ICANN’s VP of security has joined the board of directors of the Anti-Phishing Working Group.
Dave Piscitello is one of three new APWG board members, arriving as the group expands its board from two people to five.
APWG said the expansion “is recognition of the growing complexity and scale of Internet crime today and the challenges in responding to this global threat.”
In a press release, it noted that targeted phishing attacks are said to be the root cause of the data thefts that may or may not have influenced the US presidential election last year.
The other two new directors are Brad Wardman of PayPal and Pat Cain of The Cooper Cain Group, a security consulting firm (a different bloke to the similarly named Pat Kane of Verisign).
APWG is an independent, public-private coalition that collects and publishes data about phishing attack trends and advice for how to defend against them.
Part of this work entails tracking how many domain names are involved in phishing, and in which TLDs.
The APWG board also includes chair David Jevans of Proofpoint and secretary-general Peter Cassidy.
Remember the Coalition Against Domain Name Abuse? The lobby group that campaigned for stronger cybersquatting laws and against new gTLDs?
CADNA on Thursday used the imminent inauguration of new US president Donald Trump to announce that it’s back in the game, hoping a Republican-dominated government will be friendlier to its agenda.
It told its supporters on “the 2016 general elections outcomes for both the U.S. Congress and the White House present a unique and timely opportunity to push through legislation”.
It wants new federal laws modeled on 2010 Utah state legislation, the E-Commerce Integrity Act, which creates liability for non-registrant third-parties including domain name registrars.
The Utah law is closely modeled on the federal Anticybersquatting Consumer Protection Act of 1999, but has some crucial differences.
CADNA noted at the time the law was up for a vote that it:
expands the liability for cybersquatting activity to include the registrant’s authorized licensee, agent, affiliate, representative, domain name registrar, domain name registry, or other domain name registration authority that knowingly and actively assists a violation
That’s something ACPA does not allow for, and CADNA wants the federal law amended to include provisions such as this. It said:
The Coalition Against Domain Name Abuse (CADNA) is now mobilizing the global business community to promote and pass legislation that will greatly enhance the available protection mechanisms for online trademark protection and limit the appeal of cybersquatting.
The last time US cybersquatting laws came close to being amended was with the Anti-Phishing Consumer Protection Act of 2008, aka the Snowe Bill, which ultimately did not pass.
The Internet Commerce Association, which lobbies on behalf of domain investors, expressed concern with CADNA’s new efforts to revive its noughties lobbying tactics, telling members:
for now this is more of a CADNA recruiting effort than an active legislative natter. As you can see, CADNA announced a similar Federal effort in 2010, which went nowhere. Nonetheless, we should proceed on the assumption that CADNA will secure a sponsor and have such legislation introduced in the new Congress and that such legislation may well gain traction in the current political environment.
The ICA also expressed concern about the amount of statutory damages the Utah law permits compared to the ACPA.
While both Utah and ACPA allow damages of $1,000 to $100,000 per domain, the Utah law assumes the highest amount if a “pattern or practice” of cybersquatting can be demonstrated.
CADNA has been pretty quiet for the last few years.
Before the US elections last November, its most recent press release dated from October 2013.
The group is managed by the same people who run Fairwinds Partners, a new gTLD consultancy specializing in managing dot-brand gTLDs for some of the world’s biggest names.
Its gTLD clients include L’Oreal, Marriott and Walmart.
Fairwinds used its links to CADNA and its staunch opposition to the new gTLD program to pitch for these clients back in 2012.
The incoming head of the US Department of Commerce has indicated that it is unlikely he’ll try to reestablish the US government’s unique oversight of ICANN, at least in the short term.
But at his confirmation hearing in Congress yesterday, Trump nominee for secretary of commerce Wilbur Ross said he’d be open to ideas about how the US could increase its power over ICANN.
He was responding to a question from Ted Cruz, the Texas senator who made halting the IANA transition one of his key concerns last year.
Cruz, framing the question in such a way as to suggest ICANN is now in the hands of an intergovernmental consortium (which it is not) asked Ross whether he was committed to preventing censorious regimes using ICANN to hinder Americans’ freedom of speech.
As such a big market and really as the inventors of the Internet, I’m a little surprised that we seem to be essentially voiceless in the governance of that activity. That strikes me as an intellectually incorrect solution. But I’m not aware of what it is that we actually can do right now to deal with that. If it exists, if some realistic alternative comes up, I’d be very interested.
His response also mischaracterizes the power balance post-transition.
The US is not “essentially voiceless”. Rather, it has the same voice as every other government as a member of the Governmental Advisory Committee.
Its role is arguably still a lot more powerful than other nations, given that ICANN is now bylaws-bound to remain headquartered in California and under US jurisdiction.
As head of Commerce, Ross will have authority over the National Telecommunications and Information Administration, the agency most directly responsible for dealing with ICANN and domain name issues in general.
NTIA itself will to the best of my knowledge still be headed by assistant secretary Larry Strickling, who handled the IANA transition from the US government side. (UPDATE: this may not be correct)
Ross, 79, is a billionaire investor who made most of his estimated $2.5 billion fortune restructuring bankrupt companies in the coal and steel industries.
ICANN has terminated its last formal oversight link with the US government.
Late last week, ICANN chair Steve Crocker and Larry Strickling, assistant secretary at the US National Telecommunications and Information Administration mutually agreed to retire the seven-year-old Affirmation of Commitments.
The AoC, negotiated during the tail end of Paul Twomey’s leadership of ICANN and signed by successor Rod Beckstrom, laid out ICANN’s responsibilities to the US government and, to a lesser extent, vice versa.
It included, for example, ICANN’s commitments to openness and transparency, its promise to remain headquartered in California, and its agreement to ongoing reviews of the impact of its actions.
Ongoing projects such as the Competition and Consumer Trust Review originate in the AoC.
The rationale for concluding the deal now is that most of significant provisions of the AoC have been grandfathered into ICANN’s revised bylaws and other foundational documents following the IANA transition, which concluded in October.
Reviews such as the CCT and the lock on its California HQ are now in the bylaws and elsewhere, ICANN said in a blog post.
It’s worth mentioning that the US gets a new administration led by Donald Trump in a little over a week, so it probably made sense to get the AoC out of the way now, lest the new president do something insane with it.
The letters from Crocker and Strickling terminating the deal can be read together here (pdf).
ICANN has named veteran staffer Jamie Hedlund as its new senior VP for contractual compliance and consumer safeguards.
It’s a new executive team role, created by the departure of chief contract compliance officer Allen Grogan. Grogan announced his intention to leave ICANN last May, and has been working there part-time since August.
The “consumer safeguards” part of the job description is new.
ICANN first said it planned to hire such a person in late 2014, but the position was never filled, despite frequent poking by anti-spam activists.
Now it appears that the two roles — compliance and consumer safeguards — have been combined.
This makes sense, give that ICANN has no power to safeguard consumers other than the enforcement of its contracts with registries and registrars.
From the outside, it does not immediately strike me as an obvious move for Hedlund.
While his job title has changed regularly during his six or so years at ICANN, he’s mainly known as the organization’s only in-house Washington DC government lobbyist.
He played a key role in the recent IANA transition, which saw the US government sever its formal oversight ties with ICANN.
His bio shows no obvious experience in consumer protection roles.
His replacement in the government relations role is arguably just as surprising — Duncan Burns, a veteran PR man who will keep his current job title of senior VP of global communications.
The appointments seem to indicate that lobbying the US government is not as critical to ICANN in the post-transition world, and that institutional experience in the rarefied world of ICANN is a key qualifier for senior positions.