March 5, 2012

ICANN Preview: WHOIS and Privacy

Filed under: ICANN, WHOIS, code, domain names, privacy — wseltzer @ 5:39 pm

Next week, ICANN will meet in San Jose, Costa Rica. While we’ve only just barely seen the schedule, it’s clear we’ll be hearing a lot about WHOIS. The WHOIS Review Team’s draft final report is out for public comment.

In addition, ICANN just posted a summary of negotiations around the Registrar Accreditation Agreement and Law Enforcement requests. First among those requests from law enforcement:

(a) If ICANN creates a Privacy/Proxy Accreditation
Service, Registrars will accept proxy/privacy registrations only
from accredited providers; (b) “Registrants using privacy/proxy
registration services will have authentic Whois information
immediately published by Registrar when registrant is found to be
violating terms of service”

Now, even the WHOIS Review Team, which was not heavy with privacy advocates (thanks to those who were there!) acknowledged several legitimate uses of privacy or proxy services in domain registration, including from companies seeking to hide upcoming mergers or product launches; organizations sharing minority or controversial viewpoints; individuals; and webmasters registering on behalf of clients. The Non-Commercial Stakeholders Group listed others who might be concerned about publishing identities in domain registration in comments on a .CAT privacy amendment.

Would the proposed amendments (whose language is apparently agreed-upon but unshown to the broader community) protect these interests? Would they protect the confidentiality of an attorney-client relationship, where the attorney acted as proxy for a client? Will we all have to use ccTLDs (such as .is) whose operators are not bound by these rules? More once we hit the ground in San Jose…

November 4, 2011

ICANN: The Stakes in Registrar Accreditation

Filed under: ICANN, Internet, censorship, domain names — wseltzer @ 12:15 pm

Law enforcement demands to domain name registrars were a recurring theme of the 42d ICANN public meeting, concluded last week in Dakar. The Governmental Advisory Committee (GAC) took every opportunity at its public meetings with GNSO and Board, and in its Communique to express dismay, disappointment, and demands for urgent action to “reduce the risk of criminal abuse of the domain name system.”

This conversation about domain name abuse benefits from a multi-stakeholder environment, where it can include domain registrars, registrants, and Internet users, along with law enforcement representatives. Broad debate helps because the question is not just how to “mitigate criminal activity using the domain name system,” but how to recognize criminal activity at the DNS level, how to implement due process to protect legitimate online speakers from abusive or mistaken takedowns, and how to protect the privacy and security of non-criminal users of the domain name system.

ICANN’s processes, particularly the GNSO Policy Development Process, are designed to bring these viewpoints together and find consensus. The Generic Names Supporting Organization has representatives from domain registries, registrars, business, and non-commercial users. (I sit on the GNSO Council as a Non-Commercial Stakeholder Group representative.) Governments are invited to participate in these processes, as well as having a specially privileged role to give “Advice” to the ICANN Board, which the Board must explicitly consider. The rights of domain registrants and Internet users depend on the terms of the Registrar Accreditation Agreement between domain registrars and ICANN. Under all the acronyms lie important issues of free expression.

Yet the U.S., speaking through the GAC, demanded a bigger stick and a smaller discussion, asserting that domain registrars should have unilaterally acceded to the 12-point law enforcement demands instead of going through community comment, negotiation, and discussion. The U.S. cannot simultaneously seek public support for multistakeholder processes while attempting to circumvent those processes in action. Thus I welcome the ICANN Board’s resolution starting an Issue Report for the GNSO to consider issues for RAA amendment.

Now some of the law enforcement demands — publication of a contact address, identification of registrars’ principals — appear relatively innocuous, but even those could be the prelude to assessing intermediary liability and pressure on those who facilitate speech. More troubling, law enforcement wants to force registrars to do extensive verification of domain name registrants’ identities, and to constrain the privacy and proxy services that currently permit registrants to shield identities and addresses from public disclosure.

Domain names are often tools of individual and group expression; not so much through expressive content of the strings themselves, but through the speech hosted at a domain, the conversations carried on through URLs and hyperlinks, and the use of domains to route email and other messaging. Domain names provide stable location pointers for individuals’ and groups’ online speech; as such, they also present possible chokepoints for censorship and suppression of speech.

In the specific instance of responding to law enforcement requests for the publication of registrar contact information, the potential impact is indirect but not insubstantial. In response to law enforcement requests for “registrar cooperation in addressing online crime,” the resolution considers a requirement that registrars “must publish on their respective web sites e-mail and postal mail addresses to which law enforcement actions may be directed.”

If we could be sure that the requests would relate only to activity universally agreed to be criminal, from law enforcement agencies following due process of law and respecting human rights, the proposed requirement would be uncontroversial. As legal regimes and their approaches to human rights are not uniform, we cannot make that blanket assumption. The contacts could be used to censor.

I don’t want to interfere with legitimate law enforcement. I do want to specify explicit procedure and limitations so that these contact points do not become points of control through which registrars can be pressured into removing domains that provide access to critical or “inharmonious” speech. To that end, it’s important that the discussion take place in the GNSO forum where civil society is represented to raise these concerns and develop procedural protections.

July 2, 2008

ICANN’s New gTLD Process: Hype and Reality

Filed under: ICANN, Internet, code, markets — wseltzer @ 3:29 pm

Domainopoly At its 32d International Junket Meeting last week, ICANN’s Board approved the GNSO Council’s recommendations for the eventual addition to the root of new generic top-level domains (gTLDs). This means that eventually, when the staff drafts, community comments upon, and Board approves implementation processes, those with deep pockets will have the opportunity to bid for new TLD strings.

In the meantime, though, the hype-machine was in full swing, with ICANN calling the move the “Biggest Expansion to Internet in Forty Years” in a newsletter mailing, since corrected. The BBC picked it up as “internet overhaul“; while CNN sent a crawler scrolling. New gTLDs may have value to Internet users, who will get a larger field in which to find memorable stable identifiers, but they’re hardly an “expansion” on the level of broadband rollout or protocol interoperability. Luckily, ICANN doesn’t have much to do with those actual innovations, so it can’t get in their way.

Before we get new generic TLDs, one of the initial purposes behind ICANN’s creation ten years ago, we still have to wait for ICANN’s staff to iron out the application process, including processes for resolving contention between multiple applications for the same string, and objections based on “legal rights of others,” the illusory “generally accepted legal norms relating to morality and public order that are recognized under international principles of law,” or “substantial opposition to it from a significant portion of the community to which the string may be explicitly or implicitly targeted.” (The At-Large Advisory Committee, from which I am non-voting liaison to the ICANN Board, had these comments. I speak only for myself in this blog.)

Then too, we have yet to see the application fees that will be levied upon applicants who wish to run this gauntlet. Even ICANN’s FAQ suggests we won’t be seeing the roll-out until mid 2009. So those of you holding your breath for .blog or .sex might want to relax and check back in a few months.

February 14, 2008

ICANN: Contribute to the ALAC Review

Filed under: ICANN, censorship — wseltzer @ 5:05 pm

Every three years, ICANN’s bylaws call for the review of its component parts. The GNSO review produced many good recommendations for restructuring of the GNSO Council and its Policy Development Process.

The triennial wheel has turned to the At-Large Advisory Committee, and ICANN, through Westlake Consulting, is calling for input as they consider “whether the ALAC has a continuing purpose in the ICANN structure; and, If so, whether any change in structure or operations is desirable to improve its effectiveness.”

ALAC exists “to consider and provide advice on the activities of ICANN, insofar as they relate to the interests of individual Internet users.” ALAC is supposed to be the Internet using public’s chief voice within ICANN. As ALAC’s liaison to the ICANN Board, I clearly believe that’s an important function. I also think ICANN could be doing better: I’d like to see that voice enhanced for members of the public concerned with topics such as availability of domain names in useful and non-English scripts, privacy in domain name registration, and security of Internet addresses.

If you’ve worked with ALAC or have ideas for facilitating public input to ICANN, I encourage you to get in touch with the review team. The more perspectives they hear, the better they can assess ALAC and offer recommendations.

September 26, 2007

Has Common Sense Flown the Coop: No copyright claims to book prices

Filed under: ICANN, law, open, privacy — wseltzer @ 4:19 am

The Crimson has been reporting on the Harvard Coop’s silly claims of “intellectual property” against those who come to the bookstore to compare prices. It’s escalated all the way to calling the cops, who wisely refused to throw students out of the store.

A terrific clinical student at the Berkman Center helped us to write an op-ed on the limits of copyright, which the Crimson ran today:

We’re not sure what “intellectual property” right the Coop has in mind, but it’s none that we recognize. Nor is it one that promotes the progress of science and useful arts, as copyright is intended to do. While intellectual property may have become the fashionable threat of late, even in the wake of the Recording Industry Association of America’s mass litigation campaign the catch-phrase—and the law—has its limits.

Since the Coop’s managers don’t seem to have read the law books on their shelves, we’d like to offer them a little Copyright 101.

Copyright law protects original works of authorship—the texts and images in those books on the shelves—but not facts or ideas. So while copyright law might prohibit students from dropping by with scanners, it doesn’t stop them from noting what books are on the shelf and how much they cost. does students a real service by helping them to compare prices efficiently. Harvard should support them in their information-sharing efforts, rather than endorsing the Coop’s attempts to cut off access to uncopyrightable facts.

July 2, 2007

Exclusive Rights: The Wrong Goal for NFL

Filed under: ICANN — Wendy @ 1:09 am

The NFL just doesn’t know when to stop. The Washington Post reports on a new NFL policy limiting journalists’ use of video online:

In a move designed to protect the Internet operations of its 32 teams, the pro football league has told news organizations that it will no longer permit them to carry unlimited online video clips of players, coaches or other officials, including video that the news organizations gather themselves on a team’s premises. News organizations can post no more than 45 seconds per day of video shot at a team’s facilities, including news conferences, interviews and practice-field reports.

Now this policy isn’t copyright-based — the NFL doesn’t have copyright in the un-fixed statements of its players and coaches — but good old real property law. The NFL teams own their facilities, and with them have the right to exclude people physically, as trespassers. So the NFL is telling sportswriters, who depend on physical access to gather the background for their stories, they’ll be barred at the gates if they use more than 45 seconds of video online.

Houston Chronicle columnists John McClain and Anna-Megan Raley show the absurdity of this policy by trying to complete interviews in 45 seconds, stopwatch in hand. Even stopping at 45 seconds, they apparently violate the policy if the video is not removed after 24 hours and doesn’t link to!

While the football league may be within its legal rights on this one, its policy still reflects a fundamental misunderstanding of the medium. The league depends on independent journalists to do the research that keeps people following the sport between games, and journalists have turned to the Internet to dig deeper than they could in print or time-constrained TV. Readers go to sportwriters’ websites and blogs precisely for perspectives they don’t get from the official website. Limiting the richness of media available on these sites is more likely to alienate fans and journalists than to drive traffic to Just look where the Olympics is.

Sometimes rights to exclude are best left un-exercised. By contrast, the National Hockey League has taken a better course, striking deals with YouTube, Sling Media, and Joost to permit people to see hockey when and where they want. “We’re not content fascists,” Keith Ritter, president of NHL Interactive Cyber Enterprises, which represents the league’s interests in new media, tells the LA Times. Perhaps it’s time for the Houston Chronicle team to battle global warming and pick up hockey sticks!

Thanks Scott!

April 2, 2007

No Fooling: EMI to Offer DRM-Free Music

Filed under: ICANN — Wendy @ 11:24 am

I had to double- and triple-check the dateline on this press release, not because it’s foolish, but because it is so far from what we’ve heard the near-unanimous record labels saying for so long. But the dateline is April 2, so that must mean that EMI really is launching DRM-free superior sound quality downloads across its entire digital repertoire:

London, 2 April 2007 — EMI Music today announced that it is launching new premium downloads for retail on a global basis, making all of its digital repertoire available at a much higher sound quality than existing downloads and free of digital rights management (DRM) restrictions.

According to the announcement, in May EMI will make its catalogue available on the iTunes music store in 256 kbps unencrypted AAC files at $1.29 per track. That’s double the bitrate and free from digital rights management, as compared to the standard DRM-encumbered iTunes offerings at $.99-per-track.

What does this mean for music fans and copyright watchers? For music fans, it’s another option that is better than previously available EMI downloads on two axes: higher sound quality and better interoperability. At twice the bitrate, you’ll hear fewer compression artifacts. The unencrypted AAC files will play on any device that supports AAC, unlike the FairPlay-burdened iTunes files that play only on iPods and iTunes computers that have authorized to the Apple mothership. If your device doesn’t support AAC, iTunes offers to convert to MP3. That means you can take authorized downloads to your Squeezebox or GNU/Linux PC. You can still get higher quality, more interoperable files by ripping your own from CD, but without the right-away convenience of downloads.

For the copyright-watcher, the move suggests that EMI management is cooling to the standard “piracy” line for DRM and the claim that it “keeps honest people honest.” They’ve seen that DRM’d tracks end up fileshared just as quickly, while inconveniencing the honest users who want to move beyond the iPod. Moreover, they’ve seen the chief effect of DRM has been to lock both listeners and record labels to Apple’s sales chain, since only Apple offers FairPlay and no other DRM plays on the popular iPod. Perhaps EMI recognizes its music is most valuable if listeners can choose their own playback technologies, rather than being restricted to the complements EMI determines and licenses. It also means that Apple has been willing to walk Steve Jobs’s talk:

The third alternative is to abolish DRMs entirely. Imagine a world where every online store sells DRM-free music encoded in open licensable formats. In such a world, any player can play music purchased from any store, and any store can sell music which is playable on all players. This is clearly the best alternative for consumers, and Apple would embrace it in a heartbeat.

At the same time, EMI has put a lot of variables into its experiment, as Ed Felten notes. Will people be willing to pay more for unencumbered tunes? Will they be doing so for the lack of DRM or the higher sound quality? Will they be pleased or puzzled by the dual pricing structure, as DRM-laden EMI tracks will still be available for $.99? Were the players spooked by European antitrust investigators? It may be some time before we can analyze the whole picture, but this DRM rollback is a promising start.

October 19, 2006

Forbidding Vistas: Windows licensing disserves the user

Filed under: ICANN, commons, open — Wendy @ 12:18 am

Reading the Windows Vista license is a bit like preparing for breakfast with Lewis Carroll’s Red Queen: You should be ready to believe at least six impossible things about what users want from software.

It is unlikely that a home user looking for a computer operating system has any of these “features” of the Vista EULA in mind: The Red Queen

  1. Self-limiting software
  2. Vanishing functionality through invalidation
  3. Removal of media capabilities
  4. Problem-solving prohibited
  5. Limited mobility
  6. One transfer only

    and a bonus,
  7. Restrictions on your rights to use MPEG-4 video

Details below. While Microsoft should be commended for putting its license into plain English, that doesn’t help to make the license restrictions any more palatable. Quoted italicized language comes from the Vista license.

1. Self-limiting software, or Mandatory Activation. “Your right to use the software after the time specified in the installation process is limited unless it is activated. … You will not be able to continue using the software after that time if you do not activate it.” Moreover, “[s]ome changes to your computer components or the software may require you to reactivate the software.” In order to use Microsoft Vista, you must consent to communication to Microsoft of information about the software and the device on which you have installed it. If you don’t do so in time, your software will begin to degrade in function.

2. Vanishing functionality through invalidation. “The software will from time to time validate the software, update or require download of the validation feature of the software. … [if validation fails] you may not be able to use or continue to use some of the features of the software.” Again, your computer must make periodic (period unspecified) contact with the Microsoft mothership if you want to continue to enjoy what you thought you paid for. Microsoft, of course, disclaims any liability for the consequences if their servers fail or mistakenly deny you validation.

3. Removal of media capabilities. “When you download licenses for protected content, you agree that Microsoft may include a revocation list with the licenses.” “[C]ontent owners may ask Microsoft to revoke the software’s ability to use WMDRM [Windows Media digital rights management] to play or copy protected content.” In other words, one movie or music file may take away your ability to play another, if the content owner (not the computer owner) chooses to cut back the Windows Media Player’s features. Don’t like the reports that Creative is removing radio recording functions from its MP3 players, under music industry pressure? Prepare for that kind of feature flux to be routine in Vista — you’ve agreed to it in the license.

4. Problem-solving prohibited. “You may not work around any technical limitations in the software.” Microsoft might be referring to anticircumvention of technical protection measures here, but since it’s often hard to tell the difference, from the user’s perspective, between a TPM and a bug, this reads as a prohibition on user debugging and problem-solving. After all, down-rezzing HD content or refusing to allow users to copy quotes from an e-book don’t strike most people as wanted features. Can you work around a document’s failure to save properly?

5. Limited mobility. “The first user of the software may reassign the license to another device one time.” If you upgrade your machines more frequently than you care to change operating systems, you’ll just have to pay again. Don’t worry about this applying too frequently, though, because most OEMs will probably keep bundling Windows with their hardware, thanks to Microsoft’s pricing encouragement, and Microsoft won’t offer refunds if you don’t like the terms on those OEM bundles.

6. One transfer only. “The first user of the software may make a one time transfer of the software, and this agreement, directly to a third party…. [T]he other party must agree that this agreement applies to the transfer and use of the software.” You can give your old computer to Dad, but if he wants to give his older computer to the neighborhood community center, they’ll have to find their own operating system (may I recommend Ubuntu?).

Bonus. MPEG-4 Visual Standard

NOTICE ABOUT THE MPEG-4 VISUAL STANDARD. This software includes MPEG-4 visual decoding technology. MPEG LA, L.L.C. requires this notice:

Humpty DumptyUsers never asked for these impossible limitations. Microsoft decided unilaterally to add them, claiming it could abrogate personal ownership, fair use, and first sale rights because “The software is licensed, not sold.” If Microsoft faced real market competition on the home desktop, users could vote with their wallets, but anticompetitive practices and network effects make Microsoft a like-it-or-not proposition for most users.

While Carroll’s Humpty Dumpty might have been able to choose the meanings of his words at will, on this side of the looking glass, software vendors shouldn’t be able to redefine the meaning of “buying software” by the simple attachment of a click-wrap license.

Public domain Tenniel images (1872) from The Victorian Web.

October 17, 2006

Restricted Fabrics: Cutting against the grain of personal property

Filed under: ICANN, open — Wendy @ 11:31 am

Cory BoingBoings
use-restricted fabric:

Copyrighted fabric: no selling the stuff you make from it
Reprodebot sells fabric that comes with a “license agreement” that prohibits you from making commercial goods out of the material. What this means, at the end of the day, is that they’re not selling you anything at all — instead, they’re licensing the fabric to you, and it isn’t your property, and you can’t do with it what you want.

fabricPool Party

Please note: This fabric can be purchased for personal sewing projects only. This print cannot be used for items made for resale.

I can hear the law-and-economicians gearing up arguments about the efficiency of price discrimination: Suppose the creator of this fabric pattern wants to sell it for commercial use, and finds that commercial re-sellers are willing to pay her $35/yard. If she sold the fabric uniformly at that price, a few interested personal users would be unable to afford it. She could sell it to those personal users at $24.95/yard (or $12.95/yard) (still above her marginal cost of manufacturing the fabric), but she’ll do that only if she can prevent commercial use and arbitrage — pretend-personal users buying the fabric just to re-sell it commercially at $25/yard — by those who’ve paid only $12.95. So, either we permit use restrictions (what you can buy for $12.95 is not an unencumbered bolt of cloth), or the seller will sell only at $35 and some people will miss the opportunity to buy something that was worth $12.95 to them.

But the perfect price discrimination story has several holes, some correctable, others not.

  • Some people don’t know they’re buying use-restricted fabrics, so they end up with something worth less than $12.95 to them. The first buyer could be given a clear warning on the purchase site, but what if he later decides he can’t use a whole bolt of fabric, and wants to dispose of some?
  • It’s difficult to track the use-restrictions. Do we make people leave the mattress tags on even after buying the mattress, or do we make every subsequent purchaser investigate the chain of fabric-title for restrictions? Can a gift recipient sell an old blanket at a tag sale? (The transaction costs of tracking the restrictions burden the public more than allowing the price discrimination benefits.)
  • The economics might be wrong. If the designer couldn’t put use restrictions on her product, perhaps she’d sell it somewhere between $35 and $12.95, and public welfare would increase because more people would be getting more value.
  • The seller is trying to lock up something she doesn’t have the legal right to: Copyright grants artists the right to prevent reproduction of their original works, but not to prevent resale of a lawfully obtained copy (first sale doctrine). Moreover, that doctrine represents a policy choice about the amount of incentive needed to induce creative work. Though the copyright holder has the choice whether or not to make fabric, she shouldn’t get further control over the market for pillows and tents made from matching fabric.

    Clarifying the terms in a purchase contract solves only some of these problems. It doesn’t, in particular, address the concern that the seller might be using the powers of copyright to exclude more than copyright was intended to control — and more clearly in areas of interoperable products or expressive speech, to control a market or a debate beyond that which is healthy for society.

  • November 17, 2005

    Boiling Frogs with Sony’s Rootkit

    Filed under: ICANN, commons, open — Wendy @ 11:55 am

    For years, the entertainment industry’s DRM strategy has seemed to follow the old story about how to boil a frog: Start it going in a pan of cold water and gradually turn up the heat.

    So it is with digital rights management: Start consumers off with restrictions only the techiest edge-cases among them will notice, then quietly increase control. Apple’s iTunes, for example, has downgraded the behavior of already-purchased music files. One day you could burn a playlist 10 times, the next day only seven.

    Once you’ve accepted that “your” music comes with only a set of pre-defined uses — and not any personal use you can invent — you might not notice as you lose the ability to do your own format-shifting. Just as fans once re-purchased music as it moved from 45 to LP to CD, perhaps they could be conditioned not to complain if they were made to re-license when they replaced computers and stereo components. Instead of selling CDs, then, marketers will then be able to slice up the “music experience” and license pieces back to the fans whose rights they’ve taken, ideally for more than the one-time profit on a CD.

    Until Sony BMG turned up the heat too fast with its rootkit. As eHomeUpgrade puts it, this “DRM Nightmare” has been good for consumer rights.

    Given that Sony has taken to installing spyware to protect their music, you may be wondering why this episode in the DRM struggle has been good for the consumer. Simple: consumer awareness. For the past several years, much has been made of viruses and spyware and their adverse effects on our computers. The industry designed to stop these threats brings in tens of millions of dollars every year to stop these vicious pieces of software. The average consumer understands what a virus or spyware is. However, stop most consumers and ask them to explain DRM and you’ll probably get a blank stare. Up until now, the consumer has been uneducated on what DRM is and how it will affect their daily lives. The major music and movie studios have been fine with this; and now that awareness is changing.

    The average fan, who may never have been blocked from playing music from the (new) Napster music store on an iPod; who may never have tried to create her own version of the Daily Show from a TiVo-to-Go’d evening news program but been stymied by copy controls; suddenly has a vivid example of how DRM takes your music — and your computer — away from you. CERT, the US Computer Emergency Response Team, is advising
    , “Do not install software from sources that you do not expect to contain software, such as an audio CD.”

    I think the frog may be ready to jump out.

    Next Page »

    Powered by WordPress