Home / Blogs

Selling DONA Snake Oil at the ITU

A venerable old International Telecommunication Union (ITU) tradition got underway today. Its Telecommunication Standardization body, known as the ITU-T, gathered, as it has done every four years for much of the past 100 years in a conclave of nations, to contemplate what they should be doing at their Geneva intergovernmental standards meetings for the next four years. The gathering is called the WTSA—World Telecommunications Standardization Assembly. Old intergovernmental institutional habits still continue, so the participants are gathered in a remote location in Tunisia called Hammamet. Their real challenge today is severely diminished ITU-T participation and the actual use of their work. What is now unfolding, unfortunately, will not improve that trend.

So what appears at the top of the list for proposals for what the ITU-T should be doing? Nearly a dozen documents have almost identical text from three country blocs—the Russian Communications Commonwealth (RCC), the Arab States Administrations, and the African Telecommunication Union—purporting to make the world safe for users of the internet, mobile phones, and all forms of telecommunication. The promises are enticing: flawless identity integrity, network trust, privacy, counterfeiting mitigation, cybersecurity, eHealth, Internet of Things, Smart Cities. The proposals offer a kind of nirvana for accomplishing all these things, if only the nations of the world, via ITU agreement, buys into a service platform being proffered by an almost unknown new organization called The DONA Foundation.

If one digs a little deeper, however, it gets interesting. The DONA Foundation, it turns out, is a private organization based in Switzerland whose members are drawn from the same country blocs making the proposals. The DONA platform itself is a twenty year old scheme, known as Handles, to build a master global database allowing every networked device in the world to be uniquely tagged so that any desired information can then be added, tracked, and queried. Russia has had a special affinity for the platform - which it has been championing over nearly the past decade in the ITU.

For many reasons - including usefulness of the technology, cost, and the existence of more effective alternative platforms - industry and technical communities have ignored the DONA platform over the past two decades. However, the ITU as an intergovernmental body operates under a different paradigm—political processes where Nation State blocs can simply propose anything they wish—as they have at the Hammamet meeting. Russia knows the process well, and the Russian, Arabic and ATU blocs control a significant number of votes.

There are some really sad, unfortunate dimensions to what is unfolding here. One of the more obvious known to experts in the field is that the ITU-T itself pioneered an effective means for tagging information objects thirty years ago known as OIDs (Object IDentifiers), and the platform has been usefully deployed across internet and telecommunication networks for many purposes.

Another related aspect is that major global industry standards bodies have developed their own specialized tagging platforms that could be adversely affected by the patently anticompetitive ITU action of promoting the DONA platform for global use.

The concerns do not stop there. There are other reasons why the DONA scheme has remained almost unused after twenty years. A single overlay global information system for tagging, tracking, and querying the existence of every network device is the equivalent of Snake Oil. No network singularity can scale to the degree required. Furthermore, it would be costly and difficult to even attempt to create and maintain—certainly by economically challenged countries. Lastly, such an overlay would itself be constantly exposed to all kinds of cybersecurity threats and constitute a major global vulnerability. Indeed, MobilePhoneSecurity.org recently described significant IOT vulnerabilities of the DONA software.

Sadly, these proposals fly in the face of the theme of the WTSA itself—“security, privacy and trust in ICTs”—and depreciate the already diminished stature of the ITU-T. No competent body would adopt resolutions for outsourcing the purported basis for global security, privacy, and trust to a small, closed, private foundation led by Russia and a handful of friendly allies. Hopefully the nations in Hammamet will reject the Snake Oil sales pitch and the limited resources of the ITU can be used for more productive endeavors.

By Anthony Rutkowski, Principal, Netmagic Associates LLC

The author is a leader in many international cybersecurity bodies developing global standards and legal norms over many years.

Visit Page

Filed Under


Treading Water or Moving Forward Patrice Lyons  –  Oct 26, 2016 5:21 PM

In addressing the potential for progress in managing information in digital form in the Internet presented by the Digital Object Architecture (DOA), you may want to reflect on the following words of John F. Kennedy:  “Art means more than the resuscitation of the past:  it means the free and unconfined search for new ways of expressing the experience of the present and the vision of the future.” While the work that has taken place over many years to bring the Internet technology into widespread use has been amazing and laudatory, we shouldn’t sit still and reflect on the past as if the solutions we now know will adapt well, if at all, to future challenges and opportunities such as those posed by the activity known as the Internet of Things. 

The DOA is an open, non-proprietary architecture that form the basis for ITU Recommendation X.1255. There are reference software implementations of the DOA components that have been made available in the public interest, and nothing prevents others from developing their own software based on the DOA.  The challenge of dealing with new approaches does not serve as a justification for trying to minimize or denigrate them, especially when they build upon well- established existing approaches.

Patrice A. Lyons
General Counsel
Corporation for National Research Initiatives
Reston, VA, USA

Not exactly Anthony Rutkowski  –  Oct 26, 2016 7:30 PM

When private companies such as The DONA Foundation or CNRI seek to leverage an intergovernmental organization such as the ITU, obtain Secretariat marketing resources, and engage the political support of Member Administrations in Russian, Arab, and African regions to pursue international normative provisions and resolutions to promote their products and services vis-à-vis others extant in the marketplace, the behavior is arguably anticompetitive and otherwise inappropriate.

Perhaps it could also be explained why a key related U.S. Patent assigned to CNRI was apparently not disclosed when the methods were being advanced in both the IETF and ITU-T, as well as indicate the present disposition of the IPR.  See U.S. Patent 6135646.

DO Architecture in the public domain Patrice Lyons  –  Oct 26, 2016 9:57 PM

The assertion about leveraging in the prior comment is simply off-base.  In any event, efforts to make technology widely available in the public interest offers choice in the marketplace which is hardly inappropriate and certainly not anti-competitive.

With respect to the patent situation, on October 22, 1993, Corporation for National Research Initiatives (CNRI) filed a U.S. patent application, titled “System for uniquely and persistently identifying, managing and tracking digital objects,” U.S. Patent No. 6,135,646 (http://www.oalit.net/www.wsis-si.org/DOI/US6135646.html) for what later became known as the Digital Object (DO) Architecture, and which highlighted the use of handles, handle resolution and repositories for information management. CNRI filed this patent application as a defensive matter to pursue its research and development in the public interest. This patent has now expired; however, it is a benchmark in the public domain for those seeking to provide services based on the DO Architecture going forward. 

As for the patent rights claimed in the IETF informational RFCs 3650, 3651, and RFC 3652,  CNRI submitted the appropriate patent disclosures to IETF (ftp://ietf.org/ietf/IPR/cnri-ipr-rfc3650-3651-3652.txt).  After the patent expired, CNRI informed IETF and requested that the patent disclosures be removed (https://datatracker.ietf.org/ipr/search/?draft=&rfc;=&doctitle;=&group;=&holder=Corporation+for+National+Research+Initiatives&submit=holder&iprtitle;=&patent;=). Hope you find this information helpful.

The DO Architecture is now available in the public domain. 

Patrice A. Lyons
General Counsel, CNRI

IPR and other questions Anthony Rutkowski  –  Oct 27, 2016 6:28 PM

So when exactly did the patent expire? The USPTO and Google patent databases seem to show it as active, and it wouldn't normally expire until next year. In addition, the Handle System Public License Agreement seems to still include reference to the patent as well as "certain additional pending U.S. applications" that are not identified. The IPR and its ownership here seem somewhere between fuzzy and opaque. As to the ITU, over the entire four year period that CNRI was actively participating and contributing material to SG17, there is no record of CNRI disclosing that it held the core patent underlying the methods it was advancing as X.handle, X.discovery, and Rec. ITU-T X.1255. Ref. COM17-C269, March 2010. The patent notification requirements are covered extensively on the ITU's IPR website. Why wasn't disclosure made? Over the past eight years, the Nation State primarily supporting the use of the Handle/DOA work in the ITU is the Russian Federation. Is there an explanation?

Addressing inaccuracies Patrice Lyons  –  Oct 28, 2016 1:45 PM

It is important to address some technical inaccuracies in your latest comment: • The U.S. patent law applies to the term of the now expired CNRI patent sometimes referred to as the “digital object” patent. CNRI filed the “parent” application on October 22, 1993. Given that the application for this patent was filed “on or after” June 8, 1995 (the “continuation” application was filed in 1997, the term was 20 years from the 1993 filing date. In other words, the patent expired on October 22, 2013; this means that the subject matter claimed in the patent has been dedicated to the public. Again, the Digital Object Architecture is now in the public domain. • There is another error in your comment. The Handle System Public License Agreement was replaced by CNRI’s Handle.Net Public License Agreement (Ver. 1) (available at http://www.handle.net/HNRj/HNR-8-License.pdf). There is no reference to any patent claims in the Handle.Net Public License Agreement. Patrice Lyons

Concerns are not "off base" Anthony Rutkowski  –  Oct 26, 2016 10:47 PM

The interventions of the United States and other Administrations in the ITU’s highest continuing management body, The Council, expressing concerns regarding the appropriateness of CNRI, The DONA Foundation, and ITU official actions over the past several years are a matter of public record.  The concerns include the anticompetitive implications.  They are not “off base.”

To reiterate, leveraging an intergovernmental organization such as the ITU, obtaining Secretariat marketing resources, and engaging the political support of Member Administrations in Russian, Arab, and African regions to pursue international normative provisions and resolutions to promote CNRI and DONA products and services vis-à-vis others extant in the marketplace is inappropriate.  This behavior cannot be whitewashed with the assertion that the products and services are somehow “in the public interest.”  Indeed, the ITU intergovernmental actions appeared to be only undertaken after the Handle platform existed for more than ten years in the marketplace with almost no interest.

The question about notice of the patent given in ITU-T when CNRI submitted its contributions and undertook the work in 2010 remains unanswered.

Let's take this off line Patrice Lyons  –  Oct 27, 2016 2:12 AM

From the tenure of the last comment, I gather that the DO Architecture is perceived as somewhat of a threat to an existing technology.  If so, this is the nature of competition.

Interoperability across various competing information systems is at the core of the ITU Recommendation X.1255, and is reflected in the mission of the DONA Foundation. 

All best wishes for your favorite technologies going forward, but please do take a look at X.1255 and the work of the DONA Foundation for guidance where interoperability of information systems is an essential element.

As for the ITU requirements on disclosure, I suggest you take a look at the ITU site for guidance. 

In any event, the DO Architecture remains in the public domain. 

We should take this up at some other time.

Patrice Lyons

One more time Anthony Rutkowski  –  Oct 27, 2016 11:17 AM

The concern here is not the technology.  If after 20 years, the platform has remained largely unused, it does not seem like much of a threat.  CNRI, DONA, and whoever else you choose to partner with are certainly free to continue to pursue their evangelism for the next 20 years.

The concern is that CNRI, DONA, and their Nation State partners have gone to a U.N. specialized agency and engaged in certain actions at an intergovernmental level that are normative in nature to pursue their ambitions.  As was noted at Council, you have obtained substantial ITU Secretariat resources for marketing purposes, and have been engaging the political support of Member Administrations in Russian, Arab, and African regions to bring about international normative provisions and resolutions to promote CNRI and DONA products and services.

This kind of strategy to promote one’s products by leveraging an intergovernmental body is hardly new.  It has been attempted countless times over the past 166 years the ITU and its precursors have existed.  However, it is inappropriate - especially in today’s world where these ambitions are pursued through non-governmental industry collaborative bodies.

Taking it up some other time is fine - as long as it is not in the ITU!

Still "off base" Patrice Lyons  –  Oct 27, 2016 3:48 PM

We have now gone full circle on this matter and your arguments are still way off base. Let’s take this up at another time.

DONA Snake Oil is not free Anthony Rutkowski  –  Oct 31, 2016 12:46 PM

It is good to see the WTSA-16 finding that CNRI appears to have violated ITU’s IPR rules in its initiating and pursuing Rec. ITU-T X.1255 without disclosing the highly relevant patent it held that formed the basis for the work.  See WTSA-16 Doc. DT/66.  Obviously those participating at the conference did not find these matters “off base.”  This one significant patent issue doesn’t begin, however to deal with all the other IPR problems, including ancillary patents, trademarks, and related software, that surround the entire DOA/Handle System (R) and Handle.Net (R) platforms.

Even more important, what is also not disclosed is that the DONA Handle System is not free.  It is a potentially lucrative global money making operation.  Initial registration of a Handle costs US$50 and US$50/yr to maintain.  See the related FAQ.  How is it that the ITU is basically promoting a monopoly global identifier sales operation under a private, opaque Swiss company and its partners?  The DONA monopoly operation could subsequently charge whatever it wished.

Then there is also the nagging public policy concern that the principal supporter of the platform for the past eight years has been the Russian Federation.

Misleading observations Patrice Lyons  –  Oct 31, 2016 11:02 PM

1.  X.1255 is an ITU Recommendation approved in September 2013.  The DONA Foundation is a non-profit technical entity founded in January 2014 and is subject to Swiss law.  There is no dependency for members of the public who wish to implement X.1255 that they received any patent, trademark or other rights or permissions from the DONA Foundation.  This is the essence of an ITU Recommendation, and should be well understood.

2.  You appear to be confusing CNRI’s Handle.Net Registry (http://www.handle.net) with X.1255.  Again, there is no dependency for those implementing X.1255 on entering into licenses or other agreements with CNRI.  Please visit the CNRI site to understand better what has been implemented.

3.  When you refer to ITU patent policies, I suggest you focus on the policies in effect in 2013 and before.  Unlike the requirements for ISO & IEC, participants in ITU-T activities are not specifically required to disclose possible patents at the draft stages of a standards proceeding, particularly where the subject under consideration is not yet stable; and it is unclear or vague as to whether a given patent will be relevant to the implementation of any Recommendation developed.  With respect to what is now known as ITU Recommendation X.1255, it was specifically unclear and, indeed, ambiguous about what was going to emerge from the various deliberations until very late in the process.  By that time the patent was set to expire in a few months, and, therefore, it was deemed that no patent license declaration was required as there would be no patent to license. 

Patrice Lyons

Reality Check Anthony Rutkowski  –  Nov 1, 2016 12:31 AM

The big picture here is that an all but dead intergovernmental standards body and its secretariat are pandering to Russia and a couple of MEA countries in embracing an all but dead fantasy technical platform in the expectation that they will collectively have relevance advancing some kind of cure-all in the world of networking.  Russia’s focus on tagging and tracking all digital objects and content of the world at the Conference is really special.  In reality, all these actors are simply holding hands as they walk off into the sunset hugging DONA.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign