10 February 2016
A relatively subdued week this time around, with the US Government’s annual budget announcement including within it a Cybersecurity National Action Plan (CNAP). The plan has been devised in an effort to fortify America's digital defenses and protect Americans, government agencies and companies against the growing number of cyberattacks aimed at everything from national defense and health care to personal consumer data.
However, news from elsewhere did filter through, albeit in the shadow of these developments. In Europe, much of the coverage and discussion was focused on the recently agreed upon EU-US data privacy shield, agreed upon last week to replace the old Safe Harbour agreement regarding transatlantic data flows. Of note was the revelation from data protection watchdogs around the EU that companies will be permitted to continue transferring personal data to the US under alternative legal means – at least for the time being whilst the EU certifies the finer details of the newly agreed upon ‘privacy shield’ framework. “Until we have analysed the content of the arrangement and the possible consequences on the other transfer tools we will allow data controllers to use the BCRs [binding corporate rules] and standard contractual clauses,” said Isabelle Falque-Pierrotin, president of the Article 29 Working Party, which represents the powerful privacy authorities from EU member states.
Linked to this, and of note, the French data protection authority this week gave Facebook three months warning to stop tracking non-users' web activity without their consent and ordered the social network to stop transferring personal data to the United States. The French order is the first significant action to be taken against a company transferring personal data to the United States following an EU court ruling last year that struck down an agreement that had been relied on by thousands of companies, including Facebook, to avoid cumbersome EU data transfer rules. It would seem at a glance that the analysis offered by the EU watchdogs, as explored above, may be contradicted by the action of individual member states keen to establish privacy arrangements in the coming weeks.
Other big news from the European continent this week included the announcement that new legislation drafted by the European Commission could force all EU countries to ensure the 700 MHz band of spectrum is made exclusively available for mobile services by the middle of 2020. The European Commission has published proposals to introduce new laws that would require EU countries to “allow the use of the 694-790 MHz frequency band for terrestrial systems capable of providing wireless broadband electronic communications services”, in accordance with technical conditions it will lay out by 30 June 2020.
As aforementioned, news in the US was dominated this week by President Obama’s budget announcement and the Cybersecurity National Action Plan (CNAP). The draft budget put to Congress by the US administration includes the provision to boost cybersecurity spending to $19 billion for fiscal year 2017, a 35 percent increase over this fiscal year. The White House also wants to launch a $3.1 billion Information Technology Modernization Fund to retire and replace aging systems in the federal government. To oversee all initiatives, President Obama plans to create a federal chief information officer who would coordinate cybersecurity practices across agencies.
As part of the plan, President Obama is keen to engage with Silicon Valley tech companies in an effort to collaborate against cyber-security threats posed to the US. This marks the continuation of a dialogue between the administration and major US tech companies which has focused on issues such as encryption, data privacy and cyber-security in the past.
In other developments, the US Senate this week passed a privacy bill considered integral to the pending transatlantic data transfer pact with the EU. The so-called Judicial Redress Act, which gives EU citizens the right to challenge misuse of their personal data in U.S. court, is also a prerequisite of a law enforcement data-sharing “umbrella” agreement reached last fall.
From a Pan-Asian perspective, the news of utmost significance this week was that The Telecom Regulatory Authority of India (TRAI) has laid down rules that strictly prohibit the differential pricing of data on the basis of content in India — which effectively bans zero-rating initiatives such as Facebook’s Free Basics and Airtel’s Airtel Zero programme. The new rules came after a two-month-long consultation process that saw Facebook launching a big advertising campaign in support of its Free Basics program, which runs in more than 35 developing countries. The service, earlier known as internet.org, has also run into trouble in other countries that have accused Facebook of infringing the principle of net neutrality - the concept that all websites and data on the Internet be treated equally.
Cyber-security also received a degree of coverage in Asia this week, as it was revealed that hacker in China have attempted to access over 20 million active accounts on Alibaba Group Holding Ltd's Taobao e-commerce website using Alibaba's own cloud computing service. The news was revealed via a state media report posted on the Internet regulator's website.
As for news from other parts of the globe and developments associated with Global Institutions, this week represented a particularly quiet one. However, some stories of interest did emerge, including the announcement in Cisco’s latest Visual Networking Index mobile report that by the end of the decade, Global mobile data traffic will have reached 30.6 exabytes – approximately 30 quintillion bytes or 30 billion gigabytes – per month, up from 3.7 exabytes in 2015.
Finally, it was also revealed this week that NATO has become the first organisation to deploy Polycom’s RealPresence Centro unified communications system ahead of a wider launch in the coming months, as it seeks to enhance its internal collaboration capabilities.