The weighing of evidence involves the connecting of dots, which involves drawing inferences. However, just as there can be false positives, there can be false inferences. The tendency may be to think of inferences as coming in one size, but not all inferences are logically correct. Some are weak and others strong. The reason for talking about both kinds is that so much depends on the quality of their making. more
Hackers behind the massive data breach of the hotel group Marriott International Inc have left clues suggesting ties to the Chinese government intelligence-gathering operation. more
Millions of email warnings were sent out by Marriot on Friday to warn customers about the massive data breach which has affected close to half a billion guest data. more
The 2013 NSA revelations by the American whistleblower Edward Snowden was a stern wake call for French politicians. more
Shortly after the National Telecommunications and Information Administration (NTIA)'s recent announcement allowing Verisign to pursue increased .com registry fees, Verisign published a blog post questioning the business practices of registrars and domain name investors. The ICA, on behalf of its registrar and domain name investor members, had previously spoken out against a .com fee increase, as did others in the domain industry. more
As the ITU-T 2018 Plenipotentiary Conference rolls toward a close this week, its most controversial and contentious subject appeared baked into a new treaty instrument resolution that has apparently reached a kind of steady-state. After distilling the many input proposals through ten revisions and a corrigendum, the tasked drafting committee has produced a new resolution with the simple title of "OTTs." more
My thesis is simple: the way we protect privacy today is broken and cannot be fixed without a radical change in direction. My full argument is long; I submitted it to the NTIA's request for comments on privacy. Here's a short summary. For almost 50 years, privacy protection has been based on the Fair Information Practice Principles (FIPPs). There are several provisions... more
Two months ago, the Trump White House published its National Cyber Strategy. It was followed a few days ago with the release of its draft NSTAC Cybersecurity "moonshot." The Strategy document was basically a highly nationalistic America-First exhortation that ironically bore a resemblance to China's more global two-year-old National Cybersecurity Strategy. more
Recently, a blogger whose website features posts and ads from domain speculators wondered what the cost of registering a .com domain name would be if somebody else ran the .com registry. But this blog post asks the more relevant question: "How much could businesses and consumers save if the benefit of .com price caps were passed along to consumers?" Now is a good time to focus on this question, since Verisign and the US Department of Commerce just amended their Cooperative Agreement to allow limited, regulated .com price increases. more
The controversial site gab.com has been shut down by GoDaddy and given 2 days to move the domain elsewhere. The deadline expires at midnight tonight Irish time. In recent days the site has seen itself become increasingly disconnected as various service providers and online platforms including PayPal have shut the door to them. At present the site is displaying this notice... more
When the Internet outgrew its academic and research roots and gained some prominence and momentum in the broader telecommunications environment it found itself to be in opposition to many of the established practices of the international telecommunications arrangements and even in opposition to the principles that lie behind these arrangements. more
In the early days of the internet, companies only needed a simple web presence to be among the pioneers of digitization. Playfully animated hover buttons and electronically-synthesized background music were commonly accepted standards. To appear on a search engine, webmasters simply had to submit the URL of their website. more
Over the course of the last decade, in response to significant pressure from the US government and other governments, service providers have assumed private obligations to regulate online content that have no basis in public law. For US tech companies, a robust regime of "voluntary agreements" to resolve content-related disputes has grown up on the margins of the Digital Millennium Copyright Act (DMCA) and the Communications Decency Act (CDA). more
In 1998, I was a lawyer working at Jones Day in Los Angeles, specializing in patent lawsuits. Specifically, I was a member of Jones Day's Technology Issues Practice, which sought to assist companies becoming involved in computer and communications technologies, including the Internet. Meanwhile, in early May the Internet Assigned Numbers Authority (IANA) was preparing to transition its home base from the University of Southern California's Information Sciences Institute (ISI) to a new, independent and not-for-profit organization. more
The level of interest in the general topic of routing security seems to come in waves in our community. At times it seems like the interest from network operators, researchers, security folk and vendors climbs to an intense level, while at other times the topic appears to be moribund. If the attention on this topic at NANOG 74 is anything to go by we seem to be experiencing a local peak. more