13 April 2016

The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access and download the full report containing additional details and other news items, click here.

Another busy week of developments from across the ICT world, with issues of interest to IEEE cropping up in various forms. These are explored in further detail below.

In Europe, the news of interest included the story that a panel of EU privacy watchdogs has demanded changes to a pact meant to govern cross-Atlantic data transfers. The Article 29 Data Protection Working Party have urged the US and European Commission to revise and clarify several points in the proposed Privacy Shield agreement in order to safeguard EU citizens' personal information. "We believe that we don't have enough security [or] guarantees in the status of the ombudsperson and in their effective powers to be sure that this is really an independent authority," said Isabelle Falque-Pierrotin, the chairwoman of the group. The group's recommendations are not binding on the EU or US, but should prove influential as the watchdogs can suspend data transfers they are concerned about.

The Privacy Shield is a framework that has been proposed to facilitate the transfer of personal data between the EU and US. EU and US officials hope the Privacy Shield can replace the safe harbor agreement which was invalidated by the EU's highest court in October last year.

From a cyber-security angle, developments of note included the announcement that Turkey has this week launched an inquiry in order to investigate the means by which cyber hackers posted online the data of some 50 million Turkish citizens. The data breach is believed to be the largest in the country’s history and whilst no group has yet assumed responsibility for the action, comments posted online suggest Turkey may have been a target, and victim in this instance, of political hackers.

Also on this theme, it was reported this week that the Russian Government has begun working with Russia's Central Bank to develop a package of measures aimed at fighting Buhtrap, the recently discovered hacker group, which, to date, has stolen around RUB 4 billion (£42 million) from Russian and Western banks, and is reportedly planning further attacks on the EU banking system.

Digital skills also received a degree of coverage this time around, with the announcement that a new European standard for ICT professionals has been launched. The Council of European Professional Informatics Societies (CEPIS) said its introduction would help solve the lack of e-skills across Europe. The European e-Competence Framework (e-CF), which describes the competences and skills requirements of ICT professionals, has become a European standard following its official publication by the European Committee for Standardization (CEN) this week. CEPIS secretary general Fiona Fanning said: Organisations must be able to understand the core areas of ICT expertise required by different roles, in order to recruit and develop suitable employees and maintain adequate levels of competences.

Finally from Europe, new data protection laws are expected to be finalised next week following the new General Data Protection Regulation and a new Data Protection Directive for police and criminal justice authorities being endorsed by national governments within the EU in a vote held by the Council of Ministers in the week passed.

In the US, internet governance issues reared up with the Federal Communications Commission Chairman Tom Wheeler announcing plans to bring more competition to a little-known but important market for broadband Internet services. The field is known as special access and concerns the dedicated, high-capacity broadband connections used by certain businesses. These connections may be used for things such as ATM machines or in order to connect cellphone towers to wireless networks. Critics have often raised concerns that the market is overly dominated by incumbent firms such as AT&T and Verizon. Also of interest, Microsoft this week became the first major U.S. tech company to say it would transfer users' information to the United States using a new transatlantic commercial data pact, the Privacy Shield, and would resolve any disputes with European privacy watchdogs. Data transfers to the United States have been conducted in a legal limbo since October last year when the European Union's top court struck down the Safe Harbour framework that allowed firms to easily move personal data across the Atlantic in compliance with strict EU data transferral rules. As mentioned previously, the new Privacy Shield agreement designed to replace the Safe harbor framework continues to attract scrutiny as the EU and US attempt to move towards the ratification of an agreement.

On a net neutrality note, legislation to prevent the Federal Communications Commission from using its net neutrality rules to regulate the rates that companies charge customers for Internet service appears to be heading towards a vote in the House next week. The bill passed out of the Energy and Commerce Committee last month on a party-line vote over objections from Democrats, who said it would end up cutting off broad portions of the FCC's regulatory authority. An amendment to the bill reportedly addressed some but not all of their concerns.

There were a range of stories relating to cyber-security, which emerged from the US in the past week. Of particular interest was the news that the US Democratic Senator Edward Markey of Massachusetts has introduced legislation calling for airlines and aircraft manufacturers to disclose cyber security incidents to federal authorities, saying the aviation system lacks sufficient standards and oversight. The proposed measure would also require the Federal Aviation Administration and other federal agencies to identify cyber vulnerabilities within the aviation system and establish standards for addressing them.

Cyber-Privacy issues also received a good degree of coverage this week in the US. Of particular note, the National Security Agencys (NSA) data sharing plans came under fire from civil liberties and government transparency groups as they rallied to oppose a new plan which would allow the NSA to share more of the information that it collects about peoples communications and activity on the Internet with other federal agencies. On this theme, the US administration this week was surrounded by speculation as commentators and the media made a great deal out of the Governments refusal to offer public support for the draft legislation.

A relatively quiet week in the pan-Asian ICT sector, however news of interest included the US labeling China' s internet censorship restrictions a trade barrier for the first time since 2013, claiming that online restrictions are damaging the business of U.S. companies. Since Xi Jinping became China's president in 2013, the U.S. had not listed China's so-called Great Firewall as a trade impediment despite widespread outcry that the online blocks limit access to crucial information, email and search services such as those found on Google's platform.

Also of note, it was reported this week that details of up to 55 million voters in the Philippines have been exposed putting much of the country at risk of identity theft. The entire database of the Philippines' Commission on Elections (COMELEC) was breached according to the Philippine government. Although the commission downplayed the leak, an investigation by Trend Micro discovered a huge number of sensitive personally identifiable information (PII) including passport information and fingerprint data were included in the data dump.

From elsewhere in the ICT world, the Panama Papers leak exposed the need for organisations across the globe to take the security of their systems far more seriously according to the Hong Kong-based technology law expert Paul Haswell of Pinsent Masons. Millions of documents reportedly detailing the use of offshore tax structures in Panama by some prominent public figures were obtained by the media, and have received widespread attention since.

Another revelation of interest, research firm Gartner Inc. has suggested that worldwide spending on information technology could become one of the casualties of global economic uncertainty this year, with spending in the sector expected to fall slightly this year, down to $3.49 trillion.

News of interest emerging from Global Institutions this week included the launching of a report by the Atlantic Council which summarised the work of a Task Force it set up last year to advance a transatlantic digital agenda. The report includes 20 steps toward 2020 to create a transatlantic digital single market stretching from Silicon Valley in the west to Tallinn in the east.

Finally, as planned, ICANN and Verisign this week set out on their 90-day parallel testing period to verify the continued integrity of the data contained in the root zone file produced via the Root Zone Management System (RZMS) following the successful completion of the IANA Stewardship Transition. This is reportedly a key step in ensuring the continued security and stability of the Internets root zone.