March 28, 2005

Stickin' It To the Copyright Bullies Where It Hurts Most

Tomorrow the MGM v Grokster  case goes before the US Supreme Court.

I'm hoping for a rememberance that the purpose of copyright is to benefit society through the encouragement of creativity and innovation.  In other words, I want Grokster to win.

But no matter what the outcome, there is no reason to expect the Movie Industry to turn off its juggernaut designed to lock up all digital representations of everything.

So I figure that it's time to hit back and to do so where it hurts the Movie Industry the most - in the wallet.

So here's the deal.  I want you to make the following pledge to yourself:

I <insert your name>, during the year 2005, and during each successive year until the Movie Industry stops being a copyright bully, will refrain from spending my money to view three movies that I would otherwise have gone to see.  Instead I will go to three works performed by live actors in a live theatre or performed by live musicians playing real instruments or singing using their own voices.

The Movie Industry makes lots and lots of dogs that simply are not worth watching, ever.  Don't waste your money.  And don't enrich the copyright bullies.

For those of you who are in the Santa Cruz area during this coming summer you might want to consider consummating your pledge by coming with us to Shakespeare Santa Cruz or by attending the Cabrillo Music Festival.

Theatre is Life
Cinema is Art
Television is Furniture.

Posted by karl at 11:19 PM

ICANN's Two-Bit Answer to A Twenty Dollar Question.

My comments on ICANN's Core Principles and Corporate Governance Guidelines

The oath at the bottom is contrary to the obligations imposed as a matter of law on Directors to make independent judgements.

As a director I sued ICANN on exactly this kind of unlawful restriction - and I won. See the file at:

These principles unlawfully restrict the Directors individually and as a body from properly exercising their obligations.  On this basis alone these "principles" are fatally flawed.

In addition many of these "principles" have nothing to do with corporate governance and, instead, amount to a kind of kow-tow procedure through which the Board, and the individual directors, reduce themselves to a subservient status vis-a-vis the corporate management.  That is the obverse of what corporate governance is all about.

Overall, this document is unacceptable.  The principles are naive and demonstrate a lack of adequate appreciation of the proper and legal relationship between the parts of a corporation, particularly the relationship between the board and management.

These principles also fail to address institutional shortcomings that have been with ICANN since before its inception - a lack of open access to those concerned (particularly the community of internet users), a lack of transparent decision making, and a lack of accountability in the making of decisions.

Where, for example, is an expression that all meetings (such as the board's telephone meetings) should be at least hearable by the public?

Where, for example, is a requirement that management ("staff") back its decisions with a written opinion that fairly expresses the opposing viewpoints, articulates the process through which the decison will be made, identifies the weights to be given to different goals, states the assumptions, and visibly works through the decision process to reach the result?

Where, for example, is an expression that meeting agendas should be published sufficently in advance as to prevent surprise and to allow proper deliberation before a meeting?  And where is an expression that minutes be published in a timely manner?  (ICANN's failure to meet even the minute-publishing obligations contained in the existing bylaws speaks volumes regarding the degree of committment, or lack thereof, to any principle.)

Where is an expression that indicates that governance of ICANN requires that those affected by a decision have a role in the making of that decision, or are even given access to the fora in which those decisions are to be made?

In the rest of this note I will speak more specifically about a few, but not all, of the more egregious failures of these "principles":

Section 2.f greatly waters down the rights of directors under law, which is that each director, without the need to obtain any approval whatsoever from any other director or from the Board, has the absolute right to inspect and copy (and retain those copies) of any and all corporate documents and to inspect any and all corporate property, even such property as the corporation may consider "secret" (such as the IANA root server.)

Section 2.f, were it to be written properly, could allude to the fact that a Director who does avail him/herself of the right to copy and inspect is subject to extremely strong fiduciary obligations that govern how that information is to be used.

Section 2.h is unlawful.  It is true that an individual director - whether that director be the chairman or not - has no right to speak on behalf of the corporation.  However, in the exercise of an individual Director's duties it is often necessary for that director to interact with the community.  Section 2.h as it is written amounts to a gag order that not only improperly restricts the ability of a Director to carry out his/her obligations but it also creates an improper role for the Chairman as an official spokesman of corporate policy even without action by, or a decision by, the board.

As a whole, section 2 reminds me that it has long been my opinion that any person who considers a role on the ICANN board take a course on the rights, duties, and liabilities of a Director of a California non-profit/public-benefit corporation and should retain his/her own counsel.  Perhaps ICANN should consider whether a Director's fee would be an appropriate vehicle to help directors deal with the expense?

Section 3 has nothing to do with corporate governance and should be elided in its entirety.

Item 4.e misconstrues the relationship of individual Directors and the corporate counsel - Corporate counsel represents the corporation. Corporate counsel does *not* represent individual directors.

Section 4.e should be replaced by a section that clearly indicates that corporate counsel is not in a position to advise individual directors and that to do so would put corporate counsel into a situation of potential conflict.  Section 4.e should also clearly suggest to individual Directors that they obtain advice from their own separate legal counsel.

Section 4.e also, to the extent that the word "should" is more than merely advisory, is unlawful.  A Director is obligated to exercise independent and informed judgement and to make his/her own determinations as what constitutes the best interests of the corporation.  For a Diretor to pre-bind the outcome of his/her decisions in the way suggested by section 4.e would be an abrogation of that Director's fiduciary duties.

Section 5 is very simplistic.  Section 5 conceives of an almost peer-to-peer relationship between the Board as a body and the corporate management.  Nothing could be further from the truth.  The Board has the ultimate power over the corporation.  The board has ultimate responsibility.  Management is merely the hired means through which the board decisions are concretely realized.  In other words, corporate management works for the board; there is no peer relationship at all.

The board retains the right to remove any and all management from their posts.  (The board may have to continue salaries and benefits, but that does not diminish the board's authority to place new hands on the corporations day-to-day controls.)

In a well governed corporation the board sets policy and defines the scope of authority and the degree of flexibility that the board is delegating to management.  ICANN's board has historically been very lax in making such definitions and in holding management to those definitions that have been set forth.

Section 5.e is unacceptable.  It is neither the role nor the duty of the Board or of any Director to refrain from critical thought, particularly if that critical thought might bring into question the acts or decisions of a member of corporate management.  Indeed, it would be a dereliction of a Director's fiduciary duties to reduce him/herself to that of a bowing and curtseying courtier who simply flatters and never contradicts or raises potentially unpleasent questions.


          Karl Auerbach
          Former North American Elected Director
          Board of Directors, ICANN

Posted by karl at 7:38 PM

March 24, 2005

ICANN Levies Increases Its Internet Tax Rate

It has been noticed that in Section 7.2(c) of each of ICANN's latest round of registry contracts that the per-domain name fee is now $2 per name per year.

One can only wonder when this new rate lands on the existing registries.

Two dollars per name is a seriously heavy tax on use of the internet.  When measured as a percentage of the actual cost of providing the underlying service this tax verges on the obscene.

And those who pay the tax - the community of internet users - have no representation in ICANN.

Posted by karl at 5:42 PM

March 22, 2005

ICANN And Its Approval Of The .EU TLD

You would think that such a major event - the approval of a new TLD (.eu) and the recognition of a new political entity - would have been done in the light of day.  But no, as is typical the news sort of oozed out - and oozed not out of ICANN which so far has no notice of the decision on its web site, but rather out of the .eu folks.

ICANN, "staff" probably suddenly slopped the question onto a plate, put it in front of the board as a last-minute surprise agenda item, and the board probably dutifully came to attention, saluted, and swallowed.

Was .eu deserved?  Perhaps.  Was the board debate, if it even occurred, visible to the public?  No.

Now that many European countries, members of .eu, now have two ccTLDs to work under will other federations of states be given the same ability to have ccTLDs for both the member states and the umbrella entity?

For example, will the states of the United States or the provinces of Canada, states which do retain a great deal of self-sovereignty, be able to obtain their own ccTLDs?

Certainly it makes sense for California to obtain its own ccTLD - California being larger in space and economic power than many of the member states of the .eu.  And California, being a blue state, is most clearly quite separate and apart from the rest of the federal entity called the United States.

Or alternatively will the nations that are members of .eu now relinquish their ccTLDs or sell them on e-Bay?

In any case, I welcome .eu to the community of 'e' TLDs - .edu, .ewe,. .ec, .ee, .eg. .eh, .er, .es, .et, and now .eu

Posted by karl at 11:17 AM

March 20, 2005


Today's news brought two items that are interesting in their separate ways but much more interesting when placed side by side.

First we see an article (also at) in which the US National Institutes Health (NIH), a US Federal agency, is resisting Freedom of Information (FOIA) Requests to reveal documents that the NIH is required to publish under the Federal Ethics In Government Act.

What reason did the NIH use to refuse the request?  They claimed that these documents, documents mandated by Federal statute to reveal conflicts of interest by high Federal officials, were being withheld because they would be an "unwarranted invasion of privacy" of those officials.  (I wonder what the US tax authority, the IRS, would say if taxpayers were to use that excuse to withhold their tax forms?)

Second we see a letter from a commissioner of the US Federal Trade Commission (FTC) asking ICANN to be more demanding in its private contracts to require the opening of the the private customer records ("whois") of domain name registries and registrars to the public on a 24x7x365 basis.

In other words, we see the US FTC requesting nominally private corporations and businesses to engage in privacy-busting behavior of the first order.  In fact the requested behavior is so outrageous that is likely to be in violation of the privacy laws of many countries.

Why does the FTC want this?  Because they are very lazy.  The FTC people apparently feel that their power to issue subpoenas or to otherwise use supervised legal methods of obtaining access to private business records, which is what the "whois" database is, is simply too much of a bother.  They'd rather do their investigation via a web browser.  I'm all for efficiency - but not when that efficiency comes at the expense of our civil rights.  The FTC apparently believes that it is OK to expose the private data of families and their children to predators if that exposure makes life a bit easier for some lazy FTC investigator.

So from these two articles I would have to conclude that the Executive Branch of our US Government believes:

A) that high officials deserve privacy even if that means violating the express requirements of a Federal statute and

B) that peons, oops, I mean citizens, have no right to privacy and that the private customer records of businesses, even in the absence of any accusation of wrongdoing or threat to health or safety, are to be published for the benefit of predators, spammers, and competitors.

And thinking of FTC and investigations - I wonder when the FTC is going to get back to its real job, which is to track down and stop unfair trade practices in the US.  When is the FTC going to send a letter to ICANN asking ICANN to explain exactly and precisely why ICANN is not an illegal combination in restraint of trade?

Posted by karl at 8:14 PM

March 16, 2005

Bad Air Day

This afternoon I did something entirely different.

I landed (or more accurately, I dropped) a 747-400 through the runway at SFO and I used a 757 to plow a furrow in a field outside of Chicago.

Then I flew around on Mars.

You should be very glad that I did not decide to become an airline pilot.

I spent the afternoon over at the Crew-Vehicle Systems Research Facility at NASA/Ames.  In particular I was attempting to fly this and that - not very successfully I might add.

NASA is apparently partially shuttering this facility in order to shift funds to other projects - it's part of our President's goal to return to the moon and go to Mars.

I am fully in support of resuming manned space exploration.

But I don't see why we have to sacrifice research into the safety of airline cockpit operations.  Pilots are flying ever larger aircraft ever longer distances.  We know that pilot error is a significant cause of incidents and that the design of cockpits and instruments affects crew behavior, particularly under stress.

The USA is still wealthy enough to afford to go to the moon (again) and continue to improve airline safety.

So why are we turning off these machines and closing this center?

I would guess that in terms of lives saved per dollar expended that this kind of center is a much better investment than the laughable "security checks" at airports.

Posted by karl at 11:56 PM

March 14, 2005

Protecting the Internet - Certified Attachments and Reverse Firewalls?

In may respects the internet is going to hell in a hand basket.

Spam, phishing, DNS poisoning, DDoS attacks, viruses, worms, and the like make the net a sick place.  It is bad enough that bad folks are doing this.  But it is worse that just about every user computer on the net offers a nice fertile place for such ill behavior to be secretly planted and operated as a zombie under the control of a distant and unknown zombie farmer.

Most people still think that the the main risk of being on the net is the risk that one's own machine might be damaged from things lurking out there on the net.

Some of us are coming to the converse point of view - that the net is being endangered by the masses of ill-protected machines operated by users.

For a decades upon decades Ma Bell (AT&T) insisted that the telephone networks be protected against the dangers of non-Bell phones and other equipment.  This reached the height of absurdity with the Hush-A-Phone case when AT&T claimed that an innocent plastic hand could deafen operators, shock linemen off of poles, and otherwise wreck havoc.

Yet Ma Bell had a point - the telephone network could be damaged if I were to plug my Tesla-Coil Phone or my Arc-Welder Phone into the little phone jack on my wall.  There clearly are some limits.

And those limits were found - today in the US, and I imagine in most other countries, telephones must pass muster and obtain a certification before they may be legally plugged into the telephone network.

Is it unreasonable to conceive of a day, perhaps a day not all that far distant, when only certified equipment can be legally plugged into the internet?

When this thought first went through my head I said, nah, no way.  I was thinking "a requirement to certify personal computers is a death knell for the kind of innovation we have had inside PC's."  But then I looked at my own setups and considered how most people connect to the net: via intermediary boxes.  It occurred to me that what would have to be certified are those intermediary boxes, not the user PC's or the software they run.

At home I have a nice little router attached, in turn, by my nice little DSL box.  These sit between me (the user) and the network.  These are in a position not unlike that of the old ISDN NT-1 protection device.  At the office I have a not-so-little router that sits between the internet at-large and my office networks.

The  burden of certification would fall on exactly those companies best prepared to deal with the issue - companies like Cisco (Linksys) or Netgear - who build attachment devices.  These devices are not open to general programming and have a well defined, and relatively fixed, function.

In order to obtain a certificate these devices would have to demonstrate that they offer robust protection to the network from adverse behavior on the customer side of the internet/customer-premise demarcation.  In other words, part of the certificate would require that the device operate as a reverse firewall.

That's easier to write than to do.  When viewed through a peephole in which packets are observed one at a time or with only limited context, it is difficult to recognize and block behavior that constitutes a danger to the internet.  (In fact the whole idea of what kinds of actions are dangerous is still somewhat obscure and few objective principles have been enunciated - and I once more refer to my First Law of the Internet as an attempt to propose one such principle.)

Despite the difficulty of finding a fully satisfying general definition there are certainly several specific things that could be required for a certificate.  For example the following restrictions on out flowing packets could be implemented without too much effort and would not significantly impair anyone's ability to use the internet and create new innovative uses.

  • Block the outflow of packets bearing false source addresses.
  • Block certain illegal bit patterns (e.g. TCP SYN+FIN or FIN+RST).
  • Require TCP packets to be related to established connections.
  • Block IP fragments and excessive ICMP activity.

I'm sure that this list could be easily extended without getting into contentious issues such as how a user might offer a network service rather than simply being a consumer of such services.

Bad people will ignore the requirement.  But if good folks, the kind of people who make up the vast majority of machine owners, did use a certified attachment device than today's big zombie farms would lose much of their ability to do bad things.

There are certain other potential benefits.  For example a certified box on the customer demarcation is a nice place to do remote loop backs so that ISPs could more quickly diagnose and resolve service issues.

Of course this is yet another layer of regulation.  And it's imperfect and incomplete - it's not a panacea.  But I am not convinced that it is an idea that should be discarded without serious contemplation of the costs (long and short term) and the benefits.

Posted by karl at 12:37 AM

March 7, 2005

The 1991 Adventures of Captain Internet and Cerf Boy

My office tends to be a mess - mountains of paper and equipment of ancient vintage (including some with vacuum tubes and punched paper tape.)

Occasionally I have to undertake an archaeological dig to find one lost thing or another.  Because it is an adventure into the unknown there are often serendipitous finds along the way.

Todays adventure uncovered a long lost comic book:

CERFnet Presents The Adventures Of Captain Internet -and- Cerf Boy: "The LAN That Time Forgot"

Yes, its a real comic book - Number 1, October 1991.

And it's full of wonderfully awful puns.

I also have Number 3 from May 1994 ("One if by LAN, Two if by C") - does anyone have Number 2?

I'd scan it in and post it - but it's copyrighted.  I guess you'll have to wait until sometime around year 2090 before it drops into the public domain - unless we have another Mickey Mouse extension.

Posted by karl at 5:49 PM

Apples and Bloggers and Private Government

Susan Crawford wrote an item in her blog entitled "Apple and bloggers" in which she suggests that the protection of blogging (and free speech in general) is more worthy of protection when that speech is being used as part of a "democratic process" than it is if the speech is merely being used in a commercial setting.

That's a nice distinction but one that I believe is not viable.

The problem is that we are in an era of outsourcing - in particular we are are in an era in which governments are outsourcing their authority into private hands.

Here in California we observed the flow of authority over electrical utilities into the hands of companies such as Enron and Duke - an outflow that has cost us billions of dollars.

And ICANN is a prime example of how the US Department of Commerce (and its NTIA) have outsourced governmental powers - an outflow that has cost users of the internet their privacy and hundreds of millions of dollars wasted on price supported domain name fees.

There is no reason to expect governments to stop outsourcing their powers; it would be wrong to draw a line that protects those who who write about the abuse of power by those clearly in government while leaving unprotected those who write about the same wrongs committed by a nominally private body that is exercising outsourced governmental powers.

Posted by karl at 1:46 AM