Stop Using the Term “Open Internet”

Over the past few years, the term "open internet" has become popular among politicians in Washington and Europe. It is bandied about in political pronouncements that assert that everyone needs to somehow support the open internet without ever actually defining it. It is sometimes used as a synonym for Net Neutrality. In fact, it is a bogus public relations term that is rather like saying you believe in the Tooth Fairy. more

Has President Macron Thrown Multistakeholderism Under the Bus at UN IGF 2018 Paris?

Today, President Macron threw down the gauntlet to President Trump and the US administration on Multistakeholderism. In his welcome address to IGF 2018 Paris a few hours ago, President Macron challenged IGF to become more relevant by reinventing itself in factoring in multilateralism into IGF's non-decision-making body and to move beyond the mere talk-ship lip service it has been for the last 13 years. more

Over the Top Services at the ITU PP-2018: Considering the Pittsburgh Massacre

This past Saturday, a self-professed neo-Nazi massacred eleven worshipers at synagogue services in Pittsburgh. The killer was reported to have lived on and was incented by an "Over the Top (OTT)" service purposely established to facilitate extremist activities known as Gab. Within hours, the cloud service providers hosting their services announced they would no longer provide hosting services. Presumably, the threat of both potential civil litigation liability among other penalties, as well as adverse publicity, provided the motivation. more

Should Domain Names be Considered ‘Contracts for Service’ or ‘Property Rights’?

The legal status of domain names is one of the most hotly debated topics with regards to evolving property rights and how they should be applied to technological and intellectual property 'innovations' in cyberspace. At present, there are two opposing factions on this topic: On one hand, there are those who maintain that domain names should be considered as contracts for services, which originate from the contractual agreement between the registrant and the registrar. more

Why You Must Learn to Love DNSSEC

It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to their own fake wallet site, thereby draining some people's wallets. It generated a lot of discussion at the time... What isn't fully appreciated is that attack has, in fact, changed the game somewhat... more

GDPR PII Time-Bomb? Kill it With Fire!

Hi! My name is spamfighter. I investigate spam and phish in a post-GDPR dystopia. Recently, I invented Fire, to save you millions of €uros. One day, my Boss suggested I automate some of my processes. I, for one, welcome our Robot Overlords (and a happy boss), but I can be exacting about the tools I use. Perhaps not to the degree of the infamous Van Halen 'no brown M&M's' contractual clause but I have no patience for poorly-designed software, and truly dislike typing when... more

Schneier and Kerr on Encryption Workarounds

Bruce Schneier is a famous cryptography expert and Orin Kerr a famous cyberlaw professor. Together they've published a law journal article on Encryption Workarounds. It's intended for lawyers so it's quite accessible to non-technical readers. The article starts with a summary of how encryption works, and then goes through six workarounds to get the text of an encrypted message. more

IETF and Crypto Zealots

I've been prompted to write this brief opinion piece in response to a recent article posted on CircleID by Tony Rutkowski, where he characterises the IETF as a collection of "crypto zealots." He offers the view that the IETF is behaving irresponsibly in attempting to place as much of the Internet's protocols behind session level encryption as it possibly can. ... Has the IETF got it wrong? Is there a core of crypto zealots in the IETF that are pushing an extreme agenda about encryption? more

The Future of .COM Pricing

When you've been around the domain industry for as long as I have, you start to lose track of time. I was reminded late last year that the 6-year agreement Verisign struck with ICANN in 2012 to operate .com will be up for expiration in November of this year. Now, I don't for a second believe that .com will be operated by any other party, as Verisign's contract does give them the presumptive right of renewal. But what will be interesting to watch is what happens to Verisign's ability to increase the wholesale cost of .com names. more

In Memoriam: UDRPsearch.com

I have hesitated in writing this memorial for udrpsearch.com because I did not want to announce a demise that may not be true or the fear that my saying it will make it so. The website went dark for a short period in 2017, before being restored after a brief shutdown, and (I thought) it could happen again. I was waiting for history to repeat itself. But, the website remains dark, without explanation, and I fear it will not return. We lost it on or about January 6, 2018. more

First Do No Harm: Ensuring Compliance with the EU’s GDPR While Preserving Access to WHOIS Data

There is growing concern about how ICANN will comply with the EU General Data Protection Regulation (GDPR), whose enforcement sanctions come into force in May of 2018. How will ICANN comply with GDPR without unduly restricting global Internet users' access to the public WHOIS database? For nearly the past 20 years, Internet users, businesses, law enforcement and consumer protection agencies have relied on WHOIS as a necessary resource. more

Internet Governance Outlook 2018: Preparing for Cyberwar or Promoting Cyber Détente?

In 2018, Internet Governance will be one of the top priorities in the geo-strategic battles among big powers. In today's world, every global conflict has an Internet-related component. There is no international security without cybersecurity. The world economy is a digital economy. And human rights are relevant offline as well as online. It is impossible to decouple cyberspace from the conflicts of the real world. more

A Closer Look at Why Russia Wants an Independent Internet

Actually practical and not necessarily a problem. The Security Council of the Russian Federation, headed by Vladimir Putin, has ordered the "government to develop an independent internet infrastructure for BRICS nations, which would continue to work in the event of global internet malfunctions." RT believes "this system would be used by countries of the BRICS bloc - Brazil, Russia, India, China and South Africa." Expect dramatic claims about Russia's plan for an alternate root for the BRICs and not under Western control. more

The Hack Back Bill in Congress is Better Than You’d Expect

Rep's Graves and Sinema recently introduced H.R. 4036, the catchily named Active Cyber Defense Certainty Act or ACDC act which creates some exceptions to criminal parts of computer crime laws. Lots of reports have decried "hack back" but if you read the bill, it's surprisingly well targeted. The first change is to what they call Attributional Technology, and says it's OK to put bait on your computer for an intruder intended to identify the intruder. more

The One Reason Net Neutrality Can’t Be Implemented

Suppose for a moment that you are the victim of a wicked ISP that engages in disallowed "throttling" under a "neutral" regime for Internet access. You like to access streaming media from a particular "over the top" service provider. By coincidence, the performance of your favoured application drops at the same time your ISP launches a rival content service of its own. You then complain to the regulator, who investigates... It seems like an open-and-shut case of "throttling" resulting in a disallowed "neutrality violation". Or is it? more