A generic Top Level Domain, or gTLD, is the name that appears to the right of “dot,” such as .com. The Internet Corporation for Assigned Names and Numbers (ICANN) has begun taking applications for new gTLD’s. With the deadline to apply for a gTLD fast approaching on April 12, 2012, many companies are wondering whether they should apply. In light of the many factors that a company must consider before applying, Cyveillance is unable to make a global recommendation to all of our clients. However, the basics about the new gTLDs, the benefits, and the drawbacks are discussed below:

How many gTLD requests is ICANN expecting in this first round of applications?
ICANN is expecting between 200 and 1,000 applications. Some experts are predicting that, based upon the number of applications it receives, ICANN may not hold another application round for several years after this initial offering.

What if someone else applies for the same gTLD that I apply for?
ICANN is encouraging resolution between the parties. If the parties cannot come to an agreement, the last resort will be an auction. See Section 1.1.2.10 gTLD Applicant Guidebook.

Read the rest of this entry »

Background
The Digital Millennium Copyright Act (the “DMCA”) is part of copyright law. The DCMA protects digital works from copyright infringement by making it illegal to circumvent the technical locks and controls that copyright owners use to protect digital works.

Examples of technical locks and controls are mechanisms on DVDs and video games that prevent people from copying the content. Additionally, sections of web sites that are protected by passwords are also considered controls under the DMCA. The DMCA prohibits people from working around any of these protections in order to copy the content without authorization from the copyright owner.

Just as the Copyright Act has “fair use” exceptions, the DMCA has exceptions too. Fair use exceptions provide for instances in which a copyrighted work can be copied or reproduced without violating a copyright holder’s rights. For example, a news reporter quoting a speech in a news report would probably be deemed a fair use of that copyrighted speech.

Currently, the seven exceptions where the DMCA does not apply are:

• Libraries, archives, and educational institutions for acquisition purposes;
• Law enforcement and intelligence gathering activities;
• Reverse engineering in order to develop inter-operable programs;
• Encryption Research;
• Protecting minors from material on the Internet;
• Protecting the privacy of personally identifying information; and
• Security testing.

In order to ensure that the DMCA does not prohibit any fair uses of copyrighted works, the Library of Congress updates the DMCA exceptions every three years. The number of exceptions approved at each update may vary as there is no required number of exceptions. For example, the Copyright Office approved six exceptions in 2006 and 2010. The Library of Congress is accepting suggestions on new exemptions until February 10, 2012. Submissions received on or before December 1, 2011 are posted on the Library of Congress website.

Comments
Advocacy organizations from around the country have begun to submit their proposals for new safe harbor provisions. As the use of safe harbor provisions become more prevalent, organizations and interest groups search for ways to protect their respective interests. These proposals generally reflect the organizations’ specific interests and few have the breadth necessary to be implemented. However, several of the proposed exceptions discussed below and are likely to be persuasive to the Library of Congress.

The first proposed class of works includes “literary works in the public domain that are made available in digital copies.” According to the Open Book Alliance’s supporting comment, Google requires many libraries throughout the world to impose these technological protection measures (“TPMs”) and/or others like them on digital files of public domain works. The restrictions placed by companies like Google limit access based on copyright protections under Section 1201 of the Copyright Act. The Open Book Alliance contends that copyright protection was not designed to protect works in the public domain, so in order to promote dissemination of public works and prevent misuse of Section 1201, this class of works should be protected under safe harbor provisions. Works in the public domain are supposed to be accessible by the public for use and can be used to promote creativity; thus, barriers to access can be viewed as a hindrance to the purpose of copyright protections.

The second proposal from the American Council for the Blind and the American Federation for the Blind seeks to add electronically distributed literary works that have currently have restrictions that limit accessibility by blind or other persons with print disabilities as protected class of works under the safe harbor provisions. These organizations assert that, “[w]ithout an exemption, people who are blind or otherwise have print disabilities are at risk for significant legal sanctions simply for finding a way to read material they have otherwise legally obtained.” They seek to rectify what they view as an oversight that has caused an avenue for discrimination. Lack of access and the opportunity for unintentional discrimination will make this proposal one to really consider.

Lastly, proposals were submitted by the Software Freedom Foundation and the Electronic Frontier Foundation. These proposals seek to allow computer programs that enable smartphones and other personal computing devices to use legally obtained software. These proposals contend that smartphones and other personal computing devices derive their value from the software they are able to run. Limits placed on use of software on certain devices not only limit the abilities and options of the consumer, but exclude small developers from the market. These limitations lead to numerous development issues and limitations in functionality of the devices. Smartphones and other personal computing devices are rapidly becoming a staple in American society. Addressing gaps in access and development are issues that should be considered carefully as this technology continues to permeate society.

There are quite a few proposals not addressed here. The topics range from motion pictures and other digital media to educational uses of copyrighted works. Cyveillance encourages you to educate yourself on all of the proposals and monitor how DMCA safe harbor provisions may change and affect your business.

At the 2012 International Conference on Cyber Security held at Fordham University in New York last month, ICANN’s Dr. Richard Lamb gave an important presentation before the all event’s attendees titled DNSSEC: A Game Changer. Cyveillance caught up with Dr. Lamb afterward and asked if he could share information about DNSSEC with our cyveillanceblog.com audience.

Cyveillance: Can you explain briefly what DNSSEC is using non-technical terms, and why it’s so important?

Richard Lamb: DNSSEC (DNS Security Extensions) secures the Internet’s global “phone book” (the DNS or Domain Name System). Every time you enter a web site (www.google.com) or email (foo@bar.com), your computer uses the DNS to convert the domain name (www.google.com or bar.com) into a number (IP address) which is what is actually used to connect to and communicate (just like a phone number) with web or email server on the Internet. The protocols behind DNS were designed back in 1983 and have little in the way of security built into them. Increased network and computer performance have made it easy to falsify DNS responses to return the wrong “phone number” and possibly send you to an impersonator. Dan Kaminsky, in 2008, demonstrated the ease to which this can be done and recent attacks on 4M computers have driven the point home. DNSSEC adds digital signatures to existing records that allow machines to validate DNS responses so that this sort of attack can’t happen.

Cyveillance: This sounds like a fundamental change in the way the Internet operates. Is that accurate?

Richard Lamb: Not really. DNS operates as it did before except now cryptographically generated digital signatures (just a few more bytes) are transferred alongside existing records to allow systems to detect any changes in the original record. However, for the Internet whose protocols have not changed for decades it’s a big change. So it was/is being deployed very carefully.

Cyveillance: Exactly who is going to be responsible for helping to get DNSSEC adopted as quickly as possible? Government? ISPs? Website owners? End users? Among those you mention, which do you prioritize when trying to get the word out?

Richard Lamb: End user demand is what will drive DNSSEC deployment and its eventual success. However, selling security to the end user has always been an uphill battle. Awareness building of domain name holders / website owners (content provider for the eyes) is therefore a key part of the adoption effort.

Organizations like ICANN continue to do a good job building awareness among ISPs and top level domain (e.g., .com, .se) operators and our own DHS has played a pivotal role in pressing for DNSSEC adoption in government through the funding of initiatives and the creation of a 2008 OMB mandate for all agencies under .gov. Other governments (e.g., Sweden, Brazil) also have initiatives encouraging the deployment of DNSSEC.

ISPs and Registrars (where you buy domain names from) have little incentive to support DNSSEC until it is widely deployed. This has led to a chicken and egg scenario with these entities often pointing to the lack of deployment as reasons for not supporting DNSSEC themselves. This has placed a priority on Website owners and end users to deploy DNSSEC on their web sites and demand greater security from providers. The hope is that market forces will then prevail resulting in wider support amongst Registrars and ISPs. COMCAST is an example of a large ISP that has fully deployed DNSSEC to help protects their customers. GoDaddy is an example of a large Registrar that supports DNSSEC for their domain name holders who want it.

Cyveillance: Do you think the average end user will ever notice the change?

Richard Lamb: Ideally, improved security should not be noticed by the end user. However, with the new source of trust that DNSSEC creates on the Internet, the end user should expect to see a range of applications that ease access control (e.g., login, WiFi roaming, etc…) and improve web site and email security.

Cyveillance: Is there any similarity in the push to move from IPV4 to IPV6? Which do you see happening first – complete IPV6 adoption or complete DNSSEC adoption?

Richard Lamb: That’s a great question. DNSSEC is often grouped with IPv6 and they are similar in the sense that they are both big protocol changes for the Internet. However, IPv6 is not backward compatible with IPv4. DNSSEC is. DNSSEC secures the DNS. IPv6 updates the routing layer.

Experts have said that IPv6 and IPv4 will coexist for many years to come.

The same will likely be true for DNSSEC as well. While many sites will have DNSSEC deployed on them, there will always be a portion of the web site owners who have little interest in security. Currently, I believe DNSSEC deployment has a slight lead over IPv6 deployment. The key is that for those organizations that do have an interest in maintaining the integrity of the information disseminated by their web site – DNSSEC is a big step.

Cyveillance: What advice would you give to those who are evangelizing within their organization for DNSSEC adoption?

Richard Lamb: Deploying DNSSEC on domain names owned by their organization and turning on DNSSEC on their internal resolvers would not only help protect staff from DNS redirection attacks but also demonstrate to the public that the organization takes security seriously. I would also point out that large ISPs like COMCAST have stepped up to support DNSSEC as well and point to the recent reports on the DNSChanger attacks. Finally, DNSSEC deployment on an organization’s domain names need not be expensive as demonstrated by various Registrar offerings like those from GoDaddy, VeriSign, and others.

Cyveillance: Any last thoughts?

Richard Lamb: I think two of the most interesting things about DNSSEC are 1) how it can be a platform for entrepreneurs from around the world to create a whole new range of innovative security applications and 2) how it is a classic example of the Internet’s borderless, bottom-up, cooperative approach to solving problems.

While new technology and increased Internet access brings with it lots of positive aspects, you can’t overlook the threat of cyber attacks – as evidenced by a very headline rich 2011. The repercussions alone can be devastating to an organization lacking the infrastructure to detect and counter such attacks. To put this into perspective, take Algeria for example. Internet access in Algeria has grown exponentially during the past decade, reaching over four million households, cybercafés, as well as many different public and private institutions. This phenomenon has undoubtedly benefited the indigenous population by exposing them to vast amounts of information and the ability to communicate worldwide, but it has also brought with it the dangers of cyber attacks. Let’s reacquaint ourselves with the reasons we need to be more vigilant in increasing awareness of cyber attacks by looking at what is going on in Algeria.

Despite laws enacted in 2001 to combat digital-related incidents, cyber crime is still pervasive in Algeria. This is due not only to a lack of detection tools, awareness and training courses, but also to the negligence of private and public institutions in protecting their intellectual properties online. In 2010, the Center for Judicial and Judiciary Research (a branch of the Algerian Department of Justice) began developing and implementing cyber security laws. Until then, the field went mostly unregulated. Since 2010, 12 cases have been reported and to-date there has been eighty-eight cases brought to Justice.

Read the rest of this entry »

Background
The proliferation of counterfeit and pirated goods poses considerable challenges for legitimate trade and the sustainable development of the world economy. Trade in these counterfeit and pirated goods causes significant financial losses for right holders and legitimate businesses. It also hinders sustainable economic development in both developed and developing countries and, in some cases, represents a health or safety risk to consumers.

As a result, in October 2007, the United States, the European Community, Switzerland and Japan simultaneously announced that they would negotiate a new intellectual property enforcement treaty, the Anti-Counterfeiting Trade Agreement, or ACTA. ACTA represents a significant achievement in the fight against the infringement of intellectual property rights, particularly against the proliferation of counterfeiting and piracy on a global scale, and provides a mechanism for the parties to work together in a more collaborative manner to achieve the common goal of effective Intellectual Property Rights (IPR) enforcement. When it enters into force with all participants, ACTA will formalize the legal foundation for a first-of-its-kind alliance of trading partners, representing more than half of world trade.

Read the rest of this entry »

Congratulations! Your company has come up with a brand new widget that’s going to change the world, and it needs a name. Naturally, in your role as a savvy brand manager, before making any decisions about the new name you check to see whether the domain name for your company’s new product is taken. Read the rest of this entry »

The information below is an update to the following blog posting: How Will ICANN’s Newest Domain Name Program Affect Your Company’s Brand?

Trademark owners outside of the adult industry may sign up with ICM Registry to block trademarks from showing up on its new .XXX gTLD. Trademark owners have been making several common errors when applying for a .XXX gTLD.[1] If your company plans on submitting an application before the Sunrise B October 28, 2011 deadline, keeping these mistakes in mind can help you avoid paying multiple fees and having to reapply.[2]
Read the rest of this entry »

As with any network-connected device, mobile phones and the applications they run bring their own security problems. While newer phenomena like QR codes and mobile botnets will likely be a growing concern, spam sent by text messages remains an issue for carriers and mobile phone users. Read the rest of this entry »

Internet Corporation for Assigned Names and Numbers (ICANN) has instituted a new generic top-level domain (gTLD) program that will create a means for prospective registry operators to apply for new gTLDs, and create new options for consumers in the market. Every domain name around the world ends with a top-level domain (TLD); these are the two or more letters that come after the dot following a web address. Read the rest of this entry »

This week the Department of Justice announced that Google will forfeit $500M for “allowing online Canadian pharmacies to place advertisements through its AdWords program targeting consumers in the United States”. Read the rest of this entry »