News and Updates

Cuba Reaches Five Million Mobile Accounts

Domain industry news - Thu, 2018-04-19 20:43

Active mobile accountsCubans now have 5 million mobile accounts. The five-millionth account was recently opened Guanabacoa, in the eastern part of Havana and we see here that growth slowed last year, but has resumed — perhaps due to increased 3G availability.

Most Cubans have 2G phones, which are used primarily for making calls and sending text messages that may have attached images. As of June 2017, there were 856 2G base stations, covering 75% of Cuban territory and 85% of the population.

Cuba is rolling out 3G connectivity, and ETECSA reports that 47% of the population is now covered and, as of last June, there was some coverage in all provincial capitals and tourist resorts.

The only speed data I have seen was gathered by Armando Camacho who ran a number of 3G speed tests in Havana (near the corner of Patrocinio and 10 de Octubre) and observed ping time to a server in Miami as ranging from 91 to 127 milliseconds, upload speed from .48 to 1.58 Mbps and download speed from .85 to 10.42 Mbps. The latter is fast enough to allow Web browsing and other applications, particularly those like YouTube Go, which are designed for use over slow, expensive connections in conjunction with offline SD-card storage.

Armando observed considerable speed variance, suggesting that others were sharing the same radio or backhaul resources and performance would be frustrating at times. (Have others run similar tests)?

I don't have any statistics, but many Cuban phones are incompatible with ETECSA's 3G service, so users will be stuck with 2G until they get new 3G phones.

Upgrading to 3G technology when 4G is common in many nations and 5G is close on the horizon may sound discouraging, but it makes sense as a stopgap strategy for Cuba since it keeps backhaul load down and phones are cheap. That being said, I hope they are evaluating the possibility of leapfrogging to 5G technology when it matures, and they can afford it.

Written by Larry Press, Professor of Information Systems at California State University

Follow CircleID on Twitter

More under: Access Providers, Broadband, Mobile Internet, Wireless

Categories: News and Updates

The Fight Is on to Save Access to WHOIS: A Call to Action for Brand Owners

Domain industry news - Thu, 2018-04-19 20:23

Late last week, ICANN published the guidance from the Article 29 Working Party (WP29) that we have been waiting for. Predictably, WP29 took a privacy maximalist approach to the question of how Europe's General Data Protection Regulation (GDPR) applies to WHOIS, a tool widely used by cybersecurity professionals, businesses, intellectual property owners, consumer protection agencies and others to facilitate a safer and more secure internet. Unfortunately, comments submitted to WP29, and to Data Protection Authorities (DPAs) directly, detailing legitimate purposes for access to data that serve the public interest, and detailed proposals for accreditation and access to non-public data were largely ignored. The WP29 guidance seems to imply that a fragmented WHOIS system, with no reasonable way to access critical information to facilitate legitimate goals such as preventing fraud and the distribution of malware, is simply an inevitable consequence of implementing the GDPR.

Criticism from the United States Government, the cyber- and operational security community, and business community was swift. On Monday, United States Special Assistant to the President and Cybersecurity Coordinator, National Security Council Rob Joyce tweeted: "EU's GDPR is going to undercut a key tool for identifying malicious domains on the internet. WHOIS database will be noncompliant, or have to purge the data that makes it useful to find bad actors… Cyber Criminals are celebrating GDPR". Joyce's criticism of WP29's analysis echoes security professional Brian Krebs' prediction from April 4, 2018, stating that "the volume of spam, phishing and just about every form of cybercrime is going to increase noticeably. New privacy rules coming out the EU are going to take away the single most useful tool available to security experts: WHOIS." United States Secretary of Commerce, Wilbur Ross also weighed in, imploring the European Commission to take action.

Now that we know the thoughts of WP29, which, after May 25, 2018 (the date that the GDPR goes into effect) will become the European Data Protection Board (EDPB), it is time to fight back, and demand a balance of the right to protect personal information with other fundamental rights. ICANN is currently collecting comments from the community, in preparation for meetings with WP29 in Brussels on April 23, 2018.

Background

ICANN had asked WP29, the data protection and privacy advisory group made up of representatives from the DPA of each EU Member State, the European Data Protection Supervisor, and the European Commission, to give guidance on the "Interim Model for Compliance with ICANN Agreements and Policies in Relation to the European Union's General Data Protection Regulation," (the "Model") which was developed and published by ICANN earlier in the year. ICANN had presented the Model, and its detailed rationale, to WP29 along with an acknowledgment of areas of community divergence, with a special plea to WP29 to guide ICANN on these issues. Among the areas of divergence were prime points of concern raised by the Intellectual Property Constituency (IPC) and Business Constituency (BC) of ICANN, such as the need for continued publication of registrant email address, the global territorial application of the model even where no nexus to Europe exists, and other aspects of the Model which the IPC and BC have identified as being over-compliant with the GDPR. ICANN CEO Göran Marby acknowledged to the DPAs that many in the community provided extensive analysis and legal support to justify continued access to WHOIS for purposes of cybersecurity, consumer protection, and law enforcement and to prevent intellectual property theft, fraud and other malicious activity online.

The Advice

In its guidance to ICANN, WP29 deemed the purposes for WHOIS, as enumerated in the Model, to be insufficiently defined. In its letter, the group cited a previous opinion on purpose limitation, stating "WP29 has clarified that purposes specified by the controller must be detailed enough to determine what kind of processing is and is not included within the specified purpose, and to allow that compliance with the law can be assessed and data protection safeguards applied." The community has acknowledged the need for data protection safeguards (via a Code of Conduct for access to non-public WHOIS, which ICANN has asked its Governmental Advisory Committee (GAC) to develop), but it is surprising to see WP29 call for data safeguards to be developed per every individual purpose - a burdensome exercise for legitimate requestors that would destroy much of the operational functionality of WHOIS.

WP29 also cautioned ICANN to ensure that legitimate purposes contained within its model for compliance relate to ICANN's own mission, defined in its letter as "to coordinate the stable operation of the Internet's unique identifier system." They cautioned ICANN not to conflate its own purposes with the concerns and purposes of third parties, no matter how legitimate. This is, no doubt, a nod to the equally privacy maximalist statements on this issue from the International Working Group on Data Protection in Telecommunications (IWGDPT a.k.a. the "Berlin Group"), a privacy advocacy group made up of DPA representatives, NGO representatives, and members from civil society and the private sector. Last year, prior to the publication of any model for GDPR compliance, and referring to the then-fully-open WHOIS ecosystem, the Berlin Group had questioned whether the role of ICANN allows the organization to take into account any legitimate purpose related to law enforcement or security. Obviously many in the ICANN community are concerned about that statement, and WP29's reliance on it, including the GAC's Public Safety Working Group (PSWG), various security-oriented groups at ICANN, the IPC and the BC. The Berlin Group paper is misapplied to the Model, and is not authoritative. Further, ICANN's role is much broader than that suggested in the Berlin Group paper and subsequently the WP29's guidance. The full mission of ICANN can be found here, in the ICANN bylaws.

WP29 also gave advice related to accreditation for access to non-public WHOIS data, and again stressed the importance of clearly defined purposes with a specific legal basis for access to individual WHOIS data elements.

Notable in its absence, WP29 did not grant, or even mention a moratorium on the implementation of GDPR, which is understandably a primary focus of many within the community at this time, as well as ICANN itself. The May 25, 2018 deadline will remain the number one barrier to ensuring continued access to WHOIS data, as the contracted parties have indicated that the promise of hefty fines for not complying with GDPR will result in over-compliance, in the absence of a more nuanced model that can be quickly implemented. Some contracted parties have already indicated that any model which provides accreditation and layered/tiered access would be impossible to implement by May 25.

Also absent from WP29 guidance was any mention of the distinction between natural and legal persons, and the application of the GDPR in the Model to contracted parties and registrants that are not in the EU, both prime concerns of the IPC and BC.

The Fight

ICANN responded to WP29 just hours after their communication was made public last week, via a letter from Mr. Marby. The letter again stressed the need for a moratorium on GDPR enforcement, emphasized the negative consequences of a fragmented WHOIS system, and clarified the critical importance of ICANN's role in coordinating the global WHOIS system on the overall security and stability of the Internet — an obligation that falls squarely within its mission. Mr. Marby pointed out that fragmented WHOIS would "have a detrimental impact on the entire Internet", pointing out the concerns of law enforcement, cybersecurity processionals, consumer protection agencies, and IP owners. Mr. Marby further stated in his most recent blog that "ICANN recognizes the important of the GDPR and its goal of protecting personal data, but also notes the importance of balancing the right to privacy with the need for information."

ICANN recognized that following the WP29 guidance would result in fragmentation and notably indicated that it is "studying all available remedies, in order to seek clarity in our ability to continue to properly coordinate this important global information resource without fragmentation” (emphasis added). This thinly-veiled threat of legal action is surprising, and welcome. Mr. Marby also wrote that ICANN implores WP29 to "spend more time balancing between the important right to privacy and the need for information," further implying that ICANN is unhappy with the WP29 guidance, and may not intend to follow it blindly. Indeed, Recital 4 of the GDPR clarifies that the right to protection of personal data is not absolute, and must be balanced against other rights and the function of such data in society according to principles of proportionality.

As noted above, United States Secretary of Commerce Wilbur Ross also weighed in, in a recent letter to Věra Jourová, Commissioner for Justice, Consumers and Gender Equality (European Commission), citing the importance of quick access to WHOIS data necessary for intellectual property rights enforcement, cybersecurity and law enforcement. Secretary Ross called for a temporary forbearance from GDPR enforcement on the processing of WHOIS data in order to address these goals.

ICANN is set to meet with the Technology Subgroup of WP29 to discuss these issues further on April 23, 2018. In the meantime, the community has been invited to comment on the WP29 guidance and to make further suggestions to WP29 about compliance with GDPR and accreditation and access to non-public data (including supporting a Code of Conduct which may address some of the DPA concerns about data safeguards). ICANN has assured the community that any information shared with ICANN will be provided to the DPAs, and has suggested that the community also send comments and analysis directly to the DPAs themselves. This response from ICANN indicates that the fight to preserve access to WHOIS data is far from over.

We suggest that businesses, intellectual property owners, consumer advocates, cybersecurity professionals and law enforcement and government representatives marshal additional comments to ICANN and the DPAs further illustrating and impacting the problems that a fragmented WHOIS system would create, and the negative impact it would have for consumers and other Internet users, the ecommerce ecosystem, and the Internet generally. Comments to ICANN can continue to be submitted to gdpr@icann.org and we encourage all community members to weigh in as soon as possible so that feedback can be taken into consideration during the next ICANN meeting with the DPAs on April 23, 2018.

Those affected by this issue should also consider additional steps to ensure continued access to WHOIS, including reaching out to Member States in Europe and other government representatives, considering other actions and remedies through courts and legislatures, and continuing to participate in developing an accreditation and access model for non-public WHOIS. The IPC and BC are holding another community-wide call to discuss the Accreditation and Access Model for Non-Public WHOIS data on April 24, 2018. Interested parties should sign up for that discussion by emailing admin-accred-model@icann.org.

The Intellectual Property Constituency is currently working on comments to ICANN and WP29, and contemplating other additional next steps.

Written by Brian Winterfeldt, Founder and Principal at Winterfeldt IP Group

Follow CircleID on Twitter

More under: Domain Management, DNS, Domain Names, ICANN, Intellectual Property, Internet Governance, Policy & Regulation, Whois

Categories: News and Updates

Large Open-Source Data Set Released to Help Train Algorithms Spot Malware

Domain industry news - Thu, 2018-04-19 20:20

For the first time, a large dataset has been released by a security firm to help AI research and training of machine learning models that statically detect malware. The data set released by cybersecurity firm Endgame is called EMBER is a collection of more than a million representations of benign and malicious Windows-portable executable files. Hyrum Anderson, Endgame's technical director of data science who worked on EMBER, says: "This dataset fills a void in the information security machine learning community: a benign/malicious dataset that is large, open and general enough to cover several interesting use cases. ... [We] hope that the dataset, code and baseline model provided by EMBER will help invigorate machine learning research for malware detection, in much the same way that benchmark datasets have advanced computer vision research."

The liability involved with the availability of such open data sets is something researchers involved with EMBER say they have thought through and that the hope is openness will outweigh the risks.

Follow CircleID on Twitter

More under: Cybersecurity, Malware

Categories: News and Updates

Russia Wipes Out Over 17 Million IP Addresses In Efforts to Block Telegram

Domain industry news - Thu, 2018-04-19 17:50

Post Russia's April 4th blockage of Telegram, increasing number of users in the country are turning to VPNs and proxies to continue their access to the messaging platform. As a result, the government has gone a step further and started blocking every possible way of connecting to Telegram. Over 17 million IP addresses have been wiped out from Google and Amazon's servers resulting in disruption of all types of services from online games to mobile apps or cryptocurrency exchange pages. Enrique Dans reporting in Forbes today: "Roskomnadzor's attempts to block Telegram amount to a denial of service attack on the Russian internet: many sites and services unrelated to Telegram are now blocked as part of this Soviet-style exercise in censorship. ... Telegram continues to operate with relative normality and the company has not detected a significant drop in user activity in Russia. ... Why is the Kremlin putting all these resources into blocking Telegram? The official version is that Telegram refused to provide a backdoor to decipher conversations on the service."

Follow CircleID on Twitter

More under: Censorship, Internet Governance, IP Addressing

Categories: News and Updates

Google Ends Domain-Fronting Feature Used by Censorship Tools

Domain industry news - Thu, 2018-04-19 16:32

A recent change in Google's network architecture has put a stop to a so-called "domain-fronting" feature that allowed services use Google's network to get around state-level internet blocks. Russell Brandom reporting in the Verge: "Google said the changes were the result of a long-planned network update. 'Domain fronting has never been a supported feature at Google,' a company representative said, 'but until recently it worked because of a quirk of our software stack. We're constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don't have any plans to offer it as a feature."

The discontinuation of the domain-fronting service was first spotted by Tor developers on April 13th. Access Now is urging Google to reconsider the shutdown, stating approximately a dozen human rights-enabling technologies rely, in full or in part, on Google's commitment to protecting human rights and increasing internet freedom. Nathan White, Senior Legislative Manager at Access Now says: "Google has long claimed to support internet freedom around the world, and in many ways, the company has been true to its beliefs. Allowing domain fronting has meant that potentially millions of people have been able to experience a freer internet and enjoy their human rights. We urge Google to remember its commitment to human rights and internet freedom and allow domain fronting to continue."

Follow CircleID on Twitter

More under: Censorship, Networks

Categories: News and Updates

.App domains are off to a strong start with brands

Domain Name Wire - Thu, 2018-04-19 13:48

Over 2,000 .app domains have been registered during sunrise.

If sunrise is any indication, Google’s .app domain name is going to shoot out of the gates.

Sunrise began March 29 and there are already 2,225 names in the zone file. During sunrise, only trademark holders that have registered their marks with the Trademark Clearinghouse can register domain names.

I suspect that companies realize this is one of the better top level domain names and are also concerned about phishing and fake apps that could be distributed at these domains.

Apple has been particularly active, registering 75 .app domain names by my count. Microsoft has 41 and Bank of America has 27 .app domains.

Following Sunrise, a dutch auction early access period will begin on May 1. General availability starts May 8.

While there is an opportunity for domain investors, many of the names have premium prices. About 2% of the hundreds of names I searched for did not have a premium.

Also, domain names must have an SSL certificate to resolve.

Google paid $25 million for the rights to run .app.

Full details about the launch are here.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. ShoeMoney Sues Google Employee, Alleging Insider Advantages
  2. .App most popular TLD application, .home, .inc, and .art close behind
  3. Google and Amazon.com backpedal on closed top level domain names
Categories: News and Updates

.Coms Sweep the First 11 Spots to Regain Control of the Top 20 Domain Sales Chart This Week

DN Journal - Thu, 2018-04-19 00:41
Non .com domains took 6 of the first 12 entries on our Top 20 Sales Chart last week but the .coms were back in control this week sweeping 17 of 20 chart entries.
Categories: News and Updates

What domain names The Hill and others bought this week

Domain Name Wire - Wed, 2018-04-18 13:43

A cryptocurrency exchange, nightclub owner and the political site The Hill bought domain names.

I learn about a lot of interesting industries and topics when I review Sedo’s end user sales. For example, this week I learned about pentanomics, a new theory of government. I also learned about safety shoes.

Here are some of the end user domain name purchases completed at Sedo over the past week:

Allbit.com €7,900 – Allbit is a decentralized cryptocurrency exchange.

NightPay.com $7,500 – Rekom Group operates 77 bars, pubs and nightclubs across Denmark, Norway and Finland.

EthereumOdds.com $6,500 – The domain has Whois privacy and is forwarding to a sports betting site that lets users bet with bitcoin.

Usergate.com $5,000 – Entensys Corporation in Russia owns Usergate.ru.

HillTV.com $5,000 – The Hill, a political media company that runs TheHill.com.

SafetyShoes.com $5,000 – HKSDK is a company in Demark that sells “safety shoes” and work shoes.

Penta.org $5,000 – The Pentanomic Institute, which uses the domain Pentanomics.org. They are promoting a new theory of government called pentanomics.

ConcreteDynamics.com $3,000 – Summit Concrete is a concrete company in Kansas City.

MyBookkeeping.com $3,000 – Remote Books Online, a Quickbooks advisor and small business bookkeeping company.

TFPE.com €2,985 – The domain stands for The Funding Partners. It’s an agriculture blockchain company.

Diennea.net €2,500 – Diennea S.r.l. is a marketing company that uses Diennea.com for its website.

RAS.co.uk £2,250 – Retails & Asset Solutions in the UK bought its acronym.

You can see more lists like this here.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Monsanto buys domain name for a new brand (and other end user purchases)
  2. What domain names Business Insider and 18 others bought last week
  3. What domain names Mozilla and others bought last week
Categories: News and Updates

ARIN Seeks Caribbean candidate for Board of Trustees

Domain industry news - Tue, 2018-04-17 19:38

Persons from the Caribbean seeking to contribute to the governance ecosystem of the global Internet can now volunteer for an appointment to the board of trustees of the American Registry for Internet Numbers (ARIN). The call for volunteers will close on April 30 at 5 pm EDT.

ARIN is one of five registries worldwide that coordinate Internet number resources. Its region spans the United States, Canada and many countries in the Caribbean. The move by ARIN is intended to address the absence of any representation of the Caribbean region at the board of trustees.

"This is in keeping with the ARIN bylaws, which allow the board of trustees at its discretion to appoint an additional voting member to the board for a term not to exceed one year so as to provide more diversity in the board's composition," ARIN said in an April 12 online post.

In March, the seven-member ARIN board formed a special committee to recruit and recommend potential candidates for the appointment of an eighth member, from the Caribbean.

It is the first time that ARIN is using its bylaws to improve Caribbean regional representation at the highest level of its leadership. The development appears to be part of a deliberate strategy by ARIN to invest in policies and practices that are more representative of its entire service region.

"We recognise that our policy development process can only benefit from the inclusion of more voices and perspectives from our constituents in the Caribbean," ARIN President and CEO John Curran said at the registry's public policy meeting in San Jose, California last October.

Since then, two women from the Caribbean have been appointed for the first time to ARIN's next-highest decision making body, the Advisory Council.

Advisory Council members voted to appoint Barbadian-born Alicia Trotman for a one-year term, starting January 1. Trotman, a senior administrator at Barbados' national telecommunications regulator, described the decision of the council as "a big step forward for Caribbean representation" at the regional Internet registry.

Jamaican-born Kerrie Ann Richards was also appointed as an interim member to fill the remainder of the unexpired term of David Huberman, who resigned from the council effective November 17, 2017. Richards' term ends on December 31.

In February, to further engage its stakeholders in the Caribbean, ARIN launched an ongoing series of workshops designed to raise awareness of ARIN services and to better understand the needs of the region.

On April 19, ARIN is launching a dedicated Caribbean Forum, which will run in parallel with the regional meeting of the Caribbean Network Operators Group, to be held in Miami from April 18 to 20. The registry has also announced plans to expose an even wider Caribbean audience to its mission and community later this year.

"The needs of the Caribbean can be very different to those of the US and Canada. For number policy decisions to best reflect the entire ARIN Community, those decisions must include perspectives and participation drawn from the Caribbean," said Wooding.

The ARIN call for volunteers to serve on its board of trustees is open to anyone of Caribbean background. No ARIN affiliation or membership is required in order to be considered. But the organisation's website specifies that the desired skill set of potential appointees includes demonstrated leadership experience, relevant board experience, and experience in relevant industry sectors, such as Internet or Telecommunications.

"I am really happy that this has happened, although it is unfortunate that it took so long," said Bill Woodcock, who served on the board for 15 years before voluntarily stepping down at the end of 2017.

"ARIN used this appointment mechanism at the beginning of 2017 to bring a woman onto the board, and in the election at the end of 2017, ARIN members elected a woman for the first time in twenty years. So we've seen that this path works to overcome the almost insurmountable advantage incumbents have in ARIN elections. I think it's completely logical to use it again to solve the geographic representation problem that we still face. I think it's great ARIN is finally moving to get someone from the Caribbean onto the board, and I'm confident that it will lead to the Caribbean being represented in elected seats in the future," he added.

An ARIN board meeting is scheduled to take place during its public policy meeting, to be held in Miami from April 15 to 18.

Written by Gerard Best, Development Journalist

Follow CircleID on Twitter

More under: Internet Governance

Categories: News and Updates

DNS Complexity Lessons

Domain industry news - Tue, 2018-04-17 16:46

Recently, Bert Hubert wrote of a growing problem in the networking world: the complexity of DNS. We have two systems we all use in the Internet, DNS and BGP. Both of these systems appear to be able to handle anything we can throw at them and "keep on ticking."

But how far can we drive the complexity of these systems before they ultimately fail? Bert posted this chart on the APNIC blog to illustrate the problem —

I am old enough to remember when the entire Cisco IOS Software (classic) code base was under 150,000 lines; today, I suspect most BGP and DNS implementations are well over this size. Consider this for a moment — a single protocol implementation that is larger than an entire Network Operating System ten to fifteen years back.

What really grabbed my attention, though, was one of the reasons Bert believes we have these complexity problems —

DNS developers frequently see immense complexity not as a problem but as a welcome challenge to be overcome. We say 'yes' to things we should say 'no' to. Less gifted developer communities would have to say no automatically since they simply would not be able to implement all that new stuff. We do not have this problem. We're also too proud to say we find something (too) hard.

How often is this the problem in network design and deployment? "Oh, you want a stretched Ethernet link between two data centers 150 miles apart, and you want an eVPN control plane on top of the stretched Ethernet to support MPLS Traffic Engineering, and you want..." All the while the equipment budget is ringing up numbers in our heads, and the really cool stuff we will be able to play with is building up on the list we are writing in front of us. Then you hear the ultimate challenge — "if you were a real engineer, you could figure out how to do this all with a pair of routers I can buy down at the local office supply store."

Some problems just do not need to be solved in the current system. Some problems just need to have their own system built for them, rather than reusing the same old stuff because, well, "we can."

The real engineer is the one who knows how to say "no."

Written by Russ White, Network Architect at LinkedIn

Follow CircleID on Twitter

More under: DNS, Networks

Categories: News and Updates

A reminder for UDRP filers: Mess up? You can always apologize

Domain Name Wire - Tue, 2018-04-17 15:27

If a complainant representative isn’t aware of all of the facts, it can always say mea culpa.

Cricket South Africa, an organization behind a professional cricket competition in South Africa in the T20 format, has been found to have engaged in reverse domain name hijacking.

It was a complex case in which the complainant’s attorney likely didn’t have all of the facts. The respondent called out the complainant with the real facts. When it did, rather than apologize, the complainant doubled down.

For that, it was found guilty of reverse domain name hijacking.

The timeline is long and it’s worth reviewing the entire decision. But I’ll summarize here:

1. The Complainant announced plans for its cricket competition.
2. Someone registered t20globalleague.com in response to the announcement.
3. Ortus Sport & Entertainment, acting on behalf of the Complainant, contracts with a third party service (the Respondent) to acquire the domain from the registrant.
4. The Respondent acquired the domain name and sent an invoice to Ortus to forward to the Complainant.
5. The league was delayed and the Respondent didn’t get paid. It never got paid and held on to the domain.
6. The Complainant filed a UDRP against the Respondent to get the domain name.

It’s highly likely that the attorney representing Cricket South Africa was not aware of this series of events. I think this is often the case in UDRPs, even ones that aren’t as complex as this one. In some cases, a company tries to acquire a domain name and then someone else at the company files a UDRP 5 years later.

This looks bad and is often grounds for reverse domain name hijacking. But complainants have an option at this point: presented with evidence by the respondent of its mistake, the complainant can always apologize and not pursue the case any further. Yet they end up either not responding to that information or doubling down.

In this case, the complainant doubled down. It complained of late submissions by the respondent rather than the obvious disparities in its case.

Panelist Tony Willoughby explained:

…when the Respondent was finally able to produce the Complainant’s email to Ortus Sport of September 21, 2017, demonstrating beyond doubt that at that date (nearly four months prior to the filing of the Complaint) the Complainant was indeed aware of that correspondence [ed: showing that Ortus contracted with the Respondent on the Complainant’s orders], the Complainant’s response (in the form of the Complainant’s response to Procedural Order No. 4) was to seek to keep it from the Panel, arguing on a formal technicality that the Panel should not look at it.

At no stage in the course of this proceeding has the Complainant offered any indication of remorse for its lamentable conduct.

Willoughby also explained why it’s not OK for a complainant’s representative to just claim ignorance to what really happened:

The Respondent sought a finding of RDNH in the Response based upon the Complainant’s failure to disclose in the Complaint the September/October correspondence set out in Section 4 above. The Complaint failed to mention that correspondence because the person responsible for drafting the Complaint was unaware of it. Is that good reason for declining to make a finding of RDNH? The Panel does not believe so. Abusive complainants could simply tailor their instructions to their representatives, omitting inconvenient facts [emphasis added]. The Panel believes that it is entitled to assume that before signing the certificate at the end of the Complaint and filing it with the Center, the Complainant’s representative sent the Complaint in draft to the Complainant and obtained the Complainant’s approval to its content, thereby assuming responsibility for its accuracy.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Non-Profit Urban Logic Guilty of Reverse Domain Name Hijacking
  2. Dubai Law Firm Nailed for Reverse Domain Name Hijacking
  3. Telepathy scores $40,000 from reverse domain name hijacking case
Categories: News and Updates

WIPO panel explains a common expired domain occurrence

Domain Name Wire - Tue, 2018-04-17 13:31

A company wanted a domain but failed it capture it when it expired. Then it filed a UDRP against the new domain owner.

A World Intellectual Property Organization panel has provided an unusually descriptive explanation and interpretation of a very common occurrence.

Rolyn Companies Inc. filed a UDRP against the domain name Rolyn.com just weeks after the domain name was sold in an expired domain name auction. The domain was previously used by another company named Rolyn. That another company previously used the domain for its business suggests that the complainant is unlikely to have exclusive rights in that term.

Take a look at how the panel summarized this while inferring that if the complainant wanted the domain, it should have figured out how to buy it upon expiration:

What happened, in the Panel’s overview, is that the Complainant, which owned 8 domain names incorporating the trademark ROLYN, sufficiently desired the disputed domain name in the “.com” gTLD that it offered initially USD 3,000 and eventually USD 10,000 for it. In the circumstances, the Complainant may reasonably be presumed to have been aware that another owner had used the disputed domain name for a long time, in fact for 22 years. It is not for the Panel to comment on how the Complainant runs its business or on the various steps that might have been taken through an agency or by itself to become notified of the impending availability of a desired domain name, e.g., by placing it on permanent “backorder” with domain name auctioneers. Only the Complainant knows why the disputed domain name apparently slipped through its fingers when it came up for recycling, particularly since the Complainant was trying to buy it from the Respondent within only 6 weeks after the auction. It had been bought openly by the highest bidder, by or on behalf of the Respondent. To a degree, the release of an expired domain name carries at least some implication that it is no longer wanted by its presumably unchallenged previous owner and invites the inference by a potential buyer that no other party felt any special entitlement to it. Had the Respondent done a search it may have found, as shown above, the existence of potential buyers of which the Complainant was merely one, and there is the further possibility that a new entity might build its name around an available domain name, rather than vice versa.

I wonder if the part “To a degree, the release of an expired domain name carries at least some implication that it is no longer wanted by its presumably unchallenged previous owner” will come in handy for another common type of case: a company forgets to renew a domain and then files a UDRP against its new owner.

This particular panel went the extra mile an on examining how common the term Rolyn is and how exclusive the complainant’s rights in the term might be.

Kudos to panelists Dr. Clive N.A. Trotman, The Hon Neil Brown Q.C. and Jonathan Agmon.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Porsche.me: Money Down the Drain
  2. Red Bull Can Now Energize Mobile Phones
  3. Non-Profit Urban Logic Guilty of Reverse Domain Name Hijacking
Categories: News and Updates

U.S. government asks ICANN to investigate GoDaddy’s Whois policy

Domain Name Wire - Mon, 2018-04-16 20:59

U.S. gov weighs in on GoDaddy’s Whois policy.

The U.S. government has sent a letter to ICANN asking it to review GoDaddy’s (NYSE: GDDY) activities around blocking access to Whois records.

David Redl, who heads the National Telecommunications and Information Administration, sent the letter to ICANN’s board today asking it to look into the matter.

At issue is GoDaddy’s decision to block access to Whois records through Port 43. A lot of security and brand users use Port 43 to track bad guys, but a lot of spammers use it to harvest Whois records and barrage domain registrants with unwanted emails, texts and phone calls.

Redl writes:

First, the actions taken by GoDaddy last month to throttle Port 43 access and to mask the infonnation in certain WHOIS fields are of grave concern for NTIA given the U.S. Government’s interest in maintaining a WHOIS service that is quickly accessible for legitimate purposes. NTIA is concerned that GoDaddy’s approach of throttling access and masking infonnation will be replicated by other registrars and registries, compounding the problems these actions create.

While NTIA is sympathetic to the need to protect customers from bad actors and malicious activity, we think that the actions taken by Go Daddy are inconsistent with the
multistakeholder approach ofICANN and potentially conflict with ICANN’s Registrar Accreditation Agreement. 1 NTIA encourages you to investigate the actions of Go Daddy as a contractual compliance matter, but also consider an ICANN cross-community discussion on the issue. Such conversation could result in a solution that addresses GoDaddy concerns, while still meeting the needs of the legitimate users of Port 43.

The timing of the letter is peculiar. Although ICANN is under pressure over GoDaddy’s blocking, it’s kind of pointless in light of the possibility that all of Whois will go dark next month as the EU’s General Data Protection Regulation goes into effect. I find it odd that the letter avoids the elephant in the room.

The letter also asks ICANN to consider if companies other than the registrar should be able to make DNS changes at the registry:

With the growing sophistication of domain names registrants and third party content delivery networks seeking to offer enhanced security features, including deploying DNSSEC, NTIA sees merit in examining the roles other parties could play. One example is the feasibility and impact of allowing non-ICANN accredited registrars to offer services that manage specific DNS resource records, such as MX or NS records, directly with a registry.

I wonder who made that ask?

Update: James Bladel, GoDaddy VP of Policy, released this statement to DNW:

ICANN’s Registrar Accreditation Agreement (RAA) requires GoDaddy to collect contact information for every domain name, and to publish this in a WHOIS database that is public and can be accessed anonymously. The RAA (Sec. 3.3.5) also requires us to protect registrant data from harvesting for the purposes of spam and abuse. Our goal is to reconcile this conflict between our obligation to operate a Port43 WHOIS service, and our duty to protect our customer data from harvesting by bad actors.

We have irrefutable evidence that abuse of WHOIS data is occurring, even by “whitelisted” Port43 users, and we will do everything in our power to protect our customers. We have therefore taken steps to guard against bulk harvesting on Port43, while still making the required data available via protected web-based queries.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. U.S. Gov: Whois info must remain available
  2. IANA transition will not remove government relationship with .com contract
  3. Here’s what happened to ICANN on Capitol Hill yesterday
Categories: News and Updates

Is Blockchain Causing More Cybersecurity Attacks in the Financial Industry?

Domain industry news - Mon, 2018-04-16 15:38

There's a lot of misunderstanding about blockchain. A recent study by HSBC, for example, found that 59 percent of customers around the world had never heard of it. Yet, while that alone is quite telling, it's probably more alarming to consider the fact that very same poll revealed that 80 percent of people who had hard of blockchain did not understand what it is.

This level of confusion isn't confined to the general population either. Politicians in charge of setting the law around this sort of technology and some traders who are perfectly at home with currency futures are equally in the dark about what this technology is and what it means for the financial industry.

There are some who fear that this technology - a digital transaction ledger in which each block is protected by cryptography - poses a security risk. That hasn't been helped, it has to be said, by a number of scams in this market which have caused some to associate blockchain with risk.

CoinDesk, for example, demonstrates seven key incidents that attracted attention in 2017 alone. The incidents it highlights — including wallet hacks, ICO fraud and software bugs — cost investors nearly $490 million.

But, while it's understandable that these sorts of incidents cause alarm, the general fear around blockchain is misplaced, probably not helped by the fact that this technology is proving 'disruptive' to the old order, promising drastic change to the speed and ease of money transfers.

Far from being the cause of problems for the financial industry, this technology might well offer a solution to make the industry safer.

Medium writer Redactor demonstrates four key ways in which blockchain technology is improving cybersecurity. These are:

  • Mitigating attacks such as DDoS with a decentralized structure and by not having a single point of failure
  • Protection for IoT devices, which can communicate with enterprise-defined ledgers based on blockchain
  • Providing transparency with permanent records that cannot be altered without creating a data trail (in order for transactions to be finalized they need to be approved more than half of the systems in a network and, when this occurs, the block is given a time stamp and is immutable)
  • Allowing for digital identities, greater encryption and more robust authentication

It's fair to say that blockchain is here to stay. It isn't 'just' the technology that underpins Bitcoin and other cryptocurrencies — although this is probably what its most known for — but it is a form of technology that has much wider potential for use in the finance sector and beyond.

Rather than ignore it — or treat it as a security threat — the industry needs to identify the potential of blockchain and set to work to use this as a way to add security. This, increasingly, is the case, with banks and big tech firms working on ways to harness blockchain to shelter the data of financial firms and customers alike.

Clearly scams shouldn't be ignored — and work needs to be done to crack down on these — but nor should the positive potential of blockchain as a force for security.

Written by Patrick Vernon, Writer

Follow CircleID on Twitter

More under: Blockchain, Cyberattack, Cybersecurity

Categories: News and Updates

Why Mike Kugler spent $500k on Vacation.Rentals – DNW Podcast #181

Domain Name Wire - Mon, 2018-04-16 15:30

Mike Kugler’s company VacaRent paid a record amount for a new TLD. Find out why.

Mike Kugler is CEO of VacaRent, a company that just paid a record price for a domain under a new top level domain: $500,300 for vacation.rentals. On today’s show, Kugler gives the interesting story about how he negotiated for the domain and why he was willing to pay so much. There are lessons in his story for both how domains are sold to end users and the power of syndicated domain listings. Also: Emailed offers, FURY, and ICANN.

Subscribe via iTunes to listen to the Domain Name Wire podcast on your iPhone or iPad, view on Google Play Music, or click play below or download to begin listening. (Listen to previous podcasts here.)

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. How End User Domain Buyers Think – DNW Podcast #134
  2. The value of a category killer domain – DNW Podcast #176
  3. The challenges of new TLDs with Tobias Sattler – DNW Podcast #177
Categories: News and Updates

Napoleon.com hit with UDRP. Owners fight back with lawsuit

Domain Name Wire - Mon, 2018-04-16 14:20

Domain owners fight back in court before UDRP is decided.

Last Month Wolf Steel, which markets fireplaces under the brand name Napoleon, filed a UDRP cybersquatting dispute against the domain name napoleon.com. The owners of the domain name are fighting back with a lawsuit.

Emmet Stephenson, Tony Stephenson and Domain.com, Inc. (not affiliated with the Endurance International Group domain name registrar) filed the suit (pdf) in Washington State on April 12.

The lawsuit states that the Stephensons registered the domain name in 1995. Since that time they have received multiple offers on the domain name, including from Wolf Steel, but have declined the offers.

Emmet Stephenson grew up in Louisiana and has long been infatuated with Napoleon Bonaparte, the lawsuit states. The Stephensons own Napoleonic artifacts such as Napoleon Bonaparte’s death mask, a plan of the Battle for Austerlitz, one of four unique clocks commissioned by Napoleon Bonaparte for his children, and various documents signed by, written by, and written to Napoleon Bonaparte.

The domain name has been parked and showed ads for fireplaces and barbeque grills, which is likely the basis for Wolf Steel’s UDRP.

Nevertheless, it seems unlikely that the Stephensons registered the domain name in bad faith to target the fireplace maker.

The Stephensons company owns a number of great domain names including Communications.com, Wireless.com, Annuities.com, Bookie.com, TX.com, Technology.com, Hut.com, and Police.com.

Attorney Derek Newman is representing the Stephensons.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Janna Bullock Plays Whack-a-Mole with Domain Names
  2. Fight over APE.com lands in court
  3. Lawsuit filed after Materia.com UDRP, and it’s an interesting case
Categories: News and Updates

“Breach” is the new necessary defensive domain registration

Domain Name Wire - Mon, 2018-04-16 13:32

Hertz registers data breach domain names. More companies should do this.

These days it seems like the question isn’t if a company will suffer a data breach or hack, it’s when.

When a company suffers a breach it usually rushes to register domain names related to it. That’s what happened with the massive Equifax data breach.

Why not register these domains in advance to avoid a last-minute rush when the company is in disarray?

I was thinking about this when I saw three domain name registrations over the weekend:

HertzBreach.com
HertzDataBreach.com
HertzPrivacy.com

I’m not sure if these domains were registered in response to a specific incident; Hertz France has previously suffered from a data breach.

If not, I still think this is a smart move. Be prepared for the inevitable.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Cargill registers Truvia lawsuit domain names
  2. Is Shutterstock worried about a boycott?
  3. It’s the Amazon Echo, but Amazon stocks up on Alexa domain names
Categories: News and Updates

GDPR and WHOIS - We've Heard from the Article 29 Working Party, Now What?

Domain industry news - Sat, 2018-04-14 01:27

Well, here we are on Friday the 13th and I couldn't think of a better way to spend the day than providing an update on GDPR, WHOIS and ICANN. There's lots to cover, so let's dive right in.

As we have been talking about for a number of months now, the EU's new General Data Privacy Regulation (GDPR) will become enforceable on May 25th. The ICANN community has been struggling with how GDPR will impact the WHOIS system.

This week, ICANN engaged with the Article 29 working party (an advisory board made up of representatives of each of the data protection authorities of each EU member state) to obtain guidance on whether its proposed model is GDPR-compliant. The community was eagerly awaiting this feedback and it was provided to ICANN.

The feedback received was, in some ways, predictable. The working party applauded ICANN for proposing an interim model which included an accreditation program for access to non-public WHOIS information; however, the group indicated the purposes for collection of personal data was not sufficiently detailed, and it urged "ICANN to revisit its current definition of "purposes" in light of these requirements." It also stressed to ICANN the need to link each specific purpose of the collection of data to a relevant legal basis.

The group also raised concerns with how the access to non-public WHOIS information would be granted and what data elements would be available to those parties. Again, the notion of specific legal basis for access to this data was highlighted, in addition to points about unauthorized access and the overall security of that data.

For those who were hoping for some sort of enforcement moratorium or forbearance of GDPR relative to registrars and registries, there was no such mention of that in the communication to ICANN. In the eyes of the Article 29 working party, the enforcement date of May 25th will not be changing. To underscore the scrutiny this subject is getting, the US Commerce Secretary has sent a letter to the European Commission asking for help, "in securing temporary forbearance from GDPR enforcement on the process of WHOIS information."

So where does this leave us? At this point, that IS the million-dollar question, and I'd like to make the following observations:

  • While May 25th may be the date of enforcement, that clearly will not mark the end date of this. In its response back to the working party, ICANN boldly stated, "...we are studying all available remedies, including legal action in Europe to clarify our ability to continue to properly coordinate this important global information resource." No one is quite sure what legal action, in this case, would even look like, but that was a rather stunning statement for ICANN to make. And with high-level government officials now getting involved, who knows where this will lead?
  • The WHOIS system, as it has been known for two decades, will cease to exist. Unfettered access to registration information for gTLDs is simply not going to be possible going forward after May 25th. Yes, there are still questions as to what the final model ICANN puts forth will be, but it will certainly drastically change how WHOIS will function.
  • In addition to the global WHOIS system becoming fragmented, I believe that the ICANN community itself will become increasingly fragmented. The contracted parties (registrars and registries) are on the hook for severe penalties for violation of GDPR. They are being conservative in their approach, which is understandable. The main users of WHOIS (namely the Intellectual Property Constituency and the Business Constituency) have proposed an accreditation model for access to non-public WHOIS information to ensure access for purposes such as cybersecurity, intellectual property, and law enforcement, but there has been push-back on that proposal as it was developed by two specific groups within the community and is being done outside of the standard process for policy development.

With an enforcement date of May 25th, it's clear that uncertainty is the only certainty and that events are going to unfold at a rapid pace. As always, we'll continue to monitor this topic closely, and we'll provide updates as they become available.

Written by Matt Serlin, SVP, Client Services and Operations at Brandsight

Follow CircleID on Twitter

More under: DNS, Domain Names, ICANN, Policy & Regulation, Privacy, Whois

Categories: News and Updates

US Congress Re-Launches Treaty Talks on Internet Economy

Domain industry news - Fri, 2018-04-13 19:36

Final echoes of the US Senate committee's questions of Facebook this week will only fade in the UN Security Council where, in a few years, Member States will adopt a treaty on regulation of the Internet Economy. By opening wide the door to questions on privacy, revenue, security and purpose, Congress showed its well-placed concern and signaled that others can too. Companies must either prepare themselves for the consequences, which follows the predictable arc of most revolutions, or collaborate to try to change the almost inevitable.

Bastille Week

The Congressional line of questioning will now be repeated — earnestly, tragically, and sometimes farcically — by governments around the world. That has already begun, and portends a patchwork of individual national solutions: a prohibition on fake news in Malaysia, a proposed transaction tax in Europe, a tax on social media use in Uganda. These will confront the Internet Economy with the risk of wildly balkanized rules and regulations that will limit access, curtail content and commerce, and disconnect millions of daily users.

Rule of the Moderates

Internet companies will react and take the fight to the front lines — many already have. They will (rightly) play for time launching inquiries, listening tours, and testing models of self-regulation. Sheryl Sandberg will wear out two Gulfstream 550s as she makes the case for her firm from Brussels to Bujumbura where, with cohorts of economists, content creators and local stakeholders, she will ably prove again the economic worth and multiplier effect that Internet companies enable. Along the way, she will re-confirm the conviction of many politicians in the local wealth that companies such as hers create. In this way, and for a while, governments will be cowed or convinced that the greatest tool of economic growth yet developed is something not to be handled too roughly. Some will be branded bad actors (as some will be most certainly be), others proclaimed outliers or — a banal moniker that can nonetheless tease the very food from little mouths — unwelcoming investment destinations. For a time, Internet companies will be able to demonstrate that the net cost of regulating them is great, but that the benefits of under-regulation are greater.

Reign of Terror

Then, as surely as Josh Bolton will unfriend Mike Pompeo, governments that were told they were mistaken in their views will box Internet companies into a checkmate. These questions are too big for Uganda to answer on its own? Regulatory balkanization is a risk to your business model? Then let us reach for an international standard. This is achieved within the UN General Assembly and associated bodies where some tough questions will get answered: how much regulation is too little, how shall I protect my culture, when do I limit citizen access to these addictive tools, and what revenue-transfer model is too lax? And so, after years of waiting to be asked to dance, the General Assembly will launch itself on a wide and graceful reel that will come to a breathy end at the treaty table.

Reign of Virtue

There, in the multilateral environment, where malign actors will let the International Community take the lead in creating standards for regulation of the Internet and cloud, and (why not, while we're at it?) artificial intelligence, Internet companies will be obliged to negotiate the most favourable terms under which to operate worldwide because that choice will look better than 200 different national codes. Also in that room, defensive now, and showing signs of exasperation, the United States will once again speak eloquently in defence of the Internet companies — their hapless teen years long behind them — after which the delegate from Uganda will click on a forbidden 2018 YouTube link of Senator Chuck Grassley, now in peaceful retirement in Des Moines, and remind the United States who showed them the way.

Written by Gregory Francis, Managing Director at Access Partnership

Follow CircleID on Twitter

More under: Internet Governance, Policy & Regulation

Categories: News and Updates

7th Registration Operations Workshop (ROW), Vancouver, Thursday May 17th 2018

Domain industry news - Fri, 2018-04-13 19:04

The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system.

The 7th ROW will be held in Vancouver, Canada on Thursday, May 17th 2018 in the afternoon, at the end of the GDD Industry Summit, in the same venue: Richmond Conference Centre, Richmond, BC, Canada. Here is a short list of topics that will be presented and discussed. Others are being confirmed.

  • Verisign's RDAP Pilot Implementation
  • WHOAMI – A Decentralised Alternative to WHOIS
  • Enhancing RDAP filtering capabilities
  • RDAP: Post-GDPR Protocol for Registries

Those speakers are from CentralNic, Registry Central Europe (RyCE), ICANN, IIT-CNR/Registro.it, Verisign. The attendance is free but registration is required . The ROW Series workshops are sponsored by Verisign and ICANN.

Written by Marc Blanchet, Internet Network Engineer and Consultant

Follow CircleID on Twitter

More under: Domain Management, DNS, Domain Names, ICANN, Registry Services, New TLDs

Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer