Policy & Regulation

Policy & Regulation / Recently Commented

Protecting Privacy Differently

My thesis is simple: the way we protect privacy today is broken and cannot be fixed without a radical change in direction. My full argument is long; I submitted it to the NTIA's request for comments on privacy. Here's a short summary. For almost 50 years, privacy protection has been based on the Fair Information Practice Principles (FIPPs). There are several provisions... more

Cyber Security Word Salad

Two months ago, the Trump White House published its National Cyber Strategy. It was followed a few days ago with the release of its draft NSTAC Cybersecurity "moonshot." The Strategy document was basically a highly nationalistic America-First exhortation that ironically bore a resemblance to China's more global two-year-old National Cybersecurity Strategy. more

Over the Top Services at the ITU PP-2018: Considering the Pittsburgh Massacre

This past Saturday, a self-professed neo-Nazi massacred eleven worshipers at synagogue services in Pittsburgh. The killer was reported to have lived on and was incented by an "Over the Top (OTT)" service purposely established to facilitate extremist activities known as Gab. Within hours, the cloud service providers hosting their services announced they would no longer provide hosting services. Presumably, the threat of both potential civil litigation liability among other penalties, as well as adverse publicity, provided the motivation. more

Law Enforcement Agencies Will Have Authority on Registries and Registrars

Accessing Whois information and acting on a litigious domain name is becoming a nightmare for law enforcement agencies. Law enforcement agencies must have an access to the information provided by registrants in the Whois database and, in specific cases, have authority to act FAST on a domain name. The EU has a solution for this and it's coming in 2020. more

Has Internet Governance Become Irrelevant?

When the Internet outgrew its academic and research roots and gained some prominence and momentum in the broader telecommunications environment it found itself to be in opposition to many of the established practices of the international telecommunications arrangements and even in opposition to the principles that lie behind these arrangements. more

The Road Less Traveled: Time Is Running Out for NTIA-Verisign Cooperative Agreement

It is remarkable  -  for all the wrong reasons  -  that only two months remain before the National Telecommunications and Information Administration (NTIA) must make a fateful decision on how it will address its' long-standing Cooperative Agreement with Verisign  -  the private-sector corporation that edits the authoritative address book of the Internet's Domain Name System (DNS), maintains two of the DNS root servers, and operates the .com and .net registries of the Internet, undoubtedly one of the most lucrative concessions ever granted. more

Enough With Blacklisting Online Pharmacies, Isn’t It Time to Consider White Lists?

Before I go back to the beginning, let me make clear that what follows are my personal observations vis-a-vis how National Association of Boards of Pharmacy (NABP) is managing the .Pharmacy Registry relative to personal experience as founder, President and CEO of Tralliance Corporation, the original manager of the .Travel Registry. My analysis may be a little long, but I promise that if you stay with me, you will be enlightened. more

M3AAWG and APWG Do the Best Survey Yet on WHOIS Redaction

M3AAWG, the Messaging, Malware, and Mobile, Anti-Abuse Working Group and APWG, the Anti-Phishing Working Group, surveyed their members about recent WHOIS changes. With over 300 results from security researchers, it's the broadest report yet on WHOIS use. The survey results confirm our concerns that WHOIS was a vital resource for security research, and its loss is a serious and ongoing problem. more

Addressing Infringement: Developments in Content Regulation in the US and the DNS

Over the course of the last decade, in response to significant pressure from the US government and other governments, service providers have assumed private obligations to regulate online content that have no basis in public law. For US tech companies, a robust regime of "voluntary agreements" to resolve content-related disputes has grown up on the margins of the Digital Millennium Copyright Act (DMCA) and the Communications Decency Act (CDA). more

KSK Rollover, Elliptical Curve Vulnerabilities, Surveillance and Privacy. Are We Building Trust?

ICANN just recently performed a Root Zone DNS Security Extensions (DNSSEC) Key Signing Key (KSK) Rollover. The recent KSK Rollover that took place on the 11th October 2018. The KSK Rollover has been successful and congratulations are in order. The Root Zone DNSSEC Key Signing Key "KSK" is the top most cryptographic key in the DNSSEC hierarchy. The KSK is a cryptographic public-private key pair. more

Traceability

At a recent workshop on cybersecurity at Ditchley House sponsored by the Ditchley Foundation in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated... That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses. more

Spare a Thought for Venezuela

Please spare a thought for Venezuela. This, the 33rd largest country in the world and with about 34 million people, the largest proven reserves of oil, the cheapest price of gasoline in the world, and was in 1950 richer than Germany, has fallen on times so hard in this once Latin America's richest country that 75% of the population lost an average of 11 Kg (24 pounds) in weight in one year because of food scarcity. And you might ask: "Why should I care?" more

New Zealand's Domain Name Commission Wins Injunction in a Lawsuit Against DomainTools

New Zealand's Domain Name Commission today won a motion for preliminary injunction in a US lawsuit against the company DomainTools. more

GDPR Didn't Affect Spam? Not So Fast

I have recently become aware of a blog post from Recorded Future that attempts to analyze the effects of the GDPR on online security. Unfortunately, it starts by asking an irrelevant question and then goes on to use irrelevant metrics to come to a meaningless answer. The premise of Recorded Future's article - that spammers would send more spam and register more domains because GDPR came into effect - tells us nothing useful about how GDPR affects anything. It's the wrong question... more

Trump's Outrageous ITU Elections Gambit

Every four years, the 168-year-old, Geneva-based treaty organization that provides the legal basis for worldwide network communications, radio spectrum management, and satellite placements holds a "plenipotentiary" conference among its 193 sovereign nation members. The next plenipotentiary begins on 29 October for three weeks. In addition to potentially altering treaty provisions and resolutions, and constituting its Council as an interim governing body, it elects 17 individuals to its five permanent bodies... more