Your Cybersecurity is Only as Strong as Your Weakest Vendor

Managing the risk of third parties has become a compliance focus for many large organizations. Companies even work with third-party service providers and external vendors just to manage this risk. The recent SolarWinds attack escalates the critical need for chief compliance officers to collaborate with their business counterparts to identify and mitigate potentially unknown threats that lie within third-party supply chains. Yet how can companies manage this risk when it's not if but when you're attacked? more

Civil Society Groups Call for Deletion of Internet Filtering Provision in EU Copyright Proposal

The European Digital Rights (EDRi) and 56 other civil society organizations, sent an open letter today to EU decision-makers calling for the deletion of the Article 13 of the Copyright Directive proposal, pointing out that monitoring and filtering of internet content that it proposes breach citizens’ fundamental rights. more

Thinking Outside the Internet

This is a talk I gave at Google in Cambridge January 6, 2014. Some may know this as Ambient or Borderless Connectivity, but I'm titling this post as "Thinking Outside the Internet." It builds on my Three Stages of Digital theme, outlining how we are shifting from a telecom-centric framing with meaning and value inside the wire to today's Internet in which meaning and value are no longer contained within channels. more

Big Brands Trying to Corner Generic Domain Namespaces?

Trying to make sense of the nearly 2000 new TLD applications is not something that anyone can do quickly. Sure, you can look at the list and see who has applied for what, but it's only when you actually read the "public" part of their submission that you can get an insight into their plans. Let's call a spade a spade. If a big brand wants to get its own TLD then it's pretty much their own business how they use it, as long as they don't do any "harm" to the rest of the internet ecosystem... more

IPv6 RIPEness: One Year Later

A year ago, the RIPE NCC introduced IPv6 RIPEness -- a system that rates IPv6 deployment of Local Internet Registries (LIRs)... Now, one year later, the numbers have gone up... In absolute numbers: more than 3,000 LIRs have IPv6 address space. This means that the RIPE NCC has made more than 1,100 IPv6 allocations within 12 months. more

Recovering Domain Names Lost to Fraudulent Transfer

Domain Names composed of generic terms and combinations – dictionary words, random letters, and short strings – have achieved ascending values in the secondary market. DNJournal.com (Ron Jackson) reports on his year to date chart, for example (just a random sampling from the charts) in August 2019 joyride.com was sold for $300,000, in June voice.com sold for $30 million, in July rx.com sold for $1 million, and in January california.com sold for $3 million... The magnitude of the reported sales suggests that businesses have come to depend on resellers than go to the trouble of inventing brand names from scratch. more

2017 Domain Name Year in Review

Given that it's been a few years since my last domain name year in review, I've really enjoyed looking back at this year's biggest domain name stories and seeing how this industry has evolved. This year, in particular, has seen some notable changes which are likely to impact the domain name landscape for years to come. So without further ado, here is my list for 2017. more

Soon in a Mail Box Near You: Internationalized Email Addresses

The EAI working group of the IETF has finished (part of) its work on the interationalization of email addresses. This, together with Internationalized Domain Names (IDN) will make it possible to send email messages to non-7 bit ASCII addresses... There are 3 RFCs, covering changes to the SMTP protocol, e-mail message format and delivery Status Notifications. more

ICANN Board Resolutions May Enable New gTLDs to Potentially Launch in Fall

In an attempt to appease the Governmental Advisory Committee, ICANN's New gTLD Program Committee directed ICANN staff to amend the Registry Agreement so that all New gTLD Registries will be required to include a provision in its Registry-Registrar Agreement that requires Registrars to include in their Registration Agreement a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name. more

ICANN-Law Enforcement Due Diligence Recommendations and Fundamental Rights

A commentary in the context of the 1950 Convention and European Union law... The ICANN Law Enforcement Due Diligence Recommendations is a document that was a jointly issued in 2009 by several law enforcement agencies, including the US Department of Justice's Federal Bureau of Investigation' ('the FBI), the United Kingdom's Serious and Organised Crime Agency ('SOCA') and the Royal Canadian Mounted Police. more

How Do We Define ‘SIP’ for Telecom In 2014?

"What is a minimum set of specifications that a vendor must implement to be able to say that it is SIP-compliant?" A friend asked me that question and my response was: "It depends." and even more unfortunately:
"I don't know." It turns out to be a challenging question to answer... and it led me to ask: "How do we define what "SIP" is for telecommunications in 2014? How do we help vendors move their products/services to be based on SIP? As we talk about "turning off the PSTN" and "moving all telecom to IP", how can we make it easier for companies to switch to using SIP? more

IETF and Crypto Zealots

I've been prompted to write this brief opinion piece in response to a recent article posted on CircleID by Tony Rutkowski, where he characterises the IETF as a collection of "crypto zealots." He offers the view that the IETF is behaving irresponsibly in attempting to place as much of the Internet's protocols behind session level encryption as it possibly can. ... Has the IETF got it wrong? Is there a core of crypto zealots in the IETF that are pushing an extreme agenda about encryption? more

China Telecom Accused of Misdirecting Internet Traffic

A paper published by the Naval War College titled, "China's Maxim - Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking," accuses the Chinese government of manipulating BGP routing in order to intercept internet traffic. more

iPhone, Android, 700 MHz: What Maximizes Wireless Innovation?

At the Emerging Communications Conference eComm 2008, I'm moderating a panel "Wireless Innovation, with or without operators." This will be a discussion -- smart people from differing camps responding to (hopefully) probing questions from yours truly, and the audience. Points of view represented include Google Android, J2ME/JavaFX Mobile, iPhoneWebDev.com, Skype and Trolltech Qtopia (Nokia), plus Chris Sacca, formerly head of Google's wireless initiatives. I've been thinking about subjects and questions for the panel. As a start, I'll set down my current views, then seek others' views and questions. more

Internet Regulation: Section 706 vs Title II

At the NANOG meeting in Baltimore this week I listened to a presentation by Patrick Gilmore on "The Open Internet Debate: Section 706 vs Title II." It's true that this is a title that would normally induce a comatose reaction from any audience, but don't let the title put you off. Behind this is an impassioned debate about the nature of the retail Internet for the United States, and, I suspect, a debate about the Internet itself and the nature of the industry that provides it. more