Policy & Regulation

Policy & Regulation / Recently Commented

The EU AI Act: A Critical Assessment

The proposed new European Union (EU) Artificial Intelligence Act has been extolled in the media as a bold action by a major legislative body against the perceived dangers of emerging new computer technology. The action presently consists of an initial proposal for a Regulation with annexes from 2021, plus recent Amendments adopted on 14 June. This regulatory behemoth exists entwined among a multitude of other recent EU major regulations... more

NIST as a Cyber Threat Actor

On 24 May, NIST published recommendations that are a key component of the U.S. cybersecurity ecosystem -- known as vulnerability disclosure guidelines. NIST (National Institute of Standards and Technology) is an agency of the Department of Commerce whose mission includes "developing cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public." more

AI Has No Time for “Human” Rights

Popular media have recently reported a White House initiative asserting companies' "moral obligation" to limit the risks of AI products. True enough, but the issues are far broader. At the core of the debate around AI -- will it save us or destroy us? -- are questions of values. Can we tell AI how to behave safely for humans, even if in the future it has a "mind of its own"? It is often said that AI algorithms should be "aligned with human values." more

Internet Governance Outlook 2023: Will “Digital Coop-Frontation” Become the “New Normal”?

In 2022, the Internet world was shaken by big contradictions. On the one hand, efforts to constitute a stable and secure framework for a safe cyberspace made substantial progress. The UN got a new Tech Envoy. The UN-based Internet Governance Forum (IGF) got a "Leadership Panel." The UN negotiations on cybersecurity and cybercrime produced constructive interim results. more

FTC Comment Period Emphasizes the Need for a Better WHOIS System

Late last year, the U.S. Federal Trade Commission - the governmental arm responsible for protecting Americans from unfair trade practices -- opened a comment period on a proposed "Trade Regulation Rule on Impersonation of Governments and Businesses." It's no surprise that those who are victims of or are battling online impersonation saw this as an opportunity to highlight the importance of a working domain name registration data system ("WHOIS") ... more

NIS2, ICANN and “Thick” WHOIS: A Mandate to Move Forward

The recent adoption at the end of December of the new EU Directive for a high level of cybersecurity across the Union -- commonly referred to as "NIS2" - paved the way for important updates to the domain name system (DNS). Most significantly, Article 28 of NIS2 and its related recitals resolved any ambiguities about the public interest served by a robust and objectively accurate WHOIS system that permits legitimate access by third parties to data... more

Is Secured Routing a Market Failure?

The Internet represents a threshold moment for the communications realm in many ways. It altered the immediate end client of the network service from humans to computers. It changed the communications model from synchronized end-to-end service to asynchronous and from virtual circuits to packet switching. At the same time, there were a set of sweeping changes in the public communications framework... more

FCC Implements Broadband Labels

The FCC voted recently to implement consumer broadband labels. This was required by section 60504 of the Infrastructure Investment and Jobs Act. The new rules will become effective after the Office of Management, and Budget approves the new rules and after the final notice is published in the federal register. ISPs will then generally have six months to implement the labels. The labels look a lot like the nutrition labels that accompany food. more

The Continuing WHOIS Disappearing Act

WHOIS is about to become even harder to find. ICANN has recently concluded long-delayed contract negotiations with industry meant to accommodate the technical migration from the WHOIS protocol to the Registration Data Access Protocol (RDAP). Instead of limiting the changes to what's necessary to implement the new technical protocol, the proposals effectively gut WHOIS, making it virtually impossible to find by eliminating web-based WHOIS access... more

Achieving Multi-Stakeholder Progress on DNS Abuse

DNS Abuse and how to address it has been the topic of intense, often conflictual, and rarely conclusive discussions for many years, starting with the very definition of the term and the degree of responsibility bestowed upon DNS operators. In 2018, after several months of intersessional work, the Internet & Jurisdiction Global Conference brought together in Ottawa more than 200 key stakeholders to define a roadmap to address certain jurisdictional challenges on the Internet, including DNS abuse. more

ICANN Policymaking Should Be Even More Transparent

Transparency and accountability are embedded in ICANN's core values. Indeed, ICANN's Bylaws mandate that "ICANN and its constituent bodies shall operate to the maximum extent feasible in an open and transparent manner ...". Public Interest Registry believes that a dedication to transparency is fundamental to the strength and continued effectiveness of ICANN's multistakeholder model. more

Regulation of Algorithmic Regulation Begins

A Chinese law that went into effect six months ago required online service providers to file details of the algorithms they use with China's centralized regulator, the Cyberspace Administration of China (CAC). In mid-August, CAC released a list of 30 algorithms used by companies such as Alibaba, TenCent and Douyin, the Chinese version of Tiktok, with a brief description of their purpose. more

Solving the .US Registrant Data Directory Services (RDDS) Conundrum

Recently ten Democratic Members of Congress wrote a letter to Alan Davidson, head of the NTIA, requesting that the "NTIA immediately cease the public disclosure of personal information about users of .US" country code top-level domain (ccTLD). This communication highlights a significant concern regarding domain registration data: the need to protect the privacy rights of Registrants. However, an equally significant concern regarding registration data was raised... more

The Politics of Submarine Cable in the Pacific

There was a naive idealism in the early days of the Internet that attempted to rise above the tawdry game of politics. Somehow, we thought that we had managed to transcend a whole set of rather messy geopolitical considerations that plagued the telephone world and this new digital space that the Internet was creating was simply not going to play by the old rules. more

Monumental Cybersecurity Blunders

Two recent celebrated cybersecurity standards history events brought together sets of people who were intimately involved with some of the most significant network security standards work ever undertaken. These included the X.509 digital certificate standards at ITU X.509 Day, and the Secure Digital Network System (SDNS) standards at the NSA Cryptologic History Symposium 2022. more