, we run out of these 32 bit addresses on the Internet we are going to be faced with the massive endeavour of not only reprogramming every part of the network, but also reprogramming every single device that is attached to the network. Given that the Internet today spans more than 2.3 billion users and a comparable number of connected devices then this sounds like a formidable and extremely expensive undertaking.

Frank Solensky's Report on Address Depletion, Proceedings of IETF 18, p. 61, Vancouver, August 1990 (PDf)If running out of IP addresses is such a problem for the Internet then you'd like to hope that we could predict when the ominous event would occur, and then give ourselves plenty of lead time to dream up something clever as a response. And indeed we did predict this address depletion. Some 23 years ago, in August 1990, when the Internet was still largely a research experiment and not the foundation bedrock of the global communications enterprise we saw the first prediction of address runout. At the time Frank Solensky a participant in the Internet Engineering Task Force (IETF) extrapolated the growth of the Internet from the emerging experience of the US National Science Foundation's NSFNET, and similar experiences in related academic and research projects, and predicted that the pool of addresses would run out in some 6-10 years time.

The technical community took this message to heart, and started working on the problem in the early 1990's.

From this effort emerged a stop gap measure that while it was not a long term solution, would buy us some urgently needed extra time. At the time the Internet's use of address use was extremely inefficient. In a similar manner to a telephone address that uses an area code followed by a local number part, the Internet's IP address plan divides an IP address into a network identifier and a local host identifier. At the time we were using an address plan that used fixed boundaries between the network identification part and the host identification part. This address plan was a variant of a "one size fits all" approach, where we had three sizes of host addresses within the network: one size was just too big for most networks, one size was too small, and the only one that left was capable of spanning an Internet of just 16,382 networks. It was this set of so-called "Class B" address blocks that Frank Solensky predicated to run out in four year's time.

So what was the stop gap measure? Easy. Remove the fixed boundaries in the address plan and provide networks with only as many addresses as they needed at the time. It was hoped that this measure would give us a few more years of leeway to allow us to develop a robust long term answer to this address problem. The new address plan was deployed on the Internet in early 1993, and for a couple of years it looked like we were precisely on track, and, as shown in Figure 2, this small change in the address plan, known as Classless Inter-Domain Routing (CIDR), would buy us around 2 or 3 years of additional time to work on a longer term approach to IP address exhaustion.

Figure 2 – CIDR and Address Consumption

As things turned out, we were wrong in that 2 — 3 year estimate.

The reason why we were wrong was that a second stop gap measure was also developed in the early 1990's. This new technology cut right to the heart of the architecture of the Internet and removed the strict requirement that every attached device needed its own unique address on the Internet.

The approach of Network Address Translators (NATs), allowed a collection of devices to share a single public IP address. The devices that were located "behind" a NAT could not be the a target of a new communication, so that, for example, you could not host a web service if you were behind a NAT, but as long as the devices behind the NAT initiated all communications, then the NAT function became invisible, and the fact that an IP address was being shared across multiple devices was effectively irrelevant. In a model of clients and servers, then as long as you only placed the clients behind a NAT then it was possible to share a single IP address across multiple clients simultaneously.

The emerging retail ISP industry took up this NAT technology with enthusiasm. The provisioning model for retail Internet services was for a single IP address provided for each connected service, which was then shared by all the computers in the home using a NAT that was embedded into the DSL or cable modem that interfaced the home network to the service provider network. The IP address consumption levels dropped dramatically, as it was no longer a case of requiring a new IP address for each connected device, but instead requiring a single IP address for each connected service. And as the home collected more connected devices, none of these devices drew additional addresses from the IP address pool.

Instead of buying a couple of years of additional breathing space to design a long term solution to address depletion, the result of the combination of classless addressing and NATs was that it looked like we had managed to push the issue of address depletion out by some decades! The most optimistic prediction of address longevity in around 2001 predicted that IPv4 address depletion might not occur for some decades, as the address consumption rate had flattened out, as shown in Figure 3.

Figure 3 – CIDR, NATs and Address Consumption

Perhaps it may have been an unwarranted over-reaction, but given this reprieve the industry appeared to put this entire issue of IP address depletion in the Internet onto the top shelf of the dusty cupboard down in the basement.

As events turned out, that level of complacency about the deferral of address depletion was misguided. The next major shift in the environment was the mobile Internet revolution of the last half of the 2000's. Before then mobile devices were generally just wireless telephones. But one major provider in Japan had chosen a different path, and NTT DOCOMO launched Internet-capable handsets onto an enthusiastic domestic market in the late 1990's. Their year-on-year rapid expansion of their mobile Internet service piqued the interest of many mobile service operators in other countries. And when Apple came out with a mobile device that included a relatively large well-designed screen and good battery life, an impressive collection of applications and of course a fully functional IP protocol engine, the situation changed dramatically. The iPhone was quickly followed by a number of other vendors, and mobile operators quickly embraced the possibilities of this new market for mobile Internet services. The dramatic uptake of these services implied an equally dramatic level of new demand for IP addresses to service these mobile IP deployments, and the picture for IP address depletion one more changed. What was thought to be comfortably far into the future problem of IP address depletion once more turned into a here and now problem.

Figure 4 – Address Consumption

Even so, we had exceeded our most optimistic expectations and instead of getting a couple of years of additional breathing space from these stop gap measures, we had managed to pull some 15 additional years of life out of the IPv4 address pool. But with the added pressures from the deployment of IP into the world's mobile networks we were once more facing the prospect of imminent address exhaustion in IPv4. So it was time to look at that long term solution. What was it again?

During the 1990's the technical community did not stop with these short term mitigations. They took the address depletion scenario seriously, and considered what could be done to define a packet-based network architecture that could span not just billions of connected devices but hundreds of billions of devices or more. Out of this effort came version 6 of the Internet Protocol, or IPv6. The changes to IPv4 were relatively conservative, apart from one major shift. The address fields in the IP packet header were expanded from 32 bits to 128 bits. Now every time you add a single bit you double the number of available addresses. This approach added 96 bits to the IP address plan. Yes, that's 340,282,366,920,938,463,463,374,607,431,768,211,456 possible addresses!

This approach to IPv6 appeared to adequately answer the need for a long term replacement protocol with enough addresses to fuel a rapacious silicon industry that can manufacture billions of processors each and every year. However, there was one residual annoying problem. The problem arises from one of the underlying features of the Internet's architecture: IP is an "end-to-end' protocol. There is no defined role for intermediaries in packet delivery. In the architecture of the Internet, what gets sent in a packet is what gets received at the other end. So if a device sends an IPv4 packet into the network, what comes out is an IPv4 packet, not an IPv6 packet. Similarly, if a device sends an IPv6 packet into the network then what comes out at the other end is still an IPv6 packet. The upshot of this is that IPv6 is not "backward compatible" with IPv4. In other words setting up a device to talk the "new" protocol means that it can only talk to other devices that also talk the same protocol. This device is completely isolated from the existing population of Internet users. What were these technology folk thinking in offering a new protocol that could not interoperate with the existing protocol?

What they were thinking was that this was an industry that was supposedly highly risk averse, and that once a long term replacement technology was available then the industry would commence broad adoption well before the crisis point of address exhaustion eventuated. The idea was that many years in advance of the predicted address exhaustion time, all new Internet devices would be configured to be capable of using both protocols, both IPv4 and IPv6. And the idea was that these bilingual devices would try to communicate using IPv6 first and fall back to IPv4 if they could not establish a connection in IPv6. The second part of the transition plan was to gradually convert the installed base of devices that only talked IPv4 and reprogram them to be bilingual in IPv6 and IPv4. Either that, or send these older IPv4-only devices to the silicon graveyard!

The transition plan was simple. The more devices on the Internet that were bilingual the more that the conversations across the network would use IPv6 in preference to IPv4. Over time IPv4 would essentially die out and support for this legacy protocol would be no longer required.

However one part of this plan was critical. We were meant to embark on this plan well before the time of address exhaustion, and, more critically, we were meant to complete this transition well before we used that last IPv4 address.

Figure 5 – The IPv6 Transition Plan

And to some extent this is what happened. Microsoft added IPv6 to its operating systems from the mid 2000's with the Windows Vista and Windows Server 2008 products. Apple similarly added IPv6 into their Mac OSX system from around 2006. More recently, IPv6 support has been added into many mobile devices. These days it appears that around one half of all devices connected to the Internet are bi-lingual with IPv6 and IPv4. This is indeed a monumental achievement, and much of the effort in re-programming the devices that are attached to the Internet to speak the new protocol has been achieved. So we are all ready to switch over the Internet to use IPv6, yes? Well, no, not at all.

So what's gone wrong?

Many things have not gone according to this plan, but perhaps there are two aspects of the situation that deserve highlighting here.

Firstly, despite the addition of IPv6 into the popular computer platforms, the uptake of IPv6 in the network is just not happening. While there was a general view that the initial phase of IPv6 adoption would be slow, the expectation was that the use of IPv6 would accelerate along exponentially increasing lines. But so far this has not been all that evident. There are many metrics of the adoption of IPv6 in the Internet, but one of the more relevant and useful measurements is that relating to client behaviour. When presented with a service that is available in both IPv4 and IPv6, what proportion of clients will prefer to use IPv6? Google provide one measurement point, that measures a sample of the clients who connect to Google's service. Their results are shown in Figure 6.

Figure 6 – IPv6 Adoption (Source)

Over the past four years Google has seen this number rise from less than 1% of users in early 2009 to a current value of 1.2%. It's one of those glass half-full or half-empty stories. Although in this case the glass is either 1% full or 99% empty! If broad scale use of IPv6 is the plan, then right now we seem to be well short of that target. On a country-by-country basis the picture is even more challenging. Only 9 countries have seen the proportion of IPv6 users rise above 1%, and the list has some surprising entries.

Figure 7 – IPv6 Adoption (Source)

It's hard to portray this as evidence of broad based adoption of IPv6. Its perhaps more accurate to observe that a small number of network providers have been very active in deploying IPv6 to their customer base, but these providers are the minority, and most of the Internet remains locked deeply in IPv4. If a significant proportion of the end devices support IPv6 then why are these use metrics so unbelievably small? It appears that the other part of the larger network re-programming effort, that of enabling the devices sitting within the network to be IPv6-capable, has not taken place to any significant extent. It's still the case that a very large number of ISPs do not include IPv6 as part of their service offering, which means that even if an attached computer or mobile device is perfectly capable of speaking IPv6, if the access service does not support IPv6 service then there is effectively no usable way for the device to use IPv6. And even when the service provider supplies IPv6 as part of its service bundle, it may still be the case that the user's own network devices, such as the in-home NAT/modems and other consumer equipment that supports in in-home networks, such as a WiFi base station or a home router may only support IPv4. Until this equipment is replaced or upgraded, then IPv6 cannot happen. The result is as we seen in the IPv6 usage metrics today: when offered a choice between IPv4 and IPv6, some 99% of the Internet's connected devices will only use IPv4.

Secondly, we've now crossed into a space that was previously regarded as the unthinkable: we've started to run out of IPv4 addresses in the operating network. This address exhaustion started with the central address pool, managed by the Internet Assigned Numbers Authority (IANA). The IANA handed out its last address block in February 2011. IANA hands out large blocks of addresses (16,777,216 addresses per "block") to the Regional Internet Address Registries (RIRs), and in February 2011 it handed out the last round of address blocks to the RIRs. Each of the five RIRs operates independently, and each will themselves exhaust their remaining pool of IPv4 addresses in response to regional demand. APNIC, the RIR serving the Asia Pacific region, was the first to run out of addresses, and in mid April 2011 APNIC handed out its last block of "general use" IPv4 addresses. (as a side remark here, APNIC still had 17 million addresses held aside at that point, but the conditions associated with allocations from this so-called "final /8" are than each recipient can receive at most an allocation of a total of just 1,024 addresses from this block.) This represented an abrupt change in the region. In the last full year of general use address allocations, 2010, APNIC consumed some 120 million addresses. In 2012, the first full year of operation under this last /8 policy the total number of addresses handed out in the region dropped to 1 million addresses. The unmet address demand from this region appears to be growing at a rate of around 120 — 150 millions addresses per year.

The region of Europe and the Middle East has been the next to run out, and in September 2012 the RIPE NCC, the RIR serving this region, also reached its "last /8" threshold, and ceased to hand out any further general use IPv4 addresses. The process of exhaustion continues, and the registry that serves Northern America and parts of the Caribbean, ARIN, has some 40 million addresses left in its address pool. At the current consumption rate ARIN will be down to its last /8 block 12 months from now, in April 2014. LACNIC, the regional registry serving Latin America and the Caribbean, currently has some 43 million addresses in its pool, and is projected to reach their last /8 slightly later in August 2014. The African regional registry, AFRINIC, has 62 million addresses, and at its current address consumption rate, the registry will be able to service address requests for the coming seven years.

Figure 8 – IPv4 Address Depletion (Source)

So if the concept was that we would not only commence, but complete the process of transition to use IPv6 across the entire Internet before we got to that last IPv4 address, then for Europe, the Middle East, Asia and the Pacific this is not going to happen. It's just too late. And for North and South America it's also highly unlikely to happen in time.

And the slow pace of uptake of IPv6 points to the expectation that this "running on empty" condition for the Internet address plan may well continue for some years to come.

We are now entering into a period of potential damage for the Internet. If the objective of this transition from IPv4 to IPv6 was to avoid some of the worse pitfalls of exhaustion of the IPv4 address space in the internet, then we've failed.

The consequence of this failure is that we are now adding a new challenge for the Internet. It's already a given that we are meant to sustain continued, and indeed accelerating, growth in terms of the overall size of the network and the population of connected devices. The pace of this growth is expressed as a demand for some 300 million additional IP addresses per year, and the figures from the device manufacturers point to a larger figure of some 500 — 700 million new devices being connected to the Internet each year. And the number grows each year. We are expanding the Internet at ever faster rates. As if riding this phenomenal rate of growth on the existing infrastructure and existing technology base wasn't challenging enough, we also have the objective not just to maintain, but to accelerate the pace of transition to IPv6. These two tasks were already proving to be extremely challenging, and we've been slipping on the second. But we now have the additional challenge of trying to achieve these two objectives without the supply of any further IPv4 addresses. At this point the degree of difficulty starts to get uncomfortably close to ten!

This situation poses some architectural consequences for the Internet. Until now we've managed to push NATs out to the edge of the network, and make address compression something that end users did in their home networks. The consequences of failure of such devices and functions are limited to the edge network served by the NAT. We are now deploying mechanisms that allow this NAT function to be performed in the core of the carriage networks. This introduces a new set of unquantified factors. We've little experience in working with large scale NAT devices. We have no idea of the failure modes, or even the set of vulnerabilities in such an approach. We are still debating the appropriate technical approach in the standards bodies, so there are a variety of these service provider NAT approaches being deployed. Each NAT approach has different operational properties, and different security aspects. But now we don't have the luxury of being able to buy more time to explore the various approaches and understand the relative strengths and weaknesses of each. The exigencies of address exhaustion mean that the need for carrier level NAT solutions is now pressing, and given that this is a situation that we never intended to experience, we find ourselves ill-prepared to deal with the side effects from this subtle change in the network's architecture. The greater the level of complexity we add into the network, and the wider the variation in potential network behaviours as a result, the greater the burden we then place on applications. If the network becomes complex to negotiate then applications are forced to explore the local properties of the network environment in order to provide the user with a robust service.

If the hallmark of the Internet was one of efficiency and flexibility based on a simple network architecture, then as we add complexity into the network what we lose is this same efficiency and flexibility that made the Internet so seductively attractive in the first place. The result is a network that is baroquely ornamented, and one that behaves in ways that are increasingly capricious.

We are hopelessly addicted to using a network protocol that has now run out of addresses. At this point the future of the Internet, with its projections of trillions of dollars of value, with its projections of billions of connected silicon devices, with its projections of petabytes of traffic, with its projections of ubiquitous fibre optics conduits spanning the entire world is now entering a period of extreme uncertainty and confusion. A well planned path of evolution to a new protocol that could comfortably address these potential futures is no longer being followed. The underlying address infrastructure of the network is now driven by scarcity rather than abundance, and this is having profound implications on the direction of evolution of the Internet.

There really is something badly broken in today's Internet.

Written by Geoff Huston, Author & Chief Scientist at APNIC

Follow CircleID on Twitter

More under: IP Addressing, IPv6

1. Prediction: A Lesson in Story Telling.

Many TLD applicants are likely to respond to the GAC Advice in a manner that is like story telling: Based on a mixture of fiction garnished with some facts from their applications, applicants will write savvy responses with only one aim — to calm down the GAC's concerns and survive the GAC Advice storm. The "duck and cover" strategy.

Background:

According to the Applicant Guidebook, material changes to applications need to go through a Change Request process. In contention sets Change Requests that are advantageous to a specific applicant are not likely to pass due to competitor's opposition. Even in non-contentious cases Change Requests may not pass, as they could be anti-competitive. Also, the permanent opportunity for applicants in contention sets to amend their applications (by PICs, Change Requests or by the response to a GAC Advice) raises serious anti-competitive questions, as there is very limited space to make changes to an application according to the Applicant Guidebook.

Proposed solution:

No fiction — only facts! Applicants who have not been able to determine privacy issues, consumer protection issues or other issues associated with their TLD application over 12 months after filing their application raise serious concerns whether they are the appropriate entity to operate a TLD.

2. Prediction: Pass the hot potatoes, Joe.

Close to no decisions will be made to reject applications that are included in the GAC Advice. It is to be expected that only a handful of applications, where there is overwhelming support for a rejection (such as those in IV 1. In the Beijing Communiqué), will actually be rejected. This might happen due to legal and liability issues or simply lack of a clear-cut process

Background:

Governments demanded instruments — namely GAC Early Warning and GAC Advice — to prevent applications they were unhappy with. Now the GAC filed an Advice for more than 500 applications, asking for more security, more accountability and more appropriate operation of regulated industries TLDs, among other issues. According to the Applicant Guidebook, the consequence of not fulfilling the GAC Advice (without the option to distort the application to an noncredible extent) would be a dismissal of the gTLD.

Unfortunately, the current GAC Advice process poses loopholes for all parties involved which offer the chance not to be responsible for this dismissal but instead not make any decision at all. This could be the next occasion where ICANN does not serve the Public Interest and the Community but those that play hardball in this application process by their lobbying and financial power.

Proposed solution:

GAC and ICANN Board should accept the responsibilities they asked for!

3. Prediction: Time and tide wait for no man.

GAC Advice has to be executed before contention resolution for applicants in contention sets starts. Otherwise an applicant might succeed in the Contention Set who will be thrown out because of GAC Advice later in the process. This timing would not make sense.

Background:

The GAC Advice process should take into account the process and timing of the whole Application Process. The process following the execution of GAC Advice has to be finished before the Contention Resolution Process is being initiated. Otherwise an applicant who is willing to provide the safeguards being asked for in the GAC Advice may have been eliminated in the process (e.g. by an auction), while the winner of the Contention Resolution is an applicant who is not willing to abide by the GAC Advice. A TLD could then not be awarded at all although a suitable candidate was in place, making the GAC Advice meaningless.

Proposed solution:

Don't wait! We have attached a detailed proposal (PDF chart here) for the harmonization of the GAC Advice process with the New gTLD Application Process. The chart clearly demonstrates how both processes may run in parallel and come together before the contention resolution.

Written by Dirk Krischenowski, Founder and CEO of dotBERLIN GmbH & Co. KG

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Top-Level Domains

With mobile phones having become a utility, people are beginning to rely completely on mobile services for a large range of communications. All mobile users, however, are aware of some level of unreliability in these phone systems. Blackspots remain all around the country, not just outside the cities, and in busy areas the quality of the service goes down rather quickly. Drop-outs are another fairly common occurrence of mobile services.

In most cases these are annoyances that we have started to take for granted. This is rather odd, as people do not have the same level of tolerance in relation to their supply of landline communication or, for example, electricity.

At the same time, in almost ever disaster situation the mobile network collapses, simply because it can't handle the enormous increase in traffic. The latest example was the collapse of the mobile services in Boston shortly after the bombing.

The trouble is that in such events this is not simply an annoyance. At these times communications are critical, and sometimes a matter of life and death. The fact that we now have many examples of network meltdowns indicates that so far mobile operators have been unable to create the level of robustness needed to cope with catastrophic events.

Then there are the natural disasters, when it is more likely that infrastructure will be extensively damaged or totally destroyed. However, as we saw during the Brisbane floods two years ago, essential infrastructure has been built in areas that are known to be flood-prone. Infrastructure like mobile towers may not necessarily be physically affected but if the electricity substations are positioned in those areas mobile service operation will be affected.

There are also very few official emergency arrangements between electricity utilities and mobile operators, or for that matter local authorities.

Bucketty in the Hunter Valley, where my office is based, is in a bushfire-prone area and we have been working with Optus — the local, and only, provider of mobile services in the area — to prepare ourselves for bushfire emergencies, to date with limited result. Our idea was to work with the local fire brigade to get access to the mobile tower in emergency situations so that we could install a mobile back-up generator in case the power is cut off.

We were unable to get that organised as Optus insists it can provide these extra emergency services itself. Based on our experience, however, roads are closed in times of emergency and it would be impossible for anyone from the outside to come into the area to assist. This has to be organised on a local level, but large organisations don't work that way.

All of these examples show that the utility and emergency functions of mobile services have not yet been taken seriously enough, and so these problems will continue unless a more critical approach is taken towards guaranteeing a much higher level of robustness to our mobile services. The mobile communication meltdowns during disasters that we have witnessed over the last few years were largely preventable if mobile operators had prepared their network for such events, and if better emergency plans had been developed between various authorities involved in such emergencies, together with policies and procedures to address these issues.

With an increased coverage of WiFi — linked to fixed networks — we see that, particularly in cities, such services are proving to be more reliable, especially for the data services that are required almost immediately to locate people and provide emergency communication services. The social media play a key role in this. In Boston Google responded instantly with a location finder for those affected and their friends and family, and access was largely provided through hotspots.

With an increase of total reliance on mobile networks, especially in emergency situations, it is obvious that far greater attention will need to be given to the construction of mobile networks with disaster events in mind. So far the industry on its own has failed to do this and it will be only a matter of time for government authorities to step in and try to fix these problems.

Other problems — based in particular on experience in the USA — that will need to be addressed include the unfamiliarity with SMS, especially among older people. During a network meltdown it often is still possible to send SMSs and they are the best method of communication. Also, with the increase of smartphones people tend to no longer remember telephone numbers, and often in those emergency situations the batteries of smartphones quickly run to empty.

Smartphone manufacturers, as well as the society at large, will have to think of solutions to these problems.

This is a good interview with my American colleague Brough Turner on why cell phone (and other phone) networks get congested in time of crisis.

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Mobile, Wireless

Are there countries whose situations worsened with the arrival of the internet? I've been arguing that there are lots of examples of countries where technology diffusion has helped democratic institutions deepen. And there are several examples of countries where technology diffusion has been part of the story of rapid democratic transition. But there are no good examples of countries where technology diffusion has been high, and the dictators got nastier as a result.

Over twitter, Eric Schmidt, Google CEO, recently opined the same thing. Evgeny Morozov, professional naysayer, asked for a graph.

So here is a graph and a list. I used PolityIV's democratization scores from 2002 and 2011. I used the World Bank/ITU data on internet users. I merged the data and made a basic graph. On the vertical axis is the change in percent of a country's population online over the last decade. The horizontal axis reflects any change in the democratization score — any slide towards authoritarianism is represented by a negative number. For Morozov to be right, the top left corner of this graph needs to have some cases in it.

Change in Percentage Internet Users and Democracy Scores, By Country, 2002-2011
(Look at the Raw Data)

Are there any countries with high internet diffusion rates, where the regime got more authoritarian? The countries that would satisfy this condition should appear in the top left of the graph. Alas, the only candidates that might satisfy these two conditions are Iran, Fiji, and Venezuela. Over the last decade, the regimes governing these countries have become dramatically more authoritarian. Unfortunately for this claim, their technology diffusion rates are not particularly high.

This was a quick sketch, and much more could be done with this data. Some researchers don't like the PolityIV scores, and there are plenty of reasons to dislike the internet user numbers. Missing data could be imputed, and there may be more meaningful ways to compare over time. Some countries may have moved in one direction and then changed course, all within the last decade. Some only moved one or two points, and really just became slightly more or less democratic. But I've done that work too, without finding the cases Morozov wishes he had.

There are concerning stories of censorship and surveillance coming from many countries. Have the stories added up to dramatic authoritarian tendencies, or do they cancel out the benefits of having more and more civic engagement over digital media? Fancier graphic design might help bring home the punchline. There are still no good examples of countries with rapidly growing internet populations and increasingly authoritarian governments.

Written by Philip N. Howard, Professor in the Department of Communication at the University of Washington

Follow CircleID on Twitter

More under: Censorship, Internet Governance, Privacy

As the recent Senate vote on gun reform legislation has shown (wherein 42 of the 45 dissenting senators had recently received donations from gun industry lobbyists), getting things done for the good of the people is a hard task where legislation is concerned. It has been thus with the US's broadband infrastructure for years.

A number of states have legislated against community broadband networks, often resulting from the lobbying efforts of the main telcos affected. State Legislatures commonly pass bills revoking local decision-making authorities from communities, effectively making them dependent on the dominant cableco and DSL provider. The National Institute on State Politics has made a clear connection between industry contributions to politicians and hamstrung bills restricting competition to these telcos.

Following the success of Google's FttH offering in Kansas City, the FCC has promoted the so-called 'Gigabit City Challenge', aimed at encouraging broadband providers and state and municipal officials to provide communities in each state with a 1Gb/s service by 2015.Yet alternatives to the major telcos is gaining ground. Following the success of Google's FttH offering in Kansas City, the FCC has promoted the so-called 'Gigabit City Challenge', aimed at encouraging broadband providers and state and municipal officials to provide communities in each state with a 1Gb/s service by 2015. These would serve as hubs for innovation, and act as regional drivers for economic growth. Thus far there are more than 40 gigabit communities in 14 states. As part of its support, the FCC is holding workshops on best practices to lower costs and develop greater efficiencies in building the networks. In tandem with municipal efforts, the GigU initiative has helped develop gigabit networks in a number of university campuses.

The prospect for increased municipal involvement has improved with Google's expansion of its 1Gb/s service to Austin, Texas and Provo, Utah, where (in a change from its other deployments) Google acquired an existing municipal fibre-optic system (iProvo, set up several years ago, palmed off to a series of investors and largely hobbled by difficulties which included restrictions imposed by the local telco). The network is currently connected to less than a third of premises, but the job will be completed by Google, which will also upgrade the network to be on a par with those in Kansas City and Austin. It is expected that the same subscriber offer will prevail: a 1Gb/s broadband service for $70 per month, with the option of TV for an additional fee, and with a Google Nexus 7 tablet thrown in. Free broadband at a scaled-down speed may also be provided if subscribers pay an installation fee.

Google has looked at partnering with other municipalities that would reach hundreds of thousands of people across the country.

Many of these municipalities, as well as rural communities, are either developing new schemes of looking anew at earlier schemes. New schemes include United Services' 'United Fiber' FttH network in rural Missouri, while Palo Alto is looking to rekindle its longstanding effort to build a citywide fiber network. In its earlier incarnation, the fiber project was hobbled by the economic crash which led to the withdrawal of a partnered consortium and the nervousness of the city fathers to subsidise the scheme. Yet the city by the end of 2013 is expected to have accumulated $17 million in its project fund. The mood has become far more favourable, partly due to the encouragement from developments elsewhere. If other cities can work on delivering FttP as a community service and economic driver, and as a side benefit provide free WiFi, then why can't we?

Despite the obstructionism of the main telcos in realising municipal and rural broadband schemes, the can-do attitude which the US is known for is encouraged by developments thus far, and the snowball effect will be harder for telcos to stop.

Written by Henry Lancaster, Senior Analysts at Paul Budde Communication

Follow CircleID on Twitter

More under: Access Providers, Broadband, Policy & Regulation, Telecom