The terms "broadcasting" and "broadcasting undertaking", interpreted in the context of the language and purposes of the Broadcasting Act, are not meant to capture entities which merely provide the mode of transmission. The Broadcasting Act makes it clear that "broadcasting undertakings" are assumed to have some measure of control over programming. ... When providing access to the Internet, which is the only function of ISPs placed in issue by the reference question, they take no part in the selection, origination, or packaging of content. The term "broadcasting undertaking" does not contemplate an entity with no role to play in contributing to the Act's policy objectives. Accordingly, ISPs do not carry on "broadcasting undertakings" under the Broadcasting Act when they provide access through the Internet to "broadcasting" requested by end‑users.

You know that the anti-exceptionalists have raised the white flag of surrender when they are forced to whine that the thousands of web publishers who went dark are "abusing their power” — thus admitting that a critical mass of Western society's eyes are turned toward the Internet and that the people who occupy and publish and interact in that globalized space constitute enough of a cohesive community to collectively turn against those who threaten them.

It doesn't matter whether one is on the pro-control or anti-control side of the spectrum; governing the internet forces a choice upon one: either go for new and unprecedented forms of technical intervention and transnational political cooperation, or go for some kind of ratification and institutionalization of the Internet's special status as a zone for the free flow of information and a diminished role for territorial government and traditional informational property rights.

Mind you, one needn't be a cyber-utopian to be an Internet exceptionalist. In other words, you don't have to believe that the Internet will by its very nature make politics fair and democratic and that the good guys will always win. SOPA or some equivalent could rise again, in some other form. Some key actors could be bought off with some concessions in the new legislation. The mobilized community's resolve could weaken over time, as it grows accustomed to things. We need to be heedful of Benkler's warning that as the networked environment resists control, there will be strong pressures to suck ever more of it into the law enforcement vortex. But surely, after 15 years of these battles (starting, roughly, with the CDA mobilization of 1996) we can dismiss these jaded admonitions that Internet regulation is just business as usual. If the Internet stops being an exception, we will have no one but ourselves to blame.

Written by Milton Mueller, Professor, Syracuse University School of Information Studies

ACMA receives a major compliment

In 2004, when I first entered the anti-spam arena, this was a mantra that I had to hear very often: "Spam is international. We cannot do anything", spoken with a lot of emphasis and some despair. Unfortunately in 2012 this is still true for many countries. Not because of the fact that it is impossible to do something about spam, no, but due to a lack of initiatives. I think that a great compliment to Australia's ACMA (Australian Communications and Media Authority) was published on CircleID in a comment to an article about the impact of Canada's spam law on local businesses. Brett Watson, an Australian internet engineer, writes:

"However, my present (and general) lack of anything to complain about reflects well on the law and its enforcement… Perhaps what's most telling is that I have, for the first time, subscribed to some advertising newsletters in recent years. I don't feel the need to jealously protect my email address any more, or diligently use uniquely tagged addresses when handing them over. I trust ACMA to keep the companies in line, and the trust seems well placed so far."

This proves that fighting spam is effective and that the combination enforcement with filtering by ISPs keeps mailboxes clean. Spam hasn't gone away, but at national level companies are disciplined and mostly act within the law in the few countries with vigorous enforcement bodies.

Who enforces what?

Privacy and spam are closely related. Spam is seen as an invasion of privacy. But it goes way beyond mere privacy. Privacy sensitive data is often used, sold or worse stolen in order to approach people. Whether to sell a(n illegal) product, phish for more (bank)data or industrial espionage, a stolen e-mail address is often the basis of law violations. The patchwork of enforcement agencies, unclear enforcement powers, the lack of understanding of the issues at stake, of resources, training or powers, the unavailability of online reporting of spam or cyber crime, all make that enforcement is far from optimal in most countries.

Standardisation of spam and cyber crime law

Could a standardised law, with a standardised toolkit for enforcement agencies make a difference? Yes, I think that it would. For the public it would mean that there is the certainty that when the law is broken, it is clear who to report to and that it is likely that an investigation follows. That it makes a difference to complain. For senders it also sets clear boundaries. Their business continues, as is proven in e.g. The Netherlands, but in compliance with the law. Next to that it offers this clearness in 27 states.

As spam, e-fraud, phishing, cyber crime and worse are all so closely related and often involves several countries, it makes sense to be more directive from Brussels. At national level there are so many different laws, ministries and enforcement agencies involved, that coordination there is almost utopian. Next to the fact that success without industry participation is clearly unthinkable. Despite the fact that the Dutch National Cyber Security Centre is a promising initiative, it is obvious that for most countries this form of public-private cooperation is hard to attain.

A proposed course of action for the EU Cyber Security Centre

The discussion about the EU Cyber Security Centre is under way. Let me give a pointer on what the centre could do. To my mind it ought, also, to actively collect, analyse and share data with those involved: public and private entities, universities. This gives the centre coordinative powers in matters cross border and across different enforcement organisations as well. Two difficult hurdles taken… should this come to pass. The combination of the overview and oversight with the transparency caused by available, shared data makes all concerned answerable for their (lack of) actions to the centre and each other. I am also convinced that this model will lay the foundation for cooperation with whole new groups of Internet industry partners that are now harder to reach/convince.

Ambition at Commissioner level

If Commissioners Kroes, Malmström and Reding used their powers to harmonise the laws and enforcement in the way Ms. Reding proposes for privacy, i.e. the same law and enforcement tools, standardised enforcement agencies and a point of case handling, the fighting of privacy infringements, spam, malware and cyber crime may actually take a turn for the better. They are so intertwined that another approach is (well, should be) almost unthinkable.

The combination of a pro-active EU Cyber Security Centre with a layer of harmonisation where enforcement is concerned will prove to be a structural step forward from the present situation in many countries. Yes, this is ambitious, but it is clear that the present approach is not going to change much. Everything cyber is still a field day for criminals and a private company, Microsoft, so far is the most successful in fighting botnets. This ought to be different, shouldn't it?

Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement

Geist writes: "With Bill C-11 back on the legislative agenda at the end of the month, Canada will be a prime target for SOPA style rules. In fact, a close review of the unpublished submissions to the Bill C-32 legislative committee reveals that several groups have laid the groundwork to add SOPA-like rules into Bill C-11, including blocking websites and expanding the 'enabler provision' to target a wider range of websites. Given the reaction to SOPA in the U.S., where millions contacted their elected representatives to object to rules that threatened their Internet and digital rights, the political risks inherent in embracing SOPA-like rules are significant."

Read full story: BBC

According to CRIDO, their members represent some 10,000 brand names, so let's evaluate the makeup of this highly desirable "do not sell" list, but first, the three typical brand name groups in the marketplace:

1. Hassle-free names that are on a solid footing. For example: Microsoft, IBM, Nokia, Toyota, Intel, Disney, BMW, Gillette, Honda, Google, Cisco, Honda, Sony, Nike, Ikea, Nintendo or Gucci.)

2. Troublesome names that carry varying degrees of confusion. For example: GE, BT, CA, SK, or LG. Major brand names with two-letter names run into difficulty, as two-letter suffixes are reserved for countries, like .jp for Japan. Names like iSong, Citi, AIG, UMS or MPC types will require special scrutiny to stay clear from any confusion with other users. Names that come in two or more parts, like Mercedes Benz, Merrill Lynch, Harley Davidson, Goldman Sachs, Morgan Stanley, Hewlett Packard — such names may pass, but two-word names are overly cumbersome in usability.

3. Borderline disaster names — those that are simultaneously used by hundreds or thousands of unrelated entities, making it difficult to claim exclusive ownership. (For example: United, Premier, Delta, National and so on.)

Please do not be shocked that only a minuscule percentage is made up of hassle-free names. Incidentally, in applying the nomenclature rules, the majority of CRIDO brand names would be considered "troublesome" or outright "disaster" names. However, it's also important to note that at one time, what we now call borderline disaster names were fashionable, but over time they either became generic or lost their distinction through mergers and acquisitions. Most importantly, last-century thinking was much less global, and last-millennial tools of image expansion were not as cheap and freely accessible as today.

So now brand owners have two choices: Either walk on a tightrope and adopt a workable name to cross the global digital chasm, or simply do nothing and let the diluted name identity hang the image to a slow death.

This is where CRIDO's "do not sell" list gets sticky. First, how do you determine the real owners of a name like National or United? Second, what kind of marketing geniuses will chase after such weak names that they'd require CRIDO's "do not sell" protection? Ideally, such names should be on a "please do not ever buy list" for being almost useless and for having extremely high maintenance costs.

If such a list were ever compiled, would CRIDO indirectly admit the fallacies on behalf of their industry and expose the hardcore problems of the global naming and trademarking chaos? Is CRIDO simply trying to provide a soft landing to millions of dysfunctional brand names already sucking oxygen as you read this?

For example, according to Superbrands, a brand ranking company, in 2011, "Autoglass is a leading consumer automotive service brand, providing vehicle glass repairs and replacements to more than 1.5 million motorists every year. With the widest-reaching auto glazing network in the U.K. and Ireland, Autoglass has over 100 branches nationwide and 1,300 mobile service units operating 24 hours a day, 365 days a year. Autoglass is part of Belron group, operating in 33 countries with a team of more than 10,000 highly skilled technicians."

This is great achievement for a high-profile regional company. Assume they also try the gTLD .autoglass, to allow them a more localized global agents' network with the issuance of tens of thousands of sub-domain names around the world. Such localized customer touchpoint branding would open up mass customer acquisition. But would it be possible under this name?

As you stretch the brand name "autoglass" or "auto glass" on the global canvas, the name starts to tear. Its generic nature and the massive brand dilution created by thousands of other companies around the world using "auto glass" devalues this brand name to no more than a "generic description." Where, then, should it be listed in a "do not sell" list or, more appropriately, "please do not ever buy" list, or perhaps each?

The corporate world is full of such names hanging in purgatory, where they have acquired partial authority in certain markets but will never have enough to power play in the global arena. The boardroom needs the answers to who are the beneficiaries of such bad names and why such issues are not on top of the agendas.

Here is another example of "Nationwide," according to Superbrand 2011:

"Nationwide is more than 160 years old and is now the world's largest building society. Unlike its bank competitors it has no shareholders, so its only focus is its 14 million members. This 'proud to be different' approach has helped it to become the U.K.'s third-largest mortgage and savings provider, with a quarter of U.K. households having a relationship with the society."

How many organizations are called "Nationwide" around the globe? Please do not guess, as it may give you that sinking feeling.

According to various studies by, ABC Namebank, on global naming dilution, when you observe that "there are 100 most diluted names around the world in use by some 100 million businesses," a logic-defying picture of waste emerges. The century-old models start showing cracks, and the need for a single universal name clearance solution appears to be the most logical solution.

ICANN's proposal for a single global trademark clearance house is a very bold step forward. Such moves must overcome the fragmented trademark procedures as I've discussed in a recently released book 'Domination, the gLTD name game'

No matter what action ICANN takes, it's highly recommended that such a "do not sell" list must be compiled by CRIDO in any case, so the corporate world can witness the chaos and abuse of naming and trademarking, and hopefully acquire some "please do not ever buy" lessons.

Written by Naseem Javed, Corporate Image & Global Naming Expert

From the FBI report today: "Seven individuals and two corporations have been charged in the United States with running an international organized criminal enterprise allegedly responsible for massive worldwide online piracy of numerous types of copyrighted works through Megaupload.com and other related sites, generating more than $175 million in criminal proceeds and causing more than half a billion dollars in harm to copyright owners, the U.S. Justice Department and FBI announced today."

Update from Arbor Networks:

With enough global data, you can actually see the traffic drop when the shutdown occurs. Based strictly on the traffic rates it appears that the shutdown started just after 19:00 GMT on January 19, with traffic plummeting down over the next two hours. The graphic here shows three main client regions – Asia-Pacific, Europe, and the US.

Other sources: (UPDATED Jan 21, 2012 3:19 PM PST)
The MegaUpload Shutdown Effect Jan.21.2012
DoJ Targets Co's for Piracy - DDoS Attacks Unleashed Infosec, Jan.19.2012

Known as CASL, the new law aims to crack down on spammers and mailing list companies but in doing so, tightly regulates the way businesses can market to prospective customers via email and online.

In a nutshell, CASL requires a business to obtain consent from the recipient before it sends out commercial electronic messages (CEMs). It isn't limited to email; consent must be given for any electronic message, which could also include messages sent via social media, text messaging, instant messaging, sound or video. If your business operates outside of Canada, you shouldn't assume the Anti-Spam Act doesn't apply to you. If a computer system within Canada is used to send, receive or even route the message, then the law could also apply to you.

It is in obtaining consent before sending an electronic message where the Canadian Anti-Spam Act differs from its American equivalent. The United States' CAN-SPAM Act requires that recipients are given an opt-out option from commercial messages but under CASL, recipients must opt-in to receive electronic messages.

The fines for violating the Anti-Spam Act are hefty. The maximum penalty per violation for an individual is CAD $1,000,000 and $10,000,000 for corporations. With potentially crippling fines waiting in the wings for violators, how can you ensure your company is compliant?

The first thing is to be aware of which messages require consent before they are sent. There are a few exceptions, which include personal relationships or when the company is providing requested information. Consent can usually be implied if there is an existing business arrangement of two years or more, or if an email address has been disclosed in the course of business. You can read more about exceptions to CASL here.

If your electronic message doesn't fall under an exception category, then you will need to obtain consent before sending it. The message should also include an unsubscribe mechanism. To ensure compliance, your company should establish procedures to obtain consent for electronic messages and educate staff on the Anti-Spam Act. The most important thing to remember before you press 'send' is the onus is on your company to prove you received consent.

Do you operate a business in Canada? How do you think the Anti-Spam Act will affect the way you market electronically? Please contribute to the conversation below.

Sources:
Canada's Anti-Spam Legislation: Casting a Wide Net
Anti-spam law draws backlash
Three 2011 developments that changed your inbox forever
Canada: Preparing For Canada's New Anti-Spam And Online Fraud Act
CAN-SPAM Act: A Compliance Guide for Business

Written by Susanna Sharpe, Social Media Manager

Read full story: New York Times

Other sources: (UPDATED Jan 19, 2012 12:40 PM PST)
The Internet Spoke and, Finally, Congress Listened! EFF, Jan.20.2012
Lawmakers try to keep anti-piracy bills on track AP, Jan.19.2012
PIPA support collapses, with 13 new Senators opposed Ars Technica, Jan.18.2012

I, for one, have been a proponent of new gTLDs from the early days of their policy development process within ICANN. I always believed that the existing gTLDs — and mainly the .com space — have created artificial scarcity, which is primarily responsible for much of the cybersquatting and the abuse trademarks experience. I do not share the same fears as those who argue that new gTLDs will create intolerable levels of cybersquatting or will necessitate defensive registrations from brand and trademark owners alike. As for the policy itself, I do not believe it is perfect and I feel that, for certain issues, ICANN could have taken a different direction, but, ultimately I recognize and respect ICANN'S multistakeholder governance structure and the decisions that have come out of it.

Lately, however, something has caught my attention, which can potentially create problems. Almost the same day ICANN opened up its application process, a tiny start-up was granted by the United States Patent and Trademark Office (USPTO) a trademark for .bank (registration number 4085335). What is the problem with this? The problem is twofold: first of all, there is a general principle within traditional trademark law, which instructs that generic terms cannot be trademarked if they are to reflect what the term means. In this context, a company would not be able to register the word coffee and sell coffee. This would provide an unfair competitive advantage to any company and would, most likely, excommunicate all other similar companies selling coffee. Secondly, by granting this application, the USPTO is essentially leaving ICANN and its Governmental Advisory Committee (GAC) with a big problem. Part of the whole exercise regarding the role of the GAC within the new gTLD process related to the GAC's role; this issue was resolved with the agreement that the GAC would be in the position to provide early advice to any new gTLD application, effectively giving the GAC the right to torpedo and determine the success of an application, which the GAC believes it raises issues of cultural significance or is contrary to national laws. To this end, it is exactly names like .bank that the GAC had in mind when they were pushing ICANN to insert this provision within the Applicant Guidebook: "[The GAC may advise] ICANN that there are concerns about a particular application 'dot-example'. The ICANN Board is expected to enter into dialogue with the GAC to understand the scope of concerns. The ICANN Board is also expected to provide a rationale for its decision".

Now, with the USPTO granting trademark rights for .bank, this early warning mechanism becomes superfluous, and multiple rights are created for .bank. On the one side, there are the rights of the trademark owner; on the other, there is the GAC which believes that the term .bank is sensitive enough to interfere and whoever applies needs to go through a scrutiny process; and, finally, there is also the rumoured applicant of .bank — a joint effort made by the American Bankers Association (ABA) and BITS, part of Financial Services Roundtable. So, in practical terms, what the USPTO has essentially done is to provide the opportunity to an independent entity to object the application of .bank by asserting valid trademark rights.

So, this is a mess and a mess that will only get worse unless trademark offices around the world stop granting trademark registrations to .generics. The way things are right now, the GAC may sign off the .bank gTLD to ABA and BITS, but the owner of .bank will have valid claims to stop this application process or at least demand some sort of financial compensation for giving up the name to someone else. And, if he is really pissed off or he wants to retain .bank for his own personal use, he can then sue for trademark infringement. In any case, the trademark owner is the only winner here and both the GAC and the American Bankers should feel very pissed off with the USPTO. At this stage, the only solution is for the USPTO to accept that they screwed up and recall this trademark. 

Written by Konstantinos Komaitis, Senior Lecturer

"Right now, Congress is debating a few pieces of legislation concerning the very real issue of online piracy, including the Stop Online Piracy Act (SOPA), the PROTECT IP Act and the Online Protection and Digital ENforcement Act (OPEN). We want to take this opportunity to tell you what the Administration will support—and what we will not support. Any effective legislation should reflect a wide range of stakeholders, including everyone from content creators to the engineers that build and maintain the infrastructure of the Internet.

While we believe that online piracy by foreign websites is a serious problem that requires a serious legislative response, we will not support legislation that reduces freedom of expression, increases cybersecurity risk, or undermines the dynamic, innovative global Internet."

Read full story: Computerworld

First, let us say that Afilias supports SOPA's ultimate outcome, which is intellectual property protection. The protection of intellectual property is as important to technology companies as it is to musicians and movie producers. However, if the US is to attempt to tackle the problem with legislation, it should do so in a way that does not increase risk to its citizens and reduce confidence in the Internet.

One significant problem with SOPA is technological. Afilias is a strong supporter of DNSSEC, the next-generation security standard for trustworthy DNS, but some of the provisions of SOPA threaten to undermine the security leaps that the technology is ready to create. DNSSEC promises to make the DNS more reliable, mitigating the risk of phishing and pharming. Chains of trust, connecting through a distributed network of cryptographic signatures, will enable applications to ensure that criminals do not tamper with domain name queries.

For DNSSEC to reach its full potential, though, the chains of trust must be end-to-end; the standard was developed to prevent DNS-based man-in-the-middle attacks. SOPA, however, would require ISPs to execute what DNSSEC would interpret as a man-in-the-middle attack every time they are forced to block an allegedly abusive domain name. If applications are unable to tell the difference between a criminal attack and a legal, court-mandated interception, DNSSEC could become virtually useless.

The legislation would also make it easier for criminals to engage in many types of online fraud, including identity theft. This unintended consequence would come about largely as a result of user behavior.

SOPA would require American ISPs to redirect or ignore DNS queries destined for allegedly infringing websites; however, their customers are under no obligation to use their ISP for DNS service and these blocks will be trivial to circumvent. Even today, millions of Internet users choose to take their DNS from third-party services such as OpenDNS and Google since switching providers takes just a few minutes and requires virtually no technical knowledge. Now, even before SOPA passes, we're already seeing the emergence of rogue overseas DNS providers — some of them operating via easy-to-install browser plug-ins — that promise to resolve piracy domain names even if they are subject to a SOPA interception order.

Third-party DNS providers offer a valuable service to Internet users, but DNS services that are created purely to enable access to pirated material risk the security of their users. Criminals will be able to transparently capture all DNS traffic, including traffic destined for banks and other financial institutions. They will be able to send unwitting victims to phishing servers they control. Imagine losing your banking security credentials to an attacker because your teenager reconfigured the DNS settings on your shared home computer. That's a probable risk when DNS filtering becomes the legal norm.

Fortunately, SOPA is not inevitable. While it has the support of some lawmakers, others are starting to pay serious attention to the concerns of the Internet's technical experts, as well as the people who elected them.

When Congress returns in early 2012 to consider SOPA and other anti-piracy legislation, Afilias hopes the volume of dissent will have been turned up sufficiently that lawmakers will not be able to ignore the very real problems the legislation could create.

Top 10 Featured Blogs in 2011:

1. A Fairness 'Scorecard' for Trademark Protection Under the New gTLDs
   By Konstantinos Komaitis, Feb 23, 2011 (33,350 views)
2. IP Addressing in the New Age of Scarcity
   By Peter Thimmesch, May 27, 2011 (21,563 views)
3. Smartphones: Too Smart for Mobile Operators?
   By Henry Lancaster, Aug 03, 2011 (21,144 views)
4. On Mandated Content Blocking in the Domain Name System
   By Paul Vixie, Mar 18, 2011 (16,315 views)
5. Court Approves Nortel's Sale of IPv4 Addresses to Microsoft
   By Benson Schliesser, Apr 27, 2011 (13,173 views)
6. The Design of the Domain Name System, Part VIII - Names Outside the DNS
   By John Levine, Sep 17, 2011 (12,399 views)
7. Top Public DNS Resolvers Compared
   By Michael Meisel, Apr 07, 2011 (12,217 views)
8. Why the Lawsuit Against .XXX Maybe the Best Sales Tool Ever For New gTLD Applicants
   By Michael Berkens, Nov 17, 2011 (9,466 views)
9. Independence and Security Online Have Not Yet Been Won
   By Mike Dailey Jul 03, 2011 (9,373 views)
10. Comcast’s Impressive System for Notifying Infected Users
    By J.D. Falk, Mar 01, 2011 (9,216 views)

Top 10 News in 2011:

1. New Top-Level Domains Approved By ICANN
   Jun 19, 2011 (44,312 views)
2. ICANN Approves .XXX
   Mar 18, 2011 (20,936 views)
3. Experts Urge Congress to Reject DNS Filtering from PROTECT IP Act, Serious Technical Concerns Raised
   May 26, 2011 (12,284 views)
4. Microsoft Offers $7.5 Million to Buy 666,624 IPv4 Addresses
   Mar 25, 2011 (9,600 views)
5. Egyptian Government Shuts Down Most Internet and Cell Services
   Jan 28, 2011 (3,988 views)
6. US Government Domain Seizure Results in Unintended Shutdown of Thousands of Websites
   Feb 16, 2011 (3,962 views)
7. J.D. Falk: 1974 - 2011
   Nov 17, 2011 (3,918 views)
8. Cybercriminals Shifting Focus From Windows PCs to Other Systems and Mobile
   Jan 20, 2011 (3,823 views)
9. Researchers Report New Method for Detecting Domain-Fluxing
   Mar 28, 2011 (3,633 views)
10. Microsoft, Federal Agencies Take Down Rustock Botnet
    Mar 18, 2011 (3,607 views)

Top 10 Industry News in 2011 (sponsored posts):

1. Google Says "Think Mobile" ...and then goMobi
   By dotMobi, Feb 15, 2011 (6,120 views)
2. The Botnet-Counterfeit Drugs Connection
   By MarkMonitor, Apr 01, 2011 (4,928 views)
3. New gTLD Timeline Announced and .XXX Approved
   By MarkMonitor (4,253 views)
4. Second Half 2010 "Dashboard" Domain Name Report - Released
   By PIR, Feb 14, 2011 (3,666 views)
5. MarkMonitor Report: How Scammers Generate Significant Traffic Promoting Suspected Counterfeit Goods
   By MarkMonitor, Feb 01, 2011 (3,536 views)
6. AusRegistry Int. and Crowell & Moring Join Forces to Support New Top-Level Domain Applicants
   By ARI Registry Services, Mar 14, 2011 (3,507 views)
7. Celebrity Marketing Guru Jeffrey Hayzlett to Promote New TLDs for AusRegistry International
   By ARI Registry Services, Jun 17, 2011 (3,472 views)
8. Minds + Machines’ Parent Company, TLDH, Appoints Peter Dengate Thrush as Executive Chairman
   By Minds + Machines, Jul 17, 2011 (3,457 views)
9. DNSSEC is Just the Beginning
   By .CO Internet, Mar 02, 2011 (3,421 views)
10. Landrush for New Domain Extension - .GR.COM
    By CentralNic, Jan 11, 2011 (3,421 views)

Written by CircleID Reporter