Slashdot Mirror

However in the fact sheet, we find the following:

(SNIP!)

WHOIS Data

All accredited registrars would be obligated to provide query-based access to registration data and would be barred from placing conditions upon any legal use of that data, except to prohibit use of the data to enable the transmission of mass unsolicited commercial solicitations via e-mail (spam) and to enable high-speed processes for applying for registrations.

(SNIP!)

So, it is perfectly legal to use WHOIS information for any use, except for registrations and SPAM. Take THAT, NSI!

However, this is immediatly followed by:

(SNIP!)

All accredited registrars also would be required to provide third-party bulk access to registration data (subject to the restrictions discussed above) for an annual fee that may not exceed $10,000. This obligation would remain in effect until it is replaced by a different policy adopted by ICANN or a finding by the Department of Commerce that no individual or entity is able to exercise market power with respect to data used for development of third-party value added products and services.

(SNIP!)

Spam(ers) suck(s)....

Well, if I'm reading the WHOIS DATA section from this document right, we're all due for much spam because the database can be sold in it's entirety. Nothing blocks us from gettng spam in the form of mail or telemarketers, and I'd expect email too (regaurdless of paragraph #1 below).

It's a good thing I didn't update the current address when my company moved!

------------------------------------

WHOIS Data

• All accredited registrars would be obligated to provide query-based access to registration data and would be barred from placing conditions upon any legal use of that data, except to prohibit use of the data to enable the transmission of mass unsolicited commercial solicitations via e-mail (spam) and to enable high-speed processes for applying for registrations.
• All accredited registrars also would be required to provide third-party bulk access to registration data (subject to the restrictions discussed above) for an annual fee that may not exceed $10,000. This obligation would remain in effect until it is replaced by a different policy adopted by ICANN or a finding by the Department of Commerce that no individual or entity is able to exercise market power with respect to data used for development of third-party value added products and services.

The first issue (unsolicited free emailaccounts accessible to all) isn't so much a security thing (after all, anyone can create an email pretending to be me from a free email service anyway) as it is a matter of trust.

NSI continues to show that it's not worthy of that trust. The data that was entrusted to them for technical and administrative purposes, is now a source of income for NSI, who are also denying others the right to do the same.

The terms of being registered with NSI, which at the time I registered my domains still had the monopoly, have been changing constantly.

If anyone can recommend a registry that will allow me to keep control of my data, please step forward. I want that control back.

NSI has shown that it's not worthy of our trust. NSI can't be and shouldn't be trusted. Not by the US Department of Commerce, not by ICANN, and not by Internet users in general.
--

The Bureau of Export Administration (BXA) has updated its encryption web site to include information on the new policy. In the question and answer page appears the following :

8. Is source code allowed to be exported under a license exception or does this policy only authorize the export of encryption object code?

Source code will continue to be reviewed under a case-by-case basis. This update will allow the global export of object code encryption software under a license exception.

This confirms the fears of many posing here that OSS crypto is NOT covered under the new policy.
They also had an item this morning that seemed to imply that they were still hoping for some sort of key escrow for law enforcement, but it has since been pulled.
It should be interesting to see how contined restrictions on the export of crypto source code are rationalized. The stated reason source (and object) code was treated differently from printed matter in the past was that such code represented an encryption "device". Clearly this continued restriction on source code export is designed to hobble freely available packages such as SSH, PGP and GnuPG. Why? So that export of crypto can be confined to business entities that can be pressured to play ball with the Government. Paranoid rant? I don't think so.

Howard Owen hbo@egbok.com Everything's Gonna Be OK Consulting

The Bureau of Export Administration (BXA) has updated its encryption web site to include information on the new policy. In the question and answer page appears the following :

8. Is source code allowed to be exported under a license exception or does this policy only authorize the export of encryption object code?

Source code will continue to be reviewed under a case-by-case basis. This update will allow the global export of object code encryption software under a license exception.

This confirms the fears of many posing here that OSS crypto is NOT covered under the new policy.
They also had an item this morning that seemed to imply that they were still hoping for some sort of key escrow for law enforcement, but it has since been pulled.
It should be interesting to see how contined restrictions on the export of crypto source code are rationalized. The stated reason source (and object) code was treated differently from printed matter in the past was that such code represented an encryption "device". Clearly this continued restriction on source code export is designed to hobble freely available packages such as SSH, PGP and GnuPG. Why? So that export of crypto can be confined to business entities that can be pressured to play ball with the Government. Paranoid rant? I don't think so.

Howard Owen hbo@egbok.com Everything's Gonna Be OK Consulting

I had the "pleasure" of attending a BXA (Bureau of Export Administration) conference on the subject of encryption export, though it has been a year or more ago, and the information presented may be a bit dated. The fun part was that there was a representative of the NSA at the conference.

Basically, the NSA wants to keep the "knowledge and capability to produce strong encryption technologies" out of the hands of other nations. Of course, according to the BXA, that "other nations" thing is actually broken down into several catagories of other nations. Canada, UK, Australia and such are better than Lybia, North Korea and the like. You can do different things with the different categories of countries.

What it boils down to is that, regardless of your physical location, transferring encryption knowledge or capability to another country is a Bad Thing, regardless of how it is done. Working in the US and doing stuff for another country is uncool in their eyes. For those of us with international WANs, we also must be careful what the other nations can see on our domestic networks - if they can get to any encryption software, that constitutes export. FYI - they also cover foreign nationals working in the US, and Joe Blow taking his laptop with PGP installed abroad.

If you want to know what you can and can't do, contact the BXA. They mentioned this several times in their presentation - they are there to help you understand the laws, and they claim to be very happy to help you with your questions (though I have never personally had the experience.) As rapidly as things change, if you're not involved heavily with encryption export, you are likely to not have the correct information. Even the folks at BXA are on their toes, but they know who to contact for the latest dirt (the NSA, I presume...)

Hope this helps some.

Race is part of the issue; the "digital divide" is not merely a question of economics. See http://www.ntia.doc. gov/ntiahome/fttn99/FTTN_I/Chart-I-14.html, a chart breaking down computer ownership based on both income and race. (The full NTIA report is at http://www.ntia.doc.gov/ntiah ome/fttn99/contents.html.) For every income bracket, black people have a lower rate of Internet access. There is something besides income at work.

Studies have consistently shown that different content draws large black audiences, vs. large non-black audiences, in other media. For example, last time I saw statistics on this, of the top 10 TV shows watched by blacks vs. watched by whites, there was an overlap of 1 or 2 shows. Different things were drawing people of different ethnicities to watch television.

As long as most Internet content is not created by black people, and the websites that get most of the press and scrutiny are created by white people, the things that would draw black people to the Net will be few and far between, or not known about. As a result, you'll have fewer blacks using the Net, regardless of income. And so you'll have fewer people building content that might appeal to blacks. And the cycle will perpetuate.

This is bad for a few reasons. One, because you'll end up with a certain number of black kids growing up not inspired to get on the Net, and not realizing their full potential - as geeks, as content providers, etc. (Yes, exceptional folks will overcome whatever barriers are placed in their way. But let's face it: most of the world - including the people who succeed in life - are mediocre.) You'll also end up with this supposedly global resource not truly being global, and non-blacks will remain unexposed to parts of African-American culture which could otherwise benefit them.

When thinking about this thread, do keep in mind: the original article didn't cry "racism" - it didn't say people are trying to keep black people down. It just said technology has different effects on different people, and some of those effects can be unintended and negative.

Race is part of the issue; the "digital divide" is not merely a question of economics. See http://www.ntia.doc. gov/ntiahome/fttn99/FTTN_I/Chart-I-14.html, a chart breaking down computer ownership based on both income and race. (The full NTIA report is at http://www.ntia.doc.gov/ntiah ome/fttn99/contents.html.) For every income bracket, black people have a lower rate of Internet access. There is something besides income at work.

Studies have consistently shown that different content draws large black audiences, vs. large non-black audiences, in other media. For example, last time I saw statistics on this, of the top 10 TV shows watched by blacks vs. watched by whites, there was an overlap of 1 or 2 shows. Different things were drawing people of different ethnicities to watch television.

As long as most Internet content is not created by black people, and the websites that get most of the press and scrutiny are created by white people, the things that would draw black people to the Net will be few and far between, or not known about. As a result, you'll have fewer blacks using the Net, regardless of income. And so you'll have fewer people building content that might appeal to blacks. And the cycle will perpetuate.

This is bad for a few reasons. One, because you'll end up with a certain number of black kids growing up not inspired to get on the Net, and not realizing their full potential - as geeks, as content providers, etc. (Yes, exceptional folks will overcome whatever barriers are placed in their way. But let's face it: most of the world - including the people who succeed in life - are mediocre.) You'll also end up with this supposedly global resource not truly being global, and non-blacks will remain unexposed to parts of African-American culture which could otherwise benefit them.

When thinking about this thread, do keep in mind: the original article didn't cry "racism" - it didn't say people are trying to keep black people down. It just said technology has different effects on different people, and some of those effects can be unintended and negative.

My first though was to reply to this with an "Amen". NSI is not, has never been, and will never be the "Internet Authority" (Patent Pending [or so they think]).

Aside from the other officially sanctioned registrars, I seem to recall reading about a volunteer organization (probably on /.) offering to provide DNS services without the value-added BS of NSI. Anyway, with more registrars being accredited, I'd say its time to put NSI behind us completely.

While considering the implications of all this, I was perusing www.iana.org and was delighted at the prominent notation:

Please note that this transitional site presents both initial steps and currently accepted practices that are subject to input by the international Internet community and approval by the Board of Directors.

If you go to their site, there is a forum for public comments. /.'em with honest, frank, unflaming input on why the agreement with NSI should be terminated.

Now, if you want to be horrified, go to www.internic.net to read about the coming changes in Domain registration. First, you'll notice that you're really at networksolutions.com. But wait! If you read really, really slow (just leave the window open), you will be automatically forwarded to the NSI front door.

Going deeper into the ICANN FAQ, I found Ammendment 11 to the Dept. of Commerce/NSI contract. An excerpt regarding existing NSI customers:

• Commencing upon the Phase 1 deployment of the Shared Registration System, and for a period of 18 months thereafter, NSI shall permit any customer with whom it has a contract pursuant to which NSI provides registration services that is either facially or effectively exclusive as to registration services, to terminate the registration provisions of such contract (following payment of all amounts due up through the time of such termination) and obtain registration services from other registrars; provided, however, that NSI may enter into agreements pursuant to which NSI's counterparty agrees not to utilize proprietary intellectual property or confidential proprietary information provided by NSI to the counterparty pursuant to their agreement.

If I'm reading that right, anyone registered with NSI can switch to another registrar, with a pro-rated refund of domain fees.

Back to the original topic: Putting NSI on the RBL would be a serious wake-up call that without the participation of each and every transport provider on the 'net, they are worthless (Ok, MORE worthless).

Commerce Department yanks ICANN's chain, backhands NSI

On 9 July the Commerce Department sent a 32-page letter [1] to the ICANN board and the House Commerce Committee, responding to committee chairman Tom Bliley's questions on ICANN's recent actions [2]. Here's the NY Times's coverage [3] of this letter (free registration and cookies required). Commerce Department officials said that ICANN should

hold all meetings in public,

drop a proposed $1-per-domain-name fee until a permanent ICANN board can vote on it, and

draw up binding contracts with domain-name services that would bar ICANN from going beyond their mission.

Commerce did not let NSI entirely off the hook, either. While chastising ICANN for a threat, issued in its Berlin meeting, to cancel NSI's authority to issue domain names, the Commerce letter states baldly that unless NSI signs ICANN's operating agreement, Commerce will in fact terminate that authority. NSI must stop at once claiming the .com, .net. and .org domain-name databases as their intellectual property, Commerce insists.

Congress has now scheduled the investigative hearing promised by Bliley. The Subcommittee on Oversight and Investigations will convene "Domain Name System Privatization: Is ICANN Out of Control?" on Thursday, July 22, 1999 at 11:00 a.m. in the Rayburn House Office Building, room 2322.

On 16 July Commerce again extended the deadline [4] for the end of the open domain registration test. The test had already been extended once [5] because of protracted wrangling among NSI, ICANN, and the test registrars. The new target date for wider participation in competitive registration is 6 August.

[1] http://www.ntia.doc.gov/n tiahome/domainname/blileyrsp.htm
[2] http://www.news.com/N ews/Item/Textonly/0,25,38200,00.html?pfv
[3] http://www.ny times.com/library/tech/99/07/biztech/articles/10ne t.html
[4] http://www.zdnet.co m/zdnn/filters/bursts/0,3422,2295115,00.html
[5] http://tbtf.com/archive/1999-07-08.html #s01

TBTF Is required reading for anyone with a clue.

Commerce Department yanks ICANN's chain, backhands NSI

On 9 July the Commerce Department sent a 32-page letter [1] to the ICANN board and the House Commerce Committee, responding to committee chairman Tom Bliley's questions on ICANN's recent actions [2]. Here's the NY Times's coverage [3] of this letter (free registration and cookies required). Commerce Department officials said that ICANN should

hold all meetings in public,

drop a proposed $1-per-domain-name fee until a permanent ICANN board can vote on it, and

draw up binding contracts with domain-name services that would bar ICANN from going beyond their mission.

Commerce did not let NSI entirely off the hook, either. While chastising ICANN for a threat, issued in its Berlin meeting, to cancel NSI's authority to issue domain names, the Commerce letter states baldly that unless NSI signs ICANN's operating agreement, Commerce will in fact terminate that authority. NSI must stop at once claiming the .com, .net. and .org domain-name databases as their intellectual property, Commerce insists.

Congress has now scheduled the investigative hearing promised by Bliley. The Subcommittee on Oversight and Investigations will convene "Domain Name System Privatization: Is ICANN Out of Control?" on Thursday, July 22, 1999 at 11:00 a.m. in the Rayburn House Office Building, room 2322.

On 16 July Commerce again extended the deadline [4] for the end of the open domain registration test. The test had already been extended once [5] because of protracted wrangling among NSI, ICANN, and the test registrars. The new target date for wider participation in competitive registration is 6 August.

[1] http://www.ntia.doc.gov/n tiahome/domainname/blileyrsp.htm
[2] http://www.news.com/N ews/Item/Textonly/0,25,38200,00.html?pfv
[3] http://www.ny times.com/library/tech/99/07/biztech/articles/10ne t.html
[4] http://www.zdnet.co m/zdnn/filters/bursts/0,3422,2295115,00.html
[5] http://tbtf.com/archive/1999-07-08.html #s01

TBTF Is required reading for anyone with a clue.

While it is true that there remain substantial differences in net access between rich and poor, dual- and single-parent households, based on education and some regional differences, when these things are statistically separated out there is extremely little variation based on race.

The cited Commerce Department report's section on acess and race doesn't offer any help. For example (part I section C, 2), only gives overall racial numbers, and numbers for households below $35K where the differences are greatest because of correlations between race, household status and education.

What's really shameful is where the report talks about "the expanding digital divide" (I C 3 a). The report chooses a completely meaningless metric which makes it look like inequality is increasing when in fact you're just seeing an artifact of the rise in overall net penetration with no increase in white/(black or hispanic) ratio whatsoever!! Click on the link to Chart I-15 to see what I mean.

Properly understood, the difference in access between whites and all minorities is so small- or even counter to what the hype tells us- that a black panalist at the recent Unity convention (five minority journalist organizations) said, "With normalized access rates for Asians and Latinos ahead of whites, and blacks catching up fast, we may soon need a commission of minority experts to help more white people get on line!"

The policy recommendation was obviously tongue-in-cheek, differences based on income, household status and education are significant and need to be addressed. But using this report to say that race needs to be addressed separately will result in wasted effort and bad policy. There are important societal reasons why black and latino families are on average poorer, less educated and more likely single parents- many of which are based on prejudice at various levels. So let's focus on these root causes of these problems and not waste our time on symptoms.
"...the firmament sheweth his handiwork" (Ps. 19:1)
Firmament Science and Engineering

• Home page for "Falling Through the Net", containing various links
• Table of contents for Web version
• PDF version of the report
• A couple charts that caught my eye:
  • Percent of US households using the Internet, by race/origin and income. White Americans earning less than $75K/year are about twice as likely to be using the Net as black Americans in the same income bracket. Why...?
  • Level of concern about Internet confidentiality among US households, by education. The more education, the more concern.

• Home page for "Falling Through the Net", containing various links
• Table of contents for Web version
• PDF version of the report
• A couple charts that caught my eye:
  • Percent of US households using the Internet, by race/origin and income. White Americans earning less than $75K/year are about twice as likely to be using the Net as black Americans in the same income bracket. Why...?
  • Level of concern about Internet confidentiality among US households, by education. The more education, the more concern.

• Home page for "Falling Through the Net", containing various links
• Table of contents for Web version
• PDF version of the report
• A couple charts that caught my eye:
  • Percent of US households using the Internet, by race/origin and income. White Americans earning less than $75K/year are about twice as likely to be using the Net as black Americans in the same income bracket. Why...?
  • Level of concern about Internet confidentiality among US households, by education. The more education, the more concern.

• Home page for "Falling Through the Net", containing various links
• Table of contents for Web version
• PDF version of the report
• A couple charts that caught my eye:
  • Percent of US households using the Internet, by race/origin and income. White Americans earning less than $75K/year are about twice as likely to be using the Net as black Americans in the same income bracket. Why...?
  • Level of concern about Internet confidentiality among US households, by education. The more education, the more concern.

• Home page for "Falling Through the Net", containing various links
• Table of contents for Web version
• PDF version of the report
• A couple charts that caught my eye:
  • Percent of US households using the Internet, by race/origin and income. White Americans earning less than $75K/year are about twice as likely to be using the Net as black Americans in the same income bracket. Why...?
  • Level of concern about Internet confidentiality among US households, by education. The more education, the more concern.

Netscape doesn't support PGP encryption. There's been a lot of discussion over at the mozilla crypto newsgroup on the hows and whys. Basically, AOL/Netscape's interpretation of the stupid US cryptography export regulations prevents them from even exposing their API for cryptographic processing. Some folks at NAI volunteered to help out, which elicited some favorable noises on the part of Mozilla, but no visible action. They may be working on it behind the scenes however.

I don't understand what people don't like about ICANN. People opposed either seem to 1) make unsubstantiated name-calling slurs, 2) have strong monetary reasons they don't like ICANN, or 3) want the United States to rule the Internet.

Several points to consider:

1. ICANN is a non-profit corporation with a strong policy against conflicts of interest. They're not in anyone's pocket.
   
2. Membership policy hasn't been finalized yet, but you will be able to participate. In fact, you're encouraged to now.
   
3. This is basically what Jon Postel proposed .
   

So what's people's problem?

--

1) Microwaves, as defined by the NTIA, range from about 100 MHz to 300 GHz ( US Frequency Allocation Chart). Most people think of microwaves as starting at 1 GHz, though (and hardly ever think of 300 GHz). Seriously, though, there's no hard limit in the continuum.

2) Microwave ovens operate at around 2.45 GHz, the resonance of water molecules.

3) The Wired article mentioned neither the carrier frequency nor the energy densities at which the tests were conducted. This kind of vagueness I find unforgivable, because it leads to the sort of vague discussions we're having here on /..

4) I could not find the particular study refered to in the Wired article posted on the WTR website, but I did find statements and information about RF radiation and tumor promotion. One in particular from April 30, 1997, refers to a study where rats developed lymphoma at a rate twice the control group. This study was conducted with pulsed RF at 900 MHz, at ``levels similar to those from wireless digital phones.''

5) The field strength just outside a 300 mW AMPS cellular phone (say, right next to your ear) is around 5 to 15 mW/cm^2, depending how close you wedge the phone to your head. But that's just my back-of-the-envelope calculation. See the FCC's OET Bulletin 65 and supplements for more on human RF exposure guidlines.

Anyway, there is a big difference between exposing a bird to an RF field and saying there's ``no effect'' dues to heating, and exposing a living thing to RF and asking if there's an increased chance of any kind of long or short-term health effect. As a wireless engineer, I personally have a vested interest in knowing the effects. I sure hope there are none, but what am I going to do if there are? Are the risks of health problems too great to ethically push wireless as a viable consumer technology? Can I still feel morally superior to engineers working on missles and bombs?

As a first step, I'll continue to hold off getting a cell phone. I'll also probably stay away from Bluetooth products as well, since they're right in the microwave oven band and because Bluetooth radios might be clipped onto various parts of my body (BodyLAN). What next? Stop working on 5 GHz WLAN because the components are ``too close'' to humans? What is ``too close''? If wireless is the next new thing, is it the next new thing to kill us, too?

A definitive answer is needed. The effects almost certainly vary with frequency (microwave ovens don't use 900 MHZ for a reason). Once the effects are known, then perhaps we can decide what acceptable risk is.

How long before the NSA fires back? I love to see an all out war between the NSA and a powerful(supposedly) elected body. How quickly do you think congress could pass a bill outdating the NSA's usefullness? How many house members would be found floating in a river?

Enough silly rant...This is the meat right here... (Sec. 3) Amends the Export Administration Act of 1979 to grant the Secretary of Commerce exclusive authority to control exports of all computer hardware, software, computing devices, customer premises equipment, communications network equipment, and technology for information security (including encryption), except that which is specifically designed or modified for military use.

Which is exactly what we need for usefull protection without stale laws. A human being in charge and acountable for regulation of encryption. Who not only has the power to regulate (upon a 50 day review period) but not to regulate at all.

This may be a rouse though, supposedly he is to compile data on impedements to law enforcment created by his policy. If the NSA could just buy him out...

To learn more about the Secretary of Commerce... Department of Commerce website

How long until we can get a human being in a federal postition directly responsible for regulating cameras, I can think of a few I'd like an explanation for.

I expecting the MIB in front of house any second now.

I submitted an article to slashdot the other day about an article over at internetnews.com about the domain change, and how many people were upset. It wasn't posted, but I still think it's pretty good. I also noticed today that there's another article concerning how ICANN and NTIA aren't happy with Network Solutions, and also whether or not Network Solutions is violating their agreement with ICANN.
NTIA and ICANN may also be good sources to voice opinions to concerning this sudden change Network Solutions has performed.

I submitted an article to slashdot the other day about an article over at internetnews.com about the domain change, and how many people were upset. It wasn't posted, but I still think it's pretty good. I also noticed today that there's another article concerning how ICANN and NTIA aren't happy with Network Solutions, and also whether or not Network Solutions is violating their agreement with ICANN.
NTIA and ICANN may also be good sources to voice opinions to concerning this sudden change Network Solutions has performed.