Analysis from Point Topic's recent reports on global broadband tariffs has revealed a significant gap in residential and business tariffs worldwide.

Tracking over 2000 tariffs on offer from ISPs around the world the latest quarterly figures show business are paying:

•  3.9 times as much for a DSL service as residential customers
•  1.8 times as much for a cable service
•  4.7 times as much for a fiber service

Clearly businesses are paying more for their services than residential consumers but the relative differences in the ratios is more marked than might be expected.

The first thought is that they are paying for more bandwidth and that is true to an extent. While the bandwidths advertised are often very similar and frequently less than those sold to households the major difference is the contention that is promised.

Businesses often require, or believe they require, an uncontended service where they don't share their bandwidth with anyone else. Businesses need to know what they are getting and have confidence that they will continue to receive a specified bandwidth.

This is essentially impossible for cable services, which goes a long way to explaining the disparity in residential to corporate tariff ratio for that service set against DSL and FTTx. Cable just isn't seen as a business grade service and carries the legacy of a long association with the provision of residential TV services.

That said the residential tariff for cable is no higher than a DSL service. A good explanation is the combination of competition particularly with DSL and more significantly the length of time the network has existed. In theory cable operators who own their networks have had enough time to recover the upfront implementation costs and can focus almost entirely on cheaper incremental upgrades to maintain a competitive edge.

With DSL and FTTx it is more straightforward to provide a dedicated service. The data however still poses the question why are business DSL services 3.9 times residential tariffs and business FTTx services 4.7 times more than residential counterparts?

We believe there are three primary reasons.

Firstly DSL is often a cheaper option, on a monthly basis, for smaller businesses who often balance concerns about consistent bandwidth against budget and are less concerned about the price per megabit. The tariffs are pitched at the lower end of the business market.

Secondly is that unless you are consistently maxing your bandwidth usage you won't gain all the benefits of a high speed dedicated connection, so why pay for it? For SMEs in particular where utilisation is more likely to be less than 100% than in larger organisations it can make sense.

Thirdly FTTx has a lower price elasticity of demand. It is a newer perhaps sexier and relatively future proof service. ISPs can charge what the market will bear and are taking the opportunity while they can.

Business customers are paying close to what it actually costs to deliver the bandwidth available on their tariff. They are cross-subsidising the residential customer acquisition schemes of the ISPs.

The ratios are likely to decrease. Recent results shows ISPs in mature and stable markets are moving to increase their ARPU particularly for the residential sector. Whether this means price hikes for households or better value for money for businesses will become clearer over time.

Written by Oliver Johnson, CEO of Point Topic

www.circleid.com | 7/30/10 9:56 AM

A few weeks ago, Spamhaus filed a motion to have the judge reconsider his recent $27,002 award to e360. Their brief hangs on three arguments.

1. The Court Should Vacate The $27,000 Award Because The Court Previously Ruled That Plaintiffs Were Barred From Relying On The Putative Lost Revenue Data Upon Which It Was Based.

2. The Court Should Vacate The $27,000 Award Because It Is Improperly Based On Lost Revenue, Not Lost Profit.

3. The Court Should Vacate The $27,000 Award Because There Is No Evidence That The Putative Lost Revenue Belonged Exclusively To Plaintiff e360.

As Spamhaus says in their opening paragraph, they know motions to reconsider are "rarely fruitful or helpful" but go on to say:

in this particular case, as Your Honor knows, Plaintiffs' damages calculations and requests were a quickly moving target. Indeed, although evidence regarding e360 Insight LLC's monthly revenue from its relationship with SmartBargains, Vendare Media and OptinBig (the "Putative Lost Revenue") was offered at trial, Plaintiffs did not ask that an award of damages be based on the methodology the Court used—one month of those putative revenues. As a consequence, Spamhaus did not get an opportunity to point out the specific reasons why the problems we raised generally with Plaintiffs' various damages methodologies barred an award based on the Putative Lost Revenue. Given that history, while mindful of the disfavor in which motions to reconsider are held, we wanted to directly present the infirmities in the $27,000 award to Your Honor before raising them in the Court of Appeals in the hopes of ultimately conserving judicial resources.

Spamhaus respectfully believes that the $27,000 award is erroneous for additional reasons that we have elected not to present in this motion because they have already been adequately presented to Your Honor. By making this motion, Spamhaus does not waive, and expressly reserves, any and all other grounds for appeal of the Court's judgment.

Just from that, it's clear Spamhaus is prepared to take this to the Court of Appeals (again) if the judge doesn't reconsider. In my lay reading of the law, and the memo in support of motion to alter judgement I don't think Spamhaus is out of line in asking for the judge to reconsider. I expect that if the judge doesn't reconsider, then we'll see an even more aggressive filing taking it up to the Court of Appeals.

I think that John Levine said it best, though, in his recent post about the issue:

I'm sure that Judge Korcoras is very, very, sorry he ever heard of Spamhaus or E360

Written by Laura Atkins, Founding partner of anti-spam consultancy & software firm Word to the Wise

www.circleid.com | 7/29/10 4:27 PM

A study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service has found that breaches of electronic records in 2009 involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups.

Key Findings of the 2010 Report include:

• Most data breaches investigated were caused by external sources. 69% of breaches resulted from these sources, while only 11% were linked to business partners. 49% were caused by insiders, which is an increase over previous report findings, primarily due in part to an expanded dataset and the types of cases studied by the Secret Service.

• Many breaches involved privilege misuse. 48% of breaches were attributed to users who, for malicious purposes, abused their right to access corporate information. An additional 40% of breaches were the result of hacking, while 28% were due to social tactics and 14% to physical attacks.

• Commonalities continue across breaches. As in previous years, nearly all data was breached from servers and online applications. 85% of the breaches were not considered highly difficult, and 87% of victims had evidence of the breach in their log files, yet missed it.

• Meeting PCI-DSS compliance still critically important. 79% of victims subject to the PCI-DSS standard hadn't achieved compliance prior to the breach.

The report also says the decline in the overall number of data breaches may be due to a number of factors, including "law enforcement's effectiveness in capturing criminals."

Related Links:
Full PDF copy of the "2010 Data Breach Investigations Report" / Press Release
Hacked Companies Hit by the Obvious in 2009 Brian Krebs, Jul.28.2010

www.circleid.com | 7/29/10 12:35 AM

Interesting times in the carrier space, for sure. While most readers of this column are focused on the business market, it's hard to ignore what's occurring in the consumer space right now. Being based in Toronto, I happen to be struck by the similar trends shaping on both sides of the border. Over the past few days, we've seen earnings reports from major telcos and cablecos, and these businesses seem to be going in opposite directions.

In the U.S., for example, Verizon and AT&T are telling similar stories. Wireline losses continue to mount, and wireless is driving most of the growth. Heavy investments in fiber to capture video and power Internet users are necessary, but will take some time yet to become major bottom line producers. Verizon, in fact, lost $198 million in Q2—this time last year, they made $1.48 billion. Not surprisingly, to stem the tide, layoffs continue. Their job rolls are about 25,000 employees lighter from last year, and they anticipate another 11,000 will take early buyout offers. Wireless growth aside, the story is similar for Canada's major telcos, but the losses aren't quite as steep.

Cable, on the other hand, is booming. IPTV rollouts from the telcos aren't hurting them as much as they're hurting the telcos by winning away landline phone subscribers. At this point, I'm just going to focus on the U.S. market, as the dynamics differ from Canada in a key way. U.S. cablecos are not in the wireless game to the extent that Canadian cablecos are. Rogers is actually Canada's largest wireless operator, and the other three MSOs of note are all on the verge of making major wireless entries.

In essence, the traditional telcos are evolving into mobile operators, whereas the cablecos are building a pretty strong hold around the home environment. It all lines up rather neatly, actually. The triple/quad play bundles are clearly a winning strategy, and the convenience makes sense for the consumer. All the home services are rolled into one package—TV, Internet and home phone. The cablecos have managed to do this very well, whereas only a fraction of telco subscribers can say the same. When you think about the technical challenges behind these services, the outcome really isn't surprising—it's much easier for cablecos to add telephony than it is for telcos to add IPTV. Let's not forget long distance—well, actually you'd better. This used to be a cornerstone of telco profits, but no more. Sure, there is some money to be made with international calling, but domestic long distance is now an oxymoron, as everyone pretty much offers it for free.

So, where does this leave carriers? They really are in a precarious spot, at least in the U.S. On the defensive side of the ledger, they seem to be conceding the landline business outright. The trend is only going in one direction, and they're been taken down by three forces. First, they're losing subscribers to cablecos—this is the toughest loss of all. By definition, incumbents will be the last players to offer VoIP, simply to avoid cannibalizing their core subscriber base. So, while they stayed on the sidelines, the cablecos simply walked in and took the business away. OTT operators like Vonage got the ball rolling, but it's the cable operator's world now, and the OTT's just live in it. Bottom line—the cablecos did a great job figuring out how to offer VoIP. In the early days, there was a question of trust as to whether consumers would take them seriously as telecom providers. Nobody feels that way today.

There are two other factors to consider in the demise of telcos. The second is wireless substitution, which will continue to drive landline losses. However, at least here the telcos have a fighting chance of keeping their subscribers. Finally, there is the white flag scenario, where incumbents are simply exiting the landline business. Divestitures such as Verizon selling off wireline operations to Frontier Communications illustrate how this trend is unfolding.

Now, it looks like the telcos have all their eggs in one basket. Wireless has been their savior, and the growth story simply gets better when you layer on mobile broadband, and game-changers like the iPhone, iPad and Android. Subscriber growth remains healthy, the smartphone market is far from saturated, margins are good, and demand exceeds supply. Countering this, of course, is the endless catch-up that operators need to do in terms of expanding network capacity and transitioning to the all data worlds of 3G and 4G.

As a result, the world of telcos is much different now than ten years ago. The diverse base of services and revenues is gone, and the competitive landscape is far more challenging. Wireless is a great business, but I would argue that telcos have shifted from a position of strength to weakness. By conceding wireline to cablecos they have lost the foundation of their traditional relationship with millions of households, and it's hard to see how they can win this back.

Wireless can be a fleeting market, given the competitive options, especially from MVNO's and prepaid plans—which have no contracts. Profits attract competitors, and the wireless market will only get more crowded, not less. Furthermore, telcos have less leverage with wireless than wireline. Ever since Apple disrupted the status quo with the iPhone, the balance of power has shifted away from carriers to the handset vendors. The mobile device is now a more powerful driver of demand than the service itself, and a mobile operator's success depends heavily on partnering with the vendors, with the right models, at the right times. For better or worse, the cablecos do not have these problems.

If there's one thing that telcos can count on at present is the seemingly insatiable appetite for mobility and the cool gadgets we've become addicted to. Circling back to Canada, I'd like to cite a feature article in last week's Financial Post that talks about how out of control our spending is around these services. This really isn't news, but the article provides a nice breakdown about how much it's really costing to use all these services. To some extent this reflects the downside of bundles, where the monthly bill for everything amounts to sticker shock.

That aside, the main message here is that we're spending much more today to talk—and communicate—than ever before. Despite how IP has led to lower basic subscriber costs and eliminated a lot of long distance and extra feature charges, our bill is now orders of magnitude higher. Even more telling is how little impact our weak economy has had here. We've simply become too addicted to these services, and demand is proving to be inelastic. When times get tough, we cut back on a lot of things, but mobility doesn't seem to be one of them.

So long as the scenario holds, telcos will survive. I'm leaving IPTV out of the equation here—it's too early to tell if this will turn out to be a major or minor revenue producer. However, despite good growth from wireless, I don't see them building off this strength to invest in what remains of their landline franchise. That's the part that concerns me, as I still think there is value in this service, and with some creative R&D and partnering, I believe there are ways to reinvent landline. I just don't think it's good business to abandon landline service in the pursuit of quick, easy profits from mobility. That scenario will not persist indefinitely, especially if consumer backlash takes hold in an attempt to pare back these huge monthly phone bills. If that day comes, and the landline franchise is all but gone, the trusted telcos we grew up with may go the way of the rotary phone.

This article of mine originally ran today in my Service Provider Views column on TMCnet.

Written by Jon Arnold, Principal, J Arnold & Associates

www.circleid.com | 7/28/10 10:07 PM

The 38th ICANN Conference, held in Brussels last month, was an eventful one for .ORG The Public Interest Registry. We got world-wide press coverage for our announcement that we implemented DNSSEC for the entire .ORG top-level domain. Among the many nice compliments we got were these words from Lynn St. Amour, President and CEO of the Internet Society. "Implementing DNSSEC for the .ORG top-level domain is an important step in ensuring the global Internet serves as a trusted channel for communication and collaboration and we applaud the Public Interest Registry's efforts in this area". While at the Conference, the Internet Society was the first user of a .ORG domain name to deploy DNSSEC.

Another reason for PIR to celebrate was the 25th anniversary of the launching of the .ORG domain. Although PIR did not take over management of the .ORG registry until January, 2003, PIR celebrated the occasion by sponsoring a gala Music Night at the Conference Center in Brussels, with hundreds of participants joining the festivities. We received a nice letter from President/CEO of Mitre Corporation celebrating .ORG's Anniversary and MITRE's special status as the first .ORG registrant in 1985.

Meanwhile, the regular work of ICANN continues, with some progress in some areas, but lots of continuing projects that will become the subject of the next conference in Cartagena, Colombia in December. In particular, the knotty issue of "vertical integration", the question of how much cross-ownership will be allowed among registries and registrars, has not been resolved. PIR remains supportive of continuing a "structural separation model" between registries and registrars as the best way to address the needs of the ICANN community, and provide for clear and easily enforceable compliance. This model supports ICANN's commitment to "equivalent access," the principle that a gTLD registry must work equally with all ICANN-accredited registrars. Preserving equivalent access will keep the barriers to entry low for new and small registrars, particularly those serving cultural and language communities worldwide that might otherwise be underserved.

The GNSO's Whois Working Group despite great effort, has been unable to reach consensus. Its Initial Report (with multiple proposed solutions) was posted for Public Comment on Friday. The report and comment information are available on the ICANN website. (comment deadline 8/12). Kathy Kleiman, Director of Policy with PIR, was active in both the Working Group and the drafting of this report.

Other aspects of the ongoing new generic top level domain process, discussed at great length in Brussels, remain on the front burner of issues to be resolved before going forward with new gTLDs. There was considerable progress on procedures for the protection of intellectual property, including the Trademark Clearinghouse, Uniform Rapid Suspension system, and the Post-Delegation Dispute Policy. Proposed tweaks and changes were part of an animated set of comments filed in the period which closed last week. The terms and conditions in the base agreement for the new domain registries are beginning to take shape after some serious negotiations between ICANN and many of the interested parties. Extensive comments by the Registries Stakeholder Group, after very close review of the issues and contract language, can be found at the ICANN forum 4gtld.

This is not to say that the road to a final new gTLD process is smooth and straight. There are some issues, such as the question of morality and public order in new gTLDs that are nowhere near resolution. The Governmental Advisory Committee (GAC) made it clear that many of its members are extremely unhappy with the approach being taken by ICANN.

Security and stability issues are being addressed by the Access to Zone Files Working Group, the High Security Domains Working Group, and a community-wide effort to evaluate the issues of Internet/DNS-CERTs (computer emergency response teams) and how they might be defined and implemented.

Another topic that got worldwide press coverage in Brussels was the approval by ICANN of the application for a new domain, .xxx that will attempt to be the exclusive location of so-called adult material. The approval depends in part on further negotiations with the GAC. Considering all the hard work done on more substantial issues facing ICANN, it is ironic that this was apparently the single most newsworthy event.

Finally, the inner workings of ICANN itself in Brussels and continuing afterwards remain the subject of an interesting proceeding. When ICANN and the US Department of Commerce signed the Affirmation of Commitments last year, ICANN agreed to the creation of review teams on various subjects. The first team, reviewing ICANN's commitment to transparency and accountability, has commenced its work. This led to some friction when Rod Beckstrom, CEO of ICANN, questioned its objectivity. The spat was smoothed over, at least superficially, by a joint statement of mutual assurances of respect. Comments to the Accountability and Transparency Review Team are interesting reading, and the call to submit case studies remains open until the end of July.

Written by David Maher, Senior VP, .ORG, The Public Interest Registry

www.circleid.com | 7/27/10 8:35 PM

.ORG, The Public Interest Registry (PIR) announced it has inserted its Domain Name System Security Extensions (DNSSEC) key into the Internet root zone, joining the top of the Internet's "chain of trust." As the first generic top-level domain (TLD) to offer full DNSSEC deployment, the news dovetails .ORG's June announcement that the third largest top-level domain is now signing second-level delegations.

The protocol benefits top-level domain (TLD) managers and end-users alike by enabling the publication and location of trust anchors in the root zone and providing a consistent and convenient entry point to DNS security.

"Today is a historic day for DNSSEC and the Internet at large," said Alexa Raad, chief executive officer of .ORG, The Public Interest Registry. "Now, over 8 million .ORG users—as well as their Internet service providers—can sign their domains and increase protection with relative ease. In addition, with DNSSEC at the root zone, users and domain managers need only trust a single source in order to receive the highest level of Internet security available."

By deploying DNSSEC, domain name owners benefit from the ability to thwart cache poisoning and man-in-the-middle attacks and the assistance in mitigating attacks like pharming, phishing, DNS redirection and domain hijacking—all of which have been used to commit fraud, distribute malware, and identity theft. Additionally, DNSSEC upgrades the current Internet infrastructure by protecting Internet resolvers from forged DNS data.

On June 23 at ICANN 38 Brussels, PIR—the manager of the .ORG domain—announced that it had enabled the signing of second level domains. The move marked the final step in an extensive two-year process, placing .ORG at the helm of DNSSEC deployment.

www.circleid.com | 7/27/10 8:17 PM

Google has announced that the .CO Top-Level Domain (TLD) will have all the same geo-targeting options available to the other generic TLDs, such as .com, .net, .biz and .org.

"We will rank .co domains appropriately if the content is globally targeted. Webmasters will soon have the functionality to be able to specify this by using the geotargeting options in Google Webmaster Tools," said a Google spokesperson, as quoted in PC Pro in a July 22nd article.

This was then confirmed by Andrew Allemann of Domain Name Wire in his blog about .CO on the same day who spoke with another Google representative that confirmed the news.

This is great for all! Now, .CO websites can be targeted to meet your business and communication needs anywhere around the world!

www.circleid.com | 7/27/10 8:11 PM

In a relatively short time, the phrase "in the cloud" has become a term of art when talking about the internet. A quick Google search shows nearly a million uses of the phrase in the past month, a 3x increase from the same period in 2009. But, what does it actually mean to have your web site, your software, your data, or anything else "in the cloud?"

"In the cloud" is derived from "cloud computing," which in turn is just a new term for distributed computing, where data-crunching tasks are spread across a variety of different physical processing units. This was common in mainframes in the 1960s, and later the idea of distributing processing across cheap PCs running Linux became popular in the 1990s.

The nineties also saw the advent of computation distributed across computers of different types, belonging to different people:

SETI@home, uses volunteered computers to search for patterns in transmissions from space; Scott Draves' Electric Sheep has participating computers render complex, beautiful abstract animations, some of which have won awards.

Where it seems to have changed is with the creation of what you might call "clouds for hire": Amazon Web Services offers both computing and storage platforms, as does Rackspace Cloud Computing and a handful of others. These have become popular ways to operate new web services and similar offerings, cheaper and easier (some say) than dealing with physical hardware yourself.

The botnets used in nearly all forms of cybercrime today, which are made up of tens of thousands of virus-infected computers (unbeknownst to the computers' owners) are a less palatable example of distributed computing.

These botnets in particular illustrate that the concept of the cloud as a magical place where data goes in and data comes out on demand, nothing to think about, nothing to worry about, with no responsibilities of your own...it's a convenient mental image, but in nearly all cases it's simply wrong.

The Amazon cloud is actually a series of computers owned by Amazon, physically located in facilities they own or lease. The Rackspace cloud is similarly owned by Rackspace. These computers and facilities are subject to security breaches, backhoe attenuation—and legal jurisdiction.

the cloud is magic
swift, robust, reliable
except for rackspace

—hungry programmer Charity Majors, complaining on Twitter during an apparent Rackspace outage

Along with physical locations and ethernet cables, the various computers that make up those clouds also have IP addresses. When your cloud-based process communicates with the rest of the internet—to send email, perhaps—the remote server that it's talking to sees that IP address as the source of the transmission. But as Reddit and others have been discovering, that IP address is in most cases shared with everyone else who uses the cloud—possibly including spammers, or other bad guys. A virtual server "in the cloud" can even be infected by a virus and become part of a botnet.

As the popularity of cloud-based services has grown, so has the apparent applicability of the phrase "in the cloud." It now appears to refer to any processing or storage which takes place outside of your own desktop, laptop, or mobile device. I've heard people talk about keeping their email and calendar and contacts "in the cloud" when all they're actually doing is letting Google Apps or Apple's .MAC service host it.

Are you all just saying Cloud when you mean Internet? Have I lost it?

—software developer Jim Van Fleet, on Twitter

This use of the phrase seems to be predicated entirely on the concept of the cloud as a place where you have given up all responsibility for your data. These companies will take care of you (except when their Terms of Service say they don't have to.) Not everyone wants to operate their own mail server, or write their own calendar synchronization application; hosted email and other "software as a service" offerings absolutely can make sense, so long as you're aware and comfortable with the idea that you've given up a large measure of control.

And that's the important thing to consider before relying on an Amazon-style distributed computing cloud, or using web services like Google Apps. How much control do you need over security, privacy, uptime? How can you be certain you're complying with all relevant laws when you don't know which jurisdiction your process is running in? Who else is sending email from that same IP address? What will happen when the federales show up with a subpoena?

All of these things are well-understood for traditional computing, and even for colocation situations, but industry understanding and best practices around cloud computing are still emerging—hampered by the ever-widening, increasingly cloudy meaning of "in the cloud."

When it comes to sending email, I'd have to strongly advise against using clouds. Even if it makes sense to host your web site and run your processes from the cloud, use an ESP or a reliable relay service to send the email.

Above all else, don't be swayed by the illusion of the cloud. You can't touch it, but someone is still held responsible. You can't see it, but someone can still be subpoenaed. Someone can trip over a power cord, or go out of business, or get bought by your competitor. Whether you trust that someone is up to you.

is the cloud down? I can't log in, and my keyboard is wet.

—an anonymous smartass

Written by J.D. Falk, Director of Product Strategy at Return Path

www.circleid.com | 7/27/10 8:04 PM

When I was on the ICANN board, we were dealing with the issue of Internationalized Domain Names (IDNs), an initiative to allow non-latin characters in domain names. Technically, it was difficult and even more difficult was the consensus process to decide exactly how to do it. Many communities like the Chinese and Arabic regions were anxious to get started and were getting very frustrated with the ICANN process around IDNs. At times, it seemed like the Arab Internet and the Chinese Internet were ready to either fork away and make their own Internet to solve the problem or were ready to introduce local technical "hacks" to deal with the issue which would have broken many applications that depended the standard behavior of the Domain Name System.

Luckily, in the end, we were able to come up with some basic understandings around IDNs after a lot of work. The Internet held together in one piece, almost impossibly so.

When I joined the Open Source Initiative board of directors, we were also struggling with a similar, but slightly different problem. We called it "License Proliferation". License proliferation was the problem of companies and projects creating their own "vanity" Free and Open Source licenses rather than using existing, established licenses. Because these vanity licenses were tailored (at times even just very slightly from an existing licenses) to address the particular steward's needs, they added to the complexity of the source, causing users to become confused and creating legally incompatible bodies of code.

Copy-left licenses such as the Free Software Foundation's GNU Public License require derivative works be licensed under the same license. This feature—and to many coders this is a feature, not a bug—however, makes it challenging to combine code from projects with different licenses because of the requirement on how derivatives must be licensed. These islands of code looked a lot like a forked Internet, existing IM networks and email before the Internet connected them together.

Two great features of the Internet are the low cost of transaction and the standards and protocols that allow interoperability fueling the massive network effect that drives innovation.

At Creative Commons we have the benefit of hindsight as the "new layer" of the stack and are working hard to keep transaction costs low and interoperability high by trying to prevent license proliferation and "forking".

For instance, Wikipedia was established before Creative Commons licenses were available. Wikipedia, until last year, was licensed under the Free Software Foundation's GNU Free Document License (GFDL). The GFDL is copy-left license, very similar to the Creative Commons share-alike license which allows people to use the content as long as the derivatives are licensed under the same license. However, since the GFDL was primarily designed for documentation for free software, there were a number of attributes that made it sub-optimal for massive online collaborations like Wikipedia.

Also, as more and more content was being created under the Creative Commons Share-Alike license, it created two oceans of content that were not remixable or compatible because of the two different licenses. It was like having two Internets.

After years of discussion with the Free Software Foundation, the Wikipedia and Wikimedia board and community and the Creative Commons community, last year we were finally able to convert Wikipedia to a Creative Commons Share-Alike license. This brought together two communities and two bodies of content so that they could share and collaborate freely.

The moment felt a lot like the early days of email when finally you could send email to anyone instead of only those people on your network.

As the idea of sharing and free culture begins to become more and more accepted and governments, Internet services and even broadcasters begin to implement the idea of sharing, the specter of license proliferation has begun to present a real risk.

Companies and governments are beginning to create vanity licenses either for purely branding and egotistical reason or because there are certain features that they would like to "tweak". What many of these communities don't understand is that tweaking a free content license is a lot like tweaking character codes or the Internet protocol. While you may have some satisfaction of a minor feature or a feeling of ownership, you will introduce the friction of yet another license that we all have to understand and in many cases, fundamental incompatibility and lack of interoperability.

Creative Commons is not just a single license "option". We are a global conversation among lawyers, judges, academics, users and companies in over a hundred countries with extremely rigorous compatible license ports in more than 50 jurisdictions. We are focused on taking into consideration the needs of all of the stake holders in this new ecosystem and updating and modifying our licenses to try to provide as many options as possible while trying to keep things as simple as possible to achieve maximum interoperability and ease of use.

Some would argue that our six core licenses provide too many choices. Some of our critics point—perhaps rightly—to the fact that our own licenses are not all compatible with one another. Others would argue that they do not provide enough choices. But we believe, 350,000,000 licensed works later, that we are successfully navigating the sweet spot between simplicity and choice.

As sharing and the adoption of new, free licenses begins to accelerate, I believe we are in danger of creating sloppy licenses or incompatible licenses backed by torrents of content funded by well-meaning governments, non-profits, users and even commercial entities. Poorly drafted licenses, licenses that are not adequately stewarded or supported by a dedicated team of legal experts, content encumbered by onerous neighboring rights and isolated and restrictive licenses can create mountains of unusable content which we might call "free" but which for all practical purposes become puddles of unusable content and what we would call "failed sharing".

I would like to urge all of those people who have seen the benefit of sharing and free licensing to really consider the value of focusing on a single set of licenses and to resist the urge to create vanity or lets-just-add-this-one-feature-for-our-users licenses. We are trying to create a open global dialog and encourage people to join the conversation and present their cases for how our licenses might be improved and listen to the reason why each of the clauses in our license have been written the way they have.

For the future users of our content and participants in the architecture that we are creating, we really MUST try to hold this network together and try to proactively stamp out license proliferation and fragmentation. If the ICANN and OSI experiences provide any guidance and learnings—and if we are to avoid the challenges and risks those organizations and communities confronted—we all must be vigilant and uncompromising on this point.

Written by Joi Ito

www.circleid.com | 7/27/10 6:56 PM

I was browsing CircleID the other day and came across Bruce Schneier's article on cyberwar. Schneier's article, and the crux of his point, is that the term cyber war and the threat of cyber warfare has been greatly exaggerated. The real problem in cyberspace is not the threat of cyber warfare wherein a foreign government, or possibly non-state actor, conducts a cyber attack on another nation. Instead, the cyber threat is really that of things like online crime. The people who assert that cyber war is a problem are those in the military who are hyping the threat in order to gain contracts from the government (i.e., it's about the money) or gain control over others (which ultimately leads to money). In other words, the threat of a hostile government attacking us is small and that these threats are distracting us from the real problem—criminals in cyberspace.

Cyberspace has all sorts of threats, day in and day out. Cybercrime is by far the largest: fraud, through identity theft and other means, extortion, and so on. Cyber-espionage is another, both government- and corporate-sponsored. Traditional hacking, without a profit motive, is still a threat. So is cyber-activism: people, most often kids, playing politics by attacking government and corporate websites and networks.

These threats cover a wide variety of perpetrators, motivations, tactics, and goals. You can see this variety in what the media has mislabeled as "cyberwar." The attacks against Estonian websites in 2007 were simple hacking attacks by ethnic Russians angry at anti-Russian policies; these were denial-of-service attacks, a normal risk in cyberspace and hardly unprecedented.

A real-world comparison might be if an army invaded a country, then all got in line in front of people at the DMV so they couldn't renew their licenses. If that's what war looks like in the 21st century, we have little to fear.

Similar attacks against Georgia, which accompanied an actual Russian invasion, were also probably the responsibility of citizen activists or organized crime. A series of power blackouts in Brazil was caused by criminal extortionists—or was it sooty insulators? China is engaging in espionage, not war, in cyberspace. And so on.

Is Schneier right? Are the cyber threats more benign than we think?

I think that Schneier is correct in asserting that most attacks that are done are financially motivated, or examples of hacktivism (a portmanteau of the words hacking and activism). They are probably not examples of a foreign government attempting to shut down the infrastructure of the United States, or of that other foreign government. Yet the attacks on Georgia in 2008 and Estonia in 2007 were not done by mere teenagers, nor is it akin to getting in line at the DMV.

The attacks in 2007 ultimately had their responsibility claimed by one of the commissars of the Nashi, a Russian youth organization with ties to the Kremlin. Konstantin Goloskokov was the one claiming he drove it, and he was an assistant of Sergei Markov, a politician in the Russian Duma. Furthermore, the attacks did more than shut down the DMV, they shut down all Internet traffic into Estonia. In addition, during the Georgia attacks, the DOS attacks on that country's Internet web sites prevented the Georgian government from communicating with the outside world. They resorted to using Google Blogspot in order to do so. So, this is not mere teenagers causing a ruckus, but instead are people with nationalistic views with the ability to hurt a country's infrastructure if they try hard enough.

I suppose my point is not so much that cyber warfare is the problem, but deeply embedded botnets that exist for criminal purposes, and hostile actors with nationalist views can get together and do a lot of damage in a short period of time. It may not be a state actor, but if the state is aware of the potential for threats and turns a blind eye, that doesn't mean that their liability is eliminated. The word for this is negligence.

It is this potential for collisions in the online crime/nationalist arena that has the military community in the United States up in arms. Those in the military tend to see threats where none potentially exist, but on the other hand, they're supposed to see threats where none potentially exist because once in a while, they are right. It is a cost/benefit ratio. What happens if no defenses are built and no attack comes vs what happens if no defenses are built and an attack is executed?

His other point, that the term cyber warfare is strewn about ad nauseum, is correct. China did not declare cyber war on Google this year. The term is being used colloquially in the sense that there was a war between the Montagues and the Capulets, or a war between Donald Trump and Martha Stewart, or a war between me and my intestines last night after I had some bad pizza. It's more like a feud where one side engages in dirty tactics. That China engages in espionage to steal secrets from Google is not war conducted in cyber space, it's China protecting their turf. It's not much different than Venezuela nationalizing their oil industry, except nobody calls that conventional warfare (they call it socialism).

So, is there a cyber warfare problem? Maybe. It is state sponsored malicious intent? Less likely. Is there a problem with cyber crime? Definitely. Is this a recipe for disaster? Probably.

Written by Terry Zink, Program Manager

www.circleid.com | 7/27/10 6:53 PM

Chuck Kisselburg writes: Responsible for safe-guarding a share of the ROOT Zone's DNSSEC Recovery Key, Paul Kane, CEO of CommunityDNS, is one of 7 TCRs (Trusted Community Representative) selected from around the globe by ICANN. "In the event of a security breach—such as a terrorist attack—Mr Kane may be required to travel to a secure location in the US."

Read full story: BBC

www.circleid.com | 7/27/10 5:41 PM

Almost exactly nine years ago, the .INFO domain first started accepting registrations. This was an historic event as it was the first time a new generic top-level domain (TLD) was launched to an existing domain marketplace and, in fact, was the first new TLD to be added since .com. We've seen (and provided technology to power) many other TLD launches since then, with many business models. As you seek to introduce your own new TLD however, you should carefully evaluate the different launch models that have been tried before and determine which one will work best for your specific TLD.

Trademark Protection

All new TLDs will require some form of trademark protection to ensure that Intellectual Property (IP) holders' rights can be protected prior to live, public registrations. Afilias has implemented a number of different types of trademark protection plans from pre-registration without trademark verification, to those with extensive application and verification processes. We've seen the best success with a very focused trademark pre-registration period that has clear trademark parameters and works with a known trademark verification agent to weed through all of the submissions. We also recommend that all registries lock pre-registered trademark domains for up to 60 days following their registration award to allow for any potential UDRP claims that IP owners may wish to file.

Landrush

Landrush will be the most critical time for your TLD as it places the heaviest load on the technical registry system. We've seen in excess of 300,000 names coming in through initial landrush opening minutes, so you want to be very careful about who you select as your registry partner. You should make sure that their registry has been tested to withstand a significant landrush load.

In addition, you will have to make some policy decisions about how you want landrush to work. In almost all cases you should avoid pre-registration fees with a "chance" at getting your name. These can be viewed as lottery-based systems that can subject your organization to new legal restrictions. We highly recommend that clients not charge for applications, but only for awarded names.

Regardless, you need to decide if you will open the floodgates all at once, or if you want to have multiple, specialized application periods (see below) in advance of the "public" opening.

Premium Names and Auctions

In recent years TLDs like .info, .mobi, .asia and .me have seen good success by reserving premium names, which are highly desirable generic or category terms. In .info's case, we reserved a number of country domains and have awarded them for use by their respective governments (some great examples are spain.info and germany.info). Other TLDs have used reserved name lists for auctions following landrush.

Premium or other reserved names can fit well into your new TLD's strategy, particularly if you will be representing a certain category or key community where they will present more value. An auction approach helps to raise the price, and therefore perceived value of these names, and can help put your registry on a sound financial footing more quickly.

RFPs

If auctions are not to your taste, other domains have also seen success by simply launching a period where interested users can respond to a "request for proposal" with a business and launch plan for a highly desirable name. As a registry, you can offer additional promotion, partnerships or advertising to help assist with the launch of these sites, which can also act as great brand ambassadors for your fledgling TLD.

Each new TLD will have its own priorities. However, at the end of the day, you need a plan that will get lots of names into your target market quickly, generate awareness of your TLD (so it will be viewed as a legitimate place to visit by Internet users), and demonstrate actual use in the market (i.e. real sites and e-mail). Your launch plan is critical to establishing these building blocks quickly. If you are not a TLD expert, consider teaming up with someone who has been there before.

Written by Roland LaPlante, Senior Vice President and CMO at Afilias

www.circleid.com | 7/26/10 7:40 PM

In the aviation world safety is paramount. Commercial airlines go to major lengths to make sure that their planes are fully up to code and can fly safely in the air. The risks—loss of human lives—are far too extreme to take any chances. One result of this diligence is the fact that travel by plane is far safer than any other method—nearly 40 times safer per mile than travel by car.

While application security risks are not as dire, research shows CSOs fail to use the same stringent level of safety to secure their Internet-facing applications. In fact, most organizations may not be aware of 60% of their internet application vulnerabilities because they only rely on automatic external website scanning and/or automatic static source code or binary analysis tools. These methods only find approximately 40% of the types of security vulnerabilities that should be discovered in a security assessment.

Sixty percent is clearly a statistic that would cause many CSOs to lose sleep. As I have highlighted before, organizations with Internet facing applications need to apply the same level of security diligence as they would for perimeter defenses by taking a strategic look at their application security practices to cover this massive gap.

The only way to determine the total risk due to application vulnerabilities is to assess Internet and intranet applications using a blend of manual and automated analyses. Manual static analysis involves a review of the application architecture and source code by highly skilled software security engineers. The resulting analysis is comprehensive and, overall, the most reliable of the approaches.

Thankfully, some companies in the financial services sector have taken an airline-like safety approach by using this comprehensive method of analysis. I encourage everyone to take a hard look at their online application vulnerability assessment methods. And, as a frequent flier, I would choose to fly on an airline that has a complete pre-flight checkout of every plane, not one that's only going to find 40% of the possible dangers.

Written by Greg Reber, CEO of AsTech Consulting

www.circleid.com | 7/26/10 5:07 PM

The stakes of the U.S. communications policy debates are larger than many assume. Subjecting broadband to new and extensive regulation in the U.S., says FCC Commissioner Robert McDowell in today's Wall Street Journal, could invite a regulatory ripple effect across the globe.

The FCC proposed in June to regulate broadband Internet access services using laws written for monopoly phone companies. Despite a four-decade bipartisan and international consensus to insulate computer-oriented communications from phone regulation, the FCC is headed toward classifying these complex 21st century technologies as "telecommunications services." This could inadvertently trigger ITU and, ultimately, U.N. jurisdiction over parts of the Internet. Unlike at the U.N. Security Council, the U.S. has no veto power at the ITU and may not be able to stop it.

Such an outcome would fundamentally alter the Internet's long-standing and successful self-governance model, where stakeholders from industry, academia, and yes, nations and NGOs, collaborate on technical, cultural, and economic matters. The ITU has been searching for ways to exert more "muscle" on the Net, and the possible U.S. action would appear to only strengthen the UN's hand. As I wrote last week,

The worry is that the UN could become not a true forum for Internet advancement and cooperation but a murky bureaucracy that governments use to impose rules and taxes on others and to cloak their own illiberal regimes. The Internet is the true multilateral instrument of diversity, transparency, and cooperation, not the politicians groping for control in its name.

Or, as the FCC's McDowell concludes:

The best way to keep the Internet open, operating and growing is to maintain the current model. We should continue to rely on the "bottom up" nongovernmental Internet governance bodies that have a perfect record of keeping the Web working.

Changing course now could trigger an avalanche of irreversible international regulation.

Written by Bret Swanson, President of Entropy Economics

www.circleid.com | 7/23/10 7:32 PM

Andrew McLaughlin reporting in the White House website: "Last week marked a significant advance in the security of the Internet. After years of intensive design, testing, and implementation work, the Internet's domain name system now has a new security upgrade that allows Internet service providers and end users alike to protect against an important online vulnerability: the clandestine redirecting of online communications to unwanted destinations."

www.circleid.com | 7/23/10 7:29 PM

One of the major problems for brand owners is protecting the brand in new TLDs. Most new Top-Level Domain (TLD) registries will depend on brand protection registrations for a major part of their registration volume and some may become almost completely dependent on these registrations if the new TLD fails to capture the public's imagination. Short of comparing the registrant data for each individual domain, there is no 100% accurate method of measuring the level of brand protection registrations in a TLD. There is a method of estimating the level of brand protection registration and that's by checking the hoster for each domain name in a TLD against similar domain names in other TLDs.

Brand protection registration patterns tend to have the same domain name term registered across different TLDs but with the same hosting data. In theory, it is very simple. In practice it means comparing the hosting data for each domain in each TLD. For a comparison of the .COM .NET .ORG .BIZ .INFO .MOBI .ASIA TLDs as of 01/July/2010, it involves comparing the hosting data for 119,361,431 domains. These are the results of that comparison:

TLD	Cross TLD Domains	Percentage
.com	6,619,959 of 88,204,371	7.50%
.net	6,074,721 of 13,143,605	46.22%
.org	3,940,164 of 8,329,647	47.30%
.biz	1,192,120 of 2,062,053	57.81%
.info	2,470,769 of 6,471,955	38.18%
.mobi	493,954 of 969,061	50.97%
.asia	62,937 of 180,739	34.82%

The Cross TLD Domains are domains for which the same domain name term is registered in one or more of the other TLDs. The percentage of these possible brand protection registrations on .com is low because of the size of .com TLD and also because there is a pattern of ccTLD registrants registering their ccTLD domain and, if it is available, the .com form of their ccTLD domain.

Drilling down into the data reveals more interesting patterns. A hoster engaged in brand protection is going to have a different pattern to that of a domainer hoster or PPC hoster. The .com pattern for Google.com's GOOGLE.COM is:

Hoster	.com Total	Cross TLD	Unique .com	T/C Ratio	Uniqueness
GOOGLE.COM	3578	871	2707	4.1079	1.3218

The number of unique .com domains on is 2707. The T/C ratio is that of the total number of .com domains to Cross TLD domains. The Uniqueness is the ratio of the total .com domains on the hoster to the number of unique .com domains on the hoster. For a hoster with little or no Cross TLDs hosted, that ratio would tend towards 1. MarkMonitor.com, a Brand Protection Registrar displays a similar brand protection pattern.

Hoster	.com Total	Cross TLD	Unique .com	T/C Ratio	Uniqueness
MARKMONITOR.COM	41499	9535	31964	4.3523	1.2983

The pattern for PPC and parking hosters is somewhat different,

Hoster	.com Total	Cross TLD	Unique .com	T/C Ratio	Uniqueness
DSREDIRECTION.COM	1672107	18914	1653193	88.4058	1.0114
SEDOPARKING.COM	1432598	56206	1376392	25.4883	1.0408
FASTPARK.NET	248528	9704	238824	25.6109	1.0406
HITFARM.COM	605431	1366	604065	443.2145	1.0023

The pattern for a Super Hoster (a hoster with significant market share) is,

Hoster	.com Total	Cross TLD	Unique .com	T/C Ratio	Uniqueness
DOMAINCONTROL.COM	18509994	2415266	16094728	7.6637	1.1501

The most recently launched of the TLDs in the survey, .asia sTLD, has one of the lowest estimated brand protection registration percentages. However there is possibly some element of brand protection registration overlap with the ccTLDs in the region covered by .asia sTLD. The lesson for the backers of any new gTLDs is clear—brand protection registrations are still the major source of registrations and unlike many of the speculative and transient registrations of the Landrush phase, many of them will provide repeat business.

Written by John McCormac, CIO

www.circleid.com | 7/23/10 4:54 PM

The abuse of well-known seal of approvals seems to be the latest ruse used by online fraudsters. Leveraging reputable names that existed long before anyone heard of the Internet is a blaring reminder that even trustworthy seals are not off limits to scammers. In fact, linking to reliable sources of reviews and certification is proving to be an essential part of any fraud strategy today.

A recent string of fake websites tricking car shoppers serves as the latest example. America Auto Sales, a glitzy site listing used cars at discounted prices, appeared to be an authentic channel where many consumers could find great deals on previously owned vehicles. The website not only held an extensive inventory of repossessed cars, but seemed to be 'certified' with reviews from reputable sources. America Auto Sales even had an "A" rating with the Better Business Bureau (BBB), a longstanding goldmine on business reliability.

And so the story goes—the website turned out to be a scam, in yet another case where gullible victims fall prey to the bad guys. Sadly, online buyers lost thousands of dollars and the authorized dealerships were left to deal with the aftermath. The real America Auto Sales was slammed with over 1000 customer calls as a result of stolen identity.

Sure, we're all aware of the customary tricks to steal a company's identity as is evident in this story. What's interesting is now scammers deploy the usage of trusted authentication services such as BBB to further deceive unsuspecting victims. We've seen this type of behavior in other industries, such as online pharmaceuticals as well. In numerous occasions, illicit online pharmacies sport a Verified Internet Pharmacy Practice Sites (VIPPS) certification, a program governed by the National Association of Boards of Pharmacy to ensure the legitimacy of online pharmacies. Many consumers use the VIPPS certification to confirm the validity of pharmacies to shop safely for pharmaceuticals online. However, similar to the online auto scams, fraudsters are plastering the VIPPS seal onto their fake websites, implying a false association to fake their credentials.

Fraudsters are smart. They will do whatever it takes and are clearly not above usurping seals of approval. This is where consumer education comes into play as it serves as the first line of defense against any fraud and deception. Most recently, BBB posted an article highlighting best practices to red-flag fraudulent websites. These types of best practices enable consumers to make well informed decisions and ultimately avoid rip-offs like the recent car scams. They serve as a complementary and critical component to any brand protection strategy. Whether its educating consumers on how to verify online pharmacies or on how to tell the difference between a counterfeit coupon from an authentic one, consumers need to be equipped with the best information to outsmart the fraudster.

Written by Teresa Chen, Senior Manager of Product Marketing at MarkMonitor

www.circleid.com | 7/23/10 1:37 AM

Grant McCool reporting in Reuters: "China's leading search engine, Baidu Inc, can sue its U.S.-based domain name service provider, Register.com Inc, for breach of contract, gross negligence and recklessness related to an attack by hackers, a U.S. judge ruled on Thursday. The January 11 attack prevented Internet users around the world from gaining access to Baidu for five hours and disrupted its operations for two days..."

Read full story: Reuters

www.circleid.com | 7/23/10 12:27 AM

Economists aren't very good at predicting things, as any one with money in the stock market can attest. The most powerful economist in the United States, the Chairman of the Federal Reserve, is on record predicting a continuing climb in housing prices—just prior to their precipitous decline. And yet their crystal balls still hold some allure for those who need to present "evidence" about the future. Such is the case with ICANN and the new generic Top-Level Domain (gTLD) program.

The latest economic report to be presented to ICANN uses a great number of pages to say very little. It tells us that gTLDs may be useful, or they may be harmful—it depends. We are told that cybersquatting may increase, or not—it depends. We learn that registries might make money, or they might not—it depends. To our astonishment, we learn that sometimes things are good for some people, but bad for others.

The whole report could have consisted of this one paragraph, which contains the entire wisdom of its contents:

"Because business model innovations are difficult to predict, experience with the development of gTLDs that serve specific communities is limited, and the community has no experience with IDNs at the TLD level, it is difficult to describe the expected effects of new gTLDs with precision."

In other words, it depends.

Why Do We Even Have This Economic Report?

ICANN has produced many economic reports. Each time, someone objects to the results, and insists ICANN do another one, hoping for a different result. This is not as ridiculous as it might first appear, because two different sets of economists are entirely capable of coming up with wildly disparate results. In this case, the economic study is mandated by the Affirmation of Commitments. So ICANN is obliged to do it, which makes it obligatory, if no less fatuous.

The Language of Imprecision

The authors were handed an impossible task: predict what going to happen, in both an economic and social dimension, if we do something that has never been done before. With consummate professionalism, however, they were equal to the task, employing two effective strategies. First, they used the bulk of the report to review the history of the gTLD program, other surveys and opinions, and different theoretical frameworks for quantifying economic predictions. Second, they predicted various possible risks and benefits, without quantifying any of them—the words "may" and "might" appear 128 times, or roughly twice per page.

Something for Everyone

By saying that new gTLDs might be good, or might be bad, or possibly even a mix of the two, the authors gave both proponents and opponents something to cheer about, which has muted opposition to the report itself and has instead resulted in the two sides brandishing excerpts from the report, each for its own benefit. But the professionalism of the authors shows through: their most important recommendation is that the new gTLDs will provide data for—wait for it—another study.

I commend the authors for taking money from ICANN, and for setting themselves up for more work later, and for producing a document that looks entirely professional, while saying nothing more than "it depends." They were given a dubious task, and performed it to the hilt.

Should observers of ICANN lend any credence to this study? If your goal is to advocate a position without any empirical evidence, it is an excellent tool. If your goal is to understand what the new gTLD program will produce, it will, if printed out and bound, make a splendid paperweight.

In other words, it depends…

(Adapted from a post made to ICANN's comment forum.)

Written by Antony Van Couvering, CEO of Minds + Machines

www.circleid.com | 7/22/10 4:01 AM

Dynamic Network Services Inc. (Dyn Inc.), the fastest growing provider of managed DNS services, today announced the addition of two additional PoPs (Points of Presence) that will serve as an upgrade to their current "rock-solid" Tier-1 Global IP Anycast Network. Coinciding with the announcement that the Dyn Inc. network has expanded to 14 Global Datacenters, the company also welcomes new clients including Gawker, Pandora and Photobucket to their Dynect Platform, which serves enterprises and fast-growth organizations cloud-based DNS, disaster recovery, load balancing, geo-targeting and CDN management tools.

"Powering an important piece of Web infrastructure for thousands of the Internet's best brands is something Dyn Inc. takes very seriously," said Kyle York, VP, Sales & Marketing at Dyn Inc. "Ensuring performance, reliability, redundancy, security, speed, and uptime for each client and their end-users is critical, which is why each PoP addition to Dyn Inc.'s already robust network is crucial."

By adding PoPs in Dallas, TX and Singapore, Dyn Inc. is strategically balancing global traffic load for its client base, along with the two constellations that make up its own global network. The setup of these two diverse constellations, A and B, provide failover redundancy in the event of a catastrophic failure. The first constellation was built for performance and DDoS resilience while the second was built as a performance overlay network. Initial tests have shown significant decreases in latency and DNS resolution time for clients in south central US and South East Asia, both areas served by the new PoPs.

"We're constantly striving to make improvements and upgrades to our network," said Tom Daly, CTO at Dyn Inc. "These are not simply 'dots on a map' to us, but well calculated locations that are already improving the user experience worldwide. Those served by the Dallas PoP, have reported increased Web speed by as much as 25 milliseconds, while those served by the Singapore PoP are experiencing an increased speed of up to 100 milliseconds in some cases."

In June 2010, Dyn Inc. was featured in an NTT America case study, discussing details of their infrastructure partnership and how it has improved performance on the company's Anycast DNS services, the Dynect Platform and the DynDNS.com Internet Guide service for recursive DNS caching. The Internet Guide service, which is available direct to consumers and OEM partners, offers users a fast and more secure Web surfing experience through anti-phishing, anti-malware protection and cloud-based Web filtering. These announcements mark Dyn Inc.'s focus on operating a world-class, global network, with plans for continued expansion throughout the next 18 months. Future planned PoPs include Seattle, WA and Sydney, Australia by the end of 2010.

"As Dyn Inc. continues to build out and upgrade its world-class network, more companies looking for a reliable DNS solution are turning to Dyn Inc.," York said. "We are excited to have recently added clients like: 4INFO, Drop.io, Gawker, Pandora, PetcareRX, Photobucket, Revision3, Triggit, Truveo, UserVoice and Zoosk to our loyal list of customers. We continue to see tremendous growth in the Web 2.0, SaaS, e-commerce, ad/media and cloud computing verticals."

"As a provider of mobile advertising and media, speed and reliability is a must. On the Dynect Platform, we feel confident knowing we have the support of a strong, proven, globally redundant network that our end-users can depend on," added Rob DeMillo, CTO of 4INFO.

www.circleid.com | 7/21/10 9:11 PM

Yesterday's FCC report [PDF] estimates that at least 80 million Americans don't have high-speed Internet access—defined as download speeds of at least 4 Mbps and upload 1 Mbps—at home. (Soon the Commission will release another report comparing these results to those in other countries.)

This service is completely unavailable to at least 14 million Americans—the FCC estimates that "1,024 out of 3,230 counties in the United States and its territories are unserved by broadband[, and t]hese unserved areas are home to 24 million Americans living in 8.9 million households." Particularly for Americans in poorer areas, more rural counties, and tribal lands, adequate connectivity isn't even a possibility currently. The Commission has now said that those Americans will not gain such access in the near future absent changes in policy.

While not downplaying what the carriers in America have already done, the FCC is making clear that much more needs to happen. In a heavily footnoted report, the Commission is saying what most Americans already know: "Given the ever-growing importance of broadband to our society, we are unable to conclude that broadband is being reasonably and timely deployed to all Americans in this situation."

Written by Susan Crawford, Professor, University of Michigan Law School

www.circleid.com | 7/21/10 8:57 PM

A Human Capital Crisis in Cybersecurity – A White Paper of the CSIS Commission on Cybersecurity for the 44th Presidency, July 2010A new study has been released by Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th President that looks into cybersecurity manpower challenges in the United States. The report titled, "A Human Capital Crisis in Cybersecurity," is produced by CSIS - a bipartisan public and foreign policy think tank in Washington.

From the report:

"The nation and the world are now critically dependent on the cyber infrastructure that is vulnerable to threats and often under attack in the most real sense of the word.

... The problem is both of quantity and quality especially when it comes to highly skilled “red teaming” professionals We not only have a shortage of the highly technically skilled people required to operate and support systems already deployed, but also an even more desperate shortage of people who can design secure systems, write safe computer code, and create the ever more sophisticated tools needed to prevent, detect, mitigate and reconstitute from damage due to system failures and malicious acts.

The cybersecurity workforce to which we speak in this report consists of those who self-identify as cybersecurity specialists as well as those who build and operate our systems and networks.  That workforce includes not only workers on government payrolls, but also those contractors who operate as part of the extended government workforce.  It also includes those who build and maintain the critical infrastructure on which the public and private sectors have come to rely."

Related Links:
Prepublication: A Human Capital Crisis in Cybersecurity CSIS, Jul.16.2010
Cyberwarrior Shortage Threatens U.S. Security NPR, Jul.19.2010
Cybersecurity Expert Shortage Puts U.S. At Risk InformationWeek, Jul.21.2010

www.circleid.com | 7/21/10 8:43 PM

ICANN has taken another crack at the question of the economics of launching new top-level domains (TLDs). The first report that the group commissioned on the subject was greeted by a loud and unhappy uproar. Now we have the preliminary draft of a new report, this one by professors Katz, Rosston, and Sullivan. It is insightful and analytic, but the final version needs to consider the theoretical and empirical issues outlined below.

Theoretical

1. Advantages of using a signaling framework

• Puts into focus the areas of unmet needs for new TLD signals/messages by new registry applicants and registrants. TLDs such as .com, .tel, and .me have strong signaling value propositions. For example, .com has practically no substitutes for signaling a global brand. TLDs that signal location include country-code TLDs (ccTLDs) and some proposed TLDs such as .NYC (which signals New York City). TLDs that signal a particular business strategy include .outlet and .eco. The .tel has a strong use differentiation because it signals the brand owner's alternative contact information, while .me is personal and reassuring, as opposed to the chilly and faceless .name.

• Clarifies the strategic approach that needs to be followed by new TLD registry applicants. For example, to compete with .com, a product differentiation strategy needs to consider established network effects and to recognize that the argument for shorter second-level domain names is not viable. On the other hand, new unmet needs require a strategy for expanding the pie.

• Temporal approval decisions have to take into account the type of TLD signal. Otherwise, there might not be any informational benefits from sequential launches. Without a signaling framework, a multitemporal approval mechanism would ignore the reality of first mover advantage (FMA). Consider .green and .eco, two initial substitute-signal applicants. Quite an unfair advantage would accrue to .eco if it were approved first, followed by .green after a considerable wait.

• One cannot perform market power analysis without intuitively knowing what constitutes similarity signals. Numerical measures of substitution effects may not be reliable. For example, no matter what the numbers may say, the signals from .com and .me are intuitively different.

2. Externalities: The report

• Does not identify the sources of domain name externalities so as to work on reducing them.

• Uses a framework more suited for downstream analysis and ignores the possibility of an upstream-produced externality, namely one produced by ICANN.

• Considers trademark infringements and search costs as operating costs, though arguably they are externalities (within the framework of the report).

• Ignores the costs of potential rogue TLDs, whose private benefits outweigh their social value.

3. Instead of adopting a general social-private cost-benefit framework, the report can narrow down the scope of the analysis to, say, search, navigation, companies, and registries.

4. The report proposes no solution to trademark infringements except establishment of a clearinghouse. It ignores the benefits of establishing a cooperative regime as a complement to any registry-level trademark solution. An effective trademark regime can only be reached and implemented through negotiations.

5. The report ignores the distinction between defensive and offensive second-level domain registrations. The latter are value adding and thus should not be automatically labeled as a net operating cost.

Empirical

1. Without a signaling framework, the number of registrations of various existing TLDs cannot be used to estimate a TLD's demand and/or its market power. The lack of registrations by brand owners under certain TLDs can be due to the irrelevance of their signal to the brand name. Hence, I agree with the report's assessment that registrations of new TLDs under currently underserved signals would increase the cost of infringement rates and/or cybersquatting costs significantly.

2. The economic rationale for a domain registration is that its value must be greater than its cost. Statistical pricing models have been developed that can shed light on the value of keyword-based domain names. Moreover, such models identify statistically significant factors that drive prices for different TLDs and are useful in estimating price-premium variations over time. By contrast, using average and/or median sale prices is practically useless, as prices of various statistically comparable domain names fluctuate at different rates; during the same periods, prices of comparable domain names have not always moved in the same direction nor magnitude.

3. Such statistical models can also be used to estimate cross-price elasticity of demand for purposes of determining market power and competition.

Written by Alex Tajirian, CEO

www.circleid.com | 7/21/10 7:48 PM

John Ribeiro from IDG News reports: "India will start using IPv6 (Internet Protocol version 6) from March 2012, according to a new roadmap released by the Indian government. All telecom and ISPs will have to be IPv6-compliant by the end of next year and offer IPv6 services thereafter, the government said in a statement issued on Wednesday by the country's Press Information Bureau."

Read full story: PC World

www.circleid.com | 7/21/10 7:33 PM

Grant Gross of IDG News reports: "Between 14 million and 24 million U.S. residents don't have access to broadband service, and deployment isn't happening fast enough, a report from the U.S. Federal Communications Commission concluded. Broadband isn't being rolled out to unserved areas in a timely manner, and immediate prospects for deployment to U.S. residents without service are 'bleak,' the FCC said in the broadband deployment report, released Tuesday..."

Read full story: PC World

www.circleid.com | 7/21/10 3:28 AM

RIPE Labs graph looks at IPv6 ripeness rate of all countries in the RIPE NCC service region as measured in July 2010. (Click to Enlarge)As the unallocated IPv4 address pool runs out, are Internet Service Providers (ISPs) actually deploying IPv6?

This graph, the first in a series from RIPE Labs, looks at the IPv6 "ripeness" of all ISPs registered as RIPE NCC members. We created a rating system that gives ISPs up to four "stars" for IPv6 services that they provide, based on the following criteria:

• The ISP has an IPv6 allocation
• The address prefix is actually routed on the Internet
• A route6 object is registered in the RIPE Database
• Reverse DNS has been set up

The graph illustrates countries in the RIPE NCC service region (Europe, the Middle East and parts of Asia) that have at least five ISPs; each one gets a rating ranging from zero stars to four stars. The graph indicates the level of IPv6 deployment in a specific country and in the region as a whole.

Some key findings show that:

• 27% of all ISPs in the RIPE NCC service region have at least one IPv6 allocation
• 8% have achieved four-star IPv6 ripeness
• Slovenia has the highest IPv6 deployment: 67% of all ISPs in Slovenia have at least one star and nearly 25% have four stars!

Slovenia is doing exceptionally well, undoubtedly due to a very active and persuasive IPv6 community. Of course, in a relative scoring system like this, smaller countries have a slight advantage. However, it's worth noting that the runners-up include larger economies such as Portugal, the Netherlands and Germany.

The bad news is that nearly 73% of all ISPs have not even requested IPv6 space yet (indicated by the white bars on the graph). It's surprising that so many ISPs have yet to feel the urgency to deliver their services on IPv6 to enable their business to grow, especially when only a little more than 4% of IPv4 address space remains.

The deployment rate of IPv6 is certainly lagging far behind what technical experts consider desirable, but there is clearly a positive trend. We will bring you more hard numbers on IPv6 deployment in this series.

What next?

We are considering extending our rating with a fifth star based on reachability over IPv6. We have several ideas, but we are curious to hear from you—what do you think is a good way to measure IPv6 reachability?

Read more about the methodology to collate this data on the RIPE Labs site.

Written by Daniel Karrenberg, Chief Scientist at the RIPE NCC

www.circleid.com | 7/20/10 10:10 PM

DotCo, which is the ccTLD for Colombia, is opening up to general public registration today. According to official sources from both Neustar and CoInternet the registry has handled over 90 thousand registrations in the first 15 minutes!

You can expect the various domain/internet news sites to carry more updates on the volume of registrations over the next 24 hours and beyond.

While the initial registration phase of any new domain extension can attract a lot of media interest and a flood of registrations you need to look at the "big picture".

In a few months time when the initial excitement has died down how many new registrations per day will there be?

More importantly, how many of the domains initially registered will be in active use? And by active use, I mean not "parked" or simply redirecting to an existing site?

The key players in CoInternet's pre-launch marketing have a lot of experience in the domain name industry, so it was not that surprising to see how much hype they were able to generate in advance.

But will that translate into active usage?

I certainly hope so, as many people have invested heavily in the new extension, but I would be worried, as always, that a disproportionate number of names might end up under the control of domain professionals.

It's too early to tell obviously, so in the meantime let's wish them all the best of luck with the launch - it looks like it's going very well so far!

Written by Michele Neylon, MD of Blacknight Solutions

www.circleid.com | 7/20/10 10:07 PM

DNSSEC adoption has been slow, but is now picking up speed, thanks to organizations leading the way.

In October, 2009 the .TM registry signed with DNSSEC. In June, 2010 both .ORG and .EURid both announced the signing of their registries with DNSSEC. Before .TM a handful of other registries also signed with DNSSEC, those being .SE, .BR, .BG, .CZ and .PR. Last week there were several press announcements of the Root zone, itself now being signed. While some registries have already signed, some have announced plans to sign and others are still trying to figure out their plan.

Either way, DNSSEC is here. How can we make DNSSEC adoption quicker and easier not only for the registry but for individual name owners? How can an organization get their zone signed? How can a simple domain owner get their domain name signed? How can registrars and ISPs help their customers adopt DNSSEC?

Security-DNS.net is a " DNSSEC Made Simple” tool designed to answer all of those questions. Provided by CommunityDNS, registries, organizations, individual domain name owners can submit their domain name or zone(s) and have a signed zone or name returned complete with their key and the respective DS record which may be handed to their registry. Registrars and ISPs may also use this tool to provide support for their customers, all free of charge. AND, they do not need to be a customer of CommunityDNS to benefit from this tool.

DNSSEC has understandably raised many questions for many on how implementation may impact not only their methods of operation but capacity. The signing process, however, is very simple and available to anyone wishing to sign with DNSSEC.

Written by Chuck Kisselburg, Director, Strategic Partnerships

www.circleid.com | 7/20/10 8:49 PM

As the world's third largest domain, Internet security takes utmost precedence at .ORG, The Public Interest Registry (PIR). On June 23, we reinforced our commitment by announcing at ICANN Brussels that .ORG is now the first generic top-level domain (TLD) to offer full DNSSEC deployment. Coming off the heels of this momentous launch, we are pleased that three leading registrars—GoDaddy, DynDNS and NamesBeyond—now support Domain Name System Security Extensions (DNSSEC) for .ORG domain names, adding an extra layer of security of all .ORG domain name holders. Simply put, registrars like GoDaddy, who handles more than 30% of web registrations worldwide, are now a critical player and influence in widespread DNSSEC deployment.

By supporting DNSSEC, GoDaddy, DynDNS and NamesBeyond offer added security protection to their customers by enabling .ORG website owners to sign his or her domain name with DNSSEC validation keys. Registrants will benefit from the added ability to thwart the increased predominance of attacks like pharming, cache poisoning, DNS redirection and domain hijacking—all of which have been used to commit fraud, distribute malware, and identity theft. Additionally, DNSSEC upgrades the current Internet infrastructure by protecting Internet resolvers from forged DNS data.

Thanks to the hard work of GoDaddy, NamesBeyond, and DynDNS, the chain of trust is nearing completion and gaining strength with every signing. In addition, there are at least another twenty four DNSSEC accredited registrars poised to roll out their DNSSEC implementation with .ORG in the coming weeks. Congrats to all!

www.circleid.com | 7/20/10 8:06 PM

The domain names for nearly 70% of the brands listed in the Brand Finance Top 500 have already been registered, including Amazon, American Express, Apple, BMW, Cartier, Canon, CNN, Coca-Cola, Disney, Ebay, ... .CO Internet S.A.S. (www.COinternet.co) today announced the general availability of the new .CO top-level domain (TLD), which will enable individuals, businesses and organizations to acquire global, credible and easily recognizable domain names that fit their online business or branding needs. .CO domains are now available through leading accredited domain registrars, such as GoDaddy.com, Register.com and Network Solutions, and a multitude of resellers.

Since it was announced in February, .CO domains have already received tremendous support and adoption from the business and Internet communities, who applied for 39,000 .CO domains during the company's "pre-launch" phase. The domain names for nearly 70% of the brands listed in the Brand Finance Top 500 have already been registered, including Amazon, American Express, Apple, BMW, Cartier, Canon, CNN, Coca-Cola, Disney, Ebay, Exxon, Ford, Google, Hilton, Honda, IBM, IKEA, Kodak, McDonalds, Microsoft, MTV, Nestle, Nike, Nokia, Panasonic, Pfizer, Samsung, Sony, Toshiba, Toyota, Unilever, Visa, Yahoo and many more.

"Today's launch of the .CO domain represents the next phase in the growth and development of the Internet," said Juan Diego Calle, CEO of .CO Internet. "The .CO domain will create new opportunities in global commerce, content development, social media and other forms of interactivity, which will enrich the overall Internet experience for everyone."

More Than Just Brand Protection...

Many visionary companies see the new .CO domains as an opportunity to extend their brand or expand their online offerings in a way that was not previously possible due to limited availability of .com domains. Recently, the e-commerce powerhouse Overstock.com announced it paid $350,000.00 USD to acquire 'O.CO' to target new audiences and expand its global brand.

"The O.CO domain presented us with an unprecedented opportunity to add a meaningful online presence that will enhance recognition for the "O" brand, align with current marketing initiatives, and make it easier for shoppers to find our products and services online," said Overstock.com Chairman and CEO Patrick Byrne. "Dollar for dollar, it's a homerun and well worth the investment because it reinforces among consumers that 'O' is synonymous with 'Overstock'."

Other well-known companies are using the .CO domain to expand their products or services. For instance, Twitter uses the t.co domain as part of a service to protect users from harmful activity, provide value for the developer ecosystem, and as a quality signal for surfacing relevant, interesting Tweets. The popular political blog Politico is using Politi.co as its official URL shortener. Many other companies have already built sites on .CO domains, which are currently showcased on www.Opportunity.co.

...Unprecedented New Opportunities

Today's Internet is crowded and lacking in opportunities for those who wish to establish a presence online. After 25 years, nearly all of the recognizable or marketable .com domain names have been claimed, making it exceedingly difficult for start-ups and established companies alike to acquire meaningful domain names for their businesses and products.

"For all intents and purposes, the .com reservoir is empty of meaningful domains," said Tim Draper, founder of the global venture capital firm Draper Fisher Jurvetson. "It's a constant struggle, especially for start-ups, to find a credible domain name that best describes their business or product. For years, many companies have been forced to name their company based on what URLs were available, and then spend millions of dollars to educate their world that names like Afloxis, Bivly or Zoopr really stand for something else."

Draper continues, "The new .CO domains are a breath of fresh air across an otherwise stagnant ocean, and I'm personally excited to be able to help my portfolio companies achieve their desired goals starting with building the best possible online brand. Plus, we save everyone a keystroke!"

Global Recognition

Whereas most other TLDs focus on a particular niche or region, .CO domain names—like .com names—are generally flexible for use in a wide variety of activities, including promoting companies, content providers, communities, contests and countless other applications. The "co" in .CO already has broad global recognition as a pseudonym for "company," "corporation," and "commerce." In addition, more than 20 countries around the world currently use ".co" in their country specific domains, including the UK (.co.uk), Japan (.co.jp), Israel (.co.il), and others, further fueling .CO's global awareness and adoption. To date, .CO domain applications have been received from 113 countries.

Greater Security to Protect Intellectual Property

For greater peace of mind, .CO domains also provide a greater measure of safety and security for its user's online intellectual property. Other domain extensions allow proxy registrations or otherwise obfuscate the domain owner's information, making it extremely difficult to identify potential domain squatters, trademark infringers or other fraudsters. .CO domain ownership will be highly transparent, which will deter those who seek to use the domain for fraudulent or abusive practices. .CO Internet has also instituted a Rapid Takedown Policy to suspend or remove domains in cases where phishing, pharming, malware, or other significant criminal and/or security threats have been established.

"We've invested heavily in technologies and processes that address the needs of the business and Internet communities for greater brand protection and overall security," said Nicolai Bezsonoff, chief operating officer, .CO Internet. "With so much promise and expectation riding on the success of the .CO domain, protecting the reputations, brands and businesses of our users is a top priority."

.CO Internet was required to meet stringent technical and operational criteria designated by ICANN (Internet Corporation for Assigned Names and Numbers) in order to be re-delegated as the official operator of the .CO domain.

Support from Top Global Domain Registrars

.CO domains are now available to the public through a select list of accredited global registrar partners and resellers who have committed themselves to the growth, development and integrity of the .CO domain. The accredited registrars include GoDaddy.com, Register.com, Network Solutions, Melbourne IT, eNom, InterNetX, Open SRS, Dotster, My.co, and Dominio Amigo.

"When a good domain name extension like .CO comes to market, you see how strong the Internet really is and how powerful its growth is going to be for years to come," said Go Daddy CEO and Founder Bob Parsons. "Let's face it, domain names are 21st century real estate."

Going Once, Going Twice...

With the launch of .CO domains, certain generic domains relating to specific industries, products and business categories, such as car.co, lending.co, adoption.co, insure.co and others are expected to generate extraordinary demand. As such, .CO Internet has withheld approximately 2,000 premium generic domains from today's General Availability and will auction them to help promote and maintain the .CO domain.  The auctions will take place at a variety of online and off-line venues over the course of the next 12 months.

www.circleid.com | 7/20/10 7:28 PM

Making a telephone call in London has become more difficult for early adopters of the new iPhone 4.

First of all the reception is rather poor. And it is not just that it is not showing the bars correctly; many users in congested mobile areas such as London receive the message 'server not available'. (As a matter of fact, this doesn't apply only to the iPhone—it is also experienced with other smart phones.)

The problem is that the current mobile infrastructure is buckling under the enormous increase in mobile data traffic. This is a crisis that is confronting many operators around the world and we have already seen network collapses in many places.

And it is not just people surfing the net or sending emails; the smart phones themselves are continuously 'touching base'—M2M traffic—and this is contributing to the problem. Videoconferencing applications for mobile phones that Skype and Apple are promoting will further add to the problem.

On many occasions over the past decade we have referred to the absence of a proper mobile technology that is designed for data rather than for voice traffic. LTE and WiMAX technologies are needed to make the use of the network for data purposes more efficient.

The difficulty is that there are no short-term solutions here. It will be years before new technologies are developed and introduced, and make any real impact.

At the same time there is the spectrum issue and it will be a few years before more spectrum is available also.

So in the meantime expect more problems and inconvenience:

&bulls; Congestion problems such as no connections, drop-outs and poor quality
&bulls; The need for two phones—a smart phone plus a cheap mobile phone to make calls
&bulls; Relatively high prices as a means of limiting use of the network.

Mobile operators will face a double whammy:

&bulls; The need for ongoing investments in order to prevent a collapse of their network
&bulls; Relentless competition on an infrastructure level that, at best, keeps ARPUs where they are.

Cost-cutting is a key issue and in Australia we already see a great eagerness from the mobile operators to use the NBN for their backbone needs. On the other side, there will be a need to restructure the mobile infrastructure business, most likely along structurally separated lines, with a focus on utilities-based infrastructure investments.

Written by Paul Budde, Managing Director of Paul Budde Communication

www.circleid.com | 7/20/10 6:54 PM

Craig Moffett sees this as I do: "If LTE networks are going to be usage-capped, then the last pretense that LTE can be positioned as a substitute for terrestrial broadband would seem to be gone." The heart of the U.S. broadband plan is to release more spectrum—enough for 10-20 networks like Verizon's LTE now building—and pray that will be enough competition in five to seven years to check price increases.

In Indonesia, India, Pakistan and most of Africa, the scarcity of landlines mean "wireless broadband" will be dominant. "Wireless broadband"—especially LTE—could become a player in developed countries if priced right. Rob Pegoraro (Washington Post) finds that Clearwire WiMax could be serious competition to broadband sold by incumbent phone and cable companies. He's getting a consistent connection of about 5 meg down, 500K up, on the current, lightly loaded network. He sometimes has to look to see which wireless network his computer is connected to, Clearwire or his 15/5 FiOS.

Large uploads are painful because of Clearwire's slow upstream, but 4G will do better in time. However, wireless speeds are likely to fall if many people watched quality video over the net.

How much wireless could compete with landlines, especially as all cable connections are moving to 50 meg, was a crucial question for the broadband plan. The consensus of several good engineers is that 4G competes fine with DSL if not many people expect video or other high-bandwidth apps. Wireless certainly can't keep up if many people want to watch their TV over the net, so it's only a partial substitute.

Making wireless an important substitute for DSL requires raising bandwidth caps from today's typical 5-10 gigabytes to several times as high as LTE makes the cost reasonable. If Verizon follows AT&T with an abusively low cap of 2-5 gigabytes and Sprint etc. don't clobber them, the whole broadband plan falls apart because that's not enough for competition in the future.

I doubt Julius understands this, because he would be doing everything in his power to avoid low caps. It's just one more strike against "affordable" broadband, like the recent Comcast and Verizon price increases. People need to laugh out loud when Genachowski says "affordable" while tolerating continuous price increases.

Written by Dave Burstein, Editor, DSL Prime

www.circleid.com | 7/20/10 6:37 PM

Over the past couple of years I have had the opportunity to talk to US policy makers and have seen how ITU and ICANN have emerged as proxies for a much wider diplomatic dispute over who is going to control cyberspace.

The Internet is now the engine of the new global economy. It is a communication infrastructure. Both have been correctly regarded as national security interests of the very highest level of priority. Some of the participants in the ICANN/ITU world are former participants in arms limitation circles. Their mode of thinking is illustrated by the frequent use of phrases such as 'why would we give up...'.

Behind the scenes there are others who argue that the US won the cold war through communications strategy, not military power. I am also led to believe that this is a common belief in Russian military circles. Only there the fall of the Soviet Union is seen as a catastrophe rather than the end of one of the most brutal and worthless regimes in history.

The stakes are high and he stakes matter. Which is why the oppressive regimes of the world must on no account be allowed to gain control of the Internet. Today they have two choices, they can try to cut themselves off from the net and watch their regime die quickly as the economy goes the way of North Korea or they can attempt to control the net and watch their power slowly drain away. They must on no account be allowed to create a third option for themselves.

All of which provides a pretty good explanation for what we currently observe in ITU politics. The oppressive powers would like to gain control and the ITU is far more susceptible to their influence than ICANN. The ITU is formed around the notion that nation-states are the primary actors in governance for a start. They will use terms such as 'security' and purport to be countering 'crime' and 'terrorism'. Here it is interesting to note that in a recent treaty, Russia and China defined information terrorism to include any form of speech that might lead be detrimental to the interests of government. The claims with regard to crime are equally insincere, if the Russian government wants to act against Internet crime we have a list of a couple of hundred criminals that their police would very much like to prosecute if they were allowed to.

Backing ICANN appears to be the only sensible course for the US. But the problem with this approach is that the US cannot risk ICANN itself being captured by hostile powers, and that in turn means that the US cannot ever release its de facto control of ICANN. The status quo prevails, but as with original status quo, the division of responsibility for the Church of the Holy Sepulchre in Jerusalem, it is an inherently unstable situation that is only maintained through constant vigilance on all sides.

The weakness in the present approach is that many countries that should be natural US allies have to be equally concerned about possible defection by the US. Let us consider for a moment what the policy of a Palin government might be, it is not an unreasonable hypothetical since this time two years ago she had a non-negligible chance of being a heartbeat of a septuagenarian cancer survivor away.

My belief is that the US has incorrectly analyzed its interests with respect to ICANN and control of the Internet. The core interest of the US is not to gain control, the core interest is to prevent any other party from gaining control.

I do not see it as being in any parties interest to maintain the current ITU/ICANN standoff. I think it would be much better to end it as soon as possible by forcing a draw. Rather than attempting to maintain its position as the sole control entity for the Internet, ICANN should parcel off a chunk of DNS space and a chunk of IPv6 space for ITU to manage as it sees fit.

For example ICANN creates a new TLD .ITU and a /16 of IPv6 space that the ITU will manage in whatever way it considers best. Neither would have the slightest impact on the technical administration of the Internet. There is no possibility of such an assignment being used for malice as ICANN and the RIRs would still be assigning address space from their pools.

The main positive for ICANN is that it would essentially forestall any ITU takeover maneuver. If you have a monopoly it is pretty easy for various parties to dispute who should be in control of it. Once the monopoly is broken up into a duopoly it is practically impossible to reverse the process. Ceding a small amount of territory in the right way makes it much harder for the ITU to acquire more. they would as a minimum have had to had done something of consequence with their existing assignment. And in the unlikely event that they had, that would itself create barriers to their acquiring more.

Whether you agree with my analysis or not, I hope that I have at least persuaded you to think about the possibility that there might be better approaches here than confrontation.

Written by Phillip Hallam-Baker, Consultant, Author, Speaker

www.circleid.com | 7/20/10 6:16 PM

Dialogue is the only way to end cybersquatting. Distrust between brand owners and domain owners (with an assist from some cockeyed business incentives) has turned a problem into a very expensive vicious cycle. Now that ICANN is about to launch new top-level domains (TLDs), negotiations must start immediately or both sides will pile up further loses.

Here's how the problem plays out now. Brand owners' threatening tactics put domain owners' backs up, and the domain owners seek revenge by registering even more domain names that contain brand names (some of them, arguably, not infringements). Brand owners, furious at the growing volume of domain names containing brand names, resort to measures that destroy shareholder value, including escalating threats and acquiring overvalued domain names. The approach, stemming from a lack of trust of the domain name community, is supported by biased measures of anti-squatting success. Despite the viability of, say, a carrot-and-stick solution (that needs to be tweaked and adjusted), current corporate success measures are based on the number of winning UDRPs and acquisitions, without regard to the economic effect of such tactics, which fuel the vicious cybersquatting circle and add to shareholder-value destruction. There needs to be a new mindset and/or a mandate from management to incorporate value in the reaction calculus. However, unfortunately, the reality of any change in the current modus operandi is that managers cannot just say no to the present strategy and performance measures, especially when their mindset goes deeper than purely monetary considerations.

We need to attack the problem, not the people and organizations. Accuse, insult, or snub the other side, and they stay the other side. The current adversarial strategy and tactics by both parties—the point scoring and vindictiveness of the brand owners' Coalition Against Domain Name Abuse (CADNA) and the domain owners' Internet Commerce Association (ICA)—add up to a vicious cycle that's sucking our energy and resources. The way out is through face-to-face negotiations. Both sides must come to the table with the intention of negotiating a solution, not scoring points. To put it simply, the first step is for brand owners and domain owners to want to understand each other.

The negotiating group must include all stakeholders. The new approach can be jumpstarted through a panel discussion at one of the upcoming domain name conferences

Written by Alex Tajirian, CEO

www.circleid.com | 7/20/10 6:07 PM

Dr. Kim Seang-Tae, the President of the National Information Society Agency of South Korea. Also one of the Commissioners of the ITU/UNESCO Broadband Commission for Digital Development.While jogging along LacLeman in Geneva I caught up with Dr. Kim Seang-Tae, the President of the National Information Society Agency of South Korea. He is also one of the Commissioners of the ITU/UNESCO Broadband Commission for Digital Development.

Dr. Seang-Tae is the chief architect of the FttH miracle that is transforming South Korea. His broadband journey began in 1994, when he developed the country's first broadband plan. In all, over $70bn has been invested by the government over the last 15 years, and as a result high-speed broadband is very affordable and subsidies are in place for rural users and others who might otherwise not have been able to pay for access.

The country now has over 70% high-speed broadband coverage with an uptake rate of above 50%. This large-scale result and high penetration level is now also opening up the market for new mass market services.

There is now a clear trend towards a trans-sector use of the infrastructure and Dr. Seang-Tae also envisages that this will eventually lead to free broadband access and that revenue will be generated from the services that are being provided over the infrastructure.

From the very early days this was government-driven policy. Throughout our walk he kept on mentioning the importance of a top-down approach. Of course I agreed wholeheartedly with this as I am preaching that same message in relation to the trans-sector concept.

Korea does have a Presidential Committee on e-Government and this comprises all the various government sectors such as healthcare, education, energy, transport, etc. This goes one step further than the trans-sector units that I have mentioned previously, which operate from the offices of the Prime Ministers of Australia and New Zealand and at the White House.

High-level government leadership is needed to break through the various departmental silos—it is only at this level that things can start to happen. The industry is more than happy to take the lead from that point on.

As a matter of fact, back in the 1990s it was very much the industry that took the lead from the government and built Korea into the smart country it is today—an example to the rest of the world.

Nevertheless, despite its success, silo thinking continues to be a problem in advancing the social and economic benefits more quickly. This gave Dr. Seang-Tae the idea of looking at what would be further needed to improve this situation—the Presidential Committee, despite its success, is still not sufficient to make this happen.

He had the novel idea of looking to the concept of an Academy for key people in (the departmental silos of) government and politics and to teach them about the economic and social benefits that a trans-sector approach to the use of broadband infrastructure. Because the issues are universal, this could indeed be an International Academy, which could also greatly contribute to assist the developing countries.

Written by Paul Budde, Managing Director of Paul Budde Communication

www.circleid.com | 7/20/10 6:52 AM

Kevin Shatzkamer, Chief Architect for Cisco Mobility, speaks to the mobile research Cisco has developed in helping Mobile Service Providers reach their ROI goals and objectives in projecting an increasingly demand driven market.

World Cup and Mobility

Q. How will World Cup viewership demand impact the mobile community from a network capacity standpoint?

A. There has been speculation for years that increased demand for mobile video would tax and possibly crash current networks and infrastructures of mobile operators. A predictor may be The World Cup games held in South Africa. "We know that AT&T, VERIZON, SPRINT, MobiTV and QUALCOMM FloTV teamed up to work with ESPN to offer mobile video coverage of the games." Real-time research conducted by ESPN on World Cup video demand has produced the following statistics:

VIEWING SOURCE - WORLD CUP GAMES
Source	Company	%
Internet	ESPN-ESPN3	31%
Radio	ESPN Radio	8%
Mobile	ESPN Mobile Sites	6%
"Traditional TV remains the dominate source of viewing for the games

MOBILE VIDEO TRENDING
Event	Source	Total Views	Total Days
Vancouver Olympics	Mobile	2.0 Million	17
World Cup	Mobile	1.8 Million	7

"What is interesting in these statistics is that not only are people watching on mobile video, but they are spending an inordinately long period of time watching video on their mobile device, which is significant. Speaking to network capability in handling this viewership, think of over one-hundred thousand cell towers in the U.S. alone, not to mention globally, to handle this demand and you can see the network is not currently being impacted significantly."

Q. Where does mobile traffic go from here and what are the demands going to be for video in both near and long term?

A. Cisco predicts that sixty-six percent of mobile traffic in the future will be video and whether the FCC's reclamation of needed spectrum is enough is not yet known. Kevin goes on to explain that whenever you have a delivery method that leverages a finite resource, such as spectrum; there will always be increased contention depending on what people are doing over that network at any particular time.

It's important to remember that video over wireless can be taxing on the entire network, not just the radio interface. One example is the backhaul network, which is always provisioned with some level of oversubscription. There are technologies that can be used today like video optimization and multicasting technologies which can help a service provider better distribute and deliver mobile video. Other solutions include moving from streaming video to more adaptive protocols like fragmented MP4.

Video and the Network

Q. Why should we look at mobile video as just another application within the network and not a bandwidth hog that could potentially crash the network during peak usage?

A. As an analogy to building strong video infrastructure, Kevin points out that Cable Operators have invested tremendous amounts of capital in their video delivery platforms. It is important to understand that cable has the revenue models which support this kind of investment. Wireless on the other hand has not developed the kind of revenue streams for video since the demand has not been sufficient to support that investment, albeit on a smaller scale.

However, research indicates that as mobile video continues to grow, these kinds of investments will be needed to upgrade current networks to both capitalize on revenue streams and handle the burgeoning demand for video over increasingly diverse devices. Long-term, video might not be looked at strictly as an over-the-top service for mobile, but instead an opportunity for mobile service providers to insert themselves into the value chain; if this successfully occurs, the infrastructure investments which need to take place will happen.

Cisco's experience with operators continues to indicate a focus on optimizing the entire network, including the backhaul, which needs to be a primary consideration in subscription models. Cisco is helping operators control the impact of video by implementing intelligent network capabilities in the core, mobile services and gateways, and backhaul networks. These solutions add immediate value by conserving the RF itself, but also provide the foundation for new monetization capabilities. He adds that adding more spectrum is helpful to the problem, but should not be the only focus of mobile operators.

Kevin points to a consistent theme across all models whether it's Docsis3 or LTE in that the Internet Protocol (IP) is becoming less about a transport mechanism and more about a service delivery platform. He compares Docsis3.0 carrying cable signals to a modem which becomes your access point, where mobile will use the cell tower as the same type user access point. In essence, from the access point back through the network, IP will be the primary technology for service delivery.

Net Neutrality and Regulation

Q. What is the potential impact of Net Neutrality possible legislation which could affect service provider ability to manage their networks?

A. The crux of Cisco's policy release takes a practical view regarding any initiatives that would control service provider network management strength. In essence, "Cisco supports competition within the marketplace and believes that any regulation based on any perceived or potential future abuses are not in the best interest of logical network management practices."

At best the outlook for where technology will be in the future is uncertain, but as progression in technology evolves as a result of private market forces, any attempt to regulate those forces would dampen private investment as a natural evolution. It is inherent that networks be managed in a way to promote bandwidth optimization which fills the needs of both casual and heavy users. Fair usage will be critical to enabling any network of the future and requires an intelligent IP infrastructure. This also sets the stage to use tiered pricing to offer expanded services critical to a B2B and B2C economical model.

Tiered Pricing Models

Q. Why is tiered pricing important for Service Providers in the Future?

A. Quoting Bernstein Research to predict the evolution of mobile data and how fast it is growing in a shift from a voice dominated model to a data dominate model, Kevin conveys that 50% -70% of future revenue will begin to come from a data model with a de-coupling of mobile revenue and traffic with revenues now accounting for $.43 per Megabyte. Bernstein predicts that by 2014 those current revenues will drop to $.02 per Megabyte and points to current revenue models as becoming deflationary.

While networks are moving from circuit to packet models as they continue to upgrade their infrastructure, the amount of capital invested as compared to resulting ROI is expected to decrease 30% by 2014. Increasingly mobile service providers will be looking for ways to monetize their networks. While the tiering trend has been with the cable industry for quite some time, it has not yet evolved within mobile markets.

Kevin predicts this will change as the industry evolves to the tiered approach beginning with flat-rate for basic users and progressing to higher level packages as individual demand increases. Using the 80-20 rule, Kevin compares how only 20% of all users can demand an exorbitant amount of bandwidth and tiering is an inevitable market force in the future. In reality, this will not affect the majority of users where pricing will be very competitive, but will take the heavy users to an appropriate bundling strategy that can handle specific demands at a relative price model.

Creating New Revenue Models becomes Critical

It can be surmised that current pricing models within the mobile industry is driving traffic to higher levels especially with the amount of rich applications being afforded customers due to the iPhone and Android appearance on the scene with open source development driving those applications.

However, mobile operators are only covering their costs with current revenue models and will need the new service offerings and pricing models to create additional revenues and ROI in the near future. Kevin, shares that tiered pricing is only one model of the total business spectrum service providers should be looking at to grow ROI. Cisco is committed to helping providers find other businesses and models to extrapolate the potential of future networks.

That being from a standpoint of B2B services in environmental, energy savings and monitoring services with which both businesses and consumers could reap much higher benefits from these kinds of services. Mobile data penetrations are nearing 50% and voice penetrations are already at 95% which brings further credence to understanding the need for service providers to differentiate mobile service offerings, including mobile data, to retain existing customers, grow their subscriber base, and increase their revenues.

Written by Leonard Grace, Founder & Editor - The Cable Pipeline

www.circleid.com | 7/20/10 6:34 AM

Afilias, a leading provider of Internet infrastructure services, announced that Black Lotus Communications has selected Afilias' FlexDNS^SM Platform to provide DNS infrastructure in support of its distributed denial-of-service (DDoS) protection solutions. Black Lotus needed to replace its previous DNS provider in order to improve its resiliency to DDoS attacks and achieve better economy in its DNS management.

"Outsourcing our DNS allows us to focus on our core competencies and leverage numerous off-site nodes to discourage DDoS attacks against our name resolution infrastructure," said Jeffrey Lyon, President of Black Lotus. Black Lotus"Since switching to Afilias, we were able to cut our costs by more than 50 percent and receive more value for about the same cost of running our own off-site nodes."

Afilias' FlexDNS Platform provides three different ways to utilize Afilias' DNS network: A Web-based portal, AXFR (DNS zone transfer), or an Application Programming Interface (API). Black Lotus selected Afilias' Web-based portal, which provides a simple, easy-to-use online interface to manage DNS settings for small or large portfolios of domains. The Web-portal also provides bulk import functionality, an advanced reporting suite, and enhanced security alerts and notifications.

Black Lotus also selected Afilias' SiteCertain™ IP monitoring and failover service to ensure that their customers will always have a working IP address to failover to incase of emergency or compromise.

"Any organization that is providing critical services across the Internet needs to take their DNS seriously and ensure that they avoid single points of failure," said John Kane, Vice President of Corporate Services for Afilias. "We are pleased to provide Black Lotus with both a valuable and cost-effective DNS solution to enhance the resiliency and reliability of their important DDoS protection services."

About Afilias Managed DNS Services
Afilias' state of the art DNS network ensures security and resiliency through a diverse Anycast architecture. Its multi-layered, tiered design uses multiple hardware and software solutions, multiple bandwidth providers, and is dispersed across numerous geographic locations, avoiding single points of failure and guarantee 100 percent up-time. Afilias' system also supports DNSSEC. To learn more about Afilias' FlexDNS platform visit http://www.flexdns.info/

About Black Lotus (HOSTINGCON Booth #101)
Black Lotus Communications is first and leading in distributed denial-of-service protection solutions. The company was the first to market a commercially viable DDoS protection solution and provides protected hosting services, web proxies, IP tunnels, and the ecologically friendly LotusCloud VM, a dedicated server environment that is 16 times more efficient than its bare metal counterpart. For more information visit http://www.blacklotus.net/

Afilias (HOSTINGCON Booth #535)

www.circleid.com | 7/19/10 4:03 PM

So we finally have a signed root zone.

Now when is someone going to answer the question I first asked over five years ago and have still not had an answer to: How do the domain name owner's keys get into the TLD?

Before we have a system people can use there have to be technical standards, validation criteria and a business model. Where are they?

And before we can answer any of those questions we have to answer the even bigger one: what problem is DNSSEC going to solve?

Or to be more precise: which security problem is DNSSEC going to solve. Because if the idea is that DNSSEC is going to eliminate the need for people to pay for those pesky SSL certificates, then expect some tense moments at ICANN meetings. Most registrars sell domain names at cost and make their margins on upsells such as web hosting and SSL certificate resale.

Then there is the question of liability. So far DNSSEC has been run by ICANN and the registries and we can be pretty sure that to the extent issues of liability have been thought about at all, neither is willing to accept it. Which leaves the registrars on the hook for liabilities that are unknown and uncontrolled.

SSL certificate authorities have developed mechanisms that allow them to control their liability and avoid lawsuits. They do not warrant the outcome, they warrant the process. They embed relying party agreements and offer insurance. DNSSEC as currently designed does not provide any of those controls.

So looking at DNSSEC from the registrar's point of view, they are expected to invest in building out an as yet undefined technical infrastructure for a product for which demand has not yet been demonstrated, will cannibalize existing revenues and incur unknown (but uncontrolled) revenues.

Is it really just me who sees it this way?

Is there anyone else interested in looking at these issues?

Written by Phillip Hallam-Baker, Consultant, Author, Speaker

www.circleid.com | 7/19/10 12:08 AM

July 15, 2010 (yesterday) marked the end of the beginning for DNSSEC, as the DNS root was cryptographically signed. For nearly two decades, security researchers, academics and Internet leaders have worked to develop and deploy Domain Name System Security Extensions (DNSSEC). DNSSEC was developed to improve the overall security of the DNS, a need which was dramatized by the discovery of the Kaminsky bug a few years ago.

If researchers have been working on this for years, one might ask: why is this only the "end of the beginning?" The answer is, of course, that "overnight changes" usually occur only after a decade or more of hard work. Until recently, DNSSEC was often criticized as a solution in search of a problem. However, the now famous "Kaminsky bug," a cache poisoning exploit that DNSSEC fixes, changed all that in a hurry.

DNSSEC deployment first became real when .SE (Sweden) announced in 2007 that it had signed its zone. Another DNSSEC leader, .ORG, managed by the Public Interest Registry, opened its DNSSEC testbed in the same year. Soon thereafter, the number of countries and other operators deploying DNSSEC in their infrastructure started to swell.

Yesterday, ICANN and VeriSign, after months of careful work, completed the signing of the Root zone, fully enabling DNSSEC queries to be validateable down the "chain of trust." For the first time ever, it became possible to have a DNS query for a signed zone completely validated from an end-user's computer all the way to the root of the DNS.

The seal of trust that DNSSEC now delivers at the root level of the Domain Name System is a testament to an idea whose time has come—an idea chaperoned by scores of engineers, technicians and policy makers, and executed by operators of networks and names. As DNSSEC deployment enters its next phase, let us take a moment to salute the work done by all those who have come before us, and all those who are in this with us.

July 15, 2010 marks the end of the beginning for DNSSEC, and the opening of a new chapter in the task of securing the core infrastructure on which the global Internet relies. We are now in the era of DNS 2.0.

Written by Ram Mohan, Executive Vice President & CTO, Afilias

www.circleid.com | 7/16/10 8:07 PM

Toyota Motor Sales, U.S.A., Inc. v. Tabari, 2010 WL 2680891 (9th Cir. July 8, 2010)

Every time I see a federal appellate opinion on domain names, I'm vaguely reminded of the Country Joe song I-Feel-Like-I'm-Fixin'-To-Die Rag, whose course goes "And it's one, two, three, what are we fighting for?" Fortunately, domain name disputes do not lead to the senseless loss of life we experienced from the Vietnam War. Unfortunately, lengthy domain name litigation usually has little more strategic value. Invariably, the domain name litigation has less to do with rational economic decision-making and more to do with chest-beating and posturing.

I bring this up because the Ninth Circuit's latest domain name opinion involves litigation that makes no financial sense for either side. The Tabaris are independent auto brokers that help their customers find and buy Lexus vehicles from an authorized Lexus dealer. They run a business called Fast Imports from the domains buy-a-lexus.com and buyorleaselexus.com.

What is Lexus' problem with those domain names? The Tabaris are helping people buy Lexuses, so Lexus is going to get its fair share no matter what. The appellate opinion did not indicate that the Tabaris are crooks or trying to divert Lexus customers to other brands. So Lexus, why sue your friends? The opinion hints that Lexus was trying to improve dealer relations by squelching a broker who plays dealers off each other, but hey, that's fair competition.

From the Tabaris' perspective, losing these domain names should not be intrinsically fatal to their business. The Tabaris could set up shop at any number of other domain names, in which case they would lose only the built-up clicks from existing links to the site (I wonder how many of those there were in this case) and any extra Google juice from having a seasoned domain name with the trademark in it. I always find it weird when appellate courts treat a defendant's domain name as the dispositive linchpin of communication between interested parties rather than just one of many SEO tools.

Refreshingly, this opinion does not overestimate the domain name's value. However, it doesn't see any reason to consider a switch either: "the Tabaris needed to communicate that they specialize in Lexus vehicles, and using the Lexus mark in their domain names accomplished this goal. While using Lexus in their domain names wasn't the only way to communicate the nature of their business, the same could be said of virtually any choice the Tabaris made about how to convey their message."

While the opinion focuses on domain names, the Tabaris' websites also, at some point, used copyrighted Lexus photos and displayed the Big L logo. Normally, a photo rip and unauthorized logo display will get a district court judge to rule in favor of the IP owner. Before Lexus sued, the Tabaris cleaned up those issues, so the Ninth Circuit panel focuses solely on the two domain names (because an injunction was the only remedy at issue). This is a logical move by the Ninth Circuit, but most courts will not be so forgiving of sites that borrow the official logo and copyrighted photos.

With the Tabaris' use of the two domain names in their auto brokerage business the only issue on appeal, this should be an easy call per the nominative use doctrine. However, the words "easy" and "nominative use doctrine" go together like peanut butter and artichokes. Personally, I still have no idea when businesses outside a manufacturer's authorized channel can legally include the manufacturer's trademark in their name. Each case seems to be sui generis.

To segregate legitimate from illegitimate uses of third party trademarks in domain names, the opinion lays out a surprisingly lucid taxonomy with 3 categories of presumptively illegitimate domain names:

1) "When a domain name consists only of the trademark followed by .com, or some other suffix like .org or .net, it will typically suggest sponsorship or endorsement by the trademark holder." This makes sense intuitively, but (A) the court doesn't address the seemingly contradictory Lamparello case, and (B) the opinion's reasoning remains predicated on dicey assumptions about consumer search behavior, such as consumers typing in trademark.com into their web browser address bar—an assumption that has grown dicier with the rise of omniboxes.

2) "Sites like trademark-USA.com, trademark-of-glendale.com or e-trademark.com will also generally suggest sponsorship or endorsement by the trademark holder."

3) "domains like official-trademark-site.com or we-are-trademark.com affirmatively suggest sponsorship or endorsement by the trademark holder and are not nominative fair use"

By implication, other domain names generally should be eligible for nominative use. At minimum, buy-a-TRADEMARK.com and buyorleaseTRADEMARK.com should be fair game for resellers and related parties like buying agents. In support of this, the court rejects Lexus' argument that there was something untoward about the Tabaris brokering other auto manufacturers if their customers decided they didn't want a Lexus. For more on this, see my Brand Spillovers article.

The opinion suggests that the following domain names should qualify for nominative use or otherwise be permissible as well:

• mercedesforum.com
• mercedestalk.net
• starbucksgossip.com
• frys-electronics-ads.com
• mercedesboots.com
• mercedeshomes.com [although I wonder about dilution with these two]
• comcastsucks.org

Procedurally, the opinion addresses several key issues about the interaction between the nominative use test and the likelihood of consumer confusion test. The opinion says that an evaluation of consumer confusion is implicitly built into the New Kids on the Block nominative use test. Therefore, "if the nominative use satisfies the three-factor New Kids test, it doesn't infringe" without needing to consider the likelihood of consumer confusion test at all. Thus, "nominative fair use 'replaces' Sleekcraft as the proper test for likely consumer confusion whenever defendant asserts to have referred to the trademarked good itself." Further, once a "defendant seeking to assert nominative fair use as a defense...show[s] that it used the mark to refer to the trademarked good," the trademark owner bears the burden of disproving nominative use. All of these procedural points have been hotly contested in prior cases.

The court concludes that the district court's injunction against the Tabaris using "Lexus" in domain names was too broad and remands the case to the district court to try again. Although the court doesn't tell the district court exactly what to do, it does indicate: "At the very least, the injunction must be modified to allow some use of the Lexus mark in domain names by the Tabaris."

This is a rich and multi-faceted opinion written in a confident and emphatic style...perhaps too emphatically, as the opinion swings around like a bull in a china shop, breezily overturning or sidestepping numerous 9th Circuit precedents on both domain names and nominative use. Were this opinion to become the definitive 9th Circuit statement on either domain names or nominative use, this case would be a landmark opinion. However, the 9th Circuit's Internet trademark jurisprudence has awkwardly accreted on a case-by-case basis for more than a decade, and I doubt this opinion will meaningfully affect the next 9th Circuit panel's considerations.

Even so, this case has to be good news for shopbots. Although the Tabaris were "manual" shopping agents, the case's reasoning should apply equally well to all shopbots comparison search engines and review sites that use third party trademarks as part of their taxonomy. These sites regularly get nastygrams from trademark owners. It will be interesting to see if this case helps turn that tide.

A final oddity: Judge Kozinski wrote both this opinion and the recent eVisa decision. Although the opinions involve different trademark doctrines applicable to domain names (a nominative use defense instead of dilution), their spirit couldn't be more different. The eVisa case was decidedly pro-plaintiff, while this opinion is very defense-favorable. I wonder if Kozinski bent over backwards to help a pro se litigant (the Tabaris represented themselves), or perhaps Lexus' anti-competitive intent set him off. Otherwise, although the split opinions in theory can be harmonized on numerous bases, they struck me as schizophrenic.

More comments from Rebecca Tushnet (smart and challenging, as always—especially about the numerous empirical deficiencies in the opinion), Ryan Gile and Tom O'Toole.

Written by Eric Goldman, Associate Professor, Santa Clara University School of Law

www.circleid.com | 7/16/10 7:31 PM

With the launch of new generic Top-Level Domains (gTLDs) expected to occur early next year, many are closely examining the opportunities and risks associated with ICANN's Program.

Although still in draft format and subject to change, keep these gotchas in mind as you think through your strategy.

A 70% Refund Sounds Great – If you decide not to move forward with your new gTLD application after its initial posting, you are eligible to receive a 70% refund. But because the application fee is $185,000, pulling an application from the process will still result in a cost of $50,000.

You'll Need to Move Quickly to Object to Applications that Pass the Initial Evaluation – Objections to new gTLD applications can be made as soon as they are posted to the ICANN site for a period of approximately five months. However, you will only have two weeks to file objections once the Initial Evaluation results are made available.

Obtaining a New gTLD Could Take 19 Months – If you fail the Initial Evaluation, if your application is disputed, and if there is string contention, even the Guidebook says it could take up to 19 months before your new gTLD is delegated.

Trademark Clearinghouse Only Simplifies Trademark Sunrises – In the past, Registries have relied upon Trademark Sunrises to help recoup their internal start-up costs. With the Trademark Clearinghouse, Registries will no longer be able to charge exorbitant Trademark validation fees. This does not mean, however that other Sunrise periods won't also be instated. Be prepared for the submission of business registration requirements, local presence requirements, and proof of industry trade association membership, along with additional fees for validation.

The Uniform Rapid Suspension (URS) May Be More Work than It's Worth – When the Implementation Recommendation Team originally devised the URS, it was supposed to be a quick, easy and inexpensive method for dealing with clearly infringing domains. As it stands now though, it isn't any of those things. Domains that are successfully suspended as a result of the URS procedure are only suspended for the remainder of their registration term, or for an additional year at current market registration rates. After suspension ends, domains become available for registration and are likely to be registered again resulting in a never-ending cycle of watching and suspending.

Registry Services Should Not Be Taken Lightly – Registries are responsible for running their TLDs in a stable and secure manner, complying with ICANN's consensus and temporary policies, implementing start-up and post-launch rights protection mechanisms, providing protection for country and territory names, depositing data into escrow, delivering monthly reports to ICANN, hosting a Whois services, maintaining relationships with ICANN-accredited Registrars, maintaining an abuse point of contact, cooperating with contractual compliance audits, making TLD zone files available, and enabling DNSSEC.

Your Relationship with ICANN Could Be More Solid Than Many Marriages – That's right—when you apply for a new gTLD, be prepared for a 10-year commitment.

You'll Need to Prepare for the Worst – To obtain a new gTLD, not only will you need to define its mission and purpose, develop financial plans, and describe technical and operational capabilities, but you will also be required to maintain a continued operations instrument sufficient to fund basic operations for a period of three years which would continue in place for five years after the delegation of the registry AND you must also have a continuity plan in place which includes the designation of a transition provider.

New Registrations Won't Likely Be Available Until Late 2011 / Early 2012 – Even if applications are accepted early next year, even in the best case scenario, it will still be some time before we actually see new gTLDs in the root.

The ICANN Board Still Needs to Approve All Applications – Even after the numerous reviews by the String Similarity Panel, the DNS Stability Panel, the Geographical Names Panel, the Technical Evaluation Panel, the Financial Evaluation Panel and the Registry Service Technical Evaluation Panel, at the end of the day—entry into any Registry agreement by ICANN must first be approved by the ICANN Board of Directors.

Written by Elisa Cooper, Director of Product Marketing at MarkMonitor

www.circleid.com | 7/16/10 12:22 AM

J. Nicholas Hoover reporting in InformationWeek: "The White House on Wednesday issued an update of the Obama administration's ongoing cybersecurity work, detailing some of the steps being taken in an effort to secure the nation's networks against cyber attacks and in the process offering some new insight into the administration's future plans. The progress report, issued immediately after a meeting held by White House cybersecurity coordinator Howard Schmidt with agency secretaries, cybersecurity experts..."

Related Links:
White House Issues Cybersecurity Report InformationWeek, Jul.15.2010
White House, executives discuss economic incentives for cybersecurity Nextgov, Jul.15.2010

www.circleid.com | 7/15/10 9:42 PM

For months, our community has been abuzz with one word: DNSSEC. Now, it's trickling into the White House.

Just yesterday, U.S. Department of Commerce Secretary Gary Locke announced, as part of a larger cybersecurity policy review, that the Commerce Department is one step closer to making "significant progress in helping the Internet become more robust and secure" by deploying DNSSEC at the root of the Domain Name System (DNS). "This action will essentially give a 'tamper proof seal' to the address book of the Internet—a seal that gives Internet users confidence in their online experience," he stated.

We couldn't agree more. As the first generic top-level domain to sign second-level delegations, .ORG not only applauds this historic moment, but we are also proud to be an active participant. Deploying DNSSEC at the root zone exemplifies the success that can be achieved through public-private sector cooperation. With cybersecurity atop of all our minds—whether you live on Pennsylvania Avenue or on Main Street, such collaboration is essential to ensuring that our technology solutions and protocols help shape policy as well as Internet standards. As Secretary Locke mentioned, "The Internet...is the cornerstone of the global economy," responsible for $10 trillion in annual online transactions. It's about time we collectively make it all that more secure.

www.circleid.com | 7/15/10 9:18 PM

In a perfect world, consumers recognize authentic emails from fake, update their operating system, browser and anti-virus software, and have a healthy skepticism about the safety of the Internet.

The bad guys hate perfect, so we should be working with consumers to stop them.

I deal with the ugly aftermath of one type of cybercrime, helping consumers recover from identity theft. As a result, I am passionate about letting consumers know about online and real world sources of the crime.

Organizations like mine are joining forces to recruit consumers—who are also your customers and employees—in the fight against cybercrime. Expect to see major public education outreach in October as National Cyber Security Week, an initiative of the National Cyber Security Alliance, a month that also features Protect Your Identity Week, a coalition spearheaded by the National Consumer Counseling Association.

There are also professional organizations, like the Anti-Phishing Working Group and the Online Trust Alliance, that develop ideas and solutions to educate and arm consumers.

The obstacles to engaging consumers in the fight against cyber crime are enormous—more about that next time—but we ignore consumers at our peril. I encourage you to consider joining professional organizations like these and welcome your thoughts on those I've missed here or on our blog. In this fight, it takes an army.

Read more from the ITAC blog here.

Written by Anne Wallace, President, Identity Theft Assistance Center

www.circleid.com | 7/15/10 1:46 PM

As the implementation of DNSSEC continues to gather momentum and with a number of ccTLDs, and the .org gTLD having deployed it into their production systems, I think it is worth pausing to take a look at the entire DNSSEC situation.

Whilst it is absolutely clear that DNSSEC is a significant step forward in terms of securing the DNS, it is but one link in the security chain and is therefore not, in itself, a comprehensive solution to fully securing the DNS system.

The first issue, which is likely to be only a short to medium term problem, is that there are currently no generally available applications, including web browsers that utilise DNSSEC. This means that even where DNSSEC has been implemented and is in active use, there is at present no straightforward means by which users can knowingly benefit from it.

It is possible to configure a DNS service to reject any records that fail DNSSEC validation, but this is an unsophisticated approach that will not differentiate to the user between DNSSEC failures and other DNS errors. Additionally there are currently no applications that (by default) will indicate the ‘success’ of any such validation to the user.

A more serious issue however is the fact that while DNSSEC provides the ability to certify that requested DNS records have come from an authoritative source and have not been tampered with in transit, it does not mean that those authoritative DNS records are themselves legitimate.

As the saying goes, a chain is only as strong as its weakest link. In this case, the chain includes a number of factors, including the registrant themselves, their registrar (and hosting provider, if different) and the registry, each of which is (at least theoretically) a potential route through which malicious DNS records can be introduced.

Arguably the greatest risk sits with the registrant (which may of course be an individual or a large corporation or anything in between), where a variety of threat vectors exist, including insecure passwords, malware and social engineering. Service providers, including registrars and hosting providers should (and, of course, in the vast majority of cases, do) provide relatively high levels of security including secure logins, however with increasing automation comes increasing risk – with a fully automated system, a compromised login provides a malicious user with the freedom to make changes at will, including updating DNS records to divert traffic to phishing or other malicious sites.

Registries are also not immune from security risks and should be held to the highest security standards. In short, in order to ensure a completely secure chain of trust for the DNS, all the links in the chain on both the lookup and provisioning sides need be as secure as possible.

While this may seem to be stating the obvious, the real issue here, as I see it, is the risk that the introduction of DNSSEC may create an unwarranted sense of security. Malicious DNS records, if entered into a DNSSEC-signed zone through a compromised registrant account or via a hacking attack on a hosting provider will potentially be considered to be more ‘secure’ than legitimate, but unsigned DNS records.

Another significant concern is that there are currently no standards in existence relating to the implementation of DNSSEC, with respect to the provisioning side of the equation. Without agreed implementation standards, especially in the area of security and verification, it is likely that a variety of implementation methods will be adopted, leading to a confusing, potentially unworkable and ultimately costly environment for hosting and other service providers, that will only hamper the adoption of DNSSEC at this crucial level. This will be particularly true in the case of transferring DNSSEC-signed domains between hosting providers.

There is currently little evidence of user demand for DNSSEC, making for a challenging business case for most providers without the added complexity of having to cater for a variety of implementations. There are likely to be a small number of niche providers that will recognise an opportunity to provide DNSSEC services to their clients and are forward thinking enough to know that they are ahead of the curve by implementing now, however the success of DNSSEC requires widespread adoption. For a majority of providers, operating on tight margins, implementing DNSSEC will only start to make business sense when not supporting it starts to impact their market share.

ICANN is realistically the only organisation capable, through its gTLD Registry and Registrar contracts, of effectively mandating implementation and security standards for DNSSEC that will be adopted at all levels of the DNS supply chain, so I would encourage the development of such standards as part of ICANN’s ongoing policy development work.

Written by Chris Wright, Chief Technology Officer, AusRegistry International

www.circleid.com | 7/15/10 3:00 AM

What were you doing this week back in 1985? Answer: Probably watching the debut of Back to the Future, a early Steven Spielberg movie which incorporated novel uses of technology to travel in time. During that same time in 1985, however, another innovative use of technology was also making its debut—one with much greater implications for improving our lives on a global scale.

On July 10, 1985 the first .ORG domain name (mitre.org) was registered, joining the initial registrations in .com and 5 other "generic top level domains" in the Internet's Root zone. This date marks the starting point of the Internet revolution by allowing Internet users to locate online resources by easy-to-remember names instead of complex numbers. Making the Internet more accessible has spurred global economic development, improved freedoms and increased access to knowledge for the last 25 years.

Afilias is pleased to be a partner with .ORG, The Public Interest Registry (PIR) in supporting the millions of .ORG domains now in use worldwide. We are proud to provide state of the art registry and DNS services which ensure that .ORG is a reliable and secure home for the millions of organizations worldwide who depend on their .ORG online identity to pursue their missions. We have worked closely for the past seven years with PIR and its parent organization, the Internet Society (ISOC), to continuously upgrade the critical infrastructure supporting .ORG to meet the needs of both current and future Internet users. The recent deployment of a significantly upgraded security technology, DNSSEC, across the .ORG domain is but one example of how PIR, ISOC and Afilias join together to ensure the .ORG domain is exemplary, safe and trusted.

Since 2003, when PIR became the steward of .ORG, .ORG has grown by almost 300% to over 8 million domains. This growth is a testament to the dedicated and focused team at PIR, the secure and reliable technology underpinning the registry, and to the engaged base of active registrars, who serve the expanding core of .ORG registrants and the larger universe of .ORG Internet users. The achievements of .ORG over the past twenty-five years in general and the seven years in particular point to a great renaissance and a period of extraordinary activity and success for .ORG, and bode well for the next twenty-five years.

The entire team at Afilias congratulates Alexa Raad, CEO of PIR (CircleID), her team, ISOC and the Internet community on achieving this important and historic milestone. Happy Birthday .ORG!

Click for Larger Image / .ORG Timeline & History

www.circleid.com | 7/14/10 10:17 PM