One thing that ICANN clearly lacks is a set of well documented and often referenced founding principles. This leaves the awkward position where everyone who has been around since the beginning has a different position on what those principles should have been and all those that have joined later know that there is something fundamental missing. The missing principle vexing me this week is that of fair competition. Even now, long after the gTLD vote, the argument still runs on... more
It was fascinating last week to read coverage of congressional hearings around the SOPA bill, or Stop Online Privacy Act. The bill has strong support from the Motion Picture Association of America, the U.S. Chamber of Commerce and big pharmaceutical companies. It's opposed by most technology and telecom companies, plus consumer advocate groups like the Electronic Frontier Foundation and Public Knowledge. more
Law enforcement demands to domain name registrars were a recurring theme of the 42d ICANN public meeting, concluded last week in Dakar. The Governmental Advisory Committee (GAC) took every opportunity at its public meetings with GNSO and Board, and in its Communique to express dismay, disappointment, and demands for urgent action to "reduce the risk of criminal abuse of the domain name system." more
The Internet Society (ISOC) has addressed human rights issues related to Internet access stating "[t]he increasing pressure to limit access to the Internet has escalated the sense of urgency in addressing this situation." ISOC, in the announcement, reaffirmed its policy area and its work to bring attention to the impact of Internet freedom on other aspects of human rights. more
When does a non-profit organization become a profit-making one? This and similarly fundamental questions about ICANN's institutional character are raised by the high probability that the gTLD project will produce profits for ICANN. How much money those profits will amount to remains in question, but it is increasingly difficult for ICANN to say that there will be no profit at all. more
Cybersecurity regulation will take its place alongside environmental regulation, health and safety regulation and financial regulation as a major federal activity. What is not yet clear is what form the regulations will take. FISMA controls, performance standards, consensus standards and industry-specific consortia standards are all possible regulatory approaches. What is not likely is an extended continuation of the current situation in which federal authorities have only limited, informal oversight of private sector cyberdefenses (or lack thereof). more
I came across an interesting article on Reuters today: "U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a rash of high-profile Internet crimes..." This is a pretty big step for the SEC. Requiring companies to disclose when they have been hacked shifts the action on corporations from something voluntary to something that they have to do. The question is do we want to hear about everything? more
Studies have found only limited, insufficient agency adherence with FISMA's (Federal Information Security Management Act) continuous monitoring mandates. One survey found almost half of federal IT professionals were unaware of continuous monitoring requirements. A recent GAO report found that two-thirds of agencies "did not adequately monitor networks" to protect them "from intentional or unintentional harm." more
Recent articles in the press have outlined how sites including MSN and Hulu are now using an advanced version of the old cookie file to track user behavior. These "supercookies" are very hard to detect and delete, and can track user behavior across multiple sites, not just one. These tricky little trackers have lawmakers pressing the FTC to investigate, and the IAB scrambling to defend industry practices. more
Signing Email is now a Draft Standard! Signing email transitioned from a proposed standard to a draft standard (RFC6376 -- one of the new RFCs) over at the IETF a few days ago. The other is RFC6377. Let's go through a brief history of DKIM RFCs to refresh our memories... more
I read with interest the piece by the Chairman of the Association of National Advertisers (ANA), Garry Elliot, in Advertising Age, which was partly prompted by my commentary in the same publication describing why new generic Top-Level Domains (gTLDs) could be an opportunity for some brands. He says: "From all I've seen, no matter how one tries to justify ICANN's process or the benefits it speculates will occur, it is simply impossible to defend the economics of the ICANN proposal. That is the Achilles' heel of this entire exercise. To paraphrase an old saying, 'It's the economics, stupid.'" more
While it was good to see that the Administration included telecoms in its new stimulus package - which was launched in September 2011 - the concerns expressed when the project was announced last year still persist. Wireless is not a solution to the significant broadband problems the USA is facing. ... The new plan seems to be driven more by the failed attempts in previous initiatives to roll out more broadband infrastructure. more
Wout de Natris: "In this decision OPTA revokes the registration of Diginotar as a so called Trusted Third Party. Diginotar issued certified certificates for digital signatures. The security breach by Iranian hackers over the summer, which Diginotar did not report to the authorities, lead to severe credibility issues for all Diginotar certificates issued before. This included Dutch government websites, but also led to severe breaches of privacy for Iranian end users, in multiple countries. As a result of OPTA's decision all certificates issued by Diginotar have to be revoked, while at the same she is forbidden to issue new ones. more
At the Government Roundtable meeting in Amsterdam on 12 September RIPE NCC presented on her results on auditing Local Internet Registries (LIRs) and on the policy process concerning certification of her members. If this showed something to the world it is that cooperation with governments and law enforcement agencies (LEAs) pays off and self-governance can work. How did this come about? more
When it comes to building a robust globe-spanning network of crimeware and making the victims dance to a tune of the cyber-criminals' choosing, you're guaranteed to find domain name abuse at the heart of the operation. DNS provides the critical flexibility and underlying scalability of modern command-and-control (C&C) infrastructure. Cyber-criminals that master DNS (and manage to maintain the stream of new domain registrations that keep it fed) tend to find themselves in command of the largest and most profitable crimeware networks. more
A World-Renowned Source for Internet Developments. Serving Since 2002.