The impending reform of the Generic Name Supporting Organization (GNSO) at ICANN, and specifically the approval of a charter for the new Noncommercial Stakeholders Group (NCSG) is now in full swing. Last month, IP Justice's and current NCUC Chair, Robin Gross submitted the NCUC's proposed charter (and accompanying executive summary and chart) for the NCSG to the ICANN Board. According to Gross, the proposal was developed with the input of numerous noncommercial organizations (including IGP), as well as consultations with ICANN Board members and other stakeholders. In contrast, a small band of supporters of the censorship oriented group CP-80 sought to upset this consensus effort by submitting a competing charter proposal. Now IGP's Milton Mueller has submitted comments to ICANN analyzing the two charter proposals, identifying the shortcomings of the CP-80 proposal and addressing their critique of the NCUC proposal.   more »

While the fight over using cryptography to protect personal communications was allegedly "won" during the late 1990s, the battle over using it to protect critical Internet resources is just heating up. News from the recent IETF in San Francisco and RANS conference in Moscow suggests that national crypto laws are now complicating efforts to secure the DNS.

Specifically, supporters of .ru have noted that while they are interested in deploying DNSSEC, there are legal and operational constraints surrounding the current crypto specs in the standard (i.e., RSA signature and SHA digest algorithms) that could make it difficult for Russian based organizations to deploy the protocol. There are now efforts being made to introduce the Russian developed GOST family of algorithms into the protocol.

[Update: An Internet-Draft on producing GOST signature and hash algorithms DNSKEY and RRSIG resource records for use in the Domain Name System Security Extensions (DNSSEC) has been submitted for adoption by the DNSEXT Working Group.]   more »

The Rockefeller-Snowe bill emerges from an environment of blind hysteria around cyber-security problems that has developed in recent months. Section 2 contains 150 lines of silly hyperventilating that exaggerate the threats - but more importantly, misconceives the nature of Internet-based threats and the best way to respond to them. The bill succumbs to the tendency to take a national, hierarchical and centralized approach to problems that are best met through the organic evolution of decentralized, flexible, adapative and transnational, private sector-based cooperative solutions that leverage the peer production capabilities of the Internet.

Still, it is not as bad as it could have been. The bill does not turn over cybersecurity responsibilities to the NSA, nor does it completely centralize authority in a single government agency. Instead, it creates a multistakeholder Cyber-security Advisory panel appointed by the President. Here is a section-by-section review of the most outstanding parts of the proposed law...   more »

This is no April Fool's joke: here is a bill that is almost a caricature of what the rest of the world fears about U.S. control of the Internet DNS root and ICANN. Legislation unveiled today by Senate Commerce Chairman John (Jay) Rockefeller and Sen. Olympia Snowe, R-Maine, would require a Presidentially appointed cybersecurity advisory panel to ensure that national security would not be compromised before approving the renewal or modification of the contract between the U.S. government and the Internet Corporation for Assigned Names and Numbers. According to a summary of the bill, it would "make sure that ICANN does not succumb to foreign pressure" to end its relationship with the U.S. government.

ICANN is only one part of a comprehensive and authoritarian approach to cybersecurity. According to the Center for Democracy and Technology, "The Cybersecurity Act of 2009 would...give the President unfettered power to shut down Internet traffic in emergencies or disconnect any critical infrastructure system or network on national security grounds."

Read the proposed Cybersecurity Act of 2009.