The Voice of the eCommerce Industry

Police detained the suspected New Zealand teenage ringleader of an international cyber crime network accused of infiltrating 1.3 million computers and skimming millions of dollars from victims' bank accounts using botnets, AP reports.

A cyber cold war is among top security threats facing countries around the globe over the next decade.  According to McAffee’s annual report, 120 countries are developing ways to use the Internet as a weapon of national security to target financial markets, government computer systems, and utilities, forcing governments to strengthen their cyber defense infrastructure.

No surprise that CBS News showed a 60 Minutes segment this past Sunday that alerted consumers about the risks of credit card fraud—just as the holiday shopping season began.  But there was a surprising message from correspondent Leslie Stahl, who opened “Hi-Tech Heist” with this wake-up call to consumers and storefront retailers:

“Do you think twice when tying in your credit card number online, but have no problem handing over your plastic card at a store?  Actually, you may have it backward. Your personal information may be more secure in cyberspace than at the mall down the road.   That’s because it’s easier for dot-coms to protect the data, and most stores in America underestimate how vulnerable they are.”

The program went on to document how identity thieves steal credit card data while sitting outside a retail store whose wireless network is using weak or obsolete encryption technology.   It was a wake-up call to bricks-and-mortar retailers to upgrade the security of their wireless systems, and acknowledged that e-commerce retailers are likely to have more secure communications technology in their customer service centers.

But online consumers shouldn’t let down their guard.  There’s still a gauntlet of security threats awaiting the online shopper on Cyber Monday-- and every day.   Criminals, increasingly operating in organized gangs, are sending clever emails designed to direct you to a fake website where you can be duped into revealing your credit card and account information.

One critical line of defense is to add a phishing alert tool to your web browser. Microsoft offers a filter that works with their latest Internet Explorer, and warns you if a participating bank or commerce website can’t be verified by VeriSign.

Email services are another line of defense, since they can stop phishing messages before they reach your inbox.  Yahoo’s email service recently started using domain keys to stop phishing emails purported to come from eBay and PayPal.  (see http://blog.wired.com/monkeybites/2007/10/yahoo-mail-adds.html )

You can take some solace that your favorite e-commerce sites aren’t broadcasting your credit card numbers on an unsecured network.  But as the Sergeant Esterhaus used to say on Hill Street Blues, “Hey, let's be careful out there.”

The show of the year (at least for 10-year old girls) is upon us. Were you able to get those most coveted Hannah Montana concert tickets? If not, figuring out who to blame may be as elusive as getting the tickets in the first place.

For parents out of the concert scene, this new Internet-induced world of ticket sales has been a real eye-opener. Ticketmaster, the company responsible for selling the tickets in the first place, is placing the blame solely on a technology company named RMG and the ticket brokers that use their technology. RMG’s technology enables these brokers to jump to the head of the line and snag the majority of tickets to hot shows.

Clearly, this technology and the ticket brokers that use it are making the process less fair for families looking for tickets; however, focusing solely on new technology will not solve anything. Unfortunately, the state attorneys general who are now investigating this issue are following Ticketmaster’s lead and not looking into the much deeper issues involved.

With music sales slumping, concert promoters are using every trick possible to create “hype” for upcoming concert tours. According to Billboard Magazine, “given production considerations and ‘holds’ for fan clubs and other constituencies, the actual number of tickets that may be available to the general public for a given show may be only a few thousand, even if the listed capacity of the venue is 18,000 or more.” Much like an empty nightclub keeping a line of potential customers waiting outside, these promoters are focused on building hype through manufactured scarcity.

To make matters worse, Ticketmaster has done relatively little to police its site and implement new technologies that ensure fair ticket sales. If they had taken the necessary to steps to stay ahead of RMG’s technology, parents may have had a better chance of getting one of the few tickets actually sold through Ticketmaster.

So, what’s a parent to do? Many have turned to the secondary ticket market, a place that gives fans another option for purchasing the tickets they couldn’t get through Ticketmaster. But many ask, at what price?

Like any other open market system, supply and demand drive price. Some tickets may command prices that are well in excess of face value, however, what is often overlooked is that 40% of all tickets resold on the secondary market are sold for less than face value. In the end, the online marketplace is a fair and convenient way for consumers to access tickets if they were unable to get them directly from Ticketmaster or are looking for lower prices on less popular shows.

Much can be done to improve the fairness of the current ticket system. Promoters can ensure that more than a few thousand tickets are available to the general public, and Ticketmaster can do more to prevent ticket brokers from getting an unfair advantage. It may not put Hannah Montana tickets in your hand this time around, but there’s always the next tour.

Steve DelBianco
Executive Director of the NetChoice Coalition

The outcome of yesterday's hearing on an online dating bill is succinctly captured by this AP news article headline: New Jersey concedes Internet dating plan, yet pushes it anyway.

What? Legislators pass a bill through committee that they know is flawed?

Yes, if they think the sponsor will work to amend it. And The Internet Dating Safety Act (A-4304), the bill I testified against in Trenton yesterday, definitely needs to be fixed.

It's not that anybody is against online dating safety. We just think that this bill, in its present form, will not create a safer environment for dating site users.

Here's why. The bill has one particular serious flaw: it has the effect (if not the intention) of promoting a flawed, unreliable, and incomplete criminal screening method as a way to increase online dating safety. Legislators should run away from any bill that promotes criminal screenings. 

Intuitively, a criminal screening would sound like a good idea. Who can be against more information about a potential date, especially when it's their criminal record? But if the information is no good, we have a garbage-in, garbage-out situation that has the unintended consequence of providing users of online dating sites with a false sense of security. Indeed, criminal screenings are: 

• Incomplete - criminal screenings can create false negatives when criminal records don't appear or may not include felony arrests that were plead down to misdemeanors; and

• Not inclusive - many counties don't even report their criminal records to a publicly accessible central database. For instance, in Illinois only 4 out of 102 counties report to a centralized database accessible to companies that perform background screenings. Do we know what the database reporting situation is in New Jersey?

A New Jersey bill moves ahead despite critics cautioning legislators that the bill falls short of making online dating sites safer. Braden Cox of NetChoice said “the bill would improperly regulate Internet activity and fail to let dating site users know about misdemeanors. 

Speaking of online safety, a federal prosecutor in Northern Iowa talked to area middle school children about the dangers of meeting people on the Internet.

Last November in Athens, I wrote from the first Internet Governance Forum (IGF) that:

"I get the clear impression that this United Nations machine is just warming-up for a long-term battle over Internet Governance. They're keen to relieve the private sector of its management role…"

Unfortunately, this machine is accelerating here at the second IGF meeting in Rio de Janeiro.

Governments who want to stomp-out dissidents or just stick a finger in the American eye are attempting to hijack the "Critical Internet Resources (CIR)" debate here in Rio. For them, the term "Protecting Critical Internet Resources" has become a euphemism for "killing ICANN." The motivations of repressive regimes are obvious, but as I've stated before, those who see ICANN as a mechanism for American imperialism over the Internet are grossly overestimating the power of ICANN.

It started with Minister Roberto Mangabeira Unger of Brazil, IGF's host country, who briefly acknowledged ICANN's history value in the Internet's development, but then called in ICANN to hand-over its responsibilities to a "more including organization."

While Mr. Unger's views represent a relatively small minority of the government officials here, they are a very vocal minority. And today, that vocal minority made their first effort to turn words into action.

At this afternoon's closing session, the Russian delegate to the IGF announced his request for the UN Secretary General to create:

"…a special working group, an ad hoc working group to develop practical steps for transition of the Internet governance system to bring it under the control of the international community, including the administration of critical Internet resources."

In black and white it looks so innocuous. But this proposal puts into action a sentiment long expressed at the UN: something as important as the Internet simply HAS to be under government control. Moreover, at these meetings "what is said" is less important than "who is saying it." Russia is the spokesperson for a group of governments who variously loath US leadership at ICANN, resent the private sector's role, and fear the rise of free expression on an uncensored Internet. (see AP article)

Russia's proposal is not only about wresting control of the Internet from the American government. It is also about taking control away from those who invented and built it and a billion people around the world that use it.

The technology industry spent a trillion dollars to bring the Internet to a billion people, with little help from governments. We are investing even more to help fulfill IGF's mandate to reach the next billion people – and that is what the world's repressive regimes fear. The Russian request shoves the private sector out of room, leaving governments--including some notoriously repressive regimes--in control of a vital Internet resource.

The Real Travesty

Once again this game of power politics has completely overshadowed the real issues surrounding Critical Internet Resources. As Vint Cerf explained, CIR is much wider than the DNS or any question of ICANN's interaction with the U.S. and other governments. This theme envisions CIR as a range of resources deemed critical to build capacity for online participation in the developing world, including:

• increasing availability of reliable electrical service;
• increasing deployment of wired and wireless broadband connectivity;
• expanding the capacity for new IP connections through a transition to IPv6;
• increasing the security of DNS service through deployment of DNSSEC; and
• assuring the availability, security and reliability of root servers.

Fortunately, these topics were discussed at length in the sessions and workshops on the CIR track in Rio this week. Many companies, academics, non-governmental organizations, and net citizens recognize that these are the truly "critical" Internet resources that the developing world is most concerned about. At one of the wrap-up sessions today, an Internet leader from the developing world put it this way:

On this point, we note that at the time that Africa is starting deployment of its Internet network may in fact not be a good time to talk about any form of change in the governance or administration of the Internet. That might be as though pulling the rug from under us. -- Nii Quaynor, Chairman of NCS, an ISP in Ghana

There was plenty of substantive progress made here, but the real needs and true promise of the IGF are being overshadowed by inter-governmental squabbles. But don't blame it on Rio. Blame the governments who would sacrifice real progress just to grasp at illusory sliver of power.

--Steve DelBianco

The Tiffany & Co v. eBay trial began yesterday, and as this news article noted, the case is about who is responsible for the policing of counterfeit products on eBay.

It's an important case, and implicates all e-commerce marketplaces, so it's impact extends beyond just eBay. And its resolution may come down to whether you believe sites like eBay are akin to a traditional retail store or more like a facilitator between buyers and sellers, much like a flea market. Tiffany claims that eBay participates in and facilitates the counterfeiting and trademark infringement of its jewelry and other items in violation of the Lanham Act.

But here's the kicker:  Tiffany wants to enjoin eBay from selling any item on its site has hasn't been made, sponsored, or approved by Tiffany. This goes too far, way beyond the policing of trademarks.

Instead, it appears that Tiffany would like to control the distribution channel, and use trademark law to do so. Retailers and distributors often hate that their products can be sold outside of their control. We've seen this attempt to control distribution when venues complain about the sale of event tickets on secondary market sites like StubHub, RazorGator and eBay.

eBay has an extensive program for dealing with intellectual property rights violations. Trademark owners should be vigilant when protecting their brands, not vindictive towards marketplaces that are themselves not the bad actors.

-Braden

I’m in Rio de Janeiro this week for the second Internet Governance Forum, a United Nations conference created to help more people –especially in the developing world—do more on the Net. Yesterday I was asked to represent NetChoice on a panel about upholding human rights online.  That is, how can internet companies protect freedom of expression when governments try to censor our customers’ content and ask us to reveal the identity of users whose online communications are deemed offensive.

That’s a tough question, since governments who oppose free expression usually also have the power to shut down companies, jail employees, and cut-off all access to our websites and applications.

Our panel explored ideas ranging from compliance to defiance and a few in between.  One idea I like to create a ‘playbook’ of realistic tactics online companies can use to effectively push back on government demands for removing content or revealing user information Center for Democracy and Technology is working on this along with Microsoft, Google, Yahoo, and free expression advocates like Amnesty International.

At an international gathering like this, I often put things in terms of the world’s most popular game -- football (or soccer to us Americans).  Think of the soccer coach as a provider of online services like email, hosting, blogs, and social networking sites.  The players are the customers and users trying to express themselves while living in a particular country.   The referees here represent the government.

After much debate, the proposal to change the existing Whois service was defeated in an ICANN meeting held last week.  But, does it really matter?   The fact that this 7-year debate ended without a change to existing policy is a demonstration that the market is working faster to address privacy concerns than ICANN processes ever can.

Privacy concerns with Whois have already been addressed by in the marketplace.  Leading registrars added Whois proxy registration services to let people conceal their identification from the general public and most now use technical protections so that spammers can't harvest email addresses from Whois.

Statements of the initial problem and positions that were staked-out early just don't match the current situation.  The reality is that a massively multi-stakeholder consensus body like ICANN is very likely to be overtaken by events - particularly by events that happen on ‘Internet Time.’"

http://www.netchoice.org/press/