Last minute geek

last minute tech news from around the net

You are here: English CircleID

CircleID

U.S. Senate Voted to Eliminate Broadband Privacy Rules

"The US Senate today voted to eliminate broadband privacy rules that would have required ISPs to get consumers' explicit consent before selling or sharing Web browsing data and other private information with advertisers and other companies," Jon Brodkin reporting in Ars Technica. "The rules were approved in October 2016 by the Federal Communications Commission's then-Democratic leadership, but are opposed by the FCC's new Republican majority and Republicans in Congress. ... Democrats and consumer advocates are furious. The acronym 'ISP' now stands for 'information sold for profit,' and 'invading subscriber privacy,' rather than 'Internet service providers.'"

Kate Tummarello, reporting in EFF: "ISPs have been lobbying for weeks to get lawmakers to repeal the FCC's rules that stand between them and using even creepier ways to track and profit off of your every move online. Republicans in the Senate just voted 50-48 (with two absent votes) to approve a Congressional Review Action resolution from Sen. Jeff Flake which — if it makes it through the House — would not only roll back the FCC's rules but also prevent the FCC from writing similar rules in the future. ... Speak up now to keep the House from doing the same thing."

"But critics of the rules say they are expensive to ISPs and subject them to tough privacy regulations not imposed on web-based companies like Google and Facebook. ... The FCC rules are confusing and costly and 'make the internet an uneven playing field,' said Senator Mitch McConnell, a Kentucky Republican and Senate majority leader." –Grant Gross, Senior Editor reporting from IDG News Service

Follow CircleID on Twitter

More under: Broadband, Policy & Regulation, Privacy


Read all

How Long Does a URS Case Take?

The Uniform Rapid Suspension System (URS) — which allows a trademark owner to suspend certain domain names, especially those in the "new" gTLDs — was designed as a quicker and less-expensive alternative to the Uniform Domain Name Dispute Resolution Policy (UDRP). As I've written frequently before, there are significant differences between the URS and the UDRP. One of those differences is how long a typical proceeding lasts.

Like the UDRP, the URS procedure and rules provide strict timelines for various stages of a case. But, unlike the UDRP, URS cases are usually resolved much more quickly — often in less than three weeks (although reviews and appeals may prolong the life of a URS proceeding).

Here's how a common URS case proceeds:

Step 1 (Filing of Complaint):

As with a UDRP complaint, a trademark owner has discretion in deciding when it wants to file a URS complaint. Nothing in the URS procedure or rules requires that a complaint be filed within a specified period of time, and — to my knowledge as of the date of this writing — no URS decision has addressed the issue of laches, that is, whether a URS complaint would be barred by an undue lapse of time between the trademark owner's discovery of the disputed domain name and the date on which it files a complaint.

Step 2 (Administrative Review):

The URS procedure requires that a dispute service provider conduct an "Administrative Review" within two business days of the date on which the complaint was submitted to the provider. (Currently, there are three URS service providers: the Forum, the Asian Domain Name Dispute Resolution Centre and MFSD.) The procedure makes clear that this review is simply "to determine that the Complaint contains all of the necessary information."

Step 3 (Notice and Locking of Domain):

The URS service provider must immediately notify the registry operator after the service provider has completed the administrative review, and the registry operator is required to lock the disputed domain name within 24 hours. Then, within another 24 hours, the service provider must notify the registrant of the disputed domain name of the complaint, providing both electronic and hard copy notices.

Step 4 (Response):

A registrant has 14 days after notification to submit a response to a URS complaint. The URS provider may grant "a limited extension of time to respond" if there is a good faith basis for doing so." If the registrant does not submit a response, the proceeding is considered to be a "Default," which is relevant for purposes of a later possible "de novo review" or appeal (see below) and does not automatically result in a determination in favor of the complainant.

Step 5 (Determination):

Although supplemental filings are not uncommon in UDRP cases, a URS examiner "may not request further statements or documents from either of the Parties," and — to my knowledge as of the date of this writing — no URS examiner has considered a supplemental filing from any party, because doing so would complicate and delay what is supposed to be a simple and rapid process.

The examiner appointed to decide a URS case (and all URS cases have only a single examiner) is expected to issue his or her determination "on an expedited basis, with the stated goal that it be rendered within three (3) Business Days from when Examination began." Under "extraordinary circumstances," an examiner may not issue a determination until five days after the response was filed. If the determination was an order to suspend the disputed domain name, the the registry operator is required to do so "[i]mmediately upon receipt of the Determination" from the URS service provider.

Complications:

The process outlined above may seem very straightforward and quick — and, in most cases, it is — but the URS provides multiple opportunities to extend the course of a URS proceeding. For example, among other things, a losing domain name registrant that did not submit a response during the 14-day period may "seek relief from Default via de novo review by filing a Response at any time up to six months after the date of the Notice of Default" — and is even "entitled to request an extension of an additional six months if the extension is requested before the expiration of the initial six-month period." Plus, either party can file an appeal within 14 days of a default or final determination.

In addition, a settlement could shorten or lengthen the course of a URS proceeding. For example, the Forum's supplemental rules allow the parties to "jointly request a stay for a one-time period of forty-five Calendar Days."

Written by Doug Isenberg, Attorney & Founder of The GigaLaw Firm

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names, Intellectual Property, Law, Top-Level Domains


Read all

ISPs May Be Required to Remove Content, Shutdown Websites Under New EU-Wide Rules

Under a draft legislation approved by the Internal Market and Consumer Protection Committee on Tuesday, national enforcement authorities would be required to have a set of powers to detect and halt online breaches of consumers' rights across the European Union.

— "The draft rules aim to close legal loopholes created by the fact that enforcement powers differ from one EU country to the next. Today, some enforcement authorities in the EU cannot prosecute traders for past infringements, such as misleading advertisements that were live for only a few hours or days. Nor are they able to track financial flows to identity those behind such breaches. Also, some authorities cannot take measures to take down websites containing scams pending the end of the investigation."

— "The draft rules would require EU member states' authorities to have a number of investigation and enforcement powers, e.g. to request information from domain registrars and banks to help them detect rogue traders, purchase, inspect and 'reverse engineer' goods or services as test purchases, including under a cover identity, and to order a hosting service provider to remove content, suspend or close down websites that host scams."

Follow CircleID on Twitter

More under: Cybercrime, Registry Services, Internet Governance, Law, Policy & Regulation


Read all

The Future of Networking (In One Slide)

I recently ran a workshop in Asia and to guide attendees through the content; I put together an overview slide which you might also find of interest and use.

It is a description of the quality attenuation framework, originally developed and defined by Predictable Network Solutions Ltd, and documented and extended by myself and colleagues at Just Right Networks Ltd. You can read more at qualityattenuation.science.

* * *

The telecoms industry is, I believe, overdue for a 'lean' revolution. This will change its working model from 'purpose-for-fitness' to 'fitness-for-purpose'. For networks, that means switching from 'build then reason about performance' to 'reason about performance and then build'.

The benefit of this business transformation is a radical lowering cost risk and cost, predictable experiences, and the ability to rapidly adapt to changing patterns of demand.

In order to deliver this benefit, there needs to be a management that executes on the new intent of 'going lean'. What to change, what to change to, and how to effect that change? Answering these means applying a system of scientific management that helps us focus on what is relevant, and ignore what is not.

These ideas of scientific management are well established in other industries (Six sigma, theory of constraints, Vanguard method, statistical process control), but appear to be novelty in telecommunications.

In order for these lean concepts to be applied, we need to overcome a series of technical constraints that we presently face. The technology innovations that will achieve this include high-fidelity measurements, new packet scheduling mechanisms, and new architectures to embed these into.

Turning those technologies into a working system for a particular product, customer or deployment is an act of engineering. True engineers have an ethos of taking responsibility of fitness-for-purpose, and any shortfall in fulfilling the promises made. This means turning a high-level customer intent into a technical requirement.

To understand whether there is a risk of under-delivery against the requirement you need to be able to model and quantify the 'performance hazards' via 'breach metrics'. This means reasoning about the performance of supply chains before they are assembled, and decomposing a 'performance budget' into a requirement for each element or supplier.

Turning that specific engineering requirement into an operational system, in turn, draws upon a general science of performance. This considers what resource supply will meet the resource demand. The nature of the resource constraint is timeliness (as if you can be made to wait forever, the tiniest capacity will suffice).

The contract between supply and demand is formed as a 'timeliness agreement', which can be enforced by observing how 'untimeliness' (packet loss and delay) accrues along the supply chain.

This 'untimeliness' is a reframing of the nature of quality: from an attribute of a 'positive' thing (quantity), to the absence of a negative thing (quality attenuation). There are three basic laws of networking (that don't appear in the textbooks) that describe this 'quality attenuation' phenomenon: it exists; is conserved; and can (partly) be traded between flows.

The amount of quality attenuation that is tolerable for any application to deliver an acceptable rate of performance failure defines its 'predictable region of operation'. This is the requirement of demand that is then expressed in a 'timeliness agreement' that contracts the required supply.

Underpinning this is a need to quantify the idea of quality attenuation. This involves extending the mathematics of randomness from 'events' (like rolling a dice) to include 'non-events' (the dice never lands). This allows packet loss to be included a single resource model as delay.

This is akin to how imaginary numbers extend real numbers, and how complex analysis underpins the physics of electromagnetism. Without expressions like '3i + 4' you can't model radio waves; without this new mathematics of ∆Q, you can't adequately model packet network performance.

The ∆Q metrics can be 'added' and 'subtracted', and this algebra is the basis of a new calculus that lets you ask 'what if?' questions. It can be used to quantify a layered model of reality (a 'morphism') that relates the user experience to the network service quality with known error bounds.

Written by Martin Geddes, Founder, Martin Geddes Consulting Ltd

Follow CircleID on Twitter

More under: Telecom


Read all

2017 North American IPv6 Summit to Be Held at LinkedIn Headquarters

​​The collective North American IPv6 Task Forces announced the 2017 North American IPv6 Summit will be held at LinkedIn headquarters in Sunnyvale, CA. The two-day event (April 25-26), designed to educate network professionals on the current state of IPv6 adoption, will feature a variety of speakers from leading organizations, including LinkedIn, ARIN, Google Fiber, Microsoft, Cisco, Comcast, and others. The IPv6 North American Summit, first held in 2007, will cover such topics as exemplary IPv6 adoption, best practices in IPv6 deployment, methods for driving increased usage of IPv6, current IPv6 adoption trends, and future IPv6 growth projections. Awards will be presented to the top 10 North American service providers who achieved connecting over 20% of their subscribers with IPv6.

Follow CircleID on Twitter

More under: IPv6


Read all

Owner of .Feedback in Breach of Registry Agreement, Rules ICANN

The Internet Corporation for Assigned Names and Numbers (ICANN) has ruled that .feedback owner Top Level Spectrum (TLS) is in breach of its registry agreement. Barney Dixon reporting in IPPro The Internet: "In an unprecedented review by a standing panel of the public interest commitments dispute resolution policy, ICANN found that TLS engaged in conduct that 'violated its commitments to operate .feedback in a clear and transparent manner'… They argued that the registry had perpetrated 'deceptive practices in the .feedback top level domain in violation of its public interest commitments'. The brands accused TLS of self allocating numerous domain names corresponding to brands, many of which were withheld during the TLD's sunrise period."

Follow CircleID on Twitter

More under: Domain Names, Law, Policy & Regulation, Top-Level Domains


Read all

EFF's Emerging Alignment With Offshore Internet Pharmacies

User Rating: / 1
PoorBest 

The last few years have been challenging ones for members of the Canadian International Pharmacy Association.

First, in 2010, they lost their ability to advertise in the US search space after the US Department of Justice noted that many seemingly "Canadian" pharmacy websites "sell drugs obtained from countries other than Canada" when shipping medicines into the US, and major search advertising programs tightened their policies, effectively excluding CIPA's members from advertising in the US.

Then, one of the organization's founding Canadian pharmacists was convicted of selling counterfeit drugs to US residents that weren't really from a pharmacy in Canada.

Then, they began losing their ability to process credit card payments, after we and others helped reveal that the drugs sold by CIPA's so-called "international Canadian internet pharmacies" often aren't really from Canadian pharmacies.

Then, one of their flagship members, CanadaDrugs.com, got indicted for selling counterfeit cancer medicines to US clinics through the pharmacy's wholesale chain.

Then, a director of an internet pharmacy certifier widely used by CIPA members, PharmacyChecker, got indicted for hiding counterfeit drugs supplied by CanadaDrugs in his garage. (The charges were dismissed, reportedly after the guy cut a deal with DOJ.)

There's more, but you get the point: it's been a bad few years for internet pharmacies that, even if able to produce a Canadian pharmacy license, don't necessarily send US residents drugs from real Canadian pharmacies.

These developments have been a threat to the commercial interests of CIPA's members. In response, CIPA appears to have aligned with the Electronic Freedom Frontier (EFF) to attack the Healthy Domains Initiative (HDI), a collaboration designed to identify best practices for registrars related to child pornography, rogue online pharmacies, copyright violations and online abuse. A key rationale for the HDI is to stave off intrusive government regulation: if private companies can develop and implement reasonable anti-abuse policies, it removes the incentive for governments to come in and regulate the internet.

The EFF's point person on this issue, Jeremy Malcolm, calls these initiatives "shadow regulation." (Cue up the spooky music and Guy Fawkes masks.) Unfortunately, Mr. Malcolm supports his argument by misrepresenting numerous facts that seem to be taken straight from CIPA's playbook.

So what's really going on here — what's Mr. Malcolm's ax to grind?

Well, let's look at the facts, at Mr. Malcolm contentions, and then who stands to lose money from the HDI initiative.

First of all, Mr. Malcom discloses in his blog that he was visiting the Canadian International Pharmacy Association the day of his article, and he advocates for the CIPA and PharmacyChecker certification programs as credible. (Lest you think I consider these companies our competitors: I don't, because we don't certify online pharmacies that operate illegally, and they do.) After all, CIPA's members market themselves as "Canadian" but source many of their drugs from cheaper, offshore (non-Canadian) locations in order to improve their profit margins. PharmacyChecker, meanwhile, has over the years certified multiple online pharmacies selling prescription drugs without a valid prescription, not to mention some engaged in counterfeit drug sales. In any case, Mr. Malcolm out of one side of his mouth (inaccurately) attacks the HDI as promoting the commercial interests of "Big Pharma," but from the other side of his mouth in essence advocates for the commercial interests of "faux-Canadian" internet pharmacies.

Second, Mr. Malcolm apparently doesn't know how registrars actually deal with rogue online pharmacies. In nearly all cases I'm aware of where a domain name has been suspended (as in, somewhere between 99.99% and 100%), registrars voluntarily take action against rogue online pharmacy domain names because they used to sell prescription drugs, often controlled substances like Vicodin or steroids, without a prescription. Does Mr. Malcolm argue that registrars should modify their terms and conditions to permit this? Does he argue that registrars, when they find out that they are (inadvertently) providing services to customers whose activities can kill someone, are supposed to just let it continue and assume the liability — criminal, civil or moral — that could potentially result from that?

Third, Mr. Malcolm's statements are inaccurate. He characterizes LegitScript as a "big pharma trade group" and refers to our "rogue" online pharmacy list, which is widely used throughout the internet and payment industry to identify illegal online pharmacies, as a Big Pharma creation. That's flat-out false. (As an aside, I've tangled with Mr. Malcolm before on this issue, who — when presented with facts — falls back on, "That's just your opinion.") These false accusations are what the "Canadian" Internet pharmacy industry falls back on whenever anyone has the temerity to criticize them for bad activity. LegitScript isn't "funded" by anyone (and never has been), the vast majority of our revenue comes from dozens of companies like Google, Bing, Visa, and various payment providers for whom we perform monitoring services, and the only people who create our "rogue" list are LegitScript analysts. No external entity, whether pharmaceutical company or otherwise, has any influence or control over it.

Fourth, Mr. Malcom in essence appears to argue that if an online pharmacy is offshore, it can't be illegal because no laws apply to it. This argument fails to understand basic legal principles, and is easily refuted by hundreds of indictments and convictions in this sector. If that were true, how could CanadaDrugs be under indictment for selling fake cancer drugs from offshore locations (many of their drugs have historically been sourced through a warehouse in Barbados, by the way), and how could multiple other offshore pharmacy operators have been convicted at all?

Fifth, whether willingly or unwittingly, Mr. Malcolm should understand that he and his employer are being used by an industry with commercial motives. He's a pawn in a larger game. The offshore internet pharmacy industry is trying to claw its way back into internet companies' good graces in order to boost sales. But while their marketing campaigns have featured smiling senior citizens and shiny maple leafs, these internet pharmacies have laughed all the way to the bank as they've sent cheap, sometimes substandard or fake drugs from warehouses in Turkey, India, Mauritius, Barbados, and other locations. Does Mr. Malcom believe that these for-profit offshore internet pharmacies merely have the health and safety of patients at heart?

In all of this, it's important to keep in mind what Mr. Malcolm is really asking of the internet community: to assume the risk of doing business with criminal enterprises and forego reasonable steps designed to avoid more intrusive government regulation. This isn't to internet users (or registrars') benefit, but is to the financial benefit of dodgy online pharmacies who want to be back in the game and make more money. Of course, offshore online pharmacies don't like the HDI's initiative, but they can't exactly say, "We don't like it because we will lose money." Instead, they need to wrap their arguments in empathy for patients, concerns about internet freedom, and accusations that anyone who doesn't agree with them is part of a nefarious "Big Pharma" plot. And the EFF is helping them do that.

I'll stop there. The point is, the HDI is a serious, well-intentioned effort, and it's not just about internet safety, but is also about creating an internet that in the long term is free from government regulation. Mr. Malcolm doesn't help by making inaccurate statements and letting himself be used by online pharmacy trade groups that promote or certify illegal activity. Whatever else he may think, Mr. Malcolm's criticism of HDI plays right into the hands of a multi-billion dollar industry seeking to establish its own credibility at the expense of internet users' health and safety and a healthy, balanced internet.

Written by John Horton, President of LegitScript

Follow CircleID on Twitter

More under: Cybercrime, Internet Governance


Read all