Saturday, September 21, 2013

Norway internet governance forum takes place on 09 October


Thursday 12 September 2013 | 12:03 CET | News

Norwegian postal and telecoms regulator PT said it is holding a national Internet Governance Forum (IGF) in Oslo on 09 October, and places are limited. Participants include the Ministry for Transport and Communication, as well as a number of private and public stakeholders. The IGF is a platform for dialogue and exchange of experiences concerning internet developments. PT and the ministry will also use the IGF to present the results of the ITU's World Telecom Policy Forum 2013 (WTPF) in Geneva this May and Norwegian preparations for the world IGF 2013 on Bali in Indonesia from 22-25 October and for the next ITU Plenipotentiary meeting in autumn 2014.

Norway internet governance forum takes place on 09 October



Thursday 12 September 2013 | 12:03 CET | News
Norwegian postal and telecoms regulator PT said it is holding a national Internet Governance Forum (IGF) in Oslo on 09 October, and places are limited. Participants include the Ministry for Transport and Communication, as well as a number of private and public stakeholders. The IGF is a platform for dialogue and exchange of experiences concerning internet developments. PT and the ministry will also use the IGF to present the results of the ITU's World Telecom Policy Forum 2013 (WTPF) in Geneva this May and Norwegian preparations for the world IGF 2013 on Bali in Indonesia from 22-25 October and for the next ITU Plenipotentiary meeting in autumn 2014.

Friday, September 20, 2013

China seeks global rules to govern Internet




All nations should work together to build a multilateral, democratic and transparent international order for Internet governance within the United Nations framework, the top official of China's regulatory body on Internet information said on Monday.
Minister of the State Internet Information Office Lu Wei made the remarks in a keynote speech in London at the 5th China-UK Internet Roundtable, an annual event co-hosted by the State Internet Information Office and the British Department for Culture, Media and Sport.
Lu's remarks came amid mounting accusations against Beijing over its Internet administration and alleged hacking attacks. He said, "Where there is no order, there is no liberty."
"We should respect cybersovereignty, discard hegemony and avoid putting our own country's interests above those of others. We should join hands to build order for the development of the Internet on the basis of mutual respect and equal treatment," Lu said.
"No country is immune to such global challenges as cybercrime, hacking and invasion of privacy," Lu said during the meeting, noting that China is also a "victim of hacking".
Edward Snowden, a former contractor for the US National Security Agency, provided documents in June revealing that the US government has been hacking Chinese mobile operators' networks, as well as the operator of a fibre optic cable network, to intercept information.
China firmly opposes all forms of Internet attacks, Lu noted, and said, "We hope to deepen exchanges and cooperation with other countries in online cybersecurity, anti-terrorism, law enforcement and privacy protection."
He also called for the establishment of an order to promote "positive energy", a phrase that topped the list of China's buzzwords in 2012.
"Positive energy knows no boundaries. If everyone were to spread positive energy on the Internet, the world would be a much better place," he said.
Although China is a latecomer in Internet-related technologies, the sector has seen tremendous development in recent years. According to the Internet authority, China now has almost 600 million Internet users, 44.1 per cent of the population, and the number is still rising.
The numbers of micro-bloggers and WeChat users have both exceeded 300 million, and more than 200 million micro-blog posts are submitted and forwarded each day.
Lu said the Internet has become a new platform for many Chinese entrepreneurs.
The Chinese mainland is now home to nearly 3 million websites. Five Chinese websites, Baidu.com, QQ.com, Taobao.com, Sina.com.cn and Sohu.com, were listed in the Top 20 Most Popular Websites in the World in 2013 published by Royal Pingdom, a Swedish company that focuses on Internet-related research.
Lu said that Britain has advanced experience in Internet content management, technological support, industry self-regulation, laws and regulations.
Both China and the UK play significant roles in establishing an international order on Internet regulations while shouldering important responsibilities, Lu noted.
He also suggested that the two countries should strengthen cooperation by establishing a regular exchange and communication mechanism, and collaborate on Internet innovation, research and consultation, cybersecurity and information sharing.
Ed Vaizey, UK minister of culture, media and sport, also said that the two countries should further deepen communication and cooperation through the Internet and deepen common understanding of the Internet.
Vaizey encouraged Internet companies from the two countries to increase investment and promote social progress.
This year, the roundtable had four discussion sessions called "Digital Technologies", "Social Responsibility of the Internet", "The Internet of Things" and "eAccessible Technologies", concerning resources for people with disabilities.

Thursday, September 19, 2013

The Internet's Broken Promises - Is Balkanisation Inevitable?


The Internet's Broken Promises - Is Balkanisation Inevitable?

| 

In my previous blog I discussed the overall cost of US-based surveillance operations, including the commercial impact of Edward Snowden's actions in making public what he knew. I have since been told that I seriously under-estimated the latter. Some believe that his actions make a take-over by the ITU almost inevitable, unless those who really do want the Internet to remain an open network of networks, (evolving over time in response to a mix of technology push and market pull), respond constructively and forcefully to the concerns of  those who support such a take-over. Earlier this week I attended the UK Internet Governance Forum and promised to blog on why this year's IGF at Bali will be so important (despite, perhaps because of, attempts to kill it off). I was trying to get my head round what is at stake and the arguments to make, when I was delighted to receive the offer of a guest blog, putting the issues into context, from Jan Malinowski, Head of the Information Society Department of the Council of Europe, under the heading: 

"The Internet's Broken Promises - Is Balkanisation Inevitable".   

Jan's balanced and thoughtful approach is exactly what is needed. I will stop here and hand over to him:

"In 1939, the surrealist André Breton nicknamed that other surrealist Salvador Dalí"Avida Dollars", implying that he subordinated artistic creativity to eager money-making. After that, many considered that Dalí's time was over; they saw only the surface, and their predictions turned out to be wrong.

Certain pundits are now predicting the decline of the open and universal Internet and some are forecasting almost catastrophic scenarios. Recently, they have been basing their arguments on the unearthing of "Avida Data" states which are throwing billions into avidly hoovering up vast amounts of digital data. The threat is serious, the outcome unknown.

Massive eavesdropping and indiscriminate surveillance have been added to the list of broken promises - or false assumptions - about the Internet being a space of freedom and prosperity for all. Over the years, many extraordinary threats to the Internet have been put forward. First there was spam, then phishing and fraud, Trojans, child pornography and grooming, and rampant cybercrime. These threats have been compounded by the development of cyber-war capabilities, cyber-drones, backdoors and exploits. National security was vaguely advanced to justify everything, or almost. But security and control without freedom, transparency and a participatory environment are tantamount to despotism.

Alongside these developments, the knitting together of the web continued, the number of users grew; speed, processing and storage capacity accelerated vertiginously; services, applications and content multiplied; and, with some ups and downs, cracks grew on national or territorial intranet fortresses. Cyber hostilities now lead to discussions on rules of engagement.

What did we learn from Edward Snowden that we didn't already know or suspect? We knew that many different agencies and commercial or other entities hoard vast amounts of personal information and data, that 'big data' is mainly for the service of commercial interests, and that security agencies also engages in widespread data fishing justified on grounds of anti-terrorism and national security. Some laws prescribe massive data retention, raising little more than curiosity on the part of the guardians of fundamental rights and freedoms.

The signs were there for all to see. You only had to listen to cyber-dissidents or civil liberties organisations, to read leaked information or published laws - a Swedish law on surveillance of cross-border electronic communications is awaiting decision by theEuropean Court of Human Rights, for example - and, increasingly, public debates on human rights and Internet governance. The European Parliament rang the alarm about Echelon and the US courts heard about Carnivore over a decade ago.

History has shown that people are able to deal with historical inevitabilities, and to make them evitable. Edward Snowden, hero or villain, whistle-blower or traitor, has helpfully triggered collective awareness, reproach and discussion that could lead to change. Dalí thought that the deliberate and desirable delusion that nurtures fantasy requires a check: awareness that reason has been suspended.

There are fundamental rules and human rights principles that apply to the Internet. The vast majority of countries have accepted them - 167 states are party to the International Covenant on Civil and Political Rights (ICCPR). Human rights are enforceable against state institutions in many of those countries and scores of them can be held to account before international bodies. 820 million people have a right to bring cases to the European Court of Human Rights. The 47 Council of Europe member states have formally committed themselves to preserving the integrity, universality and openness of the Internet, and have agreed on Internet governance principles and the concrete meaning of human rights on the Internet. There is no inevitability. These are also the antidotes against balkanisation or fragmentation, and they have to be used - but much remains to be done.

On the Internet, we are all - young or old, corporate, government or private - still immature, trying to find our bearings, learning the "do's" and "don'ts". Internet freedom is not a bunch of broken promises, but a process that has not yet gone beyond a 'storming' stage, awaiting its own social contract. All stakeholders have to make progress, embrace new codes of conduct, abide by reinterpreted fundamental principles, and acquire new sensitivities, awareness and social skills. Education - of state and non-state actors alike, not only users - is fundamental for compliance. And above all, some will have to embrace transparency and show commitment, respect and leadership in the process, whether state or non-state actors, putting aside puerile disregard, precipitation and arrogance.

Of course, this will not resolve all of the problems. As in any sizeable community, there will continue to be mavericks, rule-breakers and antisocial conduct. In the international community there are also those who abuse the means at hand, and despots, without the conventional / cyber distinction. This should not deter us from the objective of protecting and promoting human rights and the rule of law also on the Internet, alongside its universality, integrity and openness. Window dressing and paying lip service to Internet freedom will not do. We need to fight to preserve our imperfect democracy, which remains the best form of government we can have.

Some have alluded to a constitutional moment for the Internet. Perhaps the time is coming for such a process, based on multi-stakeholder dialogue, each contributing according to their respective roles and responsibilities."

Wednesday, September 18, 2013

Britain announces scholarship on cyber policy



 today announced a scholarship for mid-career Indian professionals to undertake short-term courses in cyber policy, internet governance and cyber security in that country. 

The new Chevening-Tata Consulting Services Cyber Policy Scholarship was announced by Britain's Minister for the Cabinet Office Francis Maude. 

"I am delighted to announce the new Chevening- Cyber Policy Scholarship. This is a pioneering course that not only covers the technical side of cyber security but also brings together the related areas of public policy, such as internet governance, national security, crime prevention and enabling online commerce and freedom of expression," he said at a function at a leading think-tank. 

"This is an excellent example of - partnership in cyber policy and I am grateful to TCS for making it possible with their sponsorship," he said. 

In the first year, six scholars will be chosen on the basis of their relevant skills and experience. They will be drawn from the private sector, government other public sector, academia, law enforcement and judiciary. 

The course will be run by Cranfield University at the Defence Academy of the United Kingdom which provides courses to senior officials and professionals from around the world. 

Talking about Indo-UK collborartion, Maude said that "before long, India will have the largest online population in the world. So, I'm here today to tell you where there are opportunities, Britain will be open for business, I'm glad that Indian investment into the UK is increasing.

Tuesday, September 17, 2013

Reflections on EUI's New Community Priority Evaluation Guidelines for New gTLDs


Shweta Sahjwani
The new Community Priority Evaluation (CPE) guidelines prepared by the Economist Intelligence Unit (EIU), and published by ICANN are now past their feedback period. We, at Radix, believe that ICANN has received feedback from approximately 10 stakeholders, and I for one, am looking forward to those being published.
In light of the fact that none of the comments that ICANN received have been made public yet, I decided to blog about my multiple concerns with the new guidelines. Sparing a thought for the not-so-involved reader, I have limited my rant to some of the more important issues.
These also form the crux of our feedback submitted to ICANN along with a suggested red-lined version of the actual guidelines that can be found here.
#1: New guidelines cannot supersede the AGB
Of primary concern to us are certain communications between CTAG and ICANN, which we believe sought to modify the process and scoring guidelines in the AGB and relax the CPE standards.

One can infer from Mr. Craig Schwartz's recent letter to Ms. Christine Willett (VP, gTLD Operations) and correspondence on the NTAG list that a closed-door meeting was held in Durban where community TLD applicants potentially lobbied ICANN to amend the Guidebook and relax the CPE standards. 

Hundreds of applicants have relied on the AGB and paid tens of millions of dollars in applying for specific strings. The publication of these new guidelines for feedback must not lead to a re-litigation of the Guidebook criteria. A change in the Guidebook at this stage would significantly change the rights of applicants and the value of their investments. Applicants would have made different decisions if the CPE criteria were different. 

The CPE has been built upon a foundation of guiding principles that the community applicants seek to upset. A qualified community application eliminates all directly contending standard applications, regardless of how well qualified the latter may be. This is a fundamental reason for enforcing very stringent qualification requirements for a community-based application. It is for these reasons that we firmly believe that the AGB must be, in effect, sacrosanct.

We believe that this concern was likely voiced by other applicants too. As a result, the CPE teleconference held on 10th September, 2013 started with Christine issuing a clarification that ICANN did not intend that the new guidelines would change anything in the AGB. We certainly hope that the intention shows up more clearly in EIU's next draft of the guidelines.

#2: A detailed process for the Community Priority Evaluation is still missing
The limited CPE process as defined in the current guidelines document provides for applications to be evaluated by two evaluators working independently to score applications. These will then be reviewed by members of the core project team to ensure consistency of approach across all applications.

The process, when published, should clearly address scenarios where the evaluators and core project team members have conflicting views and specify which opinion would be binding. Additionally, there should be more detail on the documentation that will accompany each evaluation result. This, along with some clarity on how interactions between applicants and panels (public vs. private) will be managed as well as expected timelines for the complete process (incorporating the effects of GAC Advice and dispute resolution) would be a good start.
#3: Recommendations for Training and Process
ICANN and EIU must institute processes that will ensure consistency in CPE decisions.
Training: Follow-on documents from EIU should describe training and scenario testing to ensure that panels arrive at similar conclusions given identical data sets. Training should conclude when consistency is attained. Training should also include exposure to documents describing development of the community processes that include foundations in the guidebook. ICANN staff involved in the development should brief EIU panelists to describe the rationale for the current CPE standards.
Process: The process should include collaboration among panelists or evaluation of applications by the same evaluation panel (with several members) so that results are consistent. QA and other reviews should review rationale as well as scores to ensure the right scores were made for the right reasons. Rationale must be required for each score that relates to specific criteria and definitions in the Guidebook.

Christine did mention on the CPE teleconference that scoring decisions would be accompanied with a justification for a particular score. While we find that encouraging, we can only hope that there will be consistency in the justifications provided across panels and across applications.
#4: The guidelines should be clearer and must not weaken the AGB criteria or change the application
In many cases, the new Guidelines, taken as written, seem to weaken the Guidebook criteria, either through vagueness or an inadvertent change to the intent. The new Guidelines should serve to retain the existing Guidebook criteria and provide additional clarity in a way that accomplishes the intent of the elaborate policy making process.

While the EIU document provides additional information for evaluators, the information is vague in some places, and will undoubtedly lead to inconsistent results. An example where an explanation in the new guidelines creates uncertainty is:

"'Delineation' also refers to the extent to which a community has the requisite awareness and recognition from its members."
[How should the evaluator gauge whether a community has the "requisite awareness and recognition"?]
The use of Internet searches employed by evaluators is also of concern. Internet searches should be used only to the extent of verifying claims of the applicant. However information gathered from an Internet search should not be used towards modifying any claims/statements made in the application. It is important to limit the evaluators' discretion in this area.
Which brings us to the next concern; the document omits significant portions of the AGB definitions and replaces them with general questions to be answered by panels. We are concerned that the EIU should not use a different standard than the published one.
Conclusion
While we are aware that the guidelines are well-intentioned, we have requested that care must be taken to ensure that the Guidebook intent is realized in the evaluation. Otherwise, the reliance placed by applicants upon the Guidebook processes and standards would have been misplaced. Those processes and standards were developed after long, intensive community discussion. Individual interests should not be allowed to change the agreed-upon implementation of the new gTLD policy at this late date. I rest my case!
By Shweta Sahjwani, Manager, Strategic Partnerships at Radix

Monday, September 16, 2013

You Just Signed a Registry Contract With ICANN. What Are Your Plans?


John Levine
I've been having arguments about Network Neutrality with a lawyer. My position is that you can't adequately regulate ISPs to be neutral, because there's no agreement what "neutral" means in practice. He points out that the courts aren't interested in technical details like what packets are dropped, it's that all traffic has to be treated the same, and ISPs should just figure out how to do that.
So I contemplated a city with Plumbing Neutrality with the simple rule that all people must be treated the same.
Well, OK, I'm in the commercial real estate business. I build my building on strictly neutral principles with rest rooms with the same number of fixtures on each of the ten floors for men and women. All set.
Then someone complains that after lunch, she has to wait in line while guys don't. A court interprets the Plumbing Neutrality law and decides from first principles that neutral has always meant equal waits, not equal numbers of fixtures, it's no big deal, just move some walls. Huh? How am I suppose to pay for that?
I talk to a plumbing engineer who tells me that the rule of thumb, based on the last 300 years or so of plumbing engineering, is that you need a 3:2 ratio of fixtures to equalize the lines. Since there are five fixtures in each rest room, you need to move the wall to make six in the women's room and four in the men's room. Easy.
But I can't do that, plumbing is heavy so we put the rest rooms on the opposite sides of the building so they'd be next to the structural walls. Hmmn.
"I've got it," says the engineer. "You have 20 rest rooms, two on each floor, so you need 12 women's and 8 men's for that 3:2 ratio. So just change the men's rooms on the 3rd and 7th floors to women's rooms. You'll have to swap the urinals for something women can use but I can do that." So I spent more money to replumb and change the signs, all neutral again.
Except there's a guy on the 7th floor with limited mobility, who complains that the women can just go down the hall, while he has to wait for the elevator, which takes a while, and that's a problem. OK, now what? Swap 6th and 7th? What if he gets a promotion and moves upstairs?
My point here is that legal principles are fine, but their implementation in technology is rarely simple, and the financial risk of guessing wrong is substantial. Net Neutrality is even worse, since if you treat all packets the same, your network will collapse, and ISPs will face endless legal battles about stuff like how much spam filtering is consistent with being neutral.
So you either need a regulator with the technical skill to write workable rules, which nobody has, or you need to get the desired result a different way, such as separating the transport part of the connection (the DSL or the cable) from the ISP transporting the packets, as they've done in Europe.
(By the way, the urge to use the phrase "bladder bloat" was nearly irresistible.)
By John Levine, Author, Consultant & Speaker. More blog posts from John Levine can also be read here.

Sunday, September 15, 2013

U.K. for less government role in cyber security


The British government’s stance on cyber security and Internet governance firmly favours a multi-stakeholder approach with a substantively large role for the private sector, at a time when the world is grappling with serious policy and Internet jurisdiction questions in the wake of the Snowden exposés.
The British Minister for Cabinet Office, Francis Maude, MP, who bears direct responsibility for the U.K.’s cyber security policies made this plain in a 25-minute address here at the Observer Research Foundation.
Arguing a case for a smaller role for governments, he said, “The important thing is that we do not dilute the characteristics that have made the Internet successful, so we don’t favour a leading role for the government in managing the Internet. That’s because we know, being a government, that they work slowly, whereas the Internet is changing constantly.”
Cautioning governments against taking a more aggressive role, he added, “The Internet developed despite the government, not because of the government. We need to ensure that we don’t place a dead hand on the future of the Internet which can hold back its future.”
The Minister also provided an insight into the British government’s approach in the ongoing multi-stakeholder approach to enhanced cooperation deliberations underway in Geneva, through a United Nations Commission for Science and Technology Development (UN-CSTD) Working Group, of which India and the U.K. are members along with nearly 20 other countries. He said, “We must be wary of an approach which seeks to extend formal government regulation onto a medium, on which people are very dependent, and which liberates them from the government and intermediates the bureaucracy.”
When asked about the divided views on Internet governance between countries such as Russia, China those in the Middle-East as compared to the US, Europe and other western countries, he said, acknowledging the difference that “We have to be careful that the real issues in cyber security are not used as a pretext for suppressing access to the Internet.”
Borrowing an earlier line from by Minister of Communications and IT. Kapil Sibal, Mr. Maude said “Internet is a massive force for good. With everything that is liberating, comes risk. And the risk must be dealt with a proportionate, measured way.”
Disclosing that the U.K. was now setting up a Computer Emergency Response Team (CERT-UK), Mr. Maude said, “We are now establishing a new CERT-UK to improve national coordination of cyber instances and to act as focal point for international sharing of critical information on cyber security. We are behind where India already is but we look forward to working closely with CERT-IN once our CERT is fully operational.”
CERT-IN is led by Gulshan Rai who has played a pivotal role in formulating the recently released Cyber Security Policy of India.
Emphasizing the importance of having a strong domestic law enforcement structure working in collaboration with the private sector, the Minister said that the British government, in the area of cybercrime, “had successfully, saved £18-27 billion a year. It’s a price that we or any other country cannot afford to continue to pay. India’s costs are lower than that today, but there should be no doubt, that they will increase as the economy continues to grow and is based increasingly on technology and innovations.”
Mr. Maude used the London Olympics to explain how the British government has successfully thwarted cyber-attacks and how, while the U.K. had learned lessons from the 2008 Beijing Olympics, and the 2010 New Delhi Commonwealth Games, — the cooperation is now being extended by London cyber security experts to the Brazilians, who are hosting the 2016 Olympics.
Arguing vehemently for an approach which allows all stakeholders to play their respective and equal roles in cyber security he emphasised, “We continue to support the multi-stakeholder model of Internet governance, proposed by the world summit. The approach must continue to be open, inclusive and interactive.”

APrIGF 2014 (Asia Pacific Regional Internet Governance Forum) to be held in India


APrIGF 2014 (Asia Pacific Regional Internet Governance Forum) will be held in India.
The 2013 APrIGF is going on in Seoul currently.
More details will be available later.
“I am glad to share good news from Korea, where APrIGF 2013 is in progress, that our India has been recognized to host APrIGF in 2014. No such event can have any legitimacy without India’s support in Asia Pacific. All are recognizing, frankly, we need to do the same and specially, in front of others. We have to further strengthen our cause with explicit support to our sovereign’s concerns on vulnerability of our Internet infrastructure,” said Rajesh Chharia, president, Internet Service Providers Association of India (ISPAI).
APrIGF 2014
Asia has the strongest growing demand for Internet addresses thanks to rapid growth of Internet. This is in contrast to North America and Europe.
Asia Pacific Regional Internet Governance Forum (APrIGF) serves as a platform for discussion, exchange and collaboration at a regional level, and also where possible to aggregate national IGF discussions, ultimately advance the Internet governance development in the Asia Pacific region.
APrIGF is designed to raise awareness and encourage participation from relevant stakeholders around the region on Internet governance issues, as well as to foster multi-lateral, multi-stakeholder discussion about issues pertinent to the Internet in Asia.
A Youth IGF also become an integral part of the APrIGF whereby they are held in parallel annually featuring a simulation of the multi-stakeholder discussion model among the young people on various Internet governance issues.
The Internet Governance Forum (IGF) annual events were previously held in Greece (2006), Brazil (2007), India (2008), and Egypt (2009), Lithuania (2010), Kenya (2011), Azerbaijan (2012). The IGF approach is an open forum for knowledge sharing between stakeholders across borders, which in turn inform local policy development.

IETF Chair's Statement On Security, Privacy And Widespread Internet Monitoring


Dan York
This weekend Jari Arkko, Chair of the Internet Engineering Task Force (IETF), and Stephen Farrell, IETF Security Area Director, published a joint statement on the IETF blog titled: "Security and Pervasive Monitoring”. They begin:
The Internet community and the IETF care deeply about how much we can trust commonly used Internet services and the protocols that these services use. So the reports about large-scale monitoring of Internet traffic and users disturbs us greatly. We knew of interception of targeted individuals and other monitoring activities, but the scale of recently reported monitoring is surprising. Such scale was not envisaged during the design of many Internet protocols, but we are considering the consequence of these kinds of attacks.
They go on to outline some of the IETF's general principles around security and privacy as well as some of the new developments. They also point out a vigorous (and still ongoing) discussion within the IETF around how to improve the security of the Internet in light of recent disclosures. They state:
As that discussion makes clear, IETF participants want to build secure and deployable systems for all Internet users. Indeed, addressing security and new vulnerabilities has been a topic in the IETF for as long as the organisation has existed. Technology alone is, however, not the only factor. Operational practices, laws, and other similar factors also matter. First of all, existing IETF security technologies, if used more widely, can definitely help. But technical issues outside the IETF's control, for example endpoint security, or the properties of specific products or implementations also affect the end result in major ways. So at the end of the day, no amount of communication security helps you if you do not trust the party you are communicating with or the devices you are using. Nonetheless, we're confident the IETF can and will do more to make our protocols work more securely and offer better privacy features that can be used by implementations of all kinds.
So with the understanding of limitations of technology-only solutions, the IETF is continuing its mission to improve security in the Internet. The recent revelations provide additional motivation for doing this, as well as highlighting the need to consider new threat models.
Jari and Stephen then provide several examples of ongoing work to improve Internet security and mention that the upcoming IETF 88 meeting in Vancouver in November will provide a dedicated time to address these issues. They also mention several open mailing lists to which anyone can subscribe, including the new "perpass" mailing list focusing specifically on this issue of privacy and pervasive monitoring.
I want to highlight one part of their post in particular (my emphasis added):
The security and privacy of the Internet in general is still a challenge even ignoring pervasive monitoring, and if there are improvements from the above, those will be generally useful for many reasons and for many years to come. Perhaps this year's discussions is a way to motivate the world to move from "by default insecure" communications to "by default secure". Publicity and motivation are important, too. There is plenty to do for all of us, from users enabling additional security tools to implementors ensuring that their products are secure.
Perhaps indeed we can move to communications "secure by default"! Please do read Jari and Stephen's post and please do consider how you can join in to helping improve the security of the Internet.

Friday, September 13, 2013

More than 85% of Top 500 Most Highly-Trafficked Websites Vulnerable


Elisa Cooper
Over the last 5 years, hacktivists have continued the practice of redirecting well-known domain names to politically motivated websites utilizing tactics such as SQL injection attacks and social engineering schemes to gain access to domain management accounts — and that, in and of itself, is not surprising.
But what IS surprising is the fact that less than 15% of the 500 most highly trafficked domains in the world are utilizing Registry Locking. Granted, Registry Locking is only available across 356 of the top 500 most highly trafficked domains, as not all Registries offer this service.
Registry Locking provides an additional level of security which virtually renders domains impervious to hacktivists, disgruntled employees and erroneous updates. Registry Locked domains are only editable when a unique security protocol is completed between the Registry and the Registrar.
Back in 2010 when I first reviewed the security settings for the top 300 most highly trafficked domains, less than 10% had implemented Registry Locking. So by now, I would have expected that the percentage Registry Locked domains would have increased significantly, but alas it has not.
I am still uncertain as to why the owners of such highly trafficked domains have not taken advantage of this additional layer of security. And as I stated back in 2010, I cannot imagine that the additional fees associated with employing this level of service are the deterrent.
I can only assume that the relatively low adoption rates are attributed to the fact that Registry Locking is still not widely available, and that most domain name owners are unaware of the existence of this service.

Internet ‘founding father’ Dr. Steve Crocker announced as 2013 auIGF Keynote Speaker


cid:image003.jpg@01CEAFB0.90865270

Internet ‘founding father’ Dr. Steve Crocker announced as 2013 auIGF Keynote Speaker
12 September 2013
The .au Domain Administration Ltd (auDA), organisers of The Australian Internet Governance Forum are pleased to announce Dr. Stephen D. Crocker as the auIGF’s keynote speaker for 2013.
Dr. Crocker is the Chair of Board of Directors of the Internet Corporation of Assigned Names and Numbers (ICANN) and is widely regarded as one of the Internet’s ‘founding fathers’.
Dr. Crocker has worked in the Internet community since its inception. As a University of California at Los Angeles (UCLA) graduate student in the 1960s, Dr. Crocker helped create the ARPANET protocols, laying the foundation for today’s Internet. Dr. Crocker was first area director for security for the Internet Engineering Task Force (IETF) and has also served on the Internet Architecture Board (IAB), the IETF Administrative Support Activity Oversight Committee (IAOC), and on the Board of the Internet Society.
For his vast body of work, Dr. Crocker was awarded the 2002 IEEE Internet Award and was inducted into the Internet Hall of Fame in 2012.
Dr. Crocker’s keynote speech will kick off two days of discussion on a wide range of Internet-related issues among business, government and community stakeholders on 16-17 October at the Park Hyatt Melbourne.
The auIGF
The Australian Internet Governance Forum (auIGF) is based on a global multi-stakeholder model established by the United Nations.
It is proudly presented and hosted by .au Domain Administration Ltd (auDA), with the support of partners including Google, the Internet Industry Association, Facebook, Macquarie University, Linux Australia, ACCAN and the Internet Society.
The event brings government, industry and community members together in an open, apolitical forum, to discuss Internet-related policy issues, exchange ideas and best practices, and help shape the future of the Internet in Australia.
The 2013 auIGF will be held in Melbourne on 16 & 17 October, as a pre-cursor to the global IGF in Bali on 21-25 October.
The first day will consist of a series of expert panels on the main themes of the auIGF:
        The role of the Internet in breaking down national, social and cultural borders – from the Arab Spring to Bradley Manning, Edward Snowden and the PRISM programme
        Applying traditional legal frameworks and the Internet: A recipe for failure? Law enforcement, privacy, censorship and  Intellectual Property considerations
        Children and the Internet – protections, rights, dangers and opportunities
         New generic Top Level Domains (gTLDs) – are they are consumer choice or consumer constraint?
Day two will consist of in-depth workshop discussions on topics including:
·         Digital Intellectual Property in Australia – The TPP, the ALRC’s copyright review and beyond
·         Does the Internet need a “Delete” button? Should Australia implement a Right to be Forgotten in its Privacy laws?
·         Children online: Digital citizenship vs Cybersafety
·         Accelerating the growth of the Australian tech startup ecosystem
·         Digital Equality: Narrowing the participation gap
·         Will DisabilityCare Australia be a game-changer in the provision of accessible online services?
For further information, visit http://www.igf.org.au. Students and media may attend free of charge. To register for media passes email media@auigf.org.au

Thursday, September 12, 2013

OIAC Report: Views on Economic Impacts of Open Internet, Mobile Ecosystems, Specialized Services


Leslie Daigle
Having been a member of the Committee for this past year, I'm pleased to share that the US Federal Communications Commission (FCC) "Open Internet Advisory Committee” has published its first annual report — available here.
Why download and read the report? Well, have you ever wondered about the future of the Internet, based on the economic impacts of usage based pricing and data caps? Questioned whether open Internet is applicable to the mobile application world? Tried to puzzle through the implications of delivering local video services over the same IP infrastructure as over the top Internet video services? Wanted to help a parent puzzle through the merits of different Internet access providers? If you answered yes to any of these or similar questions, you will be interested to read the Committee's reflections, captured in this report.
The report is weighty — 98pp if you kill trees to print it. The OIAC was established as part of the US FCC Open Internet activity and Open Internet Report and Order from 2010. The FCC appointed expert committee members from a broad range of commercial, academic, and not-for-profit organizations. Four focus areas were identified early in the year and working groups were set up to tackle specific topics, each contributing to the annual report:
  • Economic Impacts of Open Internet Frameworks
  • Mobile Ecosystem
  • Specialized Services
  • Transparency
On the whole, having been part of the sausage-making, I do have to recommend it as a useful piece in articulating many aspects of the issues that are being discussed the world over in terms of how regulators might think about handling access networks in the light of keeping the Internet open. Clearly, there are aspects of this that are capitalist-oriented, if not strictly US-centric. Nevertheless, there are no magic answers! This is a report *to* the US government, to inform its thinking on future possibilities. Other parts of the world have a very different approach to building out and ensuring high quality Internet access networks.
By Leslie Daigle, Chief Internet Technology Officer. More blog posts from Leslie Daigle can also be read here.

Wednesday, September 11, 2013

Facebook Announces Plan to Make Internet Access Available to All, Launches Internet.org


Facebook announces global partnership with Ericsson, MediaTek, Nokia, Opera, Qualcomm, Samsung as founding partners of Internet.org — an initiative to expand global internet access availability.Mark Zuckerberg, founder and CEO of Facebook, on Tuesday announced the launch of internet.org, a global partnership with the goal of making internet access available to the next 5 billion people.
From the announcement: "The founding members of internet.org — Facebook, Ericsson, MediaTek, Nokia, Opera, Qualcomm and Samsung — will develop joint projects, share knowledge, and mobilize industry and governments to bring the world online. These founding companies have a long history of working closely with mobile operators and expect them to play leading roles within the initiative, which over time will also include NGOs, academics and experts as well. Internet.org is influenced by the successful Open Compute Project, an industry-wide initiative that has lowered the costs of cloud computing by making hardware designs more efficient and innovative."
Related topics: Access ProvidersBroadband

Tuesday, September 10, 2013

New gTLDs Are Like Derivatives on Wall Street With No Value, Says Esther Dyson


In a story ran by the New York Times over the weekend, the viability of introducing hundreds of new top-level domains in the market has been criticized by individuals including Esther Dyson, a technology investor who served as the founding chairwoman of ICANN. Dyson likens ICANN's plan for the introduction of new gTLDs to creating derivative-like businesses on Wall Street that have no value. "You can charge people for it, but you are contributing nothing to the happiness of humanity."
Related topics: Domain NamesICANNTop-Level DomainsWeb

Monday, September 9, 2013

Global Internet Traffic Falls by Around 40% Due to a Google Outage


Worldwide internet traffic plunged by around 40% as Google services suffered a complete black-out, according to web analytics experts. The tech company said all of its services from Google Search to Gmail to YouTube to Google Drive went down for between one and five minutes on Friday. The reason for the outage is not yet known and Google has refused to provide further information reports Sky News Online.
Related topics: Access ProvidersWeb

Sunday, September 8, 2013

China Unveils Broadband Strategy, Aims to Provide Access to All Urban, Rural Areas By 2020


China aims to provide broadband access to all urban and rural areas by 2020, according to the State Council. It is the first time for the country to announce a specific timetable for the development of broadband as "a national strategy," according to the announcement. By 2015, half of the Chinese households are expected to use fixed broadband, 3G mobile coverage rate is expected to reach 32.5 percent, and fiber-to-home services will cover all urban areas.
Related topics: Access ProvidersBroadband

Saturday, September 7, 2013

ICANN, NTIA, Verisign and ANA Weighing In on 'Name Collisions' and the Readiness of New gTLD Program


Gregory S. Shatan of Reed Smith writes: "Last week, ICANN (the organization that oversees the domain name system of the Internet) was busy with nothing less than the security and stability of the Internet. At ICANN's recent meeting in Durban, those of us attending heard a drumbeat of studies, presentations and concerns regarding "name collisions": the conflicts that will arise when new gTLDs go live and conflict with existing top-level extensions in private networks… ICANN has now reacted to the studies and concerns over name collisions, and posted a "Proposal to Mitigate Name Collision Risks" The Proposal assumes that all new gTLDs can be divided in three parts, like Gaul: High Risk (just .home and .corp), Uncalculated Risk (approximately 280 gTLDs) and Low Risk (the remaining 1100 gTLDs). The flaw in this reasoning is that the division is based solely on the number of observed "empty queries" relating to each new gTLD."

Friday, September 6, 2013

ISOC: Global Internet Community Must Unite to Support Open Internet Access, Freedom, and Privacy


The Internet Society Board of Trustees during its meeting in Berlin, Germany today called on the global Internet community to stand together in support of open Internet access, freedom, and privacy. Recently exposed information about government Internet surveillance programs is a wake-up call for Internet users everywhere — the fundamental ideals of the Internet are under threat. The Internet Society Board of Trustees believes that government Internet surveillance programs create unacceptable risks for the future of a global, interoperable, and open Internet.
Related topics: Internet GovernancePrivacy

Thursday, September 5, 2013

Michael Kende Joins Internet Society As Its First Chief Economist


Michael Kende joins Internet Society as its first Chief EconomistAs the first Chief Economist of the Internet Society, Michael Kende has joined the organization to provide strategic insights into the economic dynamics of Internet issues, as well as current and emerging trends impacting the Internet. Based in Geneva, Switzerland, he will be responsible for leading economic research and analyses as well as key Internet development, policy, market, and technology issues.
Mr. Kende was previously a partner at Analysys Mason, a global consulting firm, where he led the Policy and Regulatory sector and was responsible for developing its Internet practice. During the past several years, Mr. Kende authored a number of papers for the Internet Society, including a study of the impact of IXPs in Kenya and Nigeria and improving Internet connectivity in Africa.