CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

Playing chess with hackers

Former Congressman Rick White says a deal giving Internet operators flexibility to raise domain name prices within reason makes sense.

There is no more important issue in Washington than how we keep our nation safe and secure, whether we're talking about our troops, our airports, our borders or the levees that protect cities such as New Orleans. Now we can add computers to that debate. The debate about how the Internet infrastructure should be managed and funded got aired last week. The House Small Business Committee did so appropriately and responsibly, for which it deserves credit. At issue is a new agreement before the Commerce Department that, among other things, allows the operator of the .com system, VeriSign, to make limited increases in wholesale prices for .com domain names over the next six years.

Opponents of those price increases, primarily businesses that are retail sellers of domain names, have asked Congress to block the .com agreement, or at least force VeriSign to cost justify any increase in prices. It is understandable why they would do so: They don't want their margins to go down. But while that idea might make sense to them, it is seriously flawed.

It takes hundreds of millions of dollars to keep the .com infrastructure up and running. By making the right investments at the right time, there has been zero--that's right--zero downtime for the .com name space over the past seven years.

Keeping the Internet secure and reliable is a cat and mouse game.

But changes in the infrastructure must be made well in advance. Adopting the cost-justification approach that some resellers have suggested effectively means something bad would have to happen to the Internet to cost justify an increase in funding. That is like saying that New Orleans had to wait for Katrina to cost justify spending money to raise the levees. And let's not kid ourselves in thinking that price adjustments would be considered more quickly in the Internet community. That community is still working on proposals that are 4 years old. This is a recipe for failure.

Here's a case in point. In January, there was a major attack on the Internet infrastructure. The attack disabled many sites and was about 100 times larger in scope than a major attack that nearly took down the Internet in 2002. These attacks are highly sophisticated. Hackers attack various sites, observe what companies or governments do to defend themselves, and then use that information to make the next attacks more effective. It's like playing chess with hackers.

After January's attack, VeriSign decided to accelerate and increase spending to address these new threats. That meant the additional spending of millions of dollars. If VeriSign had to go to the Internet community to cost justify that expenditure, it would not only take a year or more, but it would have to explain the vulnerabilities in a public forum, which would give the hackers helpful information about where or how to attack next.

It takes hundreds of millions of dollars to keep the .com infrastructure up and running.

That is why the Internet Corporation for Assigned Names and Numbers and VeriSign, working with the Internet community and government agencies, developed a framework that gives Internet operators some flexibility to raise domain name prices but imposes limits so that they can't abuse that flexibility. For example, VeriSign's ability to raise domain-name prices is capped at 7 percent a year, and increases can only take place in four of the next six years. VeriSign has operated the domains since 2001, and this would be the first increase. That would mean the wholesale price of a domain name could only increase from $6 a year to $7.86 a year. To put that in perspective, that is an average of a 2 percent annual increase from 2001 to 2012.

The agreement focuses specifically on protecting consumers. In addition to the cap on prices, VeriSign must give six months notice prior to any increase, giving domain name holders the opportunity to renew under existing prices. They can effectively lock in a price for 10 years or longer.

Keeping the Internet secure and reliable is a cat-and-mouse game. Hackers and cyberterrorists attack it daily, and the people whose job is to keep it running are constantly trying to bolster the networks. It's important that we give them the resources and authority to take the steps necessary to keep our computer systems secure.