Internet i inne organizacje

Close to 3,000 memory cards in HTC Magic phones may be infected with malware after initial assumption by the company, Vodafone, that it was an isolated incident when first discovered by a customer. "It is unclear how the batch of memory cards became infected and an investigation is under way, said a spokesman for Vodafone in Spain. There are no problems with either the HTC Magic phone or its Android OS. The malware only affected phones sold in Spain."

Read full story: Computerworld

Follow CircleID on Twitter

More under: Malware, Security

EFF today filed its appeal to the 9th Circuit Court of Appeals of the dismissal of Jewel v. NSA, the case EFF brought against the U.S. government and government officials on behalf of AT&T customers to stop the National Security Agency's illegal, unconstitutional, and ongoing mass surveillance of their communications and communications records. The case arises from the still growing stacks of evidence confirming the surveillance, including the technical documents presented by former AT&T employee Mark Klein that describe the NSA's secret mass wiretapping facility in San Francisco.

On January 21, 2010, the District Court dismissed the case based on the dangerous and incorrect theory that because so many people have been impacted by the widespread surveillance, no individual person has a "particularized injury." This ruling is not only wrong -- the NSA's interception of your private emails with your doctor, spouse or child is an individual harm to you regardless of whether it also happened to other people too -- but also extremely dangerous because it would have the courts blind themselves to massive violations of the law and the Constitution on the grounds that they impact too many people.

Despite disappointments from both the Obama Administration and now the Federal District Court, EFF will continue to fight to protect your privacy against the warrantless wiretapping in both the Jewel and the Hepting cases, each of which will next be argued before the 9th Circuit Court of Appeals.

Today, after three years of litigation, the Viacom v. YouTube combatants finally publicly released their briefs (Viacom's; YouTube's; Class Action Plaintiffs') in what most expect to be the main event in the case, namely, cross-motions for summary judgment (for the non-lawyers: a summary judgment motion asks the court to rule that the case is such a slam dunk in your favor that no trial is necessary).

One surprise from Viacom is a concession that it basically has no beef with YouTube as it has been run since May 2008: "[W]e do not ask the Court to address potential liability for post-May 2008 infringement in this motion and, if Viacom's summary judgment motion is granted, do not intend to do so at trial." What happened in May 2008? That would be when YouTube launched its Content ID system, enabling copyright owners to "claim" their content and decide whether it will be blocked or monetized on YouTube.

In other words, this case isn't really about YouTube (at least YouTube circa 2010). It's about Viacom's effort to get the court to re-write the DMCA safe harbors to require everyone else to implement (and pay for) copyright filtering. If Viacom succeeds, it would radically change the innovation environment for all Internet companies that depend on the DMCA safe harbors.

Why are the DMCA safe harbors so important? YouTube says it best:

Congress laid the legal foundation for the modern Internet era when it enacted the DMCA in 1998, protecting online services from liability for copyright infringement claims based on their users’ actions. Congress recognized that robust online communications would be chilled if service providers faced unlimited damages claims based on material that their users posted or transmitted. The DMCA thus created a set of “safe harbors” immunizing service providers who respond properly to copyright holders’ notifications of alleged infringement. That policy choice enabled the evolution of a new generation of websites devoted to user­ generated content, letting individuals the world over express themselves and form new communities through blog posts, social networks, photography, and video.

YouTube points out that it follows all the requirements of the DMCA safe harbor for "hosting" providers—it has a Copyright Agent, it terminates repeat infringers, and it responds to DMCA takedown notices, among other things. (Several rulings have previously confirmed that video hosting sites like YouTube can qualify for the safe harbors.)

Rather than focusing on any of these points, Viacom instead launches a broad attack on the applicability of the safe harbors to any secondary liability claims (contributory infringement, inducement, or vicarious liability):

"Thus, the preconditions of the DMCA immunity reflect and largely track traditional liability standards. If Defendants are liable for infringement under these long established standards, they thereby also lose resort to the DMCA."

The trouble with that argument is that it's precisely the opposite of what Congress said it meant to accomplish:

"The [DMCA safe harbors] protect qualifying service providers from liability for all monetary relief for direct, vicarious and contributory infringement."

(Conference Committee Report, H. Rep. 105-796 at page 73, the very last word from Congress on what they meant to be doing with the statutory language that became law.)

So what Viacom is asking for here is a radical re-write of the DMCA that, if accepted, would put all kinds of online service providers at risk of huge statutory damages for copyright infringement. Is eBay used to commit copyright infringement every day by some users? Sure. Do people use Microsoft's Bing to find infringing materials? Check. Do online lockering services get used to store infringing materials? Do users send infringing email attachments? How about the "send file" features of every instant messaging system? The only reason these (and many other) online services exist is because the DMCA safe harbors give them rules to follow that are much clearer than the murky standards for "secondary liability." If Viacom is right, then there are no clear rules to follow, except "beg permission from every copyright owner first." And that's a rule that would hobble innovation and competition online.

Fortunately, most of Viacom's arguments are simply a rehash of arguments that have already been rejected by other courts. Here's hoping that this court is not fooled.

Today, EFF Senior Counsel David Sobel testified in a congressional hearing on the Freedom of Information Act (FOIA) and the Obama administration. David's testimony outlined the disconnect between the White House's strong message on open government and the bureaucratic resistance to transparency in general.

The Obama administration marked a sea-change in official statements of policy about the FOIA, with the president directing agencies to have a "presumption of openness." But while the president and other top officials have said the right things, government agencies are still withholding wide swaths of information, and government attorneys are reflexively defending the practice when we are forced to take our FOIA cases to court.

Obama's Attorney General, Eric Holder, specifically told agencies that the Department of Justice would only defend FOIA denials under very narrow circumstances. However, EFF and other transparency groups have not noticed any substantial change. So we joined these other organizations in asking the DOJ to periodically publish a list of FOIA lawsuits it has declined to defend under Holder's new guidelines. The DOJ rejected this suggestion, but in EFF's testimony today, David urged lawmakers to request this information themselves and to make it publicly available.

This could be, of course, yet another example of how transparency forces accountability. Today's hearing comes during Sunshine Week, the annual celebration of America's open government laws and the better government that they help encourage. Just this week, the media widely reported the information EFF received on how law enforcement agencies use social networking sites to gather information in investigations. We are very proud of the breadth of information EFF's FOIA work has brought to light -- information that would have remained out of the public eye without the Freedom of Information Act and our litigation.

For FOIA to do the work the law is meant to do -- foster transparency, force accountability, and fight needless secrecy -- we need to keep fighting for honest disclosure. Read David's full testimony for all of EFF's suggestions to Congress. We hope lawmakers soon do good work on this important issue.

Today, the Kentucky Supreme Court reversed a state court of appeals ruling blocking an attempt by the Commonwealth of Kentucky to seize 141 domain names allegedly tied to illegal gambling. The Kentucky Supreme Court held that while many of the arguments presented in opposition to the seizure order were "compelling" and that they "may have merit," the Interactive Media Entertainment & Gaming Association (iMEGA) and the Interactive Gaming Council (IGC) lacked standing to bring the challenge because it was not clear that they represented any party actually affected by the order. The Supreme Court explicitly noted that "[i]f a party that can properly establish standing comes forward, the writ petition giving rise to these proceedings could be re-filed with the Court of Appeals."

The case began in late 2008 when, in a move to combat what it viewed as illegal online gambling, the Commonwealth of Kentucky convinced a state court to order the "seizure" of 141 domain names because the names allegedly constituted "gambling devices" that are banned under Kentucky law -- even though the sites were owned and operated by individuals outside of the state, and in many cases even outside of the country. Unless the sites screened out Kentucky users, the court held, the seizure order was proper. Despite the lack of extra-territorial authority of Kentucky state courts, some out-of-state registrars complied with the order and froze users' domain names.

In amicus briefs filed with the Court of Appeals and the Kentucky Supreme Court in support of a writ vacating the trial court's order, EFF, Center for Democracy and Technology (CDT), and the American Civil Liberties Union (ACLU) argued that the First Amendment, the Commerce Clause, and the Due Process Clause of the Constitution prohibit state courts from interfering with Internet domain names that were registered and maintained outside the state.

EFF expects to participate as amicus in future proceedings if and when the affected domain name registrants continue their challenge to the trial court's ruling.

HTTPS is the backbone of web security. The protocol, which is also commonly known as the Secure Sockets Layer (SSL), is what guarantees we can use the web to transmit sensitive information — financial, medical, or other — with relative confidence that it won't be intercepted or stolen. EFF has been arguing for years that best practices demand that all sensitive data be sent exclusively over SSL.

Unfortunately, most major providers of web-based email and other sensitive web-based services do not even give their users the option of using SSL, let alone turn it on by default. As a result, countless terabytes of sensitive data are transmitted over the Internet insecurely every day, greatly contributing to online fraud, data-theft and surveillance by authoritarian regimes.

Now, the Federal Trade Commission has officially put these companies on-notice. In a speech before an FTC roundtable yesterday, outgoing FTC Commissioner Pamela Jones Harbour called on Web services services like Yahoo!, Facebook and Hotmail to start using HTTPS/SSL encryption.

Google has recently shown leadership in this space, by enabling HTTPS for Gmail, as well as making it the default behavior so that even users who don't understand security will be protected. It's time for other services (including Google Search!) to catch up with Gmail.

As Commissioner Harbour put it:

These vulnerabilities are easily preventable. Security needs to be a default in the cloud.

We couldn't agree with her more.

Worried about plans for California's "smart grid"? We are too. Energy usage data, with new hyper-close monitoring provided by the "smart grid", allows intimate reconstruction of your household activities -- like when you wake up, when you come home, and when you go on vacation.

These concerns sparked our comments to the state's Public Utilities Commission last week, calling on the agency to consider critical privacy questions as it rolls out its "smart meters" across California. Now there's a chance for you to learn more and weigh in. This Friday, the California PUC is hosting a public hearing in San Francisco from 9:30 a.m to 4:30 p.m. at its headquarters at 505 Van Ness Ave. A panel on ensuring public privacy runs from 10:30 a.m. to noon. We hope to see you there.

In February, we published "Digital Books and Your Rights," a checklist for readers considering buying into the digital book marketplace. The folks behind the Ibis Reader ebook service have gone ahead and posted thoughtful answers to each question, inviting their users into an honest discussion about the features, policies, and practices around its software.

While we don't agree with all of Ibis Reader's answers, they deserve full marks for being proactive about confronting these emerging digital books issues, and for striving to be clear with its users and customers. They know what's up — the modern gadget hound knows to look beneath the shiny surface and ask critical questions about how open a platform is and whether or not privacy is sufficiently prioritized and protected. Our "Digital Books and Your Rights" checklist helps guide users making that inquiry, and Ibis Reader is smart to approach current users and potential customers with openness.

Egypt has banned international calls via mobile internet connections in a apparent reaction to a drop in international call volumes made through country's landline monopoly Telecom Egypt. "The ban is on Skype on mobile internet, not on fixed, and this is due to the fact it is against the law since it bypasses the legal gateway," said Amr Badawy, the executive president of the National Telecommunication Regulatory Authority (NTRA).

Read full story: Reuters

Follow CircleID on Twitter

More under: Mobile, Policy & Regulation, Telecom

Federal regulators on Tuesday made public the details of their ambitious policy to encourage the spread of high-speed Internet access. But their 376-page proposal, the National Broadband Plan, was met with a chorus of questions, even from the staunchest advocates of its goals. Telecommunications companies praised the intent but worried that new regulations might impede rather than encourage their progress in expanding Internet access.

Read full story: New York Times

Follow CircleID on Twitter

More under: Broadband, Policy & Regulation

Here's a movie pitch: One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren't quite what they seem. There's a "secret room" downstairs, and ordinary employees aren't allowed to enter it. Coworkers — almost casually! — remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government's ominous eye-and-pyramid "Total Information Awareness" logo.

Soon, the plot thickens. Mundane technical procedures produce startling revelations. He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic. And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans.

All this in the early 2000s, when "the political atmosphere in the country after 9/11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse."

What happens to our hero when he finally decides to go public?

Even though I'd heard Mark Klein's story before, I'd never considered just how frightening and surreal his experience must have been. His new memoir reads like something out of a kafka-esque sci-fi spy thriller — except that it all really happened right here in the USA, just a few years ago.

For instance, when Klein shares his evidence with an eager reporter for the Los Angeles Times, at first he's told the story will be ground-breaking and "a big front-page spread." Yet, the story languishes for weeks.

Klein writes:

On Feb 11 (2006), I got a call from Joe Menn, the Los Angeles Times reporter, who told me that their "top guy" was going to have a meeting with the Director of National Intelligence John Negroponte himself about this story over the weekend. I nearly fell down in shock — they were actually negotiating with the government on whether to publish!... More importantly, this meant Negroponte knew about my documents — and me.

Indeed, as ABC's Nightline revealed much later, both Negroponte and National Security Agency Director Michael Hayden pressured the LA Times to kill the story. And when Klein told his story to CBS's 60 Minutes, they too eventually killed the story without explanation.

In the end, of course, Klein's evidence became the backbone of EFF's lawsuit against AT&T for their complicity in illegal government spying. Originally ignored by Senators and newspapers alike, his evidence was ultimately so damning that it could only be defeated by an unprecedented "telco immunity" law pushed by the Bush White House and passed by the US Congress amidst a massive public controversy. EFF then relied on Klein's evidence for a case against the government, which has been met with fierce resistance by the Obama Administration.

Klein's journey, from quiet cubicle technician to personal enemy of the White House and Pentagon, is amazing, moving and eerie. His story, "Wiring Up The Big Brother Machine... And Fighting It," is on sale now.

Here's a movie pitch: One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren't quite what they seem. There's a "secret room" downstairs, and ordinary employees aren't allowed to enter it. Coworkers — almost casually! — remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government's ominous eye-and-pyramid "Total Information Awareness" logo.

Soon, the plot thickens. Mundane technical procedures produce startling revelations. He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic. And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans.

All this in the early 2000s, when "the political atmosphere in the country after 9/11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse."

What happens to our hero when he finally decides to go public?

Even though I'd heard Mark Klein's story before, I'd never considered just how frightening and surreal his experience must have been. His new memoir reads like something out of a kafka-esque sci-fi spy thriller — except that it all really happened right here in the USA, just a few years ago.

For instance, when Klein shares his evidence with an eager reporter for the Los Angeles Times, at first he's told the story will be ground-breaking and "a big front-page spread." Yet, the story languishes for weeks.

Klein writes:

On Feb 11 (2006), I got a call from Joe Menn, the Los Angeles Times reporter, who told me that their "top guy" was going to have a meeting with the Director of National Intelligence John Negroponte himself about this story over the weekend. I nearly fell down in shock — they were actually negotiating with the government on whether to publish!... More importantly, this meant Negroponte knew about my documents — and me.

Indeed, as ABC's Nightline revealed much later, both Negroponte and National Security Agency Director Michael Hayden pressured the LA Times to kill the story. And when Klein told his story to CBS's 60 Minutes, they too eventually killed the story without explanation.

In the end, of course, Klein's evidence became the backbone of EFF's lawsuit against AT&T for their complicity in illegal government spying. Originally ignored by Senators and newspapers alike, his evidence was ultimately so damning that it could only be defeated by an unprecedented "telco immunity" law pushed by the Bush White House and passed by the US Congress amidst a massive public controversy. EFF then relied on Klein's evidence for a case against the government, which has been met with fierce resistance by the Obama Administration.

Klein's journey, from quiet cubicle technician to personal enemy of the White House and Pentagon, is amazing, moving and eerie. His story, "Wiring Up The Big Brother Machine... And Fighting It," is on sale now.

There is an old saying that "bad news comes in threes." Domain name service providers have witnessed two unsettling developments in the past few weeks. The third, still winding its way through the U.S. Congress, could have enormous ramifications. Registries and registrars, in particular, need to speak up or resign themselves to the consequences.

French Court Orders Fines for Parking

As previously reported, in mid-February 2010 a French court fined Sedo €95,000 ($130,000) for parking a trademark infringing domain name. SafeNames reportedly was fined $5,000 in this case for being the domain registrar. The court used terms like "fraud," "counterfeiting" and "unfair competition" in its ruling. While some in the industry may dismiss this as a case of "beware the (potentially) high costs of doing domain-related business in France," the judgment could serve as a dangerous legal precedent. Furthermore, it could embolden intellectual property protection advocates seeking any and all means to expand the limits and application of trademark law.

Utah Trying to Expand Internet Regulation

Utah has a documented history of attempting to regulate various Internet-related activities. Most have been struck down in court or repealed in subsequent legislative sessions. Nevertheless, Utah's latest attempt is called the "Utah E-Commerce Integrity Act" (SB26), and includes provisions to restrict phishing, pharming, and spyware, as well as a state-level version of the U.S. Anti-Cybersquatting Consumer Protection Act (ACPA). The problem with this legislation, unlike the ACPA, is that it intends to hold liable a registrar, registry, or "other domain name authority" who "knowingly assists" a cybersquatter in a local alleged cybersquatting case. Who knows how broadly the courts will interpret this "knowingly" language. Despite advocacy efforts to convince the bill's sponsor, State Senator Stephen H. Urquhart, to exempt domain name service providers in a manner consistent with federal safe harbor provisions, the Senator refused and no such amendments were made. Consequently, the bill now awaits Governor Gary R. Herbert's likely signature. Not only will registrars and registries have to inappropriately defend themselves on cybersquatting charges in Utah courts, but the Coalition Against Domain Name Abuse (CADNA, a trademark protection association of almost two dozen global brand holders that promoted Sen. Urquhart's efforts) intends to lobby Congress for a national provision along the same lines.

FTC Rulemaking Could Be a Game Changer

Potentially the most far reaching initiative is yet to come. The U.S. Congress is currently working on a reauthorization bill for the Federal Trade Commission (FTC) which could expand the agency's rulemaking authority. An already approved House bill would give the FTC streamlined rulemaking authority over aspects of the business community, thereby allowing the Commission to pursue policy initiatives with little of the typical bureaucratic red tape. For the domain industry, this could mean, for example, that the FTC may decide to issue a new rule requiring US-based registry operators to enforce strict WHOIS accuracy requirements. A registries' failure to comply with these new rules could lead to fines or civil action. Of course, any cost of enforcing additional WHOIS requirements would be passed through to registrars, and then, of course, on to registrants—ultimately impacting over 115 million registrations worldwide. It's easy to imagine how such enforcement and monitoring costs could dramatically reshape the domain name industry as we know it.

Fortunately, the die has not been cast. The Senate is considering its own version of the reauthorization language, and this ultimately will have to be reconciled with the House bill. Although many businesses are weighing in against streamlined rulemaking, other powerful interests are lobbying for the authority. Trademark protection advocates most likely are among those proponents. While final legislation probably will be part of a broader package, thereby raising its likelihood of passage, this also increases the prospect of buried clauses and complex legal linkages that demand careful scrutiny and comment.

Now is the time for the registrars and registries to contact Congress and/or get involved with coalitions to work on a coordinated push for an ICANN-related exemption from broadened FTC authority. If domain name service providers just sit around and wait to see what happens, they'll only have themselves to blame for consequences.

Written by Statton Hammock, Sr. Director, Law & Policy

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names, Domain Registries, Law, Policy & Regulation, Top-Level Domains, Whois

I have come to acceptance that the community proposal for Expressions of Interest in new gTLDs (EoI) was removed from consideration during ICANN's March 12th Board Meeting in Nairobi. It should have passed, but it got lobbied into oblivion by some in attendance at the Nairobi meeting. They deserve their say, those who oppose it, but quite frequently the arguments used fail logic once one reflects upon them, or contrast them against the facts.

The EoI did not pass, but the silver lining in it all is that it proved that the community could raise up a proposal to the board using the Bottom-Up approach.

I am grateful. I have a well honed ability to find acceptance in things that I don't agree with. I hate the outcome but I would do it all again.

The many stakeholders and applicants who had been trusting dates and time lines that they had been provided in all meetings between the Paris meeting in June 2008 and the Sydney meeting in 2009, and had been growing businesses and reaching out to communities, carrying the message of ICANN and the promise of new TLDs.

These companies, individuals, volunteers, consultants, they all planned their lives, budgets, marketing, and jobs around the time lines that had been coming from ICANN. Sure, delays and adjustments meant the embarrassment of repeatedly revising and communicating new time lines to their clients, shareholders, boards of directors, communities.

And then came the Seoul ICANN meeting. Rather than get the schedule in place and stop the sliding dates and the embarrassment that they were causing ICANN and the interested stakeholders, ICANN instead opted to clam up about dates and time lines.

This not only completely undermined their own credibility; it froze financial support for new TLD applicants of every shape and size and eliminated institutional confidence in ICANN and its new TLD program.

And in that choice to coward away from communicating dates, ICANN really created the EoI. All I did is channel the contempt, cynicism and abject frustrations of the various community members who had timelines pulled out from under them in the Seoul meeting, working to turn that passion into productive effort. So you could say ICANN was the catalyst.

I am grateful that I had the influence, respect and trust from stakeholders to have pulled so many parties together to collaborate and support an initiative which tested ICANN's 'Bottom-up Process'. And I had the privilege of presenting the concept of an expressions of interest process as a way to keep the new TLD program on pace while removing pressure from the staff and board for evaporating the foundations out from under supporters and believers in the new TLD program at the Seoul meeting.

I cannot take full credit for the Expressions of Interest, it came from a number of people in the community, from a number of various stakeholders who did not want to see the momentum die from ICANNs opting at redacting and retracting communication of dates and timelines.

I just had tenacity to be a spokesperson for a large group of stakeholders in the Seoul meeting but could not at all take all of the credit for the EoI. It was humbling to read through the transcript from the public meeting as I notice the many, many supporters who I consider to be leaders in the community who stepped up after I did in support of the proposal at the public meeting.

It was really just a sensible approach of decoupling the application process from the review, assignment and delegation stages of the new TLD program that we had seen originate from the GAC. I explained that the catalyst was the outright elimination of discussion of dates in Seoul, and that I'd chosen to do something positive and constructive rather than give in to the growing cynicism in the applicant pool.

After gathering many in diverse parts of the community and stakeholder groups to provide a draft document to ICANN that contained a number of concepts and submitting it in the comment period that followed the Seoul board resolution, ICANN staff drafted a proposal for an Expression of Interest process and put it out to the community to comment on.

The community rose up to support or not support the overall concept. Not everyone liked every aspect of it, some loved it outright, and many (especially brands who are fighting with their last breath to oppose the new TLDs but ironically are preparing applications and will apply once they can) sought to quash it.

Ultimately it came down to transparency being the root of its demise. Many brands did not want the double-standard of their position on new TLDs exposed, and fears by governments that a public morality issue would creep in with .f-bomb holding up the whole process, because all strings would be released.

It took reverse psychology and intense lobbying in Nairobi for those who wanted EoI their way or no-way, and those people got what they wanted.

I disagree with the board's decision, but the board was requested to pass or fail the EoI and they failed it opting to allegedly continue the momentum of the new TLD program. Using the Paris meeting announcements that stemmed from the board votes to open up the new TLD program in 2008, things had been progressing along until 'overarching issues' got thrown in front of the process, injecting delays.

I am getting a lot of feedback from within the community that there is deep disappointment and outrage falling out of the board decisions. And I am seeing a lot of people still bracing for the tsunami effect from the EoI being voted into oblivion in the tragic events of 3-12 (The ICANN Board decided to withdraw the Expressions of Interest among other decisions).

We'll see some startups pare down their staff and marketing budgets, other participants will close down entirely or completely move their focus. Make no mistake, jobs were lost as a result of the board's decision to fail the EoI.

I am already witnessing gloating by those interested in delaying the introduction of new TLDs who won a small victory for the status quo amidst the zebras and hippos in Narobi. These are not people who ponder the consequences or outcomes, they only relish victories.

Candidly, I was shocked the EoI did not pass. It essentially was just a time honored technique used in intelligent project management to reduce the ambiguity and theoretical concerns and operate in tandem with the solutions to some of the thorny issues that were open. It had every opportunity to thrive and provide benefit to ICANN, to the applicants, to the communities, investors, to the process itself.

There was an opportunity to make the new TLD program real again after Seoul. In Seoul the new TLD program was converted into vaporous concept with hazy, slippery deadlines that have anyone that follows them met with laughter and doubt when presenting timeline estimates.

Apparently the community had really gotten quite a bit of momentum with the Expressions of Interest concept. It looked like it had some promise. Many elements of the concept were attractive and productive.

But the takeaway and probably the most important thing that happened was that the community rose to present an idea, that the board heard that message, and that it even became something to be voted upon at all.

While I watch many of the investors and communities that were in strong support of the new TLD program wither or hibernate in a process that kills jobs during a weak global economy as a result of the March 12th board votes, I remain optimistic that the new TLD program will continue and we'll see those who had the intestinal fortitude and capable war chests ride out the storm of perpetual delay.

And I would do it all over.

I have not lost my faith in the community. I hope the community has not lost faith in ICANN, and I would encourage the community not to become stoic when their efforts appear for naught like we were shown.

My heart goes out to those who have families to feed that were impacted by the decisions the board made.

Written by Jothan Frakes, Chief Operations Officer at Minds + Machines

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

Last week at the ICANN meeting in Nairobi, a plan was announced by ICANN staff to create a "CERT" for DNS. That's a Community Emergency Response Team (CERT) for the global Domain Name System (DNS). There are all kinds of CERTs in the world today, both inside and outside the Internet industry. There isn't one for DNS, and that's basically my fault, and so I have been following the developments in Nairobi this week very closely.

As the original founder of DNS-OARC (that's the Operations, Analysis, and Research Center for DNS, on the web at WWW.DNS-OARC.NET / see related CircleID interview), I've fielded a lot of questions from folks asking me what I think about all this. The original DNS-OARC plan (written in 2002 or so) called for a 24x7 monitoring and response and coordination function very similar to what's now being proposed by ICANN. Everybody I talked to in 2002 understood the need for this, based on the excellent track record of US-CERT and JP-CERT and even the IT-ISAC. We knew it had to be done by the DNS industry itself, rather than added to the remit of some existing government-supported CERT or ISAC.

Somewhere along the way we got distracted. Or to more accurately place the blame, I got distracted. DNS-OARC was a huge undertaking, and one that I significantly underestimated.  Internet Systems Consortium (ISC) started DNS-OARC using NSF research money, and I think NSF was happy with our results—but producing those results used up a lot of ISC's management bandwidth. DNS-OARC has received unprecedented participation and support from members of the DNS industry, who had never done anything quite like this—but the cycle time for bringing in new members was six to 18 months rather than the six to 18 weeks I planned on. Much has been achieved, but building the data and resources needed to develop OARC's necessary "critical mass" was something that ISC had to rely on partners and members for, and those folks have busy lives and long to-do lists even without this kind of stuff.

Eight years on, ISC has successfully spun DNS-OARC out as a separate non-profit corporation with its own board of directors. DNS-OARC has some fifty (50) members, comprising an unprecedented community of the key technical people from major DNS TLD registries, root operators, vendors and service providers. It has created a set of tools, experience and infrastructure vital for monitoring and analyzing the health of the DNS, and has accumulated an unparalleled set of DNS data captured from the live Internet.

But all this took years longer than I expected, and may have been a more dramatic time investment than DNS-OARC's elected trustees were expecting.

So the reason there is nothing like a "DNS CERT" in the world today is that I, as the founder of DNS-OARC, said that DNS-OARC would handle it, and then I didn't follow through. I plead ignorance and ambition—we got a lot of other great stuff done, including the existence and independence of DNS-OARC itself, so I'm not exactly weeping with guilt. But, when Rod Beckstrom (President of ICANN) got up at the microphone in Nairobi and said, the world needs something like this, and if nobody else is going to build it, he would, I thought, he's absolutely right, it's still 2002 in here, and it's time we—the DNS industry—got this done. We need a 24x7 monitoring and response and coordination function, with full time analysts looking at real time DNS events and participating in a global mesh of DNS NOCs.

Beckstrom's vision that some $4.5M is needed to get DNS-CERT properly off the ground is to be commended, and is one familiar to us at DNS-OARC, where our reach has regularly exceeded our grasp. But we've also learned some lessons over the years, not least that the DNS community guards its autonomy fiercely, and will react adversely to anything that smacks to them of unilaterally imposed central control. Something like a DNS-CERT can only be done at the grass roots level, which is both a constraint and a boon. This explains some of what we've been hearing in the hallways at how, despite its merits, there is some disquiet about the way the DNS-CERT proposal was presented. It is exactly why we went for an autonomous, neutral, membership governance model for DNS-OARC. We have to work cooperatively to ensure that DNS remains 100% available to serve as the Internet's map.

I call upon the world's governments, and upon the gTLD and ccTLD operators, and upon ICANN itself as well as other Internet governance organizations including CENTR, to support DNS-OARC Inc. in finishing what I started; and I call upon DNS-OARC Inc.'s trustees and members to use ICANN's excellent "gap analysis" for the "DNS-CERT" as the starting point to make this happen.

So, the next phone call all of those folks get may be from me, making this appeal personally. Let's make 2010 the year we (all) finally get this done.

Written by Paul Vixie, President, Internet Systems Consortium, Inc.

Follow CircleID on Twitter

More under: DNS, ICANN, Internet Governance, Security

Until today's announcement by Canon, no large brand had broken the "thin brand line" by revealing their plan to apply for their own new top-level domain. Now with Canon's announcement, other major companies have been challenged to either announce their TLD plans or else state that they plan to forgo the chance to brand themselves at the top level of the domain name space.

Until now, in public, large brands have marched in lock step in opposition to new top-level domains, ostensibly because of the high cost of defending and enforcing their marks in multiple new namespaces. The worst-kept secret in the industry, however, is that brands have been making private plans, and brand-service registrars have been prepping their clients for new gTLDs in anticipation of healthy fees for application submission services.

Canon, at least, has decided that the marketing benefits of their own top-level domain outweigh the costs. In the U.S., legal departments, which are good at identifying risk—though not necessarily expert at quantifying it—, exercise a much stronger presence in the corporate boardroom than they do in European and Asian companies.

Could it be that the highly defensive stance of U.S. intellectual property interests, hardened by the file-sharing wars, is not shared by the rest of the world's brands?

In Japan, Canon has decided to cast its lot with the money-makers instead of the money-hoarders. I predict we will see more brands opt for engagement with the Internet by visibly branding themselves with their own new gTLD, but that the the last ones to do so will come from the United States.

Written by Antony Van Couvering, CEO of Minds + Machines

Follow CircleID on Twitter

More under: Domain Names, ICANN, Top-Level Domains

With $72 billion invested in mobile broadband it would be hard to argue that this market is suffering from a lack of investment.

More than half of this is taking place in Asia. Over the last two years close to 300 mobile operators in 120 countries have launched mobile broadband networks (using the 3G HSPA technology) and some 70 of these are already planning the next upgrade of their networks using the LTE technology—the first $5 billion of investment money has been committed to that technology.

The two countries that are ahead of the pack in this are—where else but in Scandinavia?—Sweden and Norway.

Japan and Korea are also moving in this direction but they are using different technologies.

Within that same short time period over 200 million subscribers have embraced mobile broadband and, as reported previously, this has caught many mobile operators unprepared. They were still peddling their mobile portals while the apps available on smart phones almost instantly overtook a market that the mobile operators had been trying to build up for ten years.

Because of the success of this market mobile operators are now scrambling to keep up with an enormous demand for mobile broadband access. They are eager to get at least their share of the access market and competition is driving them to charge ever less for simple broadband access. As a result of this the margins available for mobile operators are being squeezed more and more.

Does that mean that mobile operators will be relegated to becoming pipe suppliers? Not necessarily. They have a number of very powerful tools that they can use. They know mobile customers better than anybody else and they are able to provide a very reliable and secure service—so much so that banks are using their networks to deliver financial services. This has built a powerful trust relationship between operators and some very key service providers. The mobile operators are the only ones who have a very secure identity management service on their networks that can be used by these financial institutions, and (if the mobile operators permit) by others also.

Furthermore, mobile networks are excellent for mobility applications such as GIS, location-based navigation, etc. Again, the mobile operators are currently the only ones who have access to this user information.

It then comes down to whether the mobile operators will be able this time around to also develop business plans that are going to make it attractive for other providers to utilise the network. This will require open networks, wholesale, MVNOs, etc. The question is will they indeed this time around do change their business models, or will they again wait for others to eat their lunch.

Mobile operators and their supporters all talk about a range of essential services such healthcare, education, public safety and so on. Lessons learned from the past will hopefully encourage operators to open up their networks to these public sectors. It is not too difficult to predict that, if this does not happen and consumers want to make more use of mobile broadband infrastructure for such services, regulation will be used to force the operators to open up to these new social and economic opportunities.

What might change their attitude this time is the fact that they now nearly all operate in saturated markets. There are very few new users that can be connected—certainly in the developed markets. So today there is certainly more urgency among the mobile operators to change their business models to cater for the new opportunities. Also, it will only be a matter of time before OTT providers such as Google, Facebook, Twitter, Amazon, eBay, Skype and others will have more sophisticated applications in competition with the mobile operators.

One of the main problems still being experienced by operators at the moment is a lack of sophisticated middleware that would allow them to deliver these new applications more efficiently and effectively. For instance, the many BSS/OSS systems within the mobile operators' organisations are making it very difficult to deliver real-time and on-demand services.

Who will win?

The judges are still out on this. There are the smart device operators like Apple, with their proprietary applications; companies like Google and Microsoft, with devices based on Operating System (OS) innovations; and the mobile operators, who recently formed an alliance to also develop their own apps stores. This broad level of competition will drive innovation and those who are able to deliver the best customer experience are going to be in the lead here.

Over the next few years the mobile market will pass the $1 trillion revenue mark. The stakes are high, the rewards are great, and the future looks very bright indeed. So may the best one win.

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Access Providers, Broadband, Mobile, Telecom

EFF has posted documents shedding light on how law enforcement agencies use social networking sites to gather information in investigations. The records, obtained from the Internal Revenue Service and Department of Justice Criminal Division, are the first in a series of documents that will be released through a Freedom of Information Act (FOIA) case that EFF filed with the help of the UC Berkeley Samuelson Clinic.

One of the most interesting files is a 2009 training course that describes how IRS employees may use various Internet tools -- including social networking sites and Google Street View -- to investigate taxpayers.

The IRS should be commended for its detailed training that clearly prohibits employees from using deception or fake social networking accounts to obtain information. Its policies generally limit employees to using publicly available information. The good example set by the IRS is in stark contrast to the U.S. Marshalls and the Bureau of Alcohol, Tobacco, Firearms and Explosives. Neither organization found any documents on social networking sites in response to EFF's request suggesting they do not have any written policies or restrictions upon the use of these websites.

The documents released by the IRS also include excerpts from the Internal Revenue Manual explaining that employees aren't allowed to use government computers to access social networking sites for personal communication, and cautioning them to be careful to avoid any appearance that they're speaking on behalf of the IRS when making personal use of social media.

The Justice Department released a presentation entitled "Obtaining and Using Evidence from Social Networking Sites." The slides, which were prepared by two lawyers from the agency's Computer Crime and Intellectual Property Section, detail several social media companies' data retention practices and responses to law enforcement requests. The presentation notes that Facebook was “often cooperative with emergency requests” while complaining about Twitter’s short data retention policies and refusal to preserve data without legal process. The presentation also touches on use of social media for undercover operations.

Over the next few months, EFF will be getting more documents from several law enforcement and intelligence agencies concerning their use of social networking sites for investigative purposes. We'll post those files here as they arrive.