4 May 2016

The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access the full reports containing additional details and other news items, please join the Internet Technology Policy Community on IEEE Collabratec.

A busy week of developments from across the ICT world this time around, including a range of coverage which will be of interest to IEEE. This coverage is analysed below in the synopsis and subsequently laid out in full throughout the various sections of the monitor.

In Europe this week, it was revealed this week that Liberal and socialist factions of MEPs in the European Parliament have been attempting since March to set up a plenary vote on the controversial Privacy Shield data transfer agreement to the United States. With member states final verdict on the Privacy Shield scheduled for next month, MEPs are running out of time to vote before the deal is finalised.

The Privacy Shield is set to replace the now infamous Safe Harbour agreement, which was ruled invalid by the European Court of Justice last October on grounds that it didnt protect EU citizens data once they are transferred to the US.

Moving away from Internet governance issues and on to the topic of net neutrality, this week witnessed reduced roaming charges and net neutrality regulations come into force within the European Union. As of April 30th, EU telecoms providers must now cut surcharges for 'roaming' phone calls and data use in EU countries from in preparation for the complete abolition of roaming charges in June 2017. Until June 2017, telecoms providers will be allowed to charge up to five cents per minute on top of domestic prices, and up to two cents per text message, the European Parliament said. As of April 30th, the first EU-wide net neutrality regulations have also come into force, with the rules aimed at ensuring open access to internet content without discrimination, the Parliament said.

Continuing on the theme of net neutrality, Swedish media this week reacted angrily to a zero-rating campaign by Telia and Facebook that allows internet users to surf social media sites without it impacting on any allowance. Representatives of 27 newspapers, TV and radio stations have signed the statement that has appeared in the Swedish press. The Swedish telecommunications regulator PTS has also launched an investigation.

Cyber-Security developments also featured heavily in the European coverage this week. Of particular note was the announcement by Jakub Boratyski, head of the security unit at the European Commissions technology arm DG CONNECT, that the new cybersecurity rules agreed in December are a lot weaker than the EU executive wanted. He claimed that EU countries diluted new rules regulating information-sharing on cybersecurity breaches, which made it impossible to monitor hackers assaults on member states critical infrastructure. As a result of this, Boratyski has called for more co-operation into the future between EU member states regarding cyber-security.

Also of note from the European continent this week, the European Commission has called on European governments to ratify a new privacy framework that would apply to personal data transferred from the EU to US law enforcement agencies.

The Commission, after years of negotiations, reached a provisional agreement with US officials on an EU-US data protection 'umbrella agreement' last autumn. It has now recommended that the Council of Ministers, which is made up of representatives from the national governments of the 28 countries that make up the EU, sign the deal.

In the US, it was reported this week that US courts are eroding support for the recently agreed Privacy Shield proposal reached between the US and the EU. The Privacy Shield agreement is now facing a range of legal challenges in the US following recent decisions by the U.S. Foreign Surveillance Intelligence Court (FSIC) and the Supreme Court. A committee of the U.S. Supreme Court made changes last week to Rule 41 of the Federal Rules of Criminal Procedure, allowing judges to issue warrants outside his or her district. The change would grant expansive powers to law enforcement agencies to hack and access information on computers if device location information has been concealed through technological means. From a cyber-security perspective, the US and South Korea have announced this week an agreement to help one another develop technology to combat cyber-threats. The agreement, although not legally binding, states that the two countries will seek to make best use of their respective best practices, eliminate unnecessary duplication of work, and obtain the most efficient and cost effective results through cooperative partnerships.

Also of interest, the cyber skills agenda, with the White House announcing that it will hold a series of meetings over the summer and come out with a report this year highlighting the benefits and regulatory implications of the evolving technology of artificial intelligence, according to deputy chief Technology Officer Ed Felton. There are tremendous opportunities and an array of considerations across the Federal Government in privacy, security, regulation, law, and research and development to be taken into account when effectively integrating this technology into both government and private-sector activities, Felton said in a blog post.

Cyber-privacy issues also received considerable coverage in the US this week, with the stories of note including the unanimous passing of an email privacy bill through the U.S. House of Representative. The bill requires law enforcement authorities to get a search warrant before asking technology companies to hand over old emails. Looking forwards, the bill's prospects in the Senate remain unclear, though the 419-0 vote in the House was likely to put pressure on the upper chamber to approve it.

On this theme, the US Supreme Court also approved a rule change this week that will enable U.S. judges to issue search warrants for access to computers located in any jurisdiction, this despite opposition from civil liberties groups who say it will greatly expand the FBI's hacking authority. U.S. Chief Justice John Roberts transmitted the rules to Congress, which will have until Dec. 1 to reject or modify the changes to the federal rules of criminal procedure. If Congress does not act, the rules will take effect automatically.

A relatively subdued week in the Asian ICT world this week. However, news of interest included the revelation that China is said to be considering taking board seats and stakes of at least 1 percent in operators of some Internet portals and mobile apps in exchange for granting news licenses, according to people familiar with the plan. The government would reportedly issue the licenses in exchange for stock and a board seat. Government representatives could therefore monitor and block content distributed by Internet providers, although they wouldnt be involved in other day-to-day business decisions. The move, if carried through, could potentially impact operators of major Internet portals such as Tencent Holdings Ltd. and NetEase Inc. along with mobile apps that provide current affairs and news on a daily basis.

On a cyber-security note, Singapore Telecommunications (Singtel) this week officially opened a new facility to help enterprises enhance cyber-security skills and test their networks in dealing with cyber-threats. The training modules offered at the Singtel Cyber-security Institute (CSI) will cater to a range of executives and skills such as c-suite managers and operational pros. Boards and C-suite level participants will be trained in cyber-threat awareness, risk management, business continuity planning and crisis communications preparedness. Furthermore, operations and technology teams will be trained in defence and response capabilities to strengthen their skills.

Continuing on this topic, it was reported this week that Indian enterprises are increasingly being targeted by cyber-attacks as online business proliferates in the country. The attacks have been especially targeted towards small and medium sized businesses as most of them are not currently well protected. According to a recent report by security software firm Symantec, there has been a steady rise in attacks targeting businesses with less than 250 employees, in the past five years.

The rest of the ICT world moved forwards at a pace this week, with a range of developments of interest. Of particular note, the news that more than seven in ten global brands were hit by distributed denial of service (DDoS) attacks in 2015 and the announcement that a Brazilian judge this week ordered wireless phone carriers to block access to Facebook Inc's (FB.O) WhatsApp for 72 hours throughout the nation on Monday, the second such move against the popular messaging application in five months.

From a global institutions perspective, ENISA this week launched the technical phase of Cyber Europe 2016 under the Cyber Exercise Platform. The platform will allow participating cybersecurity professionals from all over Europe to test and improve their technical skills on various challenging cases, inspired by real-life incidents, on topics such as mobile malware analysis, system forensics, steganography or network forensics.

Finally, it was revealed this week that 15 individuals from various Universities in Europe have been selected to participate with ICANNCommunity Members at the ICANN56 Policy Forum in Helsinki Finland, 27-30 June 2016. These individuals are engaged in studies that encompass policy, business, technical, security, law, and communications.

Five additional selectees who attended a previous ICANN Meeting as NextGenners will now serve as Ambassadors for these newcomers to ICANN.