Do you remember what you were up to in 1987? It seems like a lifetime ago. I was in university, Brian Mulroney was Canada’s Prime Minister, and Fatal Attraction was the year’s top grossing movie. Depending on your musical taste, you were either listening to The Bangles’ Walk like an Egyptian or Guns and Roses’ Appetite for Destruction. In the tech world, 1987 marked the year Steve Wosniak left Apple and there were 10,000 hosts on the Internet. It was also the year .CA was created, making today, May 14, 2012, .CA’s 25th anniversary.
Twenty-five years ago John Postel, operator of the Internet Assigned Numbers Authority (IANA), delegated the .CA top-level domain to John Demco at the University of British Columbia (UBC). For the next 13 years, Demco and a group of volunteers ran the registry, until it was transferred to CIRA in 2000.
Milestone anniversaries like this are times to reflect on the accomplishments of .CA, and of those key visionaries, like John Demco, who saw the potential the Internet had to offer. It is also a good time to take stock of where we are. We are rapidly approaching two million .CA domains under registration. .CA is now the world’s 14th-largest domain registry, and has the fourth-highest growth rate over the past five years. In short, .CA is an integral part of the Canadian economic and social landscape.
We’ve got some big plans to celebrate this key milestone a little later this year, but if you’re really keen on reliving your youth, you might want to join us at the mesh conference in Toronto at the end of the month.
This week, the Internet security firm Websense released a report on cyber-crime in Canada. The bottom line is that malicious activity online is on the rise in Canada, but let’s make one thing clear: This report is referring to websites hosted in Canada, not to .CA per se. Canada may rank second for malicious behaviour for hosted sites, but it has nothing to do with .CA.
This is clearly a hosting issue. Canada, though in reality a relatively small player, is experiencing an increase in online criminal activity. And, though it is not a .CA problem, it is something CIRA takes very seriously. At CIRA, the safety and security of .CA is of utmost importance.
That said, I’m not surprised at the findings in the Websense report. As part of the Canadian Internet Forum, we surveyed Canadians on what they felt were the key Internet-related issues for Canada. Security was the top challenge identified by Canadians. As the Internet becomes more integral to the Canadian economic and social landscape, there will be more who would like to take advantage of that fact in a criminal manner.
Some of the statistics around cyber-crime in Canada are startling. According to a 2010 report from Norton, cyber-crime cost Canadians $5.5-billion in 2010. The Websense report found that Canada has experienced a 39 per cent increase in botnets, and a 239 per cent increase in malicious websites over the past year. And, Canada is now the number two country for hosting phishing sites, though again I must point out that this does not mean .CA. According to a report from the AntiPhishing Working Group (.PDF):
“Phishing is generally distributed by top-level domain market share, but 93% of the malicious domain registrations were in just four TLDs: .TK, .COM, .INFO, and .IN.”
Note that this list does not include .CA. In fact, in the same report, the AntiPhishing Working Group reported that there were no malicious .CA domains registered in the second half of 2011.
We all have a role to play in keeping the Internet safe and secure for everyone. At CIRA, security is job number one. That’s why .CA is consistently ranked as one of the safest top-level domains, and we are working at making .CA even more secure. Later this summer, we will be implementing Domain Name System Security Extensions (DNSSEC), an important set of extensions that provide an extra layer of security to the domain name system (DNS). Once implemented, DNSSEC will provide Canadian Internet users with a more secure Internet experience.
Furthermore, CIRA’s Canadian Presence Requirement (CPR), a rule that allows only people and organizations who have a presence in Canada to register a .CA domain, keeps .CA safer than many other top-level domains. Because of CPR, Registrants are required to provide proof of that presence, something a criminal is highly unlikely to do.
Online security is the responsibility of everybody who uses the Internet. The Websense report states that 82 per cent of malicious websites are hosted on compromised computers and servers. CIRA does its part through activities like watching for suspicious information when .CA are registered and enhancing security on the technical side. That said, it is critical that Internet users do their part. This includes making sure you have up-to-date anti-virus software installed on your computer, becoming an informed ‘online shopper’, making sure you have secure – read complicated – passwords, and only clicking on links that come from trusted sources. Here’s another useful tip: one Member of the CIRA team even updates her parent’s antivirus software when she visits them.
CIRA is working with the Media Awareness Network to develop a series of tip sheets to help Canadians stay safe online. To date, we’ve released two:
- The Cyber Security Consumer Tip Sheet: Safe Surfing (.PDF).
- Cyber Security Consumer Tip Sheet: Protecting yourself from Malware (.PDF).
These tip sheets provide plain language information to help Canadians stay safe online. If you know someone who could use this information, please share them. Above all, I urge you to work with us in our efforts to keep the Internet safe and secure. We also operate a DNSChanger Malware Checker to check your computer for a particular malicious code. You can check your computer here.
Stay safe online!
Yesterday, we closed a month-long outreach on proposed changes to CIRA’s governance process and structure. We are now in the process of reviewing the feedback we received. When we set out to renew CIRA’s governance structure and processes, we wanted to ensure our Members had the opportunity to ask questions and provide us with their ideas and opinions regarding the changes. To that end, I am happy to report that we received a fair amount of feedback.
In terms of next steps:
1. The CIRA Board will review the feedback and, if necessary, make updates to the proposed changes.
2. We anticipate that Members will receive the final proposed by-laws on or before August 18, 2012 to review.
3. Members would then have the opportunity to vote on the final proposed changes at our Annual General Meeting on September 18, 2012, in Ottawa.
I will be providing updates on the process on this blog as information becomes available.
I would take this opportunity to personally thank everyone who took the time to help us strengthen CIRA’s governance.
Last month, CIRA initiated a Member outreach regarding proposed changes to its governance structure and processes. The catalyst for acting at this time is modifications made by the federal government to legislation governing not-for-profits. CIRA isn’t the only organization changing its governance structures and processes; all federally incorporated not-for-profits have to do the same.
I have been a part of CIRA’s Board since near the organization’s beginning. Over the past 10 years, I have seen a lot of changes in both the organization and the environment in which it exists. CIRA has grown and matured. Now approaching two million .CAs registered, CIRA is one of the fastest growing registries in the world. We no longer talk about CIRA becoming a world-class registry; CIRA is a world-class registry.
This means that over the past decade the role of CIRA’s Board has changed. In the early days of the organization directors were, out of necessity, much more hands on. The initial elected board almost equalled the number of staff we had! Until the board was confident CIRA had sufficient capacity to effectively manage the .CA registry without that level of support from the Directors, we had to take a more active management role.
That role is now in the past and the industry has changed. CIRA is now a much more mature organization with a highly capable staff. CIRA needs to continue to evolve its governance to continue to build the organization. The Board feels that the time is right to propose changes to our governance policies and processes to do just that.
We are proposing a single slate of candidates for the Board election through a nomination committee, comprised of some key stakeholders from the Canadian Internet community. We have had a nomination committee for a long time now. One of the criticisms has been that it has not operated in a transparent manner. We are addressing that criticism through several changes which are documented in the proposal. The idea of a nomination committee isn’t a new one, nor is it uncommon in the Internet governance world. ARIN, ISOC and ICANN – all organizations at the heart of Internet governance – all utilize a nomination committee in the selection of their directors; and it is widely recognized as a best practice for not-for-profit governance.
Even though we are proposing to move to a single slate of candidates, the fact is .CA Members are still at the core of our governance. Members control our by-laws and are the only people who can vote for Directors. Members can also run for the Board (and, in fact are encouraged to!) by applying to do so through the nomination committee process. There are also mechanisms that allow individuals to make proposals that would allow a Member to be added to the ballot, provided there is a sufficient support of the membership (currently this is defined as five per cent, but an area we are hoping to gain feedback on).
As a world-class registry CIRA requires a strong Board of Directors. To do that we need the best people, and to get the best people, we need governance structures and processes that are in line with the maturity of the organization and of the industry as a whole. We are ensuring that our actions are transparent and that we are keeping our .CA Members fully informed and engaged. That’s why we’re looking to you to let us know what you think. We welcome any and all input from our Members on the proposed changes.CIRA is a member-based organization, with a mandate to manage .CA as a key resource for all Canadians, .CA users will have the final say on any changes that are implemented.
In short, we are proposing to simplify the process for electing Directors, to reduce the size of the Board and to add much greater transparency to the already existing Nomination Committee process. We hope this governance structure and process will guide CIRA through its next decade as a world-class domain name registry.
We have been working hard at engaging a wider range of stakeholders in our activities. Over the past two years we’ve increased engagement with .CA Members and have created a Policy Advisory Committee, comprised of both Directors and stakeholders from outside CIRA to provide expert advice in a variety of areas. We’ve also initiated some grassroots initiatives to facilitate dialogue on issues of Internet governance with average Canadians through events like the Canadian Internet Forum (CIF). The CIF has been highly successful, engaging Canadians from coast-to-coast-to-coast in a dialogue about Internet-related issues of interest to them.
The changes we are proposing are difficult. The Board has engaged in much effort and debate on governance reform over the last three years. We have made some difficult decisions in proposing these changes, and want to hear from you to see if we got them right. That’s why we are consulting with .CA Members. I urge you to step back and look at the changes as a whole, and I hope that you will see that this is major step toward improvement.
Whether or not you support the proposed changes, the most important thing is to tell us what you think. Get involved in the discussion – review the proposed changes and related materials here and let us know what you think by emailing us at firstname.lastname@example.org.
I thank you in advance for your feedback.