CircleID

Broadband Tariffs: The Significant Gap Between Residential and Business

2010-07-30T00:56:00-08:00

Analysis from Point Topic's recent reports on global broadband tariffs has revealed a significant gap in residential and business tariffs worldwide.

Tracking over 2000 tariffs on offer from ISPs around the world the latest quarterly figures show business are paying:

• 3.9 times as much for a DSL service as residential customers
• 1.8 times as much for a cable service
• 4.7 times as much for a fiber service

Clearly businesses are paying more for their services than residential consumers but the relative differences in the ratios is more marked than might be expected.

The first thought is that they are paying for more bandwidth and that is true to an extent. While the bandwidths advertised are often very similar and frequently less than those sold to households the major difference is the contention that is promised.

Businesses often require, or believe they require, an uncontended service where they don't share their bandwidth with anyone else. Businesses need to know what they are getting and have confidence that they will continue to receive a specified bandwidth.

This is essentially impossible for cable services, which goes a long way to explaining the disparity in residential to corporate tariff ratio for that service set against DSL and FTTx. Cable just isn't seen as a business grade service and carries the legacy of a long association with the provision of residential TV services.

That said the residential tariff for cable is no higher than a DSL service. A good explanation is the combination of competition particularly with DSL and more significantly the length of time the network has existed. In theory cable operators who own their networks have had enough time to recover the upfront implementation costs and can focus almost entirely on cheaper incremental upgrades to maintain a competitive edge.

With DSL and FTTx it is more straightforward to provide a dedicated service. The data however still poses the question why are business DSL services 3.9 times residential tariffs and business FTTx services 4.7 times more than residential counterparts?

We believe there are three primary reasons.

Firstly DSL is often a cheaper option, on a monthly basis, for smaller businesses who often balance concerns about consistent bandwidth against budget and are less concerned about the price per megabit. The tariffs are pitched at the lower end of the business market.

Secondly is that unless you are consistently maxing your bandwidth usage you won't gain all the benefits of a high speed dedicated connection, so why pay for it? For SMEs in particular where utilisation is more likely to be less than 100% than in larger organisations it can make sense.

Thirdly FTTx has a lower price elasticity of demand. It is a newer perhaps sexier and relatively future proof service. ISPs can charge what the market will bear and are taking the opportunity while they can.

Business customers are paying close to what it actually costs to deliver the bandwidth available on their tariff. They are cross-subsidising the residential customer acquisition schemes of the ISPs.

The ratios are likely to decrease. Recent results shows ISPs in mature and stable markets are moving to increase their ARPU particularly for the residential sector. Whether this means price hikes for households or better value for money for businesses will become clearer over time.

Written by Oliver Johnson, CEO of Point Topic

Follow CircleID on Twitter

More under: Access Providers, Broadband

Spamhaus Motion to Reconsider

2010-07-29T07:27:00-08:00

A few weeks ago, Spamhaus filed a motion to have the judge reconsider his recent $27,002 award to e360. Their brief hangs on three arguments.

1. The Court Should Vacate The $27,000 Award Because The Court Previously Ruled That Plaintiffs Were Barred From Relying On The Putative Lost Revenue Data Upon Which It Was Based.

2. The Court Should Vacate The $27,000 Award Because It Is Improperly Based On Lost Revenue, Not Lost Profit.

3. The Court Should Vacate The $27,000 Award Because There Is No Evidence That The Putative Lost Revenue Belonged Exclusively To Plaintiff e360.

As Spamhaus says in their opening paragraph, they know motions to reconsider are "rarely fruitful or helpful" but go on to say:

in this particular case, as Your Honor knows, Plaintiffs' damages calculations and requests were a quickly moving target. Indeed, although evidence regarding e360 Insight LLC's monthly revenue from its relationship with SmartBargains, Vendare Media and OptinBig (the "Putative Lost Revenue") was offered at trial, Plaintiffs did not ask that an award of damages be based on the methodology the Court used—one month of those putative revenues. As a consequence, Spamhaus did not get an opportunity to point out the specific reasons why the problems we raised generally with Plaintiffs' various damages methodologies barred an award based on the Putative Lost Revenue. Given that history, while mindful of the disfavor in which motions to reconsider are held, we wanted to directly present the infirmities in the $27,000 award to Your Honor before raising them in the Court of Appeals in the hopes of ultimately conserving judicial resources.

Spamhaus respectfully believes that the $27,000 award is erroneous for additional reasons that we have elected not to present in this motion because they have already been adequately presented to Your Honor. By making this motion, Spamhaus does not waive, and expressly reserves, any and all other grounds for appeal of the Court's judgment.

Just from that, it's clear Spamhaus is prepared to take this to the Court of Appeals (again) if the judge doesn't reconsider. In my lay reading of the law, and the memo in support of motion to alter judgement I don't think Spamhaus is out of line in asking for the judge to reconsider. I expect that if the judge doesn't reconsider, then we'll see an even more aggressive filing taking it up to the Court of Appeals.

I think that John Levine said it best, though, in his recent post about the issue:

I'm sure that Judge Korcoras is very, very, sorry he ever heard of Spamhaus or E360

Written by Laura Atkins, Founding partner of anti-spam consultancy & software firm Word to the Wise

Follow CircleID on Twitter

More under: Law, Spam

2010 Data Breach Report from Verizon, US Secret Service

2010-07-28T15:43:00-08:00

A study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service has found that breaches of electronic records in 2009 involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups.

Key Findings of the 2010 Report include:

• Most data breaches investigated were caused by external sources. 69% of breaches resulted from these sources, while only 11% were linked to business partners. 49% were caused by insiders, which is an increase over previous report findings, primarily due in part to an expanded dataset and the types of cases studied by the Secret Service.

• Many breaches involved privilege misuse. 48% of breaches were attributed to users who, for malicious purposes, abused their right to access corporate information. An additional 40% of breaches were the result of hacking, while 28% were due to social tactics and 14% to physical attacks.

• Commonalities continue across breaches. As in previous years, nearly all data was breached from servers and online applications. 85% of the breaches were not considered highly difficult, and 87% of victims had evidence of the breach in their log files, yet missed it.

• Meeting PCI-DSS compliance still critically important. 79% of victims subject to the PCI-DSS standard hadn't achieved compliance prior to the breach.

The report also says the decline in the overall number of data breaches may be due to a number of factors, including "law enforcement's effectiveness in capturing criminals."

Follow CircleID on Twitter

More under: Access Providers, Cyberattack, Cybercrime, Malware, Security, Telecom

Are Service Providers Giving Up on Landline too Soon?

2010-07-28T13:07:00-08:00

Interesting times in the carrier space, for sure. While most readers of this column are focused on the business market, it's hard to ignore what's occurring in the consumer space right now. Being based in Toronto, I happen to be struck by the similar trends shaping on both sides of the border. Over the past few days, we've seen earnings reports from major telcos and cablecos, and these businesses seem to be going in opposite directions.

In the U.S., for example, Verizon and AT&T are telling similar stories. Wireline losses continue to mount, and wireless is driving most of the growth. Heavy investments in fiber to capture video and power Internet users are necessary, but will take some time yet to become major bottom line producers. Verizon, in fact, lost $198 million in Q2—this time last year, they made $1.48 billion. Not surprisingly, to stem the tide, layoffs continue. Their job rolls are about 25,000 employees lighter from last year, and they anticipate another 11,000 will take early buyout offers. Wireless growth aside, the story is similar for Canada's major telcos, but the losses aren't quite as steep.

Cable, on the other hand, is booming. IPTV rollouts from the telcos aren't hurting them as much as they're hurting the telcos by winning away landline phone subscribers. At this point, I'm just going to focus on the U.S. market, as the dynamics differ from Canada in a key way. U.S. cablecos are not in the wireless game to the extent that Canadian cablecos are. Rogers is actually Canada's largest wireless operator, and the other three MSOs of note are all on the verge of making major wireless entries.

In essence, the traditional telcos are evolving into mobile operators, whereas the cablecos are building a pretty strong hold around the home environment. It all lines up rather neatly, actually. The triple/quad play bundles are clearly a winning strategy, and the convenience makes sense for the consumer. All the home services are rolled into one package—TV, Internet and home phone. The cablecos have managed to do this very well, whereas only a fraction of telco subscribers can say the same. When you think about the technical challenges behind these services, the outcome really isn't surprising—it's much easier for cablecos to add telephony than it is for telcos to add IPTV. Let's not forget long distance—well, actually you'd better. This used to be a cornerstone of telco profits, but no more. Sure, there is some money to be made with international calling, but domestic long distance is now an oxymoron, as everyone pretty much offers it for free.

So, where does this leave carriers? They really are in a precarious spot, at least in the U.S. On the defensive side of the ledger, they seem to be conceding the landline business outright. The trend is only going in one direction, and they're been taken down by three forces. First, they're losing subscribers to cablecos—this is the toughest loss of all. By definition, incumbents will be the last players to offer VoIP, simply to avoid cannibalizing their core subscriber base. So, while they stayed on the sidelines, the cablecos simply walked in and took the business away. OTT operators like Vonage got the ball rolling, but it's the cable operator's world now, and the OTT's just live in it. Bottom line—the cablecos did a great job figuring out how to offer VoIP. In the early days, there was a question of trust as to whether consumers would take them seriously as telecom providers. Nobody feels that way today.

There are two other factors to consider in the demise of telcos. The second is wireless substitution, which will continue to drive landline losses. However, at least here the telcos have a fighting chance of keeping their subscribers. Finally, there is the white flag scenario, where incumbents are simply exiting the landline business. Divestitures such as Verizon selling off wireline operations to Frontier Communications illustrate how this trend is unfolding.

Now, it looks like the telcos have all their eggs in one basket. Wireless has been their savior, and the growth story simply gets better when you layer on mobile broadband, and game-changers like the iPhone, iPad and Android. Subscriber growth remains healthy, the smartphone market is far from saturated, margins are good, and demand exceeds supply. Countering this, of course, is the endless catch-up that operators need to do in terms of expanding network capacity and transitioning to the all data worlds of 3G and 4G.

As a result, the world of telcos is much different now than ten years ago. The diverse base of services and revenues is gone, and the competitive landscape is far more challenging. Wireless is a great business, but I would argue that telcos have shifted from a position of strength to weakness. By conceding wireline to cablecos they have lost the foundation of their traditional relationship with millions of households, and it's hard to see how they can win this back.

Wireless can be a fleeting market, given the competitive options, especially from MVNO's and prepaid plans—which have no contracts. Profits attract competitors, and the wireless market will only get more crowded, not less. Furthermore, telcos have less leverage with wireless than wireline. Ever since Apple disrupted the status quo with the iPhone, the balance of power has shifted away from carriers to the handset vendors. The mobile device is now a more powerful driver of demand than the service itself, and a mobile operator's success depends heavily on partnering with the vendors, with the right models, at the right times. For better or worse, the cablecos do not have these problems.

If there's one thing that telcos can count on at present is the seemingly insatiable appetite for mobility and the cool gadgets we've become addicted to. Circling back to Canada, I'd like to cite a feature article in last week's Financial Post that talks about how out of control our spending is around these services. This really isn't news, but the article provides a nice breakdown about how much it's really costing to use all these services. To some extent this reflects the downside of bundles, where the monthly bill for everything amounts to sticker shock.

That aside, the main message here is that we're spending much more today to talk—and communicate—than ever before. Despite how IP has led to lower basic subscriber costs and eliminated a lot of long distance and extra feature charges, our bill is now orders of magnitude higher. Even more telling is how little impact our weak economy has had here. We've simply become too addicted to these services, and demand is proving to be inelastic. When times get tough, we cut back on a lot of things, but mobility doesn't seem to be one of them.

So long as the scenario holds, telcos will survive. I'm leaving IPTV out of the equation here—it's too early to tell if this will turn out to be a major or minor revenue producer. However, despite good growth from wireless, I don't see them building off this strength to invest in what remains of their landline franchise. That's the part that concerns me, as I still think there is value in this service, and with some creative R&D and partnering, I believe there are ways to reinvent landline. I just don't think it's good business to abandon landline service in the pursuit of quick, easy profits from mobility. That scenario will not persist indefinitely, especially if consumer backlash takes hold in an attempt to pare back these huge monthly phone bills. If that day comes, and the landline franchise is all but gone, the trusted telcos we grew up with may go the way of the rotary phone.

This article of mine originally ran today in my Service Provider Views column on TMCnet.

Written by Jon Arnold, Principal, J Arnold & Associates

Follow CircleID on Twitter

More under: Access Providers, Broadband, IPTV, Mobile, Telecom, VoIP

Clouded by a Convenient Illusion

2010-07-27T11:04:00-08:00

In a relatively short time, the phrase "in the cloud" has become a term of art when talking about the internet. A quick Google search shows nearly a million uses of the phrase in the past month, a 3x increase from the same period in 2009. But, what does it actually mean to have your web site, your software, your data, or anything else "in the cloud?"

"In the cloud" is derived from "cloud computing," which in turn is just a new term for distributed computing, where data-crunching tasks are spread across a variety of different physical processing units. This was common in mainframes in the 1960s, and later the idea of distributing processing across cheap PCs running Linux became popular in the 1990s.

The nineties also saw the advent of computation distributed across computers of different types, belonging to different people:

SETI@home, uses volunteered computers to search for patterns in transmissions from space; Scott Draves' Electric Sheep has participating computers render complex, beautiful abstract animations, some of which have won awards.

Where it seems to have changed is with the creation of what you might call "clouds for hire": Amazon Web Services offers both computing and storage platforms, as does Rackspace Cloud Computing and a handful of others. These have become popular ways to operate new web services and similar offerings, cheaper and easier (some say) than dealing with physical hardware yourself.

The botnets used in nearly all forms of cybercrime today, which are made up of tens of thousands of virus-infected computers (unbeknownst to the computers' owners) are a less palatable example of distributed computing.

These botnets in particular illustrate that the concept of the cloud as a magical place where data goes in and data comes out on demand, nothing to think about, nothing to worry about, with no responsibilities of your own...it's a convenient mental image, but in nearly all cases it's simply wrong.

The Amazon cloud is actually a series of computers owned by Amazon, physically located in facilities they own or lease. The Rackspace cloud is similarly owned by Rackspace. These computers and facilities are subject to security breaches, backhoe attenuation—and legal jurisdiction.

the cloud is magic
swift, robust, reliable
except for rackspace

—hungry programmer Charity Majors, complaining on Twitter during an apparent Rackspace outage

Along with physical locations and ethernet cables, the various computers that make up those clouds also have IP addresses. When your cloud-based process communicates with the rest of the internet—to send email, perhaps—the remote server that it's talking to sees that IP address as the source of the transmission. But as Reddit and others have been discovering, that IP address is in most cases shared with everyone else who uses the cloud—possibly including spammers, or other bad guys. A virtual server "in the cloud" can even be infected by a virus and become part of a botnet.

As the popularity of cloud-based services has grown, so has the apparent applicability of the phrase "in the cloud." It now appears to refer to any processing or storage which takes place outside of your own desktop, laptop, or mobile device. I've heard people talk about keeping their email and calendar and contacts "in the cloud" when all they're actually doing is letting Google Apps or Apple's .MAC service host it.

Are you all just saying Cloud when you mean Internet? Have I lost it?

—software developer Jim Van Fleet, on Twitter

This use of the phrase seems to be predicated entirely on the concept of the cloud as a place where you have given up all responsibility for your data. These companies will take care of you (except when their Terms of Service say they don't have to.) Not everyone wants to operate their own mail server, or write their own calendar synchronization application; hosted email and other "software as a service" offerings absolutely can make sense, so long as you're aware and comfortable with the idea that you've given up a large measure of control.

And that's the important thing to consider before relying on an Amazon-style distributed computing cloud, or using web services like Google Apps. How much control do you need over security, privacy, uptime? How can you be certain you're complying with all relevant laws when you don't know which jurisdiction your process is running in? Who else is sending email from that same IP address? What will happen when the federales show up with a subpoena?

All of these things are well-understood for traditional computing, and even for colocation situations, but industry understanding and best practices around cloud computing are still emerging—hampered by the ever-widening, increasingly cloudy meaning of "in the cloud."

When it comes to sending email, I'd have to strongly advise against using clouds. Even if it makes sense to host your web site and run your processes from the cloud, use an ESP or a reliable relay service to send the email.

Above all else, don't be swayed by the illusion of the cloud. You can't touch it, but someone is still held responsible. You can't see it, but someone can still be subpoenaed. Someone can trip over a power cord, or go out of business, or get bought by your competitor. Whether you trust that someone is up to you.

is the cloud down? I can't log in, and my keyboard is wet.

—an anonymous smartass

Written by J.D. Falk, Director of Product Strategy at Return Path

Follow CircleID on Twitter

More under: Cloud Computing, Email

The Issue of License Proliferation

2010-07-27T09:56:00-08:00

When I was on the ICANN board, we were dealing with the issue of Internationalized Domain Names (IDNs), an initiative to allow non-latin characters in domain names. Technically, it was difficult and even more difficult was the consensus process to decide exactly how to do it. Many communities like the Chinese and Arabic regions were anxious to get started and were getting very frustrated with the ICANN process around IDNs. At times, it seemed like the Arab Internet and the Chinese Internet were ready to either fork away and make their own Internet to solve the problem or were ready to introduce local technical "hacks" to deal with the issue which would have broken many applications that depended the standard behavior of the Domain Name System.

Luckily, in the end, we were able to come up with some basic understandings around IDNs after a lot of work. The Internet held together in one piece, almost impossibly so.

When I joined the Open Source Initiative board of directors, we were also struggling with a similar, but slightly different problem. We called it "License Proliferation". License proliferation was the problem of companies and projects creating their own "vanity" Free and Open Source licenses rather than using existing, established licenses. Because these vanity licenses were tailored (at times even just very slightly from an existing licenses) to address the particular steward's needs, they added to the complexity of the source, causing users to become confused and creating legally incompatible bodies of code.

Copy-left licenses such as the Free Software Foundation's GNU Public License require derivative works be licensed under the same license. This feature—and to many coders this is a feature, not a bug—however, makes it challenging to combine code from projects with different licenses because of the requirement on how derivatives must be licensed. These islands of code looked a lot like a forked Internet, existing IM networks and email before the Internet connected them together.

Two great features of the Internet are the low cost of transaction and the standards and protocols that allow interoperability fueling the massive network effect that drives innovation.

At Creative Commons we have the benefit of hindsight as the "new layer" of the stack and are working hard to keep transaction costs low and interoperability high by trying to prevent license proliferation and "forking".

For instance, Wikipedia was established before Creative Commons licenses were available. Wikipedia, until last year, was licensed under the Free Software Foundation's GNU Free Document License (GFDL). The GFDL is copy-left license, very similar to the Creative Commons share-alike license which allows people to use the content as long as the derivatives are licensed under the same license. However, since the GFDL was primarily designed for documentation for free software, there were a number of attributes that made it sub-optimal for massive online collaborations like Wikipedia.

Also, as more and more content was being created under the Creative Commons Share-Alike license, it created two oceans of content that were not remixable or compatible because of the two different licenses. It was like having two Internets.

After years of discussion with the Free Software Foundation, the Wikipedia and Wikimedia board and community and the Creative Commons community, last year we were finally able to convert Wikipedia to a Creative Commons Share-Alike license. This brought together two communities and two bodies of content so that they could share and collaborate freely.

The moment felt a lot like the early days of email when finally you could send email to anyone instead of only those people on your network.

As the idea of sharing and free culture begins to become more and more accepted and governments, Internet services and even broadcasters begin to implement the idea of sharing, the specter of license proliferation has begun to present a real risk.

Companies and governments are beginning to create vanity licenses either for purely branding and egotistical reason or because there are certain features that they would like to "tweak". What many of these communities don't understand is that tweaking a free content license is a lot like tweaking character codes or the Internet protocol. While you may have some satisfaction of a minor feature or a feeling of ownership, you will introduce the friction of yet another license that we all have to understand and in many cases, fundamental incompatibility and lack of interoperability.

Creative Commons is not just a single license "option". We are a global conversation among lawyers, judges, academics, users and companies in over a hundred countries with extremely rigorous compatible license ports in more than 50 jurisdictions. We are focused on taking into consideration the needs of all of the stake holders in this new ecosystem and updating and modifying our licenses to try to provide as many options as possible while trying to keep things as simple as possible to achieve maximum interoperability and ease of use.

Some would argue that our six core licenses provide too many choices. Some of our critics point—perhaps rightly—to the fact that our own licenses are not all compatible with one another. Others would argue that they do not provide enough choices. But we believe, 350,000,000 licensed works later, that we are successfully navigating the sweet spot between simplicity and choice.

As sharing and the adoption of new, free licenses begins to accelerate, I believe we are in danger of creating sloppy licenses or incompatible licenses backed by torrents of content funded by well-meaning governments, non-profits, users and even commercial entities. Poorly drafted licenses, licenses that are not adequately stewarded or supported by a dedicated team of legal experts, content encumbered by onerous neighboring rights and isolated and restrictive licenses can create mountains of unusable content which we might call "free" but which for all practical purposes become puddles of unusable content and what we would call "failed sharing".

I would like to urge all of those people who have seen the benefit of sharing and free licensing to really consider the value of focusing on a single set of licenses and to resist the urge to create vanity or lets-just-add-this-one-feature-for-our-users licenses. We are trying to create a open global dialog and encourage people to join the conversation and present their cases for how our licenses might be improved and listen to the reason why each of the clauses in our license have been written the way they have.

For the future users of our content and participants in the architecture that we are creating, we really MUST try to hold this network together and try to proactively stamp out license proliferation and fragmentation. If the ICANN and OSI experiences provide any guidance and learnings—and if we are to avoid the challenges and risks those organizations and communities confronted—we all must be vigilant and uncompromising on this point.

Written by Joi Ito

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Law, Multilinguism, Policy & Regulation, Web

Cyberwar vs No Cyberwar

2010-07-27T09:53:00-08:00

I was browsing CircleID the other day and came across Bruce Schneier's article on cyberwar. Schneier's article, and the crux of his point, is that the term cyber war and the threat of cyber warfare has been greatly exaggerated. The real problem in cyberspace is not the threat of cyber warfare wherein a foreign government, or possibly non-state actor, conducts a cyber attack on another nation. Instead, the cyber threat is really that of things like online crime. The people who assert that cyber war is a problem are those in the military who are hyping the threat in order to gain contracts from the government (i.e., it's about the money) or gain control over others (which ultimately leads to money). In other words, the threat of a hostile government attacking us is small and that these threats are distracting us from the real problem—criminals in cyberspace.

Cyberspace has all sorts of threats, day in and day out. Cybercrime is by far the largest: fraud, through identity theft and other means, extortion, and so on. Cyber-espionage is another, both government- and corporate-sponsored. Traditional hacking, without a profit motive, is still a threat. So is cyber-activism: people, most often kids, playing politics by attacking government and corporate websites and networks.

These threats cover a wide variety of perpetrators, motivations, tactics, and goals. You can see this variety in what the media has mislabeled as "cyberwar." The attacks against Estonian websites in 2007 were simple hacking attacks by ethnic Russians angry at anti-Russian policies; these were denial-of-service attacks, a normal risk in cyberspace and hardly unprecedented.

A real-world comparison might be if an army invaded a country, then all got in line in front of people at the DMV so they couldn't renew their licenses. If that's what war looks like in the 21st century, we have little to fear.

Similar attacks against Georgia, which accompanied an actual Russian invasion, were also probably the responsibility of citizen activists or organized crime. A series of power blackouts in Brazil was caused by criminal extortionists—or was it sooty insulators? China is engaging in espionage, not war, in cyberspace. And so on.

Is Schneier right? Are the cyber threats more benign than we think?

I think that Schneier is correct in asserting that most attacks that are done are financially motivated, or examples of hacktivism (a portmanteau of the words hacking and activism). They are probably not examples of a foreign government attempting to shut down the infrastructure of the United States, or of that other foreign government. Yet the attacks on Georgia in 2008 and Estonia in 2007 were not done by mere teenagers, nor is it akin to getting in line at the DMV.

The attacks in 2007 ultimately had their responsibility claimed by one of the commissars of the Nashi, a Russian youth organization with ties to the Kremlin. Konstantin Goloskokov was the one claiming he drove it, and he was an assistant of Sergei Markov, a politician in the Russian Duma. Furthermore, the attacks did more than shut down the DMV, they shut down all Internet traffic into Estonia. In addition, during the Georgia attacks, the DOS attacks on that country's Internet web sites prevented the Georgian government from communicating with the outside world. They resorted to using Google Blogspot in order to do so. So, this is not mere teenagers causing a ruckus, but instead are people with nationalistic views with the ability to hurt a country's infrastructure if they try hard enough.

I suppose my point is not so much that cyber warfare is the problem, but deeply embedded botnets that exist for criminal purposes, and hostile actors with nationalist views can get together and do a lot of damage in a short period of time. It may not be a state actor, but if the state is aware of the potential for threats and turns a blind eye, that doesn't mean that their liability is eliminated. The word for this is negligence.

It is this potential for collisions in the online crime/nationalist arena that has the military community in the United States up in arms. Those in the military tend to see threats where none potentially exist, but on the other hand, they're supposed to see threats where none potentially exist because once in a while, they are right. It is a cost/benefit ratio. What happens if no defenses are built and no attack comes vs what happens if no defenses are built and an attack is executed?

His other point, that the term cyber warfare is strewn about ad nauseum, is correct. China did not declare cyber war on Google this year. The term is being used colloquially in the sense that there was a war between the Montagues and the Capulets, or a war between Donald Trump and Martha Stewart, or a war between me and my intestines last night after I had some bad pizza. It's more like a feud where one side engages in dirty tactics. That China engages in espionage to steal secrets from Google is not war conducted in cyber space, it's China protecting their turf. It's not much different than Venezuela nationalizing their oil industry, except nobody calls that conventional warfare (they call it socialism).

So, is there a cyber warfare problem? Maybe. It is state sponsored malicious intent? Less likely. Is there a problem with cyber crime? Definitely. Is this a recipe for disaster? Probably.

Written by Terry Zink, Program Manager

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Internet Governance, Malware, Policy & Regulation, Security

Paul Kane Selected as One of Seven Security Key Holders

2010-07-27T08:41:00-08:00

Chuck Kisselburg writes: Responsible for safe-guarding a share of the ROOT Zone's DNSSEC Recovery Key, Paul Kane, CEO of CommunityDNS, is one of 7 TCRs (Trusted Community Representative) selected from around the globe by ICANN. "In the event of a security breach—such as a terrorist attack—Mr Kane may be required to travel to a secure location in the US."

Related Links:
The Canadian who holds the key to the Internet thestar.com, Jul.28.2010

Read full story: BBC

Follow CircleID on Twitter

More under: Cyberattack, DNS, DNSSEC, ICANN, Security

New TLD Application Tip: Launch Strategies

2010-07-26T10:40:01-08:00

Almost exactly nine years ago, the .INFO domain first started accepting registrations. This was an historic event as it was the first time a new generic top-level domain (TLD) was launched to an existing domain marketplace and, in fact, was the first new TLD to be added since .com. We've seen (and provided technology to power) many other TLD launches since then, with many business models. As you seek to introduce your own new TLD however, you should carefully evaluate the different launch models that have been tried before and determine which one will work best for your specific TLD.

Trademark Protection

All new TLDs will require some form of trademark protection to ensure that Intellectual Property (IP) holders' rights can be protected prior to live, public registrations. Afilias has implemented a number of different types of trademark protection plans from pre-registration without trademark verification, to those with extensive application and verification processes. We've seen the best success with a very focused trademark pre-registration period that has clear trademark parameters and works with a known trademark verification agent to weed through all of the submissions. We also recommend that all registries lock pre-registered trademark domains for up to 60 days following their registration award to allow for any potential UDRP claims that IP owners may wish to file.

Landrush

Landrush will be the most critical time for your TLD as it places the heaviest load on the technical registry system. We've seen in excess of 300,000 names coming in through initial landrush opening minutes, so you want to be very careful about who you select as your registry partner. You should make sure that their registry has been tested to withstand a significant landrush load.

In addition, you will have to make some policy decisions about how you want landrush to work. In almost all cases you should avoid pre-registration fees with a "chance" at getting your name. These can be viewed as lottery-based systems that can subject your organization to new legal restrictions. We highly recommend that clients not charge for applications, but only for awarded names.

Regardless, you need to decide if you will open the floodgates all at once, or if you want to have multiple, specialized application periods (see below) in advance of the "public" opening.

Premium Names and Auctions

In recent years TLDs like .info, .mobi, .asia and .me have seen good success by reserving premium names, which are highly desirable generic or category terms. In .info's case, we reserved a number of country domains and have awarded them for use by their respective governments (some great examples are spain.info and germany.info). Other TLDs have used reserved name lists for auctions following landrush.

Premium or other reserved names can fit well into your new TLD's strategy, particularly if you will be representing a certain category or key community where they will present more value. An auction approach helps to raise the price, and therefore perceived value of these names, and can help put your registry on a sound financial footing more quickly.

RFPs

If auctions are not to your taste, other domains have also seen success by simply launching a period where interested users can respond to a "request for proposal" with a business and launch plan for a highly desirable name. As a registry, you can offer additional promotion, partnerships or advertising to help assist with the launch of these sites, which can also act as great brand ambassadors for your fledgling TLD.

Each new TLD will have its own priorities. However, at the end of the day, you need a plan that will get lots of names into your target market quickly, generate awareness of your TLD (so it will be viewed as a legitimate place to visit by Internet users), and demonstrate actual use in the market (i.e. real sites and e-mail). Your launch plan is critical to establishing these building blocks quickly. If you are not a TLD expert, consider teaming up with someone who has been there before.

Written by Roland LaPlante, Senior Vice President and CMO at Afilias

Follow CircleID on Twitter

More under: Domain Names, Domain Registries, Top-Level Domains

Would You Fly an Airplane That Had a Pre-flight Checkout That Was Only 40 Percent Complete?

2010-07-26T08:07:00-08:00

In the aviation world safety is paramount. Commercial airlines go to major lengths to make sure that their planes are fully up to code and can fly safely in the air. The risks—loss of human lives—are far too extreme to take any chances. One result of this diligence is the fact that travel by plane is far safer than any other method—nearly 40 times safer per mile than travel by car.

While application security risks are not as dire, research shows CSOs fail to use the same stringent level of safety to secure their Internet-facing applications. In fact, most organizations may not be aware of 60% of their internet application vulnerabilities because they only rely on automatic external website scanning and/or automatic static source code or binary analysis tools. These methods only find approximately 40% of the types of security vulnerabilities that should be discovered in a security assessment.

Sixty percent is clearly a statistic that would cause many CSOs to lose sleep. As I have highlighted before, organizations with Internet facing applications need to apply the same level of security diligence as they would for perimeter defenses by taking a strategic look at their application security practices to cover this massive gap.

The only way to determine the total risk due to application vulnerabilities is to assess Internet and intranet applications using a blend of manual and automated analyses. Manual static analysis involves a review of the application architecture and source code by highly skilled software security engineers. The resulting analysis is comprehensive and, overall, the most reliable of the approaches.

Thankfully, some companies in the financial services sector have taken an airline-like safety approach by using this comprehensive method of analysis. I encourage everyone to take a hard look at their online application vulnerability assessment methods. And, as a frequent flier, I would choose to fly on an airline that has a complete pre-flight checkout of every plane, not one that's only going to find 40% of the possible dangers.

Written by Greg Reber, CEO of AsTech Consulting

Follow CircleID on Twitter

More under: Security

FCC's McDowell Warns of "Irreversible International Regulation"

2010-07-23T10:32:00-08:00

The stakes of the U.S. communications policy debates are larger than many assume. Subjecting broadband to new and extensive regulation in the U.S., says FCC Commissioner Robert McDowell in today's Wall Street Journal, could invite a regulatory ripple effect across the globe.

The FCC proposed in June to regulate broadband Internet access services using laws written for monopoly phone companies. Despite a four-decade bipartisan and international consensus to insulate computer-oriented communications from phone regulation, the FCC is headed toward classifying these complex 21st century technologies as "telecommunications services." This could inadvertently trigger ITU and, ultimately, U.N. jurisdiction over parts of the Internet. Unlike at the U.N. Security Council, the U.S. has no veto power at the ITU and may not be able to stop it.

Such an outcome would fundamentally alter the Internet's long-standing and successful self-governance model, where stakeholders from industry, academia, and yes, nations and NGOs, collaborate on technical, cultural, and economic matters. The ITU has been searching for ways to exert more "muscle" on the Net, and the possible U.S. action would appear to only strengthen the UN's hand. As I wrote last week,

The worry is that the UN could become not a true forum for Internet advancement and cooperation but a murky bureaucracy that governments use to impose rules and taxes on others and to cloak their own illiberal regimes. The Internet is the true multilateral instrument of diversity, transparency, and cooperation, not the politicians groping for control in its name.

Or, as the FCC's McDowell concludes:

The best way to keep the Internet open, operating and growing is to maintain the current model. We should continue to rely on the "bottom up" nongovernmental Internet governance bodies that have a perfect record of keeping the Web working.

Changing course now could trigger an avalanche of irreversible international regulation.

Written by Bret Swanson, President of Entropy Economics

Follow CircleID on Twitter

More under: Access Providers, Broadband, Internet Governance, Net Neutrality, Policy & Regulation, Telecom

White House on the DNSSEC Deployment: "A Major Milestone on Internet Security"

2010-07-23T10:29:00-08:00

Andrew McLaughlin reporting in the White House website: "Last week marked a significant advance in the security of the Internet. After years of intensive design, testing, and implementation work, the Internet's domain name system now has a new security upgrade that allows Internet service providers and end users alike to protect against an important online vulnerability: the clandestine redirecting of online communications to unwanted destinations."

Follow CircleID on Twitter

More under: DNS, DNSSEC, Security

Brand Protection Domain Registrations: There Are More Than You Think

2010-07-23T07:54:00-08:00

One of the major problems for brand owners is protecting the brand in new TLDs. Most new Top-Level Domain (TLD) registries will depend on brand protection registrations for a major part of their registration volume and some may become almost completely dependent on these registrations if the new TLD fails to capture the public's imagination. Short of comparing the registrant data for each individual domain, there is no 100% accurate method of measuring the level of brand protection registrations in a TLD. There is a method of estimating the level of brand protection registration and that's by checking the hoster for each domain name in a TLD against similar domain names in other TLDs.

Brand protection registration patterns tend to have the same domain name term registered across different TLDs but with the same hosting data. In theory, it is very simple. In practice it means comparing the hosting data for each domain in each TLD. For a comparison of the .COM .NET .ORG .BIZ .INFO .MOBI .ASIA TLDs as of 01/July/2010, it involves comparing the hosting data for 119,361,431 domains. These are the results of that comparison:

TLD	Cross TLD Domains	Percentage
.com	6,619,959 of 88,204,371	7.50%
.net	6,074,721 of 13,143,605	46.22%
.org	3,940,164 of 8,329,647	47.30%
.biz	1,192,120 of 2,062,053	57.81%
.info	2,470,769 of 6,471,955	38.18%
.mobi	493,954 of 969,061	50.97%
.asia	62,937 of 180,739	34.82%

The Cross TLD Domains are domains for which the same domain name term is registered in one or more of the other TLDs. The percentage of these possible brand protection registrations on .com is low because of the size of .com TLD and also because there is a pattern of ccTLD registrants registering their ccTLD domain and, if it is available, the .com form of their ccTLD domain.

Drilling down into the data reveals more interesting patterns. A hoster engaged in brand protection is going to have a different pattern to that of a domainer hoster or PPC hoster. The .com pattern for Google.com's GOOGLE.COM is:

Hoster	.com Total	Cross TLD	Unique .com	T/C Ratio	Uniqueness
GOOGLE.COM	3578	871	2707	4.1079	1.3218

The number of unique .com domains on is 2707. The T/C ratio is that of the total number of .com domains to Cross TLD domains. The Uniqueness is the ratio of the total .com domains on the hoster to the number of unique .com domains on the hoster. For a hoster with little or no Cross TLDs hosted, that ratio would tend towards 1. MarkMonitor.com, a Brand Protection Registrar displays a similar brand protection pattern.

Hoster	.com Total	Cross TLD	Unique .com	T/C Ratio	Uniqueness
MARKMONITOR.COM	41499	9535	31964	4.3523	1.2983

The pattern for PPC and parking hosters is somewhat different,

Hoster	.com Total	Cross TLD	Unique .com	T/C Ratio	Uniqueness
DSREDIRECTION.COM	1672107	18914	1653193	88.4058	1.0114
SEDOPARKING.COM	1432598	56206	1376392	25.4883	1.0408
FASTPARK.NET	248528	9704	238824	25.6109	1.0406
HITFARM.COM	605431	1366	604065	443.2145	1.0023

The pattern for a Super Hoster (a hoster with significant market share) is,

Hoster	.com Total	Cross TLD	Unique .com	T/C Ratio	Uniqueness
DOMAINCONTROL.COM	18509994	2415266	16094728	7.6637	1.1501

The most recently launched of the TLDs in the survey, .asia sTLD, has one of the lowest estimated brand protection registration percentages. However there is possibly some element of brand protection registration overlap with the ccTLDs in the region covered by .asia sTLD. The lesson for the backers of any new gTLDs is clear—brand protection registrations are still the major source of registrations and unlike many of the speculative and transient registrations of the Landrush phase, many of them will provide repeat business.

Written by John McCormac, CIO of www.hosterstats.com

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names, Domain Registries, Top-Level Domains

Website Seals of Approval: Can You Trust Them?

2010-07-22T16:37:00-08:00

The abuse of well-known seal of approvals seems to be the latest ruse used by online fraudsters. Leveraging reputable names that existed long before anyone heard of the Internet is a blaring reminder that even trustworthy seals are not off limits to scammers. In fact, linking to reliable sources of reviews and certification is proving to be an essential part of any fraud strategy today.

A recent string of fake websites tricking car shoppers serves as the latest example. America Auto Sales, a glitzy site listing used cars at discounted prices, appeared to be an authentic channel where many consumers could find great deals on previously owned vehicles. The website not only held an extensive inventory of repossessed cars, but seemed to be 'certified' with reviews from reputable sources. America Auto Sales even had an "A" rating with the Better Business Bureau (BBB), a longstanding goldmine on business reliability.

And so the story goes—the website turned out to be a scam, in yet another case where gullible victims fall prey to the bad guys. Sadly, online buyers lost thousands of dollars and the authorized dealerships were left to deal with the aftermath. The real America Auto Sales was slammed with over 1000 customer calls as a result of stolen identity.

Sure, we're all aware of the customary tricks to steal a company's identity as is evident in this story. What's interesting is now scammers deploy the usage of trusted authentication services such as BBB to further deceive unsuspecting victims. We've seen this type of behavior in other industries, such as online pharmaceuticals as well. In numerous occasions, illicit online pharmacies sport a Verified Internet Pharmacy Practice Sites (VIPPS) certification, a program governed by the National Association of Boards of Pharmacy to ensure the legitimacy of online pharmacies. Many consumers use the VIPPS certification to confirm the validity of pharmacies to shop safely for pharmaceuticals online. However, similar to the online auto scams, fraudsters are plastering the VIPPS seal onto their fake websites, implying a false association to fake their credentials.

Fraudsters are smart. They will do whatever it takes and are clearly not above usurping seals of approval. This is where consumer education comes into play as it serves as the first line of defense against any fraud and deception. Most recently, BBB posted an article highlighting best practices to red-flag fraudulent websites. These types of best practices enable consumers to make well informed decisions and ultimately avoid rip-offs like the recent car scams. They serve as a complementary and critical component to any brand protection strategy. Whether its educating consumers on how to verify online pharmacies or on how to tell the difference between a counterfeit coupon from an authentic one, consumers need to be equipped with the best information to outsmart the fraudster.

Written by Teresa Chen, Senior Manager of Product Marketing at MarkMonitor

Follow CircleID on Twitter

More under: Cybercrime, Security

China's Popular Search Engine Gets Go Ahead from Judge to Sue Register.com

2010-07-22T16:20:00-08:00

Grant McCool reporting in Reuters: "China's leading search engine, Baidu Inc, can sue its U.S.-based domain name service provider, Register.com Inc, for breach of contract, gross negligence and recklessness related to an attack by hackers, a U.S. judge ruled on Thursday. The January 11 attack prevented Internet users around the world from gaining access to Baidu for five hours and disrupted its operations for two days..."

Read full story: Reuters

Follow CircleID on Twitter

More under: Cyberattack, DNS, Law, Security

ICANN's Economic Study - It Depends

2010-07-21T19:01:00-08:00

Economists aren't very good at predicting things, as any one with money in the stock market can attest. The most powerful economist in the United States, the Chairman of the Federal Reserve, is on record predicting a continuing climb in housing prices—just prior to their precipitous decline. And yet their crystal balls still hold some allure for those who need to present "evidence" about the future. Such is the case with ICANN and the new generic Top-Level Domain (gTLD) program.

The latest economic report to be presented to ICANN uses a great number of pages to say very little. It tells us that gTLDs may be useful, or they may be harmful—it depends. We are told that cybersquatting may increase, or not—it depends. We learn that registries might make money, or they might not—it depends. To our astonishment, we learn that sometimes things are good for some people, but bad for others.

The whole report could have consisted of this one paragraph, which contains the entire wisdom of its contents:

"Because business model innovations are difficult to predict, experience with the development of gTLDs that serve specific communities is limited, and the community has no experience with IDNs at the TLD level, it is difficult to describe the expected effects of new gTLDs with precision."

In other words, it depends.

Why Do We Even Have This Economic Report?

ICANN has produced many economic reports. Each time, someone objects to the results, and insists ICANN do another one, hoping for a different result. This is not as ridiculous as it might first appear, because two different sets of economists are entirely capable of coming up with wildly disparate results. In this case, the economic study is mandated by the Affirmation of Commitments. So ICANN is obliged to do it, which makes it obligatory, if no less fatuous.

The Language of Imprecision

The authors were handed an impossible task: predict what going to happen, in both an economic and social dimension, if we do something that has never been done before. With consummate professionalism, however, they were equal to the task, employing two effective strategies. First, they used the bulk of the report to review the history of the gTLD program, other surveys and opinions, and different theoretical frameworks for quantifying economic predictions. Second, they predicted various possible risks and benefits, without quantifying any of them—the words "may" and "might" appear 128 times, or roughly twice per page.

Something for Everyone

By saying that new gTLDs might be good, or might be bad, or possibly even a mix of the two, the authors gave both proponents and opponents something to cheer about, which has muted opposition to the report itself and has instead resulted in the two sides brandishing excerpts from the report, each for its own benefit. But the professionalism of the authors shows through: their most important recommendation is that the new gTLDs will provide data for—wait for it—another study.

I commend the authors for taking money from ICANN, and for setting themselves up for more work later, and for producing a document that looks entirely professional, while saying nothing more than "it depends." They were given a dubious task, and performed it to the hilt.

Should observers of ICANN lend any credence to this study? If your goal is to advocate a position without any empirical evidence, it is an excellent tool. If your goal is to understand what the new gTLD program will produce, it will, if printed out and bound, make a splendid paperweight.

In other words, it depends…

(Adapted from a post made to ICANN's comment forum.)

Written by Antony Van Couvering, CEO of Minds + Machines

Follow CircleID on Twitter

More under: DNS, Domain Names, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains

The Broadband Adoption Rate

2010-07-21T11:57:00-08:00

Yesterday's FCC report [PDF] estimates that at least 80 million Americans don't have high-speed Internet access—defined as download speeds of at least 4 Mbps and upload 1 Mbps—at home. (Soon the Commission will release another report comparing these results to those in other countries.)

This service is completely unavailable to at least 14 million Americans—the FCC estimates that "1,024 out of 3,230 counties in the United States and its territories are unserved by broadband[, and t]hese unserved areas are home to 24 million Americans living in 8.9 million households." Particularly for Americans in poorer areas, more rural counties, and tribal lands, adequate connectivity isn't even a possibility currently. The Commission has now said that those Americans will not gain such access in the near future absent changes in policy.

While not downplaying what the carriers in America have already done, the FCC is making clear that much more needs to happen. In a heavily footnoted report, the Commission is saying what most Americans already know: "Given the ever-growing importance of broadband to our society, we are unable to conclude that broadband is being reasonably and timely deployed to all Americans in this situation."

Written by Susan Crawford, Professor, University of Michigan Law School

Follow CircleID on Twitter

More under: Access Providers, Broadband, Policy & Regulation, Telecom

US Facing a Human Capital Crisis in Cybersecurity, Says CSIS

2010-07-21T11:43:00-08:00

A Human Capital Crisis in Cybersecurity – A White Paper of the CSIS Commission on Cybersecurity for the 44th Presidency, July 2010A new study has been released by Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th President that looks into cybersecurity manpower challenges in the United States. The report titled, "A Human Capital Crisis in Cybersecurity," is produced by CSIS - a bipartisan public and foreign policy think tank in Washington.

From the report:

"The nation and the world are now critically dependent on the cyber infrastructure that is vulnerable to threats and often under attack in the most real sense of the word.

... The problem is both of quantity and quality especially when it comes to highly skilled “red teaming” professionals We not only have a shortage of the highly technically skilled people required to operate and support systems already deployed, but also an even more desperate shortage of people who can design secure systems, write safe computer code, and create the ever more sophisticated tools needed to prevent, detect, mitigate and reconstitute from damage due to system failures and malicious acts.

The cybersecurity workforce to which we speak in this report consists of those who self-identify as cybersecurity specialists as well as those who build and operate our systems and networks. That workforce includes not only workers on government payrolls, but also those contractors who operate as part of the extended government workforce. It also includes those who build and maintain the critical infrastructure on which the public and private sectors have come to rely."

Related Links:
Prepublication: A Human Capital Crisis in Cybersecurity CSIS, Jul.16.2010
Cyberwarrior Shortage Threatens U.S. Security NPR, Jul.19.2010
Cybersecurity Expert Shortage Puts U.S. At Risk InformationWeek, Jul.21.2010

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Internet Governance, Policy & Regulation, Security

Comments on Economics Study of ICANN's New TLDs

2010-07-21T10:48:00-08:00

ICANN has taken another crack at the question of the economics of launching new top-level domains (TLDs). The first report that the group commissioned on the subject was greeted by a loud and unhappy uproar. Now we have the preliminary draft of a new report, this one by professors Katz, Rosston, and Sullivan. It is insightful and analytic, but the final version needs to consider the theoretical and empirical issues outlined below.

Theoretical

1. Advantages of using a signaling framework

• Puts into focus the areas of unmet needs for new TLD signals/messages by new registry applicants and registrants. TLDs such as .com, .tel, and .me have strong signaling value propositions. For example, .com has practically no substitutes for signaling a global brand. TLDs that signal location include country-code TLDs (ccTLDs) and some proposed TLDs such as .NYC (which signals New York City). TLDs that signal a particular business strategy include .outlet and .eco. The .tel has a strong use differentiation because it signals the brand owner's alternative contact information, while .me is personal and reassuring, as opposed to the chilly and faceless .name.

• Clarifies the strategic approach that needs to be followed by new TLD registry applicants. For example, to compete with .com, a product differentiation strategy needs to consider established network effects and to recognize that the argument for shorter second-level domain names is not viable. On the other hand, new unmet needs require a strategy for expanding the pie.

• Temporal approval decisions have to take into account the type of TLD signal. Otherwise, there might not be any informational benefits from sequential launches. Without a signaling framework, a multitemporal approval mechanism would ignore the reality of first mover advantage (FMA). Consider .green and .eco, two initial substitute-signal applicants. Quite an unfair advantage would accrue to .eco if it were approved first, followed by .green after a considerable wait.

• One cannot perform market power analysis without intuitively knowing what constitutes similarity signals. Numerical measures of substitution effects may not be reliable. For example, no matter what the numbers may say, the signals from .com and .me are intuitively different.

2. Externalities: The report

• Does not identify the sources of domain name externalities so as to work on reducing them.

• Uses a framework more suited for downstream analysis and ignores the possibility of an upstream-produced externality, namely one produced by ICANN.

• Considers trademark infringements and search costs as operating costs, though arguably they are externalities (within the framework of the report).

• Ignores the costs of potential rogue TLDs, whose private benefits outweigh their social value.

3. Instead of adopting a general social-private cost-benefit framework, the report can narrow down the scope of the analysis to, say, search, navigation, companies, and registries.

4. The report proposes no solution to trademark infringements except establishment of a clearinghouse. It ignores the benefits of establishing a cooperative regime as a complement to any registry-level trademark solution. An effective trademark regime can only be reached and implemented through negotiations.

5. The report ignores the distinction between defensive and offensive second-level domain registrations. The latter are value adding and thus should not be automatically labeled as a net operating cost.

Empirical

1. Without a signaling framework, the number of registrations of various existing TLDs cannot be used to estimate a TLD's demand and/or its market power. The lack of registrations by brand owners under certain TLDs can be due to the irrelevance of their signal to the brand name. Hence, I agree with the report's assessment that registrations of new TLDs under currently underserved signals would increase the cost of infringement rates and/or cybersquatting costs significantly.

2. The economic rationale for a domain registration is that its value must be greater than its cost. Statistical pricing models have been developed that can shed light on the value of keyword-based domain names. Moreover, such models identify statistically significant factors that drive prices for different TLDs and are useful in estimating price-premium variations over time. By contrast, using average and/or median sale prices is practically useless, as prices of various statistically comparable domain names fluctuate at different rates; during the same periods, prices of comparable domain names have not always moved in the same direction nor magnitude.

3. Such statistical models can also be used to estimate cross-price elasticity of demand for purposes of determining market power and competition.

Written by Alex Tajirian, CEO

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names, ICANN, Internet Governance, Top-Level Domains

Indian Government Plans to Begin Use of IPv6 from March 2012

2010-07-21T10:33:00-08:00

John Ribeiro from IDG News reports: "India will start using IPv6 (Internet Protocol version 6) from March 2012, according to a new roadmap released by the Indian government. All telecom and ISPs will have to be IPv6-compliant by the end of next year and offer IPv6 services thereafter, the government said in a statement issued on Wednesday by the country's Press Information Bureau."

Read full story: PC World

Follow CircleID on Twitter

More under: Access Providers, IP Addressing, IPv6, Policy & Regulation, Telecom