Last minute geek

last minute tech news from around the net

You are here: English CircleID

CircleID

FCC Gives Approval to LTE-U Devices

Ericsson, Nokia get go-ahead for LTE-U base stations despite early fears they might interfere with Wi-Fi – Jon Gold reporting in Network World: "The Federal Communications Commission today approved two cellular base stations — one each from Ericsson and Nokia — to use LTE-U, marking the first official government thumbs-up for the controversial technology. ... T-Mobile has already announced that it will be deploying LTE-U technology… Other major tech sector players, including Google, Comcast, and Microsoft, have expressed serious concerns that LTE-U doesn't play as nicely with Wi-Fi as advertised."

Follow CircleID on Twitter

More under: Mobile, Policy & Regulation, Wireless


Read all

Security Researchers Announce First SHA-1 Collision, Confirming Fears About Its Vulnerabilities

In a joint announcement today, Dutch research institute CWI and Google revealed that they have broken the SHA-1 internet security standard "in practice". Industry cryptographic hash functions such as SHA1 are used for digital signatures and file integrity verification, and protects a wide spectrum of digital assets, including credit card transactions, electronic documents, open-source software repositories and software updates.

"Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision," said the Google Team in a blog post today. "This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. ... For the tech community, our findings emphasize the necessity of sunsetting SHA-1 usage. Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates. ... We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure."

What types of systems are affected? "Any application that relies on SHA-1 for digital signatures, file integrity, or file identification is potentially vulnerable. These include digital certificate signatures, email PGP/GPG signatures, software vendor signatures, software updates, ISO checksums, backup systems, deduplication systems, and GIT." https://shattered.io/

"This is not a surprise. We've all expected this for over a decade, watching computing power increase. This is why NIST standardized SHA-3 in 2012." Bruce Schneier / Feb 23

Follow CircleID on Twitter

More under: Cyberattack, Security


Read all

When Two Trademarks Aren't Confusingly Similar to One Trademark

As I've written before, domain name disputes involving multiple trademarks sometimes raise interesting issues, including whether a panel can order a domain name transferred to one entity without consent of the other. While panels typically have found ways to resolve this issue, one particularly troubling fact pattern arises when a panel denies a complaint simply because a disputed domain name contains trademarks owned by two different entities.

The situation presents itself when a panel considers whether a domain name containing two trademarks is "identical or confusingly similar" to a single trademark — that is, the trademark owned by the complainant — as required by the first factor of the Uniform Domain Name Dispute Resolution Policy (UDRP).

In one odd case, a UDRP panel confronted the issue when a complaint was filed by the owner of the trademark NSK, but the disputed domain name also contained the trademark SKF — "which is a third-party brand of bearing products which competes with Complainant." Therefore, the panel was faced with the question of whether the domain name <skfnsk.com> was confusingly similar to the complainant's SKF trademark.

Many UDRP panels apply this first UDRP factor liberally. Indeed, the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Second Edition, says, "The first element of the UDRP serves essentially as a standing requirement."

And, many UDRP panels have adopted the position that "the fact that a domain name wholly incorporates a complainant's registered mark is sufficient to establish identity or confusing similarity for purposes of the Policy."

Still, the panel in the <skfnsk.com> case saw things differently, writing:

The Panel finds that Complainant has not met its burden regarding confusing similarity. Complainant has adequately alleged its interests in and to the NSK mark; however, Complainant has no rights or interests in the SKF mark. Complainant alleges no nexus between it and the owner of the SKF mark. As such, Complainant essentially has standing to bring this claim regarding the NSK mark but not the SKF mark.

As a result, the panel denied the complaint, allowing the respondent to retain registration of the disputed domain name even though it contained the complainant's trademark.

Amazingly, two days after the decision in the <skfnsk.com> case had been published, the Forum published another UDRP decision in a similar case also filed by the owner of the trademark NSK and also containing the SKF trademark. And the panel in that case reached a different conclusion! In that case, the panel found <nsk-fag-skf-ntn.com> confusingly similar to the NSK trademark, writing that "the Panel agrees that the additions Respondent has made to the NSK mark are insufficient to overcome Policy ¶ 4(a)(i)."

The panel's denial in the <skfnsk.com> case also contradicts an earlier decision with similar facts, involving the domain name <skf-nsk-bearings.com>. There, the panel simply wrote: "Complainant argues that the <skf-nsk-bearings.com> domain name is confusingly similar to the NSK mark for the following reasons: 'skf' refers to a third-party brand of bearing products which competes with Complainant, and 'bearings' is a term descriptive of Complainant's business. The Panel agrees."

The panel's denial in the <skfnsk.com> case is difficult to reconcile with the other decisions, and it seems to be quite unusual. Still, it is not the only time a panel has taken this perspective. In a case involving the domain name <nikegoogle.com>, a panel denied the complaint because it was filed only by Nike, not by Google, and "Complainant has failed to establish rights in or to the GOOGLE mark per" the first requirement of the UDRP.

Interestingly, the <nikegoogle.com> case was refiled soon after the denial, with both Nike and Google as complainants. The second panel ordered the domain name transferred — to Nike, as the parties requested. (Oddly, the second decision does not address the first decision, which raises the interesting question of whether the second complaint was a proper case for refiling, which UDRP service providers and panels typically accept only in limited circumstances.)

While the <skfnsk.com> and (first) <nikegoogle.com> cases are outliers, the decisions reinforce the importance of joining all relevant trademark owners in a UDRP complaint, or at least ensuring that the record demonstrates their relationship and consent. As in all domain name disputes, nothing should be taken for granted.

Written by Doug Isenberg, Attorney & Founder of The GigaLaw Firm

Follow CircleID on Twitter

More under: Domain Names, Intellectual Property, Law


Read all

FCC Rolls Back Net Neutrality Transparency Rules for Smaller ISPs

The Republican-controlled FCC on Thursday suspended the net neutrality transparency requirements for broadband providers with fewer than 250,000 subscribers. Grant Gross from IDG News Service reports: "The transparency rule [official FCC release], waived for five years in a 2-1 party-line vote Thursday, requires broadband providers to explain to customers their pricing models and fees as well as their network management practices and the impact on broadband service. The commission had previously exempted ISPs with fewer than 100,000 subscribers, but Thursday's decision expands the number of ISPs not required to inform customers. Only about 20 U.S. ISPs have more than 250,000 subscribers. The five-year waiver may be moot, however."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation


Read all

At the NCPH Intersessional, Compliance Concerns Take Centre Stage

The non-contracted parties of the ICANN community met in Reykjavík last week for their annual intersessional meeting, where at the top of the agenda were calls for more transparency, operational consistency, and procedural fairness in how ICANN ensures contractual compliance.

ICANN, as a quasi-private cooperative, derives its legitimacy from its ability to enforce its contracts with domain name registries and registrars. If it fails to implement the policies set by the community and to enforce its agreements with the contracted parties, the very legitimacy and credibility of the multistakeholder governance model would be threatened, and the ability of ICANN to ensure the stability and security of the Domain Name System could be questioned.

The Commercial and Non-Commercial Stakeholder Groups are not unified in their views on how ICANN should manage contractual compliance, but both largely agree that ICANN should be more open with the community regarding its internal operating procedures and the decisions that are made.

Some members of the Commercial Stakeholder Group desire an Internet policeperson, envisioning ICANN's compliance department as taking an active role in content control, disabling access to an entire website on the mere accusation of copyright infringement. ICANN has previously said it is not a global regulator of Internet content, but there is a sentiment in some circles that through shadow regulation, well-resourced and politically-connected companies should be able to determine which domain names can resolve and which cannot.

The Non-Commercial Stakeholder Group believes that the Domain Name System works because Internet users trust it to redirect them to their intended destination. Likewise, if a registrant registers a domain name in good faith, they should expect to be able to use this Internet resource to disseminate the legal speech and expression of their choice. Domain names enable access to knowledge and opinions that sometimes challenge the status quo, but ultimately enable the fundamental human right to dissent and to communicate speech.

If a website is hosting illegal content, it is the courts that have the authority to make such a determination and to impose appropriate remedies — not private enterprises that have struck deals with registries, and certainly not ICANN.

The problem is, there is mission creep, and ICANN is indirectly regulating content by repossessing domain names from registrants sometimes without any investigation of fact.

During the intersessional, the Non-Commercial Stakeholders Group probed the compliance department to outline how complaints can be filed, how they are reviewed, and to describe how the interests of registrants are represented during the investigation of complaints.

The answers were very revealing: anyone can file a complaint with ICANN, even anonymously; there are no public procedures on the complaint process; and registrants can neither know that a complaint has been filed against them, nor can they feed into the decision-making process, nor challenge the decision. This is problematic, not least because ICANN staff admitted last November in Hyderabad that there has been abuse of the compliance department's complaints form, with some entities having made bad faith attempts to have domain names taken down.

This is not a theoretical issue. In 2015, ICANN's compliance department caused financial harm to a domain name registrant because of a minor, perceived inaccuracy in their domain name's WHOIS records. In this instance, the registrant had a mailing address in Virginia and a phone number with a Tennessee area code. While both details were valid, and the registrant was contactable, a "violent criminal” filed a complaint with ICANN alleging that the details were inaccurate. The complaint was accepted by ICANN and passed along to the domain name registrar. The registrar, fearing a non-compliance notice from ICANN, suspended the domain name without performing any investigation into the claim, resulting in the registrant losing access to their business email account and website.

Representatives from the Non-Commercial Stakeholders Group argued during the intersessional that ICANN should not accept anonymous complaints. Anecdotally at least, there appears to be a pattern of domain names being taken down based on inaccuracies in WHOIS records, many of which the casual observer may perceive as being either very minor, or not a legitimate complaint. It is not simple to track patterns of abuse when you do not know who is submitting the complaints. Transparency does not necessarily mean transparency to the world. But it should be possible for the parties against whom a complaint has been made to request information on who has filed a complaint against them. They should also be able to feed into the complaint process, provide evidence, and have a mechanism of appealing the decision that a contracted party or ICANN's compliance department has made. ICANN has been recruiting for a Consumer Safeguard Director for more than two years now; perhaps once this post is finally filled, registrants — the very parties paying for domain names year-after-year — will have more of a voice in ICANN's complaint processes.

Because as things stand at present, if a domain name can be repossessed from a registrant for any reason at all, without any due process being followed, and in direct violation of Article 1 of the organisation's bylaws, it might well be ICANN that is posing a threat to the security and stability of the Domain Name System.

Ayden Férdeline is a London-based Internet policy consultant. He was appointed to the Policy Committee of the Non-Commercial Stakeholders Group in January 2017.

Written by Ayden Férdeline, Internet Policy Consultant

Follow CircleID on Twitter

More under: DNS, DNS Security, Domain Names, ICANN, Internet Governance, Policy & Regulation, Whois


Read all

NTIA Extends Comment Period for Its Paper "Fostering the Advancement of the Internet of Things"

Robert Cannon writes: Over the past year, the National Telecommunications and Information Administration in the Department of Commerce has convened a series of meetings and sought feedback on the policy implications of the Internet of Things. In January, prior to the administration transition, NTIA released a draft working paper Fostering the Advancement of the Internet of Things (also reported here on CircleID). It is unclear how agency work released in January might survive the transition. However, indicating that NTIA's IoT paper is still viable, NTIA under the new administration released a notice extending the comment period on the draft. Comments will now be accepted until March 13, 2017.

Follow CircleID on Twitter

More under: Internet of Things, Policy & Regulation


Read all

Ask Not What ICANN Can Do for You, But What You Can Do for ICANN

In recent weeks, you may have seen several articles asking that "ICANN", the Internet Corporation for Assigned Names and Numbers, move more expeditiously to open up the next application window for new gTLDs. As one commenter wrote "Ask a Board member or ICANN staff when they expect the next application window to open, and they will inevitably suggest 2020 — another three years away. Any reasonable person would agree that eight years for a second application window is anything but expeditious, and some might say potentially anti-competitive." Rather than pointing the finger, maybe it's time to turn the question on its head and ask, "what can we do to help move things forward?"

As one of the co-chairs of ICANN Policy Development Process working on Subsequent Procedures for the introduction of New gTLDs, I certainly understand the requests to move more quickly. That said, we need to stop asking others, like the ICANN Board, to move in a top-down fashion to start a new process when we are not actively participating in the process to enable that new application window to occur in the ICANN multi-stakeholder bottom-up process. We, the community, actually control our own destiny in this regard.

Yes, it has been a number of years since the last round closed. But we, as a community, have all known the milestones that needed to be achieved before the ICANN Board could approve the next application window. Namely, they include completion of the Competition, Consumer Choice and Trust Review (CCT-RT), the ICANN staff implementation review, and the Policy Development Process on Subsequent Procedures.

To date, I would argue that ICANN staff are the only ones that have completed their deliverable, the implementation review. The CCT-RT is several months behind schedule, and the PDP on Subsequent Procedures is making good progress. However, like many PDPs, there is certainly a lack of active participation from those that would like to see the process move more quickly. So rather than complaining to the ICANN Board about the speed of the process, please join the PDP on Subsequent Procedures and actively participate. Submit proposals rather than just complaining about things you didn't like. Respond to questions and surveys when they are released. NOTE: Shortly a Community Comment period will open up with a number of questions on improvements that can be made. This is exactly the kind of opportunity that, with plenty of community engagement, could help move things forward, so please respond in a timely manner.

In short, please help us help you. If you want things to move more quickly, get involved.

Written by Jeff Neuman, Senior Vice President, Valideus USA

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains


Read all