Français | English | Español | Português

European Union Economy

Britain’s economy will shrink if it leaves the European Union without a Brexit deal and it will suffer some damage whatever terms it agrees, the International Monetary Fund (IMF) said Monday, challenging the promises of some Brexit supporters.
The IMF said an abrupt break from the European Union would cause harm to the British economy, adding that the U.K. won’t be prepared for such an outcome when it leaves next March.
www.wsj.com | 9/17/18
Bank of England Gov. Mark Carney agreed to stay on at the central bank until 2020 to help steer the economy after the U.K. exits the European Union, the second time that Brexit has prompted the Canadian to delay his departure.
www.wsj.com | 9/12/18
Israeli Prime Minister Benjamin Netanyahu lashed out Friday at the European Union over its first financial support package to help bolster Iran's flagging economy, calling it "a big mistake" and "like a poison pill to the Iranian people."
www.foxnews.com | 8/24/18

Google is working on a return to China, with the tech giant developing a censored search engine to appease the country’s laws, according to a report from The Intercept on Wednesday.

The search engine would “blacklist sensitive queries,” according to a company whistleblower, who told the outlet he was concerned about the precedent this move would set.

“I’m against large companies and governments collaborating in the oppression of their people, and feel like transparency around what’s being done is in the public interest,” the whistleblower told The Intercept. “What is done in China will become a template for many other nations.”

Also Read: Jimmy Kimmel Accepts Ted Cruz's One-on-One Basketball Challenge - and He's Got Jokes (Video)

Google’s clandestine plans have been spearheaded by CEO Sundar Pichai since early 2017, according to the report. The project, operating under the name “Dragonfly,” is limited to a few hundred employees, The Intercept reports. The search engine would strictly be a mobile app when it launches, potentially within the next six to nine months, according to the report.

“We provide a number of mobile apps in China, such as Google Translate and Files Go, help Chinese developers, and have made significant investments in Chinese companies like JD.com. But we don’t comment on speculation about future plans,” a Google spokesperson told TheWrap.

Also Read: Ex-Google Engineer Sues Company for Sexual Harassment, Says She Was Slapped at Company Party

China’s “Great Firewall,” as it has facetiously been dubbed, has stifled free speech online for years through a network of moderators, technical restraints and legislative regulations. The Chinese government blocks access to pornography and news stories that are overly critical of its Communist regime, as well as major sites like YouTube, Twitter and Facebook. Google’s new search engine would scrub results for topics the government doesn’t allow, like the 1989 Tiananmen Square protests, along with certain images, per The Intercept. A parallel online universe exists in China, with popular social media platforms like WeChat and Weibo, a Twitter-esque communication app, filling the void of their blocked Western analogs.

President Xi Jinping has made it clear in recent years he isn’t in favor of a free press.

“All news media run by the party must work to speak for the party’s will and its propositions, and protect the party’s authority and unity,” Xi said in 2016.

Also Read: Logan Paul Gets YouTube Downgrade: Ousted From Google Preferred, Booted From 'Foursome'

Google operated a censored version of its search engine in China between 2006 and 2010. The Mountain View, California-based company pulled out of China as its online censorship became increasingly severe. Attempts “to further limit free speech on the web,” said the company in 2010 had given it reason to back away from the country entirely.

That decision appears to be reconsidered under Pichai’s stewardship.

Related stories from TheWrap:

Google Hit With Record $5 Billion Fine by European Union

Breitbart and Drudge Hit by Google Cloud Issue, Go Offline

Google Unveils 'More Inclusive Vegan Salad' Emoji

www.thewrap.com | 8/1/18

The European Data Protection Board certainly has been keeping its records straight. Its 27 May statement starts with the following:

"WP29 has been offering guidance to ICANN on how to bring WHOIS in compliance with European data protection law since 2003."

All internet users have dealings with the Internet Corporation for Assigned Names and Numbers, yet the vast majority have never heard of ICANN. Responsible for deciding how the Domain Name System (DNS) is run, ICANN may be a technical standard-setting body, but its policies and activities acquire political nuances more often than not. At its core, there is a distinction between ICANN the organisation, incorporated in California, and the ICANN community, a multistakeholder group of volunteers who develop the policies that are subsequently implemented by the organisation.

Fifteen years ago, and only a few years after ICANN was established, European data protection regulators had already spotted the flaws with ICANN's WHOIS service, a public database of registrants' contact details. At the end of 2017, mere months before European General Data Protection Regulation (GDPR) came into effect, ICANN had yet to devise a plan to make its WHOIS registrant database compliant. However, this is no longer the era of paltry fines for violating data protection laws, when compliance was at best facultative.

Data protection as a human right

Here it's important to recall the diverse origins of data protection law. At the EU level, the 1995 Data Protection Directive aimed to harmonize the regulation of automated data processing in order to fulfill the EU's goal of free movement of goods and services (see recitals 7 and 8). In parallel, data protection began to be conceived as a human right, a notion that reached a more concrete with the Treaty of Lisbon and the 2009 European Union Charter of Fundamental Rights. Today's GDPR, which replaces the old directive, explicitly relies on the EU's human rights framework for its rationale (see recital 1 and following).

Unlike traditional human rights legislation, the GDPR contains concrete provisions for direct enforcement. That is, it grants entitlements to individuals against other legal persons beyond the state, i.e. companies. In addition, the contemplation of hefty fines for violation (up to 4% of global annual turnover for business entities), which is not an enforcement mechanism usually associated with human rights. This stick is what triggered the compliance rush witnessed over the past year, and the numerous subscription confirmation emails received from organisations long forgotten.

The GDPR is also interesting in that it creates an extremely specific and detailed bundle of rights to the benefit of EU citizens and residents against any data controller and processor, wherever they may be located. The EU thus acted according to a highly pragmatic conceptualisation of "online jurisdiction" similar to that of the Canadian courts in the 2017 Equustek case. In this high-profile copyright infringement case, the Canadian Supreme Court ruled that Google had to delist the incriminated website from its search results on a worldwide basis, not only under the google.ca subdomain. If a full de-listing meant applying Canadian law beyond its borders, so be it (it is worth noting the order failed at the enforcement level in the US.) With the GDPR, the EU adopts a similar perspective: individuals must be protected, even if it means potentially reaching out to every single data controller and processor in the world.

Extraterritoriality in cyberspace?

The application of laws based on residency, citizenship, or other non-territorial bases isn't new. Tax law, notably from the US, is often applied in a similar way. The internet makes such an application of law even more salient, as individuals create and manage legal relationships across territories at an unprecedented scale. This can be unsettling for the "territorial" states, hence the observed trend toward extraterritoriality. States seek to have their laws apply to individuals irrespective of their physical location, particularly when dealing with internet-related issues, as a means of obtaining immediate legal effectivity. Regardless of whether GDPR's alleged extraterritoriality is good or bad, it can be said that states, the EU, and courts will most likely favour an interpretation of "online jurisdiction" which maximizes their power and their perceived efficiency at enforcing their own laws.

An overly cynical (and factually wrong) conclusion would be that ICANN, as a non-profit California corporation, is not subject to human rights law, as they only create legal relations between governments and individuals. This would stem from an understanding of human rights law as a solely vertical arrangement between states and individuals, which disregards how an entity like ICANN can interfere with "horizontal" human rights entitlements, like those put into place by the GDPR. Recent events show that enforcing corporate respect for human rights is not some civil society pipe dream: a German court already ruled that ICANN's last-minute GDPR compliance plan is not quite compliant.

Human rights at ICANN, beyond the Bylaw

ICANN has found itself in a double bind: on one side, an expansive understanding of jurisdiction is gaining ground around the world; on the other, a set of human rights norms, previously constrained to treaties and the often staid world of public international law, is finding a new horizontality. The standard for personal data protection has been decidedly raised, prompting us to rethink what human rights compliance means. ICANN's global mission is tied to the functioning of internet, but its operations can severely interfere with individuals' exercise of human rights, as well as the commitments of governments to uphold these rights.

Developing a high-level commitment, as ICANN did with its 2017 Human Rights Bylaw, is a first step. However, viable solutions must, at the same time, go deeper. Indeed, the operationalisation of ICANN's human rights bylaw must pass through a refocusing of the lens, away from international treaties and into the low-level application of human rights norms at the transnational and national level. Rather than biding time before fines mandate action, the ICANN community should carry out sustained research and documentation of ICANN's concrete interference with human rights, both existent and potential. The multistakeholder community should also put in place the necessary efforts to go beyond the mere human rights bylaw and into real compliance assessment, an ever-evolving activity that requires constant attention and monitoring.

In a 17 May letter, European commissioners asked ICANN, through its CEO, to "show leadership and demonstrate that the multi-stakeholder model actually delivers." Be it taunting or encouraging, this challenge underscores the current need for intentional, proactive leadership from both the ICANN organisation and its community. Beyond enhancing its accountability, proactively identifying and preventing human rights violations might just prevent further debacles the next time a human rights law (not so) suddenly becomes applicable to ICANN. As California adopts its own improved data protection law, that time may come sooner than expected.

Special thanks to Collin Kurre from Article19 for her thoughtful suggestions

Written by Raphaël Beauregard-Lacroix

www.circleid.com | 7/19/18
The European Union is pressuring China to open its economy to outsiders and help revamp an international trade system now under fire by the Trump administration.
www.wsj.com | 7/19/18
The European Union is hunting for free-trade deals in Asia and Latin America to help compensate for lost business with the United States.
www.nytimes.com | 7/17/18
The United States exported $11.5 billion in agricultural products to the European Union last year.
www.nytimes.com | 7/11/18
British Prime Minister Theresa May secured a cabinet agreement on Friday for her plans to leave the European Union, overcoming rifts among her ministers to win support for "a business-friendly" proposal aimed at spurring stalled Brexit talks.
www.dnaindia.com | 7/7/18
We have told G7 Leaders to Make Gender Inequality and Patriarchy History For most people, the annual G7 meeting may just seem like an expensive photo-op that doesn't connect with any concrete change in people's lives. But for us, appointed by Canadian Prime Minister Justin Trudeau to sit on his G7 Gender Equality Advisory Council, it was a unique opportunity to push for strong commitments for girls' and women's rights. We had the opportunity to meet the seven leaders for breakfast and make a strong case for concrete commitments and accelerated action to achieve gender equality within a generation.  There is unprecedented momentum and support for gender equality and women's rights. With the universal adoption of the Sustainable Development Goals, which put gender equality at the center, and the global attention brought by #MeToo and related campaigns on ending sexual harassment and other forms of violence against women, support for improving outcomes for girls and women has never been so high. The explosion of discussions in our offices and shopfloors, our boardrooms and lockerooms, our dining rooms and bedrooms must come right to the G7 table. It is therefore significant that leaders spent two hours discussing gender equality and that it was also part of other discussions. As the richest economies in the world, G7 countries can bring about far reaching systemic changes envisaged in the global agenda for sustainable development. The impact of G7 countries goes well beyond their borders. We have told leaders that they must use this unique footprint for the benefit of women and girls.  Together with the Gender Equality Advisory Council, we have put forward a comprehensive set of recommendations.  As a foundation, it is critical to eliminate discriminatory legislation which persists in G7 countries and around the world. We also called for the removal of barriers to women's income's security and participation in the labour market. Concrete measures, such as legislation and implementation of pay equity can close the wage gap between men and women. And the jobs of the future, whether it is in the digital economy or artificial intelligence, must help close - not further widen - the gender gap.  For most women, the challenge of balancing productive and reproductive lives creates a "motherhood penalty" that triggers major setbacks for women in the economy. G7 leaders can shape an economy that closes the gap between women and men through affordable childcare, paid parental leave, and greater incentives for men to do half of all care work.  Addressing violence against women in the workplace is critical. Employers, shareholders, customers, trade unions, Boards, Ministers all have an obligation to make workplaces safe, hold perpetrators accountable and end impunity. The emerging International Labour Organization's standard to end violence and harassment at work should be supported to drive greater progress in this area. None of this will happen without the full participation and voice of women at all decision-making tables. We applaud the increasing numbers of countries with gender equal cabinets. We need more countries to follow suit, as well as the private sector.  Because men still disproportionately control our political, economic, religious, and media institutions, they have a special responsibility to actively support policies and cultural change. Men's voices and actions, including those of our predominately male political leaders, are critical because they have such a big impact on the attitudes and behavior of other men.  We welcome the announcement by Canada, the European Union, Germany, Japan, the United Kingdom, and the World Bank of an investment of nearly US$ 3 billion for girls' education, including the single largest investment in education for women and girls in crisis and conflict situations. This is a significant step forward to build a foundation for greater progress.  In our own work, as the Executive Director of UN Women, and as a writer and activist focused on engaging men to promote gender equality and end violence against women, we've been witness to dramatic changes over the past few decades. The courage of individual women and the leadership of women's movements have meant that patriarchy is being dismantled in front of our eyes. But greater leadership is required. A strong commitment by G7 leaders to take this agenda forward beyond the Summit can push forward the most dramatic and far-reaching revolution in human history. The one that will make gender inequality history. UN Women
[Premium Times] Nigeria needs more international investments amidst a rising population, the European Union Ambassador to Nigeria, Ketil Karlsen, said on Monday.
allafrica.com | 6/27/18
In the two years since the vote to leave the European Union, Britain has gone from being a pace-setter among the world's big economies to falling into the slow lane.
www.dnaindia.com | 6/23/18
Wales' Economy Secretary Ken Skates says British firms cannot afford the lack of clarity from the UK government on the future terms of trade with the European Union.
www.bbc.co.uk | 6/22/18

Early June 2018 the European Internet community traveled into the Caucasian Mountains to participate in EURODIG 11. On its way into the digital age, Europe is, as EU Commissioner Mariya Gabriel said, at another crossroad. In cyberspace, Europe risks becoming sandwiched between US and Chinese Cyberpower policies. Social networks, search engines, smartphones, eTrade platforms — key sectors of today's digital economy — are dominated both by the US and Chinese giants: Alibaba and Amazon, Google and Baidu, Facebook and Weibo, Apple and Huawai. And it is also clear, that the 2020s global political agenda will be determined by issues like cyberwar and digital trade where the United States of America and the Peoples Republic of China will be the main competitors. Insofar EURODIG was a good opportunity to discuss the role of Europe in this forthcoming very complex cyber powerplay.

EURODIG is the European regional version of the UN based Internet Governance Forum (IGF). The 11th edition in Tbilisi, Georgia, saw 800 registrations from more than 50 countries, representing all stakeholder groups. And the agenda covered nearly everything: from cybersecurity and digital trade to artificial intelligence and human rights. EU Commissioner Mariya Gabriel called EURODIG "the most successful and most relevant regional initiative on Internet Governance." And indeed, over the years, EURODIG has innovated the IGF processes with new ideas: interactive formats of sessions, tangible output in form of clear and short messages, a youth IGF, open calls for themes, decentralized and bottom-up management procedures.

However, the Tbilisi meeting also showed that the IGF community, which has grown substantially since the days of the 2005 UN World Summit on the Information Society (WSIS), is now also partly the victim of its own success. There is a risk that the "usual suspects" of the global Internet Governance debate, who have been the drivers of discussions in the past, are sidelined and substituted by new communities which represent new powerhouses from governments and businesses. Those powerhouses have their own new agendas and tend to ignore widely what has been achieved over the last two decades in building a functioning Internet Governance ecosystem.

Reinventing the Wheel?

For years the message from EURODIG and the IGF was: Internet Governance is a big political issue and the multistakeholder approach is an innovation in global policymaking. 15 years after the WSIS I, world leaders have now recognized that the internet is indeed a big issue — they call it now "cyber" or "digital" — and they discuss it at summit meetings like BRICS, G7 or G20. But they have partly different ideas how to manage this network of networks. They pay lipservice to the multistakeholder approach, but the reality is that the majority of governments prefer to negotiate Internet-related issues behind closed doors.

This is the case if it comes to cybersecurity where a UN Group of Governmental Experts (GGE) tried to define rules of the road for the cyberspace. This is the case for digital trade, where the intergovernmental World Trade Organisation is negotiating behind closed doors frameworks for eCommerce. Both issues have been discussed since years both at the IGF and EURODIG. And agreements which have been achieved in this global Internet Governance debate are certainly also relevant for cybersecurity and digital trade.

The Tunis Agenda (2005) has defined what Internet Governance is and has invited both state and non-state actors to participate — in their respective roles — in the development of Internet-related public policies. The NetMundial Declaration (2014) has defined fundamental principles for good behaviour in cyberspace and has specified guidelines for multistakeholder cooperation as openness, transparency, bottom-up and inclusive. ICANN's IANA transition (2016) has demonstrated the feasibility of multistakeholder cross-community processes by transferring the responsibility for the management of key global Internet resources — domain names, IP addresses, and Internet protocols — to the empowered community (which include also governments in their respective role).

But the new intergovernmental negotiating bodies which are dealing now with cybersecurity and digital trade are rather dislinked from IGF and ICANN processes. What we see is that new intergovernmental silos are emerging and the risk is growing that in all those new closed silos the cyberwheel is reinvented.

This new intergovernmental silo approach could become a big problem. The Internet is a network of networks, everything is connected with everything via protocols and codes. This has consequences for Internet-related public policies. In the analog world, security issues had only little to do with trade, environment or freedom of expression. In the digital world, those issues are interconnected as the new EU data protection legislation (GDPR) is demonstrating. The regulation of a human rights issue — privacy — has far-reaching consequences for the business model of internet corporations and the security agenda of law enforcement agencies. And this is valid also the other way around. Any cybersecurity treaty will have economic implications and touches human rights. And agreements on digital trade will have a cybersecurity component and will also have consequences for human rights.

In other words, the big challenge with the Internet Governance Ecosystems and its growing complexity is not only to include all stakeholders in their respective roles in policy development and decision making but also to inter-link the new emerging intergovernmental silos and to pull them into a multistakeholder environment. What is needed is a holistic approach to global Internet negotiations as it was also recognized during the recent Bratislava meeting (May 2018) of the Global Commission on Stability in Cyberspace.

The Need for a Holistic Approach

How to organize such a holistic approach? The first step has to be to enhance communication among all governmental and non-governmental stakeholders. Decisions can be made only on an informed basis. No single stakeholder has all the knowledge and all the capacities which are needed to find sustainable solutions.

There is a need for something like a "global clearinghouse" which identifies the key components of an issue before decisions are made. But wait a minute, such a "clearinghouse" does already exist. If we would not have the Internet Governance Forum (IGF), there would be a need to invent it now. The IGF and its regional and national subsidiaries — like EURODIG — provide the needed framework for such a discussion across constituencies, stakeholders, state and nonstate organizations. The problem is that some governments and some business underestimate the potential of the IGF and are looking for alternative venues.

It is certainly true that the IGF has some weaknesses. The UNCSTD IGF Improvement Working Group has made some recommendations which have been reaffirmed by the UN General Assembly in its WSIS+10 Resolution in December 2015. Progress is slow but there is improvement: More intercessional work, more tangible output, more interlinkage with national and regional initiatives. And we see as EURDOG in Tbilissi has demonstrated, a more interactive cross-community debate, the involvement of more young people and the ability to send 62 short and concrete messages to all stakeholders which tell them what they could and should do in fields like cybersecurity, digital trade, artificial intelligence or human rights.

The new UN Internet Commission, which will be probably established under the guidance of UN Secretary-General Antonio Guiterres by the forthcoming UN General Assembly in fall 2018 would be very wise if it would push for a strengthening of the IGF process and to recommend to governmental and non-governmental stakeholders not only to deepen the multistakeholder cooperation but to argue also in favor of a holistic approach.

A new Round of Controversies?

However, recent meetings on the highest political level did send some contradicting and confusing messages to the global Internet community.

On the one hand, the leaders of the G7 — including US President Trump, French President Macron and the German Chancellor Merkel — during its meeting in June 2018 in Canada remained silent with regard to cybersecurity and digtal trade, but agreed on a "Commitment on Defending Democracy from Foreign Threats" which included the establishment of "a G7 Rapid Response Mechanism to strengthen our coordination to identify and respond to diverse and evolving threats to our democracies, including through sharing information and analysis, and identifying opportunities for coordinated response… in collaboration with governments, civil society and the private sector". The G7 wants to "engage directly with internet service providers and social media platforms regarding malicious misuse of information technology by foreign actors, with a particular focus on improving transparency regarding the use and seeking to prevent the illegal use of personal data and breaches of privacy."

On the other hand the leaders of the Shanghai Cooperation Organisation (SCO) — including Chinese President Xi, Russian President Putin and India's President Modi — during its parallel meeting in China supported "the central role of the UN in developing universal international rules and principles as well as norms for countries' responsible behaviour in the information space." They advocated for "the establishment of a working mechanism within the framework of the UN". And they argued that "a governing organization established to manage key internet resources must be international, more representative and democratic."

What does this mean? Is this the kick-start for a re-opening of the ICANN vs. ITU controversy? It could become a "hot fall" for Internet discussions.

In October 2018 there will be ICANN's High-Level GAC Meeting in Barcelona. The other week ITU's Plenipotentiary Conference starts in Dubai. Mid-November 2018 will see the IGF in Paris. And at the end of November 2018, the leaders of the G20 meet in Buenos Aires. Let's wait and see how the Internet world looks in December 2018.

A Chance for Europe

In this process, Europe has a chance to become a driver and pioneer.

1. Europe's strength is the rule of law. European institutions — from the Council of Europe with the European Court of Human Rights to the institutions of the European Union with the European Parliament, European Commission and European Court of Justice have produced instruments and offer procedures which make clear that cyberspace is not ruled by the "law of the jungle". GDPR is an interesting case and it remains to be seen how this European regulation contributes to more stability in cyberspace. It is a complicated issue and slippery territory but there is a need for rules-based frameworks also for issues like cybersecurity, taxation, fake news, hatespeech and others.

2. Europe's opportunity is industry 4.0, Artificial Intelligence and the Internet of Things. To link Europe's manufacturing industry to digitalization has a lot of potential. Europe has a highly developed educational system which is able to produce the skill sets needed for tomorrows digital economy.

3. But Europe's weakness is to translate good ideas into concrete policies and projects. The 28 member states of the EU have declared the establishment of a Digital Single Market as a high priority. Under the Estonian EU presidency (Fall 2017) there was a "Digital EU Summit". There is some progress, but progress is slow. And Europe has an implementation problem.

Looking into the coming months, there is a window of opportunity for a big European Cyber initiative which could include also proposals for a holistic approach to global Internet negotiations. When the French president Macron announced that Paris will host this year's IGF in Paris (November 2018) he also indicated that time is ripe to speed up Europe's journey into the digital age. After Paris, The Hague will host EURODIG 12 in June 2019. And the 14th IGF is scheduled for Berlin (November 2019). What is needed now on the road to Paris, The Hague and Berlin is more European steam.

Written by Wolfgang Kleinwächter, Professor Emeritus at the University of Aarhus

www.circleid.com | 6/18/18
Events at the Group of Seven summit have brought the European Union closer together, Germany's economy minister said on Monday.
www.dnaindia.com | 6/11/18
German business groups are pressing for clarity from Britain on its plans for a post-Brexit relationship with the European Union, and urging London to allow companies' employees "uncomplicated" access.
www.foxnews.com | 6/11/18
On the eve of his first visit to Austria, Vladimir Putin gave a lengthy interview to Austrian television channel ORF.The interviewer, Armin Wolf, was interested not only in issues of Russia's foreign policy, but also in domestic political plans of Vladimir Putin harbours. It is worthy of note that, as the Austrian journalist said, there were no prohibitions from the Kremlin concerning the topics of the interview. Armin Wolf was least interested in details of the possible mutually beneficial cooperation between Moscow and Vienna, although this was the reasons for the interview to take place. Contrary to the general trend set by the United States, Austria did not expel Russian diplomats in connection with the so-called "Skripal case.""Austria and Russia have long had very good and deep relationship. Austria is our traditional and reliable partner in Europe. Despite all the difficulties of previous years, with Austria, we have never interrupted our dialogue in politics, security and economy," Putin said, adding that the two countries have many common interests.However, Wolf wanted to find out why the Russian administration was working closely with Austrian nationalist parties that are critical of the European Union. The question contained an allusion to Russia's alleged intention to split the European Union. Putin had to patiently explain obvious things to the Austrian reporter:"We have no goal to divide anything in the European Union, we are interested in the prosperous EU, because the European Union is our largest trade and economic partner, and the more problems the European Union has, the more risks and uncertainties we have to deal with," Putin said. Of course, the Austrian journalist could not but ask Putin about "Russia's interference" in the presidential election in the United States. The journalist asked the Russian president about activities of the Internet Research Agency, aka the "troll factory", which is associated with Russian entrepreneur Yevgeny Prigozhin. The journalist persistently tried to get Vladimir Putin to confirm the thesis that the man who is commonly referred to as the "chef" because of his restaurant business, could influence the elections in the US, because he had very close ties with the Russian government. Putin had this to say in response to this question: "There is such a person in the United States, Mr. Soros, who interferes in all affairs throughout the world, and I often hear our American friends saying that America has nothing to do with it as a state. Rumour has it that Mr. Soros wants to shake the euro, the European currency, and this is already being discussed in expert circles. Ask the US State Department why he wants to do it. You will be told that the US State Department has nothing to do with it as this is a personal matter of Mr. George Soros. Here, we can say that this is a personal matter of Mr. Prigozhin. This is my answer to you. Are you satisfied with this answer?"Putin did not give a direct answer to the question of why he has not been able to have a meeting with his US counterpart Donald Trump lately. "The pre-election campaign for the Congress is getting started, and the presidential election is not too far away, attacks on the President of the United States continue in different directions. I think that this is the first thing," the Russian leader said explaining the reason why he has not been able to meet Donald Trump lately. Armin Wolf asked a question about the possibility of a nuclear war between the United States and North Korea. According to Vladimir Putin, "this is a terrible assumption," because the DPRK is a close neighbour of Russia, and one of Pyongyang's nuclear test sites is only 190 kilometres from the Russian border."We are pinning great hopes on a personal meeting between President Trump and North Korean leader Kim Jong-un, because mutual claims have gone too far," Putin said.Putin had to answer biased questions about the relations between Russia and Ukraine. He tried to explain Russia's position in detail, but the Austrian journalist tried to take the conversation in another direction.For example, speaking about the MH17 disaster, Armin Wolf dogmatically stated that the passenger plane was shot down with a missile of Russian origin and assumed that it was about time Russia should admit that officially. "If you have some patience and listen to me, then you will know my point of view on this issue, okay?" Putin replied, adding that, firstly, Ukraine has Soviet-made weapons and, secondly, Russia is not allowed to access the materials of the investigation, even though Ukraine can access it. The journalist continued by saying that "everyone already knows where the missile came from." Putin responded: "Malaysian officials have recently stated that they did not see Russia's involvement in the terrible tragedy. They said that they had no evidence to prove it. Don't you know about this?"Armin Wolf continued with a question about Russia's alleged military interference in the Crimean events from 2014."Russian army units have always been present in the Crimea. Do you want to just ask questions all the time or do you want to hear my answers? The first thing that we did when events in Ukraine began...but what kind of events were they? I will now say, and you will tell me yes or no. It was an armed coup and seizure of power. Yes or no, can you tell me?"The journalist mumbled that he was no expert on the subject of the Ukrainian constitution. Explaining how the Crimean peninsula escaped from Ukraine's rampant nationalism and reunited with Russia, Vladimir Putin switched to German in an attempt to convey his message to the Austrian journalist. "What should happen so Russia returns the Crimea to Ukraine?" the journalist asked."There are no such conditions and there cannot be. You have interrupted me yet again. If you had let me finish, you would have understood my point. When the unconstitutional armed coup took place in Ukraine, when power was seized by force, our army units were deployed in Ukraine on legal grounds - there was a Russian army base there. There was no one else there. But there were our armed forces there."The journalist was ready to interrupt Putin again, so the president had to say: "Seien Sie so nett, lassen Sie mich etwas sagen." ["Will you please be so kind and let me proceed."]. Then he continued:"When the spiral of unconstitutional actions in Ukraine started twisting, when the people in the Crimea started sensing danger, when whole trains of nationalists started arriving there, when they  started blocking buses and automotive transport, the people wanted to defend themselves. The first thing that came to mind was to restore their rights that had been received within the framework of Ukraine, when the Crimea was granted autonomy. This is what kicked everything off, and the parliament started working on the process to determine its independence on Ukraine. Is this strictly prohibited by the Charter of the United Nations? No. The right of nations to self-determination is clearly stated there," Putin said."The annexation of the Crimea was the first incident, when a country in Europe annexed a part of another country against its will, which was perceived as a threat to neighbouring states," the journalist interrupted Putin."You know, if you do not like my answers, then you do not ask any questions, but if you want to get my opinion on questions, then you have to be patient," Putin said. "The Crimea gained its independence as a result of the will of the Crimeans in an open referendum, rather than as a result of the invasion of Russian troops. You are talking about annexation, but do you call annexation a referendum held by the people living on this territory? In this case, one should call Kosovo's self-identification an act of annexation too," Putin said. Wolf tried to develop the Crimean question by drawing a parallel with events in Chechnya, Ingushetia and Dagestan.Putin replied: "Yes, Al-Qaeda's radical groups did want to alienate those territories from the Russian Federation and form their caliphate from the Black to the Caspian Sea. I do not think that Austria and Europe would have been happy about it. Yet, the Chechen people themselves came to an entirely different conclusion in the elections, and the Chechen people signed an agreement with the Russian Federation."When talking about Syria, the journalist claimed that Russia was defending a regime that was using chemical weapons against its people."You said that everyone proved that Assad had used chemical weapons. Yet, our specialists say the opposite, and it goes about the Douma incident, which was used to strike a missile blow on Syria after it was assumed that there were chemical weapons used in the city of Douma," Putin said adding that the OPCW was invited to investigate those events."Instead of waiting for one or two days and giving the OPCW an opportunity to work on the spot, a missile attack was conducted. Please tell me: is this the best way to resolve a question of objectivity of what was happening there? In my opinion, it was an attempt to create conditions that wold make investigation impossible," Putin said. As for Russian domestic affairs, the Austrian reporter asked only a couple of questions about low salaries and the number of the poor."Since 2012, Russia has gone through a number of very difficult challenges in its economy. That was not only because of so-called sanctions and restrictions, but also because prices on Russian traditional export goods had halved. It affected Russia's GDP budget revenues, and ultimately, people's incomes. Yet, we have preserved and strengthened the macroeconomic stability in the country," Putin said. Armin Wolf also asked Putin about his plans for the future, as well as about the Russian opposition. "Some say that you have turned the country into an authoritarian system, in which you are the czar. Is this true?" the journalist asked."No, this is not true, because we have a democratic state, and we all live within the framework of the current Constitution. Our Constitution says that a president can be elected for two consecutive terms. After two legitimate terms of my presidency I left this post, did not change the Constitution and moved to another job, where I served as the prime minister. Afterwards, I returned in 2012 and won the election again," said Putin.The Austrian journalist was very interested why opposition activist Alexei Navalny could not participate in the elections. Wolff also wanted to know why Putin prefers not to call the blogger's name in public."We have a lot of rebels, just like you, just like the United States," Putin replied. "We do not want to have another, second, third or fifth Saakashvili, the former President of Georgia. We do not want people like Saakashvili on our political scene. Russia needs those who bring positive agenda, who know, and not just designate problems, and we enough of them, just like you have in Austria, just like in any other country," Putin added. Wolf continued insisting that Navalny was not given an opportunity to run, and people could not even take a look at the candidate. "Voters can look at any person they want because the Internet is free for us. No one shut him away. The media is free. People can always go out and say something out loud, and this is what various political figures do. If a person acquires some sort of electors' support, then he becomes a figure which the state must communicate and negotiate with. Yet, if their level of confidence is 0,01, 0,02, 0,03 percent, then what can we talk about? This is just another Saakashvili. Why do we need such clowns?" Putin said. "My presidential term has just begun, it's only a start, so let's not put the cart before the horse. I've never violated the Constitution of my country and I'm not going to do that," the president said answering a question about his plans for the future. At the end of the interview, the journalist asked Putin a very unusual question that, as it seems, no one has ever asked the Russian president before. The question was about Putin's so-called "alpha male photos," on which he posed semi-naked. According to the journalists, it is unusual for a head of state to publish such photos for the general public."Well, thank God, you said semi-naked, and not naked. If I'm having a holiday, I do not think I should hide in the bushes, there's nothing bad about it," Putin said. Later, Armin Wolf shared his impressions of the interview with the Russian president. He said that the Russian president was a very artful and complex interlocutor. Wolf added that he was impressed with Putin's quiet voice most. "As a matter of fact, my expectations were justified. Judging from what we see on television, Vladimir Putin is not very tall, I knew it, we all know what he looks like, but there's a thing that really struck me. He has a rather sonorous voice, but he speaks very quietly, especially before and after the interview, and even quieter when he speaks German. You have to concentrate a lot to understand him, because he has a very quiet voice. This struck me most in such a powerful man," said the journalist.
Lebanon is set to heal the economy and combat corruption once it forms a new government, President Michel Aoun told European Union Ambassador to Lebanon Christina Lassen during a meeting at Baabda Palace Friday.
The arrangement would put Europe’s fourth largest economy into the hands of parties deeply antagonistic to the European Union, its currency and illegal migrants.
www.nytimes.com | 5/31/18

Looking to read your favorite local paper while on your summer vacation to France? That might not be an option anymore.

Several major U.S. newspapers have blocked readers from their own online sites in Europe, after sweeping new data privacy laws went into effect on Friday. Multiple people in Europe told TheWrap they could not access websites for papers including The Los Angeles Times, New York Daily News and The Chicago Tribune.

Those and many more media outlets have now started greeting readers with a warning that their content is unavailable in European Union countries. The BBC first reported the story.

“Unfortunately, our website is currently unavailable in most European countries,” reads the L.A. Times notification. “We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solution that will provide all readers with our award-winning journalism.”

The reason for the block? The EU’s General Data Protection Regulation (GDPR), which hits companies with big fines for not following certain guidelines on handling user data.

The GDPR aims to make companies more transparent with how data is collected, how its being used, and also forces companies to delete data once its no longer useful. The new regulation applies to every business in Europe, from newspapers to tech companies to banks — and comes with a stiff penalty if it isn’t adhered to. The EU can now fine companies up to 4 percent of their global revenue or 20 million euros, whichever is greater, for violating its policy.

Rather than deal with the potential repercussions, Tronc, the owner of the L.A. Times, and other major media outlets have decided to block its papers in the EU. Lee Enterprises, which owns nearly 50  newspapers in the U.S., has also followed suit.

A Tronc representative did not immediately respond to TheWrap’s request for comment on if there’s a timeline for when its outlets will be available again in Europe.

Related stories from TheWrap:

Facebook Wants Your Naked Pics to 'Proactively' Fight Revenge Porn

How to Watch Facebook CEO Mark Zuckerberg Testify on Data Leak to European Parliament

Cambridge Analytica Files for Bankruptcy After Facebook Data Leak Scandal

www.thewrap.com | 5/25/18

Have you ever sold a domain name that was just sitting in your registrar account? Maybe it was for that idea you had, but never found the time to develop. Perhaps it was for a business or website you once ran and then let go by the wayside. Then one day, out of the blue, that dormant domain turned into a winning lottery ticket. You got a random call or email from an interested party and the next thing you know that domain (which you've forgotten why you even renew it each year) is sold for $3,000 or $30,000 or more. A nice, unexpected financial windfall. It happens. Well, it happened. Now, if you want to play the domain name lottery, you're going to have to more actively buy a ticket, thanks to GDPR.

Are you wondering what GDPR means for you? Sure, you are, everyone is. And everyone, on some level, is probably a bit confused. From businesses to individuals, from website owners to website visitors, the new European Union data protection rules will likely impact you. You surely have already felt its impact on your email inbox, as it has swelled with GDPR related notices, updates, and opt-in requests, probably from many companies and websites that at first glance you never even heard of (or didn't know you had any prior contact with.)

The introduction of the EU's General Data Protection Regulations, which go into effect today, have put tech companies' development teams on task for months, even years, updating and changing systems and policies in order to be in compliance with today's brave (well, more private) new world. While technically these new regulations apply to the data of residents of the European Union, when it comes to the Internet, for all practical purposes we live in one big online world. Not only is everyone potentially connected, but everywhere is connected. If you have an online presence of any sort, you likely have visitors from around the globe. When it comes to the Internet, we are the world. As a result, while the EU may be driving these new regulations, unless you are able to (and desire to) actively block any users or traffic from the EU, the changes being made to comply with GDPR will affect users from all regions.

And that's where GDPR has taken away your "free" domain lottery ticket. Given the blanket data and privacy changes being made, public "Whois" information has essentially gone dark. That means that there is no longer a relatively easy way for that random interested buyer to find out who owns an unused domain they may be willing to pay good money for. That means that there is no longer a way for those random unused domains sitting in your account to turn into a lottery ticket on their own. If you want even the remote possibility for someone to find you and contact you about purchasing a domain that you own, you will now have to take active steps to make sure your information is available and that the name is listed "for sale" in a public domain name marketplace.

Active domain investors are well-aware of this and have taken steps to ensure their portfolios are ready for sale, and many have long had websites and sales landing pages that their registered domains point to. For us regular folk, who are sitting on a bunch of domains we don't use but aren't actively trying to sell, it's time to get up off the couch and do something.

First, check with your registrar and see if they are offering the opportunity to "opt-in" to make certain contact information public. This may or may not be possible for you. Second, it's time to consider listing your dormant domains "for sale" on domain name marketplaces. With the lack of publicly available whois information, folks interested in buying an already registered domain name will have no choice but to flock to marketplaces such as Sedo.com, Names.club, Afternic, and others. While selling one of your unused domain names for a financial gain is certainly not guaranteed, if your name is not listed somewhere so that you can be contacted, the chances of a random sale are virtually nil.

Like a lottery, you have to be in it to win it!

Written by Jeffrey Sass, Chief Marketing Officer, .CLUB Domains

www.circleid.com | 5/25/18
[New Era] Windhoek -The classification of Namibia as a tax haven by the European Union (EU) last year can have serious repercussions, such as sanctions, for the local economy. For this reason, government has engaged EU to have Namibia delisted as a tax haven as soon as possible and in this regard, a team of officials from the Ministry of Finance have just returned from consultative engagements from the EU headquarters in Brussels, Belgium.
allafrica.com | 5/23/18
German Chancellor Angela Merkel is heading to China with a business delegation as both Beijing and the European Union are grappling with the United States over trade issues and Washington's rejection of the Iran nuclear deal.
www.foxnews.com | 5/23/18

David J. Redl, Assistant Secretary for Communications and Information at the U.S. Department of Commerce and Administrator of the National Telecommunications and Information Administration (NTIA) at a Communications Forum luncheon at the St. Regis Hotel in Washington, D.C., on May 17.Implementation of European Union's General Data Protection Regulation, or GDPR, is a major concern of our government, said David Redl during a Media Institute luncheon held on Thursday in Washington DC. Redl, a critic of GDPR's ramifications on WHOIS, in his remarks stated: "Many aspects of our government's operations will be affected by GDPR, and the same is true for private sector companies of all sizes. GDPR is also threatening to upend the valuable WHOIS service, which could impede our work to curb botnets. ... GDPR, as currently framed, creates serious and unclear legal obligations that could have a widespread impact on transatlantic cooperation, law enforcement, and business operations. ... the EU's guidance issued for implementing the GDPR is vague and insufficient. American companies and the U.S. government do not have an adequate basis on which to comply with the law. ... Absent a broader interpretation of Article 49, a short-term moratorium on GDPR enforcement with regard to WHOIS may be necessary. If not, then come May 25, we anticipate registries and registrars will stop providing access to WHOIS directories and services."

www.circleid.com | 5/18/18
French President Emmanuel Macron said on Thursday that the European Union must protect EU companies doing business with Iran from U.S. sanctions being reimposed over Tehran's nuclear program.
Agriculture is a key, fast-growing industry in Africa – and Parrot, the European drone group, is offering business solutions, covering drones and software, to professionals in this business sector. Parrot-AIRINOV teamed up with the Technical Centre for Agricultural and Rural Cooperation (CTA), created by the European Union, to help tech start-ups develop precision agriculture all [&hellip
The European Union unveiled an upbeat economic outlook for the eurozone Thursday, but warned of rising risks from President Donald Trump’s protectionist trade policies and of the U.S. economy overheating.
www.wsj.com | 5/3/18
By the time the TV and film worlds descend on Cannes for next April’s MipTV and the film festival in May, Britain will no longer be a member of the European Union. “Brexit” officially happens March 29, 2019. But less than 11 months before that seismic event, the likely impact on the film and TV business […]
variety.com | 5/3/18

Data privacy will be among the items topping the agenda at an upcoming Caribbean Internet Governance Forum to be held by the Caribbean Telecommunications Union (CTU) in Suriname this month.

The meeting is part of an effort by several Caribbean countries to establish and strengthen policies to ensure that Internet users' personal information is collected, shared and used in appropriate ways.

It will take place from May 21 to 23, days before the General Data Protection Regulation (GDPR) comes into force in the European Union on May 25. The GDPR is a regulation on data protection and privacy for all individuals within the European Union. But Caribbean stakeholders are already preparing for the fallout across the region's geopolitical space.

"Although the GDPR comes into effect in Europe, its effect will be felt in the Caribbean, because the region includes Dutch, French and British territories, all of which fall under the EU jurisdiction, and will, therefore, have to comply with the GDPR from as early as May 25, 2018," said Nigel Cassimire, Telecommunications Specialist at the CTU.

Because the GDPR has significant penalties for companies found in violation of its data privacy regulations, the law could adversely affect Caribbean companies doing business with European companies.

"The onus is on European companies doing business with anyone in our region to ensure that whoever they do business with have measures in place that will enable them to remain compliant with the GDPR. For the Caribbean, it is urgent for us to understand what requirements will be placed on us," Cassimire said.

The forum will be held in Suriname, a former colony of the Kingdom of the Netherlands which became an independent nation in 1975.

The agenda will include a range of issues, including service resiliency and network neutrality.

The Caribbean Internet Governance Forum is a multi-stakeholder meeting initiated by the CTU and the Caribbean Community (CARICOM) Secretariat to coordinate a regional approach to Internet Governance. Since its inception in 2005, the forum has met annually and has focused on the formulation of a regional framework for Caribbean Internet governance policy, the proliferation of Internet exchange points, and the growth of Caribbean influence in the global Internet governance arena.

The forum is part of a series of ongoing policy development discussions across the region. Policymakers met in Miami on April 19 to discuss Internet governance issues at a special Caribbean Forum hosted by the CTU and the American Registry for Internet Numbers.

Written by Gerard Best, Development Journalist

www.circleid.com | 5/2/18
The European Union intends to tighten the standards regulating the digital economy...
macdailynews.com | 4/27/18

Piers Morgan has again taken aim at “Harry Potter” author J.K. Rowling.

British media personality Morgan, who has a history of criticizing Rowling on social media, took another shot at her on Friday, over a tweet Rowling posted about Brexit, the contentious referendum to withdraw the United Kingdom from the European Union.

Rowling’s tweet was in response to Daily Telegraph political correspondent Christopher Hope, who tweeted, “Why do owls get the right to a commemorative stamp but Brexit doesn’t?”

Also Read: Piers Morgan Rips 'Absurd Over-Reaction' to Laura Ingraham's David Hogg Tweet

To which Rowling replied, “Stamps are too small to depict the fact that nostalgic jingoism, fear-mongering, racism and flag-waving delusion narrowly won a referendum, thereby dividing the nation down the middle and ensuring longterm consequences for our society and economy, whereas owls are great.”

As it turns out, Morgan gave a hoot about Rowling’s sentiment, and let it be known in no uncertain terms.

“Of course, this kind of elitist, superior, arrogant ‘we know better than you thickos’ bulls— is precisely why Brexit (and Trump) won,” Morgan shot back.

Also Read: Kim Kardashian's Naked Crotch-Shot Shredded by Piers Morgan: 'Desperate.com'

Read the exchange below.

Stamps are too small to depict the fact that nostalgic jingoism, fear-mongering, racism and flag-waving delusion narrowly won a referendum, thereby dividing the nation down the middle and ensuring longterm consequences for our society and economy, whereas owls are great. https://t.co/n6cj0Tgm7K

– J.K. Rowling (@jk_rowling) April 26, 2018

Of course, this kind of elitist, superior, arrogant ‘we know better than you thickos’ bullsh*t is precisely why Brexit (and Trump) won. https://t.co/r3d8tZMYot

– Piers Morgan (@piersmorgan) April 27, 2018

Related stories from TheWrap:

Kim Kardashian's Naked Crotch-Shot Shredded by Piers Morgan: 'Desperate.com'

Piers Morgan Serial Killer Series Headlines 10 True Crime Shows Ordered by Oxygen

Piers Morgan Rips 'Absurd Over-Reaction' to Laura Ingraham's David Hogg Tweet

www.thewrap.com | 4/27/18
Last week, it was reported that the Central Bank of Turkey withdrew the national gold reserve from the US Federal Reserve System. Given the fact that the United States has been imposing whole packages of sanctions on Russia one after another since 2014, why does Russia still keep its gold and other assets in the USA? If it is not in the USA, then where does Russia keep her gold? Turkey's "American gold" was partly returned to Turkey and deposited to European banks, particularly in England and Switzerland. Ankara's gold reserve totals 564.6 tons.Accumulating physical gold by central banks has become a trend lately. Even such a small European country as Hungary returned three tons of its gold from London in early 2018. Venezuela, Holland, Austria and Germany did the same - the countries that feel pressure from the part of the Washington consensus. For example, both the European Union and the Western world have been criticizing Hungary heavily. The nation's gold reserve gives Hungarian Prime Minister Viktor Orban a reason to feel more confident.What about Russia? She has been the main "whipping girl" in the eyes of the "civilized world" lately. Yevgeny Fedorov, a member of the State Duma Committee on Budget and Taxes, told Pravda.Ru, that the information about the location of Russia's gold is classified." "Some of Russia's gold used to be stored in the USA, but we do not know whether Russia has returned that gold," the MP said. According to Yevgeny Fedorov, the Central Bank of Russia "is a branch of the US Federal Reserve, so I would not be surprised if we still keep some of our gold in the United States," he said. "If we don't keep our gold in the USA, then we do keep some of our assets there - i.e. we support the US economy, which is a very bad phenomenon," Fedorov told Pravda.Ru. This policy, the MP added, is stipulated in Article 15 of the Constitution, the system of international treaties and the status of the Central Bank of the Russian Federation. To change such a state of affairs, Russia needs to conduct revolutionary reforms. "It is only now, when the law on counter-sentences raises the need to remove US managers from Russian ministries and the Central Bank. If Putin wins with his policy to end the subordination to the American unipolar world, then everything may work out well," Yevgeny Fedorov told Pravda.Ru. In turn, researcher Mikhail Khazin told Pravda.Ru that Russia does not keep its physical gold in the US. "We keep our assets in US government securities, but we have been recently reducing the share of these assets significantly. There is a probability that the Americans will not give them back, so we need to get rid of those bonds," the expert told Pravda.Ru. Pavel Salin, director of the Center for Policy Studies of the Finance University, also said that Russia does not keep its physical gold in the United States."The Russian gold reserve is stored in Russia, and the foreign exchange reserves are kept at US Treasuries. We tend to reduce their amount, but it is impossible to do it instantly, because it will look like an attempt to collapse the US debt market with all ensuing consequences. It could also trigger a major conflict with China that holds $1 trillion 200 million in these bonds and Japan - about one trillion dollars," the expert told Pravda.Ru.According to the US Treasury, the Central Bank of Russia sold US government bonds worth 11.9 billion dollars from December to February, having this reduced the volume of assets by 11.2 percent ($93.8 billion). It is worthy of note that immediately after the introduction of sanctions against Russia in March 2014, the Central Bank of Russia withdrew about $115 billion from the US Federal Reserve System (FRS). However, two weeks after the incident, the Russian Central Bank returned the funds to Fed accounts, Reuters says. Pravda.Ru Read article on the Russian version of Pravda.Ru
[Egypt Online] European Union (EU) Commissioner for Neighborhood Policy and Enlargement Negotiations Johannes Hahn said that the EU is the first partner of Egypt, underlining the importance of bilateral cooperation so as to lure investments to Egypt.
allafrica.com | 4/23/18

What if we created a rule that gave everyone — good or bad — the right to hide their license plate, where they live, who they are, and just go incognito? What if we made it a right to walk into any building in the world, and simply say "No, thank you" when the security guards asked for one's identification? The criminals would celebrate, and we'd all be utterly alarmed. We would immediately be afraid for our personal safety.

And that's why I am utterly alarmed. This is exactly what is about to happen as the conflict between the European Union's General Data Protection Regulation (EU GDPR) and the Internet Corporation for Assigned Names and Numbers' (ICANN) WHOIS policies escalates. In short, the EU GDPR requires that any business that touches European citizens provide a right to privacy. ICANN has long established rules for the WHOIS database that emphasize transparency over privacy. Anyone who registers for a domain name (your virtual address on the Internet) must provide their name, physical address, email address, and telephone numbers for all of us to know who is the owner of the website connected to that domain name. All of this information is publicly available in the WHOIS database — kind of like the white pages for the Internet.

Well, the EU GDPR regulators think that violates their data privacy rules, and so ICANN is looking at limiting access to that data.

As a former federal prosecutor, this data was critical to my work in identifying criminals behind websites posting videos of children getting brutally abused or raped. It was also a critical starting point to build cases against online stalkers promoting stranger rape against their victims. In addition, WHOIS data helped us find movie pirates who were selling illegal online copies of movies that were still in-theater. As the head of internet enforcement for the Motion Picture Association of America, we would build cases using this data and often refer them to law enforcement for action. At Microsoft, we used WHOIS information to investigate cases globally involving hackers, fraudsters, and spammers attacking our customers. At MySpace, we stopped predators, spammers, identity thieves, and gangsters by unmasking criminals and civil no-gooders through the use of this data.

Yes, our online safety is clearly at risk. But, let me be clear, what happens online happens offline — these are not separate worlds. A predator finds their prey online to rape them offline. A thief gets access to life savings safely kept in bank accounts of seniors by setting up fraudulent online websites. A teen dies because she bought illegal drugs from an online drugstore.

Over the past eight years, I have helped real world people with issues that have started online, all through the use of WHOIS data. For example, I helped a revenge porn victim by unearthing the person behind the online postings. Just recently, the WHOIS database helped me identify who was behind multiple online attacks against a prominent actor and his children.

These are the stories that demonstrate the real need for transparency and accountability to help ensure personal safety in the online environment. Of course, respect for data privacy is important, but a myopic focus on privacy that elevates it above public safety and even protection of life itself is utterly unbalanced and dangerous. Unfortunately, the recent guidance issued to ICANN on April 11 by the Article 29 Working Party of European Data Protection Authorities adopts such an unbalanced approach. There are literally hundreds of thousands of people, adults and children, whose personal safety will be directly impacted when we let criminals put on hoodies and hide in the alley by creating a regulatory environment that essentially shuts off the well-lit neighborhoods that the WHOIS database provides. Just ask the over fifty national and international entities that signed a letter to ICANN raising awareness around these issues. These are groups and people from every aspect of our lives — these are people who care about the safety and security of our society.

It's easy to make rules protecting our desire to be private. It's much more challenging to write and properly apply regulations to achieve the correct and proportional balance that also recognizes and protects our global and fundamental right to be safe anywhere, anytime, anyplace. It's a challenge we can't ignore. Now is the time for the EU Data Protection Authorities to broaden their vision, lean forward and help solve this problem before May 25, 2018, instead of trying to pass the euro to ICANN.

Written by Hemanshu Nigam, Founder and CEO of SSP Blue

www.circleid.com | 4/22/18

Late last week, ICANN published the guidance from the Article 29 Working Party (WP29) that we have been waiting for. Predictably, WP29 took a privacy maximalist approach to the question of how Europe's General Data Protection Regulation (GDPR) applies to WHOIS, a tool widely used by cybersecurity professionals, businesses, intellectual property owners, consumer protection agencies and others to facilitate a safer and more secure internet. Unfortunately, comments submitted to WP29, and to Data Protection Authorities (DPAs) directly, detailing legitimate purposes for access to data that serve the public interest, and detailed proposals for accreditation and access to non-public data were largely ignored. The WP29 guidance seems to imply that a fragmented WHOIS system, with no reasonable way to access critical information to facilitate legitimate goals such as preventing fraud and the distribution of malware, is simply an inevitable consequence of implementing the GDPR.

Criticism from the United States Government, the cyber- and operational security community, and business community was swift. On Monday, United States Special Assistant to the President and Cybersecurity Coordinator, National Security Council Rob Joyce tweeted: "EU's GDPR is going to undercut a key tool for identifying malicious domains on the internet. WHOIS database will be noncompliant, or have to purge the data that makes it useful to find bad actors… Cyber Criminals are celebrating GDPR". Joyce's criticism of WP29's analysis echoes security professional Brian Krebs' prediction from April 4, 2018, stating that "the volume of spam, phishing and just about every form of cybercrime is going to increase noticeably. New privacy rules coming out the EU are going to take away the single most useful tool available to security experts: WHOIS." United States Secretary of Commerce, Wilbur Ross also weighed in, imploring the European Commission to take action.

Now that we know the thoughts of WP29, which, after May 25, 2018 (the date that the GDPR goes into effect) will become the European Data Protection Board (EDPB), it is time to fight back, and demand a balance of the right to protect personal information with other fundamental rights. ICANN is currently collecting comments from the community, in preparation for meetings with WP29 in Brussels on April 23, 2018.

Background

ICANN had asked WP29, the data protection and privacy advisory group made up of representatives from the DPA of each EU Member State, the European Data Protection Supervisor, and the European Commission, to give guidance on the "Interim Model for Compliance with ICANN Agreements and Policies in Relation to the European Union's General Data Protection Regulation," (the "Model") which was developed and published by ICANN earlier in the year. ICANN had presented the Model, and its detailed rationale, to WP29 along with an acknowledgment of areas of community divergence, with a special plea to WP29 to guide ICANN on these issues. Among the areas of divergence were prime points of concern raised by the Intellectual Property Constituency (IPC) and Business Constituency (BC) of ICANN, such as the need for continued publication of registrant email address, the global territorial application of the model even where no nexus to Europe exists, and other aspects of the Model which the IPC and BC have identified as being over-compliant with the GDPR. ICANN CEO Göran Marby acknowledged to the DPAs that many in the community provided extensive analysis and legal support to justify continued access to WHOIS for purposes of cybersecurity, consumer protection, and law enforcement and to prevent intellectual property theft, fraud and other malicious activity online.

The Advice

In its guidance to ICANN, WP29 deemed the purposes for WHOIS, as enumerated in the Model, to be insufficiently defined. In its letter, the group cited a previous opinion on purpose limitation, stating "WP29 has clarified that purposes specified by the controller must be detailed enough to determine what kind of processing is and is not included within the specified purpose, and to allow that compliance with the law can be assessed and data protection safeguards applied." The community has acknowledged the need for data protection safeguards (via a Code of Conduct for access to non-public WHOIS, which ICANN has asked its Governmental Advisory Committee (GAC) to develop), but it is surprising to see WP29 call for data safeguards to be developed per every individual purpose - a burdensome exercise for legitimate requestors that would destroy much of the operational functionality of WHOIS.

WP29 also cautioned ICANN to ensure that legitimate purposes contained within its model for compliance relate to ICANN's own mission, defined in its letter as "to coordinate the stable operation of the Internet's unique identifier system." They cautioned ICANN not to conflate its own purposes with the concerns and purposes of third parties, no matter how legitimate. This is, no doubt, a nod to the equally privacy maximalist statements on this issue from the International Working Group on Data Protection in Telecommunications (IWGDPT a.k.a. the "Berlin Group"), a privacy advocacy group made up of DPA representatives, NGO representatives, and members from civil society and the private sector. Last year, prior to the publication of any model for GDPR compliance, and referring to the then-fully-open WHOIS ecosystem, the Berlin Group had questioned whether the role of ICANN allows the organization to take into account any legitimate purpose related to law enforcement or security. Obviously many in the ICANN community are concerned about that statement, and WP29's reliance on it, including the GAC's Public Safety Working Group (PSWG), various security-oriented groups at ICANN, the IPC and the BC. The Berlin Group paper is misapplied to the Model, and is not authoritative. Further, ICANN's role is much broader than that suggested in the Berlin Group paper and subsequently the WP29's guidance. The full mission of ICANN can be found here, in the ICANN bylaws.

WP29 also gave advice related to accreditation for access to non-public WHOIS data, and again stressed the importance of clearly defined purposes with a specific legal basis for access to individual WHOIS data elements.

Notable in its absence, WP29 did not grant, or even mention a moratorium on the implementation of GDPR, which is understandably a primary focus of many within the community at this time, as well as ICANN itself. The May 25, 2018 deadline will remain the number one barrier to ensuring continued access to WHOIS data, as the contracted parties have indicated that the promise of hefty fines for not complying with GDPR will result in over-compliance, in the absence of a more nuanced model that can be quickly implemented. Some contracted parties have already indicated that any model which provides accreditation and layered/tiered access would be impossible to implement by May 25.

Also absent from WP29 guidance was any mention of the distinction between natural and legal persons, and the application of the GDPR in the Model to contracted parties and registrants that are not in the EU, both prime concerns of the IPC and BC.

The Fight

ICANN responded to WP29 just hours after their communication was made public last week, via a letter from Mr. Marby. The letter again stressed the need for a moratorium on GDPR enforcement, emphasized the negative consequences of a fragmented WHOIS system, and clarified the critical importance of ICANN's role in coordinating the global WHOIS system on the overall security and stability of the Internet — an obligation that falls squarely within its mission. Mr. Marby pointed out that fragmented WHOIS would "have a detrimental impact on the entire Internet", pointing out the concerns of law enforcement, cybersecurity processionals, consumer protection agencies, and IP owners. Mr. Marby further stated in his most recent blog that "ICANN recognizes the important of the GDPR and its goal of protecting personal data, but also notes the importance of balancing the right to privacy with the need for information."

ICANN recognized that following the WP29 guidance would result in fragmentation and notably indicated that it is "studying all available remedies, in order to seek clarity in our ability to continue to properly coordinate this important global information resource without fragmentation” (emphasis added). This thinly-veiled threat of legal action is surprising, and welcome. Mr. Marby also wrote that ICANN implores WP29 to "spend more time balancing between the important right to privacy and the need for information," further implying that ICANN is unhappy with the WP29 guidance, and may not intend to follow it blindly. Indeed, Recital 4 of the GDPR clarifies that the right to protection of personal data is not absolute, and must be balanced against other rights and the function of such data in society according to principles of proportionality.

As noted above, United States Secretary of Commerce Wilbur Ross also weighed in, in a recent letter to V?ra Jourová, Commissioner for Justice, Consumers and Gender Equality (European Commission), citing the importance of quick access to WHOIS data necessary for intellectual property rights enforcement, cybersecurity and law enforcement. Secretary Ross called for a temporary forbearance from GDPR enforcement on the processing of WHOIS data in order to address these goals.

ICANN is set to meet with the Technology Subgroup of WP29 to discuss these issues further on April 23, 2018. In the meantime, the community has been invited to comment on the WP29 guidance and to make further suggestions to WP29 about compliance with GDPR and accreditation and access to non-public data (including supporting a Code of Conduct which may address some of the DPA concerns about data safeguards). ICANN has assured the community that any information shared with ICANN will be provided to the DPAs, and has suggested that the community also send comments and analysis directly to the DPAs themselves. This response from ICANN indicates that the fight to preserve access to WHOIS data is far from over.

We suggest that businesses, intellectual property owners, consumer advocates, cybersecurity professionals and law enforcement and government representatives marshal additional comments to ICANN and the DPAs further illustrating and impacting the problems that a fragmented WHOIS system would create, and the negative impact it would have for consumers and other Internet users, the ecommerce ecosystem, and the Internet generally. Comments to ICANN can continue to be submitted to gdpr@icann.org and we encourage all community members to weigh in as soon as possible so that feedback can be taken into consideration during the next ICANN meeting with the DPAs on April 23, 2018.

Those affected by this issue should also consider additional steps to ensure continued access to WHOIS, including reaching out to Member States in Europe and other government representatives, considering other actions and remedies through courts and legislatures, and continuing to participate in developing an accreditation and access model for non-public WHOIS. The IPC and BC are holding another community-wide call to discuss the Accreditation and Access Model for Non-Public WHOIS data on April 24, 2018. Interested parties should sign up for that discussion by emailing admin-accred-model@icann.org.

The Intellectual Property Constituency is currently working on comments to ICANN and WP29, and contemplating other additional next steps.

Written by Brian Winterfeldt, Founder and Principal at Winterfeldt IP Group

www.circleid.com | 4/19/18
[Brookings] Given recent developments in the global economy, especially Brexit and the Trump administration's "America First" policy, it is worth assessing how Africa's three largest commercial partners--China, the European Union, and the United States--are likely to impact the region in the near future as it relates to trade and investment trends.
allafrica.com | 4/19/18

Facebook is updating its privacy controls, asking users whether they are OK with the social network using their profile information to hit them with targeted ads, ahead of new European regulations going into effect next month.

In a blog post late Tuesday, the company said it will ask users to agree to its new terms, including whether Facebook can share their browsing history and app usage with its ad partners. All of Facebook’s 2.15 billion users will be prompted to review their settings in the weeks ahead, but the changes will be seen first by European users. Facebook will give European and Canadian users an opportunity to opt-in to its facial-recognition software, best known for being used to tag pictures, after the tech has been banned due to regulations. Users will also be asked to review certain personal information shared on their profiles, like relationship status and their religious affiliation.

The changes go into effect ahead of the European Union rolling out its new new data privacy rules, dubbed the General Data Protection Regulation, next month.

Also Read: 'Silicon Valley': Zach Woods on Tech Culture and the Time He Didn't Recognize Elon Musk (Video)

“We not only want to comply with the law, but also go beyond our obligations to build new and improved privacy experiences for everyone on Facebook,” Facebook said in its blog post.

Of course, this doesn’t mean you can just opt-out of being hit with ads on Facebook. The only way to do that is to ditch the social network altogether. And as TechCrunch pointed out, Facebook’s use of blue buttons will prompt users to leave their settings alone when they go through their review. But the update gives users an opportunity to review the info advertisers leverage to hit them with ads.

From a business standpoint for Facebook, it puts the company within the guidelines of the GDPR, which looks to give users a better handle on how their information is used online. CEO Mark Zuckerberg called the updated EU rules a “very positive step” last week in his testimony to Congress, while addressing the Cambridge Analytica data leak, where up to 87 million users had their info compromised. The changes might be enough to keep American lawmakers from coming down on Facebook — although that was already unlikely.

Related stories from TheWrap:

Facebook, Microsoft, More Join Fight to 'Defend All Customers' From Cyberattacks

Bumble Offers Facebook-Free Login in Wake of Delete Movement

White Nationalist Richard Spencer Was Booted From Facebook

www.thewrap.com | 4/18/18

See: https://www.ravenpack.com/careers/common-lisp-developer

As a Common Lisp Developer, you will be part of the Analytics team which is in charge of the development and maintenance of applications that, among other things, extract data from incoming news and deliver user and machine-friendly analytics to customers.

You will be reporting directly to the Analytics Manager and will work with an international team of developers skilled in Common Lisp, Java, Python and SQL.

The ability to communicate effectively in English both in writing and verbally is a must. Knowledge of Spanish is not a business requirement. European Union legal working status is required. Competitive compensation and a fun working environment. Relocation assistance is available, but remote working is not a possibility for this position.

See: https://www.ravenpack.com/careers/junior-common-lisp-developer

At RavenPack we are searching for a Junior Common Lisp Developer to join RavenPack's Development Team.

As a Junior Common Lisp Developer, you will be part of the Analytics team which is in charge of the development and maintenance of applications that, among other things, extract data from incoming news and delivers machine-friendly analytics to customers.

You will be reporting directly to the Analytics Manager and will work with an international team of developers skilled in Common Lisp, Java, Python and SQL.

The ability to communicate effectively in English both in writing and verbally is a must. Knowledge of Spanish is not a business requirement. European Union legal working status is required. Competitive compensation and a fun working environment. Relocation assistance available, but working remotely is not possible for this position.

[This Day] Microsoft, a leading software giant has advised businesses in Nigeria, including small and large corporates that are aiming to expand beyond the shores of the country to achieve global best practice in business, to immediately key into the European Union's General Data Protection Regulation (GDPR) law. The law seeks to protect personal identifiable data across organisations.
allafrica.com | 4/9/18
A new data privacy and protection framework called the General Data Protection Regulation (GDPR) will come into effect across the European Union on 25 May this year – and it will change the game for African businesses, too. If your business based in Africa handles personal data about European residents and citizens, you will be [&hellip

We are on the brink of the most serious threat to the open and public Internet for decades. ICANN, under pressure from domain name registrars and EU data protection authorities, has proposed an "interim" plan that will hide critical information in WHOIS. Security, threat intelligence, and anti-abuse professionals rely on WHOIS to track down bad guys and keep the Internet as safe and secure as possible.

ICANN and the registrars have been going back and forth on ways to align privacy laws with the WHOIS system, which functions as a public "phone book" for Internet domains, recording information that includes the name, email address, street address, and phone number of the company or individual who registered the domain.

For years, there has been an accepted procedure for handling situations in which WHOIS conflicts with privacy law — nobody disputes the importance of protecting the privacy of natural persons. But now, with less than sixty days to go before the General Data Protection Regulation (GDPR) adopted by the European Union (EU) comes into force, registrars, who finance ICANN, have pressured ICANN into closing the public phone book effectively altogether, turning the open and public Internet into a Tor-like deep and dark net. Specifically, ICANN came out with an interim solution nicknamed the "Cookbook," which suggests completely masking the contact email address, thereby completely hiding who is responsible for managing or controlling a resource on the Internet. The Cookbook also suggests masking certain information for corporations, even though GDPR doesn't apply to them.

The ability to register domains anonymously is a massive problem for the security of the internet — attackers need to establish an infrastructure to originate their attack and set up servers to communicate with their malware. Often, they'll register multiple domains at the beginning of an attack campaign for use during all phases of their operations. Security professionals rely on WHOIS to query for ownership information about a domain, IP address, or subnet. Without this data, it becomes significantly more difficult to rapidly take down phishing sites or compromised domains hosting malware — the vast majority of cybercriminal activities. Some think that it is the hosting provider's problem to fix, but unless their customer is reaching out to them, they likely have a different service department handling the issue, and probably even have a backlog to deal with. By reaching out directly to the victims in parallel by phone and email, those victims are able to help themselves more quickly.

The Cookbook also makes it impossible to see which sites are connected or under the same management or control. For example, if someone in an organization's marketing department registered a domain using a corporate account without going through the correct internal procedures, and that site did not have the right patches or was not scanned for vulnerabilities, their online customers and visitors will likely become exposed to phishing and malware.

With the registrar business being low-margin, anything that will reduce the security line item on their budget is attractive to many registrars if they can get away with it. Registrars generally would rather conceal the connectedness between domain assets than lose business or deal with reports of malicious activity. Because GDPR is complex, difficult to interpret at this early stage and comes with heavy fines of up to 4% of annual global turnover, GDPR has been weaponized by registrars to pressure ICANN into making the domain name system more closed and private.

The Governmental Advisory Committee (GAC) of ICANN met in San Juan, Puerto Rico in March 2018. The GAC advised the ICANN Board to instruct ICANN to maintain the current structure of the WHOIS to the greatest extent possible. The GAC essentially pleaded to the ICANN Board to instruct ICANN that it must reconsider hiding the registrant email addresses from the free phone book, emphasizing (quite diplomatically) that it may not be proportionate given the significant adverse impact on law enforcement, cybersecurity, and rights protection it would have.

The GAC appropriately went even further by emphasizing to the ICANN Board that it must instruct ICANN not to erroneously use GDPR, which applies to people, as an excuse to shut down public access to corporate contacts in the phone book, which is not even in the remit of GDPR. This unjustifiable over-application of GDPR prevents companies from effectively defending their very own infrastructure. Whether requiring the same cryptographic hash function across registrars for individually owned domains so you can still pivot on the email across registrars is technically feasible, has been submitted for discussions right now with the world's top experts in this area. Technical discussions are also underway on whether requiring the local part of the registrant email on a corporate domain to be generic moving forward and otherwise masked (leaving only the corporate domain, which has no information relating to an identified or identifiable natural person) can be done for the sake of security and stability. These less drastic (conceivably possible) measures will certainly not be coming from the DPAs on their own initiative. The ICANN org must do that work.

If the phone book must change in some ways, notwithstanding the accepted procedures for handling WHOIS conflicts with privacy laws, then ICANN must ensure that those with a legitimate purpose still have continued access to the contact information needed to protect business and the public until the re-designed phone book is ready for use. You can't just close the book and tell security professionals, who rely on WHOIS data to keep the internet safe, to come back when it's re-designed, potentially months later. It's entirely unacceptable for ICANN to leave each registrar to decide if and how it will provide continuous access, with no means of enforcement. Continuous access must be mandatory. The phone books also have to be easy to use in today's world, i.e., not designed to impose limits that undermine all functionality in the digital age — if you can only use the phone book manually or less than you would reasonably need, the query volume limitation is no more than a disguised blockade. I guarantee that the registrars do not have the resources to start taking on the additional work needed on the back-end that is being done for them using bulk access. But unless and until the accreditation system is up and running efficiently, that is what would have to happen to avoid disrupting the stable and secure operation of the Internet's identifiers.

To repeat, we are on the brink of the most serious threat to the open and public Internet for decades. We must step up to the plate and not get complacent about this. ICANN must have a way to hold registrars accountable if they abuse GDPR as an excuse to cripple WHOIS.

We at RiskIQ sent a letter requesting such adequate assurances from the Board on March 26. To express your concern, we prepared a generic letter you can fill out here. This letter will go to ICANN's Board, ICANN's CEO, and the GAC Public Safety Working Group Co-Chairs. Copies will be sent to the DPAs. ICANN has since then corresponded in writing and subsequently published yesterday, twenty eight letters to DPAs asking for help:

We request you to help ICANN and the domain name registries and registrars to maintain the global WHOIS in its current form, through either clarification of the GDPR, a moratorium on enforcement or other relevant actions, until a revised WHOIS policy that balances these critical public interest perspectives may be developed and implemented.

The DPAs will not be able to come up with the technical solutions that are necessary to architect WHOIS in a way that is both compliant with GDPR and at the same time not damaging to the security and stability of the DNS. That is the only way an ICANN temporary policy can be used to hold registrars accountable. We need to do that work. A moratorium is not needed on enforcement, but rather, a tiered-phase enforcement forbearance that has strong snapback provisions. The phases should be subject to discussion between ICANN, the community, and the DPAs. One phase may be re-designing the public Whois so that it is minimally disruptive to the security and stability of the DNS and consistent with GDPR. The second phase may look at an accreditation model and what needs to be done by ICANN to help the community build it into the system architecture in a fair and just manner. For each phase, deadlines can be set against which the DPAs can measure whether to have enforcement snap back into force.

Yesterday, ICANN's President and CEO met with the technology subgroup of the Article 29 Working Party. It appears to have been confirmed based on a third-party source that as anticipated by ICANN, the WHOIS system is on the upcoming Article 29 plenary's agenda in less than two weeks. ICANN is hopeful that it will be provided with a moratorium on enforcement that would allow sufficient time to implement the model and build the appropriate accreditation system. The model must reflect GAC consensus advice not to make changes to the current WHOIS that are not required by GDPR and disrupt the stability and security of the DNS.

Written by Jonathan Matkowsky, VP of Intellectual Property & Brand Security at RiskIQ

www.circleid.com | 3/30/18
As it enters its final year of European Union membership, the U.K. looks set to be the slowest-growing economy among its wealthy peers.
www.wsj.com | 3/30/18

This article was co-authored by Wiley Rein LLP partner Megan L. Brown and attorney Michael L. Diakiwski, who both practice in the firm's Telecom, Media & Technology and Privacy & Cybersecurity practices.

Security for Internet-connected devices, the "Internet of Things" (IoT), is critically important. Now, more than ever, it is top of mind for device manufacturers, network operators, consumer advocates, lawmakers, and government regulators — domestically and internationally. In the face of recent attacks, government authorities and consumer advocates have proposed legislation, frameworks, certifications, and labeling schemes.

A sense of urgency to act must not threaten the efficacy of IoT devices or stymie innovative applications with premature or oversimplified approaches. Below we explore some of the proposals to enhance IoT security and underscore key principles, which should be followed to ensure that the marketplace continues to produce innovation beneficial across the globe.

Greater Use, Greater Threat

In 2017, worldwide demand for IoT devices skyrocketed. Networked devices have become, to a large degree, essential in many respects. It is estimated that more than 8.4 billion devices were in use in 2017, which was more than a 30% increase from the year before. [1] Every hour, a million new IoT connections are made and future predictions are even more staggering. [2] Ericsson estimates that between 2015 and 2021, the number of IoT-connected devices will grow by 23% each year. [3]

"Smart" devices will have profound impacts on our daily lives, with medical devices identifying diseases earlier and enhancing patient treatment, sensors improving efficiencies in farming and agriculture, controls monitoring and conserving energy use, and consumer devices simplifying everything from seamless global communications to residential security and entertainment.

But this explosion of connected devices comes with security implications. Unsecured devices can become infected with malicious code and be redirected without the knowledge of end users. This type of infected network, called a "botnet," can be used to launch distributed denial-of-service (DDoS) attacks, which can overwhelm networks and systems, causing them to fail.

In 2016, the largest DDoS attack to date, called the Mirai botnet, was launched against a major domain name system provider. This global botnet targeted the service provider, leading some of the most popular destinations on the Internet to go down. Other attacks target specific "devices" — such as connected vehicles and medical devices — and can result in a "hijacking" of the device, with the user or operator losing control of device itself.

Draft Legislation Aims to Tackle IoT Security

Some lawmakers feel the need to act. 2017 saw the introduction of a multitude of bills in Congress, aiming to enhance IoT security and end-user awareness.

For example, last October, the Cyber Shield Act of 2017 was introduced in the House and Senate. [4] The Act would direct the Department of Commerce to create a voluntary self-certification program that would independently identify, verify, and label compliant IoT devices with strong cybersecurity standards. Companies that meet the standards could display a compliance label on their products. The labels may be in the form of different "grades" that indicate the extent to which a product meets "industry-leading cybersecurity and data security benchmarks." The bill is discussed in more detail here.

Last summer, a group of U.S. Senators introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2017, [5] which would require companies selling connected products to the government to make commitments about security and expand device support. It would also create guidelines for each agency to impose vulnerability disclosure requirements. A description of the bill can be found here.

Another bill, the IoT Consumer TIPS Act, [6] would require the Federal Trade Commission (FTC) to develop guidance to help consumers improve their cybersecurity practices with respect to connected devices. It is discussed further here.

Additionally, the FTC has confirmed that it will be vigilant about IoT security and released updated guidance about compliance with the Children's Online Privacy Protection Act (COPPA), [7] confirming that COPPA does apply to IoT devices.

Calls for IoT "Standards" and Labeling Persist

Domestically and internationally, efforts are underway to establish minimum standards, certifications, or labeling schemes related to IoT security. Privacy and consumer advocates are developing proposals to reshape the certification and labeling of consumer devices.

In March 2017, Consumer Reports announced its "Digital Standard," [8] "an ambitious ... effort to shape the digital marketplace in a way that puts consumers' data security and privacy needs first." [9] The Digital Standard was developed by privacy and consumer rights advocates "to encourage industry to design and produce safer products for consumers." It is far from perfect, however. It has prescriptive security requirements and seeks to alter private industry security designs, without first getting industry feedback in the Standard's development. In March 2018, a year after its initial release, groups associated with the Digital Standard announced they would be seeking feedback from companies and other stakeholders to encourage broader adoption. [10] Yet the prescriptive nature of this standard may limit its broad application.

Consumer labels and disclosures about security are complex and should be carefully studied. Nuanced and variable information about technology attributes, security choices, end user behavior, updates, and third-party activity is not the sort of binary or objective data we are used to seeing on labels. Software lifecycle management is not like calorie information, and consumers may need more education about cyber hygiene than what fits on a label.

And the rest of the world is not sitting idly by.

In September 2017, the European Commission (EC) introduced a "Cybersecurity Package," which includes a stringent certification scheme for connected devices. [11] In the "Cybersecurity Act," the EC would establish rules to create certification schemes for particular Internet-connected devices and services. Presently, European Union member states may have varying requirements, and this framework seeks to coalesce around a more uniform certification. Under the proposal, the certification schemes would be voluntary, "unless otherwise provided in Union legislation laying down security requirements [for] products and services."

Among other proposals in the EC Cyber Package, a joint Commission and industry initiative would seek to define a "duty of care" principle to help reduce the risk of product and software vulnerabilities and promote "security by design."

In 2016, the Government of Japan released a "General Framework for Secure IoT Systems," [12] which "aims to clarify the fundamental and essential security requirements for secure IoT systems." Japan's efforts to build upon this General Framework, enhance security more generally, and collaborate internationally remain ongoing.

Diffuse efforts around the world introduce additional complexity into the marketplace, with the prospect of compliance with multiple standards and regulatory requirements. Governments should support international standards work that harmonizes varied approaches to regulating technology.

Core Principles for IoT Security Policy

Flexible approaches to collaboration on shared threats have significant advantages over national regulation or labeling schemes, which can fragment the global economy and limit technological innovation. Manufacturers and vendors of connected devices should be encouraged to routinely evaluate and improve endpoint security. [13]

Security should be risk-based. The consequences for compromised or failed devices vary significantly based on the environments in which they operate. A television at home may not need to meet the same rigorous standards of a system control regulating the flow of water or electricity. Risk models differ, and so too should approaches to diverse devices.

Approaches to IoT security should be data-driven, based on empirical evidence of a specific harm. Security policy should be adaptable both over time and across borders. This counsels against ossifying technical requirements in regulation or law. And any government IoT strategy should promote technical compatibility and interoperability, here and abroad.

This is an international threat that no one nation or actor can solve alone; the international community must collectively condemn criminal activities that exploit the openness and connectivity of the Internet. Governments must work together to shut down the criminal networks that threaten the resilience of the Internet and IoT ecosystem.

Finally, public education about the threats and best practices in this space is essential. Because unsecured devices can threaten the broader ecosystem, end users need to be educated about their roles and responsibilities.

Conclusion

With so many ongoing and overlapping efforts, there is a danger of premature, ill-considered, and conflicting requirements and obligations.

Standardized requirements, certifications, and labeling schemes are not practical in an ecosystem of billions of devices, each with varying use-cases, risk profiles, and applications across industries. Indeed, labeling or security "ratings" can breed a false sense of security, contribute to over-warning, and generate needless consumer litigation.

Inflexible or prescriptive requirements, such as those proposed in the Digital Standard, do not serve to drive advancements related to security or innovation. The pace of change in technology is only mirrored, in some cases, by the threats and risks that develop. Security, as it relates to technology, is evolving constantly. For this vast ecosystem, in a rapidly developing and expanding marketplace, security must be a risk-based and non-prescriptive. This will allow the many opportunities and benefits that IoT devices bring to our society to be felt across the globe.

[1] Press Release, Gartner, Gartner Says 8.4 Billion Connected "Things" Will Be in Use in 2017, Up 31 Percent from 2016 (Feb. 7, 2017), https://www.gartner.com/newsroom/id/3598917.

[2] i-SCOOP, The Internet of Things (IoT) — essential IoT business guide, https://www.i-scoop.eu/internet-of-things-guide.

[3] Ericsson, Ericsson Mobility Report — On the Pulse of the Networked Society, at 3 (June 2016), https://www.ericsson.com/assets/local/mobility-report/documents/2016/ericsson-mobility-report-june-2016.pdf.

[4] S. 2020, 115th Cong. (2017), https://www.congress.gov/115/bills/s2020/BILLS-115s2020is.pdf. H.R. 4163, 115th Cong. (2017), https://www.congress.gov/115/bills/hr4163/BILLS-115hr4163ih.pdf.

[5] S. 1691, 115th Cong. (2017), https://www.congress.gov/115/bills/s1691/BILLS-115s1691is.pdf.

[6] S. 2234, 115th Cong. (2017), https://www.congress.gov/115/bills/s2234/BILLS-115s2234is.pdf.

[7] FTC, Children's Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business (June 2017), https://www.ftc.gov/tips-advice/business-center/guidance/....

[8] The Digital Standard, https://www.thedigitalstandard.org/the-standard.

[9] Consumer Reports, Consumer Reports Launches Digital Standard to Safeguard Consumers' Security and Privacy in Complex Marketplace (Mar. 6, 2017), https://www.consumerreports.org/media-room/press-releases/2017/03/....

[10] Inside Cyber, Advocates seek input on 'Digital Standard' for IoT devices (Mar. 16, 2018).

[11] European Commission, Cybersecurity Act, COM(2017)477 ( proposed Sept. 13, 2017), https://ec.europa.eu/info/law/better-regulation/initiatives/com-2017-477_en.

[12] National Center of Incident Readiness and Strategy for Cybersecurity, General Framework for Secure IoT Systems (Aug. 26, 2016), https://www.nisc.go.jp/eng/pdf/iot_framework2016_eng.pdf.

[13] For more principles and a broader discussion, see Principles for IoT Security, United States Chamber of Commerce, available at https://www.uschamber.com/IoT-security

This article was co-authored by Wiley Rein LLP partner Megan L. Brown and attorney Michael L. Diakiwski.

Written by Megan L. Brown, Partner at Wiley Rein LLP

www.circleid.com | 3/29/18

After the Brexit vote, I wrote that there could be an impact on EU registrants based in the UK.

Over the past year, the UK government has been engaged in negotiations with the EU to navigate the application of Article 50 and the UK's exit from the European Union. While there has been a lot of focus on issues like the customs union and the border between Ireland and Northern Ireland, the eventual departure of the UK from the EU will have a tangible impact on the European digital economy.

In the case of the .eu ccTLD, the situation was unclear. Under the current policies, an individual or organisation needs to have an address in the EU and a couple of neighbouring countries to qualify for registration:

(i) an undertaking having its registered office, central administration or principal place of business within the European Union, Norway, Iceland or Liechtenstein, or

(ii) an organisation established within the European Union, Norway, Iceland or Liechtenstein without prejudice to the application of national law, or

(iii) a natural person resident within the European Union, Norway, Iceland or Liechtenstein.

While the UK leaving the EU could be seen as having a clear impact on future registrations of .eu domain names, one would have expected the European Commission not to want to disrupt existing domain names and their registrants. When other domain spaces have updated their policies, they've usually offered some form of "grandfathering" for existing registrations to minimise the negative impact.

However, it appears that the European Commission isn't going to take that approach. In an announcement earlier this week they've made it very clear that they have no intention of allowing existing registrants to keep their EU domain names if they are in the UK.

The document does give a very slight glimmer of hope, but it's only a tiny one. It is hypothetically possible for the UK and EU to reach some form of agreement that would allow for the continued use of .eu domains by UK registrants, but it's looking highly unlikely. Here's the full text of the notice they issued.

As you can see it's highly legalistic and makes lots of references to various bits of legislation and treaties, but the bottom line is summed up in this:

As of the withdrawal date, undertakings and organisations that are established in the United Kingdom but not in the EU and natural persons who reside in the United Kingdom will no longer be eligible to register .eu domain names or, if they are .eu registrants, to renew .eu domain names registered before the withdrawal date.

But what about businesses and individuals in Northern Ireland? Under the Irish constitution they're considered in many realms to be entitled to the same rights and entitlements as Irish citizens and residents:

ARTICLE 2

It is the entitlement and birthright of every person born in the island of Ireland, which includes its islands and seas, to be part of the Irish Nation. That is also the entitlement of all persons otherwise qualified in accordance with law to be citizens of Ireland. Furthermore, the Irish nation cherishes its special affinity with people of Irish ancestry living abroad who share its cultural identity and heritage.

ARTICLE 3

1 It is the firm will of the Irish Nation, in harmony and friendship, to unite all the people who share the territory of the island of Ireland, in all the diversity of their identities and traditions, recognising that a united Ireland shall be brought about only by peaceful means with the consent of a majority of the people, democratically expressed, in both jurisdictions in the island. Until then, the laws enacted by the Parliament established by this Constitution shall have the like area and extent of application as the laws enacted by the Parliament that existed immediately before the coming into operation of this Constitution.

2 Institutions with executive powers and functions that are shared between those jurisdictions may be established by their respective responsible authorities for stated purposes and may exercise powers and functions in respect of all or any part of the island.

Does this mean that businesses and individuals north of the border will lose their .eu domain names, or is there a chance of some form of derogation for them?

How can registrars and their clients lodge their concerns with the EU about this move?

Is EURid in a position to do anything?

At the moment there are more questions than answers, but what is sure is that the options are not looking anyway positive.

According to the most recent EURid quarterly report registrants in the UK account a significant chunk of the .eu registration base and weigh in as the 4th largest country for .eu registrations behind Germany, Netherlands and France:

Wiping out this number of registrations will have a negative impact on the .eu ccTLD as a whole, as well as a negative impact on many European based businesses serving the registrants of the 300 thousand plus names.

Is this unavoidable?

For now, as I mentioned above, there are more questions than answers.

Disclosure: my company is a .eu accredited registrar and I previously served two terms on the .EU Registrar Advisory Board.

Written by Michele Neylon, MD of Blacknight Solutions

www.circleid.com | 3/29/18
As it enters its final year of European Union membership, the U.K. looks set to be the slowest-growing economy among its wealthy peers.
www.wsj.com | 3/29/18
British Prime Minister Theresa May welcomed on Friday the approval by European Union leaders of a 21-month transition period to help business adapt after Brexit, telling the bloc to ride the "new dynamic" in looming trade talks.
www.dnaindia.com | 3/23/18
Economy Minister Peter Altmaier holds out the hope that the European Union will be exempt from tariffs on steel and aluminum imports to the United States. Now the waiting game begins.
www.dw.com | 3/22/18
[EA Business] Masinda -The European Union has earmarked 15 Million Euros to Support Uganda's beef sector.
allafrica.com | 3/12/18
w3architect.com | hosting p2pweb.net
afromix.org | afromix.info | mediaport.net | webremix.info