Two Italian law scholars, G. Sartor and M. Viola, have written up a nice description and analysis, in English, of the Judge's decision convicting Google executives of “processing health data without authorization,” apparently a criminal offense. Based on their description, the decision seems like a technically incompetent one as well as having bad policy implications.
Threats “everywhere:” A review of Cavelty’s “Cybersecurity and Threat Politics”
This is a book that deserves to get much more attention in this country. Cyber-Security and Threat Politics: US efforts to secure the information age by Myriam Dunn Cavelty provides a valuable historical and analytical perspective on the debate over cyber-security in the U.S. Cavelty links the cyber debate to securitization theory in political science; in this approach, what matters is how the threat is defined, how and when did a particular understanding of the threat gain acceptance and prominence, who promoted it, and what are its implications for policy and actions? Cavelty offers some important insights into the political, legal and economic implications of the way we define or frame cyber-threats.
How much DNS is blocked in China?
The most recent episode of The Ask Mr. DNS Podcast offers up some disturbing corroborating evidence as to the extent of DNS filtering and outright blocking occurring in China. VeriSign's Matt Larson and InfoBlox's Cricket Liu, who co-host the geeky yet engaging and extremely informative show, held a roundtable discussion including technical experts from dynamic name service providers (better known as “managed DNS” services) DynDNS, TZO, No-IP, and DotQuad, as well as Google and Comcast.
After recalling the recent episode where queries to Net Nod's instance of the i root were intercepted and tampered with resulting in incorrect responses being returned inside and outside of China for facebook.com and other websites, Larson posed the question whether others were having similar experiences. (NB: Net Nod's i-root server instance in Beijing is still shut down, as their CEO has apparently stated it is not possible to offer authoritative root service in China) Unfortunately, several of the managed DNS services providers answered affirmatively.
Is the London Action Plan effective?
In a recent empirical study correlating botnet activity with ISPs, academic researchers (Michel van Eeten, Johannes Bauer and Hadi Asghari) used participation in the London Action Plan and adherence to the Cybercrime Convention as variables. The London Action Plan (LAP) is a loose transnational, multi-stakeholder network of public agencies responsible for enforcing laws concerning spam. It spans 27 countries and also includes a few industry and NGO members. In political science these are known as Trans-Governmental networks (TGNs). Could such a loose, nonbinding governance form have an appreciable impact?
Finally, a public comment on root zone signing implementation
The US government has pushed back the date of DNSSEC implementation at the root zone by two weeks. The announcement, made at ICANN's “Root DNSSEC” web site, was vague about the reasons, saying only that it was “for further analysis” and to “finalize testing.” In a more important move, which may or may not be related, ICANN said that:
“the U.S. Commerce Department will issue a public notice announcing the publication of the joint ICANN-VeriSign testing and evaluation report as well as the intent to proceed with the final stage of DNSSEC deployment. As part of this notice the DoC will include a public review and comment period prior to taking any action.”
The existing plans for signing the root and deploying DNSSEC at the root zone were imposed on ICANN and its community by the U.S. government as a product of closed negotiations between the Commerce Department, VeriSign and ICANN.
Senate Commerce Committee passes Cybersecurity Act
Late last month the Senate Commerce, Science and Transportation Committee, chaired by Sen. Jay Rockefeller who also serves on the Intelligence Committee, unanimously passed an amended Cybersecurity Act of 2010. With regard specifically to Internet governance issues, the bill has changed dramatically, but it still provides some interesting language around defining critical infrastructure and setting a future research agenda.
Groundhog Day: 10,000 reminders of why ICANN’s public comment period on the .xxx domain is stupid
We knew – and we suspect that ICANN knew – that calling for public comment on the future of the .xxx domain after ICANN was slapped on the wrist for its mishandling of the proposal was a useless procedure. Now we have confirmation. As we approach the comment deadline (May 10), we have a flood (6,000 and counting) of comments from the same rightwing religious groups that mobilized against .xxx back in June and July of 2005. We also have another 150 comments from the Free Speech Coalition – a group of online porn providers who also didn’t like the idea 5 years ago and mobilized against it. And a petition with thousands of signatures for xxx. Does this sound vaguely familiar?
Transfer markets and the battle to come over IP address Whois
Network World writes that IPv4 depletion is happening faster than expected and that a black market might form to allow companies who need IPv4 addresses to get them. ARIN's CIO Richard Jimmerson notes that the ARIN community has been proactive in addressing this, “providing at least limited address transfer opportunities to mitigate that problem.” (other RIRs have similar policies)
For me, the emergence of transfer markets always seemed inevitable. The most important, and least talked about, aspect of the policies creating those markets has to due with the unanticipated use of registration records.
New research on how ISPs could combat botnets
New analysis, by a group of researchers including IGP's Michel van Eeten, suggests that by focusing mitigation efforts on a subset of ISPs could eliminate the bulk of zombie computers responsible for generating spam and initiating other online threats.
As reported in MIT Technology Review:
The researchers analyzed more than 63 billion unsolicited e-mail messages sent over a four-year period and found more than 138 million unique internet addresses linked to sending out the spam. Typically such machines have been hijacked by hackers and are corralled into a vast network of remote-controlled system known as a “botnet.”
Strickly speaking
Assistant Secretary of Commerce Larry Strickling, the head of the NTIA, made extensive remarks on Thursday at iNet, an Internet Society (ISOC) event organized by the recently reconstituted ISOC-DC chapter. In this post, we offer our interpretation and comments on the various issues.
