Aggregatore di feed
A nonprofit telecommunications provider offering voice and data services to remote areas in southern Mexico has avoided a crippling federal fee after challenging it in court.
A Mexican court recently ordered the Federal Institute of Telecommunications to reconsider the spectrum fee for Indigenous Community Telecommunications (ICT), which serves about 3,500 customers. The fee, about 1 million pesos or US$50,000, is equal to about half of ITC’s annual operating budget, said Peter Bloom, founder and a board member of ITC.
But the ruling, by the Collegiate Circuit Court on Administrative Matters, Specialized in Economic Competition, Broadcasting and Telecommunications, doesn’t end the legal battle between the nonprofit ISP and the federal regulator.
ITC doesn’t feel like the regulator honored the ruling, Bloom said, even though it exempted the ISP from fees in 2017 and beyond as long as it maintains its nonprofit status.
The court instructed the regulator to “take into account fundamental human and constitutional rights when deciding how or if to charge for spectrum use,” he added. “In our case, our mission is social, but we were being taxed as a commercial cellular provider in an amount that would make it impossible for us to continue operating.”
The federal regulator didn’t address this “fundamental issue,” so ITC will press it to consider human rights in its fee structure with continued court action, Bloom said.
In addition, ITC may be still on the hook for 2016 fees. “The issue now is that in 2016 we did not have this tax-exempt status, so we technically still owe money for that year,” Bloom said. “This is part of the reason we are fighting to have the actual court decision honored.”
ITC offers mobile phone, SMS, and data services in remote areas for 40 pesos, or about US$2, a month.
Bloom’s Rhizomática, an organizations that supports community broadband projects, and Networks for Diversity, Equality and Sustainability, praised the original court ruling in a press release.
“We consider this ruling … a transcendent moment in the history of the rights to communication,” the press release said. The ruling “makes clear the obligation of both the regulatory body and the other administrative authorities, to consider in the interpretation and application of the law the widest protection for human rights and the fundamental rights of indigenous peoples.”
The post Nonprofit ISP in Mexico Wins Court Battle Against Huge Federal Fee appeared first on Internet Society.
Today, the EU General Data Protection Regulation – or GDPR – comes into effect amid a great deal of anticipation and build-up. For the past few years, companies and policy makers around the world have been preparing for this legislation to come into force. It introduces higher and stricter privacy requirements and heavy fines for noncompliance. The interesting, yet challenging, part of the GDPR is that it applies to all organizations processing the personal data of subjects within the European Union, regardless of their location.
In this sense, the GDPR is an ambitious effort that seeks to fill a gap in the field of Internet privacy. Implementation by organizations around the world has not been easy as the statute is complex and, in many ways, difficult to enforce. This has been particularly so for SMEs and startups as the costs of ensuring compliance are considerable.
At the Internet Society, we are pleased to see privacy becoming a priority, not just a “nice to have.” As an organization with a global community, operating all over the world, we are among those who have been preparing for the GDPR. Doing privacy well is not easy, but it’s something we care about and believe everyone should have, no matter where they are.
Europe’s intention to create a much stronger and more robust privacy framework has been quite clear all along. For the past few years, Europe has hinted that its understanding of the right of privacy is not only different from many of its counterparts, but also one of its key priorities. The 2002 ePrivacy Directive, the 2014 landmark ECJ decision on the Right to be Forgotten, the 2017 ePrivacy Regulation proposal, and now the GDPR are all clear examples of a region determined to provide strong privacy protections.
All this has allowed Europe to achieve two things: first, provide some much-needed substance to the global debate on Internet privacy, which has long been a philosophical debate with few tangible results, and second, through the GDPR, Europe seeks to position itself as a de facto global regulator for privacy.
In the first case, what Europe has achieved is quite remarkable. For the many years of the commercial Internet, privacy outcomes have largely been left in the hands of companies that collect and use personal data, with the result that data collection and use has increased exponentially, often at the expense of users’ privacy. Recent disclosures from leading Internet companies suggest that society still hasn’t managed to strike the necessary balance between data protection and data monetization.
The GDPR seeks to change that by shifting the dynamics of personal data use towards users. It seeks to give them ultimate control over the processing of their data. For instance, the GDPR obligates companies to avoid the current practice of long, legalese, and unclear provisions hidden in the small print of their Terms of Reference. This will certainly change the dynamics of how privacy is presented and offered to users.
It is in the second point, however, where things start to become complicated.
By applying the GDPR to any organization around the world that collects personal data from any data subjects in the EU, Europe is setting itself up as the leading voice on Internet privacy globally. The question is, will Europe hold the limelight for long, or will other countries and regions step up their own efforts to tackle privacy in the context of a global Internet.
There is also an element of extra-territoriality in the GDPR with the potential to have a “spill over” impact on larger Internet Governance considerations, including:
- Setting a precedent where countries could start imposing national or regional legislation that has global impact;
- Creating unintended clashes between different laws, which can result in unpredictability and lack of clarity, which could subsequently impede the roll out of global technology
- Producing “regulatory competition,” the notion of state actors seeking to command the international Internet regulatory environment.
These trends will inevitably create fragmentation.
How this will play out is yet to be seen, but it is likely that this will have repercussions for the future of Internet Governance. At the Internet Society, we believe in a global, open, interoperable, and secure Internet. We also believe in inclusive Internet Governance that strives to accommodate the interests of all stakeholders globally.
As the GDPR comes into force, therefore, we should work collaboratively with all stakeholders towards a more coherent global privacy framework that incorporates compatible global approaches about privacy and personal data protection. One that, just like the GDPR, puts users at the center of control over their data, backed by a global consensus to ensure a more predictable, consistent and enforceable privacy ecosystem.
“Let’s raise the bar on data privacy and make the Internet safer.” With the imminent arrival of the EU’s General Data Protection Regulation (GDPR), this was one of the points raised by Todd M. Tolbert, our Chief Administrative Officer, in an episode of the Non-Profit Tech Podcast published yesterday. Hosted by fusionSpan’s Justin Burniske, the 35-minute episode covered a wide range of topics, including:
- the difference between data privacy and data protection
- Todd’s thinking about the value the GDPR brings in terms of thinking about data
- mistakes organizations make with regard to handling their data
- resources for organizations to do more
- how you can’t be liable for data that you don’t have in the first place
- asking the question… do you really need to keep those 700 email addresses that no longer work?
And, of course, Todd being who he is, there were some Texan things mixed in to the conversation as well. I very much enjoyed the episode and found it a useful contribution to the ongoing privacy discussions that tomorrow’s GDPR deadline has generated.
Some of the resources Todd shared included:
- Online Trust Alliance’s Online Trust Audit and Honor Roll
- Online Trust Alliance’s Cyber Incident & Breach Response Resources
- American Society of Association Executives’ GDPR Resources
- International Association of Privacy Professionals
I would also encourage you to view our articles and resources related to privacy.
Since I can’t seem to find any way to embed the player here, you’ll need to go visit the podcast page to listen – or download it in your favorite podcast app.
FYI, as Todd as written previously, he’s been leading our efforts on GDPR compliance, and also serves as our Data Privacy Officer (DPO).
The post Podcast: Talking Data Privacy and GDPR with Todd M. Tolbert appeared first on Internet Society.
Community networks can help bring connectivity to many of world’s population still without it, but some governments, ISPs, and some potential users need to be convinced of their benefits, connectivity experts said.
Community networks can bring huge economic, educational, and social opportunities to areas without Internet access, Raul Echeberria, the Internet Society’s vice president for global engagement, said Wednesday.
With nearly half the world’s population still lacking Internet access, “this is creating a huge gap of opportunities,” he said during a community networking roundtable discussion hosted by the Internet Society.
Through community network projects such as a year-old network in the mountainous region of Tusheti in the nation of Georgia, the Internet Society has seen the proof that existing technologies can bring Internet service to some of the most remote areas on Earth, Echeberria said.
After a year of operation, the Georgian network is providing new economic opportunities to inn keepers and other tourism-related businesses in the region, said Ucha Seturi, director of the community network project there. Demand for Internet service is growing, he added.
With the technology questions largely solved, a key piece of the puzzle for community networks is getting the buy-in of the unserved communities and the local and national governments, Echeberria said.
“Empowering communities and involving communities is crucial,” Echeberria said. “It’s not just bringing wires to the community; it’s working with them so the people can understand how they can use the technology to improve their lives.”
Local control and buy-in help to ensure a community network’s long-term success, added Sebastian Bellagamba, the Internet Society’s community networks campaign lead. In the phrase, “community networks, the word, “community” is more important than “networks,” he said. “The only way to make them sustainable is if communities deploy and own their own network in a way they can realize the benefits the network provides,” he said.
Regional and national government support is needed to help proposed community networks with a friendly regulatory environment and to obtain the authorizations and the radio spectrum needed for the wireless networks serving remote areas, participants said.
In many cases, community networks now operating have succeeded despite regulatory hurdles and financial constraints, said Carlos Rey-Moreno, community access networks project coordinator at the Association for Progressive Communications.
Rey-Moreno and Nico Echaniz, founder of Altermundi, called for more academic-style research on the benefits and impact of community networks as a way to convince governments of their value. More evidence of the value to the communities and people connected through community networks will “promote them and allow more to happen,” said Rey-Moreno.
Mobile operators participating in the roundtable had questions about competition with commercial services. As the Internet Society and other groups promote and aid community networks, they should think about where they can add the most value, a representative of one mobile provider said.
The Internet Society’s goal with community networks isn’t to compete with existing commercial services, but to connect areas without service, Echeberria said. The organization has scrapped plans for a community network when a commercial provider moved into an unserved area, he noted. The Internet Society will aid the deployment of community networks in Argentina, Zimbabwe, and Kyrgyzstan in 2018-19.
Community networks are one piece of a larger effort to bring connectivity to more people, and commercial services are another piece, he added. The Internet Society asks policymakers, commercial providers, and other people interested in connectivity to think “out of the box” on innovative approaches to access, he said.
To connect the next 3 billion people, “we cannot use tools from the past to deal with problems of the future,” he said.
The post Community Networks Can Bridge the Digital Divide, But Some Still Need to Be Convinced appeared first on Internet Society.
Why is it necessary to “edit” the biographies of women who are doing an incredible job on issues of technology and the Internet? Simple: the contributions of these women do not have visibility on the Internet.
At many Internet Governance forums, we often highlight the contributions of the founding fathers, but how do we inspire girls to join ICTs – information and communication technologies – if we never mention women?
For this year’s International Girls in ICT Day, the Internet Society’s Special Interest Group for Women organized the 1st Global Editathon Girls in ICT. With the support of Chapters and organizations from all around the world, this initiative had a clear goal: to create local content written about and by women to make their work in technology visible.
Only 17% of the Wikipedia content is about women and approximately 8.8% of the content in Wikipedia in Spanish is about women scientists. Where are those women who make a difference in science and technology? Do they exist? Of course they do!
“First Global Editathon Girls in ICT, was a huge experience for us, especially because Cape Verde could participate in this event.
We had a chance to put together women’s work and promote the ICT in our country, before we started we introduced ourself, our experience, our work, our expectations, our vision for the future of our country, this allowed us to know better our ICT women (not all of them), their project, and work.”
– Emilia Monteiro, República de Cabo Verde
We started the day in Islamabad and with a virtual node of women in South Asia. We continued south, this time of Africa, in Zimbabwe, and we continued in Tanzania, Kenya, Republic of Cape Verde, and Namibia. After crossing the Atlantic Ocean, we arrived in Latin America, where the day began in Buenos Aires, then Panama City and Lima. After heading to Mexico City we concluded the day very close to the Gulf of Mexico in Xalapa, Veracruz. About 300 women participated in the event which had 11 nodes in 10 countries. Computer labs, universities, and institutes were the venues chosen for this Editathon. Even individually or in teams, the participants created a total of about 70 biographies of women from their region.
“Participating in theglobal Editathon was a great experience. The people I chose to write about are two exceptional women who have made a difference in the country for their work, convictions, coherence, and integrity. I learned a lot from this experience, in particular, that a trajectory is not built overnight and behind each step made there is much work and learning previously done, as well as commitment to specific causes or objectives.”
– Karina Martínez, Mexico City
Only 1 in 10 Wikipedia editors is a woman. In this Editathon we learned not only to edit, but also the confidence to create content we think should be online. By creating and sharing these biographies of women we are inspiring more girls to pursue these paths.
While editing, we had the chance to know the the work of many women, from different countries and regions, including:
The question of why we don’t make their work visible has became more urgent than ever. Where are these women in events with mostly men at panels? Because of the invisibility that exists for women in technology, we still believe that talking about technology is talking about men.
The task was not simple. It required the support of many people who joined this great project, first to make visible these women who are making a difference in ICT who are not on Wikipedia, second to gather information and organize nodes in their countries.
The challenge now is inviting more women to participate, interviewing other women, listening to each other and listening to them at events. We need to know more about these women. Let’s continue editing, creating, and disseminating their work. If we are not the ones who write about other women and encourage others to do the same, who will?
We need to be able to inspire girls to be engineers, mathematicians, programmers, and leaders and one way to achieve this is to get to know these “super women” who have worked hard so that today we can study without prejudice.
Our thanks to all those who joined: the Chapters that organized face-to-face nodes, the organizations and universities with which we teamed up, the Wikimedia Foundation for their advice, ICANNWiki for helping us with the workshop, and all those who supported us and participated in this incredible event. Thank you.
For an Internet to exist for the good of all people, it must be shaped by each one of us. Learn about Internet Governance and why every voice matters.
Dustin’s Internet Community Roadtrip: In the Bay Area, The People Who Make the Internet Ecosystem Thrive
Dustin Phillips, Co-Executive Director of ICANNWiki, is traveling across the United States in his red Toyota Corolla, making connections with the people who are making their communities – and the Internet – a better place. He visited the Bay Area, first making a stop at the Redwood National and State Parks, where he learned about redwood communities and how their survival is dependent on interconnection, a metaphor for the Internet itself.
What is the Internet Ecosystem?
The Internet affects nearly every aspect of society, creating an extremely wide range of stakeholders. There is still a community of stakeholders engaged directly with the Internet’s policymaking processes, but increasingly there are Internet-related discussions occurring at what would traditionally be considered unlikely venues.
CITRIS and the Banatao Institute
Meeting with Dr. Brandie Nonnecke at the University of California, Berkley’s Center for Information Technology Research in the Interest of Society (CITRIS) and the Banatao Institute was a fitting way to kick off my time in the Bay Area. We had a great discussion on the important role of civic participation and collaborative processes for informed decision-making in key issue areas.
Like the incredibly diverse plant life that grows in the understory of the Redwood forests, the Internet and its associated technologies can provide a framework for decsion-making that leads to a balanced and thriving ecosystem.
Her research on the Internet Governance Forum (IGF) surveyed participants on their knowledge of Internet governance (IG) Issues, trust in institutions, and perceived self-efficacy before and after participating. The results of the survey suggest that direct participation positively impacts participant’s trust in the system and belief in their ability to contribute meaningfully.
Her work is also applicable beyond the Internet Governance context. Through her work on the Collaborative Assessment and Feedback Engine (CAFE), an open-source, e-participation platform, she has demonstrated the applicability of creative technology for reaching better societal outcomes. CAFE crowdsources feedback on key social issues, including family planning, disaster preparedness, and government performance. It applies statistical modeling and collaborative filtering to this feedback to quickly identify emerging trends and key insights.
Our discussion highlighted the feeling of empowerment that comes from actively providing input into decision-making processes and the value of tools that make this possible. This has been demonstrated over and over across a wide variety of societal issues, including the development of the Internet. However, we need to continue to look at the Internet as a tool to empower all stakeholders to take an active role in contributing to a more stable and balanced ecosystem.
IGF-USA On the Road: Bay Area
The Internet ecosystem contains many different elements with unique perspectives and areas of focus. On May 2, the San Franscisco-Bay Area Internet Society Chapter organized and cloudflare hosted the inaugural IGF-USA On the Road event to bring together those interested in Content Moderation and Intermediary Liability. This marked a positive step for the IGF-USA community in increasing the inputs from communities across the USA.
The discussion brought together a fantastic panel different perspectives, including:
- Mitch Stolz, Senior Staff Attorney, Electronic Frontier Foundation
- Jacob Rogers, Legal Counsel, Wikimedia Foundation
- Evan Engstrom, Executive Director, Engine
- Daphne Keller (Moderator), Director, Intermediary Liability, Center for Internet and Society, Stanford Law School
It also demonstrates one of the key tenets of the Internet Society’s Collaborative Governance Project, which is gathering around timely issues and actionable outcomes. When there is an imbalance in the ecosystem, it is the community’s job to correct that. However, different issues require different actors to discuss different solutions. Gathering the input and engagement from stakeholders at the right time on the right issue is increasingly important.
Knowing which stakeholders to gather around a particular issue is a key element of reaching the best outcomes. This is increasingly complex in a world where nearly every aspect of society is touched by the Internet.
Silicon Valley AgTech Conference
I attended the Silicon Valley AgTech Conference to support the showcase of the San Franscisco-Bay Area Internet Society Chapter‘s Bridging California’s Rural/Urban Digital Divide with Mobile Broadband project, in which they teamed up with California State University (CSU) Geographical Information Center (GIC), Chico, and Valley Vision to collect data on mobile broadband performance in Yolo County, California to demonstrate the lack of reliable connectivity for farmers in the region.
While at the conference, I was surprised by the number of topics discussed I would expect to find at an Internet Governance meeting. In talking with attendees about the issues their communities care about, we were able to find some overlap with nearly all of the issue areas that will be discussed at the IGF-USA 2018, including access, Internet of Things, and data governance. Despite these shared interests, the AgTech community rarely engages in the Internet policy discussions. This is not surprising, considering that the agricultural industry is busy focusing on optimizing their operations. Their perspective on the Internet and connected technologies should be recognized. Efficient production and food security are issues with far reaching global implications. We need to understand the role the Internet plays in various communities and use that input to reach better decisions for all.
On my last night in the Bay Area, I attended a joint workshop put together by 10,000 Degrees and International Connector at Sonoma State University. 10,000 degrees is a non-profit organization that helps students from low-income backgrounds get to and through college. International Connector is an organization that works to empower young innovators to have a great social impact.
The workshop gathered students from the North Bay Area who are part of the 10,000 program and discussed 6 questions.
- What do you like about your community?
- What needs does your community have?
- What do you want to do?
- What are your skills?
- What are you barriers?
- What steps can you take to utilize your skills and overcome the barriers?
The Internet was not a focal point of the dicussion, but there were issues and themes that are applicable to the Internet and the multistakeholder process. In this case, the students expressed a need for guidance, information, and resources. Similarly, there were community members present who either directly or indirectly had the ability to help with these needs. However, up until they gathered in that room, they were not aware of each other. Whether we are talking about Internet Governance, or other collaborative processes, connecting the right stakeholders is essential.
Networks of People
The reason why there are so many passionate actors fighting to make the Internet better is not simply a love for the technical networks, but rather the networks of people who can use the Internet to make their communities better. However, listening to the students at Sonoma State University highlighted a theme that I have observed in nearly every community I have visited or engaged with. Despite the incredible power of the Internet to connect, there are still gaps in our networks of people. Essentially, those who should be connecting with each other aren’t.
In the Redwood forest, there is a network of giant trees that establishes an environment in which various plants can thrive, including various bushes that produce berries. These berries provide for birds, bears and other wildlife. These animals help spread the seed of the plants, which aids growth of new plants and produces more food. This just barely scratches the surface of the complexities of this ecosystem, but it demonstrates an important point. If the berries disappeared, the forest would no longer be inhabitable for the animals, which would lead to an imbalance in the system. These forests have had the benefit of thousands of years to reach equilibrium and have demonstrated a tremendous amount of stability and resiliency in the process.
The communities discussing the future of the Internet need to to engage the increasingly wide range of stakeholders and focus the discussion on empowering people to use the Internet to make their communities and the world a better place. We can learn from the forests of Northern California and focus on extending our reach wider, not deeper and creating a hospitable environment for everyone in our ecosystem to thrive.
For an Internet to exist for the good of all people, it must be shaped by diversity, inclusion, and equality. Learn about Internet Governance and why every voice matters.
On May 14, a group of young people who are currently working on or are studying tech, politics, computer science, and the Internet of Things (IoT) met for a two-hour Youth Advocates for IoT Security round table. This event was a part of the Internet Society’s year-long initiative, the Canadian Multistakeholder Process – Enhancing IoT Security in partnership with Innovation, Science and Economic Development, the Canadian Internet Registration Authority, CANARIE, and CIPPIC. It serves as just one of several workshops that will be held during the process to develop recommendations for a set of norms and policies to secure the IoT in Canada.
The round table offered an opportunity for young people in school or their early careers to voice their opinions and provide unique inputs for consideration on the following aspects of IoT security:
- How young people currently use IoT devices;
- How they anticipate these devices will be used in the future; and
- Effective ways of educating young consumers about IoT security.
The group discussed the ways in which IoT devices have become seemingly ubiquitous in youth’s lives. IoT devices have also become integral, and often required, parts of classroom learning and workplaces. Now, the lines between devices have begun to blur as they increasingly interconnect. For example, laptops now connect with smart phones, which connect with smart watches and other wearables. In general, youths are worried about the scale and application of these devices, the loss of their privacy, and the increasing prevalence of undisclosed device interactions, such as in smart cities.
Looking forward, youths believe that applications of IoT devices will continue to rapidly expand. In order to ensure that young people are able to safely use these new technologies, the youth group believes the best way to address the risks the IoT poses is through education. This is in keeping with the findings of the multistakeholder group, which also encouraged consumer empowerment through education.
Young people are both current users of the IoT and its future creators and developers. As discussed at the multistakeholder meeting, security should be included in the initial design stages of IoT device creation, so young people should be taught from an early age to consider its importance and their own role in securing IoT.
To accomplish this, the youth group suggested creating targeted learning programs for young people in elementary school, middle/high school, university, and their early careers. In the short term, the group would like to work with an established educational platform, such as Pearson or Khan Academy, to create a digital citizenship and security training course. In the long term, the group hopes this course would become an accredited class that could be offered online or in schools across Canada as a part of the yearly curriculum.
For young people in universities or their early careers, the youth group would like to create a similar course that could be offered online as a certification program. Young people could include this certification on job applications and business profiles to show that they are IoT secure and thus will not pose a threat to their employers’ networks with insecure IoT practices. To raise awareness about this course, the group suggested recruiting or hiring social media influencers, including YouTube unboxers and celebrities.
The group concluded with consensus that to accomplish any of these goals, it will be critical to work in a multistakeholder fashion, including youths, IoT network engineers and device creators, government representatives, teachers, and others as equal and valued stakeholder groups.
Moving forward, the youth group will join the pre-existing multistakeholder listservs to continue collaborating. We will include their input from the round table and the listservs in the Canadian Multistakeholder Process – Enhancing IoT Security final report. We look forward to continuing to engage with this group of motivated young people to ensure that youths are considered in any policy recommendations for securing IoT.
Wouldn’t it be nice if you could trust that your device is secure, isn’t leaking your private data, becoming a bot and attacking other users, or putting you at risk? Read and share IoT Security for Policymakers to learn about the challenges we face and how governments, policymakers, and regulators can make a difference.
The post Canadian Youth Advocates Participate in Enhancing IoT Project appeared first on Internet Society.
On May 16, the Senate passed a Congressional Review Act (CRA) to overturn the Federal Communication Commission’s (FCC) repeal of the 2015 Open Internet Order. A CRA allows Congress to review regulations issued by government agencies and overrule them with a majority vote. This vote, led by Senator Ed Markey (D-MA), is a step towards reinstating the FCC’s 2015 net neutrality rules.
The CRA will now move to the House, where it will require a majority vote in order to pass before heading to President Trump’s desk for his signature. If the CRA passes the House and gets the President’s signature, the 2015 Order will be reinstated.
Despite the CRA’s success in the Senate, it is unlikely that it will pass the House. In the Senate, every Democrat, two Independents, and three Republicans were needed to pass the CRA. In the House, Democrats hold just 193 of 435 seats and would need to be joined by 25 Republican or Independent Representatives to move the CRA to the President’s desk. Even then, the bill would face another major hurdle, as President Trump has previously expressed support for overturning the FCC’s Open Internet Order.
This is not to mention the court cases currently filed against the FCC over its repeal of the Open Internet Order. If the CRA fails to pass, these cases will continue for many months, with no clear timeline or outcome. If the CRA does pass, the cases will drop, but new ones are likely to be filed arguing against the reinstatement of the Order.
The motion still has a long way to go. The legal battle for net neutrality has already lasted years and could be drawn out for several more before sustainable, concrete rules are put in place. This will only increase confusion among end users and service providers. It is time to come up with a long-lasting compromise that prioritizes the needs of end-users and ensures a policy environment that encourages investment and innovation.
While we applaud Congress’ effort to ensure that the Internet remain open and accessible, we encourage all stakeholders to come together to propose a sustainable solution. Congressional representatives, government agencies, service providers, edge-providers, and public interest groups must work together to create and implement a solution and end the state of back-and-forth policy-making that has existed for too long.
The post US Senate Makes Moves to Reinstate Net Neutrality, But Sustainable Rules Are Still Necessary appeared first on Internet Society.
Building the Digital Silk Road Together: Kyrgyz Chapter Proposes Ideas for Internet Development in Central Asia at Cambridge University Forum
Central Asia, the most remote landlocked mountainous region in the world, has some of the most expensive Internet in global comparison. The cost of it can easily reach 10-20% of average monthly salary. In absolute terms, the price of the Internet can reach triple digits for 1 Mbps.
Acknowledging such challenges and considering the benefits that the Internet can bring, Central Asian governments are embarking on national digitalization strategies. The Kyrgyz Republic has launched a national program on digital transformation “Taza Koom” (“Transparent Society”). The program focuses on building an open government and a digital economy.
When it comes to digital development strategies, cooperation among countries is a mutually beneficial approach. To foster such collaboration, Cambridge University initiated a common platform called Digital Dialogue for Central Asia. The first meeting of this platform Making Inroads into Digital Transformation took place in Astana in April 2018.
Speaking at the forum on behalf of the Internet Society’s Kyrgyz Chapter, I proposed to jointly build the Digital Silk Road guided by the slogan: “free movement of ideas, people, creativity, technology and innovation”. Central Asia, with its favourable geographical location in Eurasia, could become the connecting host and focal point – a global digital hub – connecting different continents.
The region has talented people and beautiful nature that offers energy and inspiration. The Internet has become our ocean of possibilities and Central Asia can be the virtual window to the entire Eurasian region.
As a specific proposal for innovative cooperation, we proposed the idea of extending the network of fiber-optic communications lines through the territory of the Central Asia connecting the East and the West. Simultaneously, the World Bank is helping connect the South and the North through the Digital CASA project.
Another idea under implementation with the support of the Internet Society’s Beyond the Net Programme is the Digital Silk Road IXP in the Ferghana Valley, one of the most densely populated areas in the world, bordering three Central Asia countries of Kyrgyzstan, Tajikistan, and Uzbekistan.
Improving Internet connectivity in Central Asia would bring many economic opportunities and social benefits to the citizens of the Central Asian countries. This is a mutually beneficial effort that would help the region to leapfrog in terms of sustainable economic development. The region that was the world’s centre of culture and science during the times of the Ancient Silk Road gets a new chance to become one of the vibrant regions of the globe thanks to the Digital Silk Road.
The discussions on Internet development in Central Asia will continue at the Central Asian Internet Governance Forum on 21-22 June in Astana, Kazakhstan.
Learn more about Internet Governance and why every voice matters.
Encryption fails: A couple of stories in the news this past week demonstrated problems with encryption, or at least, problems with deployment of encryption. One researcher demonstrated an exploitable loophole he called Efail in PGP/GPG and S/Mime software used by email clients, reports Engadget. Efail abuses the active content of HTML emails to access plain text. In addition, a malware called Telegrab is targeting the encrypted Telegram messaging service. Telegrab steals encryption keys and cache data from Telegram running on the desktop, Tom’s Hardware says.
Artificial investment: The Chinese city of Tianjin is getting serious about funding artificial intelligence projects, with an investment of about US$16 billion, reports Reuters via the Straits Times. Yes, that’s billion with a “b.” It’s part of a Chinese push to be the leading nation in AI development.
AI knows nudes: In other AI news, Facebook has released stats on the numbers of hate speech posts and posts containing nudity that its technology removed in the first quarter of 2018. In short, the social media provider’s AI is much better at flagging nudity than hate speech, reports CNBC. About 60 percent of hate speech taken down on Facebook required human intervention.
DNS attacks on the rise: The cost and number of DNS-based attacks are both rising at a significant rate, according to DarkReading.com. The average cost of a DNS attack has risen to US$715,000, a 57 percent increase from 2017. Organizations surveyed faced an average of seven DNS attacks in the previous year.
NIST eyes IoT security: The U.S. National Institute of Standards and Technology has started down the road toward defining Internet of Things encryption standards, reports GCN.com. The agency is seeking comments on the best way to evaluate new encryption standards for small computing devices.
Blockchain goes to the weeds: Blockchain payments platform Alt Thirty Six wants to help the fledgling cannabis industry in the United States process electronic payments. The company thinks it can assist marijuana retailers accept payments when many banks have refused to do business with them, Forbes says.
A tiny, little blockchain in your phone: HTC is planning to sell a blockchain-enabled smartphone that would feature a built-in cryptocurrency wallet, reports Alphr.com. The Android device would come with a universal wallet and hardware support for major cyrptocurrencies, including Bitcon.
The future of IoT is one of possibility, but only if we secure it. Here’s what you can do.
The post The Week in Internet News: Email Encryption Has Efail Moment appeared first on Internet Society.
Dustin’s Internet Community Roadtrip: In the Bay Area, What Redwoods Can Teach Us About the Internet
Dustin Phillips, Co-Executive Director of ICANNWiki, is traveling across the United States in his red Toyota Corolla, making connections with the people who are making their communities – and the Internet – a better place. While making his way to the Bay Area from Portland, Oregon, he took a slight detour.
On my way down to the Bay Area from Portland, I made a trip through the Redwood National and State Parks of Northern California. These Coastal Redwoods have existed for over 20 million years and individual trees can live over 2,000 years. What makes these ancient giants so resilient?
They find strength in community.
Redwoods grow in groves, or “communities,” where the roots only go down 10-13 feet (3-4 m) before spreading outward 60-80 feet (20-27 m). In this phenomenon, survival is dependent on interconnection, meaning the roots intertwine and fuse with each other to provide resiliency against the threats of nature and share the resources necessary to thrive.
This lesson from the redwoods is directly applicable to the Internet. The “network of networks” would be nothing without interconnection or the shared resources of open standards and protocols. Expanding wider, not deeper, is essential to the resilience and strength of the ecosystem as whole.
An ecosystem is a community of diverse, interconnected elements that function as a single unit and are most effective when in a state of equilibrium, or homeostasis. There are a few critical elements that shape the environment of an ecosytem, but it takes all of the elements to bring health and balance. While individual elements may compete, their contribution to the balance makes the ecosystem and its individual elements better off. In the redwood forests, there are a large number of plants and animals that thrive in the secure, stable, and resilient ecosystem established by the networks of these amazing trees. Similarly, the Internet continues to be a phenomenal force, but it is the human elements of the ecosystem that establish and preserve the equilibrium that makes it so powerful.
This understanding of an ecosystem is essential to strengthening the multistakeholder model for the evolution of an Internet that is beneficial for all.
For an Internet to exist for the good of all people, it must be shaped by diversity, inclusion, and equality. Learn about Internet Governance and why every voice matters.
The post Dustin’s Internet Community Roadtrip: In the Bay Area, What Redwoods Can Teach Us About the Internet appeared first on Internet Society.
Cyber-bullying is a growing phenomenon amongst preteens. Studies have established that nearly 43% of children are victims of cyberbullying and girls are twice as likely to be targeted. Students who experienced cyber attacks suffer drops in school grades and have more suicidal thoughts than those who had never dealt with such forms of peer aggression. A link between cyber harassment victimization and noncompletion of school has been demonstrated resulting in increased risk of poor education and substance abuse in adulthood.
Sadly, the majority of the victims do not report the incidents to adults or authorities due to fear of negative effects and social scandal. The tacit support given to the bullying perpetrators through silence contributes to the escalation of victimization. Banning technology is not the answer. Cyberbullying prevention in schools is crucial to defend students from this new face of violence.
The Internet Society Palestine Chapter is conducting a campaign to raise awareness about the dangers of electronic blackmail and cyber harassment. The project, funded by the Internet Society Beyond the Net, has already reached more than 2250 schoolgirls in 25 Palestinian schools in phase I of the project.
Ahmad Alsadeh, assistant professor at Birzeit University and project manager, explains what motivated the Palestine Chapter to start this project called Online Sexual Harassment-and-Blackmail Awareness for Palestinian Schoolgirls (iSHA-PS): “Young Palestinian girls resent the lack of technical and cultural knowledge to deal with blackmail and cyber harassment cases, especially girls who live in the countryside, where talking about this problem is a social taboo. This rule of silence is often leading them to be trapped in extortion. Our project is targeting 15-16 years-old-schoolgirls and aims to reduce the risks they are facing online by building their capacity in dealing with such cases.”What is the cyberbullying background in your country?
“The phenomenon of blackmail and sexual harassment online has increased as a result of the spread of the Internet, especially on social media. The Palestinian justice authority receives dozens of complaints on daily basis, and these complaints are just a small percentage of the real number of cases. Most of the time, young girls decide not to report these crimes over fear of losing reputation.
Last year, Palestinian media reported the tragic stories of two girls who paid a $100,000 and $50,000 ransom to avoid embarrassing photos to be published online by a blackmailer. When girls are unable to pay the ransom they are forced to steal the money from their parents. Sometimes the blackmail victims tend to commit suicide because they can’t afford a ransom and they are afraid of honor-based conflicts.What are your first steps?
After recruiting volunteers we were finally able to create our team and chose the project manager. We held a meeting and scheduled an effective plan to achieve the project’s goals that includes: Internet training, workshops in schools, the distribution of Internet Safety leaflets and the creation of a media campaign to raise awareness over the country.What are the long term benefits of this project?
The project will run in Palestinian schools for 12 months covering two academic semesters. Training will be conducted by volunteering university female students. ISOC Palestine Chapter will continue the coordination with Palestinian Ministry of Education to enable the team to work in public schools for the second phase of the project, which will target another 25 Palestinian girls schools and reach to more than 2000 schoolgirls. This is a great opportunity to create a lasting partnership with public institution in order to continue running our program in schools for the upcoming years.
The Internet can provide access to healthcare, education, and economic opportunity, but many indigenous communities face challenges to Internet access and inclusion. Brian Tagaban, Director of Government Policy at Sacred Wind Communications and former executive director of the Navajo Nation Telecommunication Regulatory Commission, is at RightsCon this week – the world’s leading conference on human rights in the digital age – to discuss the digital divide in indigenous communities in North America. He’s there as an Internet Society fellow and joined by other fellows Bill Murdoch, an IT specialist at the Manitoba First Nation School System and the First Nations Health & Social Secretariat of Manitoba, and Madeleine Redfern, the mayor of Iqaluit in Nunavut, Canada.
We spoke to Tagaban at the first Indigenous Connectivity Summit. The event was the start of a critical conversation about how indigenous communities can connect themselves to the Internet on their own terms. He detailed the time, diligence, and effort required to build a regulatory framework, and hoped that other Summit participants could “see how things are possible, celebrate success stories, share those success stories so that they can be built upon, and gain exposure to the political circumstances, social circumstances, geographic circumstances” that other communities faced. With Tagaban’s extensive experience with telecom regulation, he was hopeful that indigenous communities could develop their own effective and informed means of regulation.
“In my work with the Navajo Nation, I was privileged to travel the world, learning other regulatory regimes, exploring the concept of sovereignty. Sovereignty is more than a designation, it is a responsibility. When I was on an international stage, I realized that our nation, the Navajo Nation, is young. We’re infants in this game.”
“With a diligent effort, an honest effort, an effort that is conducive to your neighbors, you can have a regulatory regime that can meet the needs of your community.”
Closing the digital divide is a matter of global responsibility. We all must work together to bridge the digital divide and to foster an inclusive digital society. We must work together to #SwitchItOn.
Indigenous communities face unique challenges to Internet access and inclusion. Learn how you can support indigenous connectivity and save the date for the 2018 Indigenous Connectivity Summit, October 11-12 in Inuvik.
The post Sovereignty Is More Than a Designation, It Is a Responsibility appeared first on Internet Society.
The RIPE 76 meeting is happening this week in Marseille, France, held at the fantastic location of the Palais du Pharo overlooking Marseille’s Old Port. And it’s also another record attendance with over 850 people registered.
The first couple of days have primarily been devoted to plenary sessions, and there’s been a big focus on routing security. Erik Bais (A2B Internet) kicked off the discussion with a presentation on ‘Why are we still seeing DDoS traffic?‘, which highlighted that DDoS attacks are still originating from the same networks. Looking at the list of the worst offenders, there’s even one amongst the regular RIPE attendees, and he called for networks to clean up their acts. This was also a good opportunity to highlight the MANRS initiative, which of course includes measures to mitigate amplification attacks, and encourages networks to make good routing practices the norm.
Alexander Azimov (Qrator Labs) reinforced this message by outlining the current problems with BGP, including the ongoing route leaks and hijacks affecting the Internet. There are currently only moral obligations to not use other providers’ address space or to support anti-spoofing policies, yet major providers (including Tier 1 providers) continue to both originate and accept incorrect routes. There are things that can be done to mitigate this such as implementing IRR filters and ROA validation, but even then only around 10% of prefixes are using ROA and percentage of these are incorrect and therefore invalid. Network operators need to be doing better.
Job Snijders (NTT) also encouraged the case for filtering, and highlighted the use of Internet Routing Registries (IRRs) as a source for generating customer prefix filters. IRR sources are offered by the Regional Internet Registries, but also third parties such as RADB, NTT and ALTDB. However, IRRs differ in terms of purpose, policy and validation and still rely on network operators entering correct and legitimate information. This issue, particularly with certain IRRs needs to be addressed, as well as RPKI deployment being increased to allow incorrect IRR data to be identified and ignored.
That left Martin Winter (Hurricane Electric) to present the Real-Time Monitoring BGP Toolkit that is able to monitor for BGP errors and hijacks. This offers a looking glass service compiled from multiple sources around the world, and therefore enabling comparison of active BGP routes against known registered routes. The initial tests have revealed some interesting results such as the ongoing use of deprecated BGP Attributes, malformed 4-byte AS implementations, and repeated re-advertisement of the same routes. The tool can be found at https://rt-bgp.he.net.
Other highlights from the first couple of days including a lightning talk from Jordi Palet (Consulintel) who introduced HTTP/2, QUIC and DOH. Internet traffic is increasingly moving to HTTP/HTTPS due to the fact that networks are limiting access to these protocols, but the DNS is not yet using this. However, the IETF DNS over HTTPS (DOH) Working Group has been standardising the encoding of DNS queries and responses over HTTPS. which aims to enable DNS Privacy over paths where DNS-over-(D)TLS has issues.
HTTP/2 can reduce the number of round-trips, and avoid blocking by using parallel streams and discarding the unwanted ones, so provides offers a faster web experience. QUIC can decrease latency, avoid packet loss blocking all steams (as with HTTP/2) and makes connections possible over different interfaces.
Our colleague Jan Žorž, along with Benno Overreinder (NLnet Labs), also chaired the BCOP Task Force on Monday. There were a couple of proposals for developing BCOPs – the first on recommendations for DNS Privacy Privacy operators from Sara Dickinson, and the second on running E-mail servers on IPv6 from Sander Steffann.
For those of you who cannot attend the RIPE meeting in person, just a reminder that remote participation is available with audio and video streaming and also a jabber chat room.
The full programme can be found at https://ripe76.ripe.net/programme/meeting-plan/
The Piikani Nation in Southern Alberta, concerned they were in danger of losing their Blackfoot culture and traditions, sought out an innovative way to share it with younger generations. Elders and school officials in Piikani focused on how they could use technology to engage youth and preserve their knowledge and history. As a result, the Piikani First Nation, University of Alberta, First Nations Technical Service Advisory Group, and Piikani Board of Education created a youth-based project, the Piikani Cultural and Digital Literacy Camp Program, that combines digital technology and cultural and language studies for grade 9 students.
From the beginning, Piikani Elder Herman Many Guns and University of Alberta Assistant Professor Dr. Rob McMahon knew it was crucial to combine traditional Blackfoot and digital teaching styles in the program. To accomplish this, Herman reached out to community ceremonial Elders with transferred rights who could ensure the project followed traditional protocol. The partners decided to host a summer camp that would teach students about their culture, as well as gain digital skills, such as video production, editing, and data stewardship. Students apply these new digital skills to the preservation of the ancestral knowledge shared by the Elders at an outdoor camp, called ii na kaa sii na ku pi tsi nii kii in Blackfoot.
In the camp’s inaugural year, students spent the first half of the program in a classroom working through a workbook and learning digital skills and the second half in a three-day outdoor camp. Next year, the program will increase the classroom activities to include sessions before and after the camp. This will allow students to spend more time learning about how to create a story board, write narratives for their video projects, refine their videography skills, and edit the footage they capture during the camp.
During the outdoor camp, students set up tripods to record lessons from community Elders who hold transferred rights to the knowledge they share. They are taught how to assemble tipis, cook, drum, make fires, and play traditional games and sports. They learn the creation story, the community’s history, and traditional songs, all of which are preserved in their video footage. This footage is provided to Piikani Traditional Knowledge Services, a local organization focused on archiving community knowledge. Students also learned about supports and barriers to sharing their stories, such as limited and expensive Internet connectivity in their community.
This experience serves as a learning opportunity, not just for the students attending camp, but for all those who will later watch their videos and learn about the Blackfoot people and its culture. It also trains young Piikani students how to use and be creative with digital tools – skills that will continue to serve both them and their community after camp.
In addition to these technical skills, students have reported significant personal development. They have learned pride for their community and their culture, and a deeper appreciation for their history. They have gained confidence and a broader sense of community within the Piikani Nation. This, just as much as an understanding of their culture and tradition, will ensure that the Blackfoot community continues to thrive.
The Internet Society Beyond the Net Funding Programme, as well as an Insight Grant from the Social Sciences and Humanities Research Council of Canada, have allowed for several advantageous changes to take place at the Piikani Cultural and Digital Literacy Camp Program. With these funds, the team hired a documentary producer to teach in-depth technical knowledge to students, which will help develop their filmmaking skills. The grant also allowed the program to hire a student to interview Blackfoot digital innovators and media producers prior to the camp, and use their stories and experiences in the next iteration of the workbook. The goal is to highlight local talent and digital innovation. Using this kind of localized content and highlighting members of the community will allow the program to further preserve Piikani knowledge and stories, while also pointing to the many exciting projects taking place at home. The team will also discuss connectivity – and specially how the stories can illustrate ways that communities can manage and share their knowledge and data.
In addition to expanding the pre- and post-camp activities this summer to give students more in-depth technical training, the camp will also include more Blackfoot cultural knowledge held by ceremonial Elders. This will include sessions on the role of horses in Piikani culture, and a traditional sweat lodge.
Student mentorships are an important aspect of the project, and one that will continue to be developed in the coming year. The program leads hope that after each session some of the students will return to help facilitate the camp for the next group of students. In time, this will allow the project to become entirely sustained by the community. After the third year of the project, it will be turned over to Piikani Nation Secondary School.
The Piikani Cultural and Digital Literacy Camp Program looks forward to continuing to build its project, teaching digital skills to Piikani youths, and preserving the Blackfoot culture and traditions. The program leads hope that this program will serve as a model for other Indigenous Nations to ensure their knowledge is preserved, protected, and shared.
I wish to acknowledge Elder Herman Many Guns and Dr. Rob McMahon who provided insight and expertise that greatly assisted to write this article.
The post The Piikani Cultural and Digital Literacy Camp Program appeared first on Internet Society.
Together Let’s #SwitchItOn and #KeepItOn! The Internet Society Releases Joint Statement with Access Now
This week the Internet Society is at RightsCon, one of the world’s leading conferences on human rights in the digital age. The event brings together business leaders, policy makers, government representatives, technologists, and human rights defenders from around the world.
We are proud to stand together with Access Now in our belief that a globally connected, secure and trusted Internet is the foundation for exercising our online rights. We are proud to release this joint statement calling for an open Internet that includes everyone.
Please support our call to the nations of the world to #SwitchItOn and #KeepItOn.
Image © Nyani Quarmyne: Ucha Seturi (left), Murmani Tcharelidze and a helpful visiting journalist giving raising a tower near Koklata in Tusheti, Georgia, on 23 July 2017.
Top Internet, mobile, and telecom companies across the globe still have many steps they could take to better protect their users’ freedom of expression and privacy, a new report says.
The 2018 Corporate Accountability Index, released recently by Ranking Digital Rights, gave Google a top score of 63 among 22 companies rated for protecting freedom of expression and privacy. But with a perfect score being 100, all the companies rated fell far short, with most receiving failing grades, the group said.
The good news for users is that 17 of the 22 companies evaluated for the 2018 Index improved scores from last year in at least one area, and many had improvements in multiple areas. Ranking Digital Rights, a nonprofit research center tied to the New America Foundation’s Open Technology Institute, rates the companies on 35 indicators.
“We’ve seen some improvement, but there’s a long way to go,” said Rebecca MacKinnon, director of the Ranking Digital Rights project. “At the same time, some of the improvements we’ve seen have been genuinely meaningful.”
A second piece of good news for users: Some of the companies, particularly the rank-and-file employees, seem to pay attention to their rankings in consumer-focused studies, MacKinnon said during a recent panel discussion. “You benchmark companies, and actually, a lot of them care a lot,” she said.
After Google, the top scores in this year’s rankings were 61 for Microsoft, 59 for Oath, and 55 for Facebook, although the rankings were compiled before a recent series of moves by Facebook to protect user privacy in response to the Cambridge Analytica data leak.
Apple ranked in the middle of the pack for Internet and mobile companies, with a score of 44. The scores for Google and Microsoft both dropped slightly from the 2017 rankings, bucking the general trend of improvement.
Internet companies scored better than telecoms/Internet service providers, with the United Kingdom’s Vodafone scoring a 52 to take the top spot among telecoms. AT&T, from the United States, was second among telecoms with a score of 49.
Companies in Russia, China, and the Middle East scored the lowest. China’s Tencent scored 23, Russia’s Mail.ru scored 21, and China’s Baidu scored 17. On the telecom side, the United Arab Emirates’ Etisalat scored just an 8, and Qatar’s Ooredoo scored a 5.
Google and Apple didn’t response to requests for comment on their scores. Facebook declined to comment on its score, but a representative pointed to a series of blog posts on its new privacy tools.
The Corporate Accountability Index ranks companies on 35 indicators related to privacy and freedom of expression, including how they inform users of data breaches, whether they tell users about government requests for user information or account restrictions, and how they share user information with other organizations.
One of the goals of the index is to help users understand how their privacy and freedom of expression is affected when they use the world’s most popular Internet and telecom companies.
“When power is exercised on us, either by companies directly for their own business reasons, or by governments, or by other third parties that are using or manipulating these platforms, we need to know,” MacKinnon said. “We need to know who can exercise power over our digital lives, under what circumstances.
“We need to be able to understand who is exercising this power if we’re going to hold power accountable,” she added.
While MacKinnon said she was somewhat optimistic about improvements in the rankings, Anil Dash, an entrepreneur and tech ethicist, called for new regulations to protect user privacy and expression.
Most government policy now treats Internet services and social media outlets as a consumer good than can be purchased or declined, but new ways of looking at regulation are needed, he said. While many companies want to improve, there are some “unapologetic bad actors” in the tech industry, he added.
Although many tech companies want to be “seen as doing the right thing,” it’s difficult for users to put other kinds of pressure on them, said Dash, CEO of Frog Creek Software. It’s nearly impossible to boycott many Internet and social media companies because they can still create a profile of you even if you delete your account, he noted.
“There isn’t actually any meaningful way to opt out of Facebook for anybody in basically the developed world right now,” he said.
The post Internet Companies Have More Work to Do on Privacy, Freedom of Expression, Report Says appeared first on Internet Society.
Encryption is a critical building block for online trust, but it’s never perfect. Any encryption you use is the product of many steps. Encryption methods have to be defined; protocols for implementation have to be specified; and then the protocols have to be implemented. Each step is handled by different people and potentially introduces vulnerabilities along the way. Even with the best lock design in the world, if someone builds the lock with variations in the design (either intentionally or accidentally), it might be easily picked.
When you own a broken lock, you have it fixed or use a different one – encryption is no different.
Yesterday (14 May 2018), the Internet security community was alerted to newly discovered vulnerabilities in the secure email ecosystem, dubbed “EFAIL”. EFAIL can make the content of emails encrypted with PGP and S/MIME readable to an attacker. While there are some fixes users and companies can make to mitigate EFAIL, cases like this underscore the importance of choice when it comes to secure communications.How does the EFAIL attack work?
EFAIL abuses a combination of vulnerabilities in the OpenPGP and S/MIME specifications and the way that many email clients render remote content in email to allow an attacker to exfiltrate the plaintext of previously encrypted messages. Full details of the attack are available from the researchers and there are also some videos showing the exploit in action against Thunderbird and Mac Mail.
Some things to note about the attack:
- The attacker needs to have a copy of the encrypted message. This could be obtained by snooping on the traffic as it passes over the network, or by compromising email servers or email accounts, for example. On the one hand this means it is not trivial for an attacker to mount a successful attack using EFAIL. On the other hand, attackers with these capabilities are precisely what PGP and S/MIME are intended to protect against.
- The easiest way to exploit the EFAIL vulnerabilities is to abuse the automatic rendering of remote content in HTML email. Disabling this functionality in email clients therefore provides some protection against EFAIL.
- A successful attack requires the attacker to send a modified version of the encrypted email back to the victim, and for the victim to open that modified mail. Again, this sets a higher bar for a successful exploit and requires the attacker to reveal something about resources they control (the source of the modified email).
- Attackers with access to archives of encrypted mail could abuse EFAIL to exfiltrate plaintext, so emails sent many years ago are also vulnerable.
There are several actions you can take to mitigate your risk to the EFAIL vulnerability. Users should:
- Ensure that your chosen email client never automatically renders external content. This will mitigate some but not all of the EFAIL risk. (Allowing remote content in email is never a good idea anyway, as it is often used by spammers as a way to verify email addresses and marketing campaigns as a way to know that the user has opened the marketing communication sent to them.)
- Apply software updates to address the EFAIL vulnerability as soon as they are made available by email client vendors.
- In their alert about the issue, the Electronic Frontier Foundation advised that users of PGP email client plugins disable or uninstall them until this vulnerability has been completely addressed. This does not mean that users should stop using encryption for their email, but that they should be using tools other than their email client to decrypt mail or make sure that they are using a non-vulnerable email client in combination with the appropriate protocol (see the table on page 11 of the draft paper for details).
When one form of encryption is broken or a secure service is no longer secure, it’s vitally important that alternative protocols, algorithms and services are available. This ‘defense-in-depth’ approach provides redundancy in the event that one component or tool is shown to have failed. There are of course many alternatives to email that can provide strong end-to-end authenticated encryption for messaging. For example, applications such as Signal and Wire provide high-quality multimedia messaging with strong security guarantees.
The EFAIL vulnerability provides another demonstration of the fact that making secure messaging systems at Internet scale is incredibly hard to do. It is made harder in the case of email where any security solution has to be retrofitted to protocols and applications that initially had no protections built in. Arguments about providing ‘backdoors’ in Internet encryption protocols often make this point: it’s hard enough to ensure there are no accidental vulnerabilities without having to provide security guarantees about deliberate weaknesses.
Encryption should be the norm for Internet traffic. Reliable secure messaging systems are one piece of a trustworthy Internet infrastructure. Learn more about the Internet Society’s work on the issue of Internet encryption.
- How to Disable Loading of Remote Content & Images in Mail for Mac
- Outlook – Read Email Messages in Plain Text
*The EFAIL vulnerability was recently disclosed, as we learn more details about the vulnerability in the coming days, we will update the blog or follow up with a companion piece.
The post Encryption Isn’t Perfect, That’s Why Choices Are Important appeared first on Internet Society.
Innovative Licensing Approaches: Enabling Access in Hard-to-Reach Places Through Collaborative Partnerships
In the Republic of Georgia, high in the mountains of the Tusheti region, a community network has been built to bring faster Internet connectivity to those that did not have it. The story is compelling, not only for the determination of people to make sure that the Internet is available in one of the remotest places in the world, but also for their strong belief of what connecting to the Internet could bring to the people of Tusheti. “Tourism is a beacon of hope for us,” said Ia Buchaidze, who owns a local bakery, “and the Internet is very important for that.”
The project was a true collaborative partnership involving many parties: the Georgian Government, the Internet Society and its Georgia Chapter, the Small and Medium Telecom Operators Association of Georgia, LTD Freenet, and the Tusheti Development Fund (TDF). This network did not need a license, but it did need an authorization from the Georgian Government for it to be built and for the spectrum to be used. The objective was to provide access to a remote region through a locally-built and developed community network.
Similarly, in Mexico, a community network has been built in a remote and rural mountainous area – by a local team to provide more affordable local access. The project was initiated by Rhizomatica and the local community in Oaxaca. The project has a “social purpose license” to operate and use spectrum thanks to an innovative licensing approach taken by the Mexican regulatory authority, Instituto Federal de Telecomunicaciones (IFT). The objective of this project was to build and operate a community network in an indigenous region.
Two community networks. Similar objectives; similar needs. Community networks provide for an innovative path to connectivity, and are built and operated by local communities, with local communities, for local communities. Innovative licensing options enable connectivity in hard-to-reach places. At the Internet Society, our goal is to help support these types of projects and to promote innovative policy approaches such as innovative licensing and partnerships in order to fill connectivity gaps that exist worldwide.
There is a profound connectivity gap in many parts of the world and the Internet Society believes that it is urgent that we address it. According to the World Bank and the International Telecommunciation Union (ITU), roughly half of the world’s population is without Internet access. The gap exists in urban, rural, and remote areas of many countries, particularly developing and least-developed countries, and the consequences are well documented. Connectivity and the exchange of information strengthens democratic processes, spurs economic opportunity, and enables sharing of culture and ideas in ways previously unimaginable. Without Internet access, socioeconomic development is hindered. As the pace of technology development continues to accelerate, a growing digital divide may contribute to broader socioeconomic divisions both within and among communities.
The United Nations acknowledges the importance of connectivity, and as part of its Sustainable Development Goals (SDGs), it seeks to “significantly increase access to information and communications technology” and “strive to provide universal and affordable access to the Internet in least developed countries by 2020.”
Community networks can help close the digital divide. Community networks originate from the ground up. They are the result of people working together, combining their resources, organizing their efforts, and connecting themselves to close connectivity and cultural gaps. They’re fundamentally different from traditional communications networks in that they are bottom up. They are complementary, filling gaps and providing local access where commercial networks generally do not find it economically viable to operate.
Through common-sense regulatory and policy approaches and open dialogue with experts, communities and civil society, governments can assist in unleashing the potential of community networks, thereby enabling unserved and underserved areas to realize the transformative benefits of access to affordable connectivity.
The Internet Society’s Innovative Licensing policy brief demonstrates that innovative licensing approaches and other complementary regulatory action can enable access in places where access has been limited or unaffordable. It complements and builds on “Policy Brief: Spectrum Approaches for Community Networks.
We look forward to working with communities and our partners to continue to identify innovative ways to support community networks. Through collaborative efforts we can close “access gaps,” enable socioeconomic development, and support local innovation. Help us enable community networks by working with your local government to support them, by supporting new approaches to licensing, by building a community network, or by sharing a story about a local community network with us.
Read the policy brief, Unleashing Community Networks: Innovative Licensing Approaches and learn how you can support and even build a community network!
Image © Nyani Quarmyne: Lasha Tunauri (left) and his packhorses wait while Konstantin Stalinsky, Giorgi Kirvalidze and Amirani Giorganashvili complete construction of a tower on Kheki, a mountain peak in Tusheti.
Coming to a space station near you: Artificial intelligence is going to space – maybe not a space station, but a satellite – predicts an aerospace executive, quoted in SpaceNews.com. So-called geospatial intelligence, housed on satellites, will collect massive amounts of data in space and analyze it, she says.
More blockchain believers: Tech giant Oracle plans to release its own blockchain software with a platform-as-a-service product coming this month and decentralized ledger-based applications coming next month, Bloomberg notes. Oracle is working with Banco de Chile to log inter-bank transactions on a hyperledger and with the government of Nigeria to document customs and import duties on blockchain.
Does blockchain even lift? Blockchain can help improve the sports and fitness industry by allowing instructors to securely stream workouts, allowing customers to avoid that annoying trip to the gym, Forbes suggests.
Social media eyes encryption: Facebook and Twitter are both looking at encrypting some user communications, according to news reports. Facebook has voiced support for end-to-end encryption on its blog, apparently in response to concerns it was moving to weaken encryption on its WhatsApp messaging service, BGR.com notes. However, Facebook hasn’t enabled encryption by default on it Messenger service, the story says. Meanwhile, Twitter is debating whether to encrypt direct messages, TechCrunch reports.
Russia targeting Viber? Messaging app Telegram has gotten a lot of attention for refusing to turn over encryption keys to the Russian government. It appears that the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media isn’t stopping there. The Viber messaging service may be next, reports Koddos.net.
The NSA is listening: The U.S National Security Agency “vacuumed up” more than 534 million telephone records and text messages from U.S. telecommunications providers in 2017. That’s more than triple the NSA’s collection in 2016, the New York Times reports.
Return of a nasty IoT botnet: The so-called Hide and Seek botnet, running on a number of hacked IoT devices, has returned with the unique ability to survive device reboots, Security Boulevard reports. The botnet was also the first to communicate through a custom-built peer-to-peer protocol.
Does this mean they’re self-aware? More than 60 IoT security cameras were compromised recently, with the message “I’m hacked” left on the devices. Victims had failed to change the default security password.
The post The Week in Internet News: Artificial Intelligence Heads to the Final Frontier appeared first on Internet Society.