IEEE Global Internet Policy Monitor

Article Index

 


12 May 2016

The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access the full reports containing additional details and other news items, please join the Internet Technology Policy Community on IEEE Collabratec.

All round, a somewhat quieter week across the ICT world than the last one. However, as ever, there were a range of stories of interest for IEEE which are explored further below and throughout the monitor.

In Europe, the Privacy Shield agreement between the EU and the US came under further scrutiny this week, with an alliance of data centre providers in Holland coming out against the current draft of the agreement. The Dutch Datacenter Association issued a statement Monday saying Privacy Shield currently offers none of the improvements necessary to better safeguard the privacy of European citizens. The list of nearly 30 association participants includes Equinix and Digital Realty, two of the worlds largest data center providers, as well as European data center sector heavyweights Colt , based in London, and Interxion, a Dutch company headquartered just outside of Amsterdam.

Net neutrality issues also received some coverage with the Chief of Europes digital rights lobby group, Joe McNamee, declaring that the next few months will be a critical time for net neutrality in the EU. He stated that it would be crucial to engage with people across the EU regarding the issue over the course of the next few months. Draft net neutrality guidelines are due to be presented by the European Commission on June 6, followed by a consultation for 20 working days on those proposed rules.

On a cyber-security note, it was reported this week by Reuters that hundreds of millions of hacked user names and passwords for email accounts and other websites are being traded in Russia's criminal underworld. The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru (MAILRq.L), Russia's most popular email service, and smaller fractions of Google (GOOGL.O), Yahoo (YHOO.O) and Microsoft (MSFT.O) email users. It is reported to be one of the largest stashes of stolen details to be uncovered since huge scale cyber-attacks hit major U.S. banks and retailers two years ago.

Also of interest, it was revealed that the European Unions General Data Protection Regulation (GDPR) will come into effect as of the 25th of May 2018 now that the new rules have been published. The European Parliaments publication of the regulation in the Official Journal of the European Union means it will become law on 25 May 2016, giving organisations 24 months to become compliant. The GDPR has been established in order to introduce new accountability obligations as well as stronger rights and restrictions on international data flows.

In the US this week developments were predominantly centred around the issues of cyber-security and cyber-privacy. However, net neutrality did receive a degree of coverage following the publication of a study by a leading civil rights non-profit group which aimed to explain the benefits of zero-rating for poor and minority consumers. The Multicultural Media,Telecom and Internet Council (MMTC), an advocacy organization for poor and minority consumers in communications policy, outlined in a Monday report how zero-rating can influence more consumers in those groups to get online, increasing their access to the digital economy and life-improving services in health and education.

As mentioned, cyber-security headlines somewhat dominated the agenda in the US ICT world this week, and the news of particular note included the announcement that The Defense Advanced Research Projects Agency (DARPA) is looking for research proposals to develop a system that would enable the government and law enforcement to identify the actual individual behind a cyber-attack. The Enhanced Attribution Program proposal is looking to create the technology that would allow not only the collection of data that could pinpoint the perpetrator, but do so in a way that would not put at risk the sources and methods used to find the person or group.

Also of interest on this theme, The Federal Communications Commission and Federal Trade Commission have asked mobile phone carriers and manufacturers to explain how they release security updates amid mounting concerns over security vulnerabilities, the U.S. agencies said on Monday. The agencies have written to Apple Inc, AT&T Inc and Alphabet Inc, among others, in order "to better understand, and ultimately to improve, the security of mobile devices," the FCC said.

Top on the cyber-privacy agenda was news that a group of nearly 50 organizations and businesses urged leaders in the House and Senate to take swift action on the Open, Permanent, Electronic, and Necessary (OPEN) Government Data Act (H.R. 5051 / S. 2582) introduced last week. The group wrote that the Open Government Data Act would not only institutionalize the federal government's commitment to open data and keep the U.S. a world leader, it would also ensure that the value of what would be a public resource would continue to grow as the government unlocks and creates new data sets.

A particularly slow week in the world of Asian ICT this time around, but news of interest included the revelation that China has opted to hold back implementation of new regulations passed by the State last month on goods imported from overseas markets using e-commerce platforms. The government has revealed that is now plans to make adjustments to the rules before they are brought in.

On a cyber-security note, it was also reported this week that Taiwan is currently facing an avalanche of cyber-attacks from China. The Taiwanese National Information and Communication Security Center has claimed that the government has the situation under control, however, with millions of attacks registered each year, the scale is one of the largest in the world and reaching a quasi-war.

Somewhat brighter news was the announcement that Lenovo Group Ltd, the world's largest personal computer maker, plans to invest $500 million in a technology start-up fund in Beijing. The fund Lenovo Capital, which will be funded and managed by Lenovo Group, is looking to invest in sectors including artificial intelligence, robot and cloud computing, said the company's senior vice president He Zhiqiang at an event in Beijing.

From a global institutions perspective, the only real news of note this week was the announcement that ICANN and the Regional Technical Commission of Telecommunications (COMTELCA) signed a Memorandum of Understanding (MoU) in which they agreed to explore opportunities to collaborate on topics of common interest.


4 May 2016

The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access the full reports containing additional details and other news items, please join the Internet Technology Policy Community on IEEE Collabratec.
A busy week of developments from across the ICT world this time around, including a range of coverage which will be of interest to IEEE. This coverage is analysed below in the synopsis and subsequently laid out in full throughout the various sections of the monitor.

In Europe this week, it was revealed this week that Liberal and socialist factions of MEPs in the European Parliament have been attempting since March to set up a plenary vote on the controversial Privacy Shield data transfer agreement to the United States. With member states final verdict on the Privacy Shield scheduled for next month, MEPs are running out of time to vote before the deal is finalised.

The Privacy Shield is set to replace the now infamous Safe Harbour agreement, which was ruled invalid by the European Court of Justice last October on grounds that it didnt protect EU citizens data once they are transferred to the US.

Moving away from Internet governance issues and on to the topic of net neutrality, this week witnessed reduced roaming charges and net neutrality regulations come into force within the European Union. As of April 30th, EU telecoms providers must now cut surcharges for 'roaming' phone calls and data use in EU countries from in preparation for the complete abolition of roaming charges in June 2017. Until June 2017, telecoms providers will be allowed to charge up to five cents per minute on top of domestic prices, and up to two cents per text message, the European Parliament said. As of April 30th, the first EU-wide net neutrality regulations have also come into force, with the rules aimed at ensuring open access to internet content without discrimination, the Parliament said.

Continuing on the theme of net neutrality, Swedish media this week reacted angrily to a zero-rating campaign by Telia and Facebook that allows internet users to surf social media sites without it impacting on any allowance. Representatives of 27 newspapers, TV and radio stations have signed the statement that has appeared in the Swedish press. The Swedish telecommunications regulator PTS has also launched an investigation.

Cyber-Security developments also featured heavily in the European coverage this week. Of particular note was the announcement by Jakub Boratyski, head of the security unit at the European Commissions technology arm DG CONNECT, that the new cybersecurity rules agreed in December are a lot weaker than the EU executive wanted. He claimed that EU countries diluted new rules regulating information-sharing on cybersecurity breaches, which made it impossible to monitor hackers assaults on member states critical infrastructure. As a result of this, Boratyski has called for more co-operation into the future between EU member states regarding cyber-security.

Also of note from the European continent this week, the European Commission has called on European governments to ratify a new privacy framework that would apply to personal data transferred from the EU to US law enforcement agencies.

The Commission, after years of negotiations, reached a provisional agreement with US officials on an EU-US data protection 'umbrella agreement' last autumn. It has now recommended that the Council of Ministers, which is made up of representatives from the national governments of the 28 countries that make up the EU, sign the deal.

In the US, it was reported this week that US courts are eroding support for the recently agreed Privacy Shield proposal reached between the US and the EU. The Privacy Shield agreement is now facing a range of legal challenges in the US following recent decisions by the U.S. Foreign Surveillance Intelligence Court (FSIC) and the Supreme Court. A committee of the U.S. Supreme Court made changes last week to Rule 41 of the Federal Rules of Criminal Procedure, allowing judges to issue warrants outside his or her district. The change would grant expansive powers to law enforcement agencies to hack and access information on computers if device location information has been concealed through technological means. From a cyber-security perspective, the US and South Korea have announced this week an agreement to help one another develop technology to combat cyber-threats. The agreement, although not legally binding, states that the two countries will seek to make best use of their respective best practices, eliminate unnecessary duplication of work, and obtain the most efficient and cost effective results through cooperative partnerships.

Also of interest, the cyber skills agenda, with the White House announcing that it will hold a series of meetings over the summer and come out with a report this year highlighting the benefits and regulatory implications of the evolving technology of artificial intelligence, according to deputy chief Technology Officer Ed Felton. There are tremendous opportunities and an array of considerations across the Federal Government in privacy, security, regulation, law, and research and development to be taken into account when effectively integrating this technology into both government and private-sector activities, Felton said in a blog post.

Cyber-privacy issues also received considerable coverage in the US this week, with the stories of note including the unanimous passing of an email privacy bill through the U.S. House of Representative. The bill requires law enforcement authorities to get a search warrant before asking technology companies to hand over old emails. Looking forwards, the bill's prospects in the Senate remain unclear, though the 419-0 vote in the House was likely to put pressure on the upper chamber to approve it.

On this theme, the US Supreme Court also approved a rule change this week that will enable U.S. judges to issue search warrants for access to computers located in any jurisdiction, this despite opposition from civil liberties groups who say it will greatly expand the FBI's hacking authority. U.S. Chief Justice John Roberts transmitted the rules to Congress, which will have until Dec. 1 to reject or modify the changes to the federal rules of criminal procedure. If Congress does not act, the rules will take effect automatically.

A relatively subdued week in the Asian ICT world this week. However, news of interest included the revelation that China is said to be considering taking board seats and stakes of at least 1 percent in operators of some Internet portals and mobile apps in exchange for granting news licenses, according to people familiar with the plan. The government would reportedly issue the licenses in exchange for stock and a board seat. Government representatives could therefore monitor and block content distributed by Internet providers, although they wouldnt be involved in other day-to-day business decisions. The move, if carried through, could potentially impact operators of major Internet portals such as Tencent Holdings Ltd. and NetEase Inc. along with mobile apps that provide current affairs and news on a daily basis.

On a cyber-security note, Singapore Telecommunications (Singtel) this week officially opened a new facility to help enterprises enhance cyber-security skills and test their networks in dealing with cyber-threats. The training modules offered at the Singtel Cyber-security Institute (CSI) will cater to a range of executives and skills such as c-suite managers and operational pros. Boards and C-suite level participants will be trained in cyber-threat awareness, risk management, business continuity planning and crisis communications preparedness. Furthermore, operations and technology teams will be trained in defence and response capabilities to strengthen their skills.

Continuing on this topic, it was reported this week that Indian enterprises are increasingly being targeted by cyber-attacks as online business proliferates in the country. The attacks have been especially targeted towards small and medium sized businesses as most of them are not currently well protected. According to a recent report by security software firm Symantec, there has been a steady rise in attacks targeting businesses with less than 250 employees, in the past five years.

The rest of the ICT world moved forwards at a pace this week, with a range of developments of interest. Of particular note, the news that more than seven in ten global brands were hit by distributed denial of service (DDoS) attacks in 2015 and the announcement that a Brazilian judge this week ordered wireless phone carriers to block access to Facebook Inc's (FB.O) WhatsApp for 72 hours throughout the nation on Monday, the second such move against the popular messaging application in five months.

From a global institutions perspective, ENISA this week launched the technical phase of Cyber Europe 2016 under the Cyber Exercise Platform. The platform will allow participating cybersecurity professionals from all over Europe to test and improve their technical skills on various challenging cases, inspired by real-life incidents, on topics such as mobile malware analysis, system forensics, steganography or network forensics.

Finally, it was revealed this week that 15 individuals from various Universities in Europe have been selected to participate with ICANNCommunity Members at the ICANN56 Policy Forum in Helsinki Finland, 27-30 June 2016. These individuals are engaged in studies that encompass policy, business, technical, security, law, and communications.

Five additional selectees who attended a previous ICANN Meeting as NextGenners will now serve as Ambassadors for these newcomers to ICANN.


27 April 2016

The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access the full reports containing additional details and other news items, please join the Internet Technology Policy Community on IEEE Collabratec.

A somewhat subdued week of announcements from across the ICT world this week. However, a range of stories which may be of interest to IEEE emerged, these are detailed further below.

In Europe, the UK information commissioner Christopher Graham this week criticised the reluctance of the US to make changes to the Privacy Shield data transfer pact agreed in February 2016 with the European Commission. The Article 29 Working Party (A29WP) of European data protection authorities, including Graham, recently called for more work on Privacy Shield instead of approving the proposed pact to replace the now-defunct Safe Harbour agreement to ensure privacy protections for trans-Atlantic data transfers, the group called on the US and European Commission (EC) to revise and clarify several points.

Further news from the European continent included the announcement that EU countries are likely to be given two and half years longer than currently planned to make spectrum in the 700 MHz frequency band exclusively available for mobile services, according to plans under consideration by MEPs. The deadline for allocating the 694-790 MHz frequency band for use for "wireless broadband electronic communications services" should be extended to the end of 2022 instead of 30 June 2020 as was originally suggested, Italian MEP Stefano Maullu has proposed.

Also of note was the claim made by International Association of Privacy Professionals (IAPP) that Europe will need an estimated 28,000 privacy specialists under the newly-minted EU data protection regulation. According to the industry group, specialists in the area are set to cash in as a result of the EU rules. The European Parliament approved the new privacy rules only last week after gruelling four-year negotiations. While the regulation sharpens safeguards on consumers personal data, lawyers and privacy experts are set to benefit from the rules once they go into effect in 2018.

In the US this week it was revealed by the US undersecretary of commerce for international trade, Stefan Selig, that the US government will review the non-binding opinion on the Privacy Shield issued by a body of EU data protection authorities last week. However, notably he suggested the US government would be wary of opening negotiations on altering the agreement to address the concerns raised in the opinion. "[The US government is] very cautious about not upsetting what was a delicate balance that was achieved when we negotiated the original text, so would be chary about doing anything that would do just that", Selig said, according to Reuters.

From a cyber-security perspective, it was reported this week that The United States has opened a new line of combat against the Islamic State, directing the militarys six-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons. The effort reflects President Obama's desire to bring American cyber weapons that have been aimed elsewhere, notably at Iran, into the fight against the Islamic State which has proved effective in using modern communications and encryption to recruit and carry out operations.

Also of interest, the news that top executives at dozens of technology companies in the US this week signed a letter encouraging Congress to provide more funds to help teach students computer science. The letter comes along with $48 million in private donations announced Tuesday to help the cause from companies like Google, Microsoft, AT&T and tech leaders such as Facebook CEO Mark Zuckerberg and Amazon CEO Jeff Bezos. We ask you to provide funding for every student in every school to have an opportunity to learn computer science, states the letter, sent to every member of Congress.

On a cyber privacy note, it was reported this week that the US working group on encryption will be aiming to provide its legislative recommendations to the House of Representatives in early January 2017. The working group, led by the House leaders of the Judiciary and the Energy and Commerce committees, this week announced a road map for their effort. The group will work diligently over the next several months to examine potential solutions to the challenges law enforcement officials face as encryption becomes more widespread.

A very quiet week in the world of Asian ICT, however news of note included the revelation that South Korea has now taken the top spot as the largest origin point for DDoS attacks in 2016. Imperva documented DDoS attacks coming out of South Korea at a rate nearly triple that of Russia, which came in second. The report documented that South Korea attained a proportion of global DDoS responsibility greater than the next three countries combined.

Also of interest, Telco Singtel this week launched its Cyber Security Institute in Singapore, a hybrid centre between an advanced cyber range and an educational institute. It is the first-of-its-kind in the region to test and train companies in dealing with sophisticated cyber threats, the institute provides cyber skills development and education programmes tailored to the varying needs of company boards, C-suite management, technology and operational staff.

News of note from elsewhere in the ICT world included the undertaking of the World's largest international cyber-defence exercise in Tallinn. 26 nations and more than 550 leading computer security professionals engaged in Locked Shields 2016, described as the biggest and most advanced international live-fire cyber-defence exercise in the world.

On the same theme of cyber-security, technology research firm Gartner this week reported that more than 25% of cyber-attacks will involve the internet of things (IoT) by 2020.

News emerging from Global Institutions this week included the announcement that a public comment period has begun based on the new ICANN Bylaws published to reflect the recommendations contained in the proposals by the IANA Stewardship Transition Coordination Group (ICG) and Cross Community Working Group on Enhancing ICANN Accountability (CCWG-Accountability) as provided to the ICANN Board on 10 March 2016 and transmitted to NTIA.


20 April 2016

The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access the full reports containing additional details and other news items, please join the Internet Technology Policy Community on IEEE Collabratec.

A sparser week of developments this time around compared to recent times. However, still a range of news of note to IEEE from across the breadth of the ICT world.

In Europe, the news of note this week centred on the roll out of the European Unions plans to bridge the blocs national initiatives to digitize industry and encourage investment, in a bid to encourage European manufacturers to remain at the technological forefront. The European Commission, the blocs executive arm, said this week that it would set up a new governance framework that would hold regular meetings between national governments and industry to coordinate the EUs 30 national and regional digitization initiatives, which include Germanys Industry 4.0 and the Netherlands Smart Industry. The EU also pledged to boost both private and public investment in the area via strategic partnerships.

Also of interest, the mixed response across Europe to the call by the Article 29 Working Party of European privacy regulators for more work on the EU-US Privacy Shield pact. Instead of approving the proposed pact to replace the now-defunct Safe Harbour agreement to ensure privacy protections for trans-Atlantic data transfers, the group called on the US and European Commission (EC) to revise and clarify several points. It is anticipated that as a result of the stance taken by the Article 29 Working Party, legal challenges to the framework may be forthcoming in the near future. 

From a cyber-privacy perspective, the news of note included the announcement this week that MEPs have approved new EU privacy rules, including a regulation on consumer privacy that attracted the aggressive ire of lobbyists during its four-year run through negotiations in the European Parliament. The new data protection regulation drew a total of 3,999 amendments from MEPs, topping all other pieces of legislation in the Parliaments history, a spokesperson confirmed.

On the same topic, it was reported this week that EU laws on privacy and electronic communications (e-Privacy) could apply to new communications services like WhatsApp and Skype in future, under plans being considered by the European Commission. The European Commission has opened a review of the EU's e-Privacy Directive (ePD) with a public consultation in which it has asked businesses and other stakeholders for their views on possible reforms.

In the US net neutrality received a degree of coverage this week with the House of Representatives passing a bill to ban the Federal Communications Commission from setting or reviewing the rates that companies charge for Internet service. The largely party-line vote is a win for Republicans, who have pushed for the past year to nibble away at the FCCs internet regulations, which are currently being challenged in federal court. 

Cyber-Security issues somewhat dominated the headlines however, of particular interest being the news that U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday. The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering.

Also of interest from a cyber-security perspective, it was revealed that senior Russian and U.S. cybersecurity officials will meet this week in Geneva to renew efforts to prevent a cyber war between the two nations. Officials from the White House, the State Department and FBI will attend the meetings, which will focus on a review of several cybersecurity confidence-building agreements signed in 2013 by the two governments. 

In other developments from the US,  Apple Inc (AAPL.O) and the FBI are scheduled to return to Congress next week to testify before lawmakers about their heated disagreement over law enforcement access to encrypted devices, a congressional committee announced this week. This marks the latest event in the long running encryption saga which has dominated ICT headlines in the US in recent weeks and months.

A particularly quiet week this time around in the Asian ICT world. There were however certain developments of interest, including the revelation that The Telecom Regulatory Authority of India's (Trai) order to maintain price equality on content faces the danger of being breached as some telecom companies are understood to be working on a "bypass solution" through virtual private networks or intranet. The recent TRAI ruling on net neutrality has received considerable scrutiny in recent weeks, and this looks to be a topic which may continue to generate debate and discussion moving forwards.

There were also a range of developments relating to cyber-security in Asia which may be of interest, including Pakistans National Assembly approving the controversial Prevention of Electronic Crimes Bill (PECB). The legislation, which has been criticized by human rights groups, legal watchdogs and industry experts, must still be approved by the Senate before it is signed into law. While ostensibly created to control cybercrimes including cyber terrorism, fraud, and identity theft, the PECB would criminalize activities such as sending text messages without the receivers consent, or criticizing the government, religion, country, or armed forces on social media.

On a cyber-security / cyber skills theme, it was announced this week by the Indian digital giant Nasscom that increasing incidents of cyber-attacks and data protection efforts globally are expected to create employment opportunities for about a million professionals in India by 2025. Efforts towards improving cyber security will also create a $25 billion (nearly Rs 1.66 lakh crore) revenue opportunity in India by 2025, the IT industry body said.

A wide range of developments of interest from across the rest of the ICT world this week, including the news that Iraq's Kurdish population have declared independence in cyberspace with a new domain name, .krd. Also of interest was Facebooks unveiling of two new initiatives to improve Internet services for rural populations in developing countries, including India. Announced at its two-day annual F8 conference in San Francisco, US, this week, the Antenna Radio Integration for Efficiency in Spectrum (ARIES) system will boost speed, efficiency and quality of Internet connectivity in remote areas in the developing countries, a Forbes report said.

From a Global Institutions perspective, this week was a relatively subdued one. However, news of note included ICANN announcement of the successful evaluation of four additional proposed IDN ccTLD strings for India. Details of the successful evaluation are accessible via the link below:

http://www.icann.org/en/resources/idn/fast-track/string-evaluation-completion


13 April 2016

The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access the full reports containing additional details and other news items, please join the Internet Technology Policy Community on IEEE Collabratec.

Another busy week of developments from across the ICT world, with issues of interest to IEEE cropping up in various forms. These are explored in further detail below.

In Europe, the news of interest included the story that a panel of EU privacy watchdogs has demanded changes to a pact meant to govern cross-Atlantic data transfers. The Article 29 Data Protection Working Party have urged the US and European Commission to revise and clarify several points in the proposed Privacy Shield agreement in order to safeguard EU citizens' personal information. "We believe that we don't have enough security [or] guarantees in the status of the ombudsperson and in their effective powers to be sure that this is really an independent authority," said Isabelle Falque-Pierrotin, the chairwoman of the group. The group's recommendations are not binding on the EU or US, but should prove influential as the watchdogs can suspend data transfers they are concerned about.

The Privacy Shield is a framework that has been proposed to facilitate the transfer of personal data between the EU and US. EU and US officials hope the Privacy Shield can replace the safe harbor agreement which was invalidated by the EU's highest court in October last year.

From a cyber-security angle, developments of note included the announcement that Turkey has this week launched an inquiry in order to investigate the means by which cyber hackers posted online the data of some 50 million Turkish citizens. The data breach is believed to be the largest in the country’s history and whilst no group has yet assumed responsibility for the action, comments posted online suggest Turkey may have been a target, and victim in this instance, of political hackers.

Also on this theme, it was reported this week that the Russian Government has begun working with Russia's Central Bank to develop a package of measures aimed at fighting Buhtrap, the recently discovered hacker group, which, to date, has stolen around RUB 4 billion (£42 million) from Russian and Western banks, and is reportedly planning further attacks on the EU banking system.

Digital skills also received a degree of coverage this time around, with the announcement that a new European standard for ICT professionals has been launched. The Council of European Professional Informatics Societies (CEPIS) said its introduction would help solve the lack of e-skills across Europe. The European e-Competence Framework (e-CF), which describes the competences and skills requirements of ICT professionals, has become a European standard following its official publication by the European Committee for Standardization (CEN) this week. CEPIS secretary general Fiona Fanning said: Organisations must be able to understand the core areas of ICT expertise required by different roles, in order to recruit and develop suitable employees and maintain adequate levels of competences.

Finally from Europe, new data protection laws are expected to be finalised next week following the new General Data Protection Regulation and a new Data Protection Directive for police and criminal justice authorities being endorsed by national governments within the EU in a vote held by the Council of Ministers in the week passed.

In the US, internet governance issues reared up with the Federal Communications Commission Chairman Tom Wheeler announcing plans to bring more competition to a little-known but important market for broadband Internet services. The field is known as special access and concerns the dedicated, high-capacity broadband connections used by certain businesses. These connections may be used for things such as ATM machines or in order to connect cellphone towers to wireless networks. Critics have often raised concerns that the market is overly dominated by incumbent firms such as AT&T and Verizon. Also of interest, Microsoft this week became the first major U.S. tech company to say it would transfer users' information to the United States using a new transatlantic commercial data pact, the Privacy Shield, and would resolve any disputes with European privacy watchdogs. Data transfers to the United States have been conducted in a legal limbo since October last year when the European Union's top court struck down the Safe Harbour framework that allowed firms to easily move personal data across the Atlantic in compliance with strict EU data transferral rules. As mentioned previously, the new Privacy Shield agreement designed to replace the Safe harbor framework continues to attract scrutiny as the EU and US attempt to move towards the ratification of an agreement.

On a net neutrality note, legislation to prevent the Federal Communications Commission from using its net neutrality rules to regulate the rates that companies charge customers for Internet service appears to be heading towards a vote in the House next week. The bill passed out of the Energy and Commerce Committee last month on a party-line vote over objections from Democrats, who said it would end up cutting off broad portions of the FCC's regulatory authority. An amendment to the bill reportedly addressed some but not all of their concerns.

There were a range of stories relating to cyber-security, which emerged from the US in the past week. Of particular interest was the news that the US Democratic Senator Edward Markey of Massachusetts has introduced legislation calling for airlines and aircraft manufacturers to disclose cyber security incidents to federal authorities, saying the aviation system lacks sufficient standards and oversight. The proposed measure would also require the Federal Aviation Administration and other federal agencies to identify cyber vulnerabilities within the aviation system and establish standards for addressing them.

Cyber-Privacy issues also received a good degree of coverage this week in the US. Of particular note, the National Security Agencys (NSA) data sharing plans came under fire from civil liberties and government transparency groups as they rallied to oppose a new plan which would allow the NSA to share more of the information that it collects about peoples communications and activity on the Internet with other federal agencies. On this theme, the US administration this week was surrounded by speculation as commentators and the media made a great deal out of the Governments refusal to offer public support for the draft legislation.

A relatively quiet week in the pan-Asian ICT sector, however news of interest included the US labeling China' s internet censorship restrictions a trade barrier for the first time since 2013, claiming that online restrictions are damaging the business of U.S. companies. Since Xi Jinping became China's president in 2013, the U.S. had not listed China's so-called Great Firewall as a trade impediment despite widespread outcry that the online blocks limit access to crucial information, email and search services such as those found on Google's platform.

Also of note, it was reported this week that details of up to 55 million voters in the Philippines have been exposed putting much of the country at risk of identity theft. The entire database of the Philippines' Commission on Elections (COMELEC) was breached according to the Philippine government. Although the commission downplayed the leak, an investigation by Trend Micro discovered a huge number of sensitive personally identifiable information (PII) including passport information and fingerprint data were included in the data dump.

From elsewhere in the ICT world, the Panama Papers leak exposed the need for organisations across the globe to take the security of their systems far more seriously according to the Hong Kong-based technology law expert Paul Haswell of Pinsent Masons. Millions of documents reportedly detailing the use of offshore tax structures in Panama by some prominent public figures were obtained by the media, and have received widespread attention since.

Another revelation of interest, research firm Gartner Inc. has suggested that worldwide spending on information technology could become one of the casualties of global economic uncertainty this year, with spending in the sector expected to fall slightly this year, down to $3.49 trillion.

News of interest emerging from Global Institutions this week included the launching of a report by the Atlantic Council which summarised the work of a Task Force it set up last year to advance a transatlantic digital agenda. The report includes 20 steps toward 2020 to create a transatlantic digital single market stretching from Silicon Valley in the west to Tallinn in the east.

Finally, as planned, ICANN and Verisign this week set out on their 90-day parallel testing period to verify the continued integrity of the data contained in the root zone file produced via the Root Zone Management System (RZMS) following the successful completion of the IANA Stewardship Transition. This is reportedly a key step in ensuring the continued security and stability of the Internets root zone.


30 March 2016

The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access the full reports containing additional details and other news items, please join the Internet Technology Policy Community on IEEE Collabratec.

A somewhat quiet week in the ICT world this time around with the Easter holidays slowing down the pace of developments a little. However, there were still multiple news stories and announcements of note for IEEE which emerged, as explored below.

In Europe, cyber-security stole the headlines this week with the news that the EU cybersecurity agency ENISA has won support from MEPs in a drawn-out battle with the Greek government over its costly division between two offices in Athens and Crete. The European Union Agency for Network and Information Security (ENISA) has been pushing to close its headquarters in Heraklion, Cretes largest city, and move all of the agency’s staff into its Athens office.

ENISA also featured in the news this week for speaking out against creating backdoors for law enforcement agencies to access encrypted communication. Summarising their position, ENISA director Udo Helmbrecht argued that technology companies should not be forced to create security loopholes for authorities.

Other news of note from Europe this week included Frances fining of Google for not scrubbing web search results widely enough in response to a European privacy ruling. The French data protection authority has levied a charge of 100,000 euros on the corporation and stated that the only way Google can uphold the Europeans' right to privacy is to delist inaccurate results popping up under name searches across all its websites.

In the US, a range of developments of interest from the past week. On an internet governance theme, it was revealed this week that a union of industry lobbyists and consumer groups have warned the Federal Communications Commission (FCC) in relation to their Internet Subsidy Plan. The plan, as explored in previous monitors, has come under scrutiny from critics who suggest that if the overhaul goes through as planned, many poor Americans who receive free phone service through the program will drop out.

On the issue of net neutrality, it was suggested this week by a collection of more than 50 advocacy groups that Internet service providers (ISPs) are picking "winners and losers" in violation of U.S. Net neutrality rules. The accusation is that ISPs are selectively exempting Web traffic from their monthly data caps, and the advocacy groups involved have called on the FCC to stop ISPs from this practice, known as offering zero-rating plans, and enforce its year-old Net neutrality rules.

Of interest from a cyber-security perspective, senior U.S. and German officials met this week and agreed to deepen their collaboration on a range of cyber issues, including working to promote norms for responsible state behavior in cyberspace and expanding training in developing countries. The two governments underscored their shared strategic goals in a joint statement issued after a two-day annual bilateral meeting on cyber issues. On the same theme, the FBI this week has asked businesses and software security experts for emergency assistance in its investigation into a pernicious new type of "ransomware" virus used by hackers for extortion. "We need your help!" the Federal Bureau of Investigation said in a confidential "Flash" advisory that was dated March 25 and obtained by Reuters over the weekend.

Finally, concerning cyber-privacy issues, the long running saga between Apple inc. and the US administration came to a conclusion of sorts this week with the U.S. Justice Department announcing it had succeeded in unlocking an iPhone used by one of the San Bernardino shooters. As a result the Department has dropped its legal case against Apple, ending a high-stakes legal battle. However, the broader struggle over the issue of encryption remains unresolved, and hence continues to be a topic that will be worth watching closely moving forwards. Also of interest from a cyber-privacy angle, the first ever head of a small federal privacy watchdog is resigning this summer, a year and a half before his term ends in 2018. The surprise announcement from David Medine, chairman of the Privacy and Civil Liberties Oversight Board (PCLOB), will leave a hole at the top of the five-member board, which has been instrumental in shining a light on the workings of the National Security Agency (NSA).

Plenty of news of interest emanating from Asia this week. Relating to internet governance, it was announced this week that China is currently considering implementing new Internet rules that would pressure service providers to cut off access to foreign websites, adding to the governments growing legal framework bolstering its control of cyberspace. The proposed rules would prohibit the countrys Internet-service providers from allowing connections to websites with domains, or Web addresses, registered outside China. Violators would face fines of up to 30,000 yuan ($4,621) and public notices exposing their failure to obey.

On the topic of cyber-security, the Iranian administration this week denied any involvement in the cyber-attacks which were carried out on the US recently. The U.S. Justice Department charged seven Iranian hackers linked to Tehran with targeting U.S. banks and a New York dam drawing the response from the Iranian Foreign Ministry that the US "is in no position to accuse the citizens of other countries, including Iran, without providing documentary evidence.

In broader terms, a recent survey by Intel Security has revealed that the Association of Southeast Asian Nations (Asean) organisations are not prioritising security for their internet of things (IoT) developments. Thailand ranked lowest in terms of IoT security awareness among the five countries surveyed, with 39% of IT leaders recognising the need for security enhancements to their IoT.

Concerns also emerged this week regarding cyber-privacy, with Tencent, a major Chinese web browser with millions of users around the world, having been found leaking data with which users can be identified, tracked and attacked. The browser has an estimated 16 million non-Chinese users and such leaks of personal data mean its users can be identified, tracked and suffer man-in-the-middle attacks, according to noted Canadian privacy researchers Citizen Lab.

Of interest from other parts of the world, figures published this week revealed that the Arab world is expected to have 226 million internet users by 2018 with internet penetration jumping 7 per cent above the world average, according to a new study. The Arab Knowledge Economy study by Orient Planet and research consultant Abdul Kader Al Kamli said the regions internet penetration would increase from 37.5 per cent in 2014 to 55 per cent in 2018.

Also, the Canadian think-tank CIGI (the Centre for International Governance and Innovation) this week suggested that Internet users don't understand security or privacy and are more comfortable with government oversight of the Internet and their privacy than, for example, Apple. In an international survey (24,000 respondents in 24 countries), the group claims more than 70 per cent want the dark net shut down (which rests on the assumption that 70 per cent of people actually know what the dark net is).

Finally, of note from Global Institutions this week, the announcement that the membership of the Multistakeholder Advisory Group of the Internet Governance Forum has been renewed. A total of 55 members, 21 among them new, have been appointed. The Advisory Group members are from all stakeholder groups and all regions, representing Governments, civil society, the private sector and the technical community. All Advisory Group members serve in their personal capacities, but are expected to have close linkages with their respective stakeholder groups. The main task of the Advisory Group is to provide advice on the preparations for the eleventh meeting of the Internet Governance Forum, which is set to take place in Mexico in November 2016.