Former Microsoft open-source chief joins cloud startup

Former Microsoft open-source chief Sam Ramji has joined cloud-computing startup Sonoa Systems, taking over product strategy and business development at the Santa Clara, California-based company. Last month he also took a position as interim president of the CodePlex Foundation, an open-source group formed out of his work at Microsoft. In his last job at Microsoft, Ramji was responsible for fostering more interoperability and collaboration with the open-source community as head of its Platform Strategy Group.

However, when the foundation and Ramji's role in it were unveiled, he said he was leaving Microsoft Sept. 25 to join a cloud-computing startup, though he did not specify which one. It also provides visibility, management and governance to make cloud services and the APIs (application programming interfaces) that connect to them as robust, policy-compliant and scalable as on-premise applications, according to the company's Web site. Sonoa offers technology called ServiceNet that helps companies manage their cloud-based services by setting policies for them, acting as a proxy server between service providers and the consumers of those services. In addition to ServiceNet, Sonoa also has released an analytics tool for API developers called Apigee as a free way to monitor and manage how their services are being accessed in the cloud. Sonoa's customers include MTV and Guardian Insurance. In an e-mail, a company spokesman compared the tool to Google Analytics.

Sonoa's CEO is a former BEA Systems executive, Chet Kapoor. The foundation also was formed by Microsoft to inspire other proprietary software companies to participate more in the open-source community, though eventually it is meant to be run as an independent group. Microsoft has not named anyone to take Ramji's role but said when the CodePlex Foundation was unveiled that the Platform Strategy Group will remain intact and will continue to promote collaboration with and participation in open-source projects.

Intel: Chips in brains will control computers by 2020

By the year 2020, you won't need a keyboard and mouse to control your computer, say Intel Corp. researchers. Scientists at Intel's research lab in Pittsburgh are working to find ways to read and harness human brain waves so they can be used to operate computers, television sets and cell phones. Instead, users will open documents and surf the Web using nothing more than their brain waves.

The brain waves would be harnessed with Intel-developed sensors implanted in people's brains. Researchers expect that consumers will want the freedom they will gain by using the implant. "I think human beings are remarkable adaptive," said Andrew Chien, vice president of research and director of future technologies research at Intel Labs. "If you told people 20 years ago that they would be carrying computers all the time, they would have said, 'I don't want that. The scientists say the plan is not a scene from a sci-fi movie - Big Brother won't be planting chips in your brain against your will. I don't need that.' Now you can't get them to stop [carrying devices]. There are a lot of things that have to be done first but I think [implanting chips into human brains] is well within the scope of possibility." Intel research scientist Dean Pomerleau told Computerworld that users will soon tire of depending on a computer interface, and having to fish a device out of their pocket or bag to access it. Instead, they'll simply manipulate their various devices with their brains. "We're trying to prove you can do interesting things with brain waves," said Pomerleau. "Eventually people may be willing to be more committed ... to brain implants.

He also predicted that users will tire of having to manipulate an interface with their fingers. Imagine being able to surf the Web with the power of your thoughts." To get to that point Pomerleau and his research teammates from Intel, Carnegie Mellon University and the University of Pittsburgh, are currently working on decoding human brain activity. People tend to show the same brain patterns for similar thoughts, he added. Pomerleau said the team has used Functional Magnetic Resonance Imaging (FMRI) machines to determine that blood flow changes in specific areas of the brain based on what word or image someone is thinking of. For instance, if two people think of the image of a bear or hear the word bear or even hear a bear growl, a neuroimage would show similar brain activity. Pomerleau said researchers are close to gaining the ability to build brain sensing technology into a head set that culd be used to manipulate a computer.

Basically, there are standard patterns that show up in the brain for different words or images. The next step is development of a tiny, far less cumbersome sensor that could be implanted inside the brain. Almost two years ago, scientists in the U.S. and Japan announced that a monkey's brain was used to to control a humanoid robot. Such brain research isn't limited to Intel and its university partners. Miguel Nicolelis, a professor of neurobiology at Duke University and lead researcher on the project, said that researchers were hoping its work would help paralyzed people walk again. Charles Higgins, an associate professor at the university, predicted that in 10 to 15 years people will be using "hybrid" computers running a combination of technology and living organic tissue.

And a month before that, a scientist at the University of Arizona reported that he had successfully built a robot that is guided by the brain and eyes of a moth. Today, Intel's Pomerleau said various research facilities are developing technologies to sense activity from inside the skull. "If we can get to the point where we can accurately detect specific words, you could mentally type," he added. "You could compose characters or words by thinking about letters flashing on the screen or typing whole words rather than their individual characters." Pomerleau also noted that the more scientists figure out about the brain, it will help them design better microprocessors. He said, "If we can see how the brain does it, then we could build smarter computers."

Challenges await head of new SAP user group

The Americas' SAP Users' Group announced its new CEO on Tuesday, nearly one year after parting ways with its previous chief. Chambers assumes the role previously held by Steve Strout, who was ousted by ASUG's board in November 2008 for undisclosed reasons. Interim CEO Bridgette Chambers will take leadership of ASUG, which represents about 70,000 individuals at 2,000 member companies.

Like Strout before her, a key issue before Chambers is SAP's controversial decision to move all customers to a fuller-featured but pricier Enterprise Support service. Following months of debate, SAP and the SAP User Group Executive Network (SUGEN), an organization made up of representatives from SAP user groups around the world, agreed to develop a set of KPIs (key performance indicators) meant to prove the value of Enterprise Support. While some European user groups were especially vocal about SAP's move, ASUG officials adopted a more moderate tone in public remarks. SAP has agreed to hold off on its incremental price increase schedule for Enterprise Support "until the targeted improvements measured by the SUGEN KPI Index are met." There will be an announcement regarding the KPIs later this year, said SAP spokesman Saswato Das. However, she added, "quite frankly, SAP can drop in every value-add they can, but at the end of the day the proof is in the KPIs. This adds value or it does not.

Some customers are more accepting than others of SAP's Enterprise Support decision, given that the company had held maintenance rates steady for many years, according to Chambers. If it does not, they need to understand the customer base is not open to this. Despite these ties, ASUG has retained its independence and objectivity, Chambers said. "I believe that is the clear differentiator for ASUG," she said. "Yes, we have close relationships with SAP. Yes, there is sharing of expenses for events ... [But] I don't really think you've got another organization that possesses the level of objectivity we do." Not all ASUG members are convinced, according to one observer. "The underlying concern that many ASUG members have expressed to us in the past has been that board members' organizations may have special relationships with SAP that could be jeopardized if they were to privately or publicly confront SAP on issues," said Ray Wang, a partner with the analyst firm Altimeter Group. "It would help usher in an era of transparency if members understood what those relationships are." Chambers declined to address the issues raised by Wang, saying it is not her position to speak for ASUG's board members. "I will say that I am pleased and proud to work for a board that is so interested in all the issues that impact the SAP ecosystem," she said. "I have watched board members work tirelessly to ensure that the mission of ASUG is supported." To that end, Chambers has a number of organizational goals and challenges on her plate, including plans to refocus ASUG around "education, influence and networking," she said. If it does, both SAP and customers win. ... We will help our customers make sure they get an answer." Even as it lobbies for members' interests, ASUG has had an intimate relationship with SAP, going as far as co-locating its annual user conference with the vendor's Sapphire show. Chambers has also been conducting a series of "town hall" meetings in recent weeks to gather feedback from ASUG members. You'll be able to verify the value is approximately 'X.' Right now, the answer [to that question] is softer."

In addition, by the end of 2010, ASUG members should be able to better determine how much return they've received on their investment in a membership, Chambers said. "What I will be able to do is make it measurable.

SMBs unprepared for disasters, Symantec finds

Small and midsize businesses are confident in their disaster recovery capabilities, but their actual performance preventing outages shows they are "remarkably unprepared," according to survey results released Monday by Symantec. But that confidence is unwarranted. Four out of five SMBs are satisfied with their disaste-recovery plans, and two-thirds believe their customers would be willing to "wait patiently until our systems were back in place" in the event of an outage, Symantec found.

Three out of four SMBs report that they are based in a region susceptible to natural disasters. The report is a follow-up to Symantec's annual Disaster Recovery Research Report released last summer,  which found that the average cost of executing and implementing a recovery plan amounted to $287,600 for each downtime incident. The average respondent suffered three outages in the past 12 months, either from natural disasters, power outages, or virus and hacker attacks. "With this kind of exposure, and with the confidence SMBs display about their disaster preparedness, one would think SMBs have solid disaster-recovery plans in place," Symantec writes in the SMB Disaster Preparedness report. "However this is not universally soothe case - almost half (47 percent) report they do not yet have a plan to deal with such disruptions." Survey respondents included 1,657 companies worldwide, including both SMBs (companies with 10 to 499 employees) and their customers. This week's SMB study found that in some areas, respondents showed "an alarming lack of readiness," according to Symantec. "First, the average SMB backs up only 60 percent of its company and customer data," Symantec writes. "Second, they do so infrequently. This inattention to data backup is echoed by the fact that more than half (55 percent) of the SMBs feel they would lose 40 percent of their company data if their computing systems were wiped out in a fire." This lack of preparedness puts SMBs at risk of losing customers.

Only one in five (23 percent) back up on a daily basis and 40 percent back up monthly or less. Two out of five SMB customers surveyed by Symantec have switched vendors because they decided their vendor's technology was unreliable. Forty-two percent of outages reported by SMB customers lasted eight hours or more, and 26% of customers reported losing data because of a vendor's outage. More than a quarter of customers had suffered outages, many of which were significant. Customers said the estimated cost of outages averaged $15,000 per day.

First SMBs should determine what critical information should be secured and protected, giving priority to customer, financial and business information, and trade secrets. Symantec offered several recommendations to SMBs looking to bolster their disaster-recovery preparedness. SMBs should also automate the backup process to minimize human error, and test systems annually to ensure that data can be recovered and downtime minimized during a disaster.

Personal Finance: Manage Your Money Better Online

Let's be honest. When times are good, we probably spend too much. Most of us could do a better job handling our money. When times are bad, too many of us stick our heads in the sand.

The Web has a wealth, indeed a surfeit, of tools and information to help you manage your personal finances. Both, of course, are bad ideas. To get an idea of just how much, simply take a look at Google's personal finance directory. So I've culled the list to find Web sites and tools that you'll find helpful and I find trustworthy. It's overwhelming.

This is by no means "a best of the Web" list. Swiss Army Knives of Personal FinanceKiplinger.com is a very deep site, ranging from short, newsy pieces like "A new ban on overdraft fees" to extensively reported features like this month's "Making the most of your benefits." The site tries hard to be helpful; for example a recent piece called "My Wallet was Stolen" gives bullet points about what to do right away and ends with the phone numbers of three major credit reporting agencies. It's too difficult to make that call, and I've avoided sites that have no free information. The Web site is free, but the eighty-year-old company offers a variety of newsletters and magazines at various prices. SmartMoney also has a well-deserved reputation for excellence and is notable for its wide-ranging information.

One big benefit as outlined on the site: "Kiplinger answers the queries of its readers as a regular feature of their subscriptions, filling requests for additional information on any subject its publications cover, by phone, mail or email. Clicking on "personal finance," for example, brings up sections devoted to 13 different topics, including bank notes, debt, elder care, marriage and divorce. College and Retirement Planning With the price of tuition at even public universities moving into the five-figure range, it's never been more important to develop a plan to afford a college education. SmartMoney also offers a wealth of investment tools, including real-time quotes, analysis and stock screening, but those features are behind a pay wall. Even if the heir apparent is very close to graduating high school there are steps you can take to mitigate the financial pain.

Indeed, the site has an entire section devoted to financial planning for college filled with actionable tips, newsy items and generally helpful stuff. SmartMoney, for example, has an informative story about early decision students and financial aid. Not to be outdone, Kiplinger has very meaty college-focused special report that includes pieces on comparing student loan packages and how best to use 529 (college savings) plans. By entering your personal information, you'll get back an estimate of your (teensy) monthly benefits at various retirement ages. It may be somewhat early for you to file for Social Security, but if nothing else, this government site provides a great reality check. The site has a good deal of related information, including application forms.

Best Rates on CDs Finding a financial advisor is not easy and is a decision that has real consequences. There is a also a wealth of information for people approaching retirement on the Web site of the AARP. One feature I really liked that has use for a consumer of any age was called "The All Cash Challenge." As you'd expect it underlines something we all know, but probably don't put to use often enough: People who pay with cash spend less than those who pay with credit cards, because pulling those greenbacks out of your wallet hurts. One place to start: The National Association of Personal Financial Advisors. NAPFA insists that its members be " fee only," which means the financial advisor is compensated "solely by the client with neither the advisor nor any related party receiving compensation that is contingent on the purchase or sale of a financial product." CDs don't pay much these days, but they are a secure place to park your money until better opportunities arise. Its Web site lets you search for advisors by area and by specialty.

If that works for you, bankrate.com is a good place to shop. A similar tool on the site allows you to check fixed and adjustable mortgage rates for different durations and localities. Its simple search tool includes clickable links, so if you see a deal you like, it's to take the next step. Any number of online sites help with basic financial chores, including budgets and expense tracking. After all, you'll be entrusting credit card numbers, bank account and maybe investment account information to a company you don't know much about. But I have to say that security is a real concern.

That's not to cast aspersions on anyone; I'm just careful, and I hope you are as well. Mint.com, which has garnered some good reviews, is now owned by Intuit, so the combined site is worth a look. Certainly Quicken Online, owned by Intuit, is long established, and its Web site is now free. Here's a final tip that I figured out after wasting too much money. When I had a misunderstanding with a credit card company, my account was temporarily suspended.

My online life includes many services and publications that renew automatically. Suddenly a number of those automatic renewals bounced and I was prompted to update. My credit account was quickly restored, and as a result of that little mishap I saved hundreds of dollars. (Thanks to Kathleen Pender, the long-time personal finance columnist for the San Francisco Chronicle, for her helpful suggestions.) San Francisco journalist Bill Snyder writes frequently about business and technology. I realized that I wasn't using some of those services and cancelled. He welcomes your comments and suggestions.

Follow everything from CIO.com on Twitter @CIOonline. Reach him at bill.snyder@sbcglobal.net.

Oracle: 11g Xpress Edition 'a year or two' away

It may be "a year or two" before Oracle releases a no-cost Express Edition (XE) of its 11g database, according to Andrew Mendelsohn, the company's senior vice president of database server technologies. Oracle took the same approach with the current 10g Express Edition, according to Mendelsohn, who oversees database development at the vendor. That's because Oracle is going to wait until after the first patch set ships for 11g Release 2, which was launched in July, Mendelsohn said in a brief interview following a speech at Oracle's OpenWorld conference in San Francisco on Monday.

Developers and ISVs (independent software vendors) prize XE because it includes many core features, and allows them to prototype, deploy and distribute applications without any licensing costs. Users with greater needs would need to upgrade to a paid database version such as Standard Edition. However, XE is limited to 4GB of user data, 1GB of memory and a single CPU, and is available on only 32-bit Windows or Linux systems. Some Oracle database administrators believe there is a deliberate reason for the protracted rollout. "It's an approach that ensures that adoption is nil," said Paul Vallée, founder of the Pythian Group, a database management outsourcing company in Ontario, Canada. "I don't think they're interested in adoption. ... I think they have to have it out there just for maybe a check box, just to maybe say they have a free edition." IBM and Microsoft also offer certain versions of databases at no cost. Oracle is attempting to buy Sun Microsystems for US$7.4 billion, but the deal is on hold while European officials conduct an antitrust review.

Oracle simply isn't "gunning for market share in the free database segment," Vallée added. "If they were, the strategy would be to release this exactly the way it is and then sell support and commit to patch sets for it." That is essentially the model Sun Microsystems has used for the open-source MySQL database. Instead, Oracle wants lower-end customers to use a paid version of the database, such as Standard Edition One, said Pythian Group CTO Alexander Gorbachev. It's unclear how the arrival of MySQL will affect XE, or any other aspect of Oracle's database strategy, Vallée said. A Standard Edition One processor license costs $5,800, according to Oracle's latest price list. Oracle plans to increase investment in MySQL, CEO Larry Ellison said during a keynote Sunday.

Gmail, Yahoo Mail join Hotmail; passwords exposed

Google's Gmail and Yahoo's Mail were also targeted by a large-scale phishing attack, perhaps the same one that harvested at least 10,000 passwords from Microsoft's Windows Live Hotmail, according to a report by the BBC. Microsoft , for its part, said late yesterday that it had blocked all hijacked Hotmail accounts, and offered tools to help users who had lost control of their e-mail. The BBC also said it has seen a list of some 20,000 hijacked e-mail accounts; the list included accounts from Gmail, Yahoo Mail, AOL, Comcast and EarthLink. Gmail was the target of what Google called a large-scale phishing campaign, the company told the BBC . "We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for Web-based mail accounts including Gmail accounts," a Google spokesperson told the news network. The latter two are major U.S. Internet service providers. "As soon as we learned of the attack, we forced password resets on the affected accounts," the Google spokesperson also told the BBC. "We will continue to force password resets on additional accounts when we become aware of them." Neither Google's or Yahoo's U.S. representatives responded to e-mails from Computerworld seeking confirmation that their Gmail and Yahoo Mail services were targeted by phishers, or answers to questions about how many accounts had been compromised and what the firms are doing to help users.

Late Monday, Microsoft said it was blocking access to all the accounts whose details had been posted on the Web last week. "We are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts," the company said on its Windows Live blog . Microsoft posted an online form where users who have been locked out of their accounts can verify their identity and reclaim control, and also pointed users to a support page from October 2008 that spells out steps users can take if they think their accounts have been hijacked. Neowin.net, the site that first reported the Hotmail account hijacking early Monday, today added that it had seen the same list of compromised accounts as the BBC. "Neowin can today reveal that more lists are circulating with genuine account information and that over 20,000 accounts have now been compromised," said the Windows enthusiast site . "[The] new list contains e-mail accounts for Gmail, Yahoo, Comcast, EarthLink and other third-party popular Web mail services." Microsoft has acknowledged that log-on credentials for "several thousand" Hotmail accounts had been obtained by criminals, probably through a phishing attack that had duped users into divulging their usernames and passwords. After a slump earlier this year, phishing attacks are on the upswing, according to the Anti-Phishing Working Group (APWG). Its most recent data - for the first half of 2009 ( download PDF ) - noted that the number of unique phishing-oriented Web sites had surged to nearly 50,000 in June, the largest number since April 2007 and the second-highest total since the industry association started keeping records. Yesterday, Dave Jevans, the chairman of APWG, called the Hotmail phishing attack one of the largest ever, but cautioned that the usernames and passwords may have been harvested over several months, and not by a single, defined attack.

McCain Moves to Block FCC Net Neutrality

The FCC voted unanimously yesterday to move forward with the debate in an effort to formalize net neutrality guidelines. In the wake of FCC chairman Julius Genachowski's initial announcement of his intent to pursue formal net neutrality rules, a group of GOP lawmakers already initiated a similar attempt. Senator John McCain followed up by introducing a bill that would prohibit the FCC from governing communications. However, that amendment was retracted almost as quickly as it was filed.

Basically, those in power or those who pay more will have better access. McCain's bill, the Internet Freedom Act, seeks to do the opposite of what its name implies by ensuring that broadband and wireless providers can discriminate and throttle certain traffic while giving preferential treatment to other traffic. Apparently we have different definitions of 'freedom'. According to the text of the McCain bill, the FCC "shall not propose, promulgate, or issue any regulations regarding the Internet or IP-enabled services." Isn't that what the FCC does? Oddly, the bill also contains text stating that any regulations in effect on the day before the Internet Freedom Act is officially enacted are grandfathered in and exempt from the provisions of the Internet Freedom Act. Isn't that sort of like introducing a bill to prohibit the Treasury from printing money, or a bill to prohibit the IRS from collecting taxes? The implication seems to be that if the FCC can formalize net neutrality rules before McCain can get the Internet Freedom Act signed into law, the net neutrality rules would still apply.

However, Comcast tried to throttle peer-to-peer networking traffic and only changed policy after the threat of FCC net neutrality rules. Net neutrality opponents claim that the free market can police itself and that any net neutrality restrictions will stifle innovation and competition. AT&T sought to block customers from using VoIP services from its wireless network, but changed policy out of fear of the net neutrality rules. What the FCC voted on yesterday is simply to start the debate. The trend seems to be that these providers only do the 'right thing' when the net neutrality gun is pointing at their head. Its an open discussion, so what are net neutrality opponents afraid of?

If there are valid issues that need to be resolved, then go ahead and bring them to the table. They have 120 days to gather information and collect data and present their case. Don't initiate legislation that seeks to pretend the table doesn't exist. While Obama was attached surgically to his CrackBerry and his staff leveraged social media from their Macbooks, McCain admitted having little or no knowledge or interest in modern technologies like email or the Internet. During the Presidential election campaign last year the differences between the two candidates was stark.

It seems suspicious that the Internet is suddenly a major concern for him. Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. Maybe he just missed seeing his name in the paper. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.

GAO: Los Alamos National Lab's cybersecurity lacking

Cybersecurity efforts to protect a leading U.S. nuclear laboratory's classified computer network remain lacking even after a series of security lapses, according to a new report from the U.S. Government Accountability Office. The lab has vulnerabilities in several "critical" areas, including identifying and authenticating users, authorizing user access, encrypting classified information and maintaining secure software configurations, the GAO report said. "A key reason for the information security weaknesses GAO identified was that the laboratory had not fully implemented an information security program to ensure that controls were effectively established and maintained," the report said. The Los Alamos National Laboratory, which has suffered multiple security breaches in recent years, continues to have "significant weaknesses ... in protecting the confidentiality, integrity, and availability of information stored on and transmitted over its classified computer network," the GAO said in a report released Friday. The lab has not conducted comprehensive risk assessments to ensure against unauthorized use, has not marked the classification level of information stored on its classified network, and has inadequate training for users with security responsibilities, the GAO report said.

Later reports said as many as 67 computers were missing from the lab. In January, there were reports of the theft of three computers from a lab employee's home in Santa Fe, New Mexico. In July 2007, the U.S. Department of Energy moved to fine the lab for an October 2006 breach that exposed classified data. Also in mid-2007, U.S. lawmakers criticized the lab after reports that several officials there had used unprotected e-mail networks to share highly classified information. A contract worker illegally downloaded and removed hundreds of pages of data from the lab using USB thumb drives.

There were other security problems at the lab, including instances in 2003 and 2004 when the lab could not account for classified removable electronic media, such as compact discs and removable hard drives. The DOE's National Nuclear Security Administration (NNSA), while it said it generally agreed with the report, said the lab has made progress in its cybersecurity efforts. A lab spokesman did not immediately return an e-mail seeking comment on the GAO report. Many of the shortcomings have been addressed, said Michael Kane, associate administrator for the NNSA, in a letter to the GAO. In response to a DOE compliance order issued in 2007, "a number of key technical issues and policy implementation concerns have been or are currently being addressed," Kane said. The lab is jointly operated by several groups, including NNSA and the University of California.

The DOE oversees the lab, a multidisciplinary research institution working on strategic science on behalf of U.S. national security.

US relationship with ICANN may not end

A longtime agreement in which the U.S. Department of Commerce has oversight of the Internet Corporation for Assigned Names and Numbers (ICANN) is due to expire Wednesday, but that may not be the end of the relationship. This new type of agreement would allow ICANN to become more independent, while addressing concerns from several other countries that the U.S. has too much control over ICANN, said Michael Palage, a former ICANN board member. While ICANN isn't talking, some observers expect a new type of agreement to be announced as soon as Wednesday, with the U.S. government sharing oversight of the nonprofit organization that controls the Internet's domain name system with other countries. The new agreement would create several oversight boards, with international representation, Palage said.

What it's also doing is ... it's putting in some accountability mechanisms." Palage hasn't heard all the details about the new agreement, including how people will be appointed to the new oversight panels. The Economist reported last week that a new agreement, called an affirmation of commitments, will replace the existing pact between the U.S. government and ICANN. The Department of Commerce and ICANN have operated under a series of agreements laying out expectations for the nonprofit since November 1998. The new agreement "will tell them what it should do, but it can't legally bind them," much like past agreements, said Palage, now a senior fellow at the Progress and Freedom Foundation, a conservative think tank. "It gives the appearance in the global community that the U.S. government has recognized that ICANN has done what is was supposed to do. He's also concerned about whether private entities will have the same representation as governments. Many critics of ICANN have complained in recent years that the organization has moved forward with plans to expand services without widespread agreement. While not perfect, the new agreement being talked about would be an improvement over the existing agreement, he said. "Now while the devil will be in the detail, the only concern I have is that the private sector be on equal footing with the public sector in being able to hold ICANN accountable," he said. "If ICANN is to remain a public-private partnership that is founded on the principles of openness, transparency, inclusiveness, accountability and bottom-up coordination, then both the private and public sectors should have equal confidence in the accountability mechanism available to them." Under the latest agreement between the Department of Commerce and ICANN, the nonprofit reaffirmed its commitment to maintaining the security and stability of the domain name system, or DNS. ICANN also promised to stick to the principles of competition, bottom-up coordination and representation.

In particular, ICANN's board in June 2008 voted to allow an unlimited number of new generic top-level domains, such as .food or .basketball, but trademark owners have complained that new gTLDs would force them to register many new Web sites to protect their brands. Asked this week about what happens after the current agreement expires, an ICANN spokeswoman said the Department of Commerce has asked ICANN officials not to comment until Wednesday. Last week, several members of a U.S. Congress subcommittee urged ICANN to back off the gTLD plan until concerns could be resolved. A representative of Viviane Reding, the European commissioner in charge of the information society and the telecom industry, also declined to comment until "the situation in the U.S. has been officially confirmed." Reding has called for more international oversight of ICANN. But Steve DelBianco, executive director of NetChoice, an e-commerce trade group, said he expects a "new formal review process looking at security, consumer trust, and the interests of global Internet users." DelBianco expects that government and private stakeholders will be represented in the new review process, he said. "Prodded by public comments and encouragement from Congress, I'd expect to see a new arrangement that delivers what the global Internet community has wanted: an independent ICANN that preserves private-sector leadership with increased accountability to its core mission," he said. "The tricky part is how to give governments a well-defined role while preserving ICANN's private-sector orientation." An important part of the oversight going forward will likely be on cybersecurity, added DelBianco, a critic of ICANN's gTLD plan. "I'd expect to see explicit accountability for ICANN to make sure the DNS stays up 24-7 and around the world, even as we see increased cyber attacks and a significant expansion of top-level domains," he said. Heather Greenfield, a spokeswoman for the Computer and Communications Industry Association (CCIA), said the trade group expects the U.S. government to stay involved in ICANN. CCIA has also heard that oversight panels, involving the international community, will provide ICANN oversight going forward, she said. "We expect ICANN will retain some type of long-term relationship with the United States, while expanding the involvement of other countries," she added. "Ahead of this agreement ending, ICANN has been making a real effort to respond to past criticism about not being transparent enough."