January 29, 2006

Footnote 3

Take a look at Footnote 3 in Gillmore vs Gonzales.

Apparently a three judge panel of the 9th circuit accepts, and accepts without even a hint of protest, the proposition that the US is now a nation in which citizens can be compelled to abide by secret laws.

Apparently the US Congress gave an Undersecretary (an under secretary, not even the full Secretary!) of the Department of "Homeland" Security the power to declare certain limited class of "information" to be "sensitive security information" or "SSI".

OK, I'll accept the premise that "information" like the deployment of security checkpoints, the sensitivity of monitoring devices, or the energy yield of a bar of marshmallows, chocolate, and Rice Krispies might be appropriate to be kept locked away in some ugly Steelcase file cabinet underneath Pennsylvania Avenue.

But some weenie in the Dep't of 'Homeland" Security shredded the law so badly that the regulations that purport to merely restate and clarify that law end up saying that pretty much any "program" or "plan" can be labeled as SSI, including, apparently, programs and plans that amount to secret constraints on what a citizen may or may not do and on how he or she may do it.  Talk about the old cliché of giving an inch and taking a mile!

To top it off, the court (in the main text leading to footnote 3) tells us that these secret laws change weekly, are not even written down, and vary from place to place!

We have a president who stomps around the countryside bewailing the tendency of courts to act as legislatures.  Well, here we have a situation in which one of his own administrative agencies has undertaken to stretch the plain words of a statute beyond the breaking point and along the way creating, in our Land of the Free, a system of secret laws.  One can only wonder whether the secret laws also came with a secret police.

My government has raised hypocrisy to a new level. On one hand it illegally spies on us, the citizens, demands that we present "our papers" when we fly (and, I hear, also when we use a bus, or take a train), and has required, via its ICANN, that those who engage in activity on the internet abandon all hope of privacy.

My government now sticks its nose into the affairs of citizens as a dog sticks its nose into a crotch - without permission, without reservation, and without shame.

And the same government that is dismantling the right of the people to be secure against unreasonable government intrusion into their homes and papers has the audacity to say that it can rewrite an act of Congress to create a system of secret laws that Citizens can not know but must abide else suffer consequences.

Kafka lives - in the Department of Homeland Security.  And real conservatives, like Barry Goldwater, must be spinning at in their graves at this new DC regime that presses for not merely unlimited government, but government that is done in secret so that the citizens and voters can not learn what is being done in their names.

The death of the American Way will not come at the hands of a foreigner, it will come from the paranoia of our own government and the apathy of voters.  The 2006 mid-term Congressional elections will occur this fall.  We may not be able to change the executive of the United States until 2008, but we certainly can kick-out those in Congress who are fellow travelers in the executive's endeavor to destroy our nation's principles and integrity.

Posted by karl at 2:14 AM

January 19, 2006

First Thoughts on ICANN's "Whois" Report

I just glanced through ICANN's Whois Report - or more properly it's Preliminary task force report on the purpose of Whois and of the Whois contacts.

Much seems centered around two different points of view of the purpose of whois data.

But I notice a very glaring omission in both points of view:  Neither defines who is the intended beneficiary of this violation of privacy.

Both formulations are ambiguous with regards to the intended beneficiary of the information.  Is the beneficiary intended to be the owner of the domain in the sense that publication allows the owner to learn more quickly that something might be awry?  Or is the intended beneficiary meant to be the person who feels somehow wronged or harmed by the actions of the domain name owner?

How can one grant any validity to this report if it can not define the intended beneficiary of this highly intrusive, privacy-busting, heavy-handed, one-sided regulation of internet activity?

This document makes many claims that the destruction of privacy would create some benefits to certain groups.  But privacy is a balancing of equities and this document merely piles up anecdotal benefits without engaging in a principled weighing of the competing equities.

Nor does the document address any measures to remediate the intrusion - measures such as requiring those who wish to view whois to state, in writing on a permanent record, the grounds and facts that create a need to view the information, such as requiring that those who view whois to identify themselves into a permanent record and authenticate that identity, such as publishing statistics about how many times each viewer has examined whois, etc etc.

And missing from the voices in the document are the victims - the people whose personal privacy is penetrated and whose families and lives could be, and have been, harmed and endangered by ICANN's policies.  ICANN long ago excluded the voice of the public.  But without that voice this document must be considered vacuous, the product of systemic bias, and as nothing more than an instance of Benjamin Franklin's two wolves and a lamb voting on what to have for lunch.

The document makes claims based on some sort of notion of inertia deriving from "historical uses" of whois.  I am one of those people who have been part of the internet since the early 1970's.  My name is to be found in many of the early versions of whois - such as the ARPAnet directories from that era.  And I can state from my own experience that the original purpose of such publications was a quasi-private roster of friends in a small club and not a directory that was intended to be open to public access.  In other words, the so-called history mentioned in the report is nothing more than hearsay, gossip, and fantasy that diverges from the reality experienced by those of us who were actually there.

On a minor note - the formatting of the document, in a word, sucketh.  The business, registrar, ISP, and intellectual property constituency statements are all headed by text in grand 20+pt font while the non-commercials are hidden under a 12 point header that is lost in the numbering system.

As a whole, the document is worthless.  Only the Non-Commercial constituency approaches the questions based on a principled analysis; the other groups are simply making self-aggrandizing assertions.

I wonder - how many companies of the business constituency, lawyers of the intellectual property constituency, and members of the other constituencies would be willing to put their personal contact information and their company and law-firm org-charts, and phone and address directories, up for anonymous public browsing 24x7?  My guess is that the number would closely approximate zero.  Yet these same people, who most likely stamp every one of their company directories with non-disclosure labels, are the most willing to condemn internet users to a hell that they themselves are not willing to endure.

Posted by karl at 1:48 AM

January 18, 2006

How Top Level Domains (TLDs) Should Be Allocated

In the matter of allocating new Top Level Domains (TLDs) ICANN has transformed what ought to be a simple, objective, efficient, and inexpensive process into a kind of idiocy.  ICANN has come to be the modern counterpart of Dickens' Circumlocution Office (from chapter 10 of Little Dorrit).  To paraphrase Dickens: ICANN is beforehand to all others in the art of perceiving HOW NOT TO DO IT.

So here's how I believe TLDs should be allocated.  The method below harkens back to what I proposed in year 2000 in my platform when I ran for the ICANN Board of Directors, back in those days when ICANN had actual elections.

I would retreat ICANN back to a very simple role of handing out what amounts to "permits to operate a TLD in the NTIA root zone" and abandon everything except very minimal and strictly technical evaluation and operational criteria.

Here's how it would work:

  1. ICANN should pick a number of TLD names that the DNS could hold in 100 years from now.  I'd suggest a number that we know from experience that the DNS software and hardware of today can physically support and then reduce that number by a nice comfort factor to accommodate the kinds of human, procedural, and hardware errors that come from handling large numbers of database records.
  2. We know from experience with .com that today's hardware and software can handle a zone in excess of 40,000,000 names.  Let's create a 40-fold comfort factor and say that in 100 years we want 1/40th of what we know DNS zones can hold today: That number is about 1,000,000.  (If that number scares you, don't worry, read on; I'll be reducing it substantially in a moment.)

  3. Then we drop the notion that ICANN is allocating TLD names and instead adopt the notion that ICANN is allocating TLD slots.
  4. A slot is the right to operate a TLD.  The person/entity that has a slot gets to pick any character name it wants as a name for the slot (and thus the name of the TLD) subject to the constraints described below.

    In other words, ICANN would be granting permits to operate a TLD, much like cities grant business licenses.  The name assigned to the slot, much like the name assigned to a storefront, is up to the person/entity that gets the permit.

    The constraints would be pretty simple:

    A. That the name is not already used by someone else.

    B. That the name fits within the internationalized domain name constraint of being in exactly one language group (i.e. just as we want to block exact duplicate names, we want to also block names that look like already existing names because the characters in different languages often look the same.)

    Notice that I'd get ICANN out of the business of name semantics and would leave the issue of protecting trade and service marks up to the normal laws regarding such things.  (And thus I'd drop ICANN's UDRP and all those things like "land-rush" and "sunrise" provisions that ICANN has created over the years.)

  5. What would be the requirements I'd ask of those applying for a permit to operate a TLD?
  6. Well, first I'd make the application fee reasonable: say $50, not $50,000.

    Second I'd ask only a very few questions and require only minimal documentation:

    A. Will the applicant promise on a stack of RFC's and BCP's that he/she/it will follow internet standards and best current practices?

    B. Will the applicant also promise not to use the TLD for illegal activities, like unsolicited commercial email?  (The exact language would be somewhat difficult to write, because I personally don't think we want to make TLD operators liable for the activities of those to whom they grant lower-level names unless the TLD operator is an active participant in that activity.)

    C. Will the applicant also promise to operate the TLD so that it resolves queries from everyone without prejudice or preference, that it will not do data mining of the query stream, and that it will not use its role as TLD operator to manipulate the DNS data in DNS responses unless it has the consent of the concerned name holders within the TLD?

    (The reason I have item C is that I'm busy writing up a note about all the data mining and manipulative things that a root server could do.  And that kind of data mining and manipulation could also be done by a TLD operator to those who have names within that TLD.)

  7. The system of allocation that I suggest is this: We take that number of target slots, my 1,000,000, and we divide it by 100 to come up with a number of new TLDs per year, or divide by 1200 to come up with a number of new TLDs per month.
  8. Now, a lot of people might be uncomfortable with the fact that after that division we have 10,000 TLDs per year or 833 TLDs per month.  OK, so reduce my numbers to 1/10 and I'll still be happy - 1000 TLDs year/83 month.  Hey, go one step more and reduce my numbers a hundredfold to 100 TLDs per year and 8.3/month and we'd still have a vast improvement over the immobility that has been ICANN's de facto TLD policy over the half decade+ since its formation.

  9. Then take that per-year or per-month allocation and divide it into two pots - one pot is for names that will be put up for auction and the other pot is names that will be put up for a low-cost ($5/ticket) lottery.

  10. Then I'd hold a yearly or monthly auction and lottery.
  11. The winners get invited up to the great stack of RFCs and BCPs and, if they make the necessary promises, they then get to announce what name they want to slap on their slot.  If the name meets the technical criteria, then we wish 'em godspeed and good luck.

    I'd not investigate their business plans one whit.  Nor would I require that a TLD operator follow any particular model - they might chose to have a registry/registrar model or might not.  They might chose to "sell" names for 1 to 10 years in 1 year increments or they might make 'em very long term or very short term.  (For an example of a system that eschews the registry/registrar model and periodic name renewals see my note about the business plan of my own TLD, .ewe: The .ewe Business Model - or - It's Just .Ewe and Me, .Kid(s))

One thing that I might do is require, or at least ask, the winners to publish a yearly statement from an independent auditor that attests that they have and actually engage in "procedures that in the mind of a prudent operator of a TLD are sufficient to ensure that the domain name assets of the TLD are protected in the event of natural, financial, or human events against loss or damage to the extent that the TLD could resume operation within a reasonable time after such event of could transfer those assets to a buyer who could then resume operation within a reasonable time."  People who want to build long-term, stable internet brands and identities could stay away from those TLDs that can't come up with a believable opinion from an auditor.

As for protecting the registrants inside those TLDs against failure of the TLD: I'd leave that up to existing consumer protection laws. If the TLD operator misleads their customers then the TLD operator deserves to be strung up by his/her/its legal thumbs.

(Note, that I make a distinction in this when it comes to those, like me, who built our names inside the legacy TLDs, like .com, before there has been a chance for the development of TLDs that create products that provide concrete assurances, for a price, that they will take steps to ensure that they, or at least their names, will remain viable on the net for a long time to come.)

I'd leave the fights that might occur over TLD names (.e.g. the kind of fight that might happen should someone over than Verisign try to put .com, or other than PIR try to put a .org, into a root zone that competes with NTIA's) to the legal systems of the world.

Thus, as you can see, I'd pretty much abandon the entire system in which ICANN intrudes into the business arrangements at both the ICANN-TLD level and also the TLD-2nd-tier-name level.

(And ICANN should be reminded that it accepted roughly $2,400,000 in year 2000 from TLD applicants - ICANN still owes those people an answer.)

Posted by karl at 10:26 AM

January 15, 2006

Sleazy DNS Registrar Practices

Today I went through the recurring, periodic ritual of paying bills.

One bill caught my eye as strange - and after a second look it proved to be more than strange, it was downright sleazy.

I have one domain remaining with Network Solutions - I had paid up for several years and was simply waiting until near the end of the term before moving it to someone else.  The expiration date is in December of 2006.  Note, that's 2006, not 2005.

What I received was an invoice to renew the name - nearly a full year in advance of the actual end of the current registration period.

Is Network Solutions that broke or that sleazy that it starts to send out bills a year in advance?

Sheesh, the domain name business is so unseemly that it makes used car sales positively ethical by comparison.  Thanks ICANN for creating this awful system and imposing it upon us.

Posted by karl at 9:05 PM

January 6, 2006


The top-level-domain (TLD) grab is on!  We've even got proponents of TLDs for cities.

There's already a pattern of TLDs named after barnyard animals: .moo, .kids, .ewe, and even .cat.

Where there's a .cat then there must be a .dog.

So I here lay claim to .dog, the TLD for dyslexics.

Posted by karl at 12:17 AM