Cybersecurity regulation is coming. Whether regulations intended to enhance critical infrastructure protection will be based on existing statutory authority, new legislation, an Executive Order or a combination of legal authorities, however, is still unknown. Other aspects of the coming federal oversight of critical infrastructure cybersecurity that remain undetermined include the extent to which governance system will include voluntary characteristics and the time frame for initiation of new cybersecurity regulation. more
Australians may lose their right to privacy online if the attorney-general has her way. Nicola Roxon's discussion paper is before a parliamentary inquiry. Proposals include storing the social media and other online and telecommunications data of Australians for two years, under a major overhaul of Australia's surveillance laws. The government passed a toned down version of these proposals last week, giving police the power to force telcos to store data on customers for a specific period while a warrant is sought. more
As an industry insider and technologist, it's always tempting when discussing something new, such as the Trademark Clearinghouse (TMCH), to jump into the gritty details to try solving problems. However, in this case, we would be jumping a step ahead because it's fair to say most of the general community is not well informed about the current implementation challenges around the TMCH. more
Reading Peter Olthoorn's book on Google (a link is found here), I ran into a passage on IP addresses. Where Google states that it does not see an IP address as privacy sensitive. An IP address could be used by more than one person, it claims. The Article 29 Working Party, the EU privacy commissioners, states that it is privacy sensitive as a unique identifier of a private person. It got me wondering whether it is this simple. Here is a blog post meant to give some food for thought and debate. I invite you to think about the question 'how private is an IP address'? more
Microsoft took down a Zeus botnet recently. Within days it was publicly accosted by Fox-IT's director Ronald Prins for obstructing ongoing investigations and having used Fox-IT's data. This was followed by the accusation that Microsoft obstructs criminal proceedings... On top of all this EU Commissioner Cecilia Malmström announced that cooperation between law enforcement and industry will be forged in the European Cyber Crime Centre as of 2013. Coincidences do not exist. Why? more
The 'economies of scope' is an appealing concept implying that if we share knowledge in an open way we can create new, healthy economies that do not just depend on 'scale'. As we have seen, over the last decade in particular, some of the companies that are trying to achieve exponential growth can endanger the economy and society in general - the global financial crisis surrounding the large financial institutions, the scandals around News Corp, the political lobbying (bullying) by the super rich and the destruction of the environment by some developers. more
Even as we increasingly discover that every facet of our modern lives now revolve around, and are dependent on the Internet, for which reason its availability, functionality, safety, stability and security are now of great and continuing concern to all of us. These issues have a profound impact on its overall governance. To most of us, during the past three decades, the Internet has always been available, stable, affordable and open; and it should continue this way even as it is controlled and administered in a secure manner... more
As unusual as it may be for a lawyer to speak at a IETF meeting, Ian Walden gave a lecture on Data Protection Directives and updates thereof. He said they affect some 90 jurisdictions. A difference between email addresses and cookies - the latter are the main subject of the January 2012 update of the directives - is that after more than a decade of enforcement, specific browser extensions may allow users to browse what cookies they have, while no record states whom they conferred their email addresses to. more
Don't worry about the bad guys turning out the lights. Worry about everything they're stealing while the lights are still on. The theft of intellectual property ranging from Hollywood films to defense secrets is underway by cyber-criminals of various stripes. Maintaining control over intellectual property may be the single most important challenge to American economic security. Implementing a cyber-reliant infrastructure is a national challenge which crosses the traditional boundaries between economic sectors and between public and private domains. more
Efforts to take down websites for copyright infringement are likely to move beyond U.S.-based domain name registries, with ICANN promising to more closely cooperate with global law enforcement agencies and governments. During an open session with the Government Advisory Committee (GAC), the ICANN board confirmed that it will enforce its contracts with registrars more effectively in order to meet expectations from governments and law enforcement authorities. more
Brian Krebs reporting in Krebs on Security: "Half of all 'rogue' online pharmacies -- sites that sell prescription drugs without requiring a prescription -- got their Web site names from just two domain name registrars, a study released today found. The findings illustrate the challenges facing Internet policymakers in an industry that is largely self-regulated and rewards companies who market their services as safe havens for shadowy businesses." more
Reporting further on the recent Bodog.com domain name seizure case based on gambling charges, Michael Geist writes: "In the Bodog.com case, U.S. officials targeted a site with limited connections to the country as the site had licensed out the bodog.com domain name in 2006 and stopped accepting U.S. bettors late last year. The legal issues surrounding its operations will be played out in court, but the manner in which the bodog.com name was seized could have a lasting impact on Internet governance." more
Over the last year the world has been virtually buried under news items describing hacks, insecure websites, servers and scada systems, etc. Each and every time people seem to be amazed and exclaim "How is this possible?" Politicians ask questions, there is a short lived uproar and soon after the world continues its business as usual. Till the next incident. In this blog post I take a step back and try to look at the cyber security issue from this angle... more
A Canadian law expected to be introduced next week could greatly assist law enforcement authorities in the country to access date revealing internet-user habits and personal information. Privacy watchdogs caution if the so-called Lawful Access law is passed, it would give police access to webbrowsing history and sensitive personal information, and would grant greater permission to track the cellular phones of suspects -- much of it without the requirement of a warrant. more
The Supreme Court of Canada has ruled that Internet providers are not broadcasters for the purposes of the Broadcasting Act when they simply transmit content to subscribers, reports Michael Geist. The court noted... more