Italy’s political tensions with the European Union and the accompanying financial jitters are beginning to take a toll on the Italian economy, the latest data suggest.
www.wsj.com | 11/1/18
Italy’s political tensions with the European Union and the accompanying financial jitters are beginning to take a toll on the Italian economy, the latest data suggest.
www.wsj.com | 10/31/18
This blog by Ira Magaziner, often called the "the father of ICANN," is part of a series of posts CircleID will be hosting from the ICANN community to commemorate ICANN's 20th anniversary. CircleID collaborated with ICANN to spread the word and to encourage participation. We invite you to submit your essays to us in consideration for posting. (You can watch the video interview of Magaziner done for ICANN’s History Project here.)
* * *
My story begins in ancient times when dinosaurs ruled the earth. It was a time when you could download a movie onto your desktop computer through your 56k dial-up connection if you had a few days. It was a time when more people were on the Minitel in France than on the Internet globally and when the Republic of Korea could fit all of its internet users into one small hotel room. I know because I met them all in that room.
In early 1995, then United States President Bill Clinton asked me, as his senior advisor for policy development, to help recommend what steps he could take if re-elected in 1996 to accelerate the long-term growth of the US economy. I suggested that we set a policy environment in the U.S. and globally that could accelerate the growth of the newly developed Internet, we could help fuel a global economic transformation.
I realized that the Internet had great potential, but that its future was very precarious, balanced on a knife’s edge between two extremes that could delay it or even destroy it. On the one side, if the Internet was too anarchic with no publicly accepted guidelines, it could engender constant lawsuits, scaring away investors and people who wanted to help build it. On the other side, if typical forces of bureaucracy took over with a mass of government regulations and slow intergovernmental governing bodies, the creativity and growth of the internet would be stifled.
We formed an inter-departmental task force and over the next few years: passed legislation and negotiated international treaties with other countries that kept Internet commerce free of tariffs and taxation; recognized the legality of digital signatures and contracts; protected Internet intellectual property; allowed the market to set standards rather than regulators; kept Internet telephony and transmission in general free from burdensome regulation; and empowered consumers to use the Internet affordably, among other measures. We aimed to establish the Internet as a global medium of communication and commerce that could allow any individual to participate.
As we did all of this, there was one problem that concerned us deeply: how could the technical coordination of the Internet succeed and scale in the face of the complex political and legal challenges that were already beginning to undermine the legitimacy of the Internet as it then existed?
At that time, IANA was housed in a small office at the University of Southern California (USC) and run by Jon Postel under a contract the University had with the U.S. Department of Defense/Defense Advanced Research Projects Agency (DARPA).
From a small office filled with large stacks of paper and books on the floor, on tables, and hanging off of shelves on the walls, it was Jon who decided what the top-level prefixes were for each country, and who in each country should be responsible for administering the Internet.
The A-root server was run by a company called Network Solutions in Virginia under a contract with the U.S. Department of Commerce. It had a virtual monopoly to sell domain names. It worked with Jon to synch up numbers with names.
But, Jon and the leadership of Network Solutions did not get along. There were constant disputes. They were so frustrated with each other that on more than one occasion I found myself trying to referee disputes between them at the request of the Department of Commerce and DARPA who, as administrators of the contracts, were often caught in the middle.
Internet infrastructure was also insecure. I went on a tour to visit some of the servers that ran the Internet. Some were in university basements where I literally could have walked in and pulled the plugs on the servers. There was no security.
The tenuous nature of these arrangements led to significant concerns which came to a head one fateful week in early January 1996. During this week, the following events occurred:
It was quite a week. We clearly had to do something.
I went home that Sunday, and while watching my favorite U.S. football team lose terribly on the television, I drafted the first concept memo of what an organization could look like that could successfully solve the current and potential challenges.
The idea of setting up a global, private, non-profit, apolitical institution, staffed by technical experts, that would be a grassroots organization accountable to Internet users and constituencies, while also being recognized by governments, was unprecedented and risky. When I discussed it with my interdepartmental taskforce, we knew it would be difficult and somewhat messy to implement, but we felt it offered the best chance to allow the Internet to grow and flourish.
The organization would have a government advisory group that could ensure the views of the collective governments were at the forefront, but that the governments would not control it. The organization would provide a strong focal point recognized by governments to combat any lawsuits. It would be flexible enough to evolve as the Internet evolved. It would generate its own independent funding by a small fee on each domain name registration, but it should never get too big. It would be stakeholder-based, and its legitimacy would have to be renewed regularly by its ability to persuade the various Internet constituency groups that it remained the best solution.
After two years of consultation, vigorous debate and many helpful suggestions and excellent modifications, the Internet Corporation for Assigned Names and Numbers (ICANN) was born in 1998.
Grassroots democracy is by its nature contentious and there have been bumps along the way. Overall, thanks to the efforts of many people who have played pivotal roles like Becky Burr and Andy Pincus who worked with me in the U.S. Government to establish ICANN, Esther Dyson, Vint Cerf, Mike Roberts and Steve Crocker who guided ICANN at key points, and the efforts of many others too numerous to mention who did the hard work of building the organization, ICANN has succeeded.
The political, policy and technical controversies that threatened to stifle or even destroy the Internet in its infancy in the late 1990s did not do so. The Internet is alive and well.
Billions of people now use the Internet. It accommodates a myriad of languages and alphabets. Wi-Fi, mobile devices, applications, and the “Internet of Things,” have all been incorporated. Despite almost unimaginable amounts of data and more addresses and domain names than we ever contemplated, one never reads about technical or legal problems that caused the Internet to break down.
While serious issues of privacy, security and equity must be addressed, no one can doubt that the Internet has created a positive transformation in the way the world communicates and does business. The Internet economy has grown at ten times the rate of the regular economy for more than twenty years now.
Congratulations to all of the people who have made ICANN a success over the past twenty years and to those of you working with ICANN today who will ensure its success over the next twenty years.
Written by Ira Magaziner
www.circleid.com | 10/25/18
The vast majority of British firms are poised to implement their Brexit contingency plans by Christmas if there isn't greater clarity over the country's exit from the European Union, a leading business lobby group warned Sunday.
www.foxnews.com | 10/21/18
Gaining clarity on the NTIA-Verisign Cooperative Agreement.
Prior to November 30th of this year, the National Telecommunications and Information Administration (NTIA) must decide whether to renew or allow to expire its Cooperative Agreement with Verisign, the private-sector corporation that operationally controls the root of the Internet.
Addressing Competition Concerns vs. Internet Governance
The Cooperative Agreement is unusually obscure, especially considering its central role in the operation of the Internet's Domain Name System (DNS). In fact, the original document is strangely unavailable. It is possible to determine that it, historically, has contained provisions governing the DNS. However, over the years, various amendments have made obsolete most, if not all, of those provisions. Today, the only component remaining of any consequence is NTIA's unilateral right to review and amend the .COM registry agreement for purposes of promoting competition and consumer choice in the DNS.
The nature and scope of NTIA's wide-ranging authority to regulate competition are often misperceived. But, historically, any issue pertaining to the .COM registry agreement was deferred to NTIA for final approval. For example, many remember, in 2012, when NTIA acted unilaterally to limit the wholesale pricing of .COM registrations to $7.85. But far fewer are likely to remember that the Internet Corporation for Assigned Names and Numbers (ICANN) deferred to NTIA for final approval of its' 2006 settlement agreement with Verisign — pertaining to competition concerns involving Verisign's 2003 SiteFinder initiative — saying in a press release at the time, that the settlement:
Investment Indicates Importance
Verisign has a demonstrated track record of excellence at performing a focused set of essential functions that don't require breakthrough innovation nor competitive proficiency. One of the biggest risks to the Verisign-run Internet infrastructure are Distributed Denial-of-Service (DDoS) attacks, which are mitigated by maintaining enough available network resources to absorb the attack. With 21 years of uptime, Verisign is so confident in their massive overprovisioning that they even sell DDoS mitigation as a service.
A review of several years of publicly available financial reports reveals this: the world's leading provider of key Internet infrastructure and services — the entity more responsible than any other for the integrity of the root zone of the global Internet — allocates less than 7% of free cash flow to reinvestment in core infrastructure and pockets the rest in the form of stock buybacks.
Getting to the heart of the matter, if Verisign requires so little of the money they make from "the public interest" to maintain the critical Internet infrastructure with which they are entrusted - then why is it permitted to maintain such extraordinary margins?
Inaction Risks Corrosive Consequences
To be sure, this makes Verisign a Wall Street darling, and a favorite of Warren Buffett whose Berkshire Hathaway holds 14% or more of the company in its portfolio.
Mr. Buffet's enthusiasm is understandable when you consider that, in 2017, the company generated free cash flow of $703 million on $1.17 billion in revenue — that's more than 60% margin. But it keeps getting better — this year's forecast predicts profit margins approaching 68%.
But how much time will elapse before ICANN, facing a budget shortfall, remembers that it also represents the public interest and is justified in receiving extra financial assistance from its largest ratepayer?
The answer to this doesn't require a crystal ball — it's already happened. The 2011 registry agreement renewal of .NET included a provision creating a "special development fund" to collect $0.75 per domain name registration per year. The funds are placed into ICANN's general treasury with no required reporting or audits. So far, it's generated more than $80 million in unaccountable cash payments to ICANN from its largest ratepayer — the same thing applied to .COM would have generated more than $800 million since 2011. That is a transformative number for ICANN, yet would be written off — literally a tax deduction - as the cost of doing business by its' largest ratepayer.
In 2011, when the .NET registry agreement was renewed, a senior Verisign executive was quoted saying, "Except with respect to the need for Department of Commerce approval under the Cooperative Agreement, the terms governing the renewal of both the .net and .com agreements are similar." Because of the "special development fund" this statement was not entirely true. This underscores the critical nature of NTIA's right to review and amend the .COM registry agreement as an essential regulatory tool and effective accountability safeguard.
This matter pertains to regulatory activities that address competition concerns regarding an Internet infrastructure company — not strictly an Internet governance issue. Modifying the price restriction and/or other possible regulatory actions are domestic concerns. Nobody claims that the European Union can't bring enforcement actions against Internet businesses nor argues that ICANN should launch stakeholder working groups to settle specific competition concerns.
As I've suggested in comments previously submitted to NTIA, a consent decree could be an effective solution that would transition oversight from NTIA to the U.S. Department of Justice which has an Antitrust Division with the requisite expertise. If this avenue isn't available, then the Cooperative Agreement should be renewed for another full term with NTIA committed to a full review and vigorous oversight that protects "the public interest."
The data used here is publicly available for anyone to review and draw their own conclusions. I encourage anyone interested to examine the data and draw their own conclusions.
Written by Greg Thomas, Managing Director of The Viking Group LLC
www.circleid.com | 10/19/18
Right now, data compliance is top of mind for practically every South African business, and for good reason. The European Union’s GDPR (General Data Protection Regulation) came into force earlier this year, and by this time next year, our own POPIA (Protection of Personal Information Act) will almost certainly be in place. POPIA is based [&hellip
www.itnewsafrica.com | 10/16/18
Britain’s economy will shrink if it leaves the European Union without a Brexit deal and it will suffer some damage whatever terms it agrees, the International Monetary Fund (IMF) said Monday, challenging the promises of some Brexit supporters.
www.dailystar.com.lb | 9/18/18
The IMF said an abrupt break from the European Union would cause harm to the British economy, adding that the U.K. won’t be prepared for such an outcome when it leaves next March.
www.wsj.com | 9/17/18
Bank of England Gov. Mark Carney agreed to stay on at the central bank until 2020 to help steer the economy after the U.K. exits the European Union, the second time that Brexit has prompted the Canadian to delay his departure.
www.wsj.com | 9/12/18
Israeli Prime Minister Benjamin Netanyahu lashed out Friday at the European Union over its first financial support package to help bolster Iran's flagging economy, calling it "a big mistake" and "like a poison pill to the Iranian people."
www.foxnews.com | 8/24/18
Google is working on a return to China, with the tech giant developing a censored search engine to appease the country’s laws, according to a report from The Intercept on Wednesday.
The search engine would “blacklist sensitive queries,” according to a company whistleblower, who told the outlet he was concerned about the precedent this move would set.
“I’m against large companies and governments collaborating in the oppression of their people, and feel like transparency around what’s being done is in the public interest,” the whistleblower told The Intercept. “What is done in China will become a template for many other nations.”
Google’s clandestine plans have been spearheaded by CEO Sundar Pichai since early 2017, according to the report. The project, operating under the name “Dragonfly,” is limited to a few hundred employees, The Intercept reports. The search engine would strictly be a mobile app when it launches, potentially within the next six to nine months, according to the report.
“We provide a number of mobile apps in China, such as Google Translate and Files Go, help Chinese developers, and have made significant investments in Chinese companies like JD.com. But we don’t comment on speculation about future plans,” a Google spokesperson told TheWrap.
China’s “Great Firewall,” as it has facetiously been dubbed, has stifled free speech online for years through a network of moderators, technical restraints and legislative regulations. The Chinese government blocks access to pornography and news stories that are overly critical of its Communist regime, as well as major sites like YouTube, Twitter and Facebook. Google’s new search engine would scrub results for topics the government doesn’t allow, like the 1989 Tiananmen Square protests, along with certain images, per The Intercept. A parallel online universe exists in China, with popular social media platforms like WeChat and Weibo, a Twitter-esque communication app, filling the void of their blocked Western analogs.
President Xi Jinping has made it clear in recent years he isn’t in favor of a free press.
“All news media run by the party must work to speak for the party’s will and its propositions, and protect the party’s authority and unity,” Xi said in 2016.
Google operated a censored version of its search engine in China between 2006 and 2010. The Mountain View, California-based company pulled out of China as its online censorship became increasingly severe. Attempts “to further limit free speech on the web,” said the company in 2010 had given it reason to back away from the country entirely.
That decision appears to be reconsidered under Pichai’s stewardship.
Related stories from TheWrap:
www.thewrap.com | 8/1/18
The European Data Protection Board certainly has been keeping its records straight. Its 27 May statement starts with the following:
"WP29 has been offering guidance to ICANN on how to bring WHOIS in compliance with European data protection law since 2003."
All internet users have dealings with the Internet Corporation for Assigned Names and Numbers, yet the vast majority have never heard of ICANN. Responsible for deciding how the Domain Name System (DNS) is run, ICANN may be a technical standard-setting body, but its policies and activities acquire political nuances more often than not. At its core, there is a distinction between ICANN the organisation, incorporated in California, and the ICANN community, a multistakeholder group of volunteers who develop the policies that are subsequently implemented by the organisation.
Fifteen years ago, and only a few years after ICANN was established, European data protection regulators had already spotted the flaws with ICANN's WHOIS service, a public database of registrants' contact details. At the end of 2017, mere months before European General Data Protection Regulation (GDPR) came into effect, ICANN had yet to devise a plan to make its WHOIS registrant database compliant. However, this is no longer the era of paltry fines for violating data protection laws, when compliance was at best facultative.
Data protection as a human right
Here it's important to recall the diverse origins of data protection law. At the EU level, the 1995 Data Protection Directive aimed to harmonize the regulation of automated data processing in order to fulfill the EU's goal of free movement of goods and services (see recitals 7 and 8). In parallel, data protection began to be conceived as a human right, a notion that reached a more concrete with the Treaty of Lisbon and the 2009 European Union Charter of Fundamental Rights. Today's GDPR, which replaces the old directive, explicitly relies on the EU's human rights framework for its rationale (see recital 1 and following).
Unlike traditional human rights legislation, the GDPR contains concrete provisions for direct enforcement. That is, it grants entitlements to individuals against other legal persons beyond the state, i.e. companies. In addition, the contemplation of hefty fines for violation (up to 4% of global annual turnover for business entities), which is not an enforcement mechanism usually associated with human rights. This stick is what triggered the compliance rush witnessed over the past year, and the numerous subscription confirmation emails received from organisations long forgotten.
The GDPR is also interesting in that it creates an extremely specific and detailed bundle of rights to the benefit of EU citizens and residents against any data controller and processor, wherever they may be located. The EU thus acted according to a highly pragmatic conceptualisation of "online jurisdiction" similar to that of the Canadian courts in the 2017 Equustek case. In this high-profile copyright infringement case, the Canadian Supreme Court ruled that Google had to delist the incriminated website from its search results on a worldwide basis, not only under the google.ca subdomain. If a full de-listing meant applying Canadian law beyond its borders, so be it (it is worth noting the order failed at the enforcement level in the US.) With the GDPR, the EU adopts a similar perspective: individuals must be protected, even if it means potentially reaching out to every single data controller and processor in the world.
Extraterritoriality in cyberspace?
The application of laws based on residency, citizenship, or other non-territorial bases isn't new. Tax law, notably from the US, is often applied in a similar way. The internet makes such an application of law even more salient, as individuals create and manage legal relationships across territories at an unprecedented scale. This can be unsettling for the "territorial" states, hence the observed trend toward extraterritoriality. States seek to have their laws apply to individuals irrespective of their physical location, particularly when dealing with internet-related issues, as a means of obtaining immediate legal effectivity. Regardless of whether GDPR's alleged extraterritoriality is good or bad, it can be said that states, the EU, and courts will most likely favour an interpretation of "online jurisdiction" which maximizes their power and their perceived efficiency at enforcing their own laws.
An overly cynical (and factually wrong) conclusion would be that ICANN, as a non-profit California corporation, is not subject to human rights law, as they only create legal relations between governments and individuals. This would stem from an understanding of human rights law as a solely vertical arrangement between states and individuals, which disregards how an entity like ICANN can interfere with "horizontal" human rights entitlements, like those put into place by the GDPR. Recent events show that enforcing corporate respect for human rights is not some civil society pipe dream: a German court already ruled that ICANN's last-minute GDPR compliance plan is not quite compliant.
Human rights at ICANN, beyond the Bylaw
ICANN has found itself in a double bind: on one side, an expansive understanding of jurisdiction is gaining ground around the world; on the other, a set of human rights norms, previously constrained to treaties and the often staid world of public international law, is finding a new horizontality. The standard for personal data protection has been decidedly raised, prompting us to rethink what human rights compliance means. ICANN's global mission is tied to the functioning of internet, but its operations can severely interfere with individuals' exercise of human rights, as well as the commitments of governments to uphold these rights.
Developing a high-level commitment, as ICANN did with its 2017 Human Rights Bylaw, is a first step. However, viable solutions must, at the same time, go deeper. Indeed, the operationalisation of ICANN's human rights bylaw must pass through a refocusing of the lens, away from international treaties and into the low-level application of human rights norms at the transnational and national level. Rather than biding time before fines mandate action, the ICANN community should carry out sustained research and documentation of ICANN's concrete interference with human rights, both existent and potential. The multistakeholder community should also put in place the necessary efforts to go beyond the mere human rights bylaw and into real compliance assessment, an ever-evolving activity that requires constant attention and monitoring.
In a 17 May letter, European commissioners asked ICANN, through its CEO, to "show leadership and demonstrate that the multi-stakeholder model actually delivers." Be it taunting or encouraging, this challenge underscores the current need for intentional, proactive leadership from both the ICANN organisation and its community. Beyond enhancing its accountability, proactively identifying and preventing human rights violations might just prevent further debacles the next time a human rights law (not so) suddenly becomes applicable to ICANN. As California adopts its own improved data protection law, that time may come sooner than expected.
Special thanks to Collin Kurre from Article19 for her thoughtful suggestions
Written by Raphaël Beauregard-Lacroix
www.circleid.com | 7/19/18
The European Union is pressuring China to open its economy to outsiders and help revamp an international trade system now under fire by the Trump administration.
www.wsj.com | 7/19/18
The European Union is hunting for free-trade deals in Asia and Latin America to help compensate for lost business with the United States.
www.nytimes.com | 7/17/18
Fact Check of the Day: Trump Falsely Claims It’s ‘Impossible’ for American Farmers to Do Business in Europe
The United States exported $11.5 billion in agricultural products to the European Union last year.
www.nytimes.com | 7/11/18
British Prime Minister Theresa May secured a cabinet agreement on Friday for her plans to leave the European Union, overcoming rifts among her ministers to win support for "a business-friendly" proposal aimed at spurring stalled Brexit talks.
www.dnaindia.com | 7/7/18
We have told G7 Leaders to Make Gender Inequality and Patriarchy History For most people, the annual G7 meeting may just seem like an expensive photo-op that doesn't connect with any concrete change in people's lives. But for us, appointed by Canadian Prime Minister Justin Trudeau to sit on his G7 Gender Equality Advisory Council, it was a unique opportunity to push for strong commitments for girls' and women's rights. We had the opportunity to meet the seven leaders for breakfast and make a strong case for concrete commitments and accelerated action to achieve gender equality within a generation. There is unprecedented momentum and support for gender equality and women's rights. With the universal adoption of the Sustainable Development Goals, which put gender equality at the center, and the global attention brought by #MeToo and related campaigns on ending sexual harassment and other forms of violence against women, support for improving outcomes for girls and women has never been so high. The explosion of discussions in our offices and shopfloors, our boardrooms and lockerooms, our dining rooms and bedrooms must come right to the G7 table. It is therefore significant that leaders spent two hours discussing gender equality and that it was also part of other discussions. As the richest economies in the world, G7 countries can bring about far reaching systemic changes envisaged in the global agenda for sustainable development. The impact of G7 countries goes well beyond their borders. We have told leaders that they must use this unique footprint for the benefit of women and girls. Together with the Gender Equality Advisory Council, we have put forward a comprehensive set of recommendations. As a foundation, it is critical to eliminate discriminatory legislation which persists in G7 countries and around the world. We also called for the removal of barriers to women's income's security and participation in the labour market. Concrete measures, such as legislation and implementation of pay equity can close the wage gap between men and women. And the jobs of the future, whether it is in the digital economy or artificial intelligence, must help close - not further widen - the gender gap. For most women, the challenge of balancing productive and reproductive lives creates a "motherhood penalty" that triggers major setbacks for women in the economy. G7 leaders can shape an economy that closes the gap between women and men through affordable childcare, paid parental leave, and greater incentives for men to do half of all care work. Addressing violence against women in the workplace is critical. Employers, shareholders, customers, trade unions, Boards, Ministers all have an obligation to make workplaces safe, hold perpetrators accountable and end impunity. The emerging International Labour Organization's standard to end violence and harassment at work should be supported to drive greater progress in this area. None of this will happen without the full participation and voice of women at all decision-making tables. We applaud the increasing numbers of countries with gender equal cabinets. We need more countries to follow suit, as well as the private sector. Because men still disproportionately control our political, economic, religious, and media institutions, they have a special responsibility to actively support policies and cultural change. Men's voices and actions, including those of our predominately male political leaders, are critical because they have such a big impact on the attitudes and behavior of other men. We welcome the announcement by Canada, the European Union, Germany, Japan, the United Kingdom, and the World Bank of an investment of nearly US$ 3 billion for girls' education, including the single largest investment in education for women and girls in crisis and conflict situations. This is a significant step forward to build a foundation for greater progress. In our own work, as the Executive Director of UN Women, and as a writer and activist focused on engaging men to promote gender equality and end violence against women, we've been witness to dramatic changes over the past few decades. The courage of individual women and the leadership of women's movements have meant that patriarchy is being dismantled in front of our eyes. But greater leadership is required. A strong commitment by G7 leaders to take this agenda forward beyond the Summit can push forward the most dramatic and far-reaching revolution in human history. The one that will make gender inequality history. UN Women
www.pravdareport.com | 7/5/18
[Premium Times] Nigeria needs more international investments amidst a rising population, the European Union Ambassador to Nigeria, Ketil Karlsen, said on Monday.
allafrica.com | 6/27/18
In the two years since the vote to leave the European Union, Britain has gone from being a pace-setter among the world's big economies to falling into the slow lane.
www.dnaindia.com | 6/23/18
Wales' Economy Secretary Ken Skates says British firms cannot afford the lack of clarity from the UK government on the future terms of trade with the European Union.
www.bbc.co.uk | 6/22/18
Early June 2018 the European Internet community traveled into the Caucasian Mountains to participate in EURODIG 11. On its way into the digital age, Europe is, as EU Commissioner Mariya Gabriel said, at another crossroad. In cyberspace, Europe risks becoming sandwiched between US and Chinese Cyberpower policies. Social networks, search engines, smartphones, eTrade platforms — key sectors of today's digital economy — are dominated both by the US and Chinese giants: Alibaba and Amazon, Google and Baidu, Facebook and Weibo, Apple and Huawai. And it is also clear, that the 2020s global political agenda will be determined by issues like cyberwar and digital trade where the United States of America and the Peoples Republic of China will be the main competitors. Insofar EURODIG was a good opportunity to discuss the role of Europe in this forthcoming very complex cyber powerplay.
EURODIG is the European regional version of the UN based Internet Governance Forum (IGF). The 11th edition in Tbilisi, Georgia, saw 800 registrations from more than 50 countries, representing all stakeholder groups. And the agenda covered nearly everything: from cybersecurity and digital trade to artificial intelligence and human rights. EU Commissioner Mariya Gabriel called EURODIG "the most successful and most relevant regional initiative on Internet Governance." And indeed, over the years, EURODIG has innovated the IGF processes with new ideas: interactive formats of sessions, tangible output in form of clear and short messages, a youth IGF, open calls for themes, decentralized and bottom-up management procedures.
However, the Tbilisi meeting also showed that the IGF community, which has grown substantially since the days of the 2005 UN World Summit on the Information Society (WSIS), is now also partly the victim of its own success. There is a risk that the "usual suspects" of the global Internet Governance debate, who have been the drivers of discussions in the past, are sidelined and substituted by new communities which represent new powerhouses from governments and businesses. Those powerhouses have their own new agendas and tend to ignore widely what has been achieved over the last two decades in building a functioning Internet Governance ecosystem.
Reinventing the Wheel?
For years the message from EURODIG and the IGF was: Internet Governance is a big political issue and the multistakeholder approach is an innovation in global policymaking. 15 years after the WSIS I, world leaders have now recognized that the internet is indeed a big issue — they call it now "cyber" or "digital" — and they discuss it at summit meetings like BRICS, G7 or G20. But they have partly different ideas how to manage this network of networks. They pay lipservice to the multistakeholder approach, but the reality is that the majority of governments prefer to negotiate Internet-related issues behind closed doors.
This is the case if it comes to cybersecurity where a UN Group of Governmental Experts (GGE) tried to define rules of the road for the cyberspace. This is the case for digital trade, where the intergovernmental World Trade Organisation is negotiating behind closed doors frameworks for eCommerce. Both issues have been discussed since years both at the IGF and EURODIG. And agreements which have been achieved in this global Internet Governance debate are certainly also relevant for cybersecurity and digital trade.
The Tunis Agenda (2005) has defined what Internet Governance is and has invited both state and non-state actors to participate — in their respective roles — in the development of Internet-related public policies. The NetMundial Declaration (2014) has defined fundamental principles for good behaviour in cyberspace and has specified guidelines for multistakeholder cooperation as openness, transparency, bottom-up and inclusive. ICANN's IANA transition (2016) has demonstrated the feasibility of multistakeholder cross-community processes by transferring the responsibility for the management of key global Internet resources — domain names, IP addresses, and Internet protocols — to the empowered community (which include also governments in their respective role).
But the new intergovernmental negotiating bodies which are dealing now with cybersecurity and digital trade are rather dislinked from IGF and ICANN processes. What we see is that new intergovernmental silos are emerging and the risk is growing that in all those new closed silos the cyberwheel is reinvented.
This new intergovernmental silo approach could become a big problem. The Internet is a network of networks, everything is connected with everything via protocols and codes. This has consequences for Internet-related public policies. In the analog world, security issues had only little to do with trade, environment or freedom of expression. In the digital world, those issues are interconnected as the new EU data protection legislation (GDPR) is demonstrating. The regulation of a human rights issue — privacy — has far-reaching consequences for the business model of internet corporations and the security agenda of law enforcement agencies. And this is valid also the other way around. Any cybersecurity treaty will have economic implications and touches human rights. And agreements on digital trade will have a cybersecurity component and will also have consequences for human rights.
In other words, the big challenge with the Internet Governance Ecosystems and its growing complexity is not only to include all stakeholders in their respective roles in policy development and decision making but also to inter-link the new emerging intergovernmental silos and to pull them into a multistakeholder environment. What is needed is a holistic approach to global Internet negotiations as it was also recognized during the recent Bratislava meeting (May 2018) of the Global Commission on Stability in Cyberspace.
The Need for a Holistic Approach
How to organize such a holistic approach? The first step has to be to enhance communication among all governmental and non-governmental stakeholders. Decisions can be made only on an informed basis. No single stakeholder has all the knowledge and all the capacities which are needed to find sustainable solutions.
There is a need for something like a "global clearinghouse" which identifies the key components of an issue before decisions are made. But wait a minute, such a "clearinghouse" does already exist. If we would not have the Internet Governance Forum (IGF), there would be a need to invent it now. The IGF and its regional and national subsidiaries — like EURODIG — provide the needed framework for such a discussion across constituencies, stakeholders, state and nonstate organizations. The problem is that some governments and some business underestimate the potential of the IGF and are looking for alternative venues.
It is certainly true that the IGF has some weaknesses. The UNCSTD IGF Improvement Working Group has made some recommendations which have been reaffirmed by the UN General Assembly in its WSIS+10 Resolution in December 2015. Progress is slow but there is improvement: More intercessional work, more tangible output, more interlinkage with national and regional initiatives. And we see as EURDOG in Tbilissi has demonstrated, a more interactive cross-community debate, the involvement of more young people and the ability to send 62 short and concrete messages to all stakeholders which tell them what they could and should do in fields like cybersecurity, digital trade, artificial intelligence or human rights.
The new UN Internet Commission, which will be probably established under the guidance of UN Secretary-General Antonio Guiterres by the forthcoming UN General Assembly in fall 2018 would be very wise if it would push for a strengthening of the IGF process and to recommend to governmental and non-governmental stakeholders not only to deepen the multistakeholder cooperation but to argue also in favor of a holistic approach.
A new Round of Controversies?
However, recent meetings on the highest political level did send some contradicting and confusing messages to the global Internet community.
On the one hand, the leaders of the G7 — including US President Trump, French President Macron and the German Chancellor Merkel — during its meeting in June 2018 in Canada remained silent with regard to cybersecurity and digtal trade, but agreed on a "Commitment on Defending Democracy from Foreign Threats" which included the establishment of "a G7 Rapid Response Mechanism to strengthen our coordination to identify and respond to diverse and evolving threats to our democracies, including through sharing information and analysis, and identifying opportunities for coordinated response… in collaboration with governments, civil society and the private sector". The G7 wants to "engage directly with internet service providers and social media platforms regarding malicious misuse of information technology by foreign actors, with a particular focus on improving transparency regarding the use and seeking to prevent the illegal use of personal data and breaches of privacy."
On the other hand the leaders of the Shanghai Cooperation Organisation (SCO) — including Chinese President Xi, Russian President Putin and India's President Modi — during its parallel meeting in China supported "the central role of the UN in developing universal international rules and principles as well as norms for countries' responsible behaviour in the information space." They advocated for "the establishment of a working mechanism within the framework of the UN". And they argued that "a governing organization established to manage key internet resources must be international, more representative and democratic."
What does this mean? Is this the kick-start for a re-opening of the ICANN vs. ITU controversy? It could become a "hot fall" for Internet discussions.
In October 2018 there will be ICANN's High-Level GAC Meeting in Barcelona. The other week ITU's Plenipotentiary Conference starts in Dubai. Mid-November 2018 will see the IGF in Paris. And at the end of November 2018, the leaders of the G20 meet in Buenos Aires. Let's wait and see how the Internet world looks in December 2018.
A Chance for Europe
In this process, Europe has a chance to become a driver and pioneer.
1. Europe's strength is the rule of law. European institutions — from the Council of Europe with the European Court of Human Rights to the institutions of the European Union with the European Parliament, European Commission and European Court of Justice have produced instruments and offer procedures which make clear that cyberspace is not ruled by the "law of the jungle". GDPR is an interesting case and it remains to be seen how this European regulation contributes to more stability in cyberspace. It is a complicated issue and slippery territory but there is a need for rules-based frameworks also for issues like cybersecurity, taxation, fake news, hatespeech and others.
2. Europe's opportunity is industry 4.0, Artificial Intelligence and the Internet of Things. To link Europe's manufacturing industry to digitalization has a lot of potential. Europe has a highly developed educational system which is able to produce the skill sets needed for tomorrows digital economy.
3. But Europe's weakness is to translate good ideas into concrete policies and projects. The 28 member states of the EU have declared the establishment of a Digital Single Market as a high priority. Under the Estonian EU presidency (Fall 2017) there was a "Digital EU Summit". There is some progress, but progress is slow. And Europe has an implementation problem.
Looking into the coming months, there is a window of opportunity for a big European Cyber initiative which could include also proposals for a holistic approach to global Internet negotiations. When the French president Macron announced that Paris will host this year's IGF in Paris (November 2018) he also indicated that time is ripe to speed up Europe's journey into the digital age. After Paris, The Hague will host EURODIG 12 in June 2019. And the 14th IGF is scheduled for Berlin (November 2019). What is needed now on the road to Paris, The Hague and Berlin is more European steam.
Written by Wolfgang Kleinwächter, Professor Emeritus at the University of Aarhus
www.circleid.com | 6/18/18
Events at the Group of Seven summit have brought the European Union closer together, Germany's economy minister said on Monday.
www.dnaindia.com | 6/11/18
German business groups are pressing for clarity from Britain on its plans for a post-Brexit relationship with the European Union, and urging London to allow companies' employees "uncomplicated" access.
www.foxnews.com | 6/11/18
On the eve of his first visit to Austria, Vladimir Putin gave a lengthy interview to Austrian television channel ORF.The interviewer, Armin Wolf, was interested not only in issues of Russia's foreign policy, but also in domestic political plans of Vladimir Putin harbours. It is worthy of note that, as the Austrian journalist said, there were no prohibitions from the Kremlin concerning the topics of the interview. Armin Wolf was least interested in details of the possible mutually beneficial cooperation between Moscow and Vienna, although this was the reasons for the interview to take place. Contrary to the general trend set by the United States, Austria did not expel Russian diplomats in connection with the so-called "Skripal case.""Austria and Russia have long had very good and deep relationship. Austria is our traditional and reliable partner in Europe. Despite all the difficulties of previous years, with Austria, we have never interrupted our dialogue in politics, security and economy," Putin said, adding that the two countries have many common interests.However, Wolf wanted to find out why the Russian administration was working closely with Austrian nationalist parties that are critical of the European Union. The question contained an allusion to Russia's alleged intention to split the European Union. Putin had to patiently explain obvious things to the Austrian reporter:"We have no goal to divide anything in the European Union, we are interested in the prosperous EU, because the European Union is our largest trade and economic partner, and the more problems the European Union has, the more risks and uncertainties we have to deal with," Putin said. Of course, the Austrian journalist could not but ask Putin about "Russia's interference" in the presidential election in the United States. The journalist asked the Russian president about activities of the Internet Research Agency, aka the "troll factory", which is associated with Russian entrepreneur Yevgeny Prigozhin. The journalist persistently tried to get Vladimir Putin to confirm the thesis that the man who is commonly referred to as the "chef" because of his restaurant business, could influence the elections in the US, because he had very close ties with the Russian government. Putin had this to say in response to this question: "There is such a person in the United States, Mr. Soros, who interferes in all affairs throughout the world, and I often hear our American friends saying that America has nothing to do with it as a state. Rumour has it that Mr. Soros wants to shake the euro, the European currency, and this is already being discussed in expert circles. Ask the US State Department why he wants to do it. You will be told that the US State Department has nothing to do with it as this is a personal matter of Mr. George Soros. Here, we can say that this is a personal matter of Mr. Prigozhin. This is my answer to you. Are you satisfied with this answer?"Putin did not give a direct answer to the question of why he has not been able to have a meeting with his US counterpart Donald Trump lately. "The pre-election campaign for the Congress is getting started, and the presidential election is not too far away, attacks on the President of the United States continue in different directions. I think that this is the first thing," the Russian leader said explaining the reason why he has not been able to meet Donald Trump lately. Armin Wolf asked a question about the possibility of a nuclear war between the United States and North Korea. According to Vladimir Putin, "this is a terrible assumption," because the DPRK is a close neighbour of Russia, and one of Pyongyang's nuclear test sites is only 190 kilometres from the Russian border."We are pinning great hopes on a personal meeting between President Trump and North Korean leader Kim Jong-un, because mutual claims have gone too far," Putin said.Putin had to answer biased questions about the relations between Russia and Ukraine. He tried to explain Russia's position in detail, but the Austrian journalist tried to take the conversation in another direction.For example, speaking about the MH17 disaster, Armin Wolf dogmatically stated that the passenger plane was shot down with a missile of Russian origin and assumed that it was about time Russia should admit that officially. "If you have some patience and listen to me, then you will know my point of view on this issue, okay?" Putin replied, adding that, firstly, Ukraine has Soviet-made weapons and, secondly, Russia is not allowed to access the materials of the investigation, even though Ukraine can access it. The journalist continued by saying that "everyone already knows where the missile came from." Putin responded: "Malaysian officials have recently stated that they did not see Russia's involvement in the terrible tragedy. They said that they had no evidence to prove it. Don't you know about this?"Armin Wolf continued with a question about Russia's alleged military interference in the Crimean events from 2014."Russian army units have always been present in the Crimea. Do you want to just ask questions all the time or do you want to hear my answers? The first thing that we did when events in Ukraine began...but what kind of events were they? I will now say, and you will tell me yes or no. It was an armed coup and seizure of power. Yes or no, can you tell me?"The journalist mumbled that he was no expert on the subject of the Ukrainian constitution. Explaining how the Crimean peninsula escaped from Ukraine's rampant nationalism and reunited with Russia, Vladimir Putin switched to German in an attempt to convey his message to the Austrian journalist. "What should happen so Russia returns the Crimea to Ukraine?" the journalist asked."There are no such conditions and there cannot be. You have interrupted me yet again. If you had let me finish, you would have understood my point. When the unconstitutional armed coup took place in Ukraine, when power was seized by force, our army units were deployed in Ukraine on legal grounds - there was a Russian army base there. There was no one else there. But there were our armed forces there."The journalist was ready to interrupt Putin again, so the president had to say: "Seien Sie so nett, lassen Sie mich etwas sagen." ["Will you please be so kind and let me proceed."]. Then he continued:"When the spiral of unconstitutional actions in Ukraine started twisting, when the people in the Crimea started sensing danger, when whole trains of nationalists started arriving there, when they started blocking buses and automotive transport, the people wanted to defend themselves. The first thing that came to mind was to restore their rights that had been received within the framework of Ukraine, when the Crimea was granted autonomy. This is what kicked everything off, and the parliament started working on the process to determine its independence on Ukraine. Is this strictly prohibited by the Charter of the United Nations? No. The right of nations to self-determination is clearly stated there," Putin said."The annexation of the Crimea was the first incident, when a country in Europe annexed a part of another country against its will, which was perceived as a threat to neighbouring states," the journalist interrupted Putin."You know, if you do not like my answers, then you do not ask any questions, but if you want to get my opinion on questions, then you have to be patient," Putin said. "The Crimea gained its independence as a result of the will of the Crimeans in an open referendum, rather than as a result of the invasion of Russian troops. You are talking about annexation, but do you call annexation a referendum held by the people living on this territory? In this case, one should call Kosovo's self-identification an act of annexation too," Putin said. Wolf tried to develop the Crimean question by drawing a parallel with events in Chechnya, Ingushetia and Dagestan.Putin replied: "Yes, Al-Qaeda's radical groups did want to alienate those territories from the Russian Federation and form their caliphate from the Black to the Caspian Sea. I do not think that Austria and Europe would have been happy about it. Yet, the Chechen people themselves came to an entirely different conclusion in the elections, and the Chechen people signed an agreement with the Russian Federation."When talking about Syria, the journalist claimed that Russia was defending a regime that was using chemical weapons against its people."You said that everyone proved that Assad had used chemical weapons. Yet, our specialists say the opposite, and it goes about the Douma incident, which was used to strike a missile blow on Syria after it was assumed that there were chemical weapons used in the city of Douma," Putin said adding that the OPCW was invited to investigate those events."Instead of waiting for one or two days and giving the OPCW an opportunity to work on the spot, a missile attack was conducted. Please tell me: is this the best way to resolve a question of objectivity of what was happening there? In my opinion, it was an attempt to create conditions that wold make investigation impossible," Putin said. As for Russian domestic affairs, the Austrian reporter asked only a couple of questions about low salaries and the number of the poor."Since 2012, Russia has gone through a number of very difficult challenges in its economy. That was not only because of so-called sanctions and restrictions, but also because prices on Russian traditional export goods had halved. It affected Russia's GDP budget revenues, and ultimately, people's incomes. Yet, we have preserved and strengthened the macroeconomic stability in the country," Putin said. Armin Wolf also asked Putin about his plans for the future, as well as about the Russian opposition. "Some say that you have turned the country into an authoritarian system, in which you are the czar. Is this true?" the journalist asked."No, this is not true, because we have a democratic state, and we all live within the framework of the current Constitution. Our Constitution says that a president can be elected for two consecutive terms. After two legitimate terms of my presidency I left this post, did not change the Constitution and moved to another job, where I served as the prime minister. Afterwards, I returned in 2012 and won the election again," said Putin.The Austrian journalist was very interested why opposition activist Alexei Navalny could not participate in the elections. Wolff also wanted to know why Putin prefers not to call the blogger's name in public."We have a lot of rebels, just like you, just like the United States," Putin replied. "We do not want to have another, second, third or fifth Saakashvili, the former President of Georgia. We do not want people like Saakashvili on our political scene. Russia needs those who bring positive agenda, who know, and not just designate problems, and we enough of them, just like you have in Austria, just like in any other country," Putin added. Wolf continued insisting that Navalny was not given an opportunity to run, and people could not even take a look at the candidate. "Voters can look at any person they want because the Internet is free for us. No one shut him away. The media is free. People can always go out and say something out loud, and this is what various political figures do. If a person acquires some sort of electors' support, then he becomes a figure which the state must communicate and negotiate with. Yet, if their level of confidence is 0,01, 0,02, 0,03 percent, then what can we talk about? This is just another Saakashvili. Why do we need such clowns?" Putin said. "My presidential term has just begun, it's only a start, so let's not put the cart before the horse. I've never violated the Constitution of my country and I'm not going to do that," the president said answering a question about his plans for the future. At the end of the interview, the journalist asked Putin a very unusual question that, as it seems, no one has ever asked the Russian president before. The question was about Putin's so-called "alpha male photos," on which he posed semi-naked. According to the journalists, it is unusual for a head of state to publish such photos for the general public."Well, thank God, you said semi-naked, and not naked. If I'm having a holiday, I do not think I should hide in the bushes, there's nothing bad about it," Putin said. Later, Armin Wolf shared his impressions of the interview with the Russian president. He said that the Russian president was a very artful and complex interlocutor. Wolf added that he was impressed with Putin's quiet voice most. "As a matter of fact, my expectations were justified. Judging from what we see on television, Vladimir Putin is not very tall, I knew it, we all know what he looks like, but there's a thing that really struck me. He has a rather sonorous voice, but he speaks very quietly, especially before and after the interview, and even quieter when he speaks German. You have to concentrate a lot to understand him, because he has a very quiet voice. This struck me most in such a powerful man," said the journalist.
www.pravdareport.com | 6/5/18
Lebanon is set to heal the economy and combat corruption once it forms a new government, President Michel Aoun told European Union Ambassador to Lebanon Christina Lassen during a meeting at Baabda Palace Friday.
www.dailystar.com.lb | 6/1/18
The arrangement would put Europe’s fourth largest economy into the hands of parties deeply antagonistic to the European Union, its currency and illegal migrants.
www.nytimes.com | 5/31/18
Looking to read your favorite local paper while on your summer vacation to France? That might not be an option anymore.
Several major U.S. newspapers have blocked readers from their own online sites in Europe, after sweeping new data privacy laws went into effect on Friday. Multiple people in Europe told TheWrap they could not access websites for papers including The Los Angeles Times, New York Daily News and The Chicago Tribune.
Those and many more media outlets have now started greeting readers with a warning that their content is unavailable in European Union countries. The BBC first reported the story.
“Unfortunately, our website is currently unavailable in most European countries,” reads the L.A. Times notification. “We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solution that will provide all readers with our award-winning journalism.”
The reason for the block? The EU’s General Data Protection Regulation (GDPR), which hits companies with big fines for not following certain guidelines on handling user data.
The GDPR aims to make companies more transparent with how data is collected, how its being used, and also forces companies to delete data once its no longer useful. The new regulation applies to every business in Europe, from newspapers to tech companies to banks — and comes with a stiff penalty if it isn’t adhered to. The EU can now fine companies up to 4 percent of their global revenue or 20 million euros, whichever is greater, for violating its policy.
Rather than deal with the potential repercussions, Tronc, the owner of the L.A. Times, and other major media outlets have decided to block its papers in the EU. Lee Enterprises, which owns nearly 50 newspapers in the U.S., has also followed suit.
A Tronc representative did not immediately respond to TheWrap’s request for comment on if there’s a timeline for when its outlets will be available again in Europe.
Related stories from TheWrap:
www.thewrap.com | 5/25/18
Have you ever sold a domain name that was just sitting in your registrar account? Maybe it was for that idea you had, but never found the time to develop. Perhaps it was for a business or website you once ran and then let go by the wayside. Then one day, out of the blue, that dormant domain turned into a winning lottery ticket. You got a random call or email from an interested party and the next thing you know that domain (which you've forgotten why you even renew it each year) is sold for $3,000 or $30,000 or more. A nice, unexpected financial windfall. It happens. Well, it happened. Now, if you want to play the domain name lottery, you're going to have to more actively buy a ticket, thanks to GDPR.
Are you wondering what GDPR means for you? Sure, you are, everyone is. And everyone, on some level, is probably a bit confused. From businesses to individuals, from website owners to website visitors, the new European Union data protection rules will likely impact you. You surely have already felt its impact on your email inbox, as it has swelled with GDPR related notices, updates, and opt-in requests, probably from many companies and websites that at first glance you never even heard of (or didn't know you had any prior contact with.)
The introduction of the EU's General Data Protection Regulations, which go into effect today, have put tech companies' development teams on task for months, even years, updating and changing systems and policies in order to be in compliance with today's brave (well, more private) new world. While technically these new regulations apply to the data of residents of the European Union, when it comes to the Internet, for all practical purposes we live in one big online world. Not only is everyone potentially connected, but everywhere is connected. If you have an online presence of any sort, you likely have visitors from around the globe. When it comes to the Internet, we are the world. As a result, while the EU may be driving these new regulations, unless you are able to (and desire to) actively block any users or traffic from the EU, the changes being made to comply with GDPR will affect users from all regions.
And that's where GDPR has taken away your "free" domain lottery ticket. Given the blanket data and privacy changes being made, public "Whois" information has essentially gone dark. That means that there is no longer a relatively easy way for that random interested buyer to find out who owns an unused domain they may be willing to pay good money for. That means that there is no longer a way for those random unused domains sitting in your account to turn into a lottery ticket on their own. If you want even the remote possibility for someone to find you and contact you about purchasing a domain that you own, you will now have to take active steps to make sure your information is available and that the name is listed "for sale" in a public domain name marketplace.
Active domain investors are well-aware of this and have taken steps to ensure their portfolios are ready for sale, and many have long had websites and sales landing pages that their registered domains point to. For us regular folk, who are sitting on a bunch of domains we don't use but aren't actively trying to sell, it's time to get up off the couch and do something.
First, check with your registrar and see if they are offering the opportunity to "opt-in" to make certain contact information public. This may or may not be possible for you. Second, it's time to consider listing your dormant domains "for sale" on domain name marketplaces. With the lack of publicly available whois information, folks interested in buying an already registered domain name will have no choice but to flock to marketplaces such as Sedo.com, Names.club, Afternic, and others. While selling one of your unused domain names for a financial gain is certainly not guaranteed, if your name is not listed somewhere so that you can be contacted, the chances of a random sale are virtually nil.
Like a lottery, you have to be in it to win it!
Written by Jeffrey Sass, Chief Marketing Officer, .CLUB Domains
www.circleid.com | 5/25/18
[New Era] Windhoek -The classification of Namibia as a tax haven by the European Union (EU) last year can have serious repercussions, such as sanctions, for the local economy. For this reason, government has engaged EU to have Namibia delisted as a tax haven as soon as possible and in this regard, a team of officials from the Ministry of Finance have just returned from consultative engagements from the EU headquarters in Brussels, Belgium.
allafrica.com | 5/23/18
German Chancellor Angela Merkel is heading to China with a business delegation as both Beijing and the European Union are grappling with the United States over trade issues and Washington's rejection of the Iran nuclear deal.
www.foxnews.com | 5/23/18
David J. Redl, Assistant Secretary for Communications and Information at the U.S. Department of Commerce and Administrator of the National Telecommunications and Information Administration (NTIA) at a Communications Forum luncheon at the St. Regis Hotel in Washington, D.C., on May 17.Implementation of European Union's General Data Protection Regulation, or GDPR, is a major concern of our government, said David Redl during a Media Institute luncheon held on Thursday in Washington DC. Redl, a critic of GDPR's ramifications on WHOIS, in his remarks stated: "Many aspects of our government's operations will be affected by GDPR, and the same is true for private sector companies of all sizes. GDPR is also threatening to upend the valuable WHOIS service, which could impede our work to curb botnets. ... GDPR, as currently framed, creates serious and unclear legal obligations that could have a widespread impact on transatlantic cooperation, law enforcement, and business operations. ... the EU's guidance issued for implementing the GDPR is vague and insufficient. American companies and the U.S. government do not have an adequate basis on which to comply with the law. ... Absent a broader interpretation of Article 49, a short-term moratorium on GDPR enforcement with regard to WHOIS may be necessary. If not, then come May 25, we anticipate registries and registrars will stop providing access to WHOIS directories and services."
www.circleid.com | 5/18/18
French President Emmanuel Macron said on Thursday that the European Union must protect EU companies doing business with Iran from U.S. sanctions being reimposed over Tehran's nuclear program.
www.dailystar.com.lb | 5/17/18
www.itnewsafrica.com | 5/5/18
The European Union unveiled an upbeat economic outlook for the eurozone Thursday, but warned of rising risks from President Donald Trump’s protectionist trade policies and of the U.S. economy overheating.
www.wsj.com | 5/3/18
By the time the TV and film worlds descend on Cannes for next April’s MipTV and the film festival in May, Britain will no longer be a member of the European Union. “Brexit” officially happens March 29, 2019. But less than 11 months before that seismic event, the likely impact on the film and TV business […]
variety.com | 5/3/18
Data privacy will be among the items topping the agenda at an upcoming Caribbean Internet Governance Forum to be held by the Caribbean Telecommunications Union (CTU) in Suriname this month.
The meeting is part of an effort by several Caribbean countries to establish and strengthen policies to ensure that Internet users' personal information is collected, shared and used in appropriate ways.
It will take place from May 21 to 23, days before the General Data Protection Regulation (GDPR) comes into force in the European Union on May 25. The GDPR is a regulation on data protection and privacy for all individuals within the European Union. But Caribbean stakeholders are already preparing for the fallout across the region's geopolitical space.
"Although the GDPR comes into effect in Europe, its effect will be felt in the Caribbean, because the region includes Dutch, French and British territories, all of which fall under the EU jurisdiction, and will, therefore, have to comply with the GDPR from as early as May 25, 2018," said Nigel Cassimire, Telecommunications Specialist at the CTU.
Because the GDPR has significant penalties for companies found in violation of its data privacy regulations, the law could adversely affect Caribbean companies doing business with European companies.
"The onus is on European companies doing business with anyone in our region to ensure that whoever they do business with have measures in place that will enable them to remain compliant with the GDPR. For the Caribbean, it is urgent for us to understand what requirements will be placed on us," Cassimire said.
The forum will be held in Suriname, a former colony of the Kingdom of the Netherlands which became an independent nation in 1975.
The agenda will include a range of issues, including service resiliency and network neutrality.
The Caribbean Internet Governance Forum is a multi-stakeholder meeting initiated by the CTU and the Caribbean Community (CARICOM) Secretariat to coordinate a regional approach to Internet Governance. Since its inception in 2005, the forum has met annually and has focused on the formulation of a regional framework for Caribbean Internet governance policy, the proliferation of Internet exchange points, and the growth of Caribbean influence in the global Internet governance arena.
The forum is part of a series of ongoing policy development discussions across the region. Policymakers met in Miami on April 19 to discuss Internet governance issues at a special Caribbean Forum hosted by the CTU and the American Registry for Internet Numbers.
Written by Gerard Best, Development Journalist
www.circleid.com | 5/2/18
The European Union intends to tighten the standards regulating the digital economy...
macdailynews.com | 4/27/18
Piers Morgan has again taken aim at “Harry Potter” author J.K. Rowling.
British media personality Morgan, who has a history of criticizing Rowling on social media, took another shot at her on Friday, over a tweet Rowling posted about Brexit, the contentious referendum to withdraw the United Kingdom from the European Union.
Rowling’s tweet was in response to Daily Telegraph political correspondent Christopher Hope, who tweeted, “Why do owls get the right to a commemorative stamp but Brexit doesn’t?”
To which Rowling replied, “Stamps are too small to depict the fact that nostalgic jingoism, fear-mongering, racism and flag-waving delusion narrowly won a referendum, thereby dividing the nation down the middle and ensuring longterm consequences for our society and economy, whereas owls are great.”
As it turns out, Morgan gave a hoot about Rowling’s sentiment, and let it be known in no uncertain terms.
“Of course, this kind of elitist, superior, arrogant ‘we know better than you thickos’ bulls— is precisely why Brexit (and Trump) won,” Morgan shot back.
Read the exchange below.
Related stories from TheWrap:
www.thewrap.com | 4/27/18
Last week, it was reported that the Central Bank of Turkey withdrew the national gold reserve from the US Federal Reserve System. Given the fact that the United States has been imposing whole packages of sanctions on Russia one after another since 2014, why does Russia still keep its gold and other assets in the USA? If it is not in the USA, then where does Russia keep her gold? Turkey's "American gold" was partly returned to Turkey and deposited to European banks, particularly in England and Switzerland. Ankara's gold reserve totals 564.6 tons.Accumulating physical gold by central banks has become a trend lately. Even such a small European country as Hungary returned three tons of its gold from London in early 2018. Venezuela, Holland, Austria and Germany did the same - the countries that feel pressure from the part of the Washington consensus. For example, both the European Union and the Western world have been criticizing Hungary heavily. The nation's gold reserve gives Hungarian Prime Minister Viktor Orban a reason to feel more confident.What about Russia? She has been the main "whipping girl" in the eyes of the "civilized world" lately. Yevgeny Fedorov, a member of the State Duma Committee on Budget and Taxes, told Pravda.Ru, that the information about the location of Russia's gold is classified." "Some of Russia's gold used to be stored in the USA, but we do not know whether Russia has returned that gold," the MP said. According to Yevgeny Fedorov, the Central Bank of Russia "is a branch of the US Federal Reserve, so I would not be surprised if we still keep some of our gold in the United States," he said. "If we don't keep our gold in the USA, then we do keep some of our assets there - i.e. we support the US economy, which is a very bad phenomenon," Fedorov told Pravda.Ru. This policy, the MP added, is stipulated in Article 15 of the Constitution, the system of international treaties and the status of the Central Bank of the Russian Federation. To change such a state of affairs, Russia needs to conduct revolutionary reforms. "It is only now, when the law on counter-sentences raises the need to remove US managers from Russian ministries and the Central Bank. If Putin wins with his policy to end the subordination to the American unipolar world, then everything may work out well," Yevgeny Fedorov told Pravda.Ru. In turn, researcher Mikhail Khazin told Pravda.Ru that Russia does not keep its physical gold in the US. "We keep our assets in US government securities, but we have been recently reducing the share of these assets significantly. There is a probability that the Americans will not give them back, so we need to get rid of those bonds," the expert told Pravda.Ru. Pavel Salin, director of the Center for Policy Studies of the Finance University, also said that Russia does not keep its physical gold in the United States."The Russian gold reserve is stored in Russia, and the foreign exchange reserves are kept at US Treasuries. We tend to reduce their amount, but it is impossible to do it instantly, because it will look like an attempt to collapse the US debt market with all ensuing consequences. It could also trigger a major conflict with China that holds $1 trillion 200 million in these bonds and Japan - about one trillion dollars," the expert told Pravda.Ru.According to the US Treasury, the Central Bank of Russia sold US government bonds worth 11.9 billion dollars from December to February, having this reduced the volume of assets by 11.2 percent ($93.8 billion). It is worthy of note that immediately after the introduction of sanctions against Russia in March 2014, the Central Bank of Russia withdrew about $115 billion from the US Federal Reserve System (FRS). However, two weeks after the incident, the Russian Central Bank returned the funds to Fed accounts, Reuters says. Pravda.Ru Read article on the Russian version of Pravda.Ru
www.pravdareport.com | 4/23/18
[Egypt Online] European Union (EU) Commissioner for Neighborhood Policy and Enlargement Negotiations Johannes Hahn said that the EU is the first partner of Egypt, underlining the importance of bilateral cooperation so as to lure investments to Egypt.
allafrica.com | 4/23/18
What if we created a rule that gave everyone — good or bad — the right to hide their license plate, where they live, who they are, and just go incognito? What if we made it a right to walk into any building in the world, and simply say "No, thank you" when the security guards asked for one's identification? The criminals would celebrate, and we'd all be utterly alarmed. We would immediately be afraid for our personal safety.
And that's why I am utterly alarmed. This is exactly what is about to happen as the conflict between the European Union's General Data Protection Regulation (EU GDPR) and the Internet Corporation for Assigned Names and Numbers' (ICANN) WHOIS policies escalates. In short, the EU GDPR requires that any business that touches European citizens provide a right to privacy. ICANN has long established rules for the WHOIS database that emphasize transparency over privacy. Anyone who registers for a domain name (your virtual address on the Internet) must provide their name, physical address, email address, and telephone numbers for all of us to know who is the owner of the website connected to that domain name. All of this information is publicly available in the WHOIS database — kind of like the white pages for the Internet.
Well, the EU GDPR regulators think that violates their data privacy rules, and so ICANN is looking at limiting access to that data.
As a former federal prosecutor, this data was critical to my work in identifying criminals behind websites posting videos of children getting brutally abused or raped. It was also a critical starting point to build cases against online stalkers promoting stranger rape against their victims. In addition, WHOIS data helped us find movie pirates who were selling illegal online copies of movies that were still in-theater. As the head of internet enforcement for the Motion Picture Association of America, we would build cases using this data and often refer them to law enforcement for action. At Microsoft, we used WHOIS information to investigate cases globally involving hackers, fraudsters, and spammers attacking our customers. At MySpace, we stopped predators, spammers, identity thieves, and gangsters by unmasking criminals and civil no-gooders through the use of this data.
Yes, our online safety is clearly at risk. But, let me be clear, what happens online happens offline — these are not separate worlds. A predator finds their prey online to rape them offline. A thief gets access to life savings safely kept in bank accounts of seniors by setting up fraudulent online websites. A teen dies because she bought illegal drugs from an online drugstore.
Over the past eight years, I have helped real world people with issues that have started online, all through the use of WHOIS data. For example, I helped a revenge porn victim by unearthing the person behind the online postings. Just recently, the WHOIS database helped me identify who was behind multiple online attacks against a prominent actor and his children.
These are the stories that demonstrate the real need for transparency and accountability to help ensure personal safety in the online environment. Of course, respect for data privacy is important, but a myopic focus on privacy that elevates it above public safety and even protection of life itself is utterly unbalanced and dangerous. Unfortunately, the recent guidance issued to ICANN on April 11 by the Article 29 Working Party of European Data Protection Authorities adopts such an unbalanced approach. There are literally hundreds of thousands of people, adults and children, whose personal safety will be directly impacted when we let criminals put on hoodies and hide in the alley by creating a regulatory environment that essentially shuts off the well-lit neighborhoods that the WHOIS database provides. Just ask the over fifty national and international entities that signed a letter to ICANN raising awareness around these issues. These are groups and people from every aspect of our lives — these are people who care about the safety and security of our society.
It's easy to make rules protecting our desire to be private. It's much more challenging to write and properly apply regulations to achieve the correct and proportional balance that also recognizes and protects our global and fundamental right to be safe anywhere, anytime, anyplace. It's a challenge we can't ignore. Now is the time for the EU Data Protection Authorities to broaden their vision, lean forward and help solve this problem before May 25, 2018, instead of trying to pass the euro to ICANN.
Written by Hemanshu Nigam, Founder and CEO of SSP Blue
www.circleid.com | 4/22/18
Late last week, ICANN published the guidance from the Article 29 Working Party (WP29) that we have been waiting for. Predictably, WP29 took a privacy maximalist approach to the question of how Europe's General Data Protection Regulation (GDPR) applies to WHOIS, a tool widely used by cybersecurity professionals, businesses, intellectual property owners, consumer protection agencies and others to facilitate a safer and more secure internet. Unfortunately, comments submitted to WP29, and to Data Protection Authorities (DPAs) directly, detailing legitimate purposes for access to data that serve the public interest, and detailed proposals for accreditation and access to non-public data were largely ignored. The WP29 guidance seems to imply that a fragmented WHOIS system, with no reasonable way to access critical information to facilitate legitimate goals such as preventing fraud and the distribution of malware, is simply an inevitable consequence of implementing the GDPR.
Criticism from the United States Government, the cyber- and operational security community, and business community was swift. On Monday, United States Special Assistant to the President and Cybersecurity Coordinator, National Security Council Rob Joyce tweeted: "EU's GDPR is going to undercut a key tool for identifying malicious domains on the internet. WHOIS database will be noncompliant, or have to purge the data that makes it useful to find bad actors… Cyber Criminals are celebrating GDPR". Joyce's criticism of WP29's analysis echoes security professional Brian Krebs' prediction from April 4, 2018, stating that "the volume of spam, phishing and just about every form of cybercrime is going to increase noticeably. New privacy rules coming out the EU are going to take away the single most useful tool available to security experts: WHOIS." United States Secretary of Commerce, Wilbur Ross also weighed in, imploring the European Commission to take action.
Now that we know the thoughts of WP29, which, after May 25, 2018 (the date that the GDPR goes into effect) will become the European Data Protection Board (EDPB), it is time to fight back, and demand a balance of the right to protect personal information with other fundamental rights. ICANN is currently collecting comments from the community, in preparation for meetings with WP29 in Brussels on April 23, 2018.
ICANN had asked WP29, the data protection and privacy advisory group made up of representatives from the DPA of each EU Member State, the European Data Protection Supervisor, and the European Commission, to give guidance on the "Interim Model for Compliance with ICANN Agreements and Policies in Relation to the European Union's General Data Protection Regulation," (the "Model") which was developed and published by ICANN earlier in the year. ICANN had presented the Model, and its detailed rationale, to WP29 along with an acknowledgment of areas of community divergence, with a special plea to WP29 to guide ICANN on these issues. Among the areas of divergence were prime points of concern raised by the Intellectual Property Constituency (IPC) and Business Constituency (BC) of ICANN, such as the need for continued publication of registrant email address, the global territorial application of the model even where no nexus to Europe exists, and other aspects of the Model which the IPC and BC have identified as being over-compliant with the GDPR. ICANN CEO Göran Marby acknowledged to the DPAs that many in the community provided extensive analysis and legal support to justify continued access to WHOIS for purposes of cybersecurity, consumer protection, and law enforcement and to prevent intellectual property theft, fraud and other malicious activity online.
In its guidance to ICANN, WP29 deemed the purposes for WHOIS, as enumerated in the Model, to be insufficiently defined. In its letter, the group cited a previous opinion on purpose limitation, stating "WP29 has clarified that purposes specified by the controller must be detailed enough to determine what kind of processing is and is not included within the specified purpose, and to allow that compliance with the law can be assessed and data protection safeguards applied." The community has acknowledged the need for data protection safeguards (via a Code of Conduct for access to non-public WHOIS, which ICANN has asked its Governmental Advisory Committee (GAC) to develop), but it is surprising to see WP29 call for data safeguards to be developed per every individual purpose - a burdensome exercise for legitimate requestors that would destroy much of the operational functionality of WHOIS.
WP29 also cautioned ICANN to ensure that legitimate purposes contained within its model for compliance relate to ICANN's own mission, defined in its letter as "to coordinate the stable operation of the Internet's unique identifier system." They cautioned ICANN not to conflate its own purposes with the concerns and purposes of third parties, no matter how legitimate. This is, no doubt, a nod to the equally privacy maximalist statements on this issue from the International Working Group on Data Protection in Telecommunications (IWGDPT a.k.a. the "Berlin Group"), a privacy advocacy group made up of DPA representatives, NGO representatives, and members from civil society and the private sector. Last year, prior to the publication of any model for GDPR compliance, and referring to the then-fully-open WHOIS ecosystem, the Berlin Group had questioned whether the role of ICANN allows the organization to take into account any legitimate purpose related to law enforcement or security. Obviously many in the ICANN community are concerned about that statement, and WP29's reliance on it, including the GAC's Public Safety Working Group (PSWG), various security-oriented groups at ICANN, the IPC and the BC. The Berlin Group paper is misapplied to the Model, and is not authoritative. Further, ICANN's role is much broader than that suggested in the Berlin Group paper and subsequently the WP29's guidance. The full mission of ICANN can be found here, in the ICANN bylaws.
WP29 also gave advice related to accreditation for access to non-public WHOIS data, and again stressed the importance of clearly defined purposes with a specific legal basis for access to individual WHOIS data elements.
Notable in its absence, WP29 did not grant, or even mention a moratorium on the implementation of GDPR, which is understandably a primary focus of many within the community at this time, as well as ICANN itself. The May 25, 2018 deadline will remain the number one barrier to ensuring continued access to WHOIS data, as the contracted parties have indicated that the promise of hefty fines for not complying with GDPR will result in over-compliance, in the absence of a more nuanced model that can be quickly implemented. Some contracted parties have already indicated that any model which provides accreditation and layered/tiered access would be impossible to implement by May 25.
Also absent from WP29 guidance was any mention of the distinction between natural and legal persons, and the application of the GDPR in the Model to contracted parties and registrants that are not in the EU, both prime concerns of the IPC and BC.
ICANN responded to WP29 just hours after their communication was made public last week, via a letter from Mr. Marby. The letter again stressed the need for a moratorium on GDPR enforcement, emphasized the negative consequences of a fragmented WHOIS system, and clarified the critical importance of ICANN's role in coordinating the global WHOIS system on the overall security and stability of the Internet — an obligation that falls squarely within its mission. Mr. Marby pointed out that fragmented WHOIS would "have a detrimental impact on the entire Internet", pointing out the concerns of law enforcement, cybersecurity processionals, consumer protection agencies, and IP owners. Mr. Marby further stated in his most recent blog that "ICANN recognizes the important of the GDPR and its goal of protecting personal data, but also notes the importance of balancing the right to privacy with the need for information."
ICANN recognized that following the WP29 guidance would result in fragmentation and notably indicated that it is "studying all available remedies, in order to seek clarity in our ability to continue to properly coordinate this important global information resource without fragmentation” (emphasis added). This thinly-veiled threat of legal action is surprising, and welcome. Mr. Marby also wrote that ICANN implores WP29 to "spend more time balancing between the important right to privacy and the need for information," further implying that ICANN is unhappy with the WP29 guidance, and may not intend to follow it blindly. Indeed, Recital 4 of the GDPR clarifies that the right to protection of personal data is not absolute, and must be balanced against other rights and the function of such data in society according to principles of proportionality.
As noted above, United States Secretary of Commerce Wilbur Ross also weighed in, in a recent letter to V?ra Jourová, Commissioner for Justice, Consumers and Gender Equality (European Commission), citing the importance of quick access to WHOIS data necessary for intellectual property rights enforcement, cybersecurity and law enforcement. Secretary Ross called for a temporary forbearance from GDPR enforcement on the processing of WHOIS data in order to address these goals.
ICANN is set to meet with the Technology Subgroup of WP29 to discuss these issues further on April 23, 2018. In the meantime, the community has been invited to comment on the WP29 guidance and to make further suggestions to WP29 about compliance with GDPR and accreditation and access to non-public data (including supporting a Code of Conduct which may address some of the DPA concerns about data safeguards). ICANN has assured the community that any information shared with ICANN will be provided to the DPAs, and has suggested that the community also send comments and analysis directly to the DPAs themselves. This response from ICANN indicates that the fight to preserve access to WHOIS data is far from over.
We suggest that businesses, intellectual property owners, consumer advocates, cybersecurity professionals and law enforcement and government representatives marshal additional comments to ICANN and the DPAs further illustrating and impacting the problems that a fragmented WHOIS system would create, and the negative impact it would have for consumers and other Internet users, the ecommerce ecosystem, and the Internet generally. Comments to ICANN can continue to be submitted to email@example.com and we encourage all community members to weigh in as soon as possible so that feedback can be taken into consideration during the next ICANN meeting with the DPAs on April 23, 2018.
Those affected by this issue should also consider additional steps to ensure continued access to WHOIS, including reaching out to Member States in Europe and other government representatives, considering other actions and remedies through courts and legislatures, and continuing to participate in developing an accreditation and access model for non-public WHOIS. The IPC and BC are holding another community-wide call to discuss the Accreditation and Access Model for Non-Public WHOIS data on April 24, 2018. Interested parties should sign up for that discussion by emailing firstname.lastname@example.org.
The Intellectual Property Constituency is currently working on comments to ICANN and WP29, and contemplating other additional next steps.
Written by Brian Winterfeldt, Founder and Principal at Winterfeldt IP Group
www.circleid.com | 4/19/18
[Brookings] Given recent developments in the global economy, especially Brexit and the Trump administration's "America First" policy, it is worth assessing how Africa's three largest commercial partners--China, the European Union, and the United States--are likely to impact the region in the near future as it relates to trade and investment trends.
allafrica.com | 4/19/18
Facebook is updating its privacy controls, asking users whether they are OK with the social network using their profile information to hit them with targeted ads, ahead of new European regulations going into effect next month.
In a blog post late Tuesday, the company said it will ask users to agree to its new terms, including whether Facebook can share their browsing history and app usage with its ad partners. All of Facebook’s 2.15 billion users will be prompted to review their settings in the weeks ahead, but the changes will be seen first by European users. Facebook will give European and Canadian users an opportunity to opt-in to its facial-recognition software, best known for being used to tag pictures, after the tech has been banned due to regulations. Users will also be asked to review certain personal information shared on their profiles, like relationship status and their religious affiliation.
The changes go into effect ahead of the European Union rolling out its new new data privacy rules, dubbed the General Data Protection Regulation, next month.
“We not only want to comply with the law, but also go beyond our obligations to build new and improved privacy experiences for everyone on Facebook,” Facebook said in its blog post.
Of course, this doesn’t mean you can just opt-out of being hit with ads on Facebook. The only way to do that is to ditch the social network altogether. And as TechCrunch pointed out, Facebook’s use of blue buttons will prompt users to leave their settings alone when they go through their review. But the update gives users an opportunity to review the info advertisers leverage to hit them with ads.
From a business standpoint for Facebook, it puts the company within the guidelines of the GDPR, which looks to give users a better handle on how their information is used online. CEO Mark Zuckerberg called the updated EU rules a “very positive step” last week in his testimony to Congress, while addressing the Cambridge Analytica data leak, where up to 87 million users had their info compromised. The changes might be enough to keep American lawmakers from coming down on Facebook — although that was already unlikely.
Related stories from TheWrap:
www.thewrap.com | 4/18/18
As a Common Lisp Developer, you will be part of the Analytics team which is in charge of the development and maintenance of applications that, among other things, extract data from incoming news and deliver user and machine-friendly analytics to customers.
You will be reporting directly to the Analytics Manager and will work with an international team of developers skilled in Common Lisp, Java, Python and SQL.
The ability to communicate effectively in English both in writing and verbally is a must. Knowledge of Spanish is not a business requirement. European Union legal working status is required. Competitive compensation and a fun working environment. Relocation assistance is available, but remote working is not a possibility for this position.
lispjobs.wordpress.com | 4/16/18
At RavenPack we are searching for a Junior Common Lisp Developer to join RavenPack's Development Team.
As a Junior Common Lisp Developer, you will be part of the Analytics team which is in charge of the development and maintenance of applications that, among other things, extract data from incoming news and delivers machine-friendly analytics to customers.
You will be reporting directly to the Analytics Manager and will work with an international team of developers skilled in Common Lisp, Java, Python and SQL.
The ability to communicate effectively in English both in writing and verbally is a must. Knowledge of Spanish is not a business requirement. European Union legal working status is required. Competitive compensation and a fun working environment. Relocation assistance available, but working remotely is not possible for this position.
lispjobs.wordpress.com | 4/16/18
[This Day] Microsoft, a leading software giant has advised businesses in Nigeria, including small and large corporates that are aiming to expand beyond the shores of the country to achieve global best practice in business, to immediately key into the European Union's General Data Protection Regulation (GDPR) law. The law seeks to protect personal identifiable data across organisations.
allafrica.com | 4/9/18
www.itnewsafrica.com | 4/5/18
We are on the brink of the most serious threat to the open and public Internet for decades. ICANN, under pressure from domain name registrars and EU data protection authorities, has proposed an "interim" plan that will hide critical information in WHOIS. Security, threat intelligence, and anti-abuse professionals rely on WHOIS to track down bad guys and keep the Internet as safe and secure as possible.
ICANN and the registrars have been going back and forth on ways to align privacy laws with the WHOIS system, which functions as a public "phone book" for Internet domains, recording information that includes the name, email address, street address, and phone number of the company or individual who registered the domain.
For years, there has been an accepted procedure for handling situations in which WHOIS conflicts with privacy law — nobody disputes the importance of protecting the privacy of natural persons. But now, with less than sixty days to go before the General Data Protection Regulation (GDPR) adopted by the European Union (EU) comes into force, registrars, who finance ICANN, have pressured ICANN into closing the public phone book effectively altogether, turning the open and public Internet into a Tor-like deep and dark net. Specifically, ICANN came out with an interim solution nicknamed the "Cookbook," which suggests completely masking the contact email address, thereby completely hiding who is responsible for managing or controlling a resource on the Internet. The Cookbook also suggests masking certain information for corporations, even though GDPR doesn't apply to them.
The ability to register domains anonymously is a massive problem for the security of the internet — attackers need to establish an infrastructure to originate their attack and set up servers to communicate with their malware. Often, they'll register multiple domains at the beginning of an attack campaign for use during all phases of their operations. Security professionals rely on WHOIS to query for ownership information about a domain, IP address, or subnet. Without this data, it becomes significantly more difficult to rapidly take down phishing sites or compromised domains hosting malware — the vast majority of cybercriminal activities. Some think that it is the hosting provider's problem to fix, but unless their customer is reaching out to them, they likely have a different service department handling the issue, and probably even have a backlog to deal with. By reaching out directly to the victims in parallel by phone and email, those victims are able to help themselves more quickly.
The Cookbook also makes it impossible to see which sites are connected or under the same management or control. For example, if someone in an organization's marketing department registered a domain using a corporate account without going through the correct internal procedures, and that site did not have the right patches or was not scanned for vulnerabilities, their online customers and visitors will likely become exposed to phishing and malware.
With the registrar business being low-margin, anything that will reduce the security line item on their budget is attractive to many registrars if they can get away with it. Registrars generally would rather conceal the connectedness between domain assets than lose business or deal with reports of malicious activity. Because GDPR is complex, difficult to interpret at this early stage and comes with heavy fines of up to 4% of annual global turnover, GDPR has been weaponized by registrars to pressure ICANN into making the domain name system more closed and private.
The Governmental Advisory Committee (GAC) of ICANN met in San Juan, Puerto Rico in March 2018. The GAC advised the ICANN Board to instruct ICANN to maintain the current structure of the WHOIS to the greatest extent possible. The GAC essentially pleaded to the ICANN Board to instruct ICANN that it must reconsider hiding the registrant email addresses from the free phone book, emphasizing (quite diplomatically) that it may not be proportionate given the significant adverse impact on law enforcement, cybersecurity, and rights protection it would have.
The GAC appropriately went even further by emphasizing to the ICANN Board that it must instruct ICANN not to erroneously use GDPR, which applies to people, as an excuse to shut down public access to corporate contacts in the phone book, which is not even in the remit of GDPR. This unjustifiable over-application of GDPR prevents companies from effectively defending their very own infrastructure. Whether requiring the same cryptographic hash function across registrars for individually owned domains so you can still pivot on the email across registrars is technically feasible, has been submitted for discussions right now with the world's top experts in this area. Technical discussions are also underway on whether requiring the local part of the registrant email on a corporate domain to be generic moving forward and otherwise masked (leaving only the corporate domain, which has no information relating to an identified or identifiable natural person) can be done for the sake of security and stability. These less drastic (conceivably possible) measures will certainly not be coming from the DPAs on their own initiative. The ICANN org must do that work.
If the phone book must change in some ways, notwithstanding the accepted procedures for handling WHOIS conflicts with privacy laws, then ICANN must ensure that those with a legitimate purpose still have continued access to the contact information needed to protect business and the public until the re-designed phone book is ready for use. You can't just close the book and tell security professionals, who rely on WHOIS data to keep the internet safe, to come back when it's re-designed, potentially months later. It's entirely unacceptable for ICANN to leave each registrar to decide if and how it will provide continuous access, with no means of enforcement. Continuous access must be mandatory. The phone books also have to be easy to use in today's world, i.e., not designed to impose limits that undermine all functionality in the digital age — if you can only use the phone book manually or less than you would reasonably need, the query volume limitation is no more than a disguised blockade. I guarantee that the registrars do not have the resources to start taking on the additional work needed on the back-end that is being done for them using bulk access. But unless and until the accreditation system is up and running efficiently, that is what would have to happen to avoid disrupting the stable and secure operation of the Internet's identifiers.
To repeat, we are on the brink of the most serious threat to the open and public Internet for decades. We must step up to the plate and not get complacent about this. ICANN must have a way to hold registrars accountable if they abuse GDPR as an excuse to cripple WHOIS.
We at RiskIQ sent a letter requesting such adequate assurances from the Board on March 26. To express your concern, we prepared a generic letter you can fill out here. This letter will go to ICANN's Board, ICANN's CEO, and the GAC Public Safety Working Group Co-Chairs. Copies will be sent to the DPAs. ICANN has since then corresponded in writing and subsequently published yesterday, twenty eight letters to DPAs asking for help:
The DPAs will not be able to come up with the technical solutions that are necessary to architect WHOIS in a way that is both compliant with GDPR and at the same time not damaging to the security and stability of the DNS. That is the only way an ICANN temporary policy can be used to hold registrars accountable. We need to do that work. A moratorium is not needed on enforcement, but rather, a tiered-phase enforcement forbearance that has strong snapback provisions. The phases should be subject to discussion between ICANN, the community, and the DPAs. One phase may be re-designing the public Whois so that it is minimally disruptive to the security and stability of the DNS and consistent with GDPR. The second phase may look at an accreditation model and what needs to be done by ICANN to help the community build it into the system architecture in a fair and just manner. For each phase, deadlines can be set against which the DPAs can measure whether to have enforcement snap back into force.
Yesterday, ICANN's President and CEO met with the technology subgroup of the Article 29 Working Party. It appears to have been confirmed based on a third-party source that as anticipated by ICANN, the WHOIS system is on the upcoming Article 29 plenary's agenda in less than two weeks. ICANN is hopeful that it will be provided with a moratorium on enforcement that would allow sufficient time to implement the model and build the appropriate accreditation system. The model must reflect GAC consensus advice not to make changes to the current WHOIS that are not required by GDPR and disrupt the stability and security of the DNS.
Written by Jonathan Matkowsky, VP of Intellectual Property & Brand Security at RiskIQ
www.circleid.com | 3/30/18