Indiana E-Mail Advertising Bill – a Trifecta of Bad

We see a lot of bad proposed Internet laws, but even for us it’s rare to see a bill that hits the trifecta of being bad for businesses, bad for state taxpayers and bad for the very people it’s theoretically intended to protect.

It’s hard to cram that much bad into one bill but an Indiana senator found a way.

We were back in Indianapolis earlier this week opposing SB 344, an e-mail registry designed to stop advertisements to children, but actually places them in greater danger while costing in-state businesses up to $72,000 a year.

You may remember this from our February 2012 iAWFUL list.  If passed, this bill would establish stiff fines for companies that  e-mail to registered minors ads for products that minors aren’t legally allowed to purchase.

As with so many bad Internet laws, it sounds ok…until you take even a moment to think about its implications. Read more

Updated iAWFUL List Ranks Top Threats to Online Commerce

Today we published our March 2011 “iAWFULIawful Logolist of bad Internet laws.  We identified a surge in state and federal online privacy legislation that is threatening to tie the hands of online innovators.   (iAWFUL was already picked-up in CNET, Politico, The Hill, and

Our Internet Advocates’ Watchlist for Ugly Laws (iAWFUL) tracks the 10 pieces of state and federal  legislation that pose the greatest threat to the Internet and e-commerce.  Read more

Spotlight on Spam

Spammers are taking advantage of recent natural disasters and are disguising as news reports and donation requests following the cyclone in Burma and the earthquake in China.

In case you missed it….

ICANN officially announced that it will block domain tasting domain tasting.  In fact, 95% of all .com and .net names deleted — 45,450,897 in total — were accounted for by a mere 10 domain tasters, according to ICANN. The announcement has prompted Google to make its own move to discourage "domain kiting," the more abusive of the two practices in which a registrars drop tasted names after the 5-day grace period and then immediately re-register them.  In an announcement last week, Google said that as of Feb. 11, it plans to begin blocking Adsense and will launch a new domain kiting detection system.

Bandwidth providers said they expected India’s Internet service to be back to about 80 percent of its usual speed by the end of Friday, a day after Internet service across a swath of Asia and the Middle East was disrupted, as reported by the Associated Press.

New York’s AG and state legislative leaders presented a bill on Tuesday aimed at protecting people from sexual predators on the Internet, as Facebook, MySpace and Yahoo backed the effort.  The bill, called the Electronic Security and Targeting of Online Predators Act (e-STOP), would require convicted sex offenders to register their e-mail addresses, instant message screen names and any other online identifiers with the New York State Division of Criminal Justice Services.

This week the Administration announced it would spend $30 billion over the next seven years to secure our computer networks.  While there has been much praise among the media on this investment, according to Information Week, the details of the plan should be disclosed to determine how well the money is being spent.

MySpace has won the right to have the domain name despite another firm having registered it six years before the social networking website launched.

The latest information on phishing indicates that fraudsters are increasingly using malicious software to direct users to their deceptive sites.  According to a new report, there was a sharp rise in malware that directs users to DNS servers controlled by phishers.

Cyber crime costing big bucks

According to a new survey by Consumer Reports, American consumers lost more than $7 billion over the last two years to viruses, spyware and phishing schemes. The magazine’s “State of the Net” survey also projects that as many as a million consumers were victims of those billions of dollars in online scams.

PC World has an interesting story about the hot market for viruses, stolen data, cyber attack services, and a growing variety of tools to create malware. The most popular
underground forums even offer their own product testing reports that make clear whether an attack program can do what its seller claims, as well as buyer ratings similar to those available at online auction sites.

The British House of Lords
Science and Technology Committee has issued a report urging government action to protect individual Internet users against online crime. The Committee calls cyber crime a threat to the future of the internet itself and warns against a "wild west culture where the end use alone is responsible for ensuring they are protected from criminal attacks online."

Is cybercrime getting too easy?

According to a story in the Register, cybercriminals have created a "plug and play" phishing kit that dramatically increases the speed with which servers can be attacked. The toolkit – contained in a single file – makes it possible for even technically illiterate would be fraudsters to create phishing sites on a compromised server in the blink of an eye (or two seconds, to be more exact).

A new report from Jupiter Research shows that 11 percent of all online shopping is now done by Hispanics, a percentage that’s only expected to grow. The report predicts Hispanic shoppers will spend almost $13 billion on e-commerce purchases this year. By 2011 that’s expected to grow to more than $22 billion, or 13 percent of the total. The study also shows Hispanic consumers are more likely to do research online before going to a physical store to make a purchase.

According to the latest State of Spam report from Symantec, image spam continues to subside, averaging 14.5% of all spam e-mails in June, down from 27 percent in April and 37 percent in March. At its peak in January image spam accounted for more than half of all spam. But the bad news is that there has been a steady increase in new spam techniques that reference spam images in different ways.

Internet regulation at the price of e-commerce?

The state of Illinois has just ordered Global PayDay Loan, a company that offers loans over the Internet to potential borrowers in all states, to stop issuing loans to state residents. In an opinion piece on CNET News, the broader issue of internet regulation is at the center of Illinois’ decision.

Speculation continues that Russia may have had some part of the denial of service attack on Estonia.

In compliance with a May 21 order from Texas Attorney General, MySpace agreed to turn over the first and last names, email and IP addresses and profile information of users who are registered sex offenders to the AG who will use the information to catch predators who may be breaching terms of parole or probation.

The FBI’s investigation into a data breach that compromised sensitive information on 300,000 people in Illinois this past January is pointing to an outside hacker.   A hacker broke into the computer network at the Illinois Department of Financial and Professional Regulation and accessed a server that held information on about 1.2 million people.

According to a UK report, small and medium-sized enterprises in the UK are being targeted for spam spikes– aggressive attacks – even though overall levels of spam have decreased.

ICANN Round One: Playing Scope-a-dope with Whois

It’s day 1 of the ICANN meeting here in Sao Paulo, Brazil. The final round for today was a spirited discussion of what ICANN should do to fix its Whois service, which is either not enough or too much, depending on who’s talking.

Parents need Whois to investigate who’s behind sites their kids are visiting.   Trademark owners need Whois to track down squatters and posers. E-commerce companies need Whois to stop spam, phishing, and pharming.  Law enforcement uses Whois to go after child porn and criminal elements. 

On the other end of the spectrum are privacy advocates, who don’t want any personal information in Whois—no matter who’s asking!   

And in between are the registrars, who are scheming for ways to profit from Whois, by charging for privacy and collecting fees for access to the information they collect.

ICANN experts debated alternate plans to fix Whois, which everyone agrees is inaccurate and incomplete. At one point in the debate, I had to stand up and ask: how will any of these plans fix the fatal flaw of “gargage in – garbage out?”  That is, how can ICANN stop registars from stuffing Whoios with bogus information through proxy registrations?  After all, the registrar GoDaddy just got a patent for a proxy registration method that hides true identities of domain name owners.

ICANN’s panel of experts gave a typical expert reply – my question was about policy enforcement, which is “out of scope” of the limited focus of their proposals. To which I threw the BS flag, and suggested that they had better expand their focus if they’re even half-serious about improving the integrity of e-commerce and the Internet experience.

Relax. The United Nations is here to help

Relax. The United Nations is here to save the Internet I’m in Athens (Greece) for the first meeting of the Internet Governance Forum (IGF), a United Nations initiative to increase international oversight and capacity for governing the Internet. Makes you wonder how the private sector managed to invest a trillion dollars to serve a billion people on the Internet thus far, without the benefit of UN “governance”. But something as big as the Internet just begs to be governed, so here we are.

To be sure, the IGF crowd is gathered here to talk about some very worthy goals for the Internet: openness, security, diversity, and access—all focused on the needs of developing nations. But whenever the UN convenes a meeting about the Internet, thoughts turn to taking over the role of ICANN (Internet Corporation for Assigned Names and Numbers), even though ICANN has only a limited technical role in managing the domain name system.

That’s why I’ve come to Athens—to provide a kind of firewall to shield ICANN from having its job usurped or expanded by the UN, governments, and civil society advocates. So far, the ICANN firewall is holding up under an expected and relatively mild assault.

Yesterday, Iran’s Dr. Riazi insisted that IGF focus on stripping root server oversight away from the U.S. government. Although the moderator called this issue “the elephant in the room,” none of the panelists has yet to suggest that root server oversight is a concern or that it plays any role in achieving the goals of the IGF.

Yin Chen of China’s Ministry of Information Industry warned that his nation would not allow the Internet to threaten national security or influence the psychological development of China’s youth. Kids in China can’t be too happy about that, and I shudder to think of China and Iran marshalling their allies to enlist ICANN in blocking offending websites.

Today, The Diplo Foundation questioned whether market forces can be trusted to preserve free flow of information on the internet. Those same market forces helped create an explosion of freedom and diversity in information and communications on the Internet, and the private sector continues to be the driving force at ICANN.

Privacy advocates took some shots at ICANN for its Whois service, a tool used in consumer protection investigations and to help trademark owners find cybersquatters. While some want to limit use of Whois data, a wise man from Japan’s IT industry said ICANN should enhance Whois to help track-down sources of spam and security threats.

Tomorrow’s forums will focus on improving access and diversity. Expect ICANN to be called on the carpet for failing to implement multilingual characters in top level domains, a responsibility that rightly belongs with ICANN. And we’re likely to hear calls for getting ICANN into the access business—perhaps a domain name tax to fund infrastructure in developing nations? Stay tuned.