Public participation site

The Optical Network Terminal (ONT) is the piece of equipment at the end of the Fiber to the Home (FttH) network; the connection to the premises. From here the various services can be delivered to the end-users.

In Australia the FttH infrastructure company NBN Co is in favour of having the ONT on the outside of the premises, as that would be the cheapest option and would also allow for easier maintenance.

Only in multi-dwelling buildings the ONT will most probably be installed within each unit.

One of the more problematic issues here is how one goes about bringing electric power to the ONT. An interesting solution could include cooperation with the electricity company, which could arrange that and at the same time use it for its smart meter rollout.

But this might be the easiest problem to solve.

Providing access from the outside ONT to the interior of a dwelling represents a more serious problem. First of all there are the technical issues such as drilling through walls, but also issues relating to how one goes about powering and grounding the terminal equipment Recently this has become somewhat simplified, through the use of one of several IEEE Power over Ethernet (PoE) standards, assuming the provider and its vendor both support it.

But also this is still reasonably simple to resolve.

The real issue is who is going to do the job? Will it be DIY house-owners, regulated installers, the first telco to arrive on the scene, the utility to install a smart meter or the healthcare organisation that has a patient to monitor—or perhaps the council needs to be involved?

If this is not carefully thought through it could amount to opening a Pandora's box. There are legal issues, safety issues, security issues and, perhaps most importantly, financial issues.

The NBN is a national government infrastructure project and people will expect to be able to use that service. If it is placed outside the building for many people it might just as well have been installed in the next city—it is not going to provide access. There is no doubt that some users will be happy to pay for this; however most people will have major issues with it.

On the supply side, once the connection is inside it will be much easier for providers to offer their services. So will the first one to offer a service have to pay the total cost of bringing the connection inside? Again I can foresee many disputes.

People are beginning to understand the utility function of broadband. When one starts looking at how other access to such services is managed it quickly becomes evident that many solutions, in one way or another, involve a regulated connection charge, a council rate, a government tax or combinations of these.

These might be unpopular political issues to discuss but once you start moving in this direction these are the consequences and they need to be addressed upfront. If NBN Co has its way and the ONT is placed outside premises then the government will have to formulate a policy on how that connection gets inside the dwellings.

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Access Providers, Broadband, Telecom

There has been a lot of talk about IDNs here and elsewhere but what does the reality look like for a plain user?

As a test, I randomly choose 28 domains from Alexa's top 100 Sites and tried to create a user account with the email address user@??.com.

The bleak result: only wikipedia.org accepted the IDN - and later on failed to send a verification ping - all other rejected the email address.

IDN domains have standardized since March 2003 (RFC 3490) but as far as I know only one major email provider actually supports IDNs flawlessly…

The tested domains in alphabetic order were: adobe.com, amazon.com, bing.com, blogger.com, cnet.com, cnn.com, conduit.com, craigslist.org, dailymotion.com, deviantart.com, ebay.com, facebook.com, hi5.com, imageshack.us, imdb.com, linkedin.com, live.com, livejournal.com, mediafire.com, megaupload.com, mininova.org, myspace.com, nytimes.com, photobucket.com, twitter.com, wikipedia.org, wordpress.com, youtube.com

Written by Th. Kühne

Follow CircleID on Twitter

More under: DNS, Domain Names, Email, Multilinguism, Top-Level Domains

I tend to chuckle at every new proclamation that email is dead. Google Wave won't kill it. Twitter and Facebook aren't killing it; they're using it. RSS didn't kill it. Instant messaging didn't kill it. "Push media" (remember that?) didn't kill it. AOL and Compuserve and Prodigy didn't kill it; they joined it. And before that, usenet and email lived happily side-by-side.

Over the years the Coalition Against Unsolicited Commercial Email (CAUCE), the world's oldest and largest email advocacy organization, has also predicted the death of email. Some day, we've said, we will reach a tipping point where spam finally makes email unusable for regular people. And for any people who doesn't have good spam filters, that's already happened. Avoiding email's death by spam has given rise to the spam filtering & security industry, and the equally powerful mailbox hosting industry. It has elevated open source projects like SpamAssassin from curiosities to necessities. I've lost count of the number of hardcore geeks who've finally given up on running their own severs, and moved their personal mail to Gmail. Through these efforts, and these small personal concessions, email survives.

But it's not the same, and I'm left wondering if a part of email has died.

When CAUCE started up in the mid-nineties, we got some flak for being against unsolicited commercial email instead of all bulk email. We made that choice partly because we've always advocated for strong, intelligently crafted anti-spam laws, and legislators—particularly in the United States—are more willing to restrict commercial speech than non-commercial speech. But it's also because not all bulk email is spam; there are lots of non-commercial, non-spammy reasons to send the same message to a whole bunch of people.

We did that ourselves recently, alerting our members and supporters to the debate over Canada's proposed anti-spam bill, C-27. Some of the messages bounced because the email address was no longer valid, no surprise given how long it's been since there was anything exciting for us to tell them. Some—we don't know how much—was caught in spam filters, though few would argue that a message sent from a venerable anti-spam organization to our willing subscribers is spam.

Along with the filtering and hosting industries, another new field has sprung up in response to spam. They call their work "deliverability," and have developed tools which attempt to determine whether a message will be successfully delivered to the intended recipients. Some will go as far as sending a messages through popular spam filters to see if it'll get caught, or calling mailbox providers to beg for the mail to be allowed through. The old-time anti-spam community would've said this is the domain of spammers, but to many people and companies who are trying to send bulk non-spam mail today, it feels like a necessity.

(In the interests of transparency I should mention that CAUCE is sponsored in part by a company which offers deliverability-related products, and some of our board members work in that field.)

So we've got filters battling spam, and now deliverability wonks battling filters. But the deliverability industry is primarily only interested in delivering marketing email—in other words, solicited commercial bulk email. The Messaging Anti-Abuse Working Group (MAAWG) published a study this past summer which reminded us that, to actual humans, marketing is far from the most important kind of email. But there's no doubt that it's part of the email experience.

With that battle going on, bulk email—marketing and otherwise—may indeed on the verge of dying. Increasing spam leads to increasing filtering leads to increasing deliverability problems, but it's not the filters that created the problem. What's killing it, ironically, is that bulk email was never supposed to exist in the first place. At the most basic technical level, email is like traditional marriage: from one email address, to one email address. The author can include more than one recipient, but the underlying systems deliver the message to each recipient's mailbox as a new, separate transaction. In this way, the concept of "bulk email" is nearly identical to bulk postal mail—you may only be pressing the "send" button once, but the sending process happens multiple times, across many separate instances.

Other technologies are much, much better at disseminating information from one author to multiple willing recipients. RSS, which is really just another way to access content from the web, does it quite well. So do social networking sites like Facebook. And Twitter, with its culture of "re-tweeting" other peoples' messages to disseminate them further, is perfect.

Our experience with the C-27 effort was that email got the message out a little bit, with little visible effect—and if we'd wanted to, we could've spent countless hours tracking down deliverability issues. The CAUCE page on Facebook got some attention. Our Twitter follower count grew quickly without much effort on our part, and our messages there (to our surprise) were received directly by the offices of some of the Members of Parliament we were trying to reach.

What got the most attention wasn't even our doing. On Boing Boing, Cory Doctorow published a quote from Michael Geist's article about the copyright lobby's attempts to remove the anti-malware provisions of C-27, and that got picked up. In other words: what worked best was traditional, one-to-many news about an exciting and urgent topic—updated in format, but not in form.

While email between human beings lives on, it's possible that bulk email is dying, as older publishing paradigms—now supported by new technology—repeatedly prove themselves much more effective for broadcast communication.

(This article was originally published at cauce.org.)

Written by J.D. Falk, Director of Product Strategy at Return Path

Follow CircleID on Twitter

More under: Email, Spam

Google plans to upgrade its YouTube video streaming Web site to provide support for IPv6, a long-anticipated upgrade to the Internet's main communications protocol. Google already supports IPv6 with its Search, Alerts, Docs, Finance, Gmail, Health, iGoogle, News, Reader, Picasa, Maps and Wave products. Google's Chrome operating system—whose source code was released this week—supports IPv6, as does its Android platform for mobile devices.

Read full story: Network World

Follow CircleID on Twitter

More under: IPv6

Some members of Congress have gotten extremely upset about peer-to-peer filesharing. Even the New York Times has editorialized about the issue. The problem of files leaking out is a real one, but the bills are misguided.

Fundamentally, the real issue is that files are being shared without the user intending that result. This is not a weakness unique to peer-to-peer software; more or less any mechanism for publishing files can do that. The real problem is that the targeted software—whatever it is; the news stories full of outrage haven't identified which package or packages are implicated—is bad software, either because they share files the user hadn't intended or because they make it too hard for the user to understand what will happen. Given the sub rosa nature of much peer-to-peer software, perhaps this is not surprising; developing good software is remarkably difficult. Perhaps Congress should instead decriminalize sharing of music and video…

I digress. The real issue I'm addressing is bad legislation. Quite apart from my general concerns, the bills are just poorly drafted.

The first bill, H.R. 1319, is in many ways more reasonable: it mandates notice to the user of what is happening, and bars software that is difficult to remove. However, it stumbles badly when trying to define peer-to-peer software:

the term `peer-to-peer file sharing program' means computer software that allows the computer on which such software is installed--

(A) to designate files available for transmission to another computer;

(B) to transmit files directly to another computer; and

(C) to request the transmission of files from another computer.

As best I can tell, any web browser is covered by that definition.

The newer bill, H.R. 4098, does a much better job on a workable definition, though it's fun to try to twist it into knots, too. I particularly like the way software "designed primarily to operate as a server that is accessible over the Internet using the Internet Domain Name system" is not covered; who would have thought that the DNS had such mystical shielding properties?

The problem with H.R. 4098 is that it bans the wrong thing. Yes, NASA's use of BitTorrent would be permitted because it is "instrumental in completing a particular task or project that directly supports the agency's overall mission", but NASA employees probably wouldn't be allowed to download such files on their home computers because the bill seeks to block "the download, installation, or use by Government employees and contractors of such software on home or personal computers as it relates to telework and remotely accessing Federal computers, computer systems, and networks". In other words, you can either view such files or you can save the government money by using your own computer to work from home.

I should add a personal disclaimer: I, like most professors in the sciences and engineering, receive substantial government grants and contracts; that technically makes me a government contractor, as best I can tell. Am I covered? My students who receive stipends from such grants?

For those who are wondering if this bill is really just another ploy by a paid shill for the content industry, campaign finance records do not seem to support the notion. According to OpenSecrets.org, while Rep. Towns (the introducer) did indeed receive considerable campaign funding from from PACs associated with content owners, he has also received a lot of money from PACs associated with companies like Verizon that have not been particularly sympathetic to the content industry's demands. I do not think that that claim is supported by the data.

Overall, what we have here is too much firepower being aimed in the wrong direction. If the incidents are taking place from home computers, the solution is to provide government employees with the government-owned equipment—and government-provided software, support, and system administration—to let them do their jobs properly. Using poorly managed or maintained machines carries many more security risks than just peer-to-peer software; I could make a very good case that such software is the least of the security problems. If the incidents have taken place on office computers, the issue is really a management problem: employees are making more than the normal and acceptable de minimus personal use of their employer's equipment. There is also likely a problem with the quality of systems administration in such organizations. Again, those issues pose many more risks. These are real problems; focusing on peer-to-peer software won't address them.

Written by Steven Bellovin, Professor of Computer Science at Columbia University

Follow CircleID on Twitter

More under: DNS, P2P, Policy & Regulation

Since 16th Nov 09 Applications Processing for IDN ccTLDs Fast Track has been started. The countries and territories who are using non-English Language (nationwide) for official documentation or for community, are eligible to apply for a new country code top level domain name (ccTLD) in their own Native Language through a designated manager. Designated Manager has to submit online application to M/s ICANN for the new name script. Name Script should be meaningful, minimum 2 letter and maximum 63 letters long.

Native Language Community will be able to register their domain names within the next 6 months.

In first round, maximum 50 IDN ccTLDs Applications are expected. However, Designated Manager has to decide the Name Script minimum characters which can serve the purpose. for example ???? ??????? ???????? do not have any short abbreviation to represent the name of their country. However like Pakistan, it has ???. (.PAK) instead of using full name ???????. abbreviation may reduce the losses of about 1000 men hours daily.

Written by Imran Ahmed Shah, IT Consultant

Follow CircleID on Twitter

More under: Domain Names, Domain Registries, ICANN, Internet Governance, Multilinguism, Top-Level Domains

Spam is not about who sent it, it's about who benefits from it. For a moment forget everything you know about filters, zombie PCs, firewalls, spoofing, viruses, beisyan algorithms, header forgery, botnets, or blacklists. These are all methods for sending spam or preventing spam delivery. None of these explain why spam is sent and for far too long all the attention has been paid to the effects and not the driving force. Under the endless onslaught of junk mail it is easy to feel that the goal of the game is send spam and annoy us all. But this isn't the goal. The goal of spam is a transaction. Motivation not method.

A transaction in this sense could be many things. It can refer to the traditional meaning of the word: someone voluntarily exchanging some kind of money for a product or service, like buying illicit products from shady. In terms of cybercrime it can also refer to the involuntary exchange of information, like the reveal of a password, credit card, or bank account information. It could mean that a virus was installed on your pc that opens it up to abuse. An email recipient could follow a link charges and advertising account, click-fraud. Or, a transaction could simply be that the recipient of the spam comes to believe that something is true and then acts on it. Examples of this being stock spam and urban legends. A consumer believes that a stock price will increase so they buy some. An email user believes a chain-hoax to be true so they forward it to more people. Sending spam is not a transaction, it's just an advertisement. The transaction only occurs when the spam recipient takes action or provides money, information, or access.

There are two broad categories of spam emails: ones that advertise a URL and ones that do not. Stock spam, degree mills, and advance fee scams (so-called 419 or Nigerian scams). For the purposes of this discussion we're focusing on the URL-based spam.

Transactions for products and services occur at websites. There is certainly a diversity of products advertised in spam but far and away the number one item: Drugs. Not heroin, cocaine or marijuana but illicit pharmaceuticals. This should not come as a surprise to anyone as Viagra has become synonymous with spam and vice-versa. But it's not just lifestyle drugs. Painkillers, psychotropics, anti-depressants, diabetics, and pretty much any drug that requires a prescription are being sold on domains sponsored by ICANN Accredited Registrars. The only problem here is that these drugs are being sold without a prescription. No, the drugs do not come from Canada. Even though "Canada" is a favorite term for these websites the pills come from Turkey, Serbia, Moldova, and India. The medicine may be real or it may not be, but anyone consuming them is risking their health as well as giving money to organized crime.

Spam offers everything from septic tanks to prostitution, but illicit prescriptions are most of the problem. Rogue pharmacy is now at least at $100 Billion illicit industry and the Internet is driving its growth with absolute impunity.

Criminals hire spammers to promote websites where drugs are sold illegally. Because spammed websites are quickly discovered and complained about they are often taken down soon after a spam campaign. To deal with this problem drug traffickers use multiple layers of linked and redirected domains that are not spammed, stay intact and endure. Spammers may in fact be the Registrars best customers. Whereas the ordinary business may buy one or two domain names, spammers buy thousands and then dump them. The Registrar can then resell the defunct domain names, so they get paid twice for the same item.

Some reading this may think that Registrars are the fall guy here as it is impossible to track the activity of the thousands of domain names they sponsor. Problem is, they have been specifically informed of which domains are conducting illegal activities multiple times. Some might wonder then who is KnujOn to tell a Registrar about fake pharmacy domains? Actually, our reports have been endorsed by the National Association of Boards of Pharmacy(NABP), The National Center on Addiction and Substance Abuse at Columbia University (CASA), The American Pharmacists Association (APhA), and the Partnership for Safe Medicines.

Regardless of our endorsements, if a Registrar receives information of an illicit pharmacy site sponsored by them from any consumer and does not investigate and terminate, that Registrar is now aiding criminals. If a Registrar continues to accept payment from the domain owner after being notified, they are then receiving money from organized crime.

Bottom line is that the Registrars have the authority and technical ability to terminate a domain, even though many claim they do not. Registrars have the power to stop rogue pharmacy domains. The illicit networks rely on stable domains just like any other business. However, until the Registrars are told to stop sponsoring illicit drug traffic they will continue to do so. It is a ridiculous dance that cannot go on much longer. This farce is going to come to an end. No more pointing fingers at the ISPs only, terminating a domain breaks the spam link and closes the transaction platform.

Written by Garth Bruen, Internet Fraud Analyst and Policy Developer

Follow CircleID on Twitter

More under: Cybercrime, Domain Names, Domain Registries, ICANN, Internet Governance, Law, Policy & Regulation, Spam, Top-Level Domains

On the final day of a four-day meeting, most government representatives expressed support for renewing the Internet Governance Forum's five-year mandate which ends next year. China did not. Chen Yin, the head of the Chinese delegation to the Internet Governance Forum, said yesterday that the IGF's mandate should not be continued without reforms. Below is the full text of his statement, taken from the official transcript here [PDF]. Video (with bad-quality audio in Chinese) can be found on YouTube here. I've added a few links so that the acronyms will make more sense to people who aren't professional Internet governance wonks:

Thank you, Mr. Chairman.

The Chinese delegation has noted that as mandated by WSIS, IGF has conducted productive and effective activities in promoting dialogue and exchange among the multi-stakeholders, and will conclude its mandate within its five-year life span. We would like to congratulate and appreciate the excellent work done by IGF Secretariat, MAG, and all the hosting countries including Greece, Brazil, India and Egypt. Meanwhile, we would like to point out some of the IGF shortcomings, as described following.
First of all, the current IGF cannot solve in substance the issue of unilateral control of the critical internet resources.

Secondly, the developing countries are lack of resources for participating in IGF meetings, and the priority of development agenda has been downplayed, which made IGF lacking of broad representation.
Thirdly, the issues discussed in IGF have duplicated a lot with the work being explored and covered by other UN agencies and international organizations.

Therefore, Chinese delegation think, without reform to the IGF as it is, it is not necessary to give the IGF a five-year extension. In the meantime, we noted that relevant parties, developing countries in particular, hope that internet governance issues could be discussed at the U.N. level. We support the views of Saudi Arabia and other developing countries in their proposal to set up the Enhanced Cooperation mechanism within the U.N. framework.

In our view, if the mechanism of Enhanced Cooperation needs the extension of IGF for the purpose of exchanging views among multi-stakeholders, IGF should carry out reforms in the following ways.
First, the future IGF should, in accordance with the provision of Tunis Agenda, focus on how to solve the issue of unilateral control of the critical Internet resources.
Secondly, the representation and voices of the developing countries should be increased in the IGF, and the development issue should be placed as the first priority.
Thirdly, we should seriously consider the possibility of incorporating IGF financing into the regular U.N. budget, and provide assistance to developing countries for their participation in the IGF meetings.
Fourthly, we should follow rigidly the Tunis Agenda so that the reformed IGF should not duplicate the work and mandate of the other organizations.

Fifthly, a Bureau should be set up with a balanced membership of various parties and geographical regions, and its term of reference and rules of procedures should be formulated by the United Nation.
Sixthly, on tenure of the future IGF, we deem it necessary to review the extension of the IGF every two or three years.

In the view of the Chinese delegation, the setting up of a mechanism for Enhanced Cooperation with a reformed IGF will effectively promote the global Internet governance process and facilitate the achievement of Millennium Development Goals.

Thank you, Mr. Chairman.

Written by Rebecca MacKinnon, Assistant Professor, University of Hong Kong

Follow CircleID on Twitter

More under: Internet Governance

ICANN has opened their new fast track process for "countries and territories that use languages based on scripts other than Latin" to get domain names that identify the country or territory in its own language. It's not clear to me what the policy is supposed to be for countries whose languages use extended Latin with accents and other marks that aren't in the ASCII set.

Any country that uses an extended Latin character set can use extended characters in 2LDs right now, and I can't offhand think of any whose current unaccented two-letter ccTLD isn't an adequate mnemonic for their name. But let's say that Serbia feels that .RS is kind of lame, so they apply for and get .?????? which is perfectly reasonable, since that's the Cyrillic character set.

Then Romania decides that .RO is too generic, so they ask for .România with the circumflex over the â, as it is properly spelled in Romanian. That's an IDN, so how can they say no?

Hey, say the Hungarians, they got their country names, we want .Magyar. Oh, no, that's ASCII, that will be $185,000 and a highly uncertain multi-year process. Really?

Written by John Levine, Author, Consultant & Speaker

Follow CircleID on Twitter

More under: Domain Names, ICANN, Multilinguism, Top-Level Domains

Paul Wilson, Secretary-General of APNIC, was correct when he reminded the panelists of the IGF2009 workshop "Adopting IPv6: What You Need To Know” that "countries don't typically get IP address allocations, network service providers do".

The ITU stills seems to cling to the notion that countries get IP blocks, as that is the driver for Resolution 64, which in turn is the basis for a study commissioned by the ITU which recommends the implementation of Country Internet Registries as competition to the Regional Internet Registries.

The ITU staff member who spoke about Resolution 64 told us tell us that some ITU members feel "everything is perfect" in relation to IPv6 address distribution, and that nothing should change. However some other member states, particularly those from the developing world want some changes. My question to her (if that workshop had had remote participation available) would have been: "Which developing countries asked for this and when?"

Her rhetoric was straight out of the pre-WSIS era, like the last 5 years of capacity building around these issues haven't happened. The first thing that struck me as not being current was her statement that "GAC statistics show that developing countries representatives are relatively low and in the RIR [regional Internet registry] process".

Well, I just took a look at the composition of the GAC, and I see 45 developed nations and 43 developing countries who have GAC seats. (I used a very generous definition of "developed countries" BTW, so it's possible that by others definitions, emerging economies have more representation in the GAC than the developed world). The second part of that statement is untrue by definition, here in Africa, and I suspect, in other parts of the world. In other words, it seems obvious that in the AfriNIC Policy Development Process for example, we should hear mostly African voices participating in IP address policy making. In fact, this is the case, as I am sure is true in the LACNIC and APNIC regions.

My feeling is that if countries (as nation states) want to participate in the IP address policy communities, then they should make sure their employees become involved (as they have clearly done in the GAC). In any case, the idea that developing countries are not represented in the policy development process (PDPs) of the RIRs is nonsensical. Having more localized representation and regional self determination regarding policies is the reason we have the 2 newest RIRs.

Bringing the IP address PDPs closer to the people (on a national level instead of a regional level) is one reason cited by Professor Sureswaran Ramadass, to develop Country Internet Registries in his study commissioned by the ITU. Conveniently enough, the study calls for the ITU to be the "Alternative RIR" but for a global region (oxymoronic, I know). The problem with the notion of putting nation states in charge of IP address policies is that there is no guarantee that these states would build PDPs that are open, transparent and bottom up, as is the case with the current RIR PDPs. In Africa, decisions made by governments are usually made behind closed doors, and unfortunately these decisions are not necessarily made in the public interest, or in the interests of the community of global Internet users. By contrast, the AfriNIC PDP is completely open, transparent and inclusive. Anyone can join and help determine the policies followed by AfriNIC staff and Local Internet Registries.

In addition, once a nation has an telecommunications asset (think frequencies or licenses), as IPv6 blocks would surely be perceived, the tendency is to maximize revenue from that asset. These assets have been traditionally used to protect incumbent telcos and, more unfortunately, to line the pockets of government officials. Dr. Ramadass seems naive when he suggests that country-based Internet registry (CIRs) wouldn't necessarily be publicly owned. Would the ITU allow a non-member Civil Society body to run a CIR when it had an ITU member (usually a regulator or incumbent monopoly telco) in that country?? Would the regulator/government allow such a scheme if there was an asset they think they could monetize? It seems highly unlikely.

Several years ago, one African nation I am familiar with, even mooted the idea that ISPs MUST get their IP addresses from the regulator. Scary, but true, and I'm afraid this would become quite common.

Professor Ramadass' main thrust was that Internet users have matured, they want a choice. "Right now we have a single choice, and choices is what we are asking for." What he seems to ignore, or not understand, is that users get their addresses from their ISP who acts as a local Internet registries (LIRs). As long as Users have a choice of ISPs, then they have choice in selecting IP address provider, of course, what they are buying is not IP addresses, but IP connectivity. Dr. Ramadass misses this (or completely ignores it) or perhaps its just hyperbole when giving a presentation, but the idea of end user choice when selecting an IP address registry means decoupling IP address assignment from connectivity. In this document, the end user in his plan gets their IP addresses from their ISP, so perhaps it was just a rhetorical flourish.

It wasn't his strangest however, that was "Can any of you tell me you would only like to buy from one shop? Can any woman tell you that?" It doesn't matter if you are an end user or an ISP, one doesn't BUY IP addresses, one leases them for the duration of an allocation or assignment.

Another bombshell of his: "Why don't the 5 RIRs compete." Instead of competition between the RIRs, we have cooperation, collaboration and coordination. I will leave it as an exercise to the reader to determine which is better for the Internet as a whole. Of course, If you are a global organization, you CAN get allocations from different RIRs for business units in those distinct regions, but these (relatively few) cases aren't really seen as competition between the RIRs.

When talking about conservation of addresses he implied that address blocks are given out to all that apply: "that means my son could go on the net, put up an application and get a /32" Now that is weird. Of course his son could get a /32, IF he could meet the criteria in his region. He would have to prove he had a legitimate business, via company registration documents, become a member of the RIR, pay his dues as a member and describe in his application how the address block would be used. It's not like IP blocks are just given out willy-nilly. However, his proposal would open up the field to just such abuse, as there is no guarantee that CIRs would follow the strict application processes that the RIRs use.

Local Internet Registries must agree to follow the rules of the RIR. Dr. Ramadass suggests that enforcement of this is too big a task on a regional level, it should be done locally. That is the beauty of the LIR, it does the local education and agrees to enforce the regional policies at the local level when it becomes a LIR. LIRs also do the functions he mentions would be done by a CIR (systems, training, helpdesk). LIRs help their customers with the often arcane knowledge regarding routing and DNS reverse delegation procedures and they can do it in their local language. The burden of setting up CIRs for developing countries would be onerous and very difficult, as engineers would have to be lured from the private sector or given extensive training. Who would pay for this? The ITU? This training is already being done by AfriNIC and AfNOG to LIRs. Would we replicate the AfriNIC training course 53 times (one per African nation). How about replicating WHOIS services, instead of the 5 RIRs providing WHOIS service, would we have hundreds of entities doing this? This all strikes me as an extraordinarily inefficient use of scarce resources.

Prof. Ramadass also claimed that CIRs would localize websites, so that people could understand IP address policies in their own language. If one looks at African regulators websites, one doesn't see much evidence of this at all in regards to telecom policy, so this is a dubious claim at best. However, RIRs in the developing world do offer helpdesk services and training courses in multiple languages. Here in Africa for example, you can go to an IPv6 training course in French or English. if the ITU really wants to help deploy Ipv6 in the developing world, perhaps, as mandated in Resolution 64 they could financially support these multilingual training courses and existing RIR meeting fellowship programs instead of funding self serving "studies".

The APNIC region, where Dr. Ramadass is from, has actually tried this model, which as Izumi Aizu pointed out in the workshop, hasn't met with the greatest success. If I remember correctly, the APNIC community decided years ago to phase out this model. The study acknowledges this saying;

"Currently APNIC has a structure called NIRs. However, the uptake of the NIR model has been very limited. Currently, the existing NIRs essentially process and approve IP address requests made by their countries ISPs and organizations. The address allocations however, are directly made by the respective RIRs and not by the NIRs themselves."

So if it has been tried and failed, what is the motivation for trying again? It would be very interesting indeed to see the documentation on which ITU member states are calling for this kind of system.

In the workshop Dr. Ramadass gave the impression that /32s would be allocated by the ITU to CIRs, but in the document cited above, it seems that the plan is to give CIRs each a /24. Perhaps the document I found is an earlier version. Whatever the case, this plan would lead to greater fragmentation of address space and routing table bloat. This puts undue burden on ISPs in the developing countries who may not be able to afford the "big iron" that ISPs in more developed parts of the world routinely buy. Experts in the field gave excellent background briefings on Internet routing economics in various IPv6 workshops at the 2009 IGF, so I won't belabor the point, except to say that when the study commissioned by the ITU says:

Both the RIR and CIR model follow addressing hierarchy and strive for address aggregation. Irrespective of the RIR or CIR model, address aggregation purely depends on the address allocation algorithm and policies followed.

It ignores the deleterious effects that multiple hierarchies, allocation algorithms and policies differences would have on Internet routing.

All in all, it seems to me that when Dr. Ramadass claims that this plan would have no change on the "integrity, sustainability and routability." of IP address distribution, he is blind to the the negative impacts that the actual implementation of this plan would have in Africa and other parts of the developing world.

A woman from the Nigerian regulator made a great intervention after the presentation on CIRs. She mentioned that there is only one place to get frequency (from the ITU) and this makes for a stable and reliable system of allocation. She noted that in order for such radical change in IPv6 allocation processes to be justified, there must be an ongoing market failure. Clearly the RIRs have not failed in this regard, as the ITU has not failed in spectrum allocation.

If the ITU continues to press this idea, perhaps we Internet users should demand competition in spectrum allocation as well!

Written by McTim, IP Resource Consultant

Follow CircleID on Twitter

More under: DNS, Internet Governance, IP Addressing, IPv6, Policy & Regulation, Regional Registries

Gadi Evron reporting today on Dark Reading: "A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles—it's about how cell phone and computer attacks were used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however. The article describes several issues and that in my opinion confuses what matters..."

Follow CircleID on Twitter

More under: Cyberattack, Security

The ICANN Board, at its October 2009 annual meeting in Seoul, passed a resolution directing staff to prepare an analysis regarding the feasibility of ICANN soliciting Expressions of Interests (EOIs) from prospective applicants for new Generic Top Level Domains (gTLDs). ICANN staff subsequently opened a public forum seeking input from the community on a number of questions. While this latest initiative should not distract ICANN from the remaining four overarching issues, if well executed, this EOI initiative could provide valuable insights into two of the four overarching issues: economics and root scaling. But if executed improperly, this EOI initiative will likely erode confidence in the new gTLD process and negatively impact ICANN's evaluation in the upcoming reviews under ICANN's new Affirmation of Commitments.

Let's Have a Bottom-Up, Not Top-Down Process

One of the core principles enshrined in the ICANN model is the bottom-up consensus-driven process. This process, however, is a double-edged sword: While inherently noisy, contentious and time consuming, when consensus finally emerges from this cacophony of competing voices (public and private) the results are generally well founded principles and policies that respect the global public interest. As ICANN moves forward with the Seoul EOI resolution, the legitimacy of its final action must learn from the same bottom-up community consensus processes that were followed in the 2000 Proof of Concept new gTLD round and the more recent Internationalized Domain Names (IDNs) ccTLD Fast-Track round.

A full copy of the article is available below or as a PDF document from the PFF website.

Written by Michael D. Palage, Adjunct Fellow at The Progress & Freedom Foundation

Follow CircleID on Twitter

More under: DNS, Domain Names, Domain Registries, ICANN, Internet Governance, Top-Level Domains

ISOTF Critical Internet Infrastructure WG is now open to public participation.

The group holds top experts on internet technology, critical infrastructure, and internet governance, from around the globe.

Together, we discuss definitions, problems, challenges and solutions in securing and assuring the reliability of the global internet infrastructure, which is critical infrastructure for a growing number of nations, corporations and indeed, individuals—world wide.

The group started as a closed and private forum, to discuss technical and operational risks, as other venues limited discussion of critical internet resources to politically charged subjects such ascontrol of ICANN and ARIN, thus overshadowing other important aspects.

As of November 18th 2009, the list is open for public access, to advance public awareness of the issues, and bring new talent on board.

The group is hosted by the ISOTF, but is governed by members.

Note: SCADA, network operations, and other related issues should be discussed in the appropriate forums, elsewhere. This group deals with the internet.

To subscribe: http://isotf.org/mailman/listinfo/cii

Gadi Evron for ISOTF-CII-WG.

Written by Gadi Evron, Security Strategist

Follow CircleID on Twitter

More under: Access Providers, Cyberattack, Cybercrime, DNS, DNSSEC, Domain Names, ICANN, Internet Governance, IP Addressing, IPv6, Security

In an interesting move several members of the ICANN community formed an "informal" Working Group to discuss the concept of "expressions of interest" in new Top-Level Domains (TLDs). This all happened very quickly, which is more or less the opposite to how most ICANN related activities progress.

Yesterday the group submitted its report/paper to ICANN.

The report, which runs to about 11 pages, is concise and seems to have covered most of the areas of interest. What's also interesting to note is that the people involved came from a variety of areas and probably give a reasonably good cross-section of the ICANN community.

If you have a few minutes the document is definitely worth reading and is a nice example of how a group of people can get things done quickly and efficiently when needed.

Now if only the rest of the ICANN processes were this quick to reach consensus!

(Maybe pigs flying is more likely!)

Written by Michele Neylon, MD of Blacknight Solutions

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

The Internet Governance Forum is winding down today in Sharm El Sheikh, Egypt. There have been a lot of very constructive conversations in workshops and panels over the past four days about how to advance security, privacy, child protection, AND human rights and free expression on the Internet. Unfortunately, the biggest headline coming out of the forum so far has been an incident on Sunday in which a poster promoting a book about censorship by the Open Net Initiative was removed by U.N. security. See reports by the BBC, the Associated Press, and the ONI's FAQ on the incident. Also see a YouTube video of the incident, and video of IGF Chairman Markus Kummer explaining the incident.

Kummer said in his briefing that the UN has a "no-poster policy," although various other posters have in fact appeared at various times throughout the conference. One example here. According to those present during the ONI incident, the reason for the poster's removal given by U.N. security officials at the time was that a U.N. member state had complained about it. Given that the poster mentioned Chinese Internet censorship, we can guess which member state objected.

The Chinese government made it clear earlier this year that they do not want the IGF to continue. Veteran IGF attendees have pointed out that there has been no Chinese-organized panel or workshop this year, in contrast to previous years. In conversations in the corridors with some participants from Western governments and other organizations, a number of people have expressed concern that China is feeling alienated. Nobody is sure what China's next move will be, and there is worry that the Chinese government may ally itself with some other governments in a move to end the IGF after its initial five-year mandate expires next year.

In a workshop about governance of social networks on Tuesday afternoon, I raised a number of specific examples of how various governments are moving to stifle free expression by their citizens on social networking websites through a variety of censorship and surveillance measures. I also raised other problems that some human rights activists in specific countries have encountered when using social networks to document human rights violations or organize political movements: they sometimes get their accounts shut down by company administrators because their images documenting human rights abuses are too violent or the pattern of their political organizing activity is too similar to spamming. Examples included:

• China's system of censoring blogs and social networking services: Overseas services like Twitter, Facebook, YouTube, Flickr, Blogspot, and the like are blocked in China. As a result most people in China use social networks and blogging services run by domestic companies which are held liable for everything their users post on their services. These companies end up having to set up up entire departments of employees whose job it is to monitor and censor all user-generated content on their services. Foreign companies wanting to create localized versions are expected to do the same. MySpace is one company that ended up doing so, though many other companies—including Facebook—have opted for now not to set up censored versions of their services inside China, despite the fact that this denies them access to a large user base, because they are uncomfortable getting so deeply into the censorship game.
• South Korea's real-name registration system, which caused YouTube to disable video uploads and comments on YouTube Korea. Google was concerned that hosting such data domestically inside Korea might cause the company to violate the Global Network Initiative's principles on free expression and privacy, which Google has committed to uphold.
• Egyptian blogger and journalist Wael Abbas used YouTube to document human rights abuse and torture by the Egyptian police, and got his account suspended by YouTube administrators because they thought he had violated Terms of Service banning "gratuitous violence."
• Grassroots political activists in a range of countries from India to the United States have had their Facebook accounts suspended because Facebook's automated systems thought they were spammers.

This afternoon (4pm local time, 9am EST, 9pm Beijing) I will be speaking on a plenary panel about social networks. I and the other panelists have been told very clearly by people in charge that we can't mention specific U.N. member countries, and we're discouraged from "naming and shaming" any other kinds of specific entities as well. It's going to be rather difficult to discuss emerging issues related to social networks without being able to give any specific examples of specific countries and companies. More broadly, it's rather difficult to make progress in global Internet governance without being able to discuss specific cases in the public meetings, or applying any value judgments to what any of the actors are doing. But that's the United Nations for you. Last night I considered whether it even made sense for me to remain on the panel. I decided to stay on it because I hope that I can get a message across—albeit generically—about free expression concerns on social networks, and how the Global Network Initiative is one way to help companies navigate these concerns.

For what it's worth, live video of the session will be here.

Written by Rebecca MacKinnon, Assistant Professor, University of Hong Kong

Follow CircleID on Twitter

More under: Censorship, Internet Governance

Geoff Daily reports today on the App-Rising.com: "A new model is emerging in Brigham City, a city of less than 20,000 in northern Utah, for how user-owned open fiber networks can be financed and deployed. It used to be that the only way you could get fiber was if you were lucky enough to have a private provider lay it or to live in a city that did it itself. Today in Brigham City, for $3,000 you can buy your own fiber. And in fact more than 1,600 local residents have already bought in to this new opportunity."

Follow CircleID on Twitter

More under: Access Providers, Broadband, Telecom

The fifth-annual survey of domain name servers (DNS) on the public Internet—called a "Pandora's box of both frightening and hopeful results"—was released today by The Measurement Factory in partnership with Infoblox. Cricket Liu, Vice President of Architecture at Infoblox and author of O'Reilly & Associates' DNS and BIND, DNS & BIND Cookbook says: "Of particular interest is the enormous growth in the number of Internet-connected name servers, largely attributable to the introduction by carriers of customer premises equipment (CPE) with embedded DNS functionality. This equipment represents a significant risk to the rest of the Internet, as without proper access controls, it facilitates enormous DDoS attacks."

Following are the key 2009 DNS survey results from the survey—along with positive, negative, or neutral "consequence" ratings—based on a sample that included 5 percent of the IPv4 address space, nearly 80 million addresses.

• NEUTRAL: There are an estimated 16.3 million name servers on the Internet; this represents a 40% increase in 2 years likely due to an explosion in the population of "non-traditional", proxy DNS servers embedded in broadband access devices or customer premises equipment (CPE).
• VERY DISTURBING: 79.6% of the name servers are open to recursion; this represents a 27% increase in the last 2 years, likely related to the increase in proxy DNS servers in CPE. Unfortunately, all these name servers can be used maliciously to execute DDOS attacks, posing a significant threat to the Internet.
• POSITIVE: Percentage of Microsoft DNS Servers is now almost negligible at .37%; this is likely due to greater awareness of the risks of exposing Windows computers to the Internet.
• POSITIVE: Percentage of zones with one or more name servers open to zone transfers decreased to 16% from 31% (in 2008); administrators are paying closer attention to configuration of external DNS servers, realizing that they need to configure ACLs to prevent zone transfers, which can leave them open to DOS attacks.
• POSITIVE: The number of DNSSEC signed zones increased significantly—by approximately 300%; this indicates that momentum in DNSSEC adoption is increasing. This could be the result of greater awareness and adoption due to the Kaminsky vulnerability last year and support for DNSSEC signed in parent zones (.org).

Related Links: Executive Summary, Press Release

Follow CircleID on Twitter

More under: DNS, DNSSEC, Security

At today's "Managing Critical Internet Resources” session of the Internet Governance Forum 2009, the ITU agenda on taking a role in IPv6 distribution once again reared its ugly head.

In a heated exchange, Professor Dr Sureswaran Ramadass, the Director of Nav6 an ITU consultant/fanboy squared off with the new ICANN CEO about competition in IPv6 address distribution. It seems clear that the ITU hasn't given up their hope of becoming a player in distributing IPv6 addresses to their members.

His question, setting off the contretemps, was "Since there are so many IPv6 addresses, why can't we have additional organisations giving it out?" (start at about the 53rd minute of this video)

The answer, of course, is that we CAN have additional organisations, but we SHOULD NOT. There is a policy in place for developing emerging RIRs, the ITU however just doesn't meet the criteria.

These criteria were conveniently summarized for the ICANN Stockholm meeting

I doubt that the ITU could get any objective observer to think that they could meet these criteria, unless they radically changed their way of working of course, which isn't likely.

The reasons we SHOULD NOT have multiple RIRs per continent are various. The first is that RFC2050 (BCP 12) calls for a relatively small number of RIRs, and that they be of continental dimension. Another reason is that it would promote de-aggregation leading to greater bloat of routing tables. In addition, having the ITU set up a registry (or registries) to compete with the existing RIRs would lead to what is known as "RIR shopping". In other words, if a provider didn't like something about the policies set by an RIR community, they could go to an ITU IPv6 registry. This is exactly what Ramadass seems to want. This is generally seen as a very bad idea in the global IP addressing community, as RIR shopping is seen as a way to circumvent the Bottom Up, Transparent, Open, Consensus driven (my acronym for this is BUTOC) way that RIR communities make IP address policies.

The biggest applause of the whole exchange was saved for Dr. Nii Quaynor, the Dean of the African networking community, when he pointed out that he was very happy with the way the RIR system works, as it allows Africans to set their own policies in an open and transparent way, and this multistakeholder self determination is a positive step in development, and any change in this way of collective working is not in the interest of Africa, developing countries, or in the interest of a single Internet.

Written by McTim, IP Resource Consultant

Follow CircleID on Twitter

More under: Internet Governance, IPv6, Policy & Regulation, Regional Registries

Reported today on BBC: "Police chiefs are urging people looking for work during the recession to be alert to online scams that trick them into laundering money. The Serious Organised Crime Agency (Soca) says websites are currently being used to recruit 'money mules'. The 'mules are ordinary people who send and receive payments through their bank accounts to facilitate business."

Neil Schwartzman has also informed us of a related report by RSA FraudAction Research Lab based on several months of tracking various reshipping scams engineered by online fraudsters.

Follow CircleID on Twitter

More under: Cybercrime, Law, Security, Spam

The success of smart phone, in particular the iPhone, is both a blessing and a curse for the mobile operators. On the one hand it has broken into the monopolistic business models used by most operators and has most certainly loosened part of their stranglehold; on the other, these phones have increased usage on their networks.

But these cracks are going to continue and will eventually lead to similar structural changes in the mobile industry to the ones we are currently experiencing in the fixed market.

While AT&T banned the Google phone from offering VoIP services over the network, this triggered the FCC to act, and the outcome will most likely be that mobile carriers in the USA will not be able to stop VoIP usage over their networks. This will very seriously undermine the lucrative voice call business models of the mobile operators and will eventually force them to open up their networks. This, in turn, will then completely transform the mobile market with an explosion in IP-based services.

But as the current networks would not be able to cope with such increased traffic we will have to wait till 2012-2015, until 4G services such as LTE can deliver a fully IP-based infrastructure that will allow for mass use of these applications over the network. By that time most of the mobile backbone networks will be linked to fibre optics as well and we could see the final arrival of the long promised fixed-mobile convergence.

Of course most mobile operators are in denial over these changes, as the fixed operators have been for a long time. However it will be interesting to see if the mobile operators are able to stall progress for as long as the fixed networks have been able to do so.

The question is also whether this ongoing stalling of these innovations will work in favour of the operators. While it will certainly provide them with a short-term advantage, change is inevitable in the longer term.

While mobile virtual network operators (MVNOs) are slowly becoming slightly more relaxed most of them are still using simple resale models with very low margins, which prevent any serious growth for these operators.

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Mobile, Telecom, Wireless