Putting Cyber Threats Into Perspective

As society uses more digital technologies we are increasingly also faced with its problems. Most of us will have some horror stories to tell about using computers, smartphones, and the internet. But this hasn't stopped us from using the technology more and more. I believe that most people would say that their lives would be worse without technology -- in developed countries but equally in the developing world. more

Say YES to DNSSEC

With the latest "DNSpionage" attack, ICANN astutely prompted domain name holders to fully deploy DNSSEC on their names. Afilias absolutely supports this and encourages the same. In this post, I remind you of why DNSSEC is important and our continued role. Afilias has a long history in the development and advocacy of DNSSEC. In 2007, we partnered with Public Interest Registry to help found dnssec-deployment.org. more

Enough’s Enough: It’s Time to Set a Deadline for the Next New gTLD Application Window

The ICANN community is currently in full congratulatory mode because the team responsible for the delivery of the Phase 1 Final Report of the Expedited Policy Development Process on gTLD Registry Data (EPDP) has managed to do so in a record-breaking seven months. The GNSO Council approved the Final Report in a special meeting on 4 March 2019, and the report will now be sent to the ICANN Board for consideration and hopefully adoption. more

America Will Not Win the Global Race to 5G

Several weeks ago, the White House published a document asserting that "America Will Win the Global Race to 5G." The White House should get over it. This is not about America winning any global race to 5G, but the world working together on fundamentally different, complex, new communication networks and services. There are four important points, however. more

Stop Using the Term “Open Internet”

Over the past few years, the term "open internet" has become popular among politicians in Washington and Europe. It is bandied about in political pronouncements that assert that everyone needs to somehow support the open internet without ever actually defining it. It is sometimes used as a synonym for Net Neutrality. In fact, it is a bogus public relations term that is rather like saying you believe in the Tooth Fairy. more

Has President Macron Thrown Multistakeholderism Under the Bus at UN IGF 2018 Paris?

Today, President Macron threw down the gauntlet to President Trump and the US administration on Multistakeholderism. In his welcome address to IGF 2018 Paris a few hours ago, President Macron challenged IGF to become more relevant by reinventing itself in factoring in multilateralism into IGF's non-decision-making body and to move beyond the mere talk-ship lip service it has been for the last 13 years. more

Over the Top Services at the ITU PP-2018: Considering the Pittsburgh Massacre

This past Saturday, a self-professed neo-Nazi massacred eleven worshipers at synagogue services in Pittsburgh. The killer was reported to have lived on and was incented by an "Over the Top (OTT)" service purposely established to facilitate extremist activities known as Gab. Within hours, the cloud service providers hosting their services announced they would no longer provide hosting services. Presumably, the threat of both potential civil litigation liability among other penalties, as well as adverse publicity, provided the motivation. more

Should Domain Names be Considered ‘Contracts for Service’ or ‘Property Rights’?

The legal status of domain names is one of the most hotly debated topics with regards to evolving property rights and how they should be applied to technological and intellectual property 'innovations' in cyberspace. At present, there are two opposing factions on this topic: On one hand, there are those who maintain that domain names should be considered as contracts for services, which originate from the contractual agreement between the registrant and the registrar. more

Why You Must Learn to Love DNSSEC

It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to their own fake wallet site, thereby draining some people's wallets. It generated a lot of discussion at the time... What isn't fully appreciated is that attack has, in fact, changed the game somewhat... more

GDPR PII Time-Bomb? Kill it With Fire!

Hi! My name is spamfighter. I investigate spam and phish in a post-GDPR dystopia. Recently, I invented Fire, to save you millions of €uros. One day, my Boss suggested I automate some of my processes. I, for one, welcome our Robot Overlords (and a happy boss), but I can be exacting about the tools I use. Perhaps not to the degree of the infamous Van Halen 'no brown M&M's' contractual clause but I have no patience for poorly-designed software, and truly dislike typing when... more

Schneier and Kerr on Encryption Workarounds

Bruce Schneier is a famous cryptography expert and Orin Kerr a famous cyberlaw professor. Together they've published a law journal article on Encryption Workarounds. It's intended for lawyers so it's quite accessible to non-technical readers. The article starts with a summary of how encryption works, and then goes through six workarounds to get the text of an encrypted message. more

IETF and Crypto Zealots

I've been prompted to write this brief opinion piece in response to a recent article posted on CircleID by Tony Rutkowski, where he characterises the IETF as a collection of "crypto zealots." He offers the view that the IETF is behaving irresponsibly in attempting to place as much of the Internet's protocols behind session level encryption as it possibly can. ... Has the IETF got it wrong? Is there a core of crypto zealots in the IETF that are pushing an extreme agenda about encryption? more

The Future of .COM Pricing

When you've been around the domain industry for as long as I have, you start to lose track of time. I was reminded late last year that the 6-year agreement Verisign struck with ICANN in 2012 to operate .com will be up for expiration in November of this year. Now, I don't for a second believe that .com will be operated by any other party, as Verisign's contract does give them the presumptive right of renewal. But what will be interesting to watch is what happens to Verisign's ability to increase the wholesale cost of .com names. more

In Memoriam: UDRPsearch.com

I have hesitated in writing this memorial for udrpsearch.com because I did not want to announce a demise that may not be true or the fear that my saying it will make it so. The website went dark for a short period in 2017, before being restored after a brief shutdown, and (I thought) it could happen again. I was waiting for history to repeat itself. But, the website remains dark, without explanation, and I fear it will not return. We lost it on or about January 6, 2018. more

First Do No Harm: Ensuring Compliance with the EU’s GDPR While Preserving Access to WHOIS Data

There is growing concern about how ICANN will comply with the EU General Data Protection Regulation (GDPR), whose enforcement sanctions come into force in May of 2018. How will ICANN comply with GDPR without unduly restricting global Internet users' access to the public WHOIS database? For nearly the past 20 years, Internet users, businesses, law enforcement and consumer protection agencies have relied on WHOIS as a necessary resource. more