Byron Holland
Byron Holland is President and Chief Executive Officer of the Canadian Internet Registration Authority (CIRA). View bio
Archive for 2010
3
Mar
DNS Redirection
When you type an address into a web browser, many things happen ‘behind the scenes’. Most of the time you get the website you were looking for. But what happens if you make a mistake typing in the address, or the address you are looking for doesn’t exist? Ideally (at least from a technical point of view), you get this:
Sometimes, however, you don’t. Instead, when there is no exact match for the query name and/or the query type, DNS synthesis, or re-direction, may take place. In short, if your request can’t be resolved, your request gets redirected to another webpage by someone in the middle – often your Internet Service Provider (ISP) or the Top Level Domain (TLD). This is a hotly contested issue in some circles, and it’s making a lot of people quite upset.
Some organizations try to legitimize this activity by citing the need to redirect traffic away from websites that exist for the sole purpose of illegal activity, such as child pornography or sites that are known to be pushing out malware. I’m not so sure this argument is accurate. DNS redirection does not remove harmful or illegal content from websites; it just makes it more difficult to access using a particular network. In all likelihood, law enforcement organizations would contact the hosting provider (or authority) for a domain used for illegal activity to have it shut down or redirected. They would not likely resort to asking potentially thousands of ISPs around the world to individually take steps to block or otherwise redirect the ill-intentioned sites.
There are many reasonable and more effective methods for filtering such content, including web browser plug-ins, anti-virus software, child protection software, proxy servers, and firewalls that do not require breaking the fundamental protocols on which the Internet relies. Further, these continue to enable personal choice.
There is another reason, however, that ISPs engage in DNS synthesis: it can be quite profitable. ISPs are increasingly redirecting requests to pages that they have created themselves, and serve to market their products and services. Ads can be sold on these pages, and the ISP can control the traffic that goes to the website.
I take issue with ISPs engaging in this practice for several reasons. The following are just a few examples of the problems that can be encountered with DNS redirection:
- There are many undesirable problems that may result from interfering with the way DNS protocol was intended to work, including difficulty troubleshooting, spam filters not working, embedded tools being confused, and more.
- The user may or may not end up connecting to the page he or she was attempting to visit. As a user, if your intent is to visit www.widgetxyz.ca, should your ISP be able decide what you meant to put into your web browser? As well, this may mean existing domains and their owners may lose out on traffic because of the interference of the ISP.
- ISPs charge you for bandwidth – when you type in an address correctly, you are using bandwidth to go to a page that you intended to go to. If you type it in incorrectly, you should expect to not use bandwidth. However, if an ISP redirects you request to a page of their choosing, you’re using bandwidth to get to a page you didn’t choose to go to.
CIRA was recently given the opportunity to comment on proposed “best practices” for the use of DNS redirection by ISPs by the Internet Engineering Task Force, or IETF. I’ve submitted my comments and will continue to keep an eye on any further developments and future opportunities to comment.
ISPs are not the only ones in on this action however. This is also a concern at the Registry level (the business that CIRA is in). The Security and Stability Advisory Committee (SSAC – including many of the “high priests” of the DNS) of ICANN has reported over the past few years that redirection and synthesizing of DNS responses by TLDs (or “wildcarding”) poses a clear and significant danger to the security and stability of the domain name system. They have advised ICANN to prohibit the use of redirection and synthesized responses by new TLDs, including gTLDs and ccTLDs, stating that:
“The redirection and synthesizing of DNS responses by TLDs poses a clear and significant danger to the security and stability of the domain name system. The consequences of synthesized DNS responses range from erosion of trust relationships to the creation of new opportunities for malicious attacks, without the ability of the affected party(ies) to mitigate these problems.”
In June 2009, the ICANN Board of Directors called on the Country Code Names Supporting Organisation (ccNSO) to provide the TLD community with a report that summarises the issues associated with wildcarding. The ccNSO established an Ad-hoc Wildcard Study Working Group to study the issue and prepare this report.
Incidentally, CIRA is a member of this Working Group, so, we’ll have an opportunity to stay on top of this issue (definitely a topic for a future blog post).
What do you think about ISPs synthesizing DNS responses?
23
Feb
Show us your .CA contest
Today, CIRA launched the ShowUsYour.CA contest, and it’s not like anything we’ve done before. We’re inviting all .CA website holders to make a short video about why their .CA website is the best.
There are more than 1.3 million .CA domains out there, and each one of them has a story. In my opinion, there’s no better way to celebrate those stories than to have the website owners tell them through video.
We have some great prizes – in addition to the potential everlasting fame! The grand prize winner will receive a 15 inch MacBook Pro and be featured in a future .CA marketing campaign. The first runner up will receive a 64GB iPod Touch and the second runner up will walk away with a Flip UltraHD video camera.
In our last contest, we asked .CA holders to submit written testimonials about why they chose .CA. It generated more than 4,000 entries, and the winners have featured prominently on our our website and in our advertising. We heard the most fascinating stories, like Mike Hambly a visually impaired Canadian who has used his .CA website brailleit.ca to run a small business; or Anne Marie Thornton whose .CA website carpool.ca has helped tens of thousands of Canadians organize thousands of energy-saving carpools.
Follow the contest on Twitter, become a fan on Facebook and view the entries on our YouTube channel. The contest details, including the rules and regulations are available here.
More importantly, I encourage you to make a video and submit it. Tell your story and have fun doing it – you just might win! You better hurry, though; the deadline for submitting videos is March 15. Voting begins March 19 and is open to everyone.
11
Feb
Internet Exchanges
Recently, CIRA became a member of the Ottawa Internet Exchange, or OTTIX. Fundamentally, OTTIX is a network bridge between Ottawa-based organizations, including Internet Service Providers (ISPs), universities, large corporations, and government. This network bridge results in local network traffic taking shorter, faster paths between member networks, alleviating congestion on major Internet backbones.
What does this mean for CIRA’s stakeholders?
When it comes to reaching most Canadians, we now have a more direct route on the Internet from our servers to theirs. This could mean the difference between data crossing 10 circuits and 10 devices to crossing just two or three. If your ISP is connected to the OTTIX network, your emails to other members of the network, such as CIRA, will be faster, and members’ websites will load faster – albeit by fractions of a second – on your computer.
The true benefit, however, is that participating networks have more reliability by way of an additional route to the .CA infrastructure. This means that even if huge swaths of the Internet experience a disruption in service, the OTTIX network would experience no disruption whatsoever. And, if there’s a disruption in the OTTIX network, we now have the public Internet as our backup method.
Internet exchanges exist all over the world, and have proven to be integral to a nation’s Internet infrastructure. At a CIRA-hosted cyber-security event in 2008, Bill Woodcock of Packet Clearing House spoke about his participation in the mitigation of the two-week long cyber-attack on Estonia in 2007 by Russia. Woodcock talked about how Internet Exchanges played a critical role in limiting the impact on Estonians’ ability to communicate with each other – while the attacks slowed Estonians’ communication with the outside world, there was little impact on domestic traffic.
We have maintained a similar setup with Canada’s largest exchange, the Toronto Internet Exchange (TORIX), for years. With our new relationship with OTTIX, CIRA is now linked with two of the very few Internet exchanges in Canada – the total number is hard to come by, but most estimates peg the figure at three to five. Other nations around the globe have up to dozens of Internet exchanges. What does this mean for Canada? Simply put, a significant amount of Canadian Internet traffic flows south of the border to the U.S. before reaching its destination in Canada. More exchange points in Canada would ensure that Canadian traffic stays in Canada more of the time, ensuring a safer and more robust network for all Canadians.
The European Internet Exchange have put together a great video that explains Internet exchanges.
How do you feel about Canadian Internet traffic having to flow to the United States?
5
Feb
Internet Service Provider: Gatekeeper to the Internet?
Last week I blogged about the three strikes approach that some countries are looking at and that may be a part of the Anti-Counterfeiting and Trade Agreement (ACTA). While that post focused on some of the potential issues around taking such an approach in the context of the ACTA, it also brings to light a trend I think we’re starting to see – the Internet Service Provider (ISP) as gatekeeper to the Internet.
In last week’s post, I talked about the trend of suspected illegal file-sharers being met with a graduated response from their ISP, possibly leading to the ISP suspending their access to the Internet for a period of time. This is a very controversial approach for many reasons, not the least of which is that it can place the ISP in position of being in a dispute with customer.
This issue isn’t confined to the ACTA. The Australian federal government has recently given ISPs the authority to boot people off the Internet if their computers are suspected of being infected with malicious software that sends spam or attacks other computers.
Let me be perfectly clear: I believe that illegal activity on the Internet must be stopped, be it illegal downloading of music or movies, unlicensed online pharmaceutical trade, or child pornography. I also believe that steps need to be taken to control spam (a topic I will blog about soon) and malware. However, I do not think it is in the best interests of Canadians to have ISPs making the decisions about who gets access to the Internet, and who doesn’t. I’m also sure there are many ISPs who are less than enthusiastic about being placed in a position of conflict with their customers.
What do you think? Should ISPs have the authority to boot people off the Internet?
29
Jan
Three Strikes…unintended consequences for Canadians?
This week, representatives from various nations will gather in Guadalajara, Mexico to discuss the Anti-Counterfeiting Trade Agreement, or ACTA.
ACTA is an agreement being negotiated by several countries, including Australia, Canada, the European Union, Japan, Mexico, Morocco, New Zealand, United Arab Emirates, and the United States. The main objective of ACTA is to put “in place international standards for enforcing intellectual property rights in order to fight more efficiently the growing problems of counterfeiting and piracy.”
One of the intents of the agreement is to stop illegal file sharing on the Internet.
There are, of course, convincing arguments to be made for addressing illegal file sharing. The Canadian Record Industry Association (CRIA) – the organization that represents the interests of the Canadian sound recording industry – claims file sharing in Canada costs the industry $100 million annually, and the RCMP has stated that they are powerless to stop it. The recording industry internationally has noted important drops in income, jobs, and new artists signed, and has attributed this to illegal file sharing.
Some aspects of ACTA, including lack of transparency and secrecy surrounding its negotiation, have raised the ire of many people. A contentious item expected to be on the table is the so-called “three strikes” approach to piracy.
There are many flavours of the three strikes scheme, but the concept is that suspected illegal file-sharers would be met with graduated responses from their Internet Service Provider (ISP). They would first be sent a warning email, then a letter if they continue. The final strike would result in an appearance before a judge or tribunal. The judge or tribunal could impose a fine, or suspend their access to the Internet for a period of time.
The idea of a three strikes law is gaining traction in many countries. France has recently adopted the loi Création et Internet which imposes such a three-strikes regime. Britain’s government is considering the Digital Economy Bill which may include similar provisions. New Zealand has been considering such a regime since 2008.
It’s not the only route to follow, however. Other countries, such as Spain, have opted to not go down the disconnection path, but rather attempt to penalise websites that permit illegal file sharing. Germany, home to the world’s most popular ccTLD (.DE), has decided not to go down the three strikes road, reasoning that the approach would be at odds with the country’s privacy laws.
What are some of the implications of taking such an approach?
Imagine that your 14-year-old son downloads music illegally. Your entire household could potentially be kicked off the Internet for an extended period of time. This means no access to banking online, no access to government services, no email, no access to work for many. As we move more and more to a digital-based economy, what are the consequences of penalising possibly thousands of average people by denying them access to the Internet?
I think we also need to consider the effect such a prescriptive, top down approach to regulate the Internet would have. The Internet is, by its very nature, generative, creative and organic. To start imposing measures such as this could challenge the very ‘spirit’ with which it was created. It’s also this creative and organic nature that would present one of the biggest challenges to such a law: put up a barrier on the Internet such as monitoring traffic for illegal downloads, and there’ll be legions of people looking for – and finding – ways around it.
Finally, the costs of monitoring for illegal activity and enforcing these rules will no doubt add costs for ISPs, which in turn will be passed on to the consumer. We need to be careful about doing anything that may have the unintended consequence of raising the price for Internet access in a country that already has some of the most expensive access in the world.
CIRA’s vision for Canadians is to have minimal barriers to get online, where they have the opportunity to participate in an Internet that is a generative, creative and organic environment for the benefit of all. Let’s make sure we don’t do anything that ends up having unintended negative consequences.
With regard to the Anti-Counterfeiting Trade Agreement, what do you think Canada needs to consider?
22
Jan
.CA Registry Rewrite
We’re making some pretty significant changes here at CIRA. In fact, we’re rewriting our registry system which will make the registration process easier for Canadians and ensure a reliable, robust and secure registry for many years.
I’m going to be blogging about the rewrite in the future, and we’re going to be sending out more information soon. In the meantime, Computer World Canada published an article on CIRA’s .CA registry rewrite the other day.
15
Jan
CIRA and Social Media
At CIRA, we’ve recently taken some pretty significant steps into the social media world. It started with this blog. Now we’ve got a presence on SlideShare, YouTube, Faceboook, Twitter (including my account and CIRANews), and LinkedIn.
We’re also looking at ways to make our website more interactive and we’re working on a policy to help guide the CIRA team in how they engage in social media as a representative of the organization.
Throughout the process of developing our social media activities, I’ve learned a few things that I’d like to share with you:
1. If you’re reading this blog you’re likely web-savvy and wired in. CIRA is, at its core, a technology-centred organization – the fact is, we exist because the Internet exists. You’d think social media would be a pretty easy fit for us. However, it’s really pushing some of us out of our comfort zone – which is ultimately a good thing.
Regardless, it has become clear to me that adding social media to our communications toolbox involves a lot more than just signing up for a bunch of free services. It involves a shift in the way we approach marketing and communications, customer service and – to some degree – it is changing our corporate culture. Personally, I find some of the debates on issues like privacy and the separation of the personal versus professional self fascinating.
2. Social media is not about technology. It’s about relationships and it’s about having conversations. That’s why comments are enabled on this blog, and that’s why you’ll find me on Twitter.
Humans are social beings. In some ways, I see the rise in social media as a return to the way business used to be done. People generally don’t want to deal with a large, nameless company. There was a time (and, relatively speaking, not that long ago), when you likely knew most of the people you did business with. You knew the town baker, your mechanic, the grocery store owner, and so on. Somewhere along the way, we lost that to big name, faceless organizations.
I think social media is giving us the opportunity to get a little bit of that back. GM runs a great blog penned by their leadership. We can follow any number of people representing organizations on Twitter, or become a part of a group on Facebook and discuss common interests on the group’s wall. In some way, I think social media allows us the opportunity to get to know the people behind the organization.
3. Many of the tools are free, but you need to make investments to be able to use them. We’ve got Twitter accounts and Facebook groups, and we even subscribe to a service that monitors social media for us – all free or pretty low cost. However, it takes time to set up and use these tools, to engage with people and to monitor for the topics we need to know about. We’ve hired a Communications Manager to help us navigate this world and we’ve invested in some technology and services to help us engage better. It costs time and a bit of money, but I believe that if you want to really connect with people, you need to make those investments.
I invite you to join in the conversation on our networks, comment on this blog or listen to what we have to say.
8
Jan
CIRA’s Nomination Committee
CIRA is the organization that manages the dot-ca domain space on behalf of all Canadians.
It’s a big job, and it’s our Board of Directors who set the policies and strategies that steer our work. For that reason, we need to ensure the Board membership provides the diverse set of skills and professional expertise that the organization requires. Additionally, it is important that we adequately reflect the geographical, gender, linguistic, and cultural make-up of Canada.
One of the mechanisms we use to ensure that diversity is through our Nomination Committee. This committee carries out a critical role in determining a diverse roster of qualified candidates for CIRA’s Board of Directors elections. It’s also a great opportunity for Canadians to get involved in helping set the direction of the Internet in Canada. We’re currently accepting applications to serve on the 2010 Nomination Committee, and will be doing so until 6:00 p.m. Eastern Time on January 22, 2010.
I invite you to apply to be a member of CIRA’s Nomination Committee. For more information, please visit the Nomination Committee web page.
4
Jan
Happy New Year
In my last posting I highlighted some of the issues I think will be hot for 2010. A friend and colleague, Mathieu Weill, reminded me of a good one that I did not cover: “It is the Internet, so expect the unexpected!” I probably should have made that my number one choice.
In the spirit of being ready for the New Year, there are a few things we should all be doing to keep our social media and technology houses in order and I think this article does a pretty good job in reminding us all of some of the things we should be doing personally – particularly number eight. Enjoy.