The epic SolarWinds hack affecting thousands of government agencies and companies could mark the beginning of the end of the open internet.
In tune with meetings and conferences around the world, InternetNZ’s annual NetHui is going virtual, a consequence of the COVID-19 pandemic, even though New Zealand has been less affected than most other countries. Safety first.
The Canadian Internet Registration Authority (CIRA) released a research report last week displaying Canadians’ opinions and experiences regarding the internet and fake news, privacy, cybersecurity and access. Based on a survey of over 1,200 Canadian internet users in December 2018, the report highlights areas of concern, including apprehension around the upcoming Canadian federal election. The report also indicates what Canadians want from industry, the Canadian government and citizens themselves to create a better internet in Canada.
CIRA’s report offers several recommendations to improve Canada’s internet, including enhanced investments by the Canadian government, actions around cybersecurity and privacy that Canadian businesses can take right away and opportunities for Canadian citizens to improve the internet they rely on every day.
“With the rise of misinformation online and threats to digital privacy and cybersecurity, Canadians are demanding more of government, industry and others when it comes to Canada’s internet,” says CIRA’s CEO Byron Holland. “The question that remains is how best to give Canadians what they want, while maintaining the open, interoperable internet that has become ubiquitous in the lives of most Canadians.”
The report comes out in the lead up to the upcoming
Canadian Internet Governance Forum, taking place this week in Toronto, where internet stakeholders from across the country will meet to discuss these key issues. CIRA is a sponsor, co-organiser and participant.
“There are some basic actions that can be taken today to increase Canadian privacy and security online,” says Jacques Latour, CIRA’s chief security officer. “Canadian businesses must learn and follow privacy laws and make cybersecurity a priority. Governments must invest and participate in local infrastructure such as Canadian internet exchange points to keep data local, and Canadians must learn to spot and avoid personal cyber threats such as phishing emails.”
“With a federal election around the corner, fake news is a real concern and Canadians agree,” says David Fowler, CIRA’s vice president of marketing and communications and vice-chair of MediaSmarts board of directors. “Canadians see social media companies, the government and journalists as key players to halt misinformation online. But citizens themselves have a role to play and increased investments in media literacy will help Canadians spot fake news and thereby thwart its influence.”
To read the full report visit cira.ca/betterinternet.
Some of the key facts on Canadian internet users highlighted by CIRA are:
Of Canadian internet users:
Social media and fake news
Â· 75% say they come across fake news at least sometimes
- 57% have been taken in by a fake news item.
Â· 70% are concerned that fake news could impact the outcome of the next federal election.
Â· 72% are willing to disclose some or a little personal information in exchange for a valuable/convenient service.
Â· 87% are concerned that businesses with access to customers’ personal data willingly share it with third parties without consent.
Â· 86% believe it is important that government data, including the personal information of Canadians, be stored and transmitted in Canada only.
Â· 87% are concerned about a potential cyberattack against organizations with access to their personal data.
Â· Only 19% say they would continue to do business with an organization if their personal data were exposed in a cyberattack.
Â· 78% are concerned about the potential security threats related to the Internet of Things.
Â· 69% believe the high cost of internet services, including for mobile data, is hurting Canada’s economy and prosperity.
Â· 83% believe that universal access to high-speed internet is important for Canada’s overall economic growth and prosperity.
Â· 70% agree that the Canadian government should be doing more to support public access to high-speed internet.
Â· 75% say they only know a little or hardly anything about the topic of global control and regulation of the internet.
Â· 50% are concerned that the global internet could fracture into regional blocks that adopt very different regulatory principles and policies.
- 66% support the principles of net neutrality.
In my opinion, the world can survive very well without a public WHOIS. DP: What challenges and opportunities do you see for the year ahead? RW: I think the whole industry will have to make an effort to bring their products to the market in a way that is more understandable, simpler, and accessible without much (technical) know-how. In my opinion it is still far too difficult to register your own domain, then set up your own e-mail or create a new website. The subject of “digitisation” is currently on everyone's lips, but it has negative connotations; so a lot of work must be done to convert this to a more positive, beneficial impression. This involves domains and all associated products. DP: 2019 will mark 5 years since the first new gTLDs came online. How do you view them now? RW: All in all (apart from a few exceptions), positive hopes and expectations have not been realised. Many of the gTLD registries are still struggling to survive, and I have not seen any evidence of the frequently described “dotbrand” hype, so the new gTLDs will probably remain a “niche” for another year. The consolidation process will continue, both with the registries and the backend providers, but also with the registrars. A few gTLD's will be established on the market (and among users), many of the others will disappear again. At the moment I do not see any need for a second round (at least from the demand side), but clearly some want to utilise their (technical and sales) scaling effects to offer new gTLDs as quickly as possible, and put them on the market. DP: Are domain names as relevant now for consumers – business, government and individuals – as they have been in the past? RW: A clear YES to this. If you look at the number of users of “social media”, such as FB or Instagram, there is a clear negative trend. It's not about either / or, but businesses in particular will develop a balanced “online strategy” and this includes their own website with one (or more) domains. Of course, there is some saturation, but there is still enough global potential to increase awareness of domains and to secure growth over the long term. Previous Q&As in this series were with EURid, manager of the .eu top level domain (available here), with Katrin Ohlmer, CEO and founder of DOTZON GmbH (here), Afilias’ Roland LaPlante (here), DotBERLIN’s Dirk Krischenowski (here), DENIC (here) and Internet.bs' Marc McCutcheon (here). If you’d like to participate in this Domain Pulse series with industry figures, please contact David Goldstein at Domain Pulse by email to david[at]goldsteinreport.com.
A request for information to verify the academic qualifications of auDA CEO Cameron Boardman was been made to the Australian Department of Communications and Arts Sunday. Continue reading Questions Raised Over auDA CEO’s Academic Qualifications
Abstract: The Internet is a component of global telecommunications infrastructure that has proven especially significant, far-reaching, and often challenging for traditional market economics and geopolitics. In particular, the nature and functionality of the Internet has inhibited its integration into existing institutions and the global hegemony of communication policy. Consequently, new efforts and models have arisen to address this mis-alignment, creating a new landscape of governance that is decentralized and reactionary.
This paper conducts a critical examination of international internet governance, focusing specifically on the Internet Corporation of Assigned Names and Numbers (ICANN) in efforts to understand its role and implications for the internet, geopolitics, and international telecommunications regulation. Unlike prior studies, this research focuses specifically on the organizational and inter-organizational structure of ICANN to understand the networked model of governance in this context, identify noteworthy stakeholders, parse strategies, objectives, and outcome discrepancies that may exist.
This article is available for download in full from:
[news release] The central registry of the German country code Top Level Domain .de, DENIC, has prepared in collaboration with the German government and other German interest groups a position paper with recommendations for action for the future stewardship of the so-called IANA functions.
The U.S. administration announced in March last year its intention to relinquish its exclusive control of core Internet functions exercised by the Internet Assigned Numbers Authority (IANA), an organizational unit of the Internet Corporation for Assigned Names and Numbers (ICANN), if certain parameters were complied with. ICANN is one of the global self-regulating organizations of the Internet and is chiefly responsible for co-ordinating and awarding key Internet resources.
The U.S. administrationâs announcement concerns the supervision of the so-called “IANA functions”, which ICANN exercises on the basis of a contract with the U.S. administration. The IANA functions are basically technical and clerical in nature, like the management of IP addresses, protocol parameter management and administration of the root zone.
ICANN was tasked with elaborating a proposal for the future design of stewardship of the IANA functions. ICANN takes its decisions in so-called multistakeholder processes involving governments, the private sector, the technical community, academia and civil society.
The current discussion in two working groups that were established for this particular purpose is focusing on two different aspects: Firstly, the stewardship transition of the technical and clerical IANA functions (IANA Stewardship Transition), and secondly ICANN’s accountability in general (ICANN Accountability), with the aim to ensure that ICANN will continue to perform its tasks in the interest of the global public.
The contract between the U.S. administration and ICANN for the IANA functions expires on 30 September 2015. By that date a solution for a future stewardship model must have been defined. The German Internet Community makes a contribution towards this solution.
Joint position of the German stakeholders
“The redesign of the stewardship of the IANA functions is an opportunity to play an active part in shaping the processes governing the future management of key Internet resources,” emphasizes DENIC-CEO Dr. JÃ¶rg Schweiger.
The central guideline here is a clear affirmation of the multistakeholder model with inclusive participation of all the relevant groups (stakeholders) in their specific roles, for developing, deciding and implementing processes and regulations for the global Internet.
The top priority with regard to the IANA transition is “to create a stable, secure and easy solution. By no means must any Internet services be interrupted due to the transition,” says JÃ¶rg Schweiger.
The German government â represented by the Federal Ministry for Economic Affairs and Energy â and DENIC support and underpin that rules on country-code Top-Level Domains â in particular including .de â continue to be made solely within the respective country in accordance with relevant national rules and legislation. The established and well integrated TLD policies that have proven successful for years should be maintained unchanged. Rules and regulations by ICANN must be in line with national law or allow for special provisions in exceptional cases.
This DENIC news release was sourced from:
[news release] ICANN CEO Fadi ChehadÃ© is scheduled to talk with reporter Barton Gellman about Internet governance, including the status of proposals to transition the stewardship of key Internet technical functions to an international multi-stakeholder community.
The interview, which will take place on Monday, November 10, 2014, from 9:15 â 9:30 am PST (17:15 â 17:30 UTC) at the Techonomy Conference in Half Moon Bay, California. It will be streamed live online at http://www.techonomy.com/te14-live.
Gellman is a Pulitzer Prize-winning reporter, senior fellow at the Century Foundation and lecturer at Princetonâs Woodrow Wilson School. He is best known for his coverage of the NSA surveillance scandal and the September 11 attacks. He has also authored two books â Contending with Kennan: Toward a Philosophy of American Power and Angler: The Cheney Vice Presidency. His full profile can be found here.
# # #
To learn more about Techonomy 14, which is taking place from November 9 – 11 in Half Moon Bay, California, please go to http://techonomy.com/conf/te14/.
The Internet Governance Project has released what they describe as “an innovative proposal to resolve the 15-year controversy over the United States government’s special relationship to … ICANN.”The proposal, which has been published on the IGP blog, “involves removing root zone management functions from ICANN and creating an independent and neutral private sector consortium to take them over, will be presented at the Singapore ICANN meeting March 21, and then formally submitted to the ‘NETMundial’ Global Multistakeholder Meeting on the Future of Internet Governance in São Paulo, Brazil, April 23 and 24.””We think this plan provides the roadmap for making ICANN into a truly global and multistakeholder institution,” said Dr. Milton Mueller, co-author with Dr. Brenden Kuerbis.The contracts ICANN and Verisign have with the US Government “are an understandable legacy of the Internet’s origins in Defense Department and National Science Foundation, the U.S. has maintained control of ICANN long after it promised to let go. This has invited other governments, including authoritarian ones, to demand equal oversight authority over the DNS.””Unless we take a consistent and principled approach to non-governmental Internet governance,” Dr. Mueller claimed, “it is only a matter of time before other governments succeed in bringing the coordination and management of the Internet under the control of intergovernmental treaty organisations.”The IGP proposal is an attempt to develop a blueprint for globalisation of the IANA functions. In summary, the plan outlined on the IGP blog would:
- “structurally separate the IANA functions from ICANN’s policy process, and ensure that the IANA functions are never used for political or regulatory purposes
- integrate the DNS-related IANA functions with the Root Zone Maintainer functions performed by Verisign, and put them into a new, independent “DNS Authority” (DNSA)
- create a nonprofit controlled by a consortium of TLD registries and root server operators to run the DNSA.
- complete the transition by September 2015, when the current IANA contract expires.”
“It’s important/essential not to conflate policy with the operation of the root zone,” Kuerbis said in the IGP post. “It makes sense to put operational authority in the hands of an entity comprised of the registries and root server operators, as they are directly impacted by operation of the root, and have strong incentives to ensure its stability and security.””Contractually binding the DNSA to ICANN ensures adherence to the policy development process, and provides an important accountability function,” Kuerbis added. “It’s an institutional design that is consistent with the multistakeholder model and achievable in the near term.”The proposal was submitted to the NETMundial (Brazil) meeting on 2 March and can be download and commented on through links from the original IGP post at www.internetgovernance.org/2014/03/03/a-roadmap-for-globalizing-iana.
Security is an ongoing issue for the domain name system and TLD registries are at the forefront of dealing with it.
So in 2011 CENTR, on its membersâ request, created a Security Working Group for ccTLDs to share security best practices and discuss ways to mitigate security risks, the latest CENTR News highlights.
At a recent workshop in Brussels and for the second time a workshop was dedicated to one topic only, the ISO 27001 security standard.
âOver the past few years I got a lot of questions from colleagues from other ccTLDs about ISO 27001,â Bert ten Brinke, Security Officer with SIDN, Chair of the CENTR Security working group and expert in the field of ISO 27001 told CENTR News. âAfter a short inventory, the idea was born to organise a workshop completely focused on ISO 27001.â
âISO forces you to build a process to deal with security risks within and around your organisation and its core tasks,â reported CENTR News. âWhen everyone involved starts to operate according to this process an organisationâs security will become less dependent on individual employees. Bert ten Brinke feels this is the main reason why ISO 27001 increases the chance of a better secured registry.â
âThere are alternative standards that can be useful for ccTLDs and itâs of course possible to build your own processes follow your own standards. But by doing so, youâll risk having to explain your standard over and over again. Official standards donât have that issue. They are already accepted and used by a whole community.
âFor companies there are a lot of security standards which can be used. Examples are: the American COBIT (Control Objectives for Information and Related Technology), which is an IT governance framework that addresses every aspect of IT and the originally British ISO 27001(International Organization for Standardization). COBIT lays more focus on Risk Management and following Bert ten Brinke it is more difficult to implement than the ISO27001 standard.â
âIt is important to build a standard according to your organisation and not the other way aroundâ. This is Bertâs main advice for ccTLDs that are considering implementing systematic security processes by means of an official standard. Furthermore, in order to start implementing security processes in a successful way the full support of the CEO or Managing Director is crucial.
âAn ISO certificate is an engagement for the future. When you are certified ISO27001 for the first time this is only the beginning. Each year you have to proof that you are âworthâ the certificate and after three years, you have to recertify. For most companies itâs a never ending circle of security improvement.
On registry to recently acquire ISO27001 certification was nic.at, the registry for .at domain names. The announcement was made at the recent Domain Pulse conference held in Salzburg, Austria, and Richard Wein, General Manager, said the certification was proof of the registryâs dedication to security of .at domain names.
Elsewhere in the February 2014 edition of CENTR News, there are articles on CENTR preparations for the next Internet Governance Forum meeting to be held in Istanbul in September. Plus an update on DNSSEC in Europe, which shows there are two-thirds (67%) of registries that have implemented the security standard and a quarter (26%) planning its implementation, which are the findings of a survey of 26 ccTLD registries.
Plus there is a Q&A with Nominet Brand Manager Becky Bradburn and a European ccTLD update.
To download the latest CENTR News, go to https://centr.org/news/european-cctld-news-february-2014.