The cyber norm panel that took place in early February at the Carnegie Endowment for International Peace sheds light on how “cyber norms” came about. States’ negotiations over international cybersecurity strategy evolved from focusing on ‘control of weaponization of information technology’ to ‘managing states’ behavior through cyber norms’. Moreover, it went from application of arms control to cyberspace to the application of international law. But the reason why states did not go for a treaty is yet to be explained.
On October 6th a letter was circulated to the negotiators preparing for the World Trade Organization’s 11th Ministerial meeting (MC11), which will be held December 10-13, 2017 in Buenos Aires, Argentina. The letter purports to speak for all of “global civil society,” and singles out for attack the prospect of an agreement on e-commerce trade, which it calls “a dangerous and inappropriate new agenda.” A large part of the text appeared several months ago as part of a Huffington Post op-ed written by Deborah James, a Director at the anti-free trade Center for Economic and Policy Research. In response to this letter, IGP wishes to make the following points:
Not the voice of “global civil society”
That statement is not the voice of “global civil society.” It is an alliance of labor unions primarily, with support from some anti-globalization environmental and church groups. While these are legitimate stakeholders who deserve to be heard, we wish to challenge the advocates’ pretense that consumers, civil society groups and the developing world all oppose free trade in e-commerce and only U.S.-based big corporations favor it and benefit from it. Continue reading
The FBI’s attack on Kaspersky Labs reached a new level last week when the Wall Street Journal published an article claiming that Kaspersky anti-virus software was exploited by Russian intelligence to exfiltrate information from an NSA contractor or employee. The person in question took sensitive information home on an unsecured computer that was running Kaspersky AV. The focus on Kaspersky lets the NSA off the hook for allowing yet another NSA insider to sneak classified material outside of the NSA network and put it on an unsecured computer. But the implications of this incident go far beyond the fate of a single Russia-domiciled security company. While there are many gaps in our knowledge, there is no doubt that, whatever Kaspersky’s level of culpability, this is largely a geopolitical conflict in which we and the Internet are pawns.
What is known?
Kaspersky AV products have won awards and high ratings from independent security testing labs for both home and business products. Kaspersky products, like those of any other security vendor in the world, have access and privileges to the systems they protect. Often the software surveils your computer or network and reports back to the AV company what it discovers. The implied, and not well-developed or substantiated argument in the WSJ article is that Kaspersky software detected special malware held by the NSA for breaking into other countries’ computers, and that Kaspersky notified the Russian intelligence agencies of its presence on this computer, allowing them to target the person.
From left to right: Ishan Mehta, Karl Grindal and Karim Farhat
We all know that allaying security and privacy concerns is decisive if the IoT is ever to deliver on all its hype. Georgia Tech’s Institute for Information Security & Privacy (IISP) is the collaborative focal point behind 11 separate initiatives addressing critical cybersecurity issues. As part of IISP’s 2017 Cyber Security Summit, IGP’s team of graduate students entered a poster competition intended to push ideas to market. That day, security experts met to discuss the latest trends and threats in cyber and later voted for the three most promising projects. We were thrilled to be selected to advance to the Final when we will be eligible for further funding through the National Science Foundation’s Innovation Corps (I-Corps) program and Create-X Startup LAUNCH. Our project consists of implementing a collaborative web-based registry of IoT devices (with a focus on orphaned devices i.e., no longer supported).