Worm — The First Digital World War, a new book from Black Hawk Down author Mark Bowden, has a surprising cast of characters culled partially from the domain name industry.
The non-fiction hardback, released this month, covers the fight against the Conficker worm, which heavily leveraged DNS to spread when it arrived on the scene three years ago.
A glance inside at Amazon shows the dramatis personæ include then-CEO of ICANN Paul Twomey, Internet Systems Consortium chair Paul Vixie and Alice’s Registry founder Rick Wesson.
Conficker, you may recall, used algorithmically generated domain names to propagate. The coordinated effort aimed at stopping it worked in part by preemptively registering those domains.
Making a readable techno-thriller out of a bunch of geeks bickering sounds like a tough call. I’ve ordered a copy, and it will be interesting to see whether Bowden pulled it off.
In the meantime, I think some harmless speculation about the movie adaptation is called for.
For Twomey, I’m thinking Russell Crowe…
VeriSign’s request for a wide-ranging set of powers that would enable it to shut down .com and .net domain names that are suspected of abuse is already attracting criticism.
The proposals came in a Registry Services Evaluation Process request to ICANN that I reported on for The Register this morning.
It’s asking (pdf) to be able to create a new anti-abuse policy that would refocus many of the controls currently in the hands of registrars to the registry level instead.
The policy would “allow the denial, cancellation or transfer” of any VeriSign-managed domain if any any of these conditions were triggered:
(a) to protect the integrity, security and stability of the DNS;
(b) to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process;
(c) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and employees;
(d) per the terms of the registration agreement,
(e) to respond to or protect against any form of malware (defined to include, without limitation, malicious code or software that might affect the operation of the Internet),
(f) to comply with specifications adopted by any industry group generally recognized as authoritative with respect to the Internet (e.g., RFCs),
(g) to correct mistakes made by Verisign or any Registrar in connection with a domain name registration, or
(h) for the non-payment of fees to Verisign. Verisign also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute;
As you can see, that’s a pretty broad range of justifications.
Notably, it would enable a domain to be canceled or transferred at the “requests of law enforcement or other governmental or quasi-governmental agency”, which would seem to circumvent the current practice of a court order being obtained before a domain is seized.
The question of what constitutes a “quasi-governmental agency” is also interesting. Is ICANN itself such a thing?
The policy would also enable a take-down “to avoid any liability, civil or criminal”, which seems to be just begging for VeriSign to be named spuriously in commercial lawsuits between .com registrants.
The RSEP also suggests that VeriSign plans to extend its hand of friendship to law enforcement agencies from outside the US:
Pilots with European Law Enforcement, Government CERTS and Registrars are planned, and other global test pilots will follow, to ensure global collaboration in the continuing development of the procedures.
Today, US agencies can get court orders instructing VeriSign to hand over domains. While imposing US law on .com owners from other countries is controversial, at least overseas registrants know where they stand.
Now VeriSign is talking about cooperating with European law enforcement agencies too.
At the risk of getting dangerously close to invoking Godwin’s Law, this brings us back to an old jurisdictional problem – what if the French police demand the seizure of a .com site selling Nazi memorabilia, which is illegal in France but legal in the US, for example?
Taking it a step further, what if VeriSign starts entertaining takedown requests from some of the world’s least pleasant theocracies, banana republics and dictatorships?
Half of .com could disappear overnight.
Since VeriSign has a business to run, that’s obviously not going to happen. So the company is going to have to draw a line somewhere, separating criminality from legitimate behavior and free speech.
I’m speculating wildly here, of course, but the RSEP doesn’t contain nearly enough detailed information about VeriSign’s proposed procedures to make a more informed analysis.
VeriSign knows what it is proposing is controversial. The RSEP says:
Registrants may be concerned about an improper takedown of a legitimate website. Verisign will be offering a protest procedure to support restoring a domain name to the zone.
The proposals have been made following many months of discussions between registries, registrars, law enforcement agencies and other community stakeholders.
It’s not entirely clear from VeriSign’s RSEP, which sometimes confusingly conflates the abuse policy with a separate proposed malware scanning service, how a takedown notice would be processed.
One likely reading is that VeriSign would act almost like a centralized clearinghouse for takedown requests, forwarding them to individual registrars for enforcement.
The registrars could be obliged by the terms of an amended Registry-Registrar Agreement to follow whatever process had been laid down.
There seems to be some concern in the ICANN community about this.
ICANN senior VP of stakeholder relations Kurt Pritz recently sent a document to PIR’s David Maher and Oversee.net’s Mason Cole outlining the procedure for amending the RRA.
The flowchart (pdf) describes a trilateral negotiation between the registry proposing the change, the Registrars Stakeholder Group and ICANN, with the ICANN board having the ultimate decision-making authority.
However this proceeds through ICANN, it’s going to cause some heated community debate.
Advertisers are “beginning to question the effectiveness” of social media marketing, but they’re still mostly sold on the benefits of search engine optimization.
That’s according to a new study from the Association of National Advertisers, the results of which have just been published.
The ANA’s survey of 92 marketers gave SEO an “effectiveness rating” of 52%, the highest rating given to any of the six categories respondents were asked to comment on.
However, that represented a decline of three percentage points from a similar survey in 2009.
Social networking sites (presumably including Facebook, although names were not named) received an effectiveness rating of 28%, up from 17% two years ago, ANA reported.
SEO and social sites were used in marketing by 88% and 89% of respondents respectively.
ANA president Bob Liodice said in a press release:
While marketers have substantially increased their use of newer media platforms over the past few years, they are beginning to question the effectiveness of some of these vehicles. The ANA survey indicates a strong willingness by marketers to integrate innovative new approaches into their marketing mix; however, this enthusiasm is tempered by concerns regarding the return-on-investment of these emerging options.
While it’s all speculation at this point, SEO improvements are often pointed to as a potential (and I stress: potential) benefit of new dot-brand or category-killer top-level domains.
The ANA is the current opponent-in-chief of ICANN’s new gTLD program.
The local government of the French island of Corsica is looking for contractors to apply for and manage a .corsica top-level domain.
The Executive Council of the Collectivité Territoriale de Corse issued an RFP in late September. The deadline for responses is October 17, a week from now.
The desired string appears to be the Anglicized .corsica, rather than the French .corse.
Corsica, situated in the Mediterranean, is one of France’s 22 official regions. According to Wikipedia, it has slightly more political power than its mainland counterparts.
Under ICANN’s new gTLD application rules, geographical strings need the approval of the relevant local government before they can be accepted.
I expect any .corsica application would need a letter of support or non-objection from the French national government as well as the Corsican executive, before it is approved.
(via Jean Guillon)
ICANN is in the process of looking for an operator for the Trademark Clearinghouse that will play a crucial brand protection role in new top-level domains.
An RFI published last week says that ICANN is looking for an exclusive contractor, but that it may consider splitting the deal between two companies — one to provide trademark validation services and the other to manage the database.
The TMCH is basically a big database of validated trademarks that registrars/registries will have to integrate with. It will be an integral part of any new gTLD launch.
Registries are obliged by ICANN rules to hold a sunrise period and a Trademark Claims service when they go live, both of which leverage the clearinghouse’s services.
Rather than having to submit proof of trademark rights to each gTLD operator, brand owners will only have to be validated by the TMCH in order to be pre-validated by all gTLDs.
I estimate that the contract is worth a few million dollars a year, minimum.
If the ongoing .xxx sunrise period is any guide, we might be looking at a database of some 30,000 to 40,000 trademark registrations in the first year of the TMCH.
One potential TMCH provider currently charges $100 for the initial first-year validation and a recurring $70 for re-validation in subsequent years.
ICANN has not ruled out the successful TMCH provider selling add-on services too.
But the organization also seems to be at pains to ensure that the clearinghouse is not seen as another gouge on the trademark industry.
The RFI contains questions such as: “How can it be assured that you will not maximize your registrations at the expense of security, quality, and technical and operational excellence?”
Belgium-based CHIP arguably has the most institutional experience. It’s handled sunrise periods for Somalia’s .so, the .asia IDN sunrise, a few pseudo-gTLD initiatives from the likes of CentralNIC (de.com, us.org, etc), and is signed up to do the same for .sx.
Its chief architect, Bart Lieben of the law firm Crowell & Moring, is also well-known in the industry for his work on several sunrise period policies.
IProta is a newer company, founded in London this year by Jonathan Robinson, an industry veteran best known for co-founding corporate domain registrar Group NBT.
The company is currently managing the .xxx sunrise period, which is believed to be the highest-volume launch since .eu in late 2005.
“IPRota is very well positioned on the basis of our recent and past experience so I think we almost certainly will go ahead and respond,” Robinson confirmed to DI.
Domain name registries and registrars could conceivably also apply, based on their experience handling high-volume transactional databases and their familiarity with the EPP protocol.
ICANN sees the potential for conflicts of interest — its RFI anticipates that any already-contracted party applying to run the TMCH will have to impose a Chinese wall to reduce that risk.
The RFI is open for responses until November 25. ICANN intends to name its selected provider February 14, a month after it starts accepting new gTLD applications.
This is another reason, in my view, why submitting an application in January may not be the smartest move in the world.