SnapNames Four Letter Domain Super Sale Auction is Underway

SnapNames is hosting these days the Four Letter Domain Super Sale auction. The auction features 49 domain names and ends April 30,2014, 3:15 PM ET.

Eight domain names already received bids :

Kins.com Current Bid $375

Wikr.com Current Bid $180

Gsyp.com Current Bid $104

Tcxd.com Current Bid $99

Bptx.com Current Bid $99

Hiti.org Current Bid $99

Tita.org Current Bid $99

XLSX.com Current Bid $99

You can see the entire inventory and place your bids here .

NIC.AT Gets ISO Certification. But What Is It And What Does It Mean?

It took one year of monitoring and optimising business processes, but nic.at has now officially received the ISO 27001 certificate.

Auditors of the certification body CIS confirmed the application and further development of an effective Information Security Management System complying with ISO 27001:2013. Additionally, the nic.at subsidiary IPCom and the sister company TLD-Box were certified.

“We at nic.at are constantly aware of our responsibility regarding .at and the other ccTLDs and gTLDs we are operating,” says Christian Proschinger, Chief Information Security Officer at nic.at. “Going through the certification process allowed us to question and thus optimise our information security management system. We are very happy to have taken this step successfully and we will keep improving in the future.”

But what is ISO 27001? Its main focus is to establish, implement, maintain and continually improve an information security management system. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of an organisation.

Its importance was also addressed in a recent article. “How much does it cost to get it?” is a question Jos van Schaik, a founding partner at CumulusTrust, is often asked. In his article he says he likes to reply with a question: “how much does it cost when you don’t have it?”

“The answer to the first question is easy”, writes van Schaik, “but the answer to the second one is more complicated. As a financial I am interested in the business case. If the cost of not having an ISO 27001 certification is higher than the cost of getting and maintaining one, you can actually make a profitable investment by getting certified.”

Van Schaik looks at a few of the cost components of not having the ISO 27001 certificate – opportunity cost; lost customers (churn); trust and transparency: lost opportunity for a competitive advantage; risk of data loss, breach of privacy or confidentiality and outages and finally the business case. In conclusion after looking at the cost components Van Schaik writes “can you afford the cost of NOT having an ISO 27001 certification?”

The full article by Jos van Schaik, founding partner at CumulusTrust, is available on the CumulusTrust website at cumulustrust.com/cost-iso-27001-certification.

The Prevention of Cybersquatting in Europe: Diverging Approaches and Prospects for Harmonization by Ventsislav Pantov [MIPLC Master Thesis Series]

Abstract: This thesis examines the phenomenon of cybersquatting, its nature and development and the means employed against it in the European continent.

The analysis shows that there is a myriad of approaches in combating cybersquatting. First, many systems of domain name dispute resolution exist, both private and official. Most of the Alternative Dispute Resolution (ADR) systems that have been adopted largely rest on the Uniform Domain Name Dispute Resolution Policy (UDRP) which is already established and has gained a track record. Some jurisdictions have adopted the UDRP completely in spite of its narrow scope. Others have preferred to extend the range of distinguishing signs protected and have adopted extended versions of UDRP. A third group of countries has developed their own sui generis ADRs that are unconnected to the UDRP. The most distinctive characteristic of all ADR examples analyzed is the availability of twofold procedure due to their “open ended” nature. Meanwhile, some jurisdictions have adopted classic arbitration procedures for their domain name disputes which result in final judgments with res judicata effect.

As regards substantive grounds of claim there is also a large variety of approaches. Notably, most of the European countries prefer to extract the bases of anticybersquatting claims from general laws regarding trademarks, unfair completion, passing off, personal and trade name protection. This paper demonstrates that in some cases the traditional legal measures turn out to be insufficient for the challenges of the Internet, which leads to unsatisfactory jurisprudential solutions. In this regard, the cybersquatting activities taking the shape of blocking registrations cause problems for the courts either in establishing “use in commerce” in the trademark context, or misrepresentation in the circumstances of a passing off action. Another tension is observed in the field of clashes between competing rights such as trademarks and personal and trade names, which due to the lack of clear rules results in uncertainty.

Few jurisdictions (e.g. Belgium, Finland, France and Denmark) considered the issue significant enough to enact tailor-made anticybersquatting legislation. The enactment of an anticybersquatting act solves to a great extent the problems caused by the attempts to adapt traditional legal principles, without prejudice to their subsidiary application. Thus, the available examples of special anticybersquatting legislation originating from Belgium and Finland combined with some solutions borrowed from the U.S. Anticybersquatting Consumer Protection Act form the basis of a proposal for enactment of an instrument harmonizing anticybersquatting law in Europe. This process is also conceivable, given the fact that the .eu domain names related disputes are already uniformly managed on an EU level by a Commission Regulation, which also provides some useful examples. Finally, some potential obstacles on the way of harmonization as well as some arguments against it are also considered.

This abstract was sourced, and the article is available to download in full, from:
ssrn.com/abstract=2427582

Neustar 2014 ‘DDoS Attacks and Impact Report’ Finds Unpredictable DDoS Landscape

[news release] Neustar, Inc. … today (22/4) released its third annual “DDoS Attacks and Impacts Report,” delivering key insights on Distributed Denial of Service (DDoS) attacks and the business impact of these incidents. The survey reveals that DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage. Nearly twice as many businesses surveyed suffered a DDoS attack last year and more than 40 percent estimated DDoS losses at more than $1 million per day.

Other key findings include a growing trend toward quicker, more concentrated attacks, suggesting a spurt in “smokescreening” – where criminals use DDoS attacks to distract IT staff while inserting malware to breach bank accounts and customer data. In fact, 49 percent of businesses who suffered a DDoS attack and a breach in 2013 reported that a virus or malware was installed or activated and 55 percent of DDoS targets reported that they were also victims of theft. Attackers stole funds, customer data and intellectual property.

“DDoS attacks create an ‘all hands on deck’ mentality, and the potential for damage is high as criminals take advantage of the distraction to grab and clone private data to tap into funds, intellectual property and more,” said Rodney Joffe, senior vice president and senior technologist at Neustar. “Businesses should look out for shorter, more intense attacks without the traditionally expected extortion or policy demands. It is critical that they protect themselves by dedicating staff to watch entry systems during attacks, making sure everything is patched and having dedicated DDoS protection.”

Additional insights from the survey include:

Almost 90 percent of companies attacked were hit repeatedly
Larger attacks almost tripled. The number of attacks between 1-5 Gbps in size grew by 150 percent
DDoS attacks are consuming more manpower. Attacks requiring more than 10 people to put out the fire more than doubled compared to 2012
The costs of DDoS attacks were not only higher, but were felt more widely across the enterprise. Non-IT/security departments absorbed more than 50 percent of attack-related costs and customer support felt the impact most acutely at 63 percent of companies
There are now very few companies (under five percent) with no DDoS protection in place. Of the vast majority with protection, most still use traditional solutions like firewalls, switches and routers

Neustar surveyed nearly 450 North American companies in the financial services, technology, retail, government/public sector, health care, energy, telecommunications, e-commerce, Internet services and media industries. The full report, including comprehensive results from the survey and best practices from Neustar’s DDoS experts, may be found here.

###

About Neustar

Neustar, Inc. (NYSE:NSR) is the first real-time provider of cloud-based information services and data analytics, enabling marketing and IT security professionals to promote and protect their businesses. With a commitment to privacy and neutrality, Neustar operates complex data registries and uses its expertise to deliver actionable, data-driven insights that help clients make high-value business decisions in real time, one customer interaction at a time. More information is available at www.neustar.biz.

This Neustar news release was sourced from:
www.neustar.biz/about-us/news-room/press-releases/2014/neustar-2014-ddos-attacks-and-impact-report-finds-unpredictable-ddos-landscape

“Digital Divide” Domain Tax Advocated at NETmundial Opening Ceremony by Philip Corwin, Internet Commerce Association

The NETmundial meeting in Sao Paulo kicked off on the morning of April 23rd and one of the speakers at its Opening Ceremony proclaimed that the Internet was a curious type of “Public Commons” in which private domain registrants should be obligated to pay a fee to fund access, capacity-building, and general bridging of the Internet gap between the developing and developed world. That proposal for turning ICANN into a species of Internet tax collector and transnational development project fund disburser came from Nnenna Nwakanma, identified on the event agenda as a member of Civil Society from Africa. Her remarks received resounding applause from attendees.

Surprisingly, similar remarks came during the same session from World Wide Web developer Tim Berners Lee, who declared that the Internet had become “an essential public utility” and that ICANN should act in the best interest of the global Internet community – a duty that he linked to spending funds devoted to “closing the digital divide”. And that divide has been growing, even in those developing nations identified with technological and economic growth – according to a new Global Information Technology Report from the World Economic Forum “many large emerging nations such as China, Brazil and India saw their rankings drop”.

For the past few weeks those who expressed concerns that US withdrawal from its IANA counterparty role might result in greater Internet censorship, or even a global Internet tax, have been met with ridicule from some quarters. Perhaps their concerns are not so ridiculous. It’s easy to imagine the rationale for a “modest” $1 annual digital development fee levied on each registered domain, and ICANN might welcome the opportunity to build ties to Governmental Advisory Committee (GAC) member nations by doling out development dollars.

How much could such a $1 fee raise? According to VeriSign’s April 2014 Domain Name Industry Brief there are now 271 million registered domains, of which 123.5 million are ccTLDs operated by individual nations and likely to be excluded from such a fee as ICANN has no direct authority over them. That leaves 147.5 million domains at gTLDs and would yield $147.5 million per year. Once the precedent is set it’s a simple step to up the levy in future years – crank it up to $5, add in the natural growth in gTLD registrations accelerated by the rollout of more than a thousand new gTLDs, and you can get close to a billion dollars annually without breaking a sweat. That’s a very tempting target, and one that might well be advocated by ICANN’s own GAC at some point – especially if it switches to a majority vote decisional system as an outcome of the Internet governance evolution initiated at NETmundial.

Even more worrisome – the precedent has already been set! Few realize it, but the 2005 .Net registry operator contract between ICANN and VeriSign contained this language levying a 75 cents per .net domain fee for several purposes, one of which was a restricted fund for helping developing nation stakeholders better participate in ICANN :

Registry-Level Transaction Fee. Commencing on 1 July 2005, Registry Operator shall pay ICANN a Registry-Level Transaction Fee in an amount equal to US$0.75 for each annual increment of an initial or renewal domain name registration and for transferring a domain name registration from one ICANN-accredited registrar to another during the calendar quarter to which the Registry-Level Transaction Fee pertains. ICANN intends to apply this fee to purposes including: (a) a special restricted fund for developing country Internet communities to enable further participation in the ICANN mission by developing country stakeholders, (b) a special restricted fund to enhance and facilitate the security and stability of the DNS, and (c) general operating funds to support ICANN’s mission to ensure the stable and secure operation of the DNS.

ICANN mixed that Transaction Fee into its general revenues and never really provided an accounting of how those funds were allocated. Yet the follow-up 2011 .Net agreement contained almost identical language, with an added proviso that ICANN was not required to segregate the funds or establish separate accounts for the designated purposes:

Registry-Level Transaction Fee. Registry Operator shall pay ICANN a Registry-Level Transaction Fee in an amount equal to US$0.75 for each annual increment of an initial or renewal domain name registration and for transferring a domain name registration from one ICANN accredited registrar to another during the calendar quarter to which the Registry-Level Transaction Fee pertains. ICANN intends to apply this fee to purposes including: (a) a special restricted fund for developing country Internet communities to enable further participation in the ICANN mission by developing country stakeholders, (b) a special restricted fund to enhance and facilitate the security and stability of the DNS, and (c) general operating funds to support ICANN’s mission to ensure the stable and secure operation of the DNS; provided, that ICANN will not be required to segregate funds for any such purpose or establish separate accounts for such funds.

Notwithstanding that provision, the ICANN Board committed to an annual accounting when it approved the 2011 .Net contract:

“Whereas, the .NET agreement provides for a US$0.75 registry-level transaction fee, and ICANN has used the funds to support developing country Internet communities to participate in ICANN, enhancing security and stability of the DNS, and for general operating funds. ICANN commits to provide annual reporting on the use of these funds from .NET transaction fees.” http://www.icann.org/en/groups/board/documents/resolutions-24jun11-en.htm#4.rationale

Yet, so far as we can find, ICANN has never provided such annual reports even though the Board committed to them, and the fee is still siphoned into its general funds. That lack of reporting goes to the ongoing problems of ICANN accountability and transparency.

But, getting back to our original point, two speakers at NETmundial opening session suggested that ICANN needs to allocate more funds to closing the digital divide – and ICANN, as we know, gets the vast majority of its funding through the fees paid by domain registrants to registrars and then up-streamed to registries and ICANN. The great majority of gTLD domain registrants reside in the developed world, and the proposal put forward would have them pay a fee to fund projects in the developing world. So the issue of an ICANN-administered “tax” on registrants isn’t that far-fetched after all and does not require a UN takeover to occur. This important issue bears continued close watch by ICA and others.

*****

Other observations drawn from observing the NETmundial meeting remotely for more than ten hours on its opening day:

For a meeting supposedly conceived to strengthen the private sector-led multistakeholder consensus-based policymaking model, we found it curious that 27 of the 30 speakers at the interminable Welcome Remarks session yesterday morning were from governments or UN agencies — with just 1 each from civil society, the private sector, and academia. Not surprisingly, many of those speakers from governments wanted more government involvement in Internet governance.
Notwithstanding the stated desire of the NTIA and ICANN to keep the discussion of the IANA transition confined largely within the ICANN and I-star technical communities, numerous speakers – including Nellie Kroes of the EU and Brazil President Rousseff – called for all global stakeholders to have input. How that will be handled and how it impacts the transition plan’s development remains to be seen. Further, many speakers said that the September 2015 termination of the current IANA contract should be a decisional deadline, and not the mere goal stressed by NTIA and ICANN in recent Congressional hearings.
Despite promises that NSA surveillance would not be discussed, it was raised numerous times in the context of “privacy” and “human rights”. One shot of the meeting room showed numerous attendees holding aloft pictures of Edward Snowden.
Likewise, notwithstanding assurances that NETmundial would just produce general principles and a roadmap for the evolution for Internet Governance, numerous speakers have called for at least producing a list of deliverables and a schedule for achieving them.
It seems almost certain that the Internet Governance Forum (IGF) process will be strengthened as a result of NETmundial, with that meeting being allocated some future decisional powers. This may be a good thing if it staves off greater UN involvement – and likewise, up to a point, for some of the calls for strengthening the role of the Governmental Advisory Committee (GAC) within ICANN.
Net neutrality emerged as a somewhat unexpected issue, probably to the chagrin of the telecommunications firms in attendance.

Finally, the first day’s Fence Straddler Award goes to President Rousseff for her declaration that there was “no opposition” between the government-dominated multilateral model and the private-sector led multistakeholder model. And the MIA Award goes to ICANN CEO Fadi Chehade, who was the only participant in the Opening Ceremony who did not say a word.

As the afternoon session went on, the discussion finally opened up to attendees, who provided their own multiple suggestions for how the conference output document should be amended. That process will continue into NETmundial’s second and final day. Stay tuned.

This article by Philip Corwin from the Internet Commerce Association was sourced with permission from:
www.internetcommerce.org/Digital_Divide_Tax