I’ve recently returned from the Cybersecurity and Cyberconflict: State of the Art Research Conference, organized by Dr. Myriam Dunn Cavelty and her colleagues at the Center for Security Studies, ETH, in Zürich, Switzerland. The conference brought together a mix of scholars researching “the strategic (mis)use of cyberspace by state and...
Public attribution of cyber incidents to nation-state actors is increasing. It is a challenging and important accountability function that is often performed by a combination of threat intelligence firms or other private actors and less frequently by states. But is it time to institutionalize cyber attribution? The cybersecurity community has...
ICANN* has a problem. One could even call it a disease - an organizational version of Sydenham’s chorea. What are the symptoms? This: ICANN has in place elaborate, well-defined, and reasonably balanced representational mechanisms for making policies. But every time it has an important decision to make, ICANN tries to...
The Internet Governance Project has prepared a draft response to a Notice of Inquiry (NOI) issued by the U.S. Commerce Department's National Telecommunications and Information Administration (NTIA) on "International Internet Policy Priorities." We were happy to see that the NOI asked specifically about challenges to free expression and the free flow of...
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. As a result, ICANN allowed registries and registrars to cloak the personal information of domain name registrants in WHOIS, with a caveat that those who had legitimate and proportionate purpose should be allowed access to this cloaked,...
What can we do to stop the militarization of cybersecpace by States? One answer might be convening a transnational cyber attribution organization. States need to be held accountable if they carry out cyber attacks. However, up until now, this has not been feasible. The infeasibility does not mean that cyberattribution...
“Martha: Truth or illusion, George; you don't know the difference. George: No, but we must carry on as though we did. Martha: Amen.” Edward Albee, Who’s Afraid of Virginia Woolf? Since February, the prominent security reporter Brian Krebs has been writing on his widely-read blog, Krebs on Security, that...
States are stuck in a “cybersecurity dilemma”. They can’t reliably distinguish between other states’ offensive and defensive activities. E.g., surveillance or probing being used by a state for defense might look like offensive measures to those states being surveilled or probed. As a result, cyber powers engage in a never...
I remember one of my first conversations about ICANN and WHOIS General Data Protection Regulation compliance with the ICANN CEO. The CEO told me (as he repeatedly told others) that ICANN should consult with the Data Protection Authorities about how to comply with GDPR. I agreed. The boundaries of WHOIS...
What's going on in China? I was invited there for a series of lectures at Beijing’s Communication University of China (CUC) during the week of March 18. Thanks to Professor Xu Peixi, who organized the tour, I got a chance to meet most of the academics, researchers and policy analysts...
“In characteristically rigorous fashion, Mueller’s outstanding book punctures the alarmist myth of Internet fragmentation and helps us to understand what is really at stake as nations and other groups vie for power over the Internet.”