Internet i inne organizacje

In case you don't read any of what I have to say below, read this: I have dual citizenship. Along with my homeland citizenship, I am of the Internet, and see it as my personal duty to try and make the Internet safe.

Atrivo (also known as Intercage), is a network known to host criminal activity for many years, is no more.

Not being sarcastic for once, this is the time for some self reflection.

I wish I was one of those who sleep soundly tonight. Being clear in my conviction that Atrivo should be out of business, and being positive, my decision to help that happen was sound. While I would do it again, I am sad.

I won't sleep soundly tonight, as that company, criminal and abusive as it clearly and contemptuously was, still sustained quite a few families in several layers of employment, from sysadmins sitting in the US of A all the way to minor low-level fraudsters employed by their clients' clients.

I will however, be able to look myself in the mirror for my part in the effort to get rid of them—and even gloat some. My conscious is as clear to me as my sadness is crystal. We may not have changed the wall of battle in the long term and whenever one criminal falls, another jumps up to the opportunities of the land of the free—the Internet. But for once, just for a while, we halted the machine. We stopped the wheels of evil, even if only for a fortnight.

While doing so, it also touched some lives in a destructive fashion. The criminals'.

No villain ever sees himself as the bad guy, as the saying goes. A friend recently showed me Russian language comments written on Brian Krebs' recent Washington Post story. In them, the posters ask: "why do you take our bread away?"

In a lecture during ISOI 5, some folks just didn't understand the meaning. Their bread. Their bread. We in the Western world, behind the cultural divide speak a different language. Their culture isn't poorer than ours, it is unequivocally different.

We can not truly comprehend what it means for some folks in Russia to no longer be able to feed their children this month. Nor can we understand that by sending email, we made those children starve. Cheap theatrics on my part, you say? You got that right. It doesn't make it any less true.

Cyber crime is a war waged against the Western world. At first, no one even noticed and it was a niche… an art. While the artists still exist, they are a minority, the hackers. For the criminals however, motive is as irrelevant as nationality. Whatever actions are taken, be it a political defacement, fraud or spam, the unavoidable secondary impact remains the same: damage to the Western economy and security in an exponential growth which will become ever clearer in the coming years.

Yes, my friends. I would do the same again. I feel sorry for Atrivo, but they were harboring the equivalent for the Internet of active missile launchers firing on Israel from the Gaza strip. They are human beings who hit a curve in the road to their success. Cyber criminals, however, establish such growth as parasites and whatever I may feel for needing to resort to the end game weaponry, these people need to be smacked down like cockroaches.

Ten years ago they were a pride to their parents, today they are a scourge. What will they be in ten years?

If all reasonable and even some unreasonable approaches fail. That does not mean I don't have to feel sorry for them, and me. But it also doesn't mean we don't need to fight back.

Not even a hundred years ago, disastrously, war was business and an acceptable horrifying part of life. A few years later, in 1918, war was unthinkable. In the century since we who live in or are influenced by Western culture made war no longer an option we can publicly stomach, while facing those who would play us like children because of it.

War is horrifying and evil, it is also a last resort in a world not as ascendant as we would like to think. The Internet has its own "liberals" and I am proud to be one of them. However, I am also practical and see that wishing for a world we once had is not. A world where I could host files on my neighbor's servers openly, where children could happily use pocket calculators and go to libraries for their school work rather than Google and read Wikipedia. You did so, do your children?

This new world has its price, and that price is a complete loss of public privacy, and a culture of ineffective security.

We are reliant on our Auntie Jane's computer knowledge for our own security, and while not many would follow us to our bathrooms to infringe on our personal privacy, online we have no privacy, however much it helps us to lie to ourselves that something we do publicly (read, on the Internet) is private.

I accepted that, but that is because I am in the trenches for years. Others live better not knowing. But it doesn't mean I won't work diligently to make it remain… functional.

Indeed, taking a step back from my niche in security, and seeing how bad things truly are—people can still surf for porn, and argue over who the best Star Trek captain is. Cyber crime, in all its immense activity of billions of incidents an hour, is background noise. But the background noise continually increases. When will it overflow?

All I really want is to maintain the functionality we have, regardless of the abuse. And yet… Going back to Atrivo, they made enough money by now. And regardless once more, their criminal clients are already back online elsewhere—in some places possibly hosted by what seems like Atrivo, only under a different name.

We did not win, but boy does it feel good to have a victory once in a while for morale's sake. We halted the machine, even if only just for a short time. That, my friends, also has strategic implications as far as our ability is to influence networks running clean on the Internet, although only time will determine if I am right on that.

Enough whining though. Who is next on the target list? :)

More seriously, why do I care so much? I have dual citizenship. Along with my homeland citizenship, I am of the Internet, and see it as my personal duty to try and make the Internet safe.

Follow CircleID on Twitter

More under: Cyberattack, Privacy, Security

We Value Your Opinion: Please participate in this quick survey

After a long break the Blinkenlights Project is coming back to life. Its new screen is the Toronto City Hall with its 960 windows on two curved towers, forming 960 pixels with 16 brightness levels. The installation is named "Blinkenlights Stereoscope" in honor of its double screen. Everyone is invited to interact with it as it illuminates the City Hall from October 4th to October 12th, 2008. Moreover, you are invited to produce and publish your own animations. This time a special iPhone application for Blinkenlights Stereoscope has been published. Nach langer Pause erwachte das Projekt Blinkenlights wieder zu neuem Leben: Das Rathaus der größten kanadischen Stadt Toronto ist der neue Bildschirm mit 960 Fenstern (also 960 Pixeln mit 16 Helligkeitsstufen) auf 2 Gebäuden. Es handelt sich also um zwei Bildschirme, die noch dazu nach innen gekrümmt sind. Die zwei Bildschirme gaben dem Projekt den Namen Blinkenlights Stereoscope. Es wird vom 4. bis 12. Oktober die Stadtverwaltung erhellen und lädt wieder zu Interaktionen mit den Bildschirmen ein. Außerdem können eigene Animationen eingespielt werden. Diesmal gibt es eine spezielle Anwendung für das iPhone.

Researchers at Battellea, a research and development firm in Columbus, OH, have succeeded in using off-the-shelf optical telecommunication components to create a faster millimeter-wave device sending data at 10 gigabits per second. Current Wi-Fi and cellular networks operate on frequencies of 2.4 to 5.0 gigahertz.

Today there are no commercial wireless systems available that could match the speed of optical fiber capable of carrying tens of gigabits per second. Kate Greene of Technology Review reports: "One way to achieve faster speeds is to harness the millimeter-wavelength frequency of the wireless spectrum, although this usually requires expensive and very complex equipment. Now, engineers at Battelle, a research and development firm based in Columbus, OH, have come up with a simpler way to send data through the air with millimeter-wave technology. Earlier this year, in field tests of a prototype point-to-point system, the team was able to send a 10.6-gigabit-per-second signal between antennas 800 meters apart. And more recently, the researchers demonstrated a 20-gigabit-per-second signal in the lab."

Follow CircleID on Twitter

More under: Broadband, Wireless

We Value Your Opinion: Please participate in this quick survey

A British man and a German man have been indicted by a federal grand jury on charges of conspiring to intentionally cause damage to the computers of two U.S.-based retail satellite companies by launching large-scale distributed denial of service (DDOS) attacks that shut down the companies' websites.

The two men were allegedly hired by the owner of Orbit Communication, currently wanted by the FBI, to carry out DDOS attacks. Those attacks were directed at the public websites of two of Orbit's competitors, Rapid Satellite of Miami, Florida, and Weaknees of Los Angeles. If convicted, Walker and Gembe face 15 years in prison.

Follow CircleID on Twitter

More under: Cyberattack, Law, Security

We Value Your Opinion: Please participate in this quick survey

This week ICANN held a public consultation in Washington, D.C., where ICANN's President's Strategy Committee (PSC) solicited remarks from a packed audience of intellectual property (IP) lawyers, domain name registrars and other Internet stakeholders on how the organization can improve institutional confidence. An audio cast of the meeting and the PSC's presentation is available on ICANN's Web site.

No surprise, ICANN's decision to add new generic top-level domains (gTLDs) to the Internet was on many participants' minds. Given the high turnout and fervor of the group, time to speak was limited so I had to summarize my points during the meeting; the full text of my prepared remarks is provided below. The crowd's supportive response to my suggestions confirmed how ICANN needs to work more closely with the global business community to craft Internet policy that improves the overall security of the Internet.
* * *
HOW TO IMPROVE INSTITUTIONAL CONFIDENCE IN ICANN
Remarks for the ICANN Public Consultation – October 1, 2008

My name is Margie Milam, and I am the General Counsel of MarkMonitor, an ICANN accredited registrar and provider of brand protection services. MarkMonitor is the world's largest corporate domain name registrar, providing services to over 50 Fortune 100 companies, as well as 5 of the top 10 most popular internet sites in the world. Through our relationship with these customers, we understand how ICANN policy affects their ability to protect their brands and customers from abuse such as phishing, malware, identity theft, cybersquatting, and counterfeiting.

I would like to focus my comments on how to improve institutional confidence in ICANN as it tries to become more independent. Much of the criticism regarding ICANN from the corporate community arises from the perception that ICANN policy processes are unduly swayed by parties that are able to regularly attend ICANN meetings, particularly the contracting parties, namely the registrars and registries. Because very few corporations are able to send representatives to ICANN to advocate for business and consumer friendly policies, new policies tend to be spearheaded by the contracting parties with little attention to the concerns of the larger business and consumer communities.

ICANN needs to recognize that the corporate community is frustrated by the rampant abuse of the domain registration system over the last few years under ICANN's watch. From their viewpoint, ICANN has been slow to respond to abuse, and it appears that very few non-compliant parties are held accountable. The sudden rise of domain tasting and phishing, and WHOIS related abuse, are just a few examples. For statistics on these abuses, I invite you to review the MarkMonitor Brandjacking Index, published in September, that provides insight on how the world's largest brands are targeted by cybersquatters or "brandjackers" as we refer to them.

The perception from our clients is that this problem will get worse with the introduction of new gTLDs. This topic is a source of aggravation for our client base. On July 31, 2008, MarkMonitor held a webinar entitled "New gTLDs: Perspectives from ICANN", featuring Karla Valente, the new gTLD Program Director from ICANN. Much to our surprise, over 500 registrants signed up for this event. We polled the participants and learned that approximately 72% of the attendees expressed some level of fear or uncertainty regarding the process, with only 28% viewing the introduction of new top level domains as an opportunity. Of the companies that intended to apply for new gTLDs, over 60% intended to do so for defensive reasons or to prevent brand abuse. Only a small subset of our participants saw the new gTLD process as a way to rebrand and to take full advantage of the imminent gTLD opportunity which could be the next generation of the Internet. We believe that this subset will grow as companies see the branding potential of the new gTLDs but ICANN needs to work more closely with the business community to realize that potential.

We believe that institutional confidence in ICANN may suffer under the new gTLD process as currently proposed. There are insufficient mechanisms to protect rights holders (large and small) from abuse by deep-pocketed interests who seek to abuse this process both during the application period and beyond.

Though many rights holders see the advantages of applying for their own top level domain eventually, they may only be able to capitalize on the benefits of that top level domain later. Therefore, the immediate result will be more applications from the corporate community motivated by fear of brand abuse. To the extent that this occurs, the process will reflect badly on ICANN, since this will be viewed as a type of "blackmail" by the companies that are forced to apply out of fear. On the other hand, if the new gTLD process results in use by companies and individuals who truly desire to take advantage of a new way to communicate, ICANN will surely benefit.

The new gTLD process is just one example of how ICANN policy can adversely affect the business community. ICANN can improve its standing in the global business community and increase institutional confidence if it finds a way to increase the level of participation from the business community in its policy making initiatives.

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names, Domain Registries, Internet Governance, Law, Top-Level Domains

We Value Your Opinion: Please participate in this quick survey

The Open Net Initiative's Information Warfare Monitor project has published a stunning report by "Hacktivist" Nart Villeneuve titled: "Breaching Trust: An analysis of surveillance and security practices on China's TOM-Skype platform." It has been covered by both the New York Times and the Wall Street Journal. The report's key findings are as follows:

Major Findings

• The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.

• These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.

• The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.

• Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

Nart has posted a Q&A to which he will continue to add answers to questions he has been getting. He says he alerted Skype to his findings before the report was made public in order to avoid further compromising the people whose personal information was stored on insecure publicly-accessible web servers.

Skype's initial reaction, reported here by the Wall Street Journal, was dismissive and somewhat flippant in tone, making it seem as if they didn't take the situation too seriously:

...The idea that the Chinese [government] might be monitoring communications in and out of the country shouldn't surprise anyone, and in fact, it happens regularly with most forms of communication such as emails, traditional phone calls, and chats between people within China and between people communicating to people in China from other countries.

Nevertheless, we were very concerned to hear about the apparent security issue which made it possible for people to view chat information among mainly Tom users, and we are pleased that, once we informed Tom about it, that they were able to fix the flaw.

They later added a statement that is more appropriate if you want your users to think you take their privacy and rights to free expression seriously:

In 2006, Skype publicly disclosed that Tom operated a text filter that blocked certain words on chat messages but that it did not compromise Tom customers' privacy. Last night, we learned that this practice was changed without our knowledge or consent and we are extremely concerned. We deeply apologize for the breach of privacy on Tom's servers in China and we are urgently addressing this situation with Tom.

We confirm our strong belief that Skype to Skype communications, enabled by our peer to peer architecture and strong encryption, remain the most secure form of publicly available communications today.

While Skype claims to have fixed the problem, the fact that TOM-Skype was enabling surveillance and privacy breaches in such a shocking manner for a significant period of time demonstrates that eBay/Skype as a company has not placed enough emphasis on protecting users' rights and interests. What else is going on—or has gone on—which users don't know about and which Skype headquarters doesn't know about either? This incident with TOM raises questions about how trustworthy Skype as a company really is. Even if top management did not intend for such a situation to happen, the fact that it did happen shows that management has not made user rights high enough of a priority company-wide, and have failed to communicate well with their local partners about what practices are acceptable and what practices are not. This situation could have been avoided if they had really been thinking through the potential challenges and pitfalls of working with a local partner in offering a localized internet communications product in the mainland Chinese market.

Skype is now learning the lesson Yahoo! already learned the hard way: that if you leave your users' privacy and security to your local partner to sort out without paying too much attention to details or thinking through how things might play out, you could burn your users badly and badly damage the credibility of your global brand.

Yahoo! (along with Google, Microsoft, and others) has been part of an ongoing initiative to develop a global industry code of conduct for free expression and privacy. The initiative should (I hope) go public before the end of this year. In August, in response to queries by U.S. Sentator Richard Durbin about the status of the initiative, some of the companies issued letters. Here are the pdf's of Yahoo!'s and Microsoft's. They are very similar. Microsoft describes the initiative's substance as follows:

We are pleased to report that representatives of the diverse group of human rights organizations, policy groups, companies, socially responsible investors, and academics working on these principles have reached agreement in principle on the core components of a planned ICT ("lnformation, Communications, and Technology") Initiative. The agreement in principle is now being reviewed by each participating entity for final approval, and for a decision whether to participate in (or, as may be appropriate for some entities, simply to endorse) the lnitiative.

Later this year, once these approvals and participation decisions are made, the Initiative's members, plans, and details will be formally announced. At this time, however, we can provide you with some information about the core components of the Initiative, which are as follows:

Principles on Freedom of Expression and Privacy that provide direction and guidance to the ICT industry and other stakeholders on protecting and advancing rights to freedom of expression and privacy globally. The Principles describe key commitments in the following areas: Freedom of Expression; Privacy; Responsible Company Decision Making; Multi-Stakeholder Collaboration; and Governance, Accountability & Transparency.

Implementation Guidelines that provide further detail on how participating companies will put the Principles into practice. The lmplementation Guidelines describe a set of actions which, when followed by a company, would constitute compliance with the Principles, and thereby provide companies with concrete guidance on how to implement the Principles.

A Governance, Accountability and Learning Framework founded on the notion that an organizational and multi-stakeholder governance structure is required to support the Principles and that participating companies should be held accountable for adhering to the Principles through a system of independent assessment.

Companies participating in the Initiative will put the Principles into practice throughout their operations over time, and there will be milestones in terms of reporting along the way. Additionally, the companies and other participants will be working collectively to consider options for public policy engagement, to strengthen government respect for freedom of expression, and to carry out the independent assessments that are part of the accountability process.

While the principles have not yet been published and these structures are not yet set up, anticipation of them is already starting to impact how some of the participating companies operate around the world. Yahoo! now says it conducts human rights assessments before entering "challenging new markets."

It's unfortunate eBay didn't get involved with this initiative back in 2006 when Nart first discovered that Tom was filtering Skype chat. Perhaps they might have avoided this egregious abuse of user trust.

Follow CircleID on Twitter

More under: Censorship, Internet Governance, Privacy

We Value Your Opinion: Please participate in this quick survey

In a major win for the public interest, the Broadband Data Improvement Act passed the Senate (on September 26th) and the House (on September 29th). Due to amendments, it now goes back to the Senate for final approval (should be pro-forma) before it lands on George Bush's desk.

With the United States falling further and further behind a host of other countries, the question on many people's minds (including the folks over at Point-Topic who created this graphic) is, "Why is this happening?"

Yes, that's the United States, chugging along ever closer to the bottom of the pack.

Senator Inouye and Congressman Markey have been pushing for the passage of this bill for quite some time—resurrecting the idea from congress to congress. The Act, with its explicit purpose "To improve the quality of Federal and State data regarding the availability and quality of broadband services and to promote the deployment of affordable broadband services to all parts of the Nation." has drawn widespread opposition from telcos who've claimed that our current data collection efforts are "good enough." Full text of the Act can be found here.

Among its mandates, the Broadband Data Improvement Act requires that:

Demographic Information for Unserved Areas- As part of the inquiry required by subsection (b), the Commission shall compile a list of geographical areas that are not served by any provider of advanced telecommunications capability (as defined by section 706(c)(1) of the Telecommunications Act of 1996 (47 U.S.C. 157nt note)) and to the extent that data from the Census Bureau is available, determine, for each such unserved area

(1) the population;
(2) the population density; and
(3) the average per capita income.

For those of us studying the digital divide, these data will provide much-needed information about the nature of underserved communities. Of course, they could also paint a damning picture of systematic, institutionalized redlining of poor and rural constituencies.

The Act also calls for an in-depth international comparison of broadband service levels, speeds, and pricing. 75 communities in 25 countries, matched "to the extent possible [by] population size, population density, topography, and demographic profile...comparable to the population size, population density, topography, and demographic profile of various communities within the United States" will be assessed.

Even more importantly, the Act requires a "Consumer Survey of Broadband Service Capability"—in other words, it requires collection of real-world information on what's happening with broadband services in the United states. According to the Act:

For the purpose of evaluating, on a statistically significant basis, the national characteristics of the use of broadband service capability, the Commission shall conduct and make public periodic surveys of consumers in urban, suburban, and rural areas in the large business, small business, and residential consumer markets to determine

(A) the types of technology used to provide the broadband service capability to which consumers subscribe;
(B) the amounts consumers pay per month for such capability;
(C) the actual data transmission speeds of such capability;
(D) the types of applications and services consumers most frequently use in conjunction with such capability;
(E) for consumers who have declined to subscribe to broadband service capability, the reasons given by such consumers for declining such capability;
(F) other sources of broadband service capability which consumers regularly use or on which they rely; and
(G) any other information the Commission deems appropriate for such purpose.

Along with requirements to investigate how best to collect a host of different metrics and a mandate for states to likewise engage in broadband data collection efforts, the Broadband Data Improvement Act represents an important step forward in addressing the broadband market failure gripping the United States. Though the Act's loopholes may yet allow for further obfuscation of critically important data, overall, this Act adds a great deal of momentum to efforts to increase digital inclusion and foster universal, affordable broadband access.

Follow CircleID on Twitter

More under: Access Providers, Broadband, Policy & Regulation

We Value Your Opinion: Please participate in this quick survey

This month marks the fifth annual National Cyber Security Awareness Month. The U.S. Department of Homeland Security's (DHS) National Cyber Security Division (NCSD) will be actively engaging public and private sector partners through events and initiatives to increase overall awareness and minimize vulnerabilities. This year, according to DHS, 28 state governors signed a proclamation in recognition of National Cyber Security Awareness Month and 51 endorsements were provided by companies, non-profits, universities and government agencies. The U.S. House of Representatives passed a resolution declaring October as National Cyber Security Awareness Month. To learn more, visit DHS and StaySafeOnline.org.

Follow CircleID on Twitter

More under: Security

We Value Your Opinion: Please participate in this quick survey

Canadian human-rights activists and computer security researchers have released a report on the extensive surveillance system in China that monitors and archives text conversations that include politically charged words. The research group, called Information Warfare Monitor, is a joint project of The SecDev Group, and the Citizen Lab, at the Munk Centre for International Studies, University of Toronto. The following are introductory excerpts from the study:
* * *

Our investigation reveals troubling security and privacy breaches affecting TOM-Skype—the Chinese version of the popular voice and text chat software Skype, marketed by the domestic Chinese company TOM Online. TOM-Skype routinely collects, logs and captures millions of records that include personal information and contact details for any text chat and/or voice calls placed to TOM-Skype users, including those from the Skype platform. These records are kept on publicly-accessible servers, along with the information required to decrypt these log files. These files contain the full text of chat messages sent and/or received by TOM-Skype users that contain particular keywords that trigger TOM-Skype's content-filtering capability.

Our investigation revealed eight servers that are part of the TOM-Skype surveillance network. In addition, we found one server hosting a special version of TOM-Skype designed for use in "net bars" or cybercafés. This server contained log files and information that revealed the list of the words that the system censored. Another server captured data from TOM Online's wireless services, and contained logs of SMS messages and other sensitive information.

The log files obtained during the course of the investigation reveal information such as the IP addresses, usernames (and land line phone numbers) used to place or receive TOM-Skype calls, as well as the full content of filtered messages and the time and date of each message. The collected data affects all TOM-Skype users and also captures the personal information of any Skype users that interacted with registered TOM-Skype users. This represents a severe security and privacy breach. It also raises troubling questions regarding how these practices are related to the Government of China's censorship and surveillance policies. The captured messages contain keywords relating to sensitive topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.

Security problems appear to be endemic at TOM Online. The publicly-accessible servers accessed by our investigation are insecure and contain information that can be used to exploit the TOM-Skype server network. It is possible that a malicious attacker could exploit vulnerabilities in the system and access the millions of logged communications and, possibly, detailed user profiles. In fact, evidence suggests that the servers used to store captured data have been compromised in the past and used to host pirated movies and torrents.
* * *

The study has raised key issues such as the extent of cooperation between TOM Online, Skype and the Chinese government in monitoring the communications of activists, dissidents and ordinary citizens. The study has listed the following as "Major Facts" in the findings:

• The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.
• These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.
• The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.
• Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

The following is a chart of the 96,499 messages that were successfully translated with machine translation where 15,156 messages (15.71%) contained the word "communist", 6,744 contained "Falun" (6.99%) and 2,363 (2.45%) contained "Taiwan Independence."

Readers can learn more by visiting the Information Warfare Monitor website where this report titled, "Breaching Trust: An analysis of surveillance and security practices on China's TOM-Skype platform" can be downloaded.

Update 10/2/2008 10:49 AM PST: Jennifer Caukin, an eBay spokeswoman, has issued the following statement today:

"In China, TOM Online is the majority partner in our joint venture that brings Internet communications to Chinese citizens. The software developed and distributed in China by TOM utilizes Skype functionality, and TOM, just like any other communications company in China, has established procedures to meet local Chinese laws and regulations.

In 2006, Skype publically disclosed that Tom operated a text filter that blocked certain words on chat messages but that it did not compromise Tom customers' privacy. Last night, we learned that this practice was changed without our knowledge or consent and we are extremely concerned. We deeply apologise for the breach of privacy on Tom's servers in China and we are urgently addressing this situation with Tom.

We confirm our strong belief that Skype to Skype communications, enabled by our peer to peer architecture and strong encryption, remain the most secure form of publically available communications today."

Update 10/2/2008 1:28 PM PST: President of Skype, Josh Silverman has addresses the Chinese privacy breach on the company blog.

Follow CircleID on Twitter

More under: Censorship, Internet Governance, Privacy

We Value Your Opinion: Please participate in this quick survey

A decade has passed since Jon Postel left our midst. It seems timely to look back beyond that decade and to look forward beyond a decade hence. It seems ironic that a man who took special joy in natural surroundings, who hiked the Muir Trail and spent precious time in the high Sierras was also deeply involved in that most artificial of enterprises, the Internet. As the Internet Assigned Numbers Authority (IANA) and the RFC editor, Jon could hardly have chosen more polar interests. Perhaps the business of the artificial world was precisely what stimulated his interest in the natural one.
The significance of Jon Postel's contributions to building the Internet, both technical and personal, were such that a memorial recollection of his life forms part of the core technical literature sequence of the Internet in the form of RFC 2468 "I Remember IANA", written by Vinton Cerf. This is no trivial thing given that between 1969 and February 2002, only 3,240 RFCs were published.
Source: Jon Postel – Wikipedia

As a graduate student at UCLA in the late 1960s, Jon was deeply involved in the ARPANET project, becoming the first custodian of the Request for Comment note series inaugurated by Stephen D. Crocker. He also undertook to serve as the "Numbers Czar" tracking Domain Names, Internet Addresses, and all the parameters, numeric and otherwise, that were key to the successful functioning of the burgeoning ARPANET and, later, Internet protocols. His career took him to the east and west coasts of the United States but ultimately led him to the University of Southern California's Information Sciences Institute (ISI) where he joined his colleagues, Danny Cohen, Joyce K. Reynolds, Daniel Lynch, Paul Mockapetris and Robert Braden, among many others, who were themselves to play important roles in the evolution of the Internet.

It was at ISI that Jon served longest and as the end of the 20th Century approached, began to fashion an institutional home for the work he had so passionately and effectively carried out in support of the Internet. In consultation with many colleagues but particularly with Joseph Sims of the Jones Day law firm and Ira Magaziner, then at the Clinton administration White House, Jon worked to design an institution to assume the IANA responsibilities. Although the path to its creation was rocky, the Internet Corporation for Assigned Names and Numbers (ICANN) was officially created in early October, 1998, just two weeks before Jon's death on October 16.

In 1998 there were an estimated 30 million computers on the Internet and an estimated 70 million users. In the ensuing decade, the user population has grown to almost 1.5 billion and the number of servers on the Internet now exceeds 500 million (not counting episodically connected laptops, personal digital assistants and other such devices). As this decade comes to a close, the Domain Name System is undergoing a major change to accommodate the use of non-Latin character sets in recognition that the world's languages are not exclusively expressible in one script. A tidal wave of newly Internet-enabled devices as well as the increasing penetration of Internet access in the world's population is consuming what remains of the current IPv4 address space, driving the need to adopt the much larger IPv6 address space in parallel with the older one. Over three billion mobiles are in use and roughly 15% of these are already Internet-enabled.

Jon would take considerable satisfaction knowing that the institution he worked hard to create has survived and contributed materially to the stability of the Internet. Not only has ICANN managed to meet the serious demands of Internet growth and importance in all aspects of society, but it has become a worked example of a new kind of international body that embraces and perhaps even defines a multi-stakeholder model of policy making. Governments, civil society, the private sector and the technical community are accommodated in the ICANN policy development process. By no means a perfect and frictionless process, it nonetheless has managed to take decisions and to adapt to the changing demands and new business developments rooted in the spread of the Internet around the globe.

Always a strong believer in the open and bottom-up style of the Internet, Jon would also be pleased to see that the management of the Internet address space has become regionalized and that there are now five Regional Internet Registries cooperating on global policy and serving and adapting to regional needs as they evolve. He would be equally relieved to find that the loose collaboration of DNS root zone operators has withstood the test of time and the demands of a hugely larger Internet, showing that their commitment has served the Internet community well. Jon put this strong belief into practice as he was founder and ex-officio trustee of ARIN.

As the very first individual member of the Internet Society he helped to found in 1992, Jon would certainly be pleased that it has become a key contributor to the support of the Internet protocol standards process, as intended. The Internet Architecture Board and Internet Engineering and Research Task Forces as well as the RFC editing functions all receive substantial support from the Internet Society. He might be surprised and pleased to discover that much of this support is derived from the Internet Society's creation of the Public Internet Registry to operate the .ORG top level domain registry. The Internet Society's scope has increased significantly as a consequence of this stable support and it contributes to global education and training about the Internet as well as to the broad policy developments needed for effective use of this new communication infrastructure.

As a computer scientist and naturalist, Jon would also be fascinated and excited by the development of an interplanetary extension of the Internet to support manned and robotic exploration of the Solar System. This very month, the Jet Propulsion Laboratory will begin testing of an interplanetary protocol using the Deep Impact spacecraft now in eccentric orbit around the sun. This project began almost exactly ten years ago and is reaching a major milestone as the first decade of the 21st Century comes to an end.

It is probable that Jon would not agree with all the various choices and decisions that have been made regarding the Internet in the last ten years and it is worth remembering his philosophical view:

"Be conservative in what you send and liberal in what you receive."

Of course, he meant this in the context of detailed protocols but it also serves as a reminder that in a multi-stakeholder world, accommodation and understanding can go a long way towards reaching consensus or, failing that, at least toleration of choices that might not be at the top of everyone's list.

No one, not even someone of Jon's vision, can predict where the Internet will end up decades hence. It is certain, however, that it will evolve and that this evolution will come, in large measure, from its users. Virtually all the most interesting new applications of the Internet have come, not from the providers of various Internet-based services but from ordinary users with extraordinary ideas and the skills to try things out. That they are able to do this is a consequence of the largely open and non-discriminatory access to the Internet that has prevailed over the past decade. Maintaining this spirit of open access is the key to further development and it seems a reasonable speculation that if Jon were still with us, he would be in the forefront of the Internet community in vocal and articulate support of that view.

A ten-year toast seems in order. Here's to Jonathan B. Postel, a man who went about his work diligently and humbly, who served all who wished to partake of the Internet and to contribute to it, and who did so asking nothing in return but the satisfaction of a job well done and a world open to new ideas.

Follow CircleID on Twitter

More under: DNS, IP Addressing

We Value Your Opinion: Please participate in this quick survey

If you have rules and regulations but don't enforce them then there's little point in having any rules or regulations in the first place.

One of the criticisms that is often leveled at ICANN is with regard to compliance issues. There are a number of areas where ICANN accredited registrars may be flounting the rules, but if nobody does anything about it then none of the registrars will have any incentive to actually comply.

According to the latest ICANN news alert notices have been sent to both Joker.com and DNS.com.cn for WHOIS policy issues.

All ICANN accredited registrars are bound under their contract with ICANN (the RAA, which has been under review for over a year) and if ICANN deems it necessary they may actually lose their accreditation for non-compliance.

In the last 12 months there have been a number of registrars who have lost their accreditation, though none would have attracted the level of media attention of Registerfly. That a relatively large European registrar such as Joker would be subject to this kind of "wake up call" puts things in a whole new perspective.

What would be the impact on the European internet community if one of their own were to lose their ICANN accreditation?

Follow CircleID on Twitter

More under: Domain Names, Internet Governance, Law

We Value Your Opinion: Please participate in this quick survey

According to Google's findings released today, the company claims that its energy-optimized data centers are the most efficient in the world. More specifically, the company says that its data centers "use nearly five times less energy than conventional facilities to feed and cool the computers inside." This includes efforts to optimize every element in the data center, from the chip to the cooling tower. "As a result, the energy used per Google search is minimal. In the time it takes to do a Google search, your own personal computer will use more energy than we will use to answer your query."

Follow CircleID on Twitter

More under: Web

We Value Your Opinion: Please participate in this quick survey

The Internet Corporation for Assigned Names and Numbers (ICANN) held a meeting today in Washington, D.C. discussing concerns over the organization's takeover by governments and other outside entities as well as the need for further accountability to Internet users.

ICANN's current oversight agreement with the U.S. government comes to an end in a year and there are no plans to sign a new agreement according to ICANN officials. However in the past few years, representatives of other countries have called for an international organization to oversee the 10-year-old ICANN. In order to steer clear of outside takeovers, ICANN proposes remaining in the U.S. where it can take advantage of the countries relatively strong antitrust and competitive laws.

Follow CircleID on Twitter

More under: Internet Governance

We Value Your Opinion: Please participate in this quick survey

Wikipedia founder Jimmy Wales has met with the Chinese government body in charge of censoring online content in the country. Cai Mingzhao, Vice Director of China's State Council Information Office in charge of China's "Internet Management Division" (censorship division), discussed Wales' concerns regarding censorship. Although no deals or agreements where made, it has been reported that the meeting has "opened a channel of communication and dialogue between the Wikipedia community and the Chinese government."

Rebecca MacKinnon, Assistant Professor at the University of Hong Kong's Journalism and Media Studies Centre reports: "Since 2005 Wikipedia—both Chinese and English—has been blocked in China, but it was unblocked in the run-up to the Olympics, along with a number of other overseas websites. At last year's Wikimania meeting in Taipei, Jimmy was adamant in stating that neither Wikipedia nor his company, Wikia, will ever agree to censor content at the request of Chinese authorities. Google's decision to offer a censored search engine in China, he said last year, was 'a bad business decision for Google… When there is a sufficient amount of change that the Great Firewall is torn down, the Chinese people will appreciate that Wikipedia stood its moral ground.'"

Follow CircleID on Twitter

More under: Censorship, Web

We Value Your Opinion: Please participate in this quick survey

Researchers at a Finnish security firm Outpost 24 claim to have discovered a flaw in the Internet Protocol that can disrupt any computer or server. After keeping the flaw quiet for years, the researchers hope that going public will help accelerate the creation of a solution, according to PC World Australia.

The flaw enables attackers to bring computers and servers to a halt by sending a few specially formed TCP/IP packets. The result can be compared to a denial of service attack (DDoS), in which networks are flooded with traffic. However in this case only minimal amount of traffic is required. "We're talking 10 packets per second to take down one service," Jack Lewis, a senior researcher with Outpost24.

Follow CircleID on Twitter

More under: Internet Protocol, Security

We Value Your Opinion: Please participate in this quick survey

ICANN, the Internet Corporation for Assigned Names and Numbers, was officially incorporated on 30 September 1998 as a nonprofit public benefit corporation. Headquartered in Marina Del Rey, California, United States, ICANN was assigned to oversee a number of Internet-related tasks originally performed directly on behalf of the U.S. government by other organizations, such as the Internet Assigned Numbers Authority (IANA). Back in 1998, there was only one domain name registrar; now there are over 900 ICANN-accredited registrars in the world and over 168 million domain names registered.

"Ten years ago, there were 100 million people that used the Internet. Its inventors originally thought the network would only ever have to cater for one million users. But in the creation of ICANN, the Internet community and the US Government recognized they needed to privatize the domain name system to increase competition and international participation," says Peter Dengate Thrush, current Chairman of the Board of ICANN. "Thanks to that decision, and with nearly one-and-a-half billion people online, the network goes from strength to strength. And we hope, with the plans we have laid on the table, that the next ten years of extraordinary growth also occurs seamlessly for ordinary Internet user."

Follow CircleID on Twitter

More under: Domain Names, Internet Governance

We Value Your Opinion: Please participate in this quick survey

Richard Stallman, founder of the Free Software Foundation and creator of the computer operating system GNU, says cloud computing is essentially a trap that will eventually pressure more people into buying locked, proprietary systems that will continue to cost them more over time. "It's stupidity. It's worse than stupidity: it's a marketing hype campaign," says Stallman. Bobbie Johnson, Guardian's technology correspondent says 'his comments echo those made last week by Larry Ellison, the founder of Oracle, who criticized the rash of cloud computing announcements as "fashion-driven" and "complete gibberish".'

Follow CircleID on Twitter

More under: Privacy, Web, Web Hosting

We Value Your Opinion: Please participate in this quick survey