When the scale of global surveillance carried out by the NSA (USA) and by the GCHQ (UK) was exposed by Edward Snowden through The Guardian, people around the world were shocked to discover how two established democracies routinely resort to methods that they have long deplored -- and rightly so -- in dictatorships, theocracies and other single-party arrangements. In a previous article, I lamented the fact that by carrying out this surveillance on an unprecedented scale, the US and the UK are, in fact, converging with the very regimes they criticize. more
Developments over the past few months - and especially the revelations about the spying work of the NSA on friendly governments and their people and businesses - show how important it is to try and establish some high-level strategies relating to managing the governance of the internet. While companies like Google have been lobbying hard against WCIT-12 - basically because they are opposed to any government interference in the internet - the reality is that, clearly without their knowledge, their own American government through the NSA is already directly interfering in their network. more
Schneier's insight is considered particularly important according to EFF, as more and more is learnt "about the unconstitutional surveillance programs from the National Security Agency and the depth and breadth of data the NSA is collecting on the public." more
There are two Bills that are floating through the corridors of power on the Hill that could potentially change the course of civil and political rights within the United States and the world. One was introduced through the House of Representatives and the other through the Senate. The two Bills touch on a common thread that are premised on "national security" however there are interesting challenges that will surface should the Bills be passed that affect global public interest that require further examination, introspection and discussion. more
In response to a letter from ICANN's Noncommercial Users Constituency (NCUC) to data protection authorities concerning overreaching requests of law enforcement agencies in ICANN's ongoing Registrar Accreditation Agreement negotiations, the Article 29 Data Protection Working Party has written the ICANN Board. more
The Microsoft action against 3322.org, a Chinese company, started with the news that computers were infected during the production phase. Stepping away from the controversy surrounding the approach, there are important lessons that cyber security officials and upper management, deciding on the level of and budget for cyber security in organisations should learn and take into account. I'm writing this contribution from a premise: China uses the fact that most IT devices are built in China to its advantage. Allow me to start with an account from personal memory to set the stage. more
Today I released a report on 'National cyber crime and online threats reporting centres. A study into national and international cooperation'. Mitigating online threats and the subsequent enforcing of violations of laws often involves many different organisations and countries. Many countries are presently engaged in erecting national centres aimed at reporting cyber crime, spam or botnet mitigation. more
EFF and several other civil society organizations have declared a 'Stop Cyber Spying Week' in protest of several controversial U.S. cybersecurity legislative proposals, including the bill currently before Congress and the Senate called CISPA... more
No, that title is not a typo. The WHOIS service and the underlying protocol are a relic of another Internet age and need to be replaced. At the recent ICANN 43 conference in Costa Rica, WHOIS was on just about every meeting agenda because of two reasons. First, the Security and Stability Advisory Committee put out SAC 051 which called for a replacement WHOIS protocol and at ICANN 43, there was a panel discussion on such a replacement. The second reason was the draft report from the WHOIS Policy Review Team. more
Mid-January 2012 marked a major inflection point for digital copyright policy in the United States... Yet no one involved with Congressional interaction on either side of the issue believes it has been sidetracked for long, and "Hollywood" and "Silicon Valley" are both plotting their next moves in this high-stakes game to further define the responsibilities and potential liabilities... The resolution of this dispute will determine the ability of Internet services to move to "the cloud"... more
This part 3 of the selecting a back-end registry service provider series focuses on Whois and sharing data in new gTLDs. If you've ever looked up information about a domain name you've used a Whois service. It's the public information system about contact information for a domain name or IP addresses, though in this article, we will just talk about domain name Whois. In some generic and sponsored Top Level Domains (gTLDs), Whois is run authoritatively by the gTLD. In older gTLDs such as .com and .net, the authoritative Whois service is run by the registrar responsible for the domain name. While some TLD operators run their own infrastructure... more
The best part is ... this isn't one of those 'now that I've got your attention' tricks, like one of those old "free beer" posters; there really is a ton of stuff happening above the 49th parallel this summer. To begin with, as a precursor to Canada's Anti-spam Law coming into effect later this year, the Office of the Privacy Commissioner, the Canadian Radio-television Telecommunications Commission, and Industry Canada have all issued regulations, the latter two in draft form with an RFC. more
A few days ago, CAUCE published a blog post entitled "Epsilon Interactive breach the Fukushima of the Email Industry" on our site, and the always-excellent CircleID. A small coterie of commenters was upset by the hyperbolic nature of the headline. Fair enough, an analogy usually has a high degree of probability that it will fail, and clearly, no one has died as a result of the release of what appears to be tens of millions of people's names and email addresses. But, the two situations are analogous in many other ways, and here's why. more
A series of attacks on the Email Service Provider (ESP) community began in late 2009. The criminals spear-phish their way into these companies that provide out-sourced mailing infrastructure to their clients, who are companies of all types and sizes. ... On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially. Email lists of at least eight financial institutions were stolen. more
In her blog EU Commissioner Neelie Kroes blogs on her stance on cloud computing. In short: this is a good development which the EU will embrace and advocate, but may need regulation in order to ensure a safe environment for industry and individuals in the cloud. Here's some thoughts on that. more
A World-Renowned Source for Internet Developments. Serving Since 2002.