BPN 1029 Dutch distributed numeric domains, but how

Last week the Dutch responsible institution for the distribution of domains SIDN finally started with numeric domains. In two days there were 500.000 requests. The landrush led however to a serious discussion among hosting companies, as a small number of companies took thousands of domains by barricading the access ports. Despite the protests the SIDN management considered the procedure fair. But politicians want to strike the results and demand an inquiry.

Before the landrush a number of domains had been set aside, as they are for general use such as the alarm number 112.nl and the public transport information service 9292.nl. But as soon as the landrush was open a few ISPs kept the access ports occupied for 20 minutes with technical tricks. In fact they actions bore similarity to ddos attacks. The distribution was on a first come, first serve basis.

SIDN said in a press release that for every possible domain there were 13 requests. When the landrush started 10.000 connections with the SIDN mail servers were attempted. In the first 10 minutes 10.000 requests were handled; on the first day by 16 p.m. 121.000 requests had been processed. In total 14.500 domains have been given out. The mail servers could only handle 200 simulaneous requests and one connection per IP-address. SIDN thinks that it handled the procedure fairly and that everyone had a fair chance.

However, one ISP gave an insight in how it picked up no less than 2.579 domains. MijnAlbum.nl, an ISP with a site for photographs, was after numeric number in the 2100 years series and the Telephone area codes. The numbers in the 2100 series were for births and marriages; the area codes in order to couple public albums with MijnAlbum.nl. In order to be sure to pick up these domains, the ISP designed a project with a budget of 35.000 euro and a preparation time of 2 months.

The chairman of the ISP association, ISPconnect had lodged a protest against this method. MijnAlbum and Funbit, both not members of the ISP association, have used excessive technical power to keep the e-mail servers blocked, so that other ISPs did not have a fair chance. No less than 63 members of the 250 ISP members have sent their experience to the association. This information is being processed and bundled for publication and possible legal procedures.

Also politicians have commented on the procedure and have asked to strike the allotted domains. One politician even went further and proposed to terminate the SIDN and transfer the domain activities to the telecom watchdog OPTA, which is also responsible for the allotment of telephone numbers. A system of attribution is preferred instead of a first come, first serve basis.

Blog Posting Number: 1029

Tags: domain, domain distribution

EC welcomes intervention by Dutch regulator OPTA

"I welcome the determined move by the Dutch regulator OPTA", said EU Telecoms and Media Commissioner Viviane Reding (see photograph) in reaction to the fast and effective intervention by the Dutch telecom watchdog. "Spyware, spam and malware are a real plague for Internet users. The decision of OPTA, which applies EU legislation vigorously, will therefore help considerably to make our European information society a safer, more trustworthy place for consumers and businesses. I call on the regulators of other countries to follow the positive example set by the Dutch regulator."

Yesterday, the Dutch Telecom Regulator OPTA imposed a fine totalling 1 million euro on three Dutch enterprises for illegally installing software - so called spyware and adware - on more than 22 million computers in the Netherlands and elsewhere.

The companies fined now by OPTA operated together under the name DollarRevenue, which was considered to be among the 10 largest spyware distributors in the world. They managed to install the software on personal computers via downloads from the Internet and by exploiting security loopholes in computer programmes. The illegally installed software allowed the companies to spy on the consumer's on line behaviour and triggered pop-up windows containing specific advertising material.

Unlawful access to a personal computer to stall information such as spyware and adware is prohibited under European law, namely article 5(3) of the EU's ePrivacy Directive of 2002. National regulators are called upon to enforce this prohibition by deterrent measures. Yesterday's decision by OPTA is the first time that a national regulator has resorted to drastic fines against a company acting in violation of the EU ban.

In 2004, the Commission has set up an informal network of the EU's national enforcement authorities (Contact Network of Spam enforcement Authorities, CNSA) to improve cooperation among national regulators and the Commission on fighting spam spyware and malware.

To strengthen the regulatory regime underpinning the Information Society, the Commission adopted on 13 November 2007 its proposals on the Telecom Reform, which include further provisions to reinforce security and privacy. Under the proposals national regulatory authorities will be given the power to issue binding instructions to companies on the security measures that are required to secure their electronic communication networks and services and to oversee proper implementation. Specifically in relation to spam, the proposals introduce the possibility for Internet Service Providers to take legal action against spammers.

Blog Posting Number: 958

Tags: spamware, adware, spyware

EUR 1 mln fine for distributing undesired software

(Having gone between lectures of academics of the Academic Network Conference and jury laudationd of EUROPRIX Top Talent Award 2008 nominees, I am back into the real world).

The Dutch telecom watchdog OPTA has imposed a fine totalling EUR 1 million on three Dutch companies and their two directors, because they installed software on more than 22 million computers belonging to Internet users in the Netherlands and elsewhere. By unlawfully installing this so-called adware and spyware these small enterprises distributed advertising material and obtained access to details of Internet users. This is the first time that OPTA has acted to impose company and personal fines on distributors of unsolicited and undesirable software.

The three companies operated together under the name, DollarRevenue. Using misleading files, amongst other things, Internet users were led to believe that they were about to download apparently innocent files, whereas they actually contained DollarRevenue software. They also used botnets, thereby installing files without user intervention. Each day on average 60,000 installations were infected. A total of more than 450 million program files were illegally placed on 22 million computers. These program files unleashed a flood of popup windows containing advertisements. Unsolicited search toolbars were also installed. They were nested in the toolbars of Windows XP and Microsoft Internet Explorer, where they displayed alternative search results. DollarRevenue was one of the largest distributors of unsolicited software in the world (see www.sunbelt-software.com, the website of a manufacture of anti-spyware software).

Hundreds of complaints appeared on the Internet about DollarRevenue software. They mentioned that people did not know how the software came to be on their computer nor how they should remove it. This is because the software did not include an uninstall function and could only be removed with expert assistance. DollarRevenue was amongst the top ten international distributors of spyware. Last summer OPTA imposed a conditional penalty on the two directors to ensure that these illegal activities were permanently halted.

The Dutch Universal Service and End Users Decree, is based on the Telecommunications Act and is designed to promote safe Internet usage and to protect the privacy of Internet users. The enterprises and their directors deliberately contravened provisions of this decree for a year and this produced large-scale material and immaterial damage. For this reason fines totalling EUR 1 million were imposed on both the enterprises and their directors. OPTA is of the opinion that these fines will have a sufficiently punitive and deterrent effect to deter these companies and anyone else from contravening the law (again). The persons can object against this decision, therefore the judge has not yet ruled on the penalty by OPTA.

DollarRevenue was a joint venture involving three Dutch enterprises and their directors. DollarRevenue was active from October 2005 until and including November 2006. The offenders earned a little over EUR 1 million through their illegal activities. The offenders had a network of intermediaries, also known as affiliates. The latter were other parties who distributed the software further using the above-mentioned methods on DollarRevenue’s instructions and in return for a fee. Based on tips and ex officio monitoring, regulatory officials within OPTA’s Internet Safety Team launched an investigation into DollarRevenue in 2006. Unannounced inspections were conducted in various locations in November 2006. As part of this process regulatory officials gained access to business administration records and computer systems. In addition, various people involved made statements. A report was drawn up based on the findings of these investigations. The relevant companies and their directors were able to present their case in response in both verbal and written form. One of the botnetherders, who was living in New Zealand, is recently arrested by the New Zealand police.

Fines totalling EUR 1 million have been imposed for these offences having regard to the gravity and duration of the offences, the culpability of the offenders and the gains they achieved through their offences. Two companies were jointly fined EUR 300,000. The responsible director was also fined with EUR 300,000.00. The other company was fined with EUR 200,000.00, as well as the director. The maximum fine which OPTA can impose for these types of offences on the basis of its policy rules on fines amounts to EUR 300,000.00.

For more information, read the pdf report.

Blog Posting Number: 955

Tag: spyware, adware

Aussies and Kiwis sampling Dutch broadband (4)

On March 13, 2007 the Australian and New Zealand trade delegation had a day full of lectures. One of the lectures was about the future All-IP network of KPN and the regulatory challenges for the telecom watchdog OPTA.

The Netherlands is on top the listings concerning broadband penetration in the homes. And at a reasonable price due to the competition. Cable networks cover 94 percent of the country, while the telephone network covers 99 percent. The telephone network infrastructure is run by the incumbent KPN telecom company. Some DSL operators have their own networks, but 50 to 70 percent of the DSL operators have to rent local loops. There are 5 million broadband connections in the Netherlands of which 60 percent are DSL connections, of which 10 percent is non KPN, and 40 percent cable connections. There are about 40+ local initiatives with Fibre to the Home (FttH). There are now half a million homes connected with FttH, mostly student houses.

The environment in The Netherlands has grown competitive. KPN lost 0,56 million access lines last year. Voice over broadband overtook the plain old telephone system. Digital television is already in 25 percent o the 6,9 households. Triple play offers are made by the telecom companies like KPN and Tele-2, by the cable companies and by private FttH operators. Unbundling (ULL) has been operative since 2000 based on the principles of access, prices, transparency, non-discrimination, accounting and separation.

So you might think that the Dutch have it all under control. But KPN surprised the telecom, cable and FttH market in 2005 by announcing a national All-IP network. This would entail that the layer of all exchanges, including the rented spaces and equipment of the DSL operators, would be taken out and the fibre network will be linked to 28.000 street cabinets. The bandwidth would be upgraded to 50Mbps and up to 100 Mbps for business. KPN would make an investment of 0,9 billion euro. But the exchanges/MDF locations would give KPN a return of 1 billion euro. The roll out will start in 2007 and the network needs to be finished by 2010. For KPN it means that it can phase out the present technology, which is at the end of its cycle, and start competing with the cable operators.

The challenge for the regulator is of course in the fact that KPN start to dominate the playing field and starts changing the business cases of the DSL and FttH operators. The New Generation Network (NGN) requires another regulatory environment than the good old legacy regulation. Of course the NGN might also move to a duopoly.

The NGN is now under study with the telecom watchdog OPTA. Basic principle is that KPN has the freedom to upgrade the network and terminate the exchanges and MDF model. Replacing the MDF model would be a sub loop unbundling (SLU). But KPN has not yet suggested any rules or prices. OPTA hopes that the draft decisions are available by the second quarter of 2007.

The question was put in by some delegates why KPN would put in an All-IP network. Was it just replacing technology at zero cost or was it to shake up the competition in the telecom and sector? Not a few delegates and visitors were inclined to guess that it was the competition argument.

Blog Posting Number: 695

Tags: New Generation Network, All-IP network, DSL, broadband, Fibre to the Home, cable