Ripple Effects From VeriSign Move Prompt Rehinking On Net Oversight

Then he discovered it wasn't his skills that were faulty, but the Internet that essentially broke. Elsewhere, more spam slipped through, printers misbehaved and cell phones got unusual Web traffic.

"I'm upset about this because it's cost us time and money," said Fitzpatrick, who runs Lone Star Interactive in Arlington, Texas, and tracks spam on the side.

The culprit was VeriSign, which two weeks ago launched a new service for guiding Internet users who mistype Web addresses. Side effects from the service have prompted a fierce debate over who's in charge of the Internet.

"This is the first case I know where somebody that big has caused that kind of failure," said David Farber, an influential technologist formerly with the Federal Communications Commission. "If that becomes the standard, things will break endlessly."

With little warning or fanfare, VeriSign introduced its Site Finder service on Sept. 15. Web surfers who enter addresses that don't exist now get suggestions on where they might have wanted to go.

Normally, such innovation is encouraged and has led to such breakthroughs as the World Wide Web itself in 1990. In fact, America Online Inc. and Microsoft Corp., among others, have been offering similar services.

But VeriSign is unique because it is master-keeper of names ending in

".com" and ".net." Its actions have more far-reaching effects on almost everyone online.

While millions of people have used Site Finder without problems, some software depend on getting error messages - not a redirection - when addresses don't exist.

VeriSign spokesman Tom Galvin said the company has convened a panel of outside technical experts to suggest changes. Normally, however, such discussions take place in advance.

"You're playing with an engine change while the plane's in flight," said Vint Cerf, co-inventor of the Internet's basic communications protocols.

Fitzpatrick, for one, found his software capturing VeriSign's search site, instead of indicating that a spammer had faked a Web address. Junk mail filters that perform such checks also failed, allowing more spam through.

The Internet Architecture Board, a committee of Internet engineers, found other mishaps. Rival search services such as Microsoft's stopped working. Printer and other network misconfigurations, once benign, became fatal. Mobile Web services got swamped with more data than the normal "no such name" response, potentially generating higher phone bills.

Business rivals, meanwhile, complained that VeriSign was making money off its monopoly on the '.com' and '.net' directories, because the company shares revenue with search engines that power Site Finder. At least two federal lawsuits have been filed.

A security committee of the Internet Corporation for Assigned Names and Numbers, which oversees domain names, plans to convene a meeting Oct. 7. Meanwhile, ICANN asked VeriSign to suspend its service.

VeriSign declined, saying it would be premature.

Cerf, ICANN's chairman, said the organization was "evaluating a number of avenues."

"I am very disappointed to see that VeriSign seems so insensitive to the widespread problems their modification is having," Cerf said.

While discussions continue, outsiders see a stalemate. A report from the security committee took a full week, a delay committee chairman Steve Crocker partly attributed to Hurricane Isabel.

"It took ICANN longer to come up with the requests to suspend than it took the entire 9th Circuit to review the election process," said former ICANN board member Karl Auerbach, referring to a court decision to clear California's recall.

Now long-time techies, including Auerbach, are suggesting a more formal regulation of the Internet to replace the ad-hoc, consensus-based structure that grew out of the tech community's historic self-governing efforts.

"The same rules really can't apply anymore, now that the Internet really, really matters in commerce, in government," said Lauren Weinstein, co-founder of People For Internet Responsibility.

VeriSign welcomes a rethinking of how the Net is run. Galvin said the company has long been frustrated with how long it takes to decide on its initiatives, including domain names that include foreign characters.

"The Internet has been used in many innovative ways, but the Internet itself has not been innovated much," Galvin said. "The bigger issue beyond Site Finder is, 'Are Internet operators going to be able to innovate the Internet and launch new services?' That question will also answer how much investment is made into the infrastructure."

Whether VeriSign did anything wrong is debatable. Voluntary Internet standards permit "wildcards," the mechanism VeriSign employs to redirect mistyped addresses. But technical experts say those standards were never meant to apply so broadly.

VeriSign points out that other suffixes have used wildcards before, albeit on a smaller scale. Operators of ".biz" and ".us" tested a similar service in May. Typing in a nonexistent address for ".cc" and ".ws" gets you an ad for registering it - in the case of ".cc" through eNIC Corp., a VeriSign subsidiary.

How the matter gets settled will have broad implications.

"If ICANN insists that this is bad and if it is not able to enforce it," said Harald Alvestrand, chairman of the standards-setting Internet Engineering Task Force, "it has established the principle that domain name operators can do anything."

Copyright © 2003 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.