Domain industry news

Syndicate content CircleID
Latest posts on CircleID
Updated: 12 hours 46 min ago

Domain Name Registrars Ask ICANN for a "Moratorium" on Its New GDPR Policy

Fri, 2018-05-18 21:57

"Domain name sellers rub ICANN's face in sticky mess of Europe's GDPR," Kieren McCarthy reporting in The Register. "Internet domain-name sellers have turned the tables on global DNS overseer ICANN by using its own tactics against the hapless organization. In a letter to the California-based organization sent the day before it finally approved a 'temporary' policy for the Whois service to bring it into compliance with new European privacy legislation — GDPR — registrars representing roughly a quarter of all domain names have asked for a 'moratorium' on the new policy. ... The 'moratorium' language is a direct reference to ICANN's embarrassing efforts to excuse itself from the General Data Protection Regulation (GDPR) by asking European data protection authorities to grant it a special one-year exception before they applied the law: a request that the authorities pointed out they were in no position to grant."

Follow CircleID on Twitter

More under: Domain Names, ICANN, Policy & Regulation, Whois

Categories: News and Updates

A Short-Term Suspension of GDPR Enforcement on WHOIS May Be Necessary, Says U.S. Government

Fri, 2018-05-18 21:05

David J. Redl, Assistant Secretary for Communications and Information at the U.S. Department of Commerce and Administrator of the National Telecommunications and Information Administration (NTIA) at a Communications Forum luncheon at the St. Regis Hotel in Washington, D.C., on May 17.Implementation of European Union's General Data Protection Regulation, or GDPR, is a major concern of our government, said David Redl during a Media Institute luncheon held on Thursday in Washington DC. Redl, a critic of GDPR's ramifications on WHOIS, in his remarks stated: "Many aspects of our government's operations will be affected by GDPR, and the same is true for private sector companies of all sizes. GDPR is also threatening to upend the valuable WHOIS service, which could impede our work to curb botnets. ... GDPR, as currently framed, creates serious and unclear legal obligations that could have a widespread impact on transatlantic cooperation, law enforcement, and business operations. ... the EU's guidance issued for implementing the GDPR is vague and insufficient. American companies and the U.S. government do not have an adequate basis on which to comply with the law. ... Absent a broader interpretation of Article 49, a short-term moratorium on GDPR enforcement with regard to WHOIS may be necessary. If not, then come May 25, we anticipate registries and registrars will stop providing access to WHOIS directories and services."

Follow CircleID on Twitter

More under: Cybercrime, Domain Management, DNS, ICANN, Internet Governance, Policy & Regulation, Whois

Categories: News and Updates

geoTLDs - Small but Perfectly Formed?

Thu, 2018-05-17 17:56

Rainy London in March by Dirk Ingo Franke
Photo: WikimediaI always geek out a little when I see something ICANN-related breaking out into the real world, like when the bus-stop display has borked, and its LAN is vainly searching for an IP number so it can reboot.

Or the ICANN Paris meeting back in 2008 when the board gave the thumbs up to the GNSO policy to launch new gTLDs. One day we were an obscure Californian organisation doing something technical-seeming most people had never heard of, and the next we were working two phones each, giving journalists quotes and information for dozens of front-page news stories around the world. It was exciting and just a little weird to see what 'normal people' made of the huge change to the DNS the community and staff had worked on for years.

Since 2014, when the geographic names TLDs — .berlin, .capetown, .alsace, .quebec, etc. — started to launch, I get frequent, geeky little thrills from seeing city and regional names on poster-hoardings out in the wild. My sister's favourite yoga studio is in Peckham, just down the road from me. Peckham is one of the most vibrant parts of London, and YogaRise is a cherished and thriving business that does things a little differently and contributes to good causes, locally. It makes total sense to me that YogaRise would choose a dot london domain. It signals that they're local and innovative, both rooted in our community and determined to do and try new things.

So I already had a lot to say when Dirk Krischenowski from asked if I'd like to write something about how the geo's are doing, four years post-launch. It's been quite a journey.

It seems almost unbelievable now — because all great ideas become 'the new normal' very fast — but when Dirk started doing the rounds of ICANN meetings in 2005, selling the idea of city and regional TLDs, I didn't really get what it meant. Why would cities have TLDs? And regions? Don't we already have country codes for that? (FYI, I saw a pitch from eBay in Brussels in about 1999, and instantly thought 'this will NEVER catch on'.)

But now I get it. We're living in a moment when our loyalties and identities are shifting, and nation-states can seem far-removed from the realities of our lives. Though I'll never be British (thank you, Brexit), I sure as hell am a Londoner. So when I see a dot London domain, it appeals directly to me with a mix of tribal loyalty and tech innovation that makes me want to put my hand in my pocket and buy something. This stuff is marketing rocket fuel, because it's a real, not manufactured feeling. And I'm clearly not the only one who feels this way.

A quick look at the stats shows the top five of the fifty-one geoTLDs delegated so far are Tokyo, London, New York, Berlin and Amsterdam; five of the world's most coveted and exciting places to be. These 'magnet cities' draw huge numbers of talented and ambitious people, and drive so much of our global culture. But they're also fiercely local, loyal and proud. So, of course, they would be early adopters of city names.

What's really interesting is how the geo's stand out from many other new gTLDs, especially the 'dot word' ones. geoTLDs have the lowest rates of parked domains — used typically for speculation and intellectual property protection — and higher rates of people associating the names to real websites.

Kieren McCarthy wrote on this website a while back that while registrations and renewals are a somewhat useful way to measure a registry's progress so far, to figure out its chances of future success, you need to look deeper at how (let's be honest, 'if') people actually use the domains: "… future success — for both registries and registrars — mostly likely lies in two things: high rates of renewal and future growth potential." The geo's tend to have low parking and high use. They're out in the wild, on poster hoardings, business cards, shop windows, Instagram; everywhere people are doing interesting and useful things in the real world.

CENTR's recent report found that a "third of all new gTLDs (2012 ICANN application round) have contracted over the past 12 months." We've all heard horror stories about low renewal rates in some new gTLDs. But geoTLDs are steadily growing, at 1.9% year on year, which is comfortably higher than the growth rate of the global TLD market; 1.4% by Q1 2018.

Now, that same report tells us the global number of domain names is about 330 million, so as geoTLDs account for less than a million of those, they're not going to be eating .com's lunch any time soon. But that's not the aim.

Some geoTLDs are very small, but their sponsoring organisations seem satisfied as their strategy is to closely manage the domain and the brand identity of the region or city. For example, .stockholm has a startlingly low number of names registered. But though it hopes to widen the registration criteria and open up to the broader Stockholm region, the registry says it's never going to be a .NYC. Its ambitions are more Brussels-sized, aiming for 5 – 7,000 names.

And then there's .EUS, the geoTLD for the Basque region. Its registration total is a bit over 8,000, but the registry guesstimates this could be more than two thirds of the total number of businesses in the region. Loyalty to .EUS is unsurprising, given how strong Basque feeling can be, but it shows how much latent demand there was for domain names that match many people's regional identities.

The geo's are that rare thing in a DNS originally built as a taxonomy of how the world seemed to American engineers in the 1980s and early 90s. (Remember, out of the 6 historic TLDs, only three were open to non-US organizations.) The geo's represent the world as many of us experience it, and not as the DNS originally tried to organize it. We largely live in cities and are often more interested in goods and services we can trust and access nearby, or we work for local instances of global companies, like

(Hint: if you want a real-life check of whether our loyalties are more local and regional than national, ask people which football team they support.)

Why are the geoTLDs bucking the overall new gTLD trend and doing surprisingly well (albeit in a fairly low-key way)?

Firstly, because geo's have a clear market and strong motivators; the way we feel about who we are, and the ties we feel to those around us. In a globalised, tech giant world, geo's are unashamedly rooted in real-world communities. They also serve the business need for domain names that are both available and meaningful. Much growth and churn in wider economy comes from new, small businesses and independent contractors. And while some people dream of launching the next Google or Skype, most businesses stay fairly small — think hairdressers, builders, graphic designers. They'll always need names and to be able to quickly and cheaply target their markets and communicate their brands.

Secondly, as the dot London blog pointed out, geoTLDs may have been helped by a stroke of sheer luck. An update to Google's Pigeon algorithm in 2014 meant search results close to the user's location moved up the rankings. Now, Google's public position on its search algorithms is a bit like the British royal family; 'never complain, never explain', so it's impossible to be sure. But it looks like geo-names, along with country codes, are used by Google to infer content is local, which means users are more likely see geo websites at the top of the results. That's made them even more attractive to local enterprises.

I expect geoTLDs will continue to grow steadily, if not spectacularly. People want relevant, trusted, local names, and as many countries seem increasingly fractious and divided, our local loyalties can only strengthen. Medium and longer-term, geoTLDs will be both the rallying points and the beneficiaries of the innovation drive of our cities, the strong identities of our regions, and the more tribal ways we now see ourselves.

I can't wait to see .dublin.

Written by Maria Farrell, in conjunction with

Written by Maria Farrell, Writer and Consultant

Follow CircleID on Twitter

More under: Domain Management, DNS, Domain Names, New TLDs

Categories: News and Updates

Department of Homeland Security Issues More Warnings on Security Vulnerabilities in Medical Devices

Wed, 2018-05-16 18:55

The U.S. Department of Homeland Security has issued a warning about cybersecurity vulnerabilities in medical devices which have come after independent researchers, or the companies themselves, reporting the problems. Marianne McGee reporting in Bank Info Security: "The two latest alerts from DHS's Industrial Control Systems Emergency Response Team warn of the risk that flaws could be exploited by attackers to obtain unauthorized access to systems or to modify settings. They deal with vulnerabilities in some wireless electrocardiogram products from Silex Technologies and GE Healthcare, and vulnerabilities in certain computed tomography, or CT, systems from Philips. Among the agency's other warnings earlier this year was one about other GE Healthcare products."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity

Categories: News and Updates

The Latest on GDPR and WHOIS

Tue, 2018-05-15 23:11

GDPR. It's the four-letter "word" everyone is talking about, and there are lots of questions still swirling around the topic. We wanted to provide a summary of where we are and what we believe the next ten days will bring.

What we know:

• GDPR enforcement will begin May 25, 2018. After this date, those found in violation of the regulation can be fined up to 4% of annual global turnover or 20 Million Euros, whichever is greater.

• At one point, there was discussion of forbearance for contracted parties (registrars and registries) to allow for more time to implement a GDPR-compliant WHOIS solution, but that will not happen, and the contracted parties need to have GDPR-compliant WHOIS in-place by May 25, 2018.

• The ICANN Board appears poised to approve a "Temporary Specification" which will address how WHOIS will be handled in light of GDPR enforcement. A draft of the specification has been posted here. This temporary specification could be in place for up to a year.

• This specification reaffirms the interim WHOIS model put forth by ICANN. This proposed WHOIS model pares back data fields significantly to include only organization name, state or province, and country. In addition, the proposed WHOIS output will include either an anonymized email address or web form which will allow for a certain level of contactability.

• Once the temporary specification is approved, it will allow for very little time for contracted parties to update their systems to comply with the requirements. Already, many registries and registrars have updated their WHOIS output to become GDPR-compliant, but others have been waiting to receive guidance from ICANN.

• ICANN has stressed the importance of continuing to collect registrant data as registrars have done in the past. That said, there is concern that contracted parties have already made changes to their systems, and if those changes include not collecting registrant data, those registrars may not be compliant with the temporary specification.

• In conjunction with the temporary specification being put into place, ICANN will also kick off a policy development process to create long-term policy which will govern WHOIS.

• Given that public WHOIS data will be severely diminished, each contracted party will define the mechanisms by which third-parties may obtain non-public WHOIS data.

• Despite proposals put forth for credentialing and tiered-access to non-public WHOIS data, given the complexity involved, such a system could not be implemented by May 25, 2018.

What we don't know:

• Once this temporary specification is put forth by ICANN, exactly what are the next steps? Will we see an increase in the level of contractual compliance complaints submitted to ICANN?

• Because the temporary specification can only be in place for a year, there is concern that new policy cannot be developed within that timeframe. It is unclear what would happen if the temporary specification expires without a new policy to replace it.

• Will ICANN be doing outreach to its global network of several thousand contracted parties to ensure all are aware of the requirements and timelines? Most parties within the ecosystem are accustomed to having months or even years to adopt ICANN policy, so having something pushed out within less than 10 days will be a new experience.

• How will the domain market look and operate after May 25, 2018? With WHOIS information drastically reduced, obtaining domain ownership and contact information will become challenging in ways we have not previously seen.

• What will Reverse WHOIS providers do with the millions of historical WHOIS records they have stored? Will that data continue to be available or will it be purged? It's possible only records containing personally identifiable information for those in the EU would be purged, but that remains to be seen.

• How are ongoing issues already being worked on within ICANN impacted? Specifically, topics like Privacy and Proxy accreditation could be paused while the full impact of GDPR is understood. Already we have seen a request to push out 2018 deadlines for Thick WHOIS in .com and .net by a year due to the ongoing GDPR discussions.

It's clear that there are lots of moving pieces and still lots of unknowns. But as always, we'll continue to monitor closely and provide updates as they become available.

Written by Matt Serlin, SVP, Client Services and Operations at Brandsight

Follow CircleID on Twitter

More under: Domain Management, Domain Names, ICANN, Policy & Regulation, Whois

Categories: News and Updates

New Type of DDoS Attack Targets Vulnerability in Universal Plug and Play Networking Protocol

Tue, 2018-05-15 16:08

A new type of DDoS attack takes advantage of an old vulnerability with the potential to put any company with an online presence at risk of attack warn researchers. Danny Palmer reporting in ZDNet: "A newly-uncovered form of DDoS attack takes advantage of a well-known, yet still exploitable, security vulnerability in the Universal Plug and Play (UPnP) networking protocol to allow attackers to bypass common methods for detecting their actions. Attacks are launched from irregular source ports, making it difficult to determine their origin and blacklist the ports in order to protect against future incidents."

Researchers also add that "this and many other UPnP exploits can be very easily avoided just by blocking the devices from being remotely accessible — an option that, in most cases, only exists as an oversight, since it serves no useful function or has any benefit for device users."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity, DDoS, Networks

Categories: News and Updates

The Security Problem with HTML Email

Tue, 2018-05-15 15:31

Purists have long objected to HTML email on aesthetic grounds. On functional grounds, it tempts too many sites to put essential content in embedded (or worse yet, remote) images, thus making the messages not findable via search. For these reasons, among others, Matt Blaze remarked that "I've long thought HTML email is the work of the devil”. But there are inherent security problems, too (and that, of course, is some of what Matt was referring to). Why?

Although there are no perfect measures for how secure a system is, one commonly used metric is the "attack surface". While handling simple text email is not easy — have you ever read the complete specs for header lines — it's a relatively well-understood problem. Web pages, however, are very complex. Worse yet, they can contain references to malicious content, sometimes disguised as ads. They thus have a very large attack surface.

Browsers, of course, have to cope with this, but there are two important defenses. First, most browsers check lists of known bad websites and won't go there without warning you. Second, and most critically, you have a choice — you can only be attacked by a site if you happen to visit it.

With email, you don't have that choice — the bad stuff comes to you. If your mailer is vulnerable — again, rendering HTML has a large attack surface — simply receiving a malicious email puts you at risk.

Written by Steven Bellovin, Professor of Computer Science at Columbia University

Follow CircleID on Twitter

More under: Cybersecurity, Email

Categories: News and Updates

ICANN Releases Temporary WHOIS Specification Plan for GDPR Compliance With Deadline Two Weeks Away

Mon, 2018-05-14 19:03

ICANN has released temporary specifications for gTLD registration data in order to establish temporary requirements needed for the organization and gTLD registry operators to continue to comply with existing ICANN contractual requirements and community-developed policies. Trevor Little reporting in World Trademark Review: "Subject to further revision prior to a board vote, the model proposes the establishment of a mechanism to allow contact with domain name registrants — while cloaking their identity. ... last month the Article 29 Data Protection Working Party (WP29) responded to ICANN's initial request for feedback on a proposed interim model for ensuring that the treatment of WHOIS data is compliant with GDPR. While welcoming the decision of ICANN to propose an interim model which involves layered access, the WP29 raised a number of concerns. With the May 25 enforcement date for GDPR two weeks away, the past few days have seen a flurry of activity at ICANN HQ."

Follow CircleID on Twitter

More under: Domain Management, Domain Names, ICANN, Policy & Regulation, UDRP, Whois

Categories: News and Updates

Human Rights in the Digital Age, Online Pharmacies, and the "Brussels Principles"

Mon, 2018-05-14 15:17

"Human Rights in a Digital Age" is the theme of this year's RightsCon conference in Toronto. An essential human right is access to safe, affordable prescription medications. The Internet makes this possible, our organization has proven it's achievable and sustainable over an extended period of time, and our proposed "Brussels Principles" provide the framework to take our proven success internationally. Across the Globe, to people everywhere.

Let me back up to RightsCon Brussels 2017. At that groundbreaking conference, the Canadian International Pharmacy Association (CIPA) participated in a workshop entitled: Online Access to Affordable Medication: Applying Human Rights Law to Cyber Rule-Making and Internet Governance. Together with Knowledge Ecology International, Public Citizen, Electronic Frontier Foundation, and Prescription Justice, we jointly formulated the aforementioned Brussels Principles, which are best practices for licensed pharmacies that enable safe, reliable, and affordable medication sales over the Internet.

At RightsCon 2018 (Toronto, May 16-18) with our session: Making Safe Online Access to Affordable Medication Real, we will serve on a panel of distinguished international experts, addressing this urgent issue and discussing the proactive framework that will ensure its success.

Heading into the conference, it's important to give this critical discussion some historical context. Specifically, why this is such an important issue, how we're qualified to address it, and how the Brussels Principles will help negotiate the intersection of human rights and digital technology.

As the Executive Director of the Canadian International Pharmacy Association, every day I receive emails and speak to people who are trying to find a safe source of medications from a pharmacy online. Why? Because they can't afford or don't have access to their prescribed medication where they live. In fact, CIPA has served more than one million patients annually, providing safe and affordable daily medications (but not controlled substances). The high cost of medications in the U.S. is something already on the radar at both the federal and state levels; witness repeated comments by the U.S. president, as well as a recent, overwhelming (141 to 2!) vote by the Vermont House of Representatives in support of a bill to reduce the cost of prescription medications through importation.

Senator Rand Paul also clearly voiced the general feeling of the average American during Health and Human Services Secretary Alex Azar's confirmation hearing. Mr. Azar noted that "Importation must be reliable and safe, in the mind of the president." Senator Paul interrupted him: "You would have to sit there and say the drugs from the European Union or Canada or Australia are not safe… It is frankly just not true… It's a canard that has been going on year after year after year… It's just BS! ... to serve the pharmaceutical companies..."

But access and affordability to safe medications is not just a U.S. problem, and we have seen a growing number of patients from countries around the world seeking to have their prescriptions filled from Canadian and international licensed pharmacies.

Can medications be ordered safely on the Internet? Yes, with proper regulation and vigilance.

The Canadian International Pharmacy Association is visible proof this can be done. Remember the one million patients a year I mentioned above? We've been serving that many for more than 15 years, and we have a 100% perfect safety record.

We achieve this perfect safety record through rigorous procedures and controls established and monitored by our organization, and adhered to by our pharmacy members. We also are fully engaged in the fight against "rogue" pharmacies illegitimately using our certification mark or otherwise trying to leverage our good Canadian name and reputation. CIPA works closely with both attorneys and law enforcement on an ongoing basis in this effort.

Based on our experiences and safety record selling medications online since 2002, we are pleased to work with so many other Internet and industry experts on the Brussels Principles.

Serving patients economically and safely, doing what is expected of industry leaders by assisting law enforcement, participating in the development of the Brussels Principles, active engagement in ICANN, all add up to a solution that is effective, practical, and easily within our reach.

We'll be discussing this topic in detail, and seeking feedback to the Brussels Principles, at our RightsCon 2018 session. I welcome you to participate with us in Toronto, on May 17 at 9 am (Session #636).

Our renowned panel of thought leaders includes Dr. Jillian Kohler, Professor, Leslie Dan Faculty of Pharmacy and Munk School of Global Affairs, and Aria Ilyad Ahmand who is a Consultant to the World Health Organization on Substandard and Falsified Medical Products. Jillian pioneered the methodology on good governance in the pharmaceutical system for the World Bank, which was subsequently adopted by the WHO and has been applied in over 35 countries globally. Aria is a policy advisor at the Dahdaleh Institute for Global Health Research at York University, where he has also served since 2014 as a consultant to the WHO's Department of Essential Medicines and Health Products. A past Duke University Global Health Fellow and past faculty member of the Global Health Education Initiative at the University of Toronto, Aria is currently completing his PhD in Global Health Governance. Joining these two experts will be other industry representatives, including Gabriel Levitt (Prescription Justice); Tracy Cooley (Campaign for Personal Prescription Importation); Dr. Shivam Patel (PharmacyChecker); Robert Guerra (Privaterra); and myself.

I hope to see you there!

Written by Tim Smith, General Manager

Follow CircleID on Twitter

More under: Internet Governance, Policy & Regulation

Categories: News and Updates

44% Of Domain Names Globally are Country Code TLDs, 56% Generic TLDs, Reports CENTR

Fri, 2018-05-11 18:08

The Council of European National Top level Domain Registries (CENTR) released its global TLD report today, stating that the global TLD market grew 1.4% year over year at the end of first quarter this year. The report, CENTRstats Global TLD Report 2018/1, has also indicated that 44% of domain names globally are country code Top-Level Domains (ccTLDs) and 56% are generic Top-Level Domains (gTLDs). "These figures have not changed significantly over the past year or two, despite the addition of hundreds of new gTLDs in that period."

Here are some additional highlights from the report:

The European ccTLD market grew 3.6% YOY and continues a period of stable growth (see chart) with some ccTLDs even reversing the slowing growth seen in previous years. The stabilization in growth is in part due to a decline in average deletion rates along with flat rates of new domains and renews. The TLD market in Europe is estimated at 100 million domains (locally registered ccTLD & gTLDs) of which 59% is made up of European-based ccTLDs — an increase of around 1% YOY.

Combined gTLDs grew in total 0.1% YOY. Of the legacy gTLDs, .com and .info are the ones to have maintained consistent positive growth over the past year. .com has around 71% of the global gTLD market, with the rest attributed to other legacy gTLDs (18%) and new gTLDs at 11%. A third of all new gTLDs (2012 ICANN application round) have contracted over the past 12 months. Median growth among geographic gTLDs was 1.9% YOY. This group has some of the lowest rates of domain parking among all new gTLDs.

Follow CircleID on Twitter

More under: Domain Names, New TLDs

Categories: News and Updates

Making a Strategic Decision: URS or UDRP?

Fri, 2018-05-11 17:25

A discussion is presently underway about the Uniform Rapid Suspension System (URS) (and in Phase 2 next year of the Uniform Domain Name Resolution Policy (UDRP)), whether it is performing as intended. The URS is less than five years old, and there are not an overwhelming number of decisions. Since 2013, rights holders have filed less than one thousand complaints (with three providers, the Forum being the most active), which translates into less than 170 decisions annually, 10 to 15 monthly (of which 10% or less are denied, and approximately 3% withdrawn) (from the Forum, there were more denials at the beginning, less so now). That filing number is minuscule in comparison with the number of complaints filed under the UDRP — in the region of 4,000 annually (in its first years its total was twice the URS in 4 1/2 years) — but the denial and withdrawal percentages are similar.

There is a question rattling around whether the URS is functioning properly (perhaps dysfunctional?), although I think it is really too early to tell. It seems to be functioning well for the purpose intended if that intention is properly understood. The utilization (or under utilization) is not an issue. Rights holders will make a strategic decision about which rights protection mechanism they will use. Instead of looking at what is wrong, I want to look at what is right about the URS. For an understanding of the progress of the URS it is better to take a closer look, not what the whole roster of Examiners is doing, but at a select number who take the time to pinpoint failures of proof (both persuasion and production) and in this way imprint the DNA for the URS. It must be admitted that not all Examiners are responding to their decision-making tasks equally well; some have too little to say about the reasons for their decisions, and fall back on the formula: citing relevant paragraphs of the URS Procedure followed by "Determined: Finding for Complainant." (It is likely that rapidity in filing decisions coupled with meager compensation encourages less thought, even if the result is correct).

The Internet Corporation for Assigned Names and Numbers (ICANN) describes the URS as complementing the UDRP, but it has a more limited jurisdiction, designed specifically for "rights holders experiencing the most clear-cut cases of infringement" and is only available "against domain names registered in a New gTLD" (URS Procedure, para. 3(f)). The Examiner in Virgin Enterprises Limited v. lawrence fain, FA1402001545807 (Forum March 20, 2014) underscored that the "URS process is a narrow one" and that it is "without prejudice to the Complainant… proceed[ing] with an action in [a] court of competent jurisdiction or under the UDRP." (URS, para. 8.5). Rather than the preponderance of evidence standard for the UDRP, Complainants must prove their case by clear and convincing evidence. (The burden of proof matches the announced purpose of the policy). That burden has tripped up at least two Complainants, one with a very well-known if not famous mark and the other a name famous for the iconic mark of his business, Bloomberg L.P. v. zhang guo jie, FA1703001721683 (Forum March 31, 2017) for <> and Virgin Enterprises for <>).

In Bloomberg L.P. the Examiner explained that the "Complaint is, ... devoid of any allegations or proof of facts tending to show, even prima facie, either that Respondent has no right to or legitimate interest in the <> domain name, or that the domain name was registered and is being used by Respondent in bad faith. For the same reason, incidentally, the Complainant was denied in a later UDRP case, Bloomberg Finance L.P. v. zhang guo jie, FA1704001727926 (Forum June 8, 2017) (<>). Both Examiner and Panel came to the same conclusion, namely that "Accordingly, on the record before us, we cannot conclude that Respondent has no right to or legitimate interest in the domain name or that the domain name was registered and is being used by Respondent in bad faith."

There is no question that unexplained holdings fall short of the educational goal expected of filed decisions. The purpose of having accessible decisions (even if not reasoned to the same extent as is the practice of the best UDRP Panels) is to educate parties, their counsel and representatives about the different and stiffer demands of the URS and prepare them for asserting and defending their rights. In this respect, it could be said an unthought-through decision short-changes users (rights holders as well as respondents). However, having said this, there are a good number of explained, thought-through decisions (even if not fully reasoned) like Bloomberg L.P. and Virgin Enterprises that lay a proper foundation for establishing consistency and predictability in the application of the URS.

URS Examiners have a great advantage in not having to reinvent a jurisprudence of domain names. They have ready-made a powerful resource for illuminating the reasons for a party's success or failure of proof by turning to easily accessible, reasoned decisions from UDRP Panels supplemented since 2005 by an "overview" of the jurisprudence published by the World Intellectual Property Organization (WIPO)--the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, now in its third edition (2015). There is, in fact, a mature jurisprudence of domain names.

Certainly, the combination of URS features plays a role in restraining rights holders from using it and favoring the UDRP. But, the URS nevertheless is a remarkable tool for the purposes for which it is intended. I pointed out in a recent essay (What is the Uniform Rapid Suspense System and What is it Good For?), that it can be used as a substitute for a preliminary injunction. In fact, some rights holders have specifically used the URS in this manner by shutting down counterfeit goods websites by having the domain names suspended. W.L. Gore & Associates Inc v. WhoisGuard, Inc. et al., FA1711001758178 (Forum December 6, 2017) (<>. ”[T]he impression created by ... Registrant's website is [that it is] an original online shop of the Complainant with even more convenient prices but offering counterfeit products"); Eli Lilly and Company v. Shaternik et al., FA1705001731038D (Forum June 1, 2017) (Offering counterfeit products on dozens of websites). Also, some phishing and spamming websites have been silenced in this manner, more quickly and less expensively than through the UDRP.

While the URS is quick out of the gate and moves rapidly to award (typically, twenty days) an initial award is subject to being vacated under two circumstances: 1) if post-default the Respondent appears with a meritorious defense or its counter contentions are sufficient to raise a triable issue of fact, and 2) the losing party appeals with new facts and arguments that result in an award being reversed. Reversals are sometimes in Complainant's favor — Aeropostale Procurement Company, Inc. v. Michael Kinsey et al., FA1403001550933 (Forum April 28, 2014) (<> Initially denied; reversed and suspended on appeal and LVMH SWISS MANUFACTURES SA v. GiftSMS et al., FA1509001637103 (Forum November 24, 2015) (<>. Initially denied; reversed and suspended on appeal: "The Respondent claimed that the disputed domain name was available for purchase in the commercial market once the sunrise period expired.... However, trademark rights are not released or waived as a result of the passage of the Sunrise period or for that matter any other period relating to the registration of domain names. In Aeropostale Procurement the Examiner concluded that "The rule stemming from URS (d) is satisfied since the Respondent admitted that he has registered the domain to take 'an opportunity similar to when .com first came into existence' so purely for a reason of expected gain resulting from using the 'AEROPOSTALE' mark."

Sometimes the initial denial is affirmed in Respondent's favor, for a familiar reason that is well established in UDRP jurisprudence. In Grey Global Group LLC v. i-content Ltd. et al., FA1606001681062 (Forum July 8, 2016) (<>), the Examiner stated that :

Given that the Domain Name, in fact, corresponds to a generic term, that the Respondent has registered numerous similar generic domain names, such as <>, <>, <>, or <>, that the Domain Name was used in connection with a parking website with sponsored links using the term "grey" solely in a descriptive way and not in connection with the Complainant's services, and that the Complainant has not provided evidence as to its business activities in Germany, where the Respondent is located, the Examiner finds that the evidence is not clear and convincing that the domain name was registered in bad faith.

The initial denials in Aeropostale Procurement and Lvmh Swiss Manufactures present an interesting distinction between the URS and UDRP. URS Procedure, para. 12.2 and URS Rules, 19(b) provide that "Appellant shall have a limited right to introduce new admissible evidence that is material to the Determination ... provided the evidence clearly pre-dates the filing of the Complaint” (Emphasis added). Under the UDRP, complainants either get it right the first time or their complaints are dismissed and res judicata as far as returning to the UDRP is concerned.

For Complainants who want instant gratification and have no interest in carrying the expense of maintaining identical or confusing domain names into infinity, the URS supplies it for ninety plus percent of the disputes for which respondents have no defensible right to the domain names and invariably default in appearance. For this class of dispute involving well-known and famous marks, the offending domain names are suspended for the duration of the registration (and for another year at Complainant's option), and if they resolved to active websites, shut down.

What can be said about consensus? Since the URS employs the same language as the UDRP for the tiered requirements: standing, demonstrating Respondent's lack of legitimate rights or interests, and conjunctive bad faith, Examiners can rest on authority from UDRP jurisprudence whether or not they actually cite to it. For the first limb, for example, Complainants can only maintain a proceeding if they have standing; if they are unable to prove registered marks in commercial use, they lose. Example: Sks365 Malta Ltd., MT v. Mansour Ben Khamsa, D5C230DE (MFSD December 28, 2016) failed to show it currently held any trademark rights "on the sign 'planet win 365'") (this link is to a list of a dozen or so decisions wherein there is an internal link to a pdf).

For the second limb, Complainant must prove lack of legitimate interests or rights by clear and convincing evidence (which is two notches higher than the UDRP). This leads to some interesting differences with the UDRP. If the domain name is passively held and can plausibly be used for non-infringing purposes (whether the Respondent appears or defaults) the complaint will be found deficient of clear and convincing evidence. In contrast, UDRP Panels are more likely to move on to the third limb before drawing conclusive inferences. Example: HOLA S.L. v. North Sound Names et al., FA1407001570171 (Forum August 9, 2014) (<>) in which the Examiner held (relying on authority from UDRP decisions) that

Previous decisions involving domain names based on generic, commonly used terms are consistently denied, protecting the right of domain registrants to retain such domains against trademark owners." The Examiner than cites a dozen cases before explaining that "for the complainant to prevail, there must be some other proof to evidence bad faith, such as actual notice of trademark prior to registration (<> FA140500 1560028) or evidence of a pattern of registering domains using protected marks ( FA1203001435300).

For the third limb, Complainant must prove conjunctive bad faith. Example: Wikimedia Foundation, Inc. v. WhoisGuard, Inc., FA1804001780755 (Forum April 26, 2018) (<>. The Examiner

deplores the fact that the Complainant has not submitted any evidence supporting its claim of bad faith use and registration. The Examiner would have expected the Complainant to provide evidence of, for instance, the website associated with the disputed domain name. The Examiner notes that the Complainant submitted a screenshot of its own website (associated with its own domain name <>), but not of the Respondent's website (associated with the disputed domain name <>").

The cited decisions underscore that the URS 1) delivers on its promises to grant relief rapidly (faster in fact than could ever be expected from a motion for preliminary injunction in shutting down counterfeiting websites or even phishing and spamming under the UDRP) and 2) is severe on Complainants who fail to understand its demands. It is not time for buyer's remorse!

Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP

Follow CircleID on Twitter

More under: Domain Management, Domain Names, Intellectual Property, UDRP

Categories: News and Updates

FCC Says Net Neutrality Rules to Cease on Jun 11

Thu, 2018-05-10 16:09

The Federal Communications Commission announced today that the landmark 2015 U.S. net neutrality rules will end on June 11. The FCC said the new rules will take effect 30 days from Friday, and confirmed to be Jun 11 according to Reuters. "The FCC voted 3-2 to reverse Obama-era rules barring service providers from blocking, slowing access to or charging more for certain online content. Once they take effect, the new FCC rules would give internet service providers sweeping powers to change how consumers access the internet but include new transparency requirements that require them to disclose any changes to consumers."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation

Categories: News and Updates

Moving to IPv6 Is Becoming a Matter of Business Continuity, Says NASA Transition Manager

Tue, 2018-05-08 19:21

US government agencies are accelerating the transition to IPv6 and ensuring their public websites are accessible via IPv6. "Agencies are also buying IPv6-compliant devices as older ones reach the end of their lifecycle," reports Alan Joch in FedTech. "For a long time, people have said, 'Why be bothered? We have plenty of IPv4 address space,'" says Kevin Jones, IPv6 transition manager at NASA and chairperson of the Federal IPv6 Task Force. "But now, moving to IPv6 is becoming a matter of business continuity. We don't have the luxury of kicking the can down the road anymore." Joch adds that NASA runs a dual-stack IPv4 and IPv6 network environment in parallel, but their goal is to eventually move to IPv6-only.

Follow CircleID on Twitter

More under: IP Addressing, IPv6, Networks

Categories: News and Updates

Canada's .CA Hits All-Time High Domain Registrations

Tue, 2018-05-08 18:46

The Canadian Internet Registration Authority (CIRA) — the non-profit organization that manages the .CA domain — has announced results of its recently completed fiscal year reporting nearly 538,000 new .CA domains registered across Canada. This is an all-time high for .CA domains as stated by CIRA.

Additional highlights from CIRA:

— .CA domain registrations hit 537,941 in FY18 (April 2017 to March 2018); the previous high was 511,900 in FY12.

— .CA domain registrations grew 5.3 per cent in FY18, compared to the overall domain name market in Canada which grew at 1.35 per cent as a whole.

— .CA is one of the fastest growing country code top-level domains (ccTLD)

— CIRA has 2,736,980 .CA domains under management.

— CIRA manages the .CA domain on behalf of Canada and enforces a strict Canadian Presence Requirement that ensures only residents, businesses, or organizations in Canada can register a .CA domain. As part of its mandate to build a better online Canada, CIRA provides over one million dollars in grants every year to digital projects across Canada as part of its Community Investment Program.

Follow CircleID on Twitter

More under: Domain Names

Categories: News and Updates

Google's .APP TLD Now in General Availability Phase Following Record-Breaking Early Access Period

Tue, 2018-05-08 18:12

Google Registry's Official .APP Brand LogoGoogle's highly anticipated new .APP top-level domain (TLD) is now in the final "General Availability" phase, and open to anyone for domain name registrations. The TLD was first made available during the "Sunrise" period starting March 29 through May 1 allowing trademark holders to register their brands. The next "Early Access" period was held during May 1 through May 8 during which, an extra fee was applied to .APP domains registered. So far close 6,000 .APP domains are reported to be already in the zone. Andrew Allemann reporting in Domain Name Wire writes: "Google’s .app top-level domain name continues to prove itself a winner from a registrations standpoint. Waiting until day 5 of early access meant missing out on a lot of domains. All of my day 5 pre-orders were snapped up in earlier days." In addition to the high demand, Google also requires HTTPS for all .APP websites.

In addition to the high demand, .APP will be the first TLD with enforced security made available for general registration, "it’s helping move the web to an HTTPS-everywhere future in a big way," says Google.

Follow CircleID on Twitter

More under: Domain Names, Mobile Internet, New TLDs

Categories: News and Updates

Millennials an Untapped Resource for Cybersecurity Skills but They Lack Awareness, Study Finds

Tue, 2018-05-08 17:14

A study was recently conducted by Enterprise Strategy Group (ESG) to find out where the potential answers to the cybersecurity skills shortage amongst technology-savvy millennials and post-millennials in the US. Ian Barker reporting in BetaNews: "The data shows that the younger generation understands and acknowledges that technology and computing are likely to play a significant role in their future careers. ... But while a vast majority of respondents suggested that they are interested in computer-related careers, cybersecurity was cited by just nine percent. So what can the security industry do to attract young talent? When respondents were asked why cybersecurity was not a career they were considering, ignorance of and lack of opportunity to learn are the top of their responses."

Follow CircleID on Twitter

More under: Cybersecurity

Categories: News and Updates

Blockchain's Two-Flavored Appeal

Mon, 2018-05-07 14:55

A recent story in Medium describes yet again quite well why blockchains don't solve any real problems: Blockchain is not only crappy technology but a bad vision for the future.

So what is their irresistible appeal?

Bitcoins remind me of a story from the late chair of the Princeton University astronomy department. In 1950 Immanuel Velikovsky published Worlds in Collision, a controversial best-selling book that claimed that 3500 years ago Venus and Mars swooped near the earth, causing catastrophes that were passed down in religions and mythologies.

The astronomer was talking to an anthropologist at a party, and the book came up.

"The astronomy is nonsense," said the astronomer, "but the anthropology is really interesting."

"Funny," replied the anthropologist, "I was going to say almost the same thing."

Bitcoin and blockchains lash together an unusual distributed database with a libertarian economic model. People who understand databases realize that blockchains only work as long as there are incentives to keep a sufficient number of non-colluding miners active, preventing collusion is probably impossible, and that scaling blockchains up to handle an interesting transaction rate is very hard, but that no-government money is really interesting.

People who understand economics and particularly economic history understand why central banks manage their currencies, thin markets like the ones for cryptocurrencies are easy to corrupt, and a payment system needs a way to undo bogus payments, but that free permanent database ledger is really interesting.

Not surprisingly, the most enthusiastic bitcoin and blockchain proponents are the ones who understand neither databases nor economics.

Written by John Levine, Author, Consultant & Speaker

Follow CircleID on Twitter

More under: Blockchain

Categories: News and Updates

ARIN and Antigua &amp; Barbuda Government to Hold Workshop on Internet Resilience

Sat, 2018-05-05 17:50

The American Registry for Internet Numbers (ARIN) is collaborating with the government of Antigua and Barbuda to strengthen the technical capacity of local network operators.

ARIN is one of five registries responsible for coordinating Internet number resources worldwide. Its service area includes Canada, the United States, and several Caribbean countries. The collaboration with the Antigua and Barbuda government comes as part of a broader thrust by ARIN to support the development of the Internet across the region.

Among the factors that prompted ARIN to enhance its support for the development of stronger networks in the Caribbean is the growing number of reports of cyber-attacks and the increasing threat of climate-related weather events on communications infrastructure and Internet connectivity. Barbuda, Dominica, Puerto Rico, Tortola and other Caribbean islands are still reeling from the devastation of the 2017 Atlantic hurricane season.

With less than a month to go before the 2018 season begins, the ARIN initiative in the region takes on an added significance, as Antigua, Barbuda and the rest of the region are once again bracing for a potentially major threat to their already weakened Internet infrastructure.

Bevil Wooding, Caribbean Outreach Liaison at ARIN, confirmed that the registry has stepped up outreach activities in its Caribbean service area.

"Through partnerships with the Organisation for Eastern Caribbean States, the Caribbean Telecommunications Union, and the Caribbean Network Operators Group, ARIN has been working to ensure that the region's internet infrastructure is strengthened, and the needs of the community of network operators are effectively met, particularly as it relates to Internet number resources and network resilience," Wooding said.

Dozens of Caribbean and international delegates gathered in Miami on April 19 for the launch of ARIN's Caribbean Forum, an umbrella initiative covering several of the registry's outreach projects across the region. Among the participants was Melford Nicholas, Minister of Information, Broadcasting, Telecommunications and Information Technology for Antigua and Barbuda, who is also the current President of the Caribbean Telecommunications Union.

The Antigua and Barbuda workshop will take place on May 8 at the Runway 10 Conference Centre in St John's. The one-day meeting agenda includes sessions on best practices for building resilient Caribbean networks, IPv6 deployment and an overview of ARIN's technical services.

Written by Gerard Best, Development Journalist

Follow CircleID on Twitter

More under: Internet Governance, IPv6, Networks

Categories: News and Updates

Belize to Host Caribbean Peering and Interconnection Forum

Fri, 2018-05-04 16:12

Belize will host the fourth Caribbean Peering and Interconnection Forum, known as CarPIF, on June 13 and 14.

Since its inception in 2015, CarPIF has brought together regional and international technology experts and telecommunications industry execs to discuss a range of topics related to Internet peering and interconnection trends, and their relevance to the Caribbean region.

It is coordinated by the Caribbean Network Operators Group (CaribNOG), with support from the Internet Society, the Caribbean Telecommunications Union, the American Registry for Internet Numbers, Packet Clearing House, the Latin America and Caribbean Internet Address Registry (LACNIC), and the Internet Corporation for Assigned Names and Numbers (ICANN).

"CarPIF will explore new opportunities for strengthening Caribbean network resilience and Internet Exchange Point expansion," said Bevil Wooding, co-Founder of CaribNOG.

"We will also be considering the practical next-steps to creating policies and strategies that encourage more local content development and hosting."

Event organizers are describing this year's forum as building on the success and knowledge gained in previous CarPIF events held in Barbados in 2015, Curacao in 2016 and St Maarten in 2017. A strong focus will be on building the human networks that drive the growth and expansion of the Internet.

"This year, our focus will also be on creating the opportunity for participants to expand and strengthen their personal and professional networks. CarPIF 2018 will be a major opportunity for problem-solving, learning, business networking, and peering expansion," said Shernon Osepa, Regional Affairs Manager for Latin America and the Caribbean at the Internet Society.

Written by Gerard Best, Development Journalist

Follow CircleID on Twitter

More under: Networks

Categories: News and Updates

MMX Announces Acquisition of ICM Registry

Fri, 2018-05-04 16:09

Minds + Machines Group Limited (MMX), a leading operators of Internet Top-Level Domains, announced on Friday that it has entered into a conditional agreement to acquire the entire membership interests of ICM Registry LLC, a US company, for a cash payment of $10 million, funded from the Company's existing cash reserves, and a total of 225,000,000 new Ordinary Shares with an equivalent value of approximately $31 million. The Acquisition is conditional on receiving approval from ICANN.

Background on ICM: ICM is the owner and operator of four niche ICANN regulated TLDs dot-xxx, dot-adult, dot-porn and dot-sex. "ICM's most valuable TLD is dot-xxx, which was originally awarded to ICM in 2004 by ICANN but which did not go live until Spring 2011 following competitive challenges following the original award. The policies by which dot-xxx operates are set by an independent body, the International Foundation for Online Responsibility ("IFFOR"), which was established to promote user choice, parental control, and the development and adoption of responsible business practices designed to combat online child abuse images."

Toby Hall, CEO of MMX: "We expect the Acquisition to be earnings enhancing in the current year and believe it will deliver scale, strong recurring revenues and positive working capital to the Company in 2018 and future years."

Follow CircleID on Twitter

More under: Domain Names, Registry Services, New TLDs

Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer