PC Forum with Veni and Stratton and Esther...
The subject for this morning's session is "Security and Citizens: Peer-to-Peer Security" and the panelists are
Stratton Sclavos,
Veni Markovski, and
Stewart Baker, moderated by Esther Dyson (
pictured here). It's hard for me not to think of it as an ICANN panel....
Here are my notes, in real-time:Stewart Baker: Post-Katrina, government thinking of ways to distribute and decentralize its response to events. Why can't we use mobile devices, like cell phones, to send text messages and ringing alerts to people in danger? For example, send a warning to people on a beach that a tsunami or storm is coming. (Me: how do you enable the beneficial uses of this technology without also enabling the government's ability to track us and spy on us?)
Veni Markovski: Talks about government evolution in Eastern Europe. Optimistic that evolution will continue.
Stratton Sclavos: Verisign's biggest worry: in the race against those who would work mischief on the network, can Verisign stay ahead? Verisign is a big target -- often a first target for persons experimenting with attacks. Attacks coming from Eastern Europe and Asia. Also governments are pushing on the Verisign network for data sifting and other purposes.
Veni: Government can work with and cooperate with business. For example, in Bulgaria, can take down a spoofing site in Bulgaria within 2 hours of notice.
Stratton: Loves the "trusted computing" model, but if we don't build software on the network that uses it, it's useless. Also need to educate users about how to be secure and responsible.
Esther: Talks about domain names. Very easy to get a domain name. People in the industry can compete only on price. Sleazy marketing practices. (Stratton agrees.) Very easy to get a domain name and immediately send out spam, phishing messages, etc. Is there a way to correct this?
Stratton: Yes, read the new regstrations and find patterns. But there are policy limitations, imposed both by ICANN and governments, on registry's ability to police. Also, Verisign will brief the ICANN Board in Wellington on the security challenges that Verisign faces.
Stratton: Also face challenges by the traffic monetization crowd. 7,000,000 registrations a week, but only .6% last for more than 5 days. How do you tell the domain names registered for fraudulent purposes from those registered for traffic aggregation?
Elliot Noss (from the audience): Question for Stratton: one solution is to use the telcos to control the bad things. But, for the telcos, it moves security from a service upsell to a cost center. On 7,000,000 registrations per week problem, Tucows has been looking to change the five-day window policy or have Verisign charge for it. Stratton: we're always happy to charge for something.
Stratton: Most of what we've done with ICANN over the last seven years is create competition and address trademark problems. Now need to move on to stability and security.
Esther: Two things we're saying about ICANN. First, U.S. control, such as it is, cannot really tell ICANN what to do; the moment the U.S. throws its weight around too much, it will get pounced on by the UN and other governments. The saving grace is that ICANN is widely viewed as illegitimate, so therefore it can't do too much. Second thing about ICANN, if it does indeed do its job now and put in place some sensible policies that people want, no one is going to worry that ICANN is illegitimate.
Question from audience: Why are registrars and registries selling flying lessons to terrorists? In other words, why are we allowing people to register citibanksecurity0001.com?
Stratton: Has reviewed new registrations in relation to this issue and, typically, a phishing domain name has no relationship to site that someone is spoofing.
Here's a video snippet from tonight's welcoming ceremony by the host country. It's big....about 20 megabytes....and only a minute in length. It's the video capture from my digital still camera. Worth watching though. 
