30 March 2016

The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access and download the full report containing additional details and other news items, click here.

A somewhat quiet week in the ICT world this time around with the Easter holidays slowing down the pace of developments a little. However, there were still multiple news stories and announcements of note for IEEE which emerged, as explored below.

In Europe, cyber-security stole the headlines this week with the news that the EU cybersecurity agency ENISA has won support from MEPs in a drawn-out battle with the Greek government over its costly division between two offices in Athens and Crete. The European Union Agency for Network and Information Security (ENISA) has been pushing to close its headquarters in Heraklion, Cretes largest city, and move all of the agency’s staff into its Athens office.

ENISA also featured in the news this week for speaking out against creating backdoors for law enforcement agencies to access encrypted communication. Summarising their position, ENISA director Udo Helmbrecht argued that technology companies should not be forced to create security loopholes for authorities.

Other news of note from Europe this week included Frances fining of Google for not scrubbing web search results widely enough in response to a European privacy ruling. The French data protection authority has levied a charge of 100,000 euros on the corporation and stated that the only way Google can uphold the Europeans' right to privacy is to delist inaccurate results popping up under name searches across all its websites.

In the US, a range of developments of interest from the past week. On an internet governance theme, it was revealed this week that a union of industry lobbyists and consumer groups have warned the Federal Communications Commission (FCC) in relation to their Internet Subsidy Plan. The plan, as explored in previous monitors, has come under scrutiny from critics who suggest that if the overhaul goes through as planned, many poor Americans who receive free phone service through the program will drop out.

On the issue of net neutrality, it was suggested this week by a collection of more than 50 advocacy groups that Internet service providers (ISPs) are picking "winners and losers" in violation of U.S. Net neutrality rules. The accusation is that ISPs are selectively exempting Web traffic from their monthly data caps, and the advocacy groups involved have called on the FCC to stop ISPs from this practice, known as offering zero-rating plans, and enforce its year-old Net neutrality rules.

Of interest from a cyber-security perspective, senior U.S. and German officials met this week and agreed to deepen their collaboration on a range of cyber issues, including working to promote norms for responsible state behavior in cyberspace and expanding training in developing countries. The two governments underscored their shared strategic goals in a joint statement issued after a two-day annual bilateral meeting on cyber issues. On the same theme, the FBI this week has asked businesses and software security experts for emergency assistance in its investigation into a pernicious new type of "ransomware" virus used by hackers for extortion. "We need your help!" the Federal Bureau of Investigation said in a confidential "Flash" advisory that was dated March 25 and obtained by Reuters over the weekend.

Finally, concerning cyber-privacy issues, the long running saga between Apple inc. and the US administration came to a conclusion of sorts this week with the U.S. Justice Department announcing it had succeeded in unlocking an iPhone used by one of the San Bernardino shooters. As a result the Department has dropped its legal case against Apple, ending a high-stakes legal battle. However, the broader struggle over the issue of encryption remains unresolved, and hence continues to be a topic that will be worth watching closely moving forwards. Also of interest from a cyber-privacy angle, the first ever head of a small federal privacy watchdog is resigning this summer, a year and a half before his term ends in 2018. The surprise announcement from David Medine, chairman of the Privacy and Civil Liberties Oversight Board (PCLOB), will leave a hole at the top of the five-member board, which has been instrumental in shining a light on the workings of the National Security Agency (NSA).

Plenty of news of interest emanating from Asia this week. Relating to internet governance, it was announced this week that China is currently considering implementing new Internet rules that would pressure service providers to cut off access to foreign websites, adding to the governments growing legal framework bolstering its control of cyberspace. The proposed rules would prohibit the countrys Internet-service providers from allowing connections to websites with domains, or Web addresses, registered outside China. Violators would face fines of up to 30,000 yuan ($4,621) and public notices exposing their failure to obey.

On the topic of cyber-security, the Iranian administration this week denied any involvement in the cyber-attacks which were carried out on the US recently. The U.S. Justice Department charged seven Iranian hackers linked to Tehran with targeting U.S. banks and a New York dam drawing the response from the Iranian Foreign Ministry that the US "is in no position to accuse the citizens of other countries, including Iran, without providing documentary evidence.

In broader terms, a recent survey by Intel Security has revealed that the Association of Southeast Asian Nations (Asean) organisations are not prioritising security for their internet of things (IoT) developments. Thailand ranked lowest in terms of IoT security awareness among the five countries surveyed, with 39% of IT leaders recognising the need for security enhancements to their IoT.

Concerns also emerged this week regarding cyber-privacy, with Tencent, a major Chinese web browser with millions of users around the world, having been found leaking data with which users can be identified, tracked and attacked. The browser has an estimated 16 million non-Chinese users and such leaks of personal data mean its users can be identified, tracked and suffer man-in-the-middle attacks, according to noted Canadian privacy researchers Citizen Lab.

Of interest from other parts of the world, figures published this week revealed that the Arab world is expected to have 226 million internet users by 2018 with internet penetration jumping 7 per cent above the world average, according to a new study. The Arab Knowledge Economy study by Orient Planet and research consultant Abdul Kader Al Kamli said the regions internet penetration would increase from 37.5 per cent in 2014 to 55 per cent in 2018.

Also, the Canadian think-tank CIGI (the Centre for International Governance and Innovation) this week suggested that Internet users don't understand security or privacy and are more comfortable with government oversight of the Internet and their privacy than, for example, Apple. In an international survey (24,000 respondents in 24 countries), the group claims more than 70 per cent want the dark net shut down (which rests on the assumption that 70 per cent of people actually know what the dark net is).

Finally, of note from Global Institutions this week, the announcement that the membership of the Multistakeholder Advisory Group of the Internet Governance Forum has been renewed. A total of 55 members, 21 among them new, have been appointed. The Advisory Group members are from all stakeholder groups and all regions, representing Governments, civil society, the private sector and the technical community. All Advisory Group members serve in their personal capacities, but are expected to have close linkages with their respective stakeholder groups. The main task of the Advisory Group is to provide advice on the preparations for the eleventh meeting of the Internet Governance Forum, which is set to take place in Mexico in November 2016.