Policy & Regulation

Blogs

The Operationalization of Norms and Principles on Cybersecurity

With two simultaneous processes getting underway in the UN General Assembly's First Committee, the UN Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG) on Cybersecurity, and several technology and multi-stakeholder initiatives pushing cybersecurity improvement, the world of cyber norms has become both more interesting and more complicated. more

DoH Creates More Problems Than It Solves

Unlike most new IETF standards, DNS over HTTPS has been a magnet for controversy since the DoH working group was chartered on 2017. The proposed standard was intended to improve the performance of address resolutions while also improving their privacy and integrity, but it's unclear that it accomplishes these goals. On the performance front, testing indicates DoH is faster than one of the alternatives, DNS over TLS (DoT). more

What Is the Purpose of ICANN's Comment Periods?

Almost every institution which purports to provide space for public accountability includes some sort of formalized process by which the public can have their say. And in almost every instance, they struggle with a tension between the desire to provide a commenting process which is meaningful and substantive (or, at least, which appears to be so), and a desire to adopt whatever course of action the institution thinks is best. more

What is a Security Mechanism?

Orin Kerr recently blogged about a 9th Circuit decision that held that scraping a public web site (probably) doesn't violate the Computer Fraud and Abuse Act (CFAA)... On its surface, it makes sense – you can't steal something that's public – but I think the simplicity of the rule is hiding some profound questions. One, I believe, can most easily be expressed as "what is the cost of the 'attack'"? That is, how much effort must someone expend to get the data? Does that matter? Should it? more

IGF Best Practice Forums, an Opportunity to Bring Your Experience to the Policy Debate

In the run-up to the 14th Internet Governance Forum in Berlin, Germany, 25 to 29 November, different groups are discussing best practices pertaining to specific internet governance policy questions. These groups are open and thrive on your input and experiences. Their findings will be presented at the IGF and published shortly after. The IGF Best Practice Forums intend to inform internet governance policy debates by drawing on the immense and diverse range of experience and expertise... more

The Utility Formerly Known As WHOIS

Muscle memory is a funny thing. We don't even think about it really, but when we do the same thing over and over again, it just becomes second nature to us. This is how we've come to use WHOIS over the past two decades to get contact information for registered domain names. If you wanted to see who owned a domain, you'd simply do a WHOIS search. I've probably done hundreds of thousands of them during my time in the industry. Well as of this week, a major step in the retirement of WHOIS officially took place. more

5G Real Security Threats Lost in Trump's Twitter Diplomacy

A new report on 5G and geopolitics by Oxford Information Labs details the complex landscape of 5G security. Importantly, it draws out how a variety of proven technical concerns around the quality of Huawei security practices and equipment are drowned out by the US' Twitter diplomacy. Critical international dialogue on genuine cybersecurity concerns relating to 5G and Huawei are being lost in the noise of the US-China trade war. more

Huawei's Very Red World

The map below shows countries working with Huawei 5G in red and pink. As can be seen, Huawei is doing very well in 5G, although it's not as dominant as the colors here suggest. Ericsson is actually close to Huawei in 5G revenue, aided by the ban in the US and Australia. Years ago, Huawei was the price leader in order to break into the European market. more

A New Cellular Carrier?

One of the most interesting aspects of the proposed merger of Sprint and T-Mobile is that the agreement now includes selling some of Sprint's spectrum to Dish Networks to enable them to become a 5G cellular provider. This arrangement is part of the compromise required by the Department of Justice to preserve industry competition when the major wireless carriers shrink from four to three. more

DoT and DoH Guidance: Provisioning Resolvers

As part of a larger effort to make the internet more private, the IETF defined two protocols to encrypt DNS queries between clients (stub resolvers) and resolvers: DNS over TLS in RFC 7858 (DoT) and DNS over HTTPS in RFC 8484 (DoH). As with all new internet protocols, DoT and DoH will continue to evolve as deployment experience is gained, and they're applied to more use cases. more

Call Spoofing: Congress Calls on FCC, Russia and China Answer

It is both amusing and dismaying. Last year, Congress passed Ray Baum's Act telling the FCC to do something about those pesky incoming foreign SPAM calls and texts with the fake callerIDs. The FCC a couple of weeks ago responded with a chest thumping Report and Order claiming it has "extraterritorial jurisdiction" that is does not have, and promising it will do something. Don't hold your breath on that one. more

Broadband and the Census: Why Decision to Go Online Is Probably Ten Years Premature

The US government is gearing up to begin the 2020 census which will be administered starting next April 20. For the first time, the census is going to rely heavily on people answering the census questions online. Live census takers will then follow-up with those that don't submit the online response. This seems like an odd decision since there are still many people who don't have home broadband. more

FCC's Ignorant Extraterritorial Jurisdiction Bravado

The Federal Communications Commission yesterday released a Report and Order in the matter of its implementation of Ray Baum's Act Section 503 and international call spoofing. The FCC mostly did the right things in the R&O except in one rather extraordinary assertion of legal ignorance and bravado. It asserted unilaterally that it could exercise "extraterritorial jurisdiction that Congress expressly provided in section 503 of the Ray Baum's Act," and it furthermore knew of no "treaty obligation [contravened],...nor other legal barrier...and...are aware of none." more

Cuba Claims New Regulations Expand Internet Access to Homes and Businesses, But Here's the Downside

New Cuban regulations regarding private WiFi networks went into effect yesterday, and the New York Times and others proclaimed that "Cuba expands Internet access to private homes and businesses." Yes, Cubans can legally import and install WiFi routers in their homes, small cafes, B&Bs, etc., but these regulations will make little difference in Internet access. more

Not So Private Thoughts at IETF 105

At IETF 105, held in Montreal at the end of July, the Technical Plenary part of the meeting had two speakers on the topic of privacy in today's Internet, Associate Professor Arvind Narayanan of Princeton University and Professor Stephen Bellovin of Colombia University. They were both quite disturbing talks in their distinct ways, and I'd like to share my impressions of these two presentations and then consider what privacy means for me in today's Internet. more

News Briefs

51 CEOs Call on US Congress for Urgent Nationwide Data Privacy Law Overriding State-Level Laws

Hong Kong ISPs Oppose Government Plans for Internet Restrictions Without Industry Consultation

Australia to Block Domain Names That Host Extremist Content During Attacks

Huawei Founder in a Staff Memo Warns Company Is Facing a 'Live-or-Die Moment'

URS Is a Bad Fit for .ORG, Says EFF

8chan Website Pushed Offline Over Ties to the Mass Shooting in El Paso

Namecheap Files 'Request for Reconsideration' Against ICANN's Removal of .ORG Price Caps Decision

New Zealand’s Domain Name Commission Wins Appeal in Lawsuit Against US DomainTools

EU Court of Justice Ruling Could Result in Cutting Off Data Flows to US

The .Org Price Caps Removed Under New Agreement With ICANN

Google Reported to Be Pushing Trump Administration for Exemption on Huawei Ban, Citing Security Risk

Critics Say FCC's New Report Declaring US Broadband Healthier Than Ever is Based on Flawed Data

Microsoft Sees Serious Appetite for Revised Privacy Laws in US, Says It's Time to Match EU's GDPR

NGOs, Academics Warn Against EU’s Deep Packet Inspection Problem, at Least 186 ISPs Breaking Rules

National Telecommunications and Information Administration (NTIA) Chief David Redl Resigns

US Federal Trade Commission Says It Lacks Resources to Go After Privacy Violations Effectively

Representatives From EU, NATO, USA, Japan, Australia Hold Meeting on 5G Security and Policy Measures

No GDPR Action Against Any Big Tech Firms Since Law Imposed Last Year, Doubts Escalate Over Enforcer

UK Government Planning on New Laws for IoT Devices Including a Mandatory Security Labelling Scheme

Canada Says Facebook Has Refused to Address Serious Privacy Deficiencies Concerning Its Local Laws

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection