Byron Holland
Byron Holland is President and Chief Executive Officer of the Canadian Internet Registration Authority (CIRA). View bio
14
May
Celebrating 25 years of bringing Canadians together online
Do you remember what you were up to in 1987? It seems like a lifetime ago. I was in university, Brian Mulroney was Canada’s Prime Minister, and Fatal Attraction was the year’s top grossing movie. Depending on your musical taste, you were either listening to The Bangles’ Walk like an Egyptian or Guns and Roses’ Appetite for Destruction. In the tech world, 1987 marked the year Steve Wosniak left Apple and there were 10,000 hosts on the Internet. It was also the year .CA was created, making today, May 14, 2012, .CA’s 25th anniversary.
Twenty-five years ago John Postel, operator of the Internet Assigned Numbers Authority (IANA), delegated the .CA top-level domain to John Demco at the University of British Columbia (UBC). For the next 13 years, Demco and a group of volunteers ran the registry, until it was transferred to CIRA in 2000.
Milestone anniversaries like this are times to reflect on the accomplishments of .CA, and of those key visionaries, like John Demco, who saw the potential the Internet had to offer. It is also a good time to take stock of where we are. We are rapidly approaching two million .CA domains under registration. .CA is now the world’s 14th-largest domain registry, and has the fourth-highest growth rate over the past five years. In short, .CA is an integral part of the Canadian economic and social landscape.
We’ve got some big plans to celebrate this key milestone a little later this year, but if you’re really keen on reliving your youth, you might want to join us at the mesh conference in Toronto at the end of the month.
Stay tuned.
11
May
Internet security in Canada
This week, the Internet security firm Websense released a report on cyber-crime in Canada. The bottom line is that malicious activity online is on the rise in Canada, but let’s make one thing clear: This report is referring to websites hosted in Canada, not to .CA per se. Canada may rank second for malicious behaviour for hosted sites, but it has nothing to do with .CA.
This is clearly a hosting issue. Canada, though in reality a relatively small player, is experiencing an increase in online criminal activity. And, though it is not a .CA problem, it is something CIRA takes very seriously. At CIRA, the safety and security of .CA is of utmost importance.
That said, I’m not surprised at the findings in the Websense report. As part of the Canadian Internet Forum, we surveyed Canadians on what they felt were the key Internet-related issues for Canada. Security was the top challenge identified by Canadians. As the Internet becomes more integral to the Canadian economic and social landscape, there will be more who would like to take advantage of that fact in a criminal manner.
Some of the statistics around cyber-crime in Canada are startling. According to a 2010 report from Norton, cyber-crime cost Canadians $5.5-billion in 2010. The Websense report found that Canada has experienced a 39 per cent increase in botnets, and a 239 per cent increase in malicious websites over the past year. And, Canada is now the number two country for hosting phishing sites, though again I must point out that this does not mean .CA. According to a report from the AntiPhishing Working Group (.PDF):
“Phishing is generally distributed by top-level domain market share, but 93% of the malicious domain registrations were in just four TLDs: .TK, .COM, .INFO, and .IN.”
Note that this list does not include .CA. In fact, in the same report, the AntiPhishing Working Group reported that there were no malicious .CA domains registered in the second half of 2011.
We all have a role to play in keeping the Internet safe and secure for everyone. At CIRA, security is job number one. That’s why .CA is consistently ranked as one of the safest top-level domains, and we are working at making .CA even more secure. Later this summer, we will be implementing Domain Name System Security Extensions (DNSSEC), an important set of extensions that provide an extra layer of security to the domain name system (DNS). Once implemented, DNSSEC will provide Canadian Internet users with a more secure Internet experience.
Furthermore, CIRA’s Canadian Presence Requirement (CPR), a rule that allows only people and organizations who have a presence in Canada to register a .CA domain, keeps .CA safer than many other top-level domains. Because of CPR, Registrants are required to provide proof of that presence, something a criminal is highly unlikely to do.
Online security is the responsibility of everybody who uses the Internet. The Websense report states that 82 per cent of malicious websites are hosted on compromised computers and servers. CIRA does its part through activities like watching for suspicious information when .CA are registered and enhancing security on the technical side. That said, it is critical that Internet users do their part. This includes making sure you have up-to-date anti-virus software installed on your computer, becoming an informed ‘online shopper’, making sure you have secure – read complicated – passwords, and only clicking on links that come from trusted sources. Here’s another useful tip: one Member of the CIRA team even updates her parent’s antivirus software when she visits them.
CIRA is working with the Media Awareness Network to develop a series of tip sheets to help Canadians stay safe online. To date, we’ve released two:
- The Cyber Security Consumer Tip Sheet: Safe Surfing (.PDF).
- Cyber Security Consumer Tip Sheet: Protecting yourself from Malware (.PDF).
These tip sheets provide plain language information to help Canadians stay safe online. If you know someone who could use this information, please share them. Above all, I urge you to work with us in our efforts to keep the Internet safe and secure. We also operate a DNSChanger Malware Checker to check your computer for a particular malicious code. You can check your computer here.
Stay safe online!
3
May
CIRA’s outreach on governance
Yesterday, we closed a month-long outreach on proposed changes to CIRA’s governance process and structure. We are now in the process of reviewing the feedback we received. When we set out to renew CIRA’s governance structure and processes, we wanted to ensure our Members had the opportunity to ask questions and provide us with their ideas and opinions regarding the changes. To that end, I am happy to report that we received a fair amount of feedback.
In terms of next steps:
1. The CIRA Board will review the feedback and, if necessary, make updates to the proposed changes.
2. We anticipate that Members will receive the final proposed by-laws on or before August 18, 2012 to review.
3. Members would then have the opportunity to vote on the final proposed changes at our Annual General Meeting on September 18, 2012, in Ottawa.
I will be providing updates on the process on this blog as information becomes available.
I would take this opportunity to personally thank everyone who took the time to help us strengthen CIRA’s governance.
1
May
Guest post by Paul Andersen, Chair of CIRA’s Board
Last month, CIRA initiated a Member outreach regarding proposed changes to its governance structure and processes. The catalyst for acting at this time is modifications made by the federal government to legislation governing not-for-profits. CIRA isn’t the only organization changing its governance structures and processes; all federally incorporated not-for-profits have to do the same.
I have been a part of CIRA’s Board since near the organization’s beginning. Over the past 10 years, I have seen a lot of changes in both the organization and the environment in which it exists. CIRA has grown and matured. Now approaching two million .CAs registered, CIRA is one of the fastest growing registries in the world. We no longer talk about CIRA becoming a world-class registry; CIRA is a world-class registry.
This means that over the past decade the role of CIRA’s Board has changed. In the early days of the organization directors were, out of necessity, much more hands on. The initial elected board almost equalled the number of staff we had! Until the board was confident CIRA had sufficient capacity to effectively manage the .CA registry without that level of support from the Directors, we had to take a more active management role.
That role is now in the past and the industry has changed. CIRA is now a much more mature organization with a highly capable staff. CIRA needs to continue to evolve its governance to continue to build the organization. The Board feels that the time is right to propose changes to our governance policies and processes to do just that.
We are proposing a single slate of candidates for the Board election through a nomination committee, comprised of some key stakeholders from the Canadian Internet community. We have had a nomination committee for a long time now. One of the criticisms has been that it has not operated in a transparent manner. We are addressing that criticism through several changes which are documented in the proposal. The idea of a nomination committee isn’t a new one, nor is it uncommon in the Internet governance world. ARIN, ISOC and ICANN – all organizations at the heart of Internet governance – all utilize a nomination committee in the selection of their directors; and it is widely recognized as a best practice for not-for-profit governance.
Even though we are proposing to move to a single slate of candidates, the fact is .CA Members are still at the core of our governance. Members control our by-laws and are the only people who can vote for Directors. Members can also run for the Board (and, in fact are encouraged to!) by applying to do so through the nomination committee process. There are also mechanisms that allow individuals to make proposals that would allow a Member to be added to the ballot, provided there is a sufficient support of the membership (currently this is defined as five per cent, but an area we are hoping to gain feedback on).
As a world-class registry CIRA requires a strong Board of Directors. To do that we need the best people, and to get the best people, we need governance structures and processes that are in line with the maturity of the organization and of the industry as a whole. We are ensuring that our actions are transparent and that we are keeping our .CA Members fully informed and engaged. That’s why we’re looking to you to let us know what you think. We welcome any and all input from our Members on the proposed changes.CIRA is a member-based organization, with a mandate to manage .CA as a key resource for all Canadians, .CA users will have the final say on any changes that are implemented.
In short, we are proposing to simplify the process for electing Directors, to reduce the size of the Board and to add much greater transparency to the already existing Nomination Committee process. We hope this governance structure and process will guide CIRA through its next decade as a world-class domain name registry.
We have been working hard at engaging a wider range of stakeholders in our activities. Over the past two years we’ve increased engagement with .CA Members and have created a Policy Advisory Committee, comprised of both Directors and stakeholders from outside CIRA to provide expert advice in a variety of areas. We’ve also initiated some grassroots initiatives to facilitate dialogue on issues of Internet governance with average Canadians through events like the Canadian Internet Forum (CIF). The CIF has been highly successful, engaging Canadians from coast-to-coast-to-coast in a dialogue about Internet-related issues of interest to them.
The changes we are proposing are difficult. The Board has engaged in much effort and debate on governance reform over the last three years. We have made some difficult decisions in proposing these changes, and want to hear from you to see if we got them right. That’s why we are consulting with .CA Members. I urge you to step back and look at the changes as a whole, and I hope that you will see that this is major step toward improvement.
Whether or not you support the proposed changes, the most important thing is to tell us what you think. Get involved in the discussion – review the proposed changes and related materials here and let us know what you think by emailing us at governance@cira.ca.
I thank you in advance for your feedback.
4
Apr
Update on CIRA’s Governance
CIRA is a federal not-for-profit organization. As such, we are subject to the Government of Canada’s legislation that governs not-for-profits. Recently, changes were announced to the federal legislation that governs not-for-profits like CIRA. Given that the current legislation dates from 1917 – the height of the First World War – these changes are definitely welcome.
To comply with the new legislation, we need to make some changes to our governance documents, including our by-laws. That’s a good thing – it’s healthy for an organization, from time to time, to look at the foundations on which it operates. And, since CIRA recently passed its 10-year anniversary, the timing seems appropriate. The last time significant changes were made to CIRA’s bylaws was in 2006, half of CIRA’s lifespan ago. To put that in context, in 2006 there were fewer than 700,000 .CAs registered – we’re currently fast approaching the 2,000,000 mark.
CIRA is in a very different place now. As an organization, we’ve matured – we’ve grown both in domain names registered and in the number and experience of our operating staff. It is time, in short, to update the governance structure and process that was intended to build the organization. So while we’re looking at some of these mandatory changes, CIRA’s Board of Directors decided to take the opportunity to review our overall governance processes and structure.
The result of this review will be a robust set of governance documents and processes that:
1. Results in a process that is more open, transparent and robust.
2. Reflects current best practices.
3. Increases efficiency and effectiveness by reducing the complexity and time of the current Board selection process.
CIRA is a Member-driven organization. .CA Members are one of our critical stakeholder groups, and likely the most important one when it comes to governance. We are intent on ensuring they are informed and involved in this process. We want to ensure our Members have the opportunity to ask us questions and provide us with feedback on the proposed changes before they are formally submitted to them, the .CA Members, for approval.
To that end, we’ve developed a comprehensive process to consult with Members and obtain their feedback. This feedback will be used to finalize the new bylaws:
1. This week, Members were invited to review the new proposed changes, and share any questions or feedback with us before May 2, 2012. This can be done via the dedicated governance@cira.ca email account.
2. CIRA will review the feedback and make updates to the changes, as necessary.
3. Members will then have the opportunity to vote on the final proposed changes. We anticipate this would take place at our Annual General Meeting on September 18, 2012, in Ottawa.
I hope you will join us in strengthening CIRA’s governance. By the way, if you’re not already Member, it’s a good time to become one. It’s easy and free, and available to anyone with a .CA domain name. Visit our Member portal for more information.
16
Mar
Canada, the Internet needs you
On February 27, 2012 CIRA hosted a unique meeting on the future of the Internet in Canada. The Canadian Internet Forum (CIF) brought together leading Canadian and international Internet experts and more than 400 interested citizens. Another 100 participated in an online forum CIRA hosted leading up to this event.
While the Internet is one of the greatest drivers of positive social and economic change the world has seen, there have been few opportunities for citizens to have their say about its development. Fact is, most of us don’t even think about how it runs, or who runs it.
In my opinion, this is both unfortunate and increasingly perilous. I’m reminded of a sign I saw at one of the many SOPA protests across North America over the past few months, “It is no longer okay not to know how the Internet works.”
We are moving more and more of our lives online. The Internet has become an integral part of the economic, political and social lives of all Canadians. It is everywhere and is now part of the social and economic fabric of this nation. Unfortunately, there are people who would like to take advantage of this new found ubiquity of the Internet for criminal gains.
Through the discussions at the CIF, it became clear that Canadians are very concerned about online crime, and, in turn, governments are increasingly under pressure to deal with this. Governments are reacting in the only ways they know how, through regulation and control. We’re seeing it with legislation like the recently introduced Bill C-30, and with the forthcoming anti-spam legislation. We’re also seeing it at the global level in the actions of several organizations and nations that are attempting to extend their reach over the ‘net.
It is my opinion that a more nuanced approach is required. While governments work to police online activities and extend their reach to control the Internet, the end result may be the opposite of their intent.
Here’s the problem. Internet governance is a bit of a misnomer. The Internet is governed by the people and organizations that have a stake in its success. This governance model, called the multi-stakeholder model, works, and I would argue is the reason for the Internet’s continued egalitarian landscape and success. It is the model that has successfully put two billion people online in the past decade.
Why does it work? Because a myriad of stakeholders (i.e. engineers, marketers, coders, civil society, security experts, and so on) have an equal voice to nations or NGOs or corporations. Decisions can be made by a group of informed stakeholders at a rapid pace and relatively free of undue political interference.
Here’s another problem. The Internet is now a part of all of our lives. We are all the stakeholders who benefit when the Internet succeeds. Therefore, if we want the Internet to succeed we have a duty to get informed and get involved in its governance.
The multi-stakeholder model is not one that national governments are typically used to working with. This model works within an environment where legislation and control are often met with, skepticism and sometimes outright defiance. A multi-lateral approach – one in which decisions are made by governments in a top-down manner – would likely exclude the experts, the very people who have made, and continue to make, the Internet a success.
At the CIF, we gathered some of the brightest minds in the Internet world to discuss issues such as cyber-crime. They didn’t necessarily agree on a path to dealing with these issues – some thought the government should take the lead; others were vehemently opposed to this. What they did agree on, however, was the need for dialogue, and for that dialogue to include all affected stakeholders. In other words, a top-down approach to governing the Internet is not the path to success.
We don’t know the answers yet. The ubiquity of an entity as powerful as the Internet is still new to us, and is causing us to redefine the ways in which we communicate, make our livings and socialize. It’s time to rethink the ways in which we address the negative aspects that come with it, too.
If anything, the SOPA protests earlier this year proved that the Internet community has realized it has digital rights. However, like any democracy, rights come with responsibilities. In the digital world, these responsibilities include getting and staying informed about the issues that affect the Internet and standing up when your rights are threatened.
Get informed, Canada, and get involved. The Internet needs you.
9
Mar
Domain name seizures and .CA
Domain name seizures have been top-of-mind for many people lately.
It was one of the topics identified at the Canadian Internet Forum, and the high profile seizure by the U.S. government of the Canadian online gambling site bodog.com has been getting a lot of media attention. This also isn’t the first time the U.S. government has seized domain names based on ‘illegal’ activity. In 2010, a number of .COM, .NET and .ORG domains were seized, and a country code top-level domain (ccTLD) operated by VeriSign in California, .TV, was seized as well. In 2011, another 150 were seized.
For the most part, the Internet does not recognize national borders. Internet traffic is routed all over the globe, and it’s possible to register a domain using a wide variety of domain name extensions.
Here’s the thing – the stuff to the right of the dot matters: note that bodog.ca still resolves.
If you register a domain name with an extension that is managed in another country, it is likely subject to the laws of that country – full stop. If a website is found to be in violation of American law, and the domain for that site is an extension managed by a U.S. entity, the U.S. government may seize it.
If you keep your business in another country (in the case of Canada, register a .CA with a Canadian Registrar and use a Canadian web host), foreign governments can’t unilaterally seize it. CIRA has never been asked by a foreign government to shut down or seize a domain name.
The DNS root zone does fall under American jurisdiction with ICANN (through IANA) as the operator. However, ICANN has explicitly stated in a blog post that they do “not take down domain names” and that they “have no technical or legal authority to do that.”
The fact is ICANN couldn’t cherry-pick domains even if it wanted to. If the U.S. government decided that they wanted to shut down a .CA website, and tried to do it through ICANN, they would have to shut down all of .CA in the root zone. This would involve cutting off every single .CA website and email address from the Internet, and they’re not going to do that for a number of reasons (not the least of which is the fact that shutting down the entire .CA domain space and everything in it would be a major international incident).
The global economy would freeze if the U.S. government took such an action. The underpinnings of the Internet would be completely undermined. Think about this: the U.S. government hasn’t even shut down the Internet in nations they’ve been at war or have very strained relations with – Iraq, Libya, Iran are just a few examples – because the trust that supports the Internet is fundamental to the economic and social well-being of humanity. Given that, why would they shut down an entire top level domain over a single website?
The Internet has brought us incredible benefits, many due to the fact that it breaks down national and geographic borders. However, because of the very nature of the Internet – the fact that it is ‘virtual’ and ‘in the cloud’ – most of us don’t tend to think of it being governed by the laws of a particular nation. But as the bodog.com case demonstrates, it is critically important to be aware of which jurisdiction your digital assets are in, and therefore what laws they may be subject to.
16
Feb
A rational look at Bill C-30
The debate surrounding the federal government’s recently introduced “The Protecting Children from Internet Predators Act”, or Bill C-30, has raised emotions on all sides. The need to protect children from exploitation has been pitted against the the individual’s right to privacy, so there’s no surprise that sparks are flying. But let’s take a rational look at the legislation and what it could mean for Canadians.
I’ve talked about the fact that trust underlies the success of the Internet. The reality is that the Internet is a series of transactions among people, whether through personal communication or technological/ informational communication at the domain name system (DNS). Legislation like C-30 erodes this trust by allowing an unknown, unauthorized party access to what was previously considered private communications. Ironically, this is the very thing that we in the Internet industry are trying to protect by implementing DNSSEC.
The Internet has become omnipresent in our lives. Between our search history, online activity and GPS enabled smart phones, we leave our digital footprints everywhere. And if given the power to do so, the government can easily put together a very detailed profile of any individual, all without a warrant. In my opinion, without the oversight of the courts in gaining this information, the potential for mistakes, or even abuse, is too great. We don’t have to look very far to find instances where law enforcement overstepped its bounds to catch the ‘bad guy’ and got it wrong. We now know that Mahar Arar was tortured in a Syrian prison based on misinformation provided by Canadian law enforcement authorities.
Not to be alarmist, but we don’t have a great history of state surveillance. It’s within the lifetime of most of us that informants or the ‘Stasi’ in Eastern Germany, and its equivalent in Poland, the former Yugoslavia, and other Eastern Bloc nations had neighbours spy on neighbours and report back to the state. Having the technology to now do the surveillance for us – thereby removing the human element – doesn’t make it anymore acceptable to a democratic society. It is ultimately the same paradigm of an informant-based means of controlling society. As Benjamin Franklin wrote nearly 300 years ago, “They who would give up an essential liberty for temporary security deserve neither liberty nor security.” Just because we can surveil citizens en masse doesn’t mean we should. In fact, given that technology can now easily and cheaply monitor just about everything you do and everywhere you go, I would argue that government needs to be even more vigilant in protecting its citizens’ right to privacy. The current government is correct that we need to modernize the legislation around this issue, let’s just make sure we modernize the right things.
Governments also don’t have a stellar track record of protecting data on its citizens when it’s collected, either. From health information to detailed information on taxpayers, data breaches within government departments happen all too often to make me comfortable with the government having a database of Canadians’ browsing history.
Ontario’s Privacy Commissioner, Ann Cavoukian, called Minister Toew’s assertion that the Bill would ensure law enforcement have the tools they need to fight crime in the 21st century “nonsense.” In fact, all of Canada’s privacy commissioners have come out against C-30.
Yes, we need to stop malicious activity on the Internet. There is no question about that. But legislation like C-30 casts a net over the entire population based on the actions of an incredibly small number of people. This is akin to dropping a nuke to kill a cockroach – the same analogy I used a few weeks ago to describe SOPA. Effective? Maybe, but at what cost? Too high, in my opinion. Anything that erodes the trust that has enabled the tremendous economic and social growth the Internet has been responsible for over the past two decades cannot be worth the outcome.
I am in total agreement that there is a need for a quick and efficient means of taking town unlawful online materials or websites. But, this can be done in a variety of ways that doesn’t require sweeping legislation like Bill C-30. In fact, CIRA already have an example of how the privacy of Canadians can be protected while still allowing law enforcement the ability to act quickly without needing to take the judicial route (i.e. court orders) with our WHOIS database.
Our WHOIS has an administrative instrument (no court order required) whereby domain names can be disabled if it is “directly or indirectly, intentionally or unintentionally, is or may become involved” in one of a set of activities (which includes the distribution of child pornography). All without infringing upon an individual’s right to privacy.
Canadians are an ingenious lot – I’m pretty sure, given the right resources and people, we can come up with a well thought out, rational approach that will enable law enforcement to do their job without compromising the rights of Canadians. As a free and democratic nation, we should expect nothing less.
What do you think? Can we protect the most vulnerable in our society without infringing on citizen’s rights?
9
Feb
The 2012 Canadian Internet Forum
On February 27, 2012, we’re hosting the Canadian Internet Forum (CIF) national event in Ottawa. At the CIF, I will present findings from a three-month online dialogue with Canadians about the development of the Internet. There is no cost to attend.
I am happy to announce that Robert Herjavec will be joining us to deliver the keynote address. Robert is the well-known star of CBC’s Dragons’ Den and ABC’s Shark Tank. He’s also a very successful Canadian Internet entrepreneur – he lives and breathes the business of the Internet.
A panel that draws from a diverse section of the Internet community will also be part of the event, including Michael Geist (University of Ottawa), Steve Anderson (Open Media), Bill Graham (Internet Society), Bertrand de la Chapelle (ICANN), and Frédérick Gaudreau (Sûreté du Québec). They will discuss both the challenges and opportunities for the Internet in Canada. And, we have worked a lot of time into the agenda to hear from you. We want to hear your opinions on how you think the Internet should develop.
If you will be in Ottawa, please join us. If you’re not, you can still participate via webcast. And while the Internet continues to have a huge impact on society – it has had immeasurable impact on the global economy and the spread of democracy – there are few events like the CIF that give a voice to Canadian Internet users. In light of issues that have gotten a lot of attention recently (like SOPA and ACTA), I strongly encourage you to get involved in this unique event.
The Internet has become the driver of a new, knowledge-based economy, and has radically altered the ways in which we communicate with each other. I believe it is the greatest driver of social change since the printing press.
However, most of us do not give a lot of thought to how the Internet is run, nor who runs it. Nor are there many venues for the average Internet user to have a say in how they think it should develop. Yet in light of recent events – SOPA for one – the Internet is too important to be left to ‘someone else’ to look after. Yes, the SOPA protest was a great example of digital citizens exercising their digital rights. Collectively, we shut down legislation that would have done away with the free and open Internet. But with those rights include responsibilities, including the responsibility to voice your opinion, in a reasoned and thoughtful way, about how it should develop.
This is why I think it is critical for Canadians to participate in the CIF. Please register for the national event, and take the time in the next day or so to join the conversation at the CIF discussion forum.
There’s still time to have your say in the CIF online forum. You have until February 12 to engage in the discussion. Hot topics among Canadians included digital literacy, security and safety, access/cost, digital economy, policy and governance, and technology and regulation.
Please visit cif.cira.ca to talk about the issues on your mind, and join us on February 27 for Canada’s best Internet event.
26
Jan
My Predictions for 2012
This past year has been an interesting one, to say the least. We witnessed major decisions that will affect the top-level domain business dramatically, including the approval of .XXX and new gTLDs.
And while I made a few predictions at this time last year, there were some events in 2011 that no-one could have foreseen.
That said, and for what it’s worth, here are three relatively small, and two larger Internet-related topics I think we’re going to hear a lot about in 2012:
I blogged about the Stop Online Piracy Act (SOPA) the other day. While word from the White House has been that the President will not support the bill, the fact is we have not seen the last of these heavy-handed attempts to protect copyright and prevent counterfeiting.
In light of the online protest against SOPA and its impact on the legislative debate in Washington, I’m of the belief that legislation like SOPA will never see the light of day. Governments are going to have to start getting very creative in order to find the balance between protecting copyright and preventing counterfeiting while maintaining a free and open Internet. SOPA is going to signal a tipping point of sorts. The SOPA debate has demonstrated to the ‘old white guys’ in charge that they are reaching a dangerous limit when it comes to inhibiting freedom of the Internet.
On a related note, the Canadian government has been attempting to amend copyright legislation for a few years now. The current bill, C-11, will likely pass before this coming summer. The Copyright Modernization Act is exactly as its name implies: legislation to bring copyright law into the 21st century. Like SOPA, it is not without its critics, especially with regard to the ‘digital lock’ provisions in the bill. Even though the opposition will vote against the bill, it will pass.
New gTLDs: We’re looking at adding hundreds of new top-level domains in 2012, and even more (if possible, given the current human resource capacity for the bodies that have to review the applications) in subsequent years. Since the decision to move ahead by the ICANN board in 2011, opposition has come from many sectors, most notably from the Association of National Advertisers (ANA).
It is no exaggeration to state that the introduction of new gTLDs is one of the biggest changes to the domain name industry in the past 20 years, and will affect registries, Registrars and domain name holders. For country code top-level domain (ccTLD) registries like CIRA, the new gTLD program means we will soon be living in a market with significantly increased domain choices for consumers. Registries will find themselves in a market that is more complex and competitive, and they are going to have to adapt to survive.
The bottom line? ccTLDs are going to have to ramp up their marketing activities to cultivate a distinct product in a sea of similar ones. Some will flourish, while others won’t. CIRA is in a very good position right now to thrive in the new market. Over the past couple of years, we’ve made some significant changes, including a greater focus on marketing and communications and a renewal of the .CA product.
Opposition to the new gTLDs will ramp up in 2012, especially after ICANN begins receiving applications in January.
All of this to say that there will be two winners as a result of the introduction of new gTLDs in 2012, consultants and lawyers. There will be more than enough work in 2012 for consultants developing proposals for new gTLDs and navigating the bureaucracy for dispute resolution. And, I predict many, many lawsuits around gTLDs in 2012, keeping a lot of lawyers very busy.
Mobile: Yes, every year I include mobile in my predictions. Given global trends over the past few years, it’s a safe bet. However, mobile is growing faster than any other ‘new thing’, and its impact is potentially huge. Why do I think mobile will stand out in 2012? Because although we may think it to be ubiquitous now, Morgan Stanley, the global financial services company, predict that smartphone sales will pass computer sales in 2012, meaning that it may become the primary device with which people connect to the Internet – a wakeup call for marketers and communications folks, I’m sure. And, major credit card companies are launching mobile payment systems in 2012; this will undoubtedly be the push for mobile Internet use to become ever-present.
DNS amplification attacks have been around for a few years, but it looks like 2012 is going to be the year they explode. They are a type of denial-of-service attack that exploit recursive name servers, amplifying DDoS attacks making them particularly dangerous.
Amplification attacks waste the bandwidth of the target, as well as the open recursive DNS server they’re exploiting. It’s so attractive to attackers because they can send a minimal amount of spoofed traffic out and have their target receive several times that amount – it allows someone on a five megabyte per second home connection to attack a company with a 100 megabyte per second connection effectively.
Though running a recursive DNS server open to the entire Internet is not a good practice, there are many that are, and those that are up to no good on the Internet are going to find them and exploit them in 2012.
Lastly, the contract between ICANN and the U.S. government expires in March 2012, and is currently up for competitive bids. While any (American) organization can bid on the contract, I don’t think I’m putting myself out on a limb by saying ICANN will be the winner. After all, not only does the successful bidder have to be an American, their primary operations have to be based in the U.S. And, given the amount of attention being paid to Internet governance lately, the U.S. government knows it’s not in their best interest to be making any significant changes right now, especially when one of the key players is already on his way out.
That’s my top picks for 2012. What are yours?