By Chuck Kisselburg
After submitting my last post regarding Senate bill 2661 (S. 2661), I couldn’t help but feel the message was not complete. There was another element that remained to be explored.
While the bill, as is, is definitely in its infancy and, if it survives, will continue through the process with many revisions made along the way. As the bill stands today I still feel it is a bad bill and leaves room wide open for misinterpretation, taking advantage of others by the “bad seeds†of the world and money wasted on MANY lawsuits ahead.
So knowing that there still is a long road ahead, something continued to bug me about my last post. While sipping an iced-tea in one of Portland’s MANY local coffee shops, it hit me.
“OPPORTUNITY!â€
There is no doubt that people and businesses are being harmed through phishing scams. Such scams are something we all hate. However, when you read the Anti-Phishing Working Group’s December 2007 report and the Brandjacking Winter 2007 report , you will find that the phishing community is alive and active. Based on such reports I can see the basis for the bill.
However, labeling an entire community by the actions of a small few is wrong. That’s like saying all Americans are loud and arrogant. Hmmmmm….. Perhaps that was a bad example, but I think you understand what I mean.
What “opportunity†do I see with this bill? As mentioned, there is no doubt that phishing is a problem and, just like domain tasting, needs to end. However the opportunity I see is this is a chance for various organizations to come together to work “together†on providing input to this bill. In my mind I would like to see Congress work with the following consortium:
The Internet Commerce Association, or ICA.
ICANN
Registrars
Registries
The ICA clearly needs to be present as this organization provides the voice for the Domainer community.
ICANN needs to be present as it is their policies that affect the Internet community on a global basis. ICANN is currently working in conjunction with other organizations to build in the policy to squelch domain tasting.
Registrars are the interface between the registries and the Domainer community.
Registries maintain the integrity of their respective TLDs, gTLDs or ccTLDs, live by the policies developed by ICANN and work with the Domainer/registrar community.
I feel it is necessary for ALL groups to be at the table to help provide input into the crafting of this bill.
If Senate bill 2661 never makes it to a vote, or is voted down, other bills will emerge.
So while organizations are busy working in their own respective communities, the “opportunity†is there for all parties to come to the “SAME†table, roll up their sleeves and provide constructive input. This also applies to Senator Snowe’s office. It also behooves members of their respective communities to provide their respective organizations with constructive input instead of expressing frustration or simply complaining. So, if a bill is to come about, and Senate bill 2661 may be that bill, the opportunity is there to educate each other and work together to craft a good bill.
And if people are thinking about an organization needing to make the first move, let me move us all beyond that barrier by saying ICANNWiki.org, this neutral organization for the overall ICANN “communityâ€, based in a Portland State University facility, will be more than happy to provide the stage, both physically as well as virtually, for this conversation or “opportunity†to occur.
March 17th, 2008
by Chuck Kisselburg
On February 25 of this year Senator Snowe, (R) of Maine, introduced Senate bill 2661. The bill, co-sponsored by Senators Ted Stevens, (R) Alaska, and Bill Nelson, (D) of Florida, is aimed at, “protecting Internet users“.
When you read the bill itself it seems pretty innocuous as it starts off talking about guarding against phishing that can result in the massive amounts of phishing e-mails we all receive. The bill states that 59,000,000 phishing e-mails are sent each day. That is STAGGERING! The bill further states that, “According to Gartner, Inc., between August 2006 and August 2007, roughly 3,500,000 United States computer users were victims of phishing scams, and suffered losses totaling $3,200,000,000.â€
However, if you keep reading what you will find are statements like, “Phishing operators utilize deceptive domain names for their schemes. They routinely register domain names that mimic the addresses of well-known online merchants, and then set up websites that can fool consumers into releasing personal and financial information.†As well as “Deceptive domain names, and the abuses for which they are used, threaten the integrity of domain name systemâ€. The bill also notes that “The World Intellectual Property Organization reported in April 2007, that the number of Internet domain name cybersquatting disputes increased 25 percent in 2006.†I couldn’t help but sense the “stage is being setâ€, but for what?
As I read the bill I find information to ensure the accuracy of the WHOIS database, meaning the information contained in WHOIS should be accurate and not contain information that hides the identities of others. OK, I get that. That makes sense, but I know that makes a portion of the domainer community nervous. (I say only a portion because I know a lot of domainers who don’t try to hide their identity.) However, when reading further I stumbled across the below verbiage in the bill:
(b) Deceptive or Misleading Domain Names-
(1) IN GENERAL- It is unlawful for any person to use a domain name in an electronic mail message, an instant message, or in connection with the display of a webpage or an advertisement on a webpage, if–
(A) such domain name is or contains the identical name or brand name of, or is confusingly similar to the name or brand name of a government office, nonprofit organization, business, or other entity;
(B) such person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that the domain name would be likely to mislead a computer user, acting reasonably under the circumstances, about a material fact regarding the contents of such electronic mail message, instant message, webpage, or advertisement (consistent with the criteria used in enforcement of section 5 of the Federal Trade Commission Act (15 U.S.C. 45)).
This is certainly “interesting” as, the way I read it, the portion that reads, “such domain name is or contains the identical name or brand of, or is confusingly similar to the name or brand name of a government office, nonprofit organization, business, or other entity†opens the door for anyone to go to a domainer and say that their domain name is “confusingly similar to their name or brand nameâ€. This, despite the fact that a domain owner may have taken the steps to work with a lawyer to ensure their domain names are not conflicting with any other domains or trademarks and have, themselves, trademarked their domain name(s). This bill is SOOOOOOO open that it basically allows business owners, no matter how upstanding, or lowstanding they may be, to go to a domainer, having the domainer turn over the domain name they have purchased and developed in good faith.
After reading this bill I couldn’t help but wonder several things…..
First of all, some people look at domainers as living in the “Wild West†, heading out on their own without boundaries and being reckless. After attending various domainer conferences I know that image is false. However, I can’t help but apply that “Wild West†description to this bill. Keep in mind ICANNWiki.org is neutral and listens to the entire ICANN “communityâ€, but in reading this bill the recklessness, for lack of a better term, is fairly obvious. Is Snowe’s office reaching out and working in concert with the community to try and curb phishing activity? Is Snowe’s office working with ICANN or are they off and running on their own? Is Snowe’s office working directly with the Internet Commerce Association? Or is Snowe’s office running on their own?
Yes, there are domain tasters and there are people who try to tie up domain names that may infringe on trademarks, but from what I have learned that is far more the exception than the norm. So labeling everyone in one community based on the actions of a few is, what I feel, not what this country is about. Regarding domain tasters, the community IS taking steps to bring tasting to a halt.
One of the many things I wondered about was the jurisdiction of this bill. If passed as is, would the teeth of this bill reach beyond the US shores? In dialing into the ICANNWiki.org community I found out that the answer is probably yes. On January 1, 2007 the US joined the Council of Europe Cyber Crime treaty. The purpose of the treaty “…provides for `mutual assistance and extradition among participating nations.’ ” While 30 countries signed the treaty when created in Budapest in 2001, the number of countries currently supporting the treaty today is not easily found. Also, from a jurisdictional perspective, how might this work with, or interfere with UDRP policies that have been established in various countries. For those countries that have not signed onto the Council of Europe Cyber Crime treaty, but have an established UDRP within their country, does this bill seek to work with such UDRPs?
Getting back to the statement, “ such domain name is or contains the identical name or brand of, or is confusingly similar to the name or brand name of a government office, nonprofit organization, business, or other entityâ€, how many times have you attempted to drive to a location only to stop and pause, thinking, “You know…. That looks familiar. Is that my destination?†With that in mind, should the same apply to land? If someone feels their land is confusingly similar to their piece of land does that mean you need to hand the title of your property over to the other person? No!
While this bill has understandably raised much concern by the community, one sage counselor in the ICANNWiki community reminded me that the bill is still in its infancy. One of the things to watch in a bill is if the bill is “partisan†or “bi-partisanâ€. Bills with a “bi-partisan†sponsorship tend to have a stronger chance of going forward. As we know, this bill has bi-partisan sponsorship. While it has been referred to the Commerce subcommittee, one should become more concerned if it winds up in either the Judiciary or Banking committees. Another good signal is to watch what is going on in the Center for Democracy & Technology site. Finally, if this bill progresses through the Senate it will not doubt receive edits like other bills. Also, a similar bill will need to make its way through the House. Bottom line is if the bill ever passes it has the opportunity go filter through both the Senate and the House, with various edits along the way before a single bill is decided upon for vote.
So, while reducing phishing is a good thing, this bill seems to be grabbing at anything associated with the “potential†of phishing. Remember the “Salem witch huntsâ€? That is what this bill reminds me of as it is lumping and affecting large groups of people who should not have to bear the “Scarlet Iâ€.
March 12th, 2008
By Chuck Kisselburg
NIXI (National Internet eXchange of India), is the registry for “.inâ€. With offices throughout India NIXI is the meeting point for all ISPs in India. NIXI facilitates the exchange of Internet traffic between peering ISP members. What better way to understand the impact IDNs will have on India than through a conversation with a member of NIXI?
Having just spent a week in New Delhi for the ICANN conference, I was fortunate to spend time in the community. My hotel, NOT one of the recommended hotels, seemed to cater less to those who spoke English and more to those from around India and Southeast Asia. In other words, I heard very little English. Most of those who worked at the hotel spoke very little, to no English. As such I could not help but see how useless today’’s Internet is to a group of people. Now, expand my little microcosm to the world and the number of people who can’t really use today’s Internet is, well, HUGE!
As Director of ICANNWiki.org, I am VERY pleased to have had this conversation with Rajesh Aggarwal, the Additional CEO for NIXI. Rajesh provides insight regarding the impact IDNs will have on one of earth’s most populated countries, India. With 22 “official†languages, and countless local languages and dialects, India stands to benefit greatly from the use of IDNs.
What does having IDNs mean to you?
More than a billion Indians do not understand English. We are going for Indic language operating systems, applications and web content. Having URLs also in the Indian language will be a good step to include for all of these people.
Will IDNs have an impact in your area?
It will generate positive vibes, or feelings, in the sense that Internet administrators are concerned about non-English speaking people.
How might IDNs hinder your geographic region?
There are still issues in typing Indian characters in browsers- this however will be covered by plug-ins. We have to be careful about phishing, etc. as many Indian characters and conjuncts can be confusingly similar. There are multiple ways of writing the same word.
How might IDNs help businesses in your geographic region?
Many small businesses, especially catering to rural areas, may register IDNs and create websites in Indian languages.
Which group will benefit most from IDNs in your area and why?
Registrars will have a new area opening up. Bloggers, Indian language Newspapers, and small businesses will be the first ones to go for these addresses.
Do you foresee any challenges with which applications will be able to support IDNs?
Yes. Operating System and browser issues are still there. In many cases characters are still not represented the way they should be.
How do you hope IDNs are NOT used?
I hope they are not used for purposes of phishing and cyber squatting. We have to be very careful about this.
What is your biggest hope for IDNs to accomplish?
My biggest hope for IDNs is that they generate interest in Indian languages, resulting in the creation of many more websites and blogs in local languages; more than are available today.
Thank you, Rajesh!
March 3rd, 2008