Public participation site

When names are borrowed from an Atlas, things happen. Use of Geographic names have always caused some problems for two reasons; one they are in the public domain so anyone else can use them and two they connote that business is confined to just that geographic area. Like Paris Bakery, Waterloo Furniture or London Bank. Geographic naming was the biggest thing during last couple of centuries, as using name of a village or a city as a moniker was considered being on top of the hill. The sudden worldwide expansion of markets due to ease of communications in the early Computer Society created a massive exit of businesses from geographical names.

Back in 1985, ABC Namebank conducted a major study of all of the corporate names listed in Fortune 500. Starting from the first ever list of 500 published in 1955 all the way to 1985 and concluded by this 30 year by year comparison that why most corporations replaced geographic names with appropriately border-less names to reach an international audience.

Amazon as a brand name for online book retailer is the largest and most successful. At this stage, it's not important where and why that business name was chosen; originally from ancient Greece for big breasted female warriors, or the Amazon River, the fact remains it's now a geographical name in public domain. So who should get the super power gTLD dot.amazon, the book store or the region of Amazon in Brazil? Names borrowed from the Atlas often face sudden crossroads.

ICANN gTLD name evaluations policy has only two clear options; either follow the proven rules of trademark registrability or follow the first-come, first-served 'lawless' rule of early domain name registrations.

To go granular on this early lawless domain name approval system, let's clarify two things: if the 'no questions asked' and 'first-come, first-served' original policy created massive domain name expansion, did it also not create some 25 thousand of UDRPs conflict resolution proceedings and also created a multi-billion dollar defensive name registration industry? Who are the real beneficiaries of such lawless registrations? When a legit multi-billion dollar company buys a name for a business, say ibm.com the same system allows a kid to buy myibm.com, next in line. Is this a way to earn few dollars on a sale or is it a plan to fuel massive global litigation and speculative markets on Intellectual Properties? Under this lawless thinking trademark system would have collapsed couple centuries ago. Now let's fast forward.

Name-centricity clashes with global branding

"A complete breakdown of the domain name registration system, a type of anarchy on the Internet, as allowing anybody to register anything. Registrars throw up the towels. Trademark offices threaten to shut down. Intellectual property becomes public domain. The part-time guy at the local Pizza Hut answers the phone "Hello this is IBM — how can I help you" Battalions of lawyers will band around the word, declaring war on each other, and forcing conflicting points of views in endless battles will win trademarks. This war, would be a great windfall for the profession, as monthly billings would only become perpetual ones." —Excerpted from Domain Wars, by Naseem Javed, Linkbridge Publishing 1999.

Back to gTLDs, on another example; if ICANN approves the name for the athletic brand Patagonia, already objected by the Region of Patagonia of South America, it will cause serious damage to the credibility of a gTLD ownership. Once it's cracked there will be no end as every tenth gTLD name poses special conflicting issues and giving in would chip away gTLD quality.

If, on the other hand, ICANN recognizes geographic gTLDs as rightly belonging to the locals and regions, it will send a shock-wave to all the global name brands with words borrowed from the atlas.

There are at least 10% very tough name approval decisions in the big list of 1930 pending applications. If this alone does not place ICANN in the eye of a storm of naming complexity than where else is it headed? ICANN is now approaching the crossroads where the seriousness and fairness of the usage of names under trademark laws must be clearly declared or it will crack the gTLD program where litigious and hyper-defensive registration mechanisms suck out the positive energy. The Trademark clearing house without such clarity and direction is poised to become the Achilles Heels on the gTLD battlefield.

ICANN slowly approaches the crossroads and so are the global brands with borrowed words from the atlas but still both sides need good maps.

Written by Naseem Javed, Expert: Global Naming Complexities, Corporate Nomenclature, Image & Branding

Follow CircleID on Twitter

More under: Domain Names, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains

China and the United States will set up a working group on cybersecurity, U.S. Secretary of State John Kerry said on Saturday, as the two sides moved to ease months of tensions and mutual accusations of hacking and Internet theft. Speaking to reporters in Beijing during a visit to China, Kerry said the United States and China had agreed on the need to speed up action on cyber security, an area that Washington says is its top national security concern.

Read full story: Reuters

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Internet Governance, Security

China and the United States will set up a working group on cybersecurity, U.S. Secretary of State John Kerry said on Saturday, as the two sides moved to ease months of tensions and mutual accusations of hacking and Internet theft. Speaking to reporters in Beijing during a visit to China, Kerry said the United States and China had agreed on the need to speed up action on cyber security, an area that Washington says is its top national security concern.

Read full story: Reuters

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Internet Governance, Security

Mary Iqbal writes to report that ICANN has released the fourth round of Initial Evaluation results, bringing the total number of applications that have passed the Initial Evaluation phase to 131. ICANN is targeting completing Initial Evaluation for all applicants by August 2013. To learn more, see http://www.getnewtlds.com/news/Third-Round-of-Initial-Evaluations.aspx.

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

Mary Iqbal writes to report that ICANN has released the fourth round of Initial Evaluation results, bringing the total number of applications that have passed the Initial Evaluation phase to 131. ICANN is targeting completing Initial Evaluation for all applicants by August 2013. To learn more, see http://www.getnewtlds.com/news/Third-Round-of-Initial-Evaluations.aspx.

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

CircleID, once again, in collaboration with the team from Dyn Inc. and ICANN Wiki, brings you video blogs and updates from the 46th ICANN meeting in Beijing, China (7-11 April 2013).

Stay tuned as we keep this page updated through out the meetings.

Comments and questions? Please post them below in the comment section of the page or send us an email.

* * *

Update / Apr 12, 2013 — Ray King of ICANNWiki talked with Ben Crawford, CEO of CentralNic.

Update / Apr 12, 2013 — Dyn's Rich Peterson talked with UNH School of Law's Mary Wong.

Update / Apr 12, 2013 — As part of our ICANN 46 coverage, Ray King of ICANNWiki chats with Chuck Gomes, a member of the Registries Stakeholder Group.

Brought to you in partnership with Dyn Inc and ICANN Wiki. Please add your feedback and suggestions using the comment form provided on this page or contact us directly.

Video Coverage of past ICANN meetings:
ICANN 44 Meetings in Toronto
ICANN 44 Meetings in Prague
ICANN 43 Meetings in Costa Rica
ICANN 42 Meetings in Dakar
ICANN 41 Meetings in Singapore
ICANN 38 Meetings in Brussels
ICANN 37 in Nairobi, Kenya
ICANN 36 in Seoul, South Korea
ICANN 35 in Sydney, Australia
ICANN 34 in Mexico City

Follow CircleID on Twitter

More under: Domain Names, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains

CircleID, once again, in collaboration with the team from Dyn Inc. and ICANN Wiki, brings you video blogs and updates from the 46th ICANN meeting in Beijing, China (7-11 April 2013).

Stay tuned as we keep this page updated through out the meetings.

Comments and questions? Please post them below in the comment section of the page or send us an email.

* * *

Update / Apr 12, 2013 — Ray King of ICANNWiki talked with Ben Crawford, CEO of CentralNic.

Update / Apr 12, 2013 — Dyn's Rich Peterson talked with UNH School of Law's Mary Wong.

Update / Apr 12, 2013 — As part of our ICANN 46 coverage, Ray King of ICANNWiki chats with Chuck Gomes, a member of the Registries Stakeholder Group.

Brought to you in partnership with Dyn Inc and ICANN Wiki. Please add your feedback and suggestions using the comment form provided on this page or contact us directly.

Video Coverage of past ICANN meetings:
ICANN 44 Meetings in Toronto
ICANN 44 Meetings in Prague
ICANN 43 Meetings in Costa Rica
ICANN 42 Meetings in Dakar
ICANN 41 Meetings in Singapore
ICANN 38 Meetings in Brussels
ICANN 37 in Nairobi, Kenya
ICANN 36 in Seoul, South Korea
ICANN 35 in Sydney, Australia
ICANN 34 in Mexico City

Follow CircleID on Twitter

More under: Domain Names, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains

The Internet Corporation for Assigned Names and Numbers (ICANN) has released new guidance concerning the reporting and disclosure of bugs that affect the Domain Name System, including information of how ICANN itself will behave in response to vulnerabilities.

Until recently, ICANN, which is responsible for maintaining the root domain servers at the heart of the DNS system, had no specific guidelines for the reporting of vulnerabilities, leaving responsible disclosure protocols up to the researchers who discovered the bugs. With the release of the Coordinated Vulnerability Disclosure Reporting [PDF] document they hope to instigate a more unified and consistent process for disclosure.

The guidelines are intended to:

"define the role ICANN will perform in circumstances where vulnerabilities are reported and ICANN determines that the security, stability or resiliency of the DNS is exploited or threatened. The guidelines also explain how a party, described as a reporter, should disclose information on a vulnerability discovered in a system or network operated by ICANN."

The document outlines procedures that ICANN will follow in various roles, including as an affected party, where the vulnerability directly impacts ICANN's operations; as a reporter, when ICANN researchers discover vulnerabilities; and as a coordinating party.

Security vulnerability reporting is a controversial topic, with some researchers advocating immediate full disclosure, and others opting for responsible disclosure where vendors and stakeholders are notified privately before a full release is made only following the patching of relevant software. There is also a thriving black market for security vulnerabilities, where the information is disclosed only to the highest bidder for use in hacking attacks.

As an essential and ubiquitous part of Internet's infrastructure, the security of the Domain Name System is of particular interest to hackers and those engaged in industrial or state-sponsored espionage. ICANN is advocating a system of responsible disclosure with ICANN itself acting as a coordinator in some cases. Bugs that impact DNS can be reported directly to ICANN, who will then inform affected vendors or service providers.

Public disclosure is strongly discouraged until vendors have been informed of the vulnerability and have fixes in place. However, the methodology recommended by ICANN makes it clear that in the case of vendors who fail to respond to attempts at coordination, researchers may choose to disclose vulnerabilities.

None of these recommendations is binding, and researchers are still free to choose how to react to discovered vulnerabilities. However, the creation of these guidelines is a positive move towards a unified and coordinated system for handling security vulnerabilities in the DNS.

Written by Evan Daniels

Follow CircleID on Twitter

More under: DNS, ICANN, Security

Mandarin is a tricky language, but ICANN may want to learn the expression chóngfù before leaving the Beijing meeting. Chóngfù means "do-over" and that's what ICANN needs to forestall an entirely preventable disaster in the delegation of new top-level domains (TLDs).

The issue of "string similarity" seems straightforward. Nobody inside ICANN or out there in the real world wants Internet users to be confused by new TLDs that are confusingly similar. Imagine hearing an ad offering low rates at car.loans but you encounter something completely different at car.loan instead? And what would stop somebody from launching a new TLD by just tacking an "s" onto popular domains like .com or .org?

The Government Advisory Committee (GAC) is catching a lot of flack for it's Beijing Communiqué, but one thing the GAC got right was its advice that singular/plural strings are confusingly similar.

So how did we get to a point where ICANN inexplicably failed to find confusing similarity for 24 pairs of singular and plural forms of the same words, including .web /.webs, .game/.games, and .hotel/.hotels? More important, how do we fix this?

Chóngfù is hard for westerners to say and will be even harder for ICANN to do.

For starters, a little transparency is probably in order. The string-similarity review process was opaque by design. But many in the community want to know how ICANN's experts either failed to recognize the plurality issue — which would be troubling — or decided that single and plural gTLD strings can successfully coexist — which would be ludicrous.

Thankfully, the World Intellectual Property Organization (WIPO) has basic guidance on similarity: "words used in the singular include the plural and vice versa, as the context may require." That's the kind of common sense ICANN could use to correct the Guidebook and do a quick do-over on those 24 pairs of singular/plural TLDs.

ICANN may get a convenient backdoor out of this dilemma from the International Centre for Dispute Resolution, which is reviewing string confusion objections on seven of the single/plural pairs. If ICDR makes the right ruling, ICANN should apply that rule to all 24 single/plural pairs.

And if all else fails, there's always ICANN's "reconsideration" process for a formal chóngfù.

ICANN's critics at the United Nations and within many governments are waiting for a highly visible misstep in the ambitious expansion of top-level domains. That could be used to justify having governments displace the private sector in its leadership role on growing and governing the Internet.

Better that ICANN find a way to do-over on singular/plurals, than to risk having governments impose a bigger do-over on ICANN itself.

Written by Steve DelBianco, Executive Director at NetChoice

Follow CircleID on Twitter

More under: Domain Names, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains

Over the last few months one of the areas of attention in the new TLD project has been "closed generics". I've written about this several times in the past and I've also raised the issue in as many fora as possible.

Yesterday ICANN published a letter they'd received from Google with respect to several of their new TLD applications.

Whereas Google had made it clear previously that they intended to operate domain extensions such as .blog, .cloud, .search and .app in a closed fashion or "walled garden" this is no longer the case, as outlined in their submissions on the topic of closed generics last month.

The letter, which runs to 41 pages, includes a fairly concise explanation of Google's planned changes as well as the full text of the requested changes to their applications.

So what are they planning to do? Bearing in mind that they've got competition with several of these applications, so there is no guarantee that they'll be even granted to Google.

.search is planned to be a "dotless" domain:

Our goal for .search is to provide an easily-identifiable namespace for firms that provide search functionality and to allow Internet users a unique and simple mechanism to access the search functionality of their choice. Google intends to operate a redirect service on the "dotless" .search domain (http://search/) that, combined with a simple technical standard will allow a consistent query interface across firms that provide search functionality, and will enable users to easily conduct searches with firms that provide the search functionality that they designate as their preference.

I'm not sure how that will look, but it sounds kind of funky.

.app will be for developers of apps

We intend for .app to be a TLD dedicated to application developers. The term "app" is used in a variety of contexts, including mobile applications, browser-based applications and even desktop applications. We intend for the .app TLD to be restricted for use by relevant developer communities, but to be inclusive of the full range of application development communities and not to restrict registration to developers on a particular platform

So "app" will have the widest meaning possible, though how they'll actually "police" that isn't clear. Intent? Use?

.blog is one of the "closed generics" that bugged me the most. I blog. The string describes the content you are expecting to find on the domain. Being forced to use a specific blogging platform in order to access a .blog domain name was not how I'd like to see that extension used.

So Google's latest proposal for .blog is a lot more palatable to me:

We have two principal goals for the .blog TLD. First, users navigating to domains within the TLD should reasonably expect to reach a blog when they access a .blog domain name. Second, it should be simple and easy for .blog registrants to associate their second­level domain with their blog on the blogging platform of their choice. To this end, we are working with others in the blogging community to develop a simple set of technical standards that will allow users to automatically link their domain name to their blog at the time of registration. Registrations within the TLD will be limited to those with blogs adhering to these technical standard.

I'm not sure how this "standard" is going to look or how registrars and hosting providers are going to be able to implement it, but I like the concept.

The .cloud application is the fourth one that Google is planning to tweak:

As with .blog, our goal for .cloud is to create a clear association between .cloud names and projects hosted in cloud platforms, while simultaneously allowing registrants to more easily link domain names with the cloud offering of their choice. We are in the earlier stages of discussions with others in the cloud community, but intend to develop similar technical standards as with .blog

So with Google changing at least some of their applications to be more open and inclusive, will other new TLD applicants see the light and tweak theirs? What about Amazon? Symantec? L'Oreal?

And what about ICANN's board? Will they be able to find a way of dealing with the issue in a fair, transparent and equitable manner?

Written by Michele Neylon, MD of Blacknight Solutions

Follow CircleID on Twitter

More under: Domain Names, ICANN, Top-Level Domains

There has been a lot of discussion lately on the environmental impact of the proposed Keystone-XL pipeline that is intended to carry heavy oil from the tar sands in Alberta to refineries on the US Gulf Coast.

I suspect at the end of the day the US government will approve the pipeline as GDP growth and potential job losses will always trump concerns over the environment.

However, the US government has been putting on a lot pressure on Alberta to improve its environmental standards as a quid pro quo for approving the pipeline. In response Alberta is exploring expanding their current CO2 emissions program to a $40/tonne carbon levy. In the past, all of the funds raised by Alberta's carbon emissions program was returned to industry to invest in dubious energy efficiency programs. But Alberta could really have a much more meaningful impact in terms of reducing CO2 emissions, that would more than compensate the emissions from the oil carried in the Keystone XL pipeline, if it invested some of this money into its local universities and R&E network — Cybera.

Although on the production side the tar sands are one of the biggest sources of CO2 emissions, the Information and Communication Technologies (ICT) industry, globally is the fastest growing and soon will be the largest source of CO2 emissions on the consumption side of the equation. ICT emissions are produced indirectly from the coal generated electricity that is used to power all of our devices. Currently it is estimated that ICT consumes around 10% all electrical power growing at about 6-10% per year. According to the OECD and other studies ICT equipment in our home now consumes more energy than traditional appliances.

New studies suggest that the growth in wireless networks could be the single largest component of that growth in CO2 emissions from the ICT sector. In a recent report by the Centre for Energy-Efficient Communications, at the University of Melbourne-based research centre claimed that by 2015, the energy used to run data centres will be a "drop in the ocean", compared to the wireless networks used to access cloud services. The report predicts that by 2015 energy consumption associated with 'wireless cloud' will reach 43 terawatt-hours, compared to 9.2 terawatt-hours in 2012. This is an increase in carbon footprint from 6 megatonnes of CO2 in 2012, up to 30 megatonnes of CO2 in 2015, which is the equivalent of an additional 4.9 million cars on the road, the report states.

More worrisome is another report from Sweden KTH that predicts will need to increase the density of wireless base stations by 1000 times to meet the insatiable demand for the "wireless cloud". If this came to fruition, it would be incredibly huge jump in the demand of electricity by the ICT sector.

The wireless industry in particular is an ideal sector to be powered by local renewable energy sources such as solar panels and windmills. Already many wireless towers in the developing world are powered by renewable energy (but unfortunately often with diesel backup). Because of it is inherently distributed, lower power architecture the wireless industry is ideally suited to be powered by local renewable energy.

I have long advocated that universities and R&E networks are the ideal environment for deploying wireless networks that are powered solely by local renewable power sources. By integrating WIfI and 4G networks with multiple over lapping cells it would be possible to provide seamless service zero carbon wireless services.

For more details see:

High Level Architecture for Building Zero Carbon Internet Networks , ICT products and services

Alberta could be a world leader in deploying such zero carbon networks starting first at universities in partnership with Cybera. The global CO2 impact of developing such technology in terms of removing additional 4.9 million cars from the road would be much greater than expected emissions from the oil to be carried in the proposed Keystone XL pipeline

Additional pointers:

Cloud's real ecological timebomb: Wireless, not data centres

Thousand times greater density of base stations
J. Zander, P. Mähönen, "Riding the Data Tsunami in the Cloud – Myths and Challenges in Future Wireless Access", IEEE Communications Magazine, Vol 51, Issue: 3 (March 2013), pages 145-151 http://theunwiredpeople.com/author/jenz/

Solar powered WiFi allows control of bugs instead of using pesticides

ICT industry on track to be largest sector for CO 2 emissions

Solar Powered DIY Portable HotSpot

More on revenue opportunities for R&E and open access networks – building next generation "5G" wireless network

Written by Bill St. Arnaud , Green IT Networking Consultant

Follow CircleID on Twitter

More under: Access Providers, Broadband, Cloud Computing, Data Center, Wireless

One of the staggering numbers introduced during the opening remarks at ICANN 46 here in Beijing by multiple speakers, including ICANN CEO Fadi Chehade and speakers from the Chinese government, was this:

China now has over 564 million Internet users!

Think about that for a minute.

Most estimates these days are that there are around 2 billion people around the world using the Internet. We have no real way of knowing exactly how many people are online, but the estimate most of us use is "2 billion".

So if we go with that estimate, these latest numbers out of China would mean that China represents around 25% of all Internet users. A rather amazing growth given that the ICANN 46 welcoming remarks also indicated that in 2002 China only had 59 million Internet users.

Less surprising to me was the stated fact that 75% of Chinese users are mobile Internet users. I think most of us can clearly see both in industry trends and in our own personal usage that Internet usage is increasingly moving to a mobile-centric world.

Still, let's think about the scale of that percentage: 75% of 564 million represents 423 million mobile Internet users — about the size of the entire population of the USA and Mexico combined.

A rather huge number of people.

I sat there thinking about those numbers and my mind immediately turned to all of those of us who are publishing content on the Internet. This is yet another sign that mobile consumption of content is increasingly dominant — how well does your website work for mobile users? And while English may be the primary language many of us may use for our websites, how well do those sites work for viewers for whom English is not their main language? And what multi-lingual capabilities does your website have? Or what are you planning to add?

Truly an amazing number of users… and it will only continue to grow!

Written by Dan York, Author and Speaker on Internet technologies

Follow CircleID on Twitter

More under: ICANN, Mobile, Web

ICANN's Nominating Committee (NomCom) is both a strange animal and a precious resource. Having a committee charged with first recruiting, then selecting suitable candidates to hold key positions within ICANN is something that is often little, or even mis, understood. Within the ICANN community itself.

By the very nature of its recruitment role, the NomCom has to remain secretive. About who the candidates are, at any rate. But that doesn't mean the rest of the NomCom's processes must remain so.

The feeling that the NomCom has at times lacked transparency became very evident last year, when the 2012 NomCom Chair Elect — the person chosen by the ICANN Board to be the NomCom Chair for the following year — refused to take up that position.

The ensuing debate, and sometimes stinging criticism, has clearly energised this year's NomCom to execute significant changes. Under the auspices of the 2013 NomCom Chair Yrjö Länsipuro, blessed with both information sharing and people skills (he was a journalist and a diplomat), the NomCom has significantly changed its approach.

A general 2-stage transition has been initiated. Stage 1 is becoming more transparent. Stage 2 should be looking at the actual recruitment processes used by the NomCom to ensure that high-level candidates do not baulk at the complexities of filling in online application forms and dealing with the application system.

Since the start of the 2013 NomCom's tenure, the committee has been putting out a Report Card after each of its official meetings. This is the first time ICANN's NomCom has produced written accounts of its meetings.

History was also made at the ICANN Beijing meeting this week, where the NomCom has scheduled several open meetings, including its main planning meeting. This is the first time that the NomCom's deliberations have ever been held in public to such an extent.

These are important steps towards for what is a crucial committee for ICANN because it is designed to help bring new blood into the ICANN universe, which otherwise might be in serious danger of sclerosis.

Written by Stéphane Van Gelder, Chairman, STEPHANE VAN GELDER CONSULTING

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Policy & Regulation

The headlines out of ICANN's meeting in Beijing may be all about new domains, but it is the quiet, systemic evolution of ICANN itself that holds the greatest promise for Internet users globally.

ICANN President Fadi Chehadé opened the meeting by announcing that it was ICANN's "season to evolve," and setting forth a series of programs, restructuring efforts and policy initiatives intended to make ICANN more responsive to the needs of its stakeholders, and by extension, to the needs of all Internet users, everywhere in the world.

Mr. Chehadé's ambitious agenda provides a unique opportunity for ICANN to holistically review and strengthen its role in upholding the safety of Internet users.

Historically, ICANN's focus has been on Internet security almost to the exclusion of Internet safety. During the early stages of ICANN's evolution this narrow focus on security was both natural and likely necessary, given the organization's resources and scope.

The threats against the Internet's core technical infrastructure are significant, and ICANN's work in mitigating them is critical. But as ICANN's scope and resources expand, so to does its obligation to address the more granular threats to Internet users that arise from systemic abuse and exploitation of the Domain Name System.

Global cybercrime is at an all-time high, and shows no signs of abating. An independent study conducted by eight researchers for the U.S., UK, Germany, and the Netherlands presented at the Workshop on the Economics of Information Security (WEIS) 2012 placed the global cost of cybercrime at just over $225 Billion per year. And it could get much worse — a 2012 survey by the National Cyber Security Alliance (NCSA) and digital security firm Symantec showed the 83 percent of U.S.-based small businesses have no formal cybersecurity plan, even though the 2011 NCSA/Symantec survey showed that cyberattacks cost small and medium-sized business an average of $188,242. Almost two-thirds of the victims were shut down within six months after the attack.

The vast majority of the fraud and scams conducted by international cyber-syndicates shares a common characteristic of gaming the openness and accessibility of the Internet's addressing system to exploit the most vulnerable users.

Within its existing technical scope, ICANN has a tremendous platform to address these significant safety challenges. Simply enforcing existing contract terms with registrars and registries could have a dramatic global impact on cybercrime. Strengthening those contracts, and their enforcement mechanisms, would only magnify that effect.

ICANN is already making significant strides in the right direction. The new registrar accreditation agreement seems to hold great promise for Internet users globally, as does the registrants "bill of rights and responsibilities" that Chehadé discussed in his speech.

But part of ICANN's evolution should be systematizing these efforts so that Internet safety is not addressed piecemeal, but as part of a broader effort to address the safety needs of Internet users, including the millions who lack the wherewithal to participate in ICANN's policymaking process.

When the ICANN community sets its will to something, history demonstrates that it can be remarkably effective at accomplishing it. We've seen that in its strides on Internet security, and will likely have another demonstration soon in the form of new gTLDs.

If the community can embrace the Internet safety challenge with the same vigor with which they approached new gTLDs, we will look back years from now and mark the critical importance of ICANN's "season to evolve."

Written by Tom Galvin, Executive Director at Digital Citizens Alliance

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Security

More than six million domain names were registered in the fourth quarter of 2012, bringing the total number to more than 252 million domain names worldwide across all top-level domains (TLDs) as of Dec. 31, 2012, according to the latest Domain Name Industry Brief from Verisign. The increase of 6.1 million domain names globally equates to a growth rate of 2.5 percent over the third quarter of 2012, and marks the eighth straight quarter with greater than 2 percent growth. Worldwide registrations have grown by 26.6 million, or 11.8 percent, year over year.

Follow CircleID on Twitter

More under: Domain Names

More than six million domain names were registered in the fourth quarter of 2012, bringing the total number to more than 252 million domain names worldwide across all top-level domains (TLDs) as of Dec. 31, 2012, according to the latest Domain Name Industry Brief from Verisign. The increase of 6.1 million domain names globally equates to a growth rate of 2.5 percent over the third quarter of 2012, and marks the eighth straight quarter with greater than 2 percent growth. Worldwide registrations have grown by 26.6 million, or 11.8 percent, year over year.

Follow CircleID on Twitter

More under: Domain Names

This week bank costumers of The Netherlands were shocked when they realised that online banking may not be as safe as they thought. Perhaps some were surprised to hear that what they think is money, is nothing but digits, something that does not exist. Their money only exist because we all act as if it exists and accept transactions between each other aided by software run by banks, if they haven't outsourced that function. The good people found out the hard way that by, in this case involuntarily, changing a few digits, their money just disappeared (and some became millionaires without being able to access this money).

The next day new malfunction of banks' websites were reported. For the first time it was openly admitted that all our banks' and payment intermediary iDeal's website were down, due to an attack in the form of a DDoS attack, making the website of the respective banks unreachable for regular traffic. The assailants tried to log in also.

This resulted in headlines, Tweets, blogs and opening news items, the one at the 8 o'clock news on the public channel ending with: "in the USA this happens nearly every day". In the following I'd like to take a look at a few related comments, a tweet by a politician, before coming to some questions. The main one reflects the title most: "Who's responsible for cyber security?"

Public outcry

If anything the chaos or perceived chaos in banking transitions led to angry or confused people, famous short fuses and loads of attention from the media. The cyber security world is waiting for years for a major cyber incident. One causing great damages, in the hope governments and companies start moving in the right direction. Some experts are even totally resigned to this way of thinking. This is not that incident. Sure, it shocked end users, led to some reactions from politicians, but in the end nobody seems to have lost money and there are so many other issues calling out for attention.

The news

Tax evasion
In the past week high level tax evasion by multi nationals, top-executives, politicians, etc., let's say the top of societies, was prominent in the news. A conclusion in a column in NRC Handelsblad stated, to this problem decisions at world level are needed. (If I'm cynical, look at the list at the start of this section and ask yourself the following question: Who decides on worldwide solutions?) What struck me, also, is that this is the exact same conclusion that is derived at when talking about Internet governance, international cooperation against cyber crime, spam and malware enforcement, etc., etc. In short, what I recently heard someone call "the glass ceiling of Internet governance". Most discussions stop here. Another variant to this discussion is: "we need to break own silos!". Okay, but who is "we"? Is someone made responsible for this breaking down, silos or ceilings? What are the right questions to ask here? Questions that lead to answers that could take the discussion forward and actually change the outcome? A topic for the upcoming IGF in Bali I'd say.

The near future
The comment in the 8 o'clock news cited above, caught my attention most. "This happens nearly every day in the US". I read somewhere that 267 out 365 days there were problems accessing major banks' websites. In other words this is something we are to expect also? Are there contingency plans? Do governments allow that payments can't be made (parts of) 267 days in the year? The economic impact is gigantic. Does it matter then whether the attacks stem from criminals, free speech advocates, "fun hackers" or state-to-state activities? I'd say not.

How can banks ever guaranty the safety of our money?
...is the question Dutch parliamentarian Kees Verhoeven (D66) asked on Twitter. (This is the Tweet: "Heftig. De storing blijkt nu een #DDoS aanval! De vraag is hoe banken de veiligheid van ons geld kunnen blijven garanderen. #cybersecurity"). I responded to him that this was totally the wrong question to ask. There is nothing banks can do against DDoS attacks, beyond preventive measures. The attackers, the tools they use, the infected PCs and other devices used, the command and control servers hosted anywhere in the world, are all far beyond the control of banks. As long as banks run state of the art security measures (even if they don't), they are victims and not attackers. Perhaps the banks need support from other entities on and around the Internet to solve this problem.

The tools used are infected PCs of end users, companies, governments, industry, etc. and other devices like smart phones, smart TVs, up to a hacked chip in your cat's collar (and this is no joke). There are a million reasons why these devices are infected. From irresponsible use by end users, flawed software, a lack of security by design in anything with "i" in front if it, negative incentives to deal with botnet mitigation or notice and take down requests, a lack of understanding in general, right up to a lack of government regulation, enforcement or incentives. All measures or better a lack of measures, banks have no influence over at all. They have an influence over the quality of the products they buy themselves in the future, over internal policy and security measures and perhaps they can reach out more to discuss Internet governance actively, which I advice them to do, but it stops there.

So, taking this all in, can banks guarantee the safety of our money? Answer this question yourself and continue to ask yourself the question who is responsible for cyber security? A virtual plethora of parties involved and where to start? What I have to conclude is that almost every single decision is to be made in the private sphere. In a competitive world. Where does that leave governments? Where does this leave decisions consciously made with the common good in mind?

So, who's responsible?

I'm not going to answer this question here. Those who follow me on my blog, here on CircleID or read my articles in Virus Bulletin know my points of view. What I'd like to ask you is to think about this question for one minute and share your thoughts with me here on within an(y) other context. It may just get a discussion going.

Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, DDoS, Internet Governance, Security

Mary Iqbal writes to report that ICANN has released the third round of initial evaluation results, bringing the total number of applicants to pass Initial Evaluation to 93. ICANN has now completed the initial evaluation of all but 13 IDN Top Level Domains. To learn more, see http://www.getnewtlds.com/news/Third-Round-of-Initial-Evaluations.aspx.

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

Mary Iqbal writes to report that ICANN has released the third round of initial evaluation results, bringing the total number of applicants to pass Initial Evaluation to 93. ICANN has now completed the initial evaluation of all but 13 IDN Top Level Domains. To learn more, see http://www.getnewtlds.com/news/Third-Round-of-Initial-Evaluations.aspx.

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

Much ado about nothing; why the Uniregistry request for antitrust immunity is meaningless and its conclusions misleading

With much fanfare last month, Uniregistry announced that proposals for dispute resolution between New TLD applicants in lieu of ICANN's so-called "Auction of Last Resort" posed significant antitrust risks. Their claim of concern was not based on any critical antitrust analysis, but rather on the fact that they had sought a "Business Review" letter from the Antitrust Division of the U.S. Department of Justice (DOJ), and, according to Uniregistry, the DOJ failed to provide them a positive response and discussed the issue with them.

I am a former trial attorney in the DOJ Antitrust Division and the former Policy Director of the Federal Trade Commission (FTC). At the FTC, I was in charge of the business review letter process and authored several of these letters. The specter of concern raised by Uniregistry is based on a misinterpretation of the business review process and not sound antitrust analysis.

Uniregistry suggests that simply the fact that they failed to receive a positive response from the DOJ suggests that enforcement action is likely. That is hardly the case. The DOJ has very high standards for issuing business review letters. Review letters are typically only issued where the facts and the law are fairly clear cut and demonstrate that there are no potential competitive concerns raised by the proposed conduct. Because of these very high standards, the DOJ typically receives numerous review letter requests, but issues only two or three business review letters a year. The fact they did not grant Uniregistry's request did not mean the conduct raised substantial competitive concerns. In my experience, it simply means that the DOJ lacked the unambiguous compelling facts to say that there were no competitive issues.

If the DOJ saw some potential competitive problems it would have responded with a letter articulating those concerns. In fact, one week after the Uniregistry announcement, the DOJ did exactly that, turning down a business review request on a patent exchange system because of potential competitive concerns. See http://www.justice.gov/atr/public/press_releases/2013/295147.htm. The DOJ's failure to respond formally to Uniregistry certainly does not support the allegation that they have competitive concerns over the dispute resolution system.

Contrary to Uniregistry's suggestion, the DOJ's refusal to issue a positive letter does not suggest the conduct at issue is likely to lead to antitrust enforcement. If the DOJ thought there were competitive concerns sufficient to bring enforcement action, its procedures instruct that they would respond clearly in that fashion. Rather, according to Uniregistry, they simply responded that the conduct is not wholly immune from scrutiny. Stated another way, the failure to secure a business review letter does not mean the DOJ is likely to bring a law enforcement action. Indeed, in over 40 years there has never been a case where a rejected business review letter request led to an enforcement action, even when the DOJ has suggested that the conduct at issue could potentially present antitrust issues.

Moreover, the key to any analysis of proposed conduct from the perspective of the antitrust laws is whether consumers or other parties may be harmed by the conduct at issue. In this case, it seems fairly unambiguous that ICANN will not be harmed by the dispute resolution system. In fact, they designed the dispute resolution system pursuant to which they encourage applicants to engage in dispute resolution in order to avoid the ICANN auctions. Indeed, there never has been a successful antitrust case brought where the alleged plaintiff was the party that actually designed the restraints at issue.

Uniregistry's request was unusual in another important respect. Typically business review letters are requested by the parties proposing the conduct or those that have created the arrangement, but in this case ICANN did not go to the DOJ. A critical part of any analysis of a proposed arrangement is the "purpose and intent," but Uniregistry was in no position to answer those critical questions.

In any case, regardless of how Uniregistry might want to interpret DOJ's non-action, there's little antitrust risk posed by anticipated private auctions or the registry dispute resolution system as a whole. First, as suggested earlier, the only entity that could be harmed by the system is ICANN, which designed the system. ICANN effectively cannot be harmed by this system, and this is key, as it is deliberately avoiding any type of revenue from the auctions of these new registries. Second, the dispute resolution system cannot harm consumers. There is no fashion in which the method of dispute resolution ultimately would lead to higher prices or less innovation or output. Without some clear-cut harm to consumers, it is difficult to fathom any antitrust violation. Third, the dispute resolution system is akin to many types of joint ventures that have been approved by the DOJ in which competitors have collaborated in order to improve how the market works. The ultimate question asked by the DOJ is whether a system helps to make markets function more effectively and certainly the ICANN dispute resolution system, including private auctions, would meet that requirement.

Finally, although Uniregistry or others might be able to envision some other form of dispute resolution system, it is not the DOJ's role to engage in economic policy engineering and suggest how ICANN should restructure those rules. They simply are obligated to stop conduct that will harm consumers through higher prices or less innovation. The current ICANN dispute resolution system does not pose these risks; that is why antitrust enforcement would be highly unlikely. Any suggestion otherwise is most likely just in Uniregistry's business interests.

Written by David Balto, Antitrust Lawyer

Follow CircleID on Twitter

More under: ICANN, Law, Top-Level Domains