Mandarin is a tricky language, but ICANN may want to learn the expression chóngfù before leaving the Beijing meeting. Chóngfù means “do-over” and that’s what ICANN needs to forestall an entirely preventable disaster in the delegation of new top-level domains (TLDs).
The issue of “string similarity” seems straightforward. Nobody inside ICANN or out there in the real world wants Internet users to be confused by new TLDs that are confusingly similar. Imagine hearing an ad offering low rates at car.loans but you encounter something completely different at car.loan instead? And what would stop somebody from launching a new TLD by just tacking an “s” onto popular domains like .com or .org?
The Government Advisory Committee (GAC) is catching a lot of flack for it’s Beijing Communiqué, but one thing the GAC got right was its advice that singular/plural strings are confusingly similar.
So how did we get to a point where ICANN inexplicably failed to find confusing similarity for 24 pairs of singular and plural forms of the same words, including .web /.webs, .game/.games, and .hotel/.hotels? More important, how do we fix this?
Read More
Today we published our September 2011 “iAWFUL” list of bad Internet laws. The worst offenders are new burdens on small businesses using the Internet, plus a Puerto Rico bill restricting how 17-year-olds can use social networking.
Our Internet Advocates’ Watchlist For Ugly Laws (yep, iAWFUL is an acronym) is the 10 items of state and federal legislation that pose the greatest threat to the Internet and e-commerce.
Read MoreThe WSJ ran a front page, above-the-fold headline screaming that Facebook has had a privacy breach.
For any business that holds personal data, there’s a mantra that goes,
"Whatever you do, just make sure we’re never the subject of a WSJ story about breach of our customers’ data.”
Companies are rightfully concerned about a data breach, like losing a laptop or backup tapes, or having some hacker steal credit card or social security numbers.
As an avid Facebook user, I steeled myself to read the story beneath this alarming headline.
But hang on, today’s WSJ "breach" story has nothing to do with that kind of breach. Instead, the WSJ is saying that some of Facebook’s applications are accidentally sharing the public username on my Facebook page, in violation of the company’s privacy policy.
Well, I guess that’s a breach of sorts, since somebody broke a privacy promise to users like me. But this story was nothing like a breach where my credit card numbers or sensitive personal information was leaked or hacked.
A closer look at the issue indicates that there is far more smoke than fire in the WSJ piece.
First, while details are still forthcoming, it appears that the issue at hand involves external actions between application developers and advertising companies. To be sure, Facebook has stepped-up and is holding third parties accountable to existing privacy requirements.
Second, it seems that the mechanism used by third parties to serve ads is not unique to Facebook, but an issue of referrer URLs used by all browsers. In essence, what we are looking at here is an Internet-wide issue, not a Facebook issue.
That said, this is an important issue. Facebook should step-up to hold third parties accountable if they’ve violated user privacy policies, and it should develop solutions that overcome shortcomings in browser technologies.
Moreover, the WSJ should step-back from using tabloid-style headings to attract eyeballs (and advertising revenue) to their research and writing. The breathless headline is clearly meant to feed the privacy beast that is increasingly in danger of doing far more harm than good.
–Steve DelBianco
In the sci-fi movie Minority Report, a ‘precrime’ police unit relies on the visions of psychics to predict future crimes, then arrests the potential perpetrators before they do anything wrong. In the world of Internet governance, the future is now, as regulators want online services to predict and prevent safety threats before they actually occur.
Online child safety is a hot topic at the Internet Governance Forum (IGF) this week in Lithuania, where I attended a workshop on those new location-based services that allow users to publish their mobile phone location info to their parents or social network pages (think: Foursquare, Loopt, and Facebook Places).
According to some privacy advocates and lawmakers, the precrime problem here is that location data might be seen by someone with bad intentions. In the name of protecting children, panelists here favor a policy framework that would require innovators to clear new location-based services with regulators before making them available to users.
Think of the irony with this regulatory approach. Lawmakers are not likely to predict all the ways that bad people can abuse a good service, and regulatory approvals are notoriously slow and inflexible. On the other hand, Internet innovation is marked by rapid development of new services and quick reactions to fine-tune new features or fix unexpected problems. For example:
Contrast the speed of these changes with the average time it takes to pass a new law, or – since these problems are global – with the time it takes to negotiate an international treaty. The fastest solution to the problems raised by technological innovation usually comes in the form of more technological innovation.
Earlier this week at IGF, White House Deputy Chief Technology Officer Andrew McLaughlin said that one of the best aspects of the Internet is how it enables innovation without permission.
Innovators treasure this ability to experiment, and in return, know that they must quickly find solutions when their innovations cause unintended consequences for users. They get that innovation without permission does not mean innovation without responsibility. And online services should improve their design and testing methods so that there are fewer post-release problems to deal with.
But surely we don’t want to require developers to seek permission before innovating. As a Swiss government official said at IGF today:
Maybe for some functions you need an ex-ante regulation that is proscriptive. For other functions you let people act and then if something bad happens, you have an ex-post regulation. –Thomas Schneider, Switzerland’s rep at the Council of Europe and ICANN.
More sage advice came from young people – the anticipated victims of precrimes that might use location-based info. Joonas Makinen of the Youth Coalition on Internet Governance told the IGF, "It is better to focus on fighting ignorance and building digital literacy than applying safety strategies based on restriction."
At the end of Minority Report, the precrime unit is shut down, but only after it had ruined many lives with faulty predictions. Before online precrime advocates gather too much steam, I suggest we take a scene out of their own movie, and shut them down before they begin.
–Steve DelBianco
Enough with the bullies from UAE and Saudi Arabia kicking sand on the skinny Canadian guy.
The Blackberry service comes from a Canadian company who’s just doing what every communications technology provider is trying to do: respond to growing customer demand for security and privacy of their emails, text messages, and chats.
So what’s the point of bullying the mild-mannered Canadians, when American giants like Google are already doing the same thing? Maybe EPIC’s Marc Rotenberg has the answer, "The United Arab Emirates is not in much of a position to tell Google not to encrypt e-mail."
If the UAE and Saudis won’t pick on someone their own size, the global technology and communications industry needs to step in and make this a fair fight.
But first, lets make sure these Arab governments understand the futility of their fight. Do they really think that barring Blackberry devices and service will prevent users from encrypting messages?
We have come a long way from the days of putting a wiretap on telephone conversations. Electronic communications is no longer a single vendor, point-to-point connection. Today we use packet-based messaging over a multi-layer stack of distinct services managed by multiple vendors.
I wrote about this "Security Stack" in a paper, which included this chart showing the path of a typical email:
The Blackberry service offers encryption, and assures customers that its network is designed "to exclude the capability for RIM or any third party to read encrypted information under any circumstances." So, even if Saudi Arabian authorities could see encrypted Blackberry messages, only the sender has the key to read its contents.
Even if Blackberry’s operator were forced to stop encrypting messages, there are multiple layers in the security stack where devices, services, and networks can provide encryption and other privacy-enhancing features that customers demand. Encryption can be implemented on nearly any service, so those who want to maintain their privacy will find a way.
Threatening and bullying Blackberry into submission won’t stop citizens from encrypting their messages. That can only be done by forcing similar restrictions on every other provider in the stack.
It’s not likely that the UAE and Saudi governments will pick a fight with every company in a global industry. Nor is it likely they would ban all electronic messaging, knowing their monarchs would be forced to back down after a few days of embarrassing international criticism.
It’s time for these governments to stop bullying a company that’s investing heavily to bring connectivity, content, and commerce to their own citizens. It will only lead to a larger fight where everyone loses.
–Steve DelBianco
In Brussels on Friday, an esteemed panel of experts got together to discuss the challenge of improving ICANN’s accountability. It’s just too bad nobody from ICANN came by to hear it.
Co-sponsored by the Washington-based Technology Policy Institute and the Brussels-based Center for European Policy Studies, the panel focused on ICANN accountability. Four of the panelists –Shawn Gunnarson, Milton Mueller, Lawrence White, and Tom Lenard –have published proposals for new accountability mechanisms.
While their prescriptions varied widely, the panelists were remarkably similar in their diagnoses – namely, that ICANN has yet to meet the fundamental challenge of making its board and staff accountable and answerable to the community that it is intended to serve.
It’s a message that’s been delivered to ICANN many times before, from many different stakeholders, but one that the staff and board of ICANN don’t want to hear.
With the Accountability and Transparency Review now underway, the ICANN community gets another chance to make its collective voice heard about the accountability issue. But as panelist Milton Mueller pointed out, sometimes voice isn’t enough.
Quoting from his 2009 paper, Mueller contends that ICANN has effectively substituted “voice” for other, more impactful mechanisms of accountability.
As members of the ICANN community we routinely voice our concerns, but when it comes to implementing real change, or holding the organization to account for its decisions, we’re left on the outside, looking in.
Hundreds of us devote substantial time and resources following the ICANN world-wide tour of meetings. We take weeks away from our day-jobs and families to participate in the “bottom-up” process that’s theoretically driving DNS policy. And we desperately want to believe that our participation makes a difference.
But a substantial number of stakeholders are questioning whether their participation really matters. While ICANN’s board and management may not mind if there are fewer stakeholders going to the microphones during public comment periods, the organization must know that it’s credibility depends on stakeholders believing they have an impact on the process.
In meetings between ICANN’s Government Advisory Committee (GAC) and the Accountability Review team yesterday, government representatives wondered why ICANN isn’t requesting their advice more often, and gave examples where GAC advice wasn’t duly considered in Board decisions.
There’s a common-sense saying, "Don’t moon the giant." Alienating nongovernmental stakeholders is one thing, but ICANN is risking its very existence if influential governments feel alienated or ignored. That’s because governments have options other than ICANN. They can turn to other venues where their voice is law, such as the United Nations and ITU. If that happens, we’ll find out how tenuous ICANN’s grasp on authority really is.
In Today’s opening ceremony, CEO Rod Beckstrom said that ICANN invited the voices of stakeholders who might be critical:
By bringing in diverse and even contradictory voices, we are driving toward even greater innovation and openness and laying the path for the Internet of tomorrow.
But when one is disagreeing with proposals being pushed by ICANN staff and management, just having a voice isn’t nearly enough.
–Steve DelBianco
In his op-ed today, Facebook founder Mark Zuckerberg promised further changes to give users better control of privacy settings. It’s a clear signal that Facebook is seeking to meet user privacy preferences while still attracting enough ad revenue to keep the site free for everyone. But will these signals even be heard above all the noise made by Facebook’s critics?
Radio engineers speak in terms of signal-to-noise ratio when they want to measure usable signals against a background of useless static. There’s been a lot of noise over Facebook recently, driven by a feeding frenzy of technology bloggers and journalists.
Their hyperbole hit a high note when some equated Facebook’s privacy drill to BP’s giant oil spill, while others wrote articles (or op-eds? It’s so hard to tell sometimes) that insult Facebook employees and impugn their motives. Just when you think nothing could rival the noise of Washington’s echo chamber, the technology pundits show us how a real shout-down is supposed to work.
All this noise threatens to overwhelm any music Facebook is trying to make. Facebook is a lot like the conductor of a symphony orchestra of users, advertisers, developers, and publishers. It has to attract users with features and a growing network of friends and groups, while respecting their privacy preferences. Facebook must also get advertisers to pay enough to make the service free to users. They also help entrepreneurs to develop and host new applications. And recently the Facebook symphony added a new section for content publishers serving customized news, which just might be the lifeline that mainstream media is looking for.
Now, Facebook isn’t a NetChoice member, but it’s obvious I’m a big fan of the site. I’ve also watched other game-changing web platforms – like Google– go through similar challenges when they modified privacy settings on new services. And as a Facebook user, I like granular control over what I share with whom, but I’ll admit that it’s confusing how they’ve mapped my old preferences to the new settings.
Still, I’m glad to see that Facebook leadership sees the importance of telegraphing their actions and responding to user concerns. But this exercise is obviously not entirely about signals of user concern. After all, 400 million users have already signaled that they are pretty comfortable with Facebook.
The noise we hear now is instigated in large part by ‘Chicken Little’ critics who earn their funding and prestige by scaring the living bits out of the general public. In one telling statement, Jeff Chester of the Center for Digital Democracy actually thanked Facebook for helping to boost contributions to his organization.
Even Senators with a love for the limelight have jumped on the bandwagon by telling Facebook how to manage a service it gives us for free. But I think we can all agree that management by a Congressional Committee is the fastest way to suck innovation and competitiveness out of one of America’s fastest growing industries.
Feeding frenzy and opportunism aside, I hope that Facebook comes out of this episode with a better understanding of how to listen and interact with its loyal user community when changes occur. That’s good, since there will inevitably be more changes ahead for social networking business models.
While Facebook is trying to conduct a complex symphony among users, advertisers, developers, and publishers, we shouldn’t let positive signals be drowned out by privacy cat-calls coming from critics in the audience.
–Steve DelBianco
