The British government says cyber crime is now one of the biggest risks to national security. A new cyber crime unit is to be set up which will both defend from and be able to attack other nations. As more of the world comes online, so the number and location of PCs available for hijacking is changing. Spencer Kelly investigates what the latest threats look like, and how they can be avoided. For the full story on "How to avoid the fake security tool scam", click here

 

(Source: BBC)

Full story

BBC

Google Inc admitted for the first time its "Street View" cars around the world accidentally collected more personal data than previously disclosed -- including complete emails and passwords -- potentially breathing new life into probes in various countries. The disclosure comes just days after Canada's privacy watchdog said Google had collected complete emails and accused Google of violating the rights of thousands of Canadians. "If in fact laws were broken...then there's some serious question of culpability and Google may need to face significant fines," said Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a Washington DC-based privacy advocacy group.

Regulators in France, Germany and Spain, among others, have opened investigations into the matter. A coalition of more than 30 state attorneys general in the United States also have launched a joint probe. It remains unclear how many people may have been affected by the privacy breach.

 

(Source: Reuters)

Full story

Reuters

The Department of the Prime Minister and Cabinet has sponsored a new online directory of Australia's security professionals and academia, which aims to highlight leaders in the industry. The National Security Research Directory is a brain's trust of hundreds of experts operating in a burgeoning list of fields across IT security, biometrics and counter-terrorism. It includes research topic areas such as applied cryptography, physical security and "ubervelliance" — a system with the ability to automatically locate and identify individuals and predict their movements.

Deputy national security advisor Margot McCarthy said the network will tighten coordination on matters of national security in the public and private sectors. McCarthy also announced the National Security Advisor's Group within the Department of the Prime Minster and Cabinet, which will report directly to the National Security chief information officer, Rachael Noble, on issues including cybersecurity.

 

(Source: ZD Net)

Full story

ZD Net

In UK, ISPs must pay 25 per cent of the cost of implementing new anti-piracy measures, it has been announced. The process of identifying and informing broadband customers suspected of copyright infringement will be paid for partially by ISPs and copyright holders, who will pay the other 75 per cent.

The decision comes as the government attempts to thrash out the details of how some parts of the controversial Digital Economy Act will actually work in practice. Minister for Communications, Ed Vaizey, said: "Protecting our valuable creative industries, which have already suffered significant losses as a result of people sharing digital content without paying for it, is at the heart of these measures. "The Digital Economy Act serves to reduce online copyright infringement through a fair and robust process and at the same time provides breathing space to develop better business models for consumers who buy music, films and books online.

 

(Source: Webuser)

Full story

Webuser

Germany is the first country to launch a large scale malware cleaning project backed by the government, Internet service providers and security companies.

The new Anti-Botnet Counseling Center (Anti-Botnet Beratungszentrum) is an organization dedicated to assisting German users with removing botnet infections from their computers. It was established with funding from the Federal Ministry of Interior and the technical assistance is provided by the Federal Office for Information Security (BSI). The initiative was announced late last year as a collaboration between the Federal Government and the German Internet Industry Association (eco).

 

(Source: Softpedia)

Full story

Softpedia

An awkwardly-worded reply by Defence Secretary Liam Fox to questions in the House of Commons suggests that cuts in information security spending are not on the agenda for the Strategic Defence and Security Review (SDSR), which is due to report back in the Autumn. On the contrary, Britain is looking to boost its capabilities in the area. Cyber-security is an important element of the SDSR and has already had considerable consideration. Decisions on enhancing our capabilities will form part of the review, which we will announce to the House later this autumn.

Developing a military cyber-security policy should not be the responsibility of the Ministry of Defence alone, Fox added. Investing in better cyber-security will not be an option for the United Kingdom. What is being considered under the National Security Council as part of the SDSR is how that occurs. We will face increasing threats in cyberspace in the years ahead-the question is how we identify the weakest areas, which need to be looked at first, and how we develop the technologies so that, as the other technologies that might affect us continue to evolve, we are best protected.

 

(Source: The register)

Full story

The register

The government is expanding its scholarship program for students in cybersecurity fields. About 108 universities participate in the 9-year-old Scholarship for Service program, which covers up to two years of tuition in exchange for two years of federal service. More schools, including community colleges, will be added in June, White House cybersecurity coordinator Howard Schmidt said Tuesday at the Interagency Resources Management Conference.

The expansion will be announced at the annual Colloquium for Information Systems Security Education — a conference that brings together academic, government and industry cybersecurity professionals — in June in Baltimore, Schmidt said.

 

(Source: Federal Times)

Full story

Federal Times

Two senators yesterday introduced a bill that seeks to build a multilateral framework to mitigate and respond to disrupting cyber attacks.

The bill, sponsored by Sens. John Kerry, D-Mass., and Kirsten Gillibrand, D-N.Y., would create an ambassador-rank coordinator position at the State Department that would advise the secretary of State on international cyberspace and cybersecurity issues. The coordinator would promote development of a strategy for international cyber engagement, including considering the utility of negotiating a multilateral framework that would provide internationally acceptable principles to mitigate cyberwarfare.

 

(Source: Federal Times)

Full story

Federal Times

 

In a bid to cut down on fraud and inappropriate content, the organization responsible for administering Russia's .ru top-level domain names is tightening its procedures. Starting April 1, anyone who registers a .ru domain will need to provide a copy of their passport or, for businesses, legal registration papers.

Loopholes in the domain name system help spammers, scammers and operators of pornographic Web sites to avoid detection on the Internet by concealing their identity. Criminals often play a cat-and-mouse game with law enforcement and security experts, popping up on different domains as soon as their malicious servers are identified. Criminals in eastern Europe have used .ru domains for a while, registering domain names under fake identities and using them to send spam or set up command-and-control servers to send instructions to networks of hacked computers.

 

(Source: PC World)

Full story

PC World

At the eighth Ministerial eHealth Conference in Barcelona today, EU ministers have outlined a joint vision and policy priorities on how to make eHealth more accessible, interactive and customised to patients. The Declaration outlines a vision and identifies key objectives to be achieved in the next ten years.

The Declaration calls for policy coordination amongst the various areas where eHealth can have an impact on citizens' health in order to enhance benefits for patients, healthcare systems and society. It recognises the need for stronger synergies with policy areas like competitiveness, research and regional development both at European and national levels.

 

(Source: Europe's Information Society)

Full story

Europe's Information Society

China has issued new restrictions on Internet use, requiring those wanting to set up a website to meet regulators and provide identity documents, in a move slammed Wednesday by one rights group. The new rules come as the United States has stepped up pressure on Beijing to break down its vast system of web controls -- the so-called "Great Firewall of China" -- for the more than 380 million people now online in the country.

Washington issued those calls after US Internet giant Google said last month it was considering pulling out of China over cyberattacks and Chinese government censorship of its search results. China's Ministry of Industry and Information Technology issued the new guidelines to local authorities on February 8 and lifted a ban imposed in December on individuals acquiring .cn domain names, state media said Tuesday.

 

(Source: AFP)

Full story

AFP

Last year, the Internet began to be seen as a basic human right and some countries have instituted legal means of guaranteeing that the vast majority of their citizens have access to a quality Internet connection. Other countries, though, are going the other way, hindering their citizen's web use and in some cases moving to disconnect them altogether. In France, the heavily criticized and disputed, so-called "three strikes" law has come into effect starting January 1st. Its backers are quick to boast the laws unabridged effectiveness, but common sense points the other way.

How exactly the agency will determine users' email addresses, or even harder, the address they are actively using remains to be seen.

 

(Source: Softpedia)

Full story

Softpedia

Chinese authorities caught nearly 5,400 suspects last year in a crackdown on online pornography and have vowed to strengthen Internet policing.

Beijing's pervasive policing of cyberspace and attempts to block the Internet are already among the world's most stringent. In a statement late Thursday, the Ministry of Public Security said the "purification of the Internet" and fighting of online crime are closely tied to the country's stability. "Lewd and pornographic content seriously pollutes the online environment, depraves social morals and poisons the physical and psychological health of the masses of young people," the statement said. "It must be firmly controlled."

 

(Source: AP)

Full story

AP

Australia said Tuesday it would push ahead with a mandatory China-style plan to filter the Internet, despite widespread criticism that it will strangle free speech and is doomed to fail.

Communications Minister Stephen Conroy said new laws would be introduced to ban access to "refused classification" (RC) sites featuring criminal content such as child sex abuse, bestiality, rape and detailed drug use. Blacklisted sites would be determined by an independent classification body via a "public complaint" process, said Conroy, admitting there was "no silver bullet solution to cyber-safety".

 

(Source: AFP)

Full story

AFP

The government is preparing to set up a National Identity Management Center (NIMC) to distribute National Identity Cards (NIDC) across the country. Government officials said that the center will be located in Kathmandu and will distribute cards through thousands of government employees mobilized across the country.

Government officials are making preparations to set up the center on the basis of the recently submitted recommendations of a task force formed to study the need and structure of such a center. “We have recommended to the government to set up NIMC to distribute NIDCs as committed in the national budget and government policy and programs," Lilamani Paudel, Secretary at the Office of the Prime Minister and Council of Ministers (OPMCM), told myrepublica.com.

 

(Source: Republica)

Full story

BBC

Online sales in China almost doubled in the first nine months of this year, official data showed Tuesday, as the nation becomes more switched on and confident in Internet shopping.

China's enormous Internet community spent 168.9 billion yuan (25 billion dollars), a 90 percent increase from the same period last year, the government data showed. And Di Jiankai, a director-general of the commerce ministry, told reporters the total figure for the whole year was expected to exceed 260 billion yuan. He did not providing a comparative figure for 2008. "The commerce ministry pays great attention to e-commerce," he added. "It is a very important business form we can use to boost consumption."

 

(Source: AFP)

Full story

AFP

While the Senate bogs down in negotiations over drafting major cybersecurity reform legislation, a House panel Wednesday passed a nuts-and-bolts IT security bill that would require the president to assess the government's cybersecurity workforce, including an agency-by-agency skills assessment, and provide scholarship to students who agree to work as cybersecurity specialists for the government after graduation.

"There are some very technically, sophisticated ways in enhancing cybersecurity, but there are some simple ways, also. Some aspects of computer security are rocket science and others are fairly, simple precautionary steps which most people can take."

 

(Source: Gov Info Security)

Full story

Gov Info Security

In today’s technologically advanced world, documents and correspondences that were once sent by post are now exchanged electronically. This exchange takes place smoothly until a signature is required in the transaction. Then the entire process falls back to the real ‘e-less’ world of paper documents, faxes, snail-mail and even physical presence.

Technology, however, has not ceased to search for solutions to this barrier. The result: a method that is accurate and arguably more secure than the traditional handwritten signature, which allows documents to be signed online — e-signatures.

 

(Source: Business Today)

Full story

Business Today

China has issued rules banning the beating and confinement of youths being treated for Internet addiction after revelations of abuse at rehabilitation clinics, including the death of one teenager. The regulations posted on the health ministry's website Wednesday stressed that restraint must be used in dealing with such youngsters as "the concept of 'Internet addiction' has not been fully defined".

In August, the beating death of a teenage boy enrolled by his parents at an Internet addiction camp in southern China's Guangxi region provoked outrage across the country.

 

(Source: AFP)

Full story

AFP

Internet users throughout Europe accused of illegal file-sharing are to receive more protection from being cut off by their service provider. The European Parliament and Council is due to make a decision on its Telecoms Reform Package in late November. The package will entitle users in all 27 EU states to be put through a "fair and impartial procedure" before being disconnected.

The outcome is a compromise agreed during all night negotiations. Some members of the European Parliament felt nobody should lose their connection until after they had been prosecuted in a court for illegally downloading content.

 

(Source: BBC)

Full story

BBC

Facebook outlined changes to its privacy policy on Thursday and asked for feedback from the social network's more than 300 million users. Members will have until November 5 to send in their comments about the proposed changes.

"This is the next step in our ongoing effort to run Facebook in an open and transparent way. After the comment period is over, we'll review your feedback and update you on our next steps." Some of the changes to Facebook's privacy policy are the result of pressure from Canada, whose privacy czar conducted an investigation into its handling of personal information.

 

(Source: AFP)

Full story

AFP

Nearly a decade after it introduced a program to internationalize domain names, the Internet Corporation for Assigned Names and Numbers is expected to take another step on Friday. ICANN, during its annual meeting in Seoul, Korea, will vote on the internationalized domain names (IDN) initiative, better known as the Fast Track.

"In Seoul, we plan to move forward to the next step in the internationalization of the Internet, which means that eventually people from every corner of the globe will be able to navigate much of the online world using their native language scripts," said Rod Beckstrom, ICANN's CEO.

 

(Source: NewsFactor)

Full story

NewsFactor 

Developing countries risk missing out on the benefits of information technology because of their lack of broadband infrastructure, a U.N. agency said.

Lack of broadband Internet access deprives countries of the possibility of building up offshoring industries, the United Nations Conference on Trade and Development (UNCTAD) said in a report late on Thursday. It also prevents people from tapping into all the advantages of mobile phones, whose use is exploding in poor countries. "What is known as the broadband gap for example is becoming a serious handicap for companies in many poor countries," he told a briefing to launch UNCTAD's Information Economy Report.

 

(Source: Reuters)

Full story

Reuters 

The Internet is set for its biggest technical change in decades when a new multilingual address system is approved this week, a global regulatory body said Monday.

The Internet Corporation for Assigned Names and Numbers (ICANN) said it would declare an end to the exclusive use of Latin characters for website addresses on Friday -- the final day of its six-day conference in Seoul. When the change comes into force, it will be possible to use characters from other languages -- such as Chinese, Arabic, Korean and Japanese -- for a full Internet address, instead of for just part of an address as now.

 

(Source: AFP)

Full story

AFP

Nigeria's anti-corruption police is working with Microsoft to halt thousands of fraudulent emails in a crackdown on internet crime in Africa's most populous country, an agency spokesman said.

The Economic and Financial Crimes Commission (EFCC) said on Thursday its new project "Eagle Claw," expected to become fully operational within six months, is aimed at improving Nigeria's tarnished image as one of the world's top countries for internet crime. The agency said it has already shut down 800 scam websites and arrested 18 people.

 

(Source: Reuters)

Full story

Reuters 

The European Parliament has given the green light for member states to cut persistent file-sharers off from the net. It has dropped an amendment to its Telcoms Package which would have made it hard for countries to cut off pirates without court authority. It follows pressure from countries keen to adopt tough anti-piracy laws.

The French government has just approved plans which could see pirates removed from the net for up to a year. The UK's file-sharing policy is also likely to include a clause about disconnecting persistent offenders. The European Parliament was originally opposed to such legislation, claiming internet access was a basic human right.

 

(Source: BBC)

Full story

BBC 

The Republic of Montenegro officially became a member of the International Multilateral Partnership against Cyber Threats (IMPACT), which is established under the International Telecommunication Union (ITU) and consists of 191 members. The President of the Board of Directors of IMPACT -Mr. Datuk Muhd Noor Amin- welcomed Montenegro's membership in IMPACT and stated that Montenegro acquired the status of a full member in this international organization.

Montenegro has recently acquired the capability to track new information on cyber threats. More particularly, the participation in IMPACT will assist Montenegro in the identification of cyber threats in the early stages of their development.

 

(Source: eGov Monitor)

Full story

eGov Monitor

About a third of UK employees throw sensitive documents in the bin instead of shredding them, research suggests. The study also found almost three-quarters of workers felt their organisations could do more to protect their customers' sensitive information.

The data was compiled for National Identity Fraud Prevention Week. Identity fraud costs the UK more than £1.2bn annually. The UK's Fraud Prevention Service says 60,000 people have fallen victim so far this year.

 

(Source: BBC)

Full story

BBC 

Privacy and security are foundational to health care reform. Patients will trust electronic health care records only if they believe their confidentiality is protected via good security.

As vice chairman of the federal Healthcare Information Technology Standards Committee, I have been on the front lines in the debate over the standards and implementation guidance needed to support the exchange of health care information. Over the past few months, I've learned a great deal from the committee's privacy and security workgroup.

 

(Source: ComputerWorld)

Full story

ComputerWorld

US Homeland Security Secretary Janet Napolitano said Thursday that her department has received the green light to hire up to 1,000 cybersecurity experts over the next three years.

Kicking off "National Cybersecurity Awareness Month," she said the new recruits would "help fulfill the department's broad mission to protect the nation's cyber infrastructure, systems and networks." "Effective cybersecurity requires all partners -- individuals, communities, government entities and the private sector -- to work together to protect our networks and strengthen our cyber resiliency," Napolitano said.

 

(Source: AFP)

Full story

AFP

Federal Communications Commission Chairman Julius Genachowski is expected to outline network-neutrality proposals on Monday, according to Reuters. The proposals could become rules at the FCC's October meeting.

Neutrality advocates want Internet service providers barred from blocking or slowing Internet traffic based on content. ISPs, including AT&T, Verizon Communications, and Comcast, say growing traffic needs to be managed, and they contend that neutrality could stifle innovation.

 

(Source: NewsFactor)

Full story

NewsFactor

The French National Assembly has passed a draft law that would allow illegal downloaders to be thrown off the net. The law was narrowly passed by 285 votes to 225.

The French hard-line policy on piracy has drawn worldwide attention as nations around the globe grapple with the issue of piracy. The ruling majority UMP voted in favour but the Socialist Party has already announced that they will appeal to the Constitutional Court once again. The Constitutional Court insisted that a judge rather than a high authority had to rule on the issue of whether to disconnect users.

 

(Source: BBC)

Full story

BBC

South Korea plans to train 3,000 "cyber sheriffs" by next year to protect businesses after a spate of attacks on state and private websites, a report said Sunday. The "cyber sheriffs" would be tasked with "protecting corporate information and preventing the leaks of industrial secrets," Yonhap news agency said.

In the event of cyber attacks, the National Intelligence Service, the country's main spy agency, would set up a taskforce including civilian and government experts to counter the online threats, it added. The country already has a military cyber unit. South Korea, where 95 percent of homes have broadband, is among the top countries in terms of access to the high-speed Internet.

 

(Source: AFP)

Full story

AFP

Web sites that collect information about visitors in order to target advertising on their own pages would be required to prominently disclose what information they gather. Web sites that share user information with outside advertising networks, which place ads on sites all over the Internet, would be required to obtain user approval before collecting data. Web sites that deal with sensitive personal information, such as medical and financial data, sexual orientation, Social Security numbers and other ID numbers, would be subject to the opt-in rule.

Rep. Rick Boucher, chairman of the House Energy and Commerce Subcommittee on Communications, Technology and the Internet, hopes to put in a bill governing Internet advertising.

 

(Source: AP)

Full story

AP

China approved of Google's efforts to filter porn from search results on its China portal following state-led criticism of the links, the former head of Google China said Sunday.

Google.cn has long filtered out some results for sensitive searches. The search engine displays a notice that some results have been filtered for search terms such as "Tiananmen," the square in Beijing around which soldiers killed hundreds to disperse a student democracy protest in 1989, or for the names of major political leaders. The search engine currently displays no search results at all for "Xu Zhiyong," the name of a human rights lawyer recently detained for about one month. The results screen says the search "may touch on content that does not conform with the related laws, regulations and policies"

 

(Source: PCWorld)

Full story

PCWorld

A coalition of 10 U.S. privacy and consumer groups has called for new federal privacy protections for Web users, including a requirement that Web sites and advertising networks get opt-in permission from individuals within 24 hours of collecting personal data and tracking online habits.

In a broad set of new recommendations for privacy regulations released Tuesday, the groups also called on the U.S. Congress to prohibit Web sites and ad networks from collecting behavioral information about children under age 18, whenever it's possible to distinguish the age of the Web user, and to require that online businesses inform consumers about the purpose of the information collection.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Federal judge George Wu officially overturned the conviction of Lori Drew, who was convicted of cyberbullying 13-year-old Megan Meier to suicide. That conviction was based on the federal Computer Fraud and Abuse Act (CFAA), which makes it a crime to intentionally accessing a computer system with intent to commit a crime or tort.

At trial, the jury found Drew guilty of misdemeanor violations of CFAA based on the theory that accessing MySpace with intent to harrass Meier was an unauthorized access of an interstate computer.

 

(Source: ZDNet)

Full story

ZDNet

If Google Inc. digitizes the world's books, how will it keep track of what you read? That's one of the unanswered questions that librarians and privacy experts are grappling with as Google attempts to settle a long-running lawsuit by publishers and copyright holders and move ahead with its effort to digitize millions of books, known as the Google Books Library Project.

Librarians and the online world have different standards for dealing with user information. Many libraries routinely delete borrower information, and organizations such as the American Library Association have fought hard to preserve the privacy of their patrons.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Facebook has agreed to make worldwide changes to its privacy policy as a result of negotiations with Canada's privacy commissioner. Last month the social network was found to breach Canadian law by holding on to users' personal data indefinitely.

It will also make it clear that users can deactivate or delete their account. "These changes mean that the privacy of 200 million Facebook users in Canada and around the world will be far better protected," said Canadian privacy commissioner Jennifer Stoddart.

 

(Source: BBC)

Full story

BBC

Internet service providers (ISPs) have reacted with anger to new proposals on how to tackle internet piracy. The government is proposing a tougher stance which would include cutting off repeat offenders from the net.

TalkTalk's director of regulation Andrew Heaney told that the ISP was as keen as anyone to clamp down on illegal file-sharers. "This is best done by making sure there are legal alternatives and educating people, writing letters to alleged file-sharers and, if necessary, taking them to court. But disconnecting alleged offenders will be futile given that it is relatively easy for determined file-sharers to mask their identity or their activity to avoid detection," he added.

 

(Source: BBC)

Full story

BBC

The US Marine Corps on Tuesday renewed a ban on Twitter and other social networking sites as the Pentagon weighed a similar prohibition over cybersecurity concerns. The Marines had already banned the use of social media on military networks but issued a more detailed order this week defining which sites were out of bounds and noting possible exceptions to the rule, Marine Corps spokesman Lieutenant Craig Thomas told AFP.

"These Internet sites in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries," the Marine Corps said in an order posted on its website.

 

(Source: AFP)

Full story

AFP

High-tech Japan is gearing up for elections, but you won't hear a tweet from Prime Minister Taro Aso or his main rivals. When election campaigning officially begins on August 18, a cyberspace ban will make it illegal for politicians to update their Internet blogs, share their political views by email or put new videos online.

It is an odd situation in one of the world's most wired countries, where more than 60 percent of the population regularly uses the Internet. Japanese politicians "are missing a real chance to try to generate interest among young voters by not allowing cyber campaigning," said Professor Jeff Kingston, director of Asian Studies at Temple University in Tokyo.

 

(Source: AFP)

Full story

AFP

The U.S. Department of Health and Human Services (HHS) is about to rule whether health care entities will need to notify patients if their de-identified data -- patient data that has been stripped of all potential for identifying individuals, which is often used for research and development -- is breached. As it stands now, de-identified data is not subject to the new breach-notification rules imposed by the HITECH privacy provisions of the 2009 American Recovery and Reinvestment Act (ARRA) stimulus package. The debate pits privacy activists on the one side -- who often support notification -- with health care organizations on the other, which say the quality of health care hangs in the balance.

 

(Source: ComputerWorld)

Full story

ComputerWorld

China has banned Web sites from advertising or linking to games that glamorize violence, another step in China's censorship campaign aimed at ensuring social stability ahead of the 60th anniversary of communist rule on Oct. 1.

A notice posted on the Culture Ministry Web site on Monday said games that promote drug use, obscenities, gambling, or crimes such as rape, vandalism and theft are "against public morality and the nation's fine cultural traditions." "Such online games promote the glorification of mafia life ... and are a serious threat to the moral standards of society causing vulnerable young people to be adversely affected," the notice said. The ban on the Web sites starts immediately.

 

(Source: AP)

Full story

AP

Amid concerns that the U.S. has a shortage of cybersecurity professionals, a new consortium of U.S. government and private organizations aims to identify students with strong computer skills and train them as cybersecurity guardians, warriors and "top guns."

The U.S. Cyber Challenge initiative will bring together three cybersecurity competitions for high school or college students and launch new in-person competitions, said Alan Paller, research director at the SANS Institute, a cybersecurity training organization. The organizers of the U.S. Cyber Challenge also plan to offer scholarships to promising students and hook them up with internships and jobs, Paller said.

 

(Source: ComputerWorld)

Full story

ComputerWorld

 

Russia's most powerful business lobby moved to clamp down on Skype and its peers this week, telling lawmakers that the Internet phone services are a threat to Russian businesses and to national security.

In partnership with Prime Minister Vladimir Putin's political party, the lobby created a working group to draft legal safeguards against what they said were the risks of Skype and other Voice over Internet Protocol (VoIP) telephone services.

 

(Source: Reuter)

Full story

Reuter

Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found.

The study describes a fragmented federal cyber force, where no one is in charge of overall planning and government agencies are "on their own and sometimes working at cross purposes or in competition with one another." The report, scheduled to be released Wednesday, arrives in the wake of a series of cyberattacks this month that shut down some U.S. and South Korean government and financial Web sites.

 

(Source: AP)

Full story

AP

Computer security experts were divided Thursday on whether North Korea was behind the ongoing attacks on US and South Korean websites, an assault that highlighted the vulnerabilities of the Web.

The so-called distributed denial of service (DDoS) attack used an army of malware-infected computers known as a "botnet" in a bid to paralyze US and South Korean websites by overwhelming them with traffic.

Around a dozen websites in the United States, including those of the White House, State Department and Pentagon, and another dozen in South Korea were among those targeted in the attack which began on Sunday.

 

(Source: AFP)

Full story

AFP

A botnet comprised of about 50,000 infected computers has been waging a war against U.S. government Web sites and causing headaches for businesses in the U.S. and South Korea.

The attack started Saturday, and security experts have credited it with knocking the U.S. Federal Trade Commission's (FTC's) Web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the U.S. Department of Transportation (DOT).

 

(Source: ComputerWorld)

Full story

ComputerWorld

A U.S. district court has ordered key players in an international spam ring to give up $3.7 million that they made by sending out illegal e-mail messages pitching bogus hoodia weight-loss products and a “human growth hormone” pill they claimed reversed the aging process.

In a Federal Trade Commission law enforcement action, the court found that the five defendants, located in Canada and St. Kitts, violated the FTC Act and the CAN-SPAM Act by participating in the spam operation. The court order bars the defendants from violating the CAN-SPAM Act and from making false or unsubstantiated claims about the health benefits of any food, drug, or dietary supplement.

 

(Source: Federal Trade Commission)

Full story

Federal Trade Commission

The Obama administration is moving cautiously on a new pilot program that would both detect and stop cyber attacks against government computers, while trying to ensure citizen privacy protections.

Any involvement of the NSA - the agency oversees electronic intelligence-gathering - in protecting domestic computer networks worries privacy and civil liberties groups who oppose giving such control to U.S. spy agencies.

 

(Source: AP)

Full story

AP

One of Britain's biggest online paedophile inquiries is to be challenged in the court of appeal amid allegations from campaigners that hundreds of men have been wrongly convicted in a mass miscarriage of justice.

Senior officers in Ceop, the child exploitation and online protection unit, who co-ordinated the inquiry, have been anticipating the test case for some time. They are adamant that Ore was an extremely successful operation, which led to more than 2,600 British men who downloaded images of child abuse, or attempted to, being brought to justice. The vast majority of them pleaded guilty.

 

(Source: Guardian)

Full story

Guardian

Lori Drew, 50, pretended to be a boy on the MySpace website to befriend Megan Meier, who hanged herself after the virtual friendship ended. Sentencing will take place this week in the first federal cyber bullying case in the US which was brought to trial after a teenage girl took her own life.

The US National Crime Prevention Council in a report last year found that 43% of teens are exposed to cyber bullying in one form or another yet only one in 10 kids told their parents. "Cyber bullying can have such a devastating effect on our young people from depression to falling grades and low self esteem. This case shows however that cyber bullying is not something that just young people commit but we as adults can also be at fault," said the council's Michelle Boykin.

 

(Source: BBC)

Full story

BBC

China will limit the number of messages that a mobile number can send per day to battle rampant spam messages clogging cell phones, state media said on Friday.

Spam messages, largely consisting of real estate offers, ads for English lessons, fake tax receipts and other frauds have grown very quickly in China in recent years. It is not unusual to receive dozens of messages a day, including the odd gun ad.

One mobile number cannot send more than 200 messages per hour or 1,000 per day on weekdays, according to the agreement. On holidays, 500 messages per hour and 2,000 per day may originate from one number.

 

(Source: Reuter)

Full story

Reuter

The US military announced a new "cyber command" designed to wage digital warfare and to bolster defenses against mounting threats to its computer networks. The move reflects a shift in military strategy with "cyber dominance" now part of US war doctrine and comes amid growing alarm over the perceived threat posed by digital espionage coming from China, Russia and elsewhere.

President Barack Obama has put a top priority on cyber security and announced plans for a national cyber defense coordinator. A recent White House policy review said that "cybersecurity risks pose some of the most serious economic and national security challenges of the 21st century." Obama has promised privacy rights would be carefully safeguarded even as the government moves to step up efforts to protect sensitive civilian and military networks.

 

(Source: AFP)

Full story

AFP

The takedown last week of a rogue ISP by the U.S. Federal Trade Commission (FTC) slashed spam volumes by about 15% and reduced the spam spewed by a pair of big-name botnets by as much as to just 64%, a security firm said today.

"Spam dropped 15% across the board," said Bradley Anstis, director of technology strategy at Marshal8e6. "We especially noticed [the drop] over the weekend," he said, adding that the decline picked up steam slowly.

Last Tuesday, a federal court ordered the plug pulled on 3FN, an ISP operated by Belize-based Pricewert, after the FTC complained that the company hosts spam botnet command-and-control servers, as well as sites operated by child pornographers, identity thieves and other criminals.

 

(Source: ComputerWorld)

Full story

ComputerWorld

A Chinese developer of pornography filtering software protested reports linking the program to China's broader Internet censorship on Wednesday, after the government ordered that his software be distributed with all PCs sold in the country.

The government edict requiring PC makers to distribute the program touched off concerns that it could be used to block access to politically sensitive material online in addition to pornography.

China says the initiative is meant to protect children from "harmful" online content. The software blocks only illegal materials such as pornography and some content related to gambling and drugs, said Bryan Zhang, the general manager of Jinhui.

 

(Source: PCWorld)

Full story

PCWorld

Movie directors, composers, authors, legal experts, policy-makers and others are meeting in Washinton this week to discuss the "threats and opportunities" the Internet poses to copyright in the digital age.

Some 500 delegates from more than 55 countries are scheduled to attend the 2nd World Copyright Summit being held on Tuesday and Wednesday at the Ronald Reagan Convention Center. Web and software giants Google and Microsoft and representatives of movie, music and book rights societies are also among those attending the summit organized by the International Confederation of Societies of Authors and Composers (CISAC), whose president is Bee Gees brother Robin Gibb.

Organizer CISAC, listing the "key issues" for the summit, cited "How the digital media environment is providing common threats and opportunities to all creative repertoires."

French Culture Minister Christine Albanel, Hollywood director Milos Forman and US Senator Patrick Leahy, chairman of the Senate Judiciary Committee, are among the nearly 100 speakers slated to address the gathering. Looming over the summit is the threat posed to artists by digital piracy.

 

(Source: AFP)

Full story

AFP

"Persistent illegal file-sharers should be cut off from the net". BBC reports that: "An alliance of United Kingdom's creative industries wants the government to force internet service providers (ISPs) to disconnect users who ignore repeated warnings about sharing illegal content."

"The creative industries, have issued a set of "urgent recommendations" that they want to be included in the United Kingdom government's Digital Britain manifesto. They argue that many jobs in the 800,000-strong sectors of film, TV, music, and software are threatened by illegal file-sharing. However, the Internet Services Providers' Association (Ispa) - a trade body that represents ISP's - said that users could challenge disconnections through the courts and, at present, the technology available for monitoring and detecting illegal sharers was not of a standard "where they would be admissible as evidence in court".

"Suggestions for rights-owners to take many thousands of legal actions seeking damages against individual file-sharers in court are neither practicable nor proportionate and would create a drain on public resources," the joint statement reads. The statement stops short of calling on the government to introduce legislation with detailed technical measures to prevent illegal file-sharing. "Instead, [the government] should provide enabling legislation, for the specific measures to be identified and implemented in an Industry Code of Practice," it recommends.

Read the full story on the BBC website here.

The ITU Regional Cybersecurity Forum for Africa and Arab States, dedicated to “Connecting the World Responsibly”, aims to identify some of the main challenges faced by countries in Africa and Arab States in enhancing cybersecurity and securing critical information infrastructures.

It will consider best practices, information sharing mechanisms and concrete actions for cybersecurity development, taking into consideration the key principles of matching the borderless, transnational nature of cyber-threats with meeting specific national and regional requirements. The Forum will consider initiatives at the regional and international levels to increase cooperation and coordination amongst different stakeholders. The forum programme will include interactive sessions on the projects and related tools that ITU is working on to assist Member States in developing and implementing cybersecurity capabilities.

Capacity building activities will be undertaken in the following main areas:

Development of a legal framework;

Development of watch and warning and incident management capabilities, including the establishment of a national computer incident response team (CIRT); and,

Actions to be considered when developing a national cybersecurity strategy and harmonization within the key principles of international cooperation.

The event is expected to bring together government representatives, industry actors, and other stakeholder groups from countries on the African continent and the Arab States to discuss, share information, and collaborate on the elaboration and implementation of national policy, regulatory and enforcement frameworks for cybersecurity. It will benefit information and communication policy makers from ministries and government departments; institutions and departments dealing with cybersecurity policies, legislation and enforcement; and representatives from operators, manufacturers, service providers, industry and consumer associations involved in promoting a culture of cybersecurity.

The forum will be conducted in English, Arabic and French with simultaneous interpretation. Participation in the Forum is open to all ITU Member States, Sector Members, Associates, and other interested stakeholders, including representatives from regional and international organizations.

More detailed information about the event (including the draft forum agenda, online pre-registration, fellowship requests (for eligible LDCs) can be found on the ITU Regional Cybersecurity Forum for Africa and Arab States website at www.itu.int/ITU-D/cyb/events/2009/tunis/.

Register for the ITU Regional Cybersecurity Forum for Africa and Arab States here.

We look forward to seeing you at the event!

A new report of the mobile industry shows that some progress has been made by the 26 mobile operators signed up to the "European Framework for Safer Mobile Use by Younger Teenagers and Children” brokered by the Commission in February 2007 (IP/07/139). These operators serve around 580 million customers, 96% of all EU mobile customers. "The new report of the mobile phone industry association shows that mobile operators have started to take seriously their responsibilities to keep children safe when using phones," said EU Telecoms Commissioner Viviane Reding.

50% of 10 year-old, 87% of 13 year-old and 95% of 16 year-old children in the EU have a mobile phone, but half of European parents worry mobile phone use might expose their children to sexually and violently explicit images (51%) or bullying by other children (49%), according to a survey. The European Commission today called on mobile operators to do more to keep children safe while using mobile phones by putting in place all the measures in the voluntary code of conduct, signed by 26 mobile operators in 2007. The report published by the GSM Association, the trade body of the mobile phone industry, showed that national self-regulatory codes based on the framework agreement brokered by the European Commission now exist in 22 Member States, 90% of them in line with the 2007 agreement, and 80% of operators have put in place measures to control child access to adult content.

Read the full EC press release from 20 April 2009 here.

More information on the GSMA report onimplementation of the framework agreement on "Safer Mobile Use by Younger Teenagers and Children" can be found here.

ITU is pleased to announce the launch of its 2009 Cybersecurity and ICT Applications Essay Competition.

The 2009 ITU Cybersecurity and ICT Applications Essay Competition is open to current students and recent graduates in economics, political science, law, literature, telecommunications, computer science, information systems and related fields between the ages of 20 and 30 years old. The winners of the 2009 Essay Competition will be offered the opportunity of a consultancy contract within the ITU Development Sector's ICT Applications and Cybersecurity Division for three months. The winners will be given a contribution towards the cost of an economy class flight from their place of residence. In addition, they will be paid the sum of CHF 6000 towards living expenses for the duration of the contract.

To enter the competition you need to submit an essay on one of the following essay topics:

• Mobiles for Development: Enabling Low-Cost e-Applications for Rural and Remote Areas (e-Health, e-Government, e-Environment)
• Protecting Children and Youth in the Internet and Mobile Age: Innovative Technical and Social Solutions
• Connecting the World Responsibly: Empowering Women and Girls Through Creative Uses of ICTs
• Personal Information Online (internet/mobiles): Responding to User Safety Concerns

All applications should be submitted online through the competition website.

The deadline for applications is 14 June 2009.

We look forward to reviewing your applications and wish you the best of luck in the competition!

 

1 April 2009 was the start of a new anti-piracy law in Sweden where, according to traffic data, an immediate and significant drop (over 30 per cent) occurred in the nation's overall Internet traffic.

"The combined traffic passing through Sweden's Internet Exchange Points usually peaks around 160 Gbit/s, but on Wednesday it peaked at around 110 Gbit/s. That's a huge drop in traffic, and is presumably a direct result of less file sharing taking place. ... Another interesting observation is that there was more traffic than usual during the last days before the law took effect. Were people hoarding films and music? On Tuesday (the day before the law went live) traffic peaked at nearly 200 GBit/s, roughly 25% above normal levels."

Read the full story and view the related statistics at CircleID. 

The Anti�]Phishing Working Group (APWG) and IPC has released a new idustry advisory document titled: "What to do if your site has been hacked by phishers". The purpose of the document is to provide website owners with specific actions they can take when they have been notified that their website or webserver has been infiltrated and used for phishing.

The document notes that "Some phishers use compromised computers to host malicious or illegal activities, including identity theft, fraudulent financial activities, as well as collecting personal information and business identities from their victims for future use. Others attack or 'hack' into and gain administrative control over the legitimate web sites of businesses and organizations of all sizes. Such hacked web sites disguise the bad acts the phishers perform. More importantly, web site hackers are fully aware that the web sites they hack and 'own' are reputably legitimate."

"Law enforcement and anti�]phishing responders respect and operate under established business, technical, and legal constraints when they seek to remedy or take down hacked web sites. These measures protect legitimate web site operators but unfortunately serve the attacker as well by extending the duration of the attack. The Anti�]Phishing Working Group (APWG) offers this document as a reference guide for any web site owner or operator who suspects, discovers, or receives notification that its web site is being used to host a phishing site. The document explains important incident response measures to take in the areas of identification, notification, containment, recovery, restoration, and follow�]up when an attack is suspected or confirmed. This document serves a guideline for web site owners."

See the full APWG "What to do if your site has been hacked by phishers" Industry Advisory here.

The ITU has launched new partnerships to help 13 Pacific Island countries develop information and communications technology (ICT) in the region.

In a joint communiqué issued at the end of the Pacific ICT Ministerial Forum, held in Tonga, senior officials from the 13 countries called for greater coordination to minimize overlap in ICT initiatives and maximize the impact of investments in development projects. The ministers, including two Prime Ministers, called for rapid implementation of regional connectivity projects and for reinforced efforts to create more ICT professionals and a workforce with technical skills.

“The Pacific Island countries have clearly stated their objectives and priorities,” said Director of the ITU Telecommunication Development Bureau, Sami Al Basheer Al Morshid. “ITU is fully committed to work with our partners in delivering results for the Pacific Island States,” added Mr. Al Basheer, who announced several new partnerships to assist the countries. “We are building on the expertise and resources of all interested partners to reinforce our collective impact on ICT development in the Pacific.” The Pacific Island ministers also directed officials to work towards establishing a shared regulatory resource centre and encouraged regional States to make full use of ICT for early warning and response systems to improve disaster preparedness.

See the full ITU press release here.

A new report from ITU, highlights some harsh realities for the global ICT industry. The report, Confronting the Crisis: Its Impact on the ICT Industry, considers how the industry can position itself for recovery in the future.

Confronting the Crisis: Its Impact on the ICT Industry draws on analysis from leading industry experts and international institutions. As the established order is overturned, it says, convergence in the ICT industry will accelerate, with the emergence of new players with new business models. Firms’ ability to weather the economic storm will depend on their ability to invest for the future and explore new opportunities to benefit from the eventual upturn. For an industry founded on innovation, the current turmoil will create openings for nascent ICT companies.

Confronting the Crisis finds that although credit is now less abundant and more expensive, with financing costs for operators on average 3 − 4 per cent higher year-on-year, savvy operators can take advantage of the economic turmoil to reposition their services for the upturn. Funding is still available for players with sound business models, established demand and early projected cash flows. Alternative sources of financing are now needed, with a growing role for government financing and economic stimulus packages.

Many analysts contributing to Confronting the Crisis underlined the need for ICT as vital services and suggested that fixed-mobile substitution and consumers’ decision to switch to mobile telephony may gain momentum in developed markets during a prolonged recession. The report also notes that long project lead times for the satellite industry mean that it has been less affected in the short term, with strong recent growth in demand from developing countries. The financial difficulties facing the private sector could add to pressure for government intervention in the financing of national backbone infrastructure. Governments are already stepping in to diminish the impact on the transition to next-generation networks (NGN), which can carry voice, data and media services simultaneously. Several administrations have announced commitments to invest in their national backbone infrastructure, while others, such as the European Union, have included the roll-out of broadband networks in their economic stimulus packages. Although the financial crisis may delay investment in NGN, it has also led to a widespread reaffirmation of the importance of building advanced telecommunication infrastructure as part of an economic stimulus package.

See the full press release from 16 February 2009.
The report is available for download here.

According to a article in the Indian Hindustan Times, "Indian diplomats now cannot open a Facebook account, use external e-mail services, or write blogs, thanks to new rules and much stricter firewalls aimed at preventing cyber attacks and leakage of classified information. Over the past eight months, the Indian Ministry of External Affairs has been overhauling its computer network security, putting up layers of barriers against intrusions into the network, officials associated with cyber security said. There are almost 600 computers at its headquarters at South Block, about half of which are connected to the Internet. Classified work is typically done on stand-alone computers, usually with the external drives removed. "We have set up a unified threat management system for the ministry. This simultaneously uses eight levels of protection like firewalls and spam mail filtering," said a senior official.

"We are also requesting and encouraging more responsible behaviour from our staff when working online," the official told IANS, requesting anonymity. A circular issued last week asked officials not to log on to social networking sites, specifically citing Facebook, Orkut and Ibibo as examples. The other prohibited practices include download of peer-to-peer music using sites like Kazaa and sharing of photos through Flickr and Picasa. The circular also discourages using services like G-mail, Yahoo! or Hotmail for official communication. A similar circular, officials said, had been issued in the Prime Minister's Office in December. But the matter is even more critical for the foreign office as officials posted in Indian missions abroad or on foreign tours tend to use web-based mail rather than the ministry's own mail system. "We have had cases of senior officers using G-mail or other similar accounts abroad for official work, only to find some form of tampering when they return," the official said, adding people have been told to change their web-mail passwords if they had opened the account during foreign tours. The missions have been told to use their official mail ID issued by the National Informatics Centre for communication. But several missions have complained that the mail home page was inaccessible due to port blocks by local Internet service providers. They have been asked to contact their service providers to unblock the site. "We want to secure communications with Indian missions through private networks. This may be implemented in the next few months," said an official working with the technical team in the ministry.

Read the full article here.

Press release issued simultaneously by ITU and European Commission.

Geneva, 10 February 2009 — ITU and the European Commission have joined forces to mark Safer Internet Day. This year, the focus is on protecting children online.

Children are among the most active — and most vulnerable — participants online. According to recent surveys, over 60 per cent of children and teenagers talk in chat rooms on a daily basis. Three in four children online are willing to share personal information about themselves and their family in exchange for goods and services. One in five children will be targeted by a predator or paedophile each year. Protecting children in cyberspace is, therefore, clearly our duty.

"Children are very resourceful in making the most of online services such as social networking sites and mobile phones," said Viviane Reding, European Commissioner for Information Society and Media. "But many still underestimate the hidden risks of using these, from cyber-bullying to sexual grooming online. Today, I call upon all decision-makers, from both the public and the private sector, to listen and learn from children and to improve awareness strategies and tools to protect minors." Ms Reding added: "The Internet binds the whole world together. The safety of children who use it is a concern for everyone. I am therefore very happy that ITU is associated with us in doing this, today on Safer Internet Day, and all year round."

"Child online safety must be on the global agenda," said ITU Secretary-General Hamadoun Touré. "We must ensure that everyone is aware of the dangers for children online. And we want to promote and strengthen the many outstanding efforts that are being made around the world, such as the Safer Internet Programme, to limit these dangers." This year, the 6th edition of Safer Internet Day includes more than 500 events in 50 countries worldwide. ITU and the European Commission will collaborate on this and future events, such as World Telecommunication and Information Society Day, 17 May 2009, which is dedicated to "Protecting Children in Cyberspace". The European Commission’s Directorate General for Information Society and Media has declared its full support for ITU’s Child Online Protection (COP) Initiative. The EC’s Ins@fe Network will launch a Safer Internet Day virtual exhibition which will host pavilions where visitors can learn more about initiatives undertaken by the 50 participating countries. ITU will host an online pavilion in support of EC’s efforts to raise awareness among youngsters aged 12 to 17 regarding the risks they may face online.

ITU and Child Online Protection (COP)

ITU’s motto is "committed to connecting the world", but we are also committed to connecting the world responsibly. That means working together to ensure cybersecurity, enable cyberpeace, and — more importantly — protect children online. While child online protection programmes exist in many developed countries, there are very few in the developing world today — and very little coordination between them. ITU established the Global Cybersecurity Agenda (GCA) and launched the Child Online Protection (COP) initiative. COP aims to bring together partners from all sectors of the global community to ensure a safe and secure online experience for children everywhere.

See the press release here.

The ITU Regional Cybersecurity Forum for Europe and the Commonwealth of Independent States (CIS) was held in Sofia, Bulgaria from 7 to 9 October 2008.

The forum, which was hosted by the State Agency for Information Technology and Communications (SAITC) of the Republic of Bulgaria, aimed to identify some of the main challenges faced by countries in Europe and CIS in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on cybersecurity development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity. The forum also considered initiatives on the regional and international level to increase cooperation and coordination amongst the different stakeholders.

Approximately 130 people from 25 countries participated in the event from Europe and CIS, as well as from other parts of the world. Simultaneous interpretation in Russian and English was provided for the participants throughout the forum. Full documentation of the forum, including the final agenda and all presentations made, is available on the event website. The meeting report available on the event website summarizes the discussions throughout the three days of the ITU Regional Cybersecurity Forum for Europe and CIS, provides a high-level overview of the sessions and speaker presentations, and presents some of the common understandings reached at the event.

See the website for further information.

 

The Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), which aim to clarify the Act’s requirements.

The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements; (3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and (4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

Continue reading the news release here.

BBC News recently reported the arrest of five hackers described as being among the most active on the internet. The hackers, who include two 16-year-olds, are accused of disrupting government websites in the United States, Asia and Latin America. Spanish police say the hackers co-ordinated attacks over the internet and hacked into 21,000 web pages over two years.

Read the full report here.

On 15 November 2006, a Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on fighting spam, spyware and malicious software had been released. "The Commission Communication on a Strategy for a secure Information Society aims at improving the security of network and information at large and invites the private sector to address vulnerabilities in network and information systems that can be exploited to spread spam and malicious software. The Commission Communication on the Review of the EU Regulatory Framework proposes new rules to strengthen security and privacy in the electronic communications sector." This Communication deals with the evolution of spam, and threats such as spyware and malicious software. It also takes stock of efforts made so far to fight these threats and identifies further actions that can be taken, including strengthening Community law, law enforcement, cooperation within and between Member States, political and economic dialogue with third countries, industry initiatives, and R&D activities.

Among the proposed actions in this Communication are:

1. Member States and competent authorities are called upon to lay down clear lines of responsibility for national agencies involved in fighting spam, ensure effective coordination between competent authorities, involve market players at national level, drawing on their expertise and available information, ensure that adequate resources are made available to enforcement efforts, and subscribe to international cooperation procedures and act on requests for cross border assistance.
2. Companies are encouraged to ensure that the standard of information for the purchase of software applications is in accordance with data protection law, contractually prohibit illegal use of software in advertisements, monitor how advertisements reach consumers and follow up on malpractice, and e-mail service providers to apply a filtering policy which ensures compliance with the recommendation and guidance on e-mail filtering.
3. The Commission aims to continue efforts in raising awareness and fostering cooperation between stakeholders. It also aims to continue to develop agreements with third countries including the issue of the fight against spam, spyware and malware, introduce new legislative proposals that strengthen the rules in the area of privacy and security in the communications sector, present a policy on cyber crime, involve ENISA expertise in security matters, and support research and development in its FP7 program.

With the accelerating development and spread of spam, spyware and malicious software, "the Commission is using its role as an intermediary to create greater awareness about the need for greater political commitment to fight these threats."

Read the full Communication here.
More on European Union Laws here.

The European Network and Information Security Agency, ENISA's report gives an overview on information security certifications of products, people and processes. It addresses common concepts, definitions, certifications of different types, as well as clarifies the mandatory and legal background for some certifications. It also explores the analogies and disparities between a number of existing certification schemes. Finally, it analyses current trends in certification and offers six recommendations to improve network and information security in Europe through a wider use of security certification.

Recommendations:

1. ENISA recommends that organisations should certify their information security management systems, choose certified security products where possible and encourage information security employees to choose
   one or more appropriate personal information security certifications.
2. Starting from ISO 27001 as the standard of choice for the certification of information security management systems in private and public organisations, the development of the complementary standards of the
   27000 family should be encouraged. However, their value must be verified on a case-by-case basis.
   The case of small or medium-sized organisations deserves particular attention.
   
3. Special attention should be paid to areas where Common Criteria evaluation has become mandatory, and to the impact on the market.
   The EC should reconsider the feasibility and benefits of extending the intergovernmental Mutual Recognition Agreement on Common Criteria to all Member States as a shared tool contributing to a more secure e-Communication market.
   Government, vendors and security experts should analyse ways of building solid business models for product certification according to various schemes.
   Framework Programme 7 should consider sponsoring research to analyse the economics of the certification of products.
4. The European Institutions should consider the feasibility of strengthening accreditation schemes related to people certification in IT security as well as a more systematic reference to recognised standards.
   The European Institutions should also encourage the development of people certification adapted to different types of professional use of IT systems, from the enduser level (Computer Driving Licence) to the most professional (e.g. IT security officer).
5. The European Institutions should consider ways to reinforce bridges between education (schools and universities) and the certification process (private training and certificate providers) throughout a professional career.
6. At a more individual level, ENISA recommends that the decision to seek a certificate should be based on the following questions: Do I want information security to be my certified profession? Do I want to prove that I can work in information security? Do I want to prove expertise in a very specific area of security? Or do I just want to prove IT skills which include aspects of security?
   

For more information, please refer to the full report.

The Australian federal Government's plan to have internet service providers filter pornography and other internet content deemed inappropriate for children is going full-steam ahead. The Government wants to evaluate content filters in a controlled environment. Trials are to be conducted soon in a closed environment in Tasmania. Enex TestLab was selected more than six months ago after the Australian Communications and Media Authority closed a tender for an organisation to test ISP-based content filters. ISP-based filters will block inappropriate web pages at service provider level and automatically relay a clean feed to households. To be exempted, users will have to individually contact their ISPs. The trial will evaluate ISP-level internet content filters in a controlled environment while filtering content inappropriate for children, Enex said. "We invite vendors of all types (hardware appliances, software - proprietary or open-source) of ISP-based internet content filters to participate." The testing is slated for completion by July and will be followed by live field trials.

The internet sector has consistently voiced concern about the Government's ISP filters. Internet Industry Association chief executive Peter Coroneos has said any clean feed policy would have to be balanced against the likely financial and performance costs, and ACMA's first annual report to Senator Conroy confirmed his fears. On the performance impact of filters, ACMA said: "In the case of personal computers the cost of upgrading processing power may be modest (although significant in terms of household income). "However, for ISPs the cost of upgrading or augmenting the expensive hardware that they typically deploy may be substantial, particularly for small providers."

Read the full article on the Australian IT.

Nnamdi Chizuba Anisiobi, age 31, of Nigeria; Anthony Friday Ehis, age 34, of Senegal; and Kesandu Egwuonwu, age 35, of Nigeria have pleaded guilty to charges related to spam e-mail that promised U.S. victims millions of dollars from an estate and a lottery, the U.S. Department of Justice announced Wednesday. The three were arrested in Amsterdam on Feb, 21, 2006. One of the case scenarios was an e-mail sent by the defendants to thousands of potential victims purporting to be from an individual suffering from terminal throat cancer who needed assistance distributing approximately US$55 million to charity. According to the DOJ, the fraud victims lost $1.2 million by giving the defendants advance fees. "Anisiobi pled guilty to one count of conspiracy, eight counts of wire fraud and one count of mail fraud. Ehis pled guilty to one count of conspiracy and five counts of wire fraud. Egwuonwu pled guilty to one count of conspiracy, three counts of wire fraud and one count of mail fraud. The maximum penalty for mail and wire fraud is 20 years in prison. The conspiracy charge carries a maximum penalty of five years in prison." A fourth defendant, Lenn Nwokeafor, was also reported to have fled to Nigeria. He was subsequently arrested by the Nigerian Economic & Financial Crimes Commission on July 27, 2006, and is now being held by the Nigerian authorities pending extradition to the U.S..

Read the full article on The New York Times.

The Wall Street Journal recently reports on President Bush's move to improve protection against cyberattacks. Despite promising a frugal budget proposal next month, an estimated $6 billion has been allocated to build a secretive system protecting U.S. communication networks from attacks by terrorists, spies and hackers. "Administration officials and lawmakers say that the prospect of cyberterrorists hacking into a nuclear-power plant or paralyzing Wall Street is becoming possible, and that the U.S. isn't prepared. This is 'one area where we have significant work to do,' Homeland Security Secretary Michael Chertoff said in a recent interview."

Read the full article on the Wall Street Journal.

E360 Insight, LLC filed a complaint against Comcast Corporation on 15 January 2008 accusing the latter of unfairly blocking e360’s e-mail from reaching subscribers. According to e360, in one typical instance, e360 received an error message stating that it’s e-mail was blocked from reaching subscribers because Comcast’s filters determined that e-mail from e360’s servers had been "sent in patterns which are characteristic of spam." According to Direct magazine's report, "the complaint claims that Comcast’s alleged interference with e360’s business relationships cost the firm $4.5 million a year from 2005 through 2007. The complaint also accuses Comcast of sending e360 bogus bounce information, causing the marketer to remove e-mail addresses from its file that were still active. The suit claims the false bounce information cost it almost $2.5 million." E360 asks for more than $12 million in compensatory damages and $9 million in punitive damages from the accused.

Read the full complaint here.

Information Week reports that the CIA admitted on Friday at a New Orleans security conference that cyberattacks have caused at least one power outage affecting multiple cities outside the United States. According to Alan Paller, director of research at the SANS Institute, CIA senior analyst Tom Donahue confirmed that online attackers had caused at least one blackout. Information about which foreign cities were affected by the outage and other information related to the attack were not disclosed. According to Paller, a written statement from Donahue read, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

The conference was on sharing data about cyberattacks on critical utilities and resources, and methods of attack mitigation. Discussions also include the new SCADA, Supervisory Control And Data Acquisition, and Control Systems Survival Kit, a document of best practices for SCADA systems.

Read the full article here.

The OPTA Commission has imposed a fine of 1 million Euros on three Dutch enterprises, operating under the company name DollarRevenue, and their two directors, due to their unlawful installion of software on more than 22 million computers belonging to Internet users in the Netherlands and elsewhere. They primarily used misleading files, making Internet users believe that they were about to download apparently innocent files, whereas they actually contained DollarRevenue software. "They also used botnets, thereby installing files without user intervention. Each day 60,000 installations occurred on average. A total of more than 450 million program files were illegally placed on 22 million computers." With the enterprises and their directors having deliberately contravened provisions of the Universal Service and End Users Decree [Besluit universele dienstverlening en eindgebruikers], based on the Telecommunications Act [Telecommunicatiewet] and designed to promote safe Internet usage and to protect the privacy of Internet users, fines totalling 1 million Euros were imposed.

Read the full article on the OPTA website.

A Taxonomy of Privacy by Daniel J. Solove, an associate professor at the George Washington University Law School, won the Privacy Enhancing Technologies award 2006. This paper attempts to identify privacy problems in a comprehensive and concrete manner, and it aims to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law.

“Privacy is a concept in disarray,” Solove says. “Abstract incantations of ‘privacy’ are not nuanced enough to capture the problems involved. The law has often failed to adequately protect privacy, and privacy problems are frequently misconstrued or inconsistently recognised. Without an understanding of what the privacy problems are, how can privacy be addressed in a meaningful way?”

His taxonomy defines threats to privacy from the perspective of the individual, in four categories of potentially harmful activities — information collection, information processing, information dissemination and invasion. With the help of this more comprehensive taxonomy, Solove hopes that privacy considerations can be better recognised and balanced against opposing interests.

Read the full paper here.

Microsoft releases the Asia Pacific Legislative Analysis: Current and Pending Online Safety and Cybercrime Laws, a study providing a high-level snapshot of the status of computer security, privacy, spam and online child safety legislation in the Asia Pacific region. Detailed analyses of these laws specific to Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, The Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam are also provided in this paper. For more information regarding this document, contact Julie Inman Grant, Regional Director, Corporate Affairs of Internet Safety and Security at Microsoft Asia Pacific. More Cybersecurity Legislation and Enforcement related resources are available at the CYB website.

Baltimoresun.com reports on Bush's announcement of a plan to prevent cyberspace attacks on U.S. interests. A $154 million budget was requested as preliminary funding for the initiative, which current and former government officials say is expected to become a seven-year, multibillion-dollar program to track threats in cyberspace on both government and private networks. Lawmakers who recently received briefings on the initiative, however, continue to have many questions, and some remain concerned about the legality of the program and whether it provides sufficient privacy protections. According to a former government official familiar with the proposal, the total start-up costs of the program are about $400 million. "The proposal 'will enhance the security of the Government's civilian cyber networks and will further address emerging threats,' Bush wrote to Congress as part of his request for additional money for cyber security and other counterterrorism measures. The initiative would first develop a comprehensive cyber security program for the government and then do the same for private networks, the former government official said."

Read the full article here.

According to the Government Accountability Office (GAO), the government's infrastructure sectors' plans lack protection against cyberattacks and disaster, pointing out that none of the sectors included all 30 cybersecurity criteria, such as key vulnerabilities and measures to reduce them. Among the 17 sectors of the government, information technology and communications had the strongest cybersecurity plans, and the agriculture, food and commercial sectors were the least comprehensive, according to David Powner, director of GAO's information technology management issues.

The Homeland Security Department provided a national plan last year for the sectors as a guide for their individual plans. Greg Garcia, DHS’ assistant secretary for cybersecurity and communications, said that DHS acknowledged the shortcomings based on GAO's findings, but he explained that these sector plans, released in May, represent only early efforts. Garcia further added that "sectors are not meant to be uniformly comprehensive in their cybersecurity efforts, and they must balance cybersecurity risk against other risk management efforts and unique aspects of their infrastructure 'based on its dependence on cyber elements.'" GAO recommended that DHS fully address the cybersecurity criteria by September 2008.

Read full article here.

Roger A. Grimes of InfoWorld interviewed Paul Laudanski, founder and leader of CastleCops which is a volunteer organization dedicated to fighting malware, spam, and phishing. Paul talked about the effects of DDoS and provided pointers on how to mitigate and ride the attack. He said that the primary thing to be decided in cases of attacks is whether the company wants to stay in business during the attack or not. If so, all the attack traffic need to be absorbed along with the legitimate traffic, meaning the broadband connection, routers, firewall, Web servers, and back-end databases have to be able to deal with the attack. He also suggested knowing ahead of time how the company's ISP handle DDoS events. They further discussed how to possibly pursue criminal charges after the attacks. "To be honest, being able to locate and prosecute the DDoS attacker is a long shot. The lack of cohesive communications between all the parties that need to be involved in an investigation, the legal implications of the global nature of the assault, and the growing sophistication of bot nets all fight against a successful prosecution. But as Paul and CastleCops can tell you, it can be done."

Read the full article on InfoWorld.

The article, Myth of privacy busted; Web advertisers scan e-mails, by Louise Story published on the International Herald Tribune, reports on the issue of online advertisers probing on privacy for marketing puposes. "At a meeting of the U.S. Federal Trade Commission about online privacy Thursday, the regulator's commissioner, Jon Leibowitz, said the agency would be exerting a tighter grip over online advertising. Leibowitz said that rules about the privacy policies of sites may need to be established... But some people from the online industry said the FTC should stay out." According to Randall Rothenberg, president and chief executive of the Interactive Advertising Bureau, if the FTC regulates online advertising, this could limit recent ''extraordinary pattern of innovation.''

After eight years since the FTC's public workshop on the use of consumer data in online ads, a lot of the hypothetical scenarios described back then are now a widespread reality. However, many executives in the advertising industry do not see anything wrong with online targeting, arguing that the practice benefits consumers, who see more relevant ads. They add further that for consumers, providing some innocuous personal data is a small trade-off for free access to the rich content of the Internet, much of which is ad-supported. A growing concern, even among online companies, about what information is being used to deliver ads to people is quite evident however.

''The market is getting edgier and edgier, and what is accepted in the marketplace gets dodgier and dodgier,'' said Martin Abrams, the executive director of the Center for Information Policy Leadership. ''We have really moved to a world where we say consumers need to police the market, and, increasingly, it is a harder world to police.''

Read the full article here.

The House of Lords Science and Technology Committee recently states that the UK government has failed to understand the threat to the continued growth of the internet posed by cybercrime as evident in their response to the committee's report on personal internet security, published on 10 August. The Lords' report had warned of the danger that public confidence in the internet would be lost, due to "perception that the internet is a lawless 'Wild West'." In the government's reply, presented to Parliament on 24 October, the government rejected this as well as the recommendation that there should be a data-breach notification law to provide businesses with incentives to take better care of customer data. According to the government, this kind of law that forced companies to admit when they had been the victims of cybercrime does not prove to be effective, but reassures businesses that they will consider finding "more formal ways" of reporting security breaches to the Information Commissioner's Office (ICO) "when problems arise". The government also rejected calls for software and hardware vendors to be liable for the security of their products, and for banks to guarantee e-fraud refunds.

Read the full article at ZDNet.co.uk.

John E. Dunn of Techworld reports on the Austrian Police's intention to use specially-crafted Trojans to remotely monitor criminal suspects.

"According to reports in Austrian media, the minister of justice Maria Berger, and Interior Minister Gunther Plater, have drafted a proposal that will be amended by legal experts and the cabinet with the intention of allowing police to carry out such surveillance legally with a judge’s warrant... According to Berger, Trojans would only be used in cases of serious crime, such as terrorism and organised racketeering. The Swiss authorities have declared the intention of using the same controversial technique, but only in cases of the most extreme nature, such as terrorism... The Austrian, German and Swiss governments have yet to explain how they would circumvent security programs that might be used by criminals to protect themselves, whether this would involve collusion with security software companies, and what would happen if such software-busting Trojans were subsequently reverse engineered and deployed by criminals themselves."

Read the full article on Techworld.

The International Herald Tribune reports on Russian hackers being one of the biggest threats to internet security.

"Internet security experts say that only the United States and China rival Russia in hacker activity. But Russia has only 28 million Internet users, according to rough estimates, compared with 210 million in the United States and 150 million in China, meaning that Russia has a higher percentage of scammers. VeriSign, the Internet services company, considers Russian hackers to be the worst, in part because they tend to have ties to organized crime outfits that embezzle money with stolen bank and credit card information... While the West has complained about Russian laws and enforcement, some Russian officials take issue with the criticism. Aleksei Likhachev, a member of Parliament, acknowledged that there had been fewer criminal cases in Russia than elsewhere, but said officials were still learning how to conduct such inquiries. 'It is just that this work is much younger and much less developed in Russia,' he said."

Read the full article, Russian hackers: On the right side of soft laws.

After Japan's Internal Affairs and Communications Ministry signed a joint statement with the German Federal Economics and Technology Ministry in July, Japan continues to exert concerted effort to tackle the issue of spam. "The ministry has regularly exchanged opinions on the issue at multilateral meetings, such as those of the International Telecommunication Union and the Asia-Pacific Economic Cooperation Conference... France and other countries, with which Japan has established a close partnership on the issue, have gone a step ahead of Japan by introducing an "opt-in" system, under which people are not permitted to send ad e-mails without the prior consent of the people to whom they intend to send them." Opinions concerning fines and punishment for spammers appear to be quite divided among countries though with some countries charging heavier fines than others.

Read the full article here.

The Washington Post recently reported on the Russian Business Network, an Internet business based in St. Petersburg which has become a world hub for Web sites devoted to child pornography, spamming and identity theft. Cybercrime groups including those responsible for about half of last year's incidents of phishing are said to be operating from the company's computer network system.

"The company 'is literally a shelter for all illegal activities, be it child pornography, online scams, piracy or other illicit operations,' Symantec analysts wrote in a report. 'It is alleged that this organized cyber crime syndicate has strong links with the Russian criminal underground as well as the government, probably accomplished by bribing officials...' But Alexander Gostev, an analyst with Kaspersky Lab, a Russian antivirus and computer security firm, said the Russian Business Network has structured itself in ways that make prosecution difficult. 'They make money on the services they provide,' he said -- the illegal activities are all carried out by groups that buy hosting services... In addition, Gostev said, criminals using the Russian Business Network tend to target non-Russian companies and consumers rather than Russians, who might contact local authorities. 'In order to start an investigation, there should be a complaint from a victim. If your computer was infected, you should go to the police and write a complaint and then they can launch an investigation,' Gostev said. Now, he added, his company and the police both have information, but no victim has filed a complaint."

Read the full article here.

Heise Online recently reported "on a ruling, dated March 27, 2007, which has only now been published and is likely to have legal ramifications, the local court of the Berlin district of Mitte has barred the Federal Ministry of Justice from retaining personal data acquired via its website beyond the periods associated with the specific instances of use of the site... The local court also opposed the view espoused by operators and some data privacy watchdogs that security reasons justify a recording regime that over short periods of time maps the behavior of all Net users and allows individual users to be picked out." Slashdot adds that "German privacy activists have started a campaign Wir speichern nicht, ("we don't log your data!") which provides manuals how to turn off the IP logging on your server."

In response to this ruling, Patrick Breyer of the German Working Group on Data Retention, who was the plaintiff in the relevant case, has called on all public authorities, departments and agencies of the German Federal State and of the federal states comprising the Federal Republic to abandon their "illegal data retention policies" by the end of this year at the very latest or have additional lawsuits filed. Breyer has made a model complaint available on his website.

Read the complete news report here.

HKDNR, together with the Office of Telecommunications Authority (OFTA), HK Police Force, Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) and other agencies, dedicates much effort in implementing all possible measures to strike .hk domain names that are related to phishing or spamming sites.

"HKDNR is kept updated daily on a spamvertised domain list so that more comprehensive monitoring can be maintained and immediate action can be carried out against these domains. Any domains that are verified as phishing / spamming will be suspended immediately. According to the information published in mid June in AbuseButler on the top 800 spamvertised domains worldwide over the previous 4 weeks, the number of reports on .hk spamvertised domains accounted for 2.3 % of the total reports received. In early August, the number of reports on .hk spamvertised domains dropped to 0.3 % of the total reports received."

Read the full article at the HKIRC Newsletter (September 2007).

OECD has recently released its September 2007 issue of its newsletter. "OECD Information and Communication Policy News was launched in June 2006. Every quarter, it brings the latest news, statistics and best practice recommendations from the OECD on Information and Communication Policy, including policy for communication infrastructures and services, the information economy, security and privacy, and consumer protection." For more information, visit the OECD website.

Sophos recently reported on the hefty jail sentences that the pump-and-dump stock spam gang faces today. 47-year-old Michael Saquella (also known as Michael Paloma), 63-year-old Lawrence Kaplan, 38-year-old Henry Zemla and 26-year-old Justin Medlin have all pleaded guilty to being part of an international gang that spammed out fraudulent news stories to create artificial demand in stocks, pumping up the share price of 15 small companies (Beverly Hills Film Studios; Body Scan; Cor Equity Holdings; Courtside Products; eDollars, IFINIX; Integrity Messenger; Latin Heat Entertainment; Motion DNA; PokerBook Gaming; TKO Holding; Trans-Global Holdings; V3 Global; Xtreme Technologies; and Zuma Beach Entertainment) and raising more than $20 million from investors. The four men are now facing between 5-10 years in prison.

"Pump and dump stock campaigns work by spammers purchasing stock at a cheap price and then artificially inflating its price by encouraging others to purchase more (often by spamming "good news" about the company to others). The spammers then sell off their stock at a profit. Sophos experts report that pump-and-dump stock campaigns account for approximately 25 percent of all spam, up from 0.8 percent in January 2005. Earlier this year, Sophos reported how the US Securities and Exchange Commission (SEC) had suspended trading in 35 companies as they were found to be commonly referenced in pump-and-dump stock email campaigns."

Read the full article here.

The Washington Post reports on Google's call for new international standards on the collection and use of consumer data. "Peter Fleischer, global privacy counsel for Google, told a U.N. audience in Strasbourg, France, that fragmentary international privacy laws burden companies and don't protect consumers. He argued for an international body such as the United Nations to create standards that individual countries could then adopt and adapt to fit their needs. 'The ultimate goal should be to create minimum standards of privacy protection that meet the expectations and demands of consumers, businesses and governments,' Fleischer said, according to a transcript of the speech provided by Google."

Investigations over Google's privacy practices are currently conducted by the European Union. There have been controversy and criticisms on Google's privacy policies and its planned $3.1 billion merger with DoubleClick, an online advertising broker that sells banner and video ads. Critics argue that the merger which would enable the company to collect information on which sites users visit, would hurt competition in online advertising, and that it would aggregate too much consumer data in the hands of one company. According to Marc Rotenberg, executive director of the Electronic Privacy Information Center and a critic of the DoubleClick merger, "Google, under investigation for violating global privacy standards, is calling for international privacy standards... It's somewhat like someone being caught for speeding saying there should be a public policy to regulate speeding."

Fleischer proposes the privacy framework developed by the Asia-Pacific Economic Cooperation forum, which he refers to as a balance between information privacy, and business needs and commercial interests. However, critics say that the APEC standards are too lenient. Rotenberg adds further that the APEC rules put the burden on consumers, who must demonstrate that a company's privacy policy has harmed them. Guidelines developed in 1980 by the Organization for Economic Cooperation and Development which influenced the European Union's privacy laws and are usually preferred by privacy advocates, generally focus on the violation of privacy as a right rather than a demonstration of harm caused by the violation.

To read the full article, click here.
Read more about Peter Fleischer's views on privacy on his blog.

The Wall Street Journal Online reports on the five-year sentence given to Irving Escobar, a ring leader in a TJX Cos. linked credit-card fraud. He "was sentenced to five years in prison and has been ordered to pay nearly $600,000 in restitution for damages resulting from stolen financial information, Florida officials said. The sentencing follows a guilty plea by Mr. Escobar, 19 years old, of Miami, to charges that he participated in a 10-person operation that used counterfeit cards bearing the stolen credit-card data of hundreds of TJX customers to purchase approximately $3 million in goods and gift cards."

Read more on this news article here.

Interpol proposed on Wednesday the creation of global and regional anti-crime centres to fight criminal activity online and respond quickly to emergency cybercrime alerts. During an international cybercrimes conference in New Delhi, Interpol Secretary-General Ronald K. Noble said that the Internet should not be allowed to become a place where criminals have the upper hand and can escape punishment. Officials from 37 countries discussed identity theft, online bank fraud, Internet gaming and the risks of online terrorist activity during the two-day conference organized by Interpol.

To read the full article, click here.

The European Union proposes that internet searches for bomb-making instructions should be filtered and blocked across the European Union. "Internet providers should also prevent access to any site giving instructions on how to make a bomb, EU Justice and Security Commissioner Franco Frattini said in an interview... The EU executive is to make this proposal to member states early in November as part of a raft of anti-terrorism proposals. These include the screening of private data of passengers flying into the 27-nation bloc and the creation of an early warning system to alert police forces to thefts of explosives. Representatives of the Internet industry are meeting the EU on Tuesday, the sixth anniversary of al Qaeda's September 11 attacks on the United States, at a European Security Research and Innovation Forum. The Internet has taken on huge importance for militant groups, enabling them to share know-how and spread propaganda to a mass audience, as well as to link cell members."

Read the full article on Reuters.

APCAUCE's 2007 meeting was held on 02 September 2007 in conjunction with the 24th APNIC Open Policy Meeting and SANOG 10, in New Delhi, India. The meeting agenda and presentations are now available and may be accessed here. An Overview of the ITU Development Sector Activities on Cybersecurity was presented by Robert Shaw, Head, ICT Applications and Cybersecurity Division, ITU Telecommunication Development Sector is available on the meeting site.

The United States District Court of Washington ruled in favor of Kaspersky Lab, a leading developer of secure content management solutions, granting immunity from liability in the case brought by online media company Zango. According to Zango's lawsuit, Kaspersky Lab should reclassify Zango’s programs as nonthreatening and Kaspersky Labs’s security software should stop blocking Zango’s potentially undesirable programs. "Judge Coughenour of the Western District of Washington threw out Zango’s lawsuit on the grounds that Kaspersky was immune from liability under the Communications Decency Act. The ruling protects consumer choice to determine what information and software is allowed on each computing system, and enables anti-malware vendors with the right to identify and label software programs that may be potentially unwanted and harmful to a user’s computer as they see fit."

Read full article here.

Pakistan's Minister for Information Technology Awais Ahmad Khan Leghari said on Thursday that the adoption of cyber crime bill by the federal cabinet was a major step towards ensuring a secure business environment and promotion of e-commerce. He said the e-crime bill which will be tabled in the parliament very soon, would help draw more business and improve Pakistan's e-readiness ranking as reflected in indices maintained by various agencies and business journals of the world.

The Federal Investigation Agency (FIA) has been given the mandate to probe cases falling under the preview of the e-crime law. He said the e-crime law would require the internet companies maintain their traffic data for at least six months to enable the agencies to investigate cases involving data stored by them. He also added that the government would create special IT tribunals in Islamabad as well as provincial headquarters to investigate and check growing incidents of crimes which remained unpunished for a lack of specific law.

The Prevention of Electronic Crimes Bill 2007 poses penalties ranging from six months to 10 years of punishment for 17 types of cyber crimes, including cyber terrorism, hacking of websites and criminal access to secure data. Thirteen of the crimes listed under the law are bailable.

Read full article here.

The FBI has chosen the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign to host a new law enforcement cybersecurity research center. The bureau said it would provide $3 million to support the first two years' operation of the National Center for Digital Intrusion Response.

The bureau said the state university's IT security scholars would work with FBI cybersecurity specialists to understand what new capabilities are required to better detect and investigate cyberattacks, develop new tools and ensure that FBI agents in the field can use them effectively. The bureau's expansion of its work with the university team reflects changes in the patterns of crime and national security threats, the FBI said. "While cyberattacks were once considered a specialized niche in law enforcement, today there are digital aspects to many crimes and national security threats; all investigators must be able to pursue criminals operating in cyberspace," the FBI said. "NCDIR will provide training, including intensive summer workshops, so all FBI agents have the opportunity to use these new tools in the field."

Some of the projects and IT security tools developed by NCSA through the funding of the National Science Foundation and other federal agencies include MyProxy, a tool for grid credential management; Framework for Log Anonymization and Information Management, an app that facilitates sharing of log data among secure systems; GridShib, at tool that supports identity federation for grids; Trustworthy Cyberinfrastructure for the Power Grid; and Illinois Terrorism Task Force's First Responder's Credentialing.

Read the full article at Government Computer News (GCN).

ITU, in collaboration with the Secretaría de Comunicaciones, Argentina, will be hosting a workshop 16-18 October 2007 entitled Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection. The workshop will be held in Buenos Aires, Argentina.

The description of the event, draft agenda, invitation letter, and practical information for meeting participants will be made available on the event website.

Contact cybmail@itu.int with any general queries you may have related to the workshop.

InfoWorld reports that security experts warn Germany's new antihacker law could result to more cybercrime and not less. The law, which aims to mitigate the rise of computer attacks in the public and private sectors, was approved in May by the German government and implemented on Saturday. Although Germany already has approved numerous laws to curb attacks on IT systems, the most recent one aims to close any remaining loopholes. Punishable cybercrimes include DOS (denial-of-service) attacks and computer sabotage attacks on individuals, which would extend the existing law that limited sabotage to businesses and public authorities.

The new law defines hacking as penetrating a computer security system and gaining access to secure data, without necessarily stealing data. Offenders are defined as any individual or group that intentionally creates, spreads or purchases hacker tools designed for illegal purposes. They could face up to 10 years in prison for major offenses.

Security experts from different clubs and vendors such as Chaos Computer Club, F-Secure and Kaspersky Lab, all share the same concern on the legal uncertainty the new law creates. According to them with the new law, their development of hacker tools to test and ensure network system security, which is essential to their business, could get them in trouble and bring them to court in the future.

Other groups of computer experts that develop hacking tools to test the security of computers and network systems have already pulled the out their operations in Germany. KisMAC and Phenoelit, hacker groups that offer a tool to detect security holes in networks, stopped its work in Germany and plans to resume in neighboring Netherlands.

To read the full article, click here.

On Sydney Morning Herald's Veto for Parents on Web Content, it was announced that ISPs in Australia will be obligated to filter web content at the request of parents. This is part of the $189 million Federal Government crackdown on online bad language, pornography and child sex predators. According to the Prime Minister, John Howard, the Government would increase funding for the federal police online child sex exploitation team by $40 million to aid investigators to track those who prey on children through chat rooms and sites such as MySpace and Facebook. The Government is also expected to pay $90 million to provide every concerned household with software to filter internet content.

According to the article, the more efficient compulsory filtering of internet service providers (ISPs) was proposed in March last year by the then Labor leader, Kim Beazley, which the Communications Minister, Helen Coonan, and ISPs criticised as expensive then. Three months later Senator Coonan announced the Government's Net Alert policy, promising free filtering software for every home that was interested. She also announced an ISP filtering trial to be conducted in Tasmania, but that trial was scrapped.

The ISP filtering measure, according to Mr. Howard is a world first by any Government, and is expected to offer funding to help cover the cost. An ISP filter option will be made available to parents when they sign up with an ISP. This service will be compulsory to all ISPs. The measures are expected to be implemented by the end of this month.

US authorities have reported last month that more than 29,000 convicted sex offenders had profiles on MySpace. In Australia, about 26 per cent of Australia's 3.8 million MySpace users are under 18. To protect the users, MySpace has written to all state and territory governments, and the Commonwealth, asking them to create a national child-sex offender database that requires email addresses to enable them to track sex offenders and remove their profiles on the system.

Read the full article here.

A Report entitled Personal Internet Security from the House of Lords Science and Technology Committee has been made available on Friday discussing primarily the issues pertaining to individual experiences of the Internet. In the report, the U.K., ISPs and others, has been said to unfairly hold Internet users responsible for online safety. According to the panel, this "laissez-faire" attitude toward personal security is what weakens user confidence. The report proposes that ISPs should be held responsible and avoid them from ignoring spam and malware notices, and that information technology vendors be held liable for not making products secure.

Network security, appliances and applications, how businesses and individuals use the Internet and policing of the online world were studied and dealt with in the Lords inquiry. It also noted that the U.K. government is at fault for not showing leadership in assembling available information and interpreting it for the public. "The Government are not themselves in a position directly to gather the necessary data, but they do have a responsibility to show leadership in pulling together the data that are available, interpreting them for the public and setting them in context, balancing risks and benefits. Instead of doing this, the Government have not even agreed definitions of key concepts such as 'e-crime'." The report recommends the establishment of a cross-departmental group in the Government, "bringing in experts from industry and academia, to develop a more co-ordinated approach to data collection in future. This should include a classification scheme for recording the incidence of all forms of e-crime. Such a scheme should cover not just Internetspecific crimes, such as Distributed Denial of Service attacks, but also e-enabled crimes - that is to say, traditional crimes committed by electronic means or where there is a significant electronic aspect to their commission."

The committee points out the need for more support for research from the industry as well. "The development of one or more major multidisciplinary research centres, following the model of CITRIS, is necessary to attract private funding and bring together experts from different academic departments and industry in a more integrated, multi-disciplinary research effort."

End-users are still predominantly viewed as unable to protect their own security according to the report. And private companies are driven by strong incentives to either promote security for profit or to oppose it as imposing costs on them according to lawmakers. The committee, thus, proposes that ISPs, being the link between the users and the network, could take more control over the network traffic by blocking or filtering traffic containing malicious code. "We do not advocate immediate legislation or heavy- handed intervention by the regulator," says the lawmakers, adding that the market must be nudged to provide better security.

Further recommendations of the committee include criminalizing trade in botnet services, no matter what their use, creating a unified, Web-based reporting scheme for e-crime, more action on creating a central e-crime police unit, fast ratification of the Council of Europe CyberCrime Convention, and educating courts on Internet crime.

Read the full article on Factiva Content Watch.
To access the report, click here.

On 30 July 2007 in Berlin and 27 June 2007 in Tokyo, the Federal Ministry of Economics and Technology of Germany, the Ministry of Internal Affairs and Communications of Japan and the Ministry of Economy, Trade and Industry of Japan signed a Joint Statement expressing the following:

"Information and Communications Technologies (ICT), including the Internet, are key enablers in the development of the economies in both Germany and Japan. Spam poses a potential threat to this economic development. It must be made clear that spam has no legitimate role in the German or Japanese e-economy.

The Federal Ministry of Economics and Technology of Germany, the Ministry of Internal Affairs and Communications of Japan and the Ministry of Economy, Trade and Industry of Japan see mutual benefit in strengthening friendship and cooperation between their two countries through cooperation concerning anti-spam policies and strategies. The aim is to support international cooperation in and among a variety of organizations such as the Organization for Economic Cooperation and Development, the International Telecommunication Union, the United Nations Conference on Trade and Development, the Internet Engineering Task Force, the International Consumer Protection and Enforcement Network, and the Asia-Europe Meeting.

Under this Joint Statement, cooperation in matters of mutual interest will be able to take place through the exchange of ideas, information, personnel, skills and experience and collaborative activities that will be of benefit to both sides. Because spam has implications for many groups of stakeholders, every effort will be made to ensure that all interested parties, both public and private, are consulted as appropriate. Particular areas of cooperation will include:

a) Exchanging information about anti-spam activities such as anti-spam policies and strategies, as well as technical and educational solutions to spam;

b) Encouraging the adoption of effective anti-spam technologies and network management practices by German and Japanese Internet Service Providers and major business network managers, and further cooperation between government and private sectors;

c) Supporting German and Japanese marketers or bulk email senders in adopting spam-free marketing techniques;

d) Identifying and promoting user practices and behaviours which can effectively control and limit spam and supporting the development of multi-stakeholder public information and awareness campaigns to foster increased adoption of anti-spam practices and behaviours by end users in Germany and Japan;

e) Cooperating to strengthen anti-spam initiatives being considered in international fora."

To access the Joint Statement in different languages, click here.

The OECD's Ministerial meeting on the Future of the Internet Economy has been opened to an Online Public Consultation, providing an opportunity for all stakeholders to comment on the topics and issues to be discussed at event. The public consultation is scheduled to be open until 14 September 2007, and stakeholders and players may share their views and opinions with the OECD through their Online Questionnaire.

"The Ministerial represents an opportunity for high-level stakeholders from government, business, the technical community, and civil society to consider broad social, economic and technical trends shaping the development of the Internet Economy, and to discuss policies that can respond to evolving societal needs. The participation of all players in the dialogue is important to ensure that the Ministerial is able to benefit from a wide range of viewpoints and expertise."

For more information on the public consultation, go here or visit the OECD website.

On 25 June 2007, Malaysia released a notice for Tenders for the Provision of Consultancy Service for Strategic Study and Drafting of Anti-Spam Legislation for Malaysia. For more information, visit the Malaysian Communications and Multimedia Commission website.

The Internet Society of New Zealand (InternetNZ) released the ISP Spam Code of Practice in May 2007 for public consultation, and it had been open to comments until 18 June 2007. The Code was developed by the InternetNZ / Telecommunication Carriers' Forum (TCF) / The Marketing Association (MA) Working Party which has representation from a cross section of service providers and other interested parties.

The ISP Spam Code of Practice was created in keeping with the requirements of the Unsolicited Electronic Messages Act 2007 of the New Zealand government. It had also been developed with regard to the MA’s Code of Practice for Direct Marketing and the TCF’s SMS Anti-Spam Code, which both deal with Spam related issues, as well as to the TCF’s Customer Complaints Code.

Both consumers and service providers are expected to benefit from the adoption of this Code. The Code aims to establish practices that will lead to the minimization of Spam in New Zealand. It also aims to provide information to end users about both preventative and curative steps against Spam. Anticipated benefits to the service providers include the generation of higher levels of customer satisfaction and improved operational efficiency due to the reduced volumes of spam.

Public submissions on the Code can be found here.

Visit the Internet Society of New Zealand website for further details.

The new manual on Prosecuting Computer Crimes has been relesed by the Computer Crime & Intellectual Property Section of the United States Department of Justice in March 2007. This 53-page document discusses different cyber crimes and the corresponding penalties that are seen befit for the offenses. Definitions, background information as well as related statutes can also be found in the manual. Offenses discussed include obtaining national security information, compromising confidentiality, trespassing in a government computer, accessing to defraud and obtain value, damaging a computer or information, trafficking in passwords, and threatening to damage a computer. A legislative history on this subject has also been made available.

The Ugandan Government is finalising new cyber laws aimed at protecting computer users from cyber crime, including personal intrusion, national security, fraud and con activities.

"Liberalised information can lead to unwanted uses and usage leading to cyber crime. It is necessary to have legal infrastructure within which the technologies can be used. There are three bills which have been drafted, the Electronics Transactions Bill, Digital Signatures Bill and the Computer Misuse Bill," the information and communications technology minister, Ham Mulira, explained.

Read the full article at allAfrica.com.

For more information on ICT policy developments in Africa, please see the Balancing Act website.

An ITU commissioned study on a Generic National Framework for Critical Information Infrastructure Protection is now available.

The objective was to outline a possible simple framework that could be of potential interest to developing countries who wished to establish a national Critical Information Infrastructure Protection (CIIP) programme. The framework is modeled after the Swiss Reporting and Analysis Center for Information Assurance (MELANI). The author, Manuel Suter, is from the Crisis and Risk Network (CRN), Center for Security Studies (CSS), ETH Zurich, Switzerland, who produce the International CIIP Handbook: An Inventory and Analysis of National Protection Policies.

The Center for Security Studies previously produced a study for ITU entitled A Comparative Analysis of Cybersecurity Initiatives Worldwide.

This paper has been submitted to ITU-D Study Group Question 22/1: Securing information and communication networks: best practices for developing a culture of cybersecurity for their consideration.

The views expressed in the study are those of the author and do not necessarily reflect the opinions of the ITU or of its membership.

28-31 Aug 2007 The ITU, in collaboration with the Viet Nam Ministry of Posts and Telematics and with support from the government of Australia, will be hosting a workshop 28-31 August 2007 entitled Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection in Hanoi, Viet Nam.

The description of the event, draft agenda, invitation letter, and practical information for meeting participants is available on the event website. Further information is available from cybmail@itu.int.

Although the European Commission decided against imposing new legislative restrcitions on radio frequency identification (RFID) tags for now (opting for "soft legislation" instead) , a top official warned on Monday that regulations are likely if future uses of the technology don't protect fundamental privacy rights, reports ZDNet. Gerald Santucci, head of the European Commission unit whose domain includes RFID issues, said he feared that rushing to place restrictions on industries hoping to use the technology would choke its potentially valuable application in health care, business, transportation and other realms. But if regulators deem that widespread RFID use is insufficiently safe, secure and privacy-preserving, then "Mrs. Reding [European Commissioner for Information Society and Media] will have no other option but to trigger legislation," Santucci told participants at a luncheon discussion in Washington DC. By the end of 2008, the commission plans to reevaluate whether legislation is necessary. It's unclear how restrictive any potential rules would be.

Read the full story here (ZDNet). More on the European Commission Policy on RFID can be found here.

RFID, along with sensors and nanotechnology, was one of the key techological developments explored in the 2005 ITU Internet Report on The Internet of Things. An ITU New Initiatives Workshop on Ubiquitous Networks Societies was also held in the same here. Network aspects of identification systems are being studied in the context of standardization by the ITU's JCA-NID.

A United States House of Representatives subcommittee approved a bill on spyware this week, which recommends up to five years in prison for convicted distributors of malicious spyware.

Past versions of the Internet Spyware Prevention Act have failed to pass a vote in the United States Senate. Observers have pointed out, however, that the increasing militancy among users fed up with unwanted software intrusion may make this latest attempt more successful. And there is a lot at stake. Creating trust in the internet will ensure its future development. More on this story is available here.

The ITU is taking a leading role in cybersecurity initiatives, particularly in light of calls for global action made at the World Summit on the Information Society. More information on ITU's work in this area is available here.

According to a recent Press Realease by The Infocomm Development Authority of Singapore (IDA), Singapore is already looking into a new five-year infocomm security roadmap (2008-2012) as it embarks on the final year of the current three-year Infocomm Security Masterplan (2005-2008). The Infocomm Security Masterplan was launched on 22 February 2005 as a strategic roadmap to chart Singapore's national efforts in developing capabilities to prevent cyber-security incidents and protect the critical infrastructure from cyber-threats. According to Dr. Vivian Balakrishnan, Second Minister for Information, Communications and the Arts, Singapore "cannot afford to be complacent, especially with new and dangerous threats evolving and growing at such an alarming rate. Instead of simply taking one step forward, we need to be many steps ahead in our efforts to combat cyber threats."

Providing a glimpse of the new five-year Masterplan to be launched in 2008, Dr. Balakrishnan shared that the new infocomm security roadmap will build on Singapore's existing efforts to focus on more international collaborations to improve Singapore's ability to combat cyber threats. The collaborations will look into knowledge exchanges and regular communication between governments on cyber threat trends and protection of critical infrastructure. When launched in 2008, the new security roadmap will also secure Singapore's ultra high-speed and pervasive Next Generation National Infocomm Infrastructure (NGNII) to provide a secure and trusted environment for the creation of new value-added services such as location-based marketing, goods tracking and localised information services and the pervasive adoption of online services such as those in the area of banking, healthcare and education.

Under the current Masterplan, the government has developed various security initiatives to equip public officers with more timely information and knowledge to assess and improve on their cyber defence. This allows them to better protect, detect and respond to cyber threats. An example is the Cyber-WatchCentre which monitors cyber threats real-time and round-the-clock. By mid 2008, the centre will ensure end-to-end security for all public officers, allowing government agencies to better anticipate cyber attacks and respond to them speedily.

For more information on these inititiatives, view the IDA Press Release.

Kaspersky Lab, a developer of secure content management solutions, recently announced its annual report on malware and spam evolution. The report, authored by Kaspersky Lab analysts, surveys the trends of 2006 and looks at what 2007 may bring.

Malware Evolution: 2006. The report provides an overview of the most important incidents in the malware world, highlights the main trends, and examines how the situation will evolve. Particular stress is laid on the continuing increase in the number of Trojan programs, particularly those designed to steal online gaming account data; the first viruses and worms for MacOS; and Trojans for J2ME, which are designed to steal funds from mobile user accounts. The number of new malicious programs was up 41% on 2005. As for the future evolution of malicious programs, Kaspersky Lab virus analysts believe that virus writers and spammers will work ever more closely together; the number of Trojans will continue to increase; and that virus writers will be on the lookout for exploitable vulnerabilities in Vista.

Spam Evolution: 2006. Data provided by the Kaspersky Spam Lab shows that in 2006, between 70% and 80% of mail traffic on the Russian Internet was spam. The majority of spam sent to Russian users originates in Russia, the U.S.A. and China. Spammers actively used graphics in order to evade spam filters. They are also continued to send spam masquerading as personal correspondence in order to get the recipient to read the whole message and then act as the spammers intended, whether by calling a designated number or clicking on a link. The report on spam evolution also highlights how mass mailings differ from each other according to language: most Russian language spam offers education and training, and a wide range of goods ranging from busts of the Russian president to a device which will 'translate' a dog's bark. English language spam, on the other hand, tends to focus on advertising for stocks and shares, viagra and cheap software. The report also notes that spam became increasingly criminalized in 2006, with spammers actively using SMS to spread spam.

The company's analysts believe that technologies currently in use will continue to evolve in 2007, together with further development of graphical spam, and increased criminalization of mass mailings.

Read the executive summaries here: Malware Evolution: 2006 and Spam Evolution: 2006.
The full annual report can be found here.  

This news item was accessed through Russia Newswire.

ITU-T Study Group 2’s February meeting saw work continue on harmonizing numbering resources for child helplines. Study Group 2 is looking at the issue following a request from Child Helpline International (CHI). CHI is a global network of telephone helplines and outreach services for children and young people.

Specifically Study Group 2 is looking at the logistics of providing a global number. It previously conducted a survey which discovered that a wide range of numbers are in use globally and that there is support in many countries for studying a more harmonized solution. A review process will be an initial assessment of all of the various options for introducing childrens’ helplines. The fundamental question is whether a single number can be deployed worldwide. Other issues include how regulators will handle migration from existing services and who pays for the services.

See the Study Group 2 website and ITU-T Newslog for further information.

The SHA-1 algorithm, which has been widely used in many of today's mainstream security products since 1995, was significantly compromised in February 2005 by a team of researchers led by Xiaoyun Wang based at China’s Shandong University. (This team had already undertaken attacks against the MD5 and SHA: hash functions previously, prior to their attack on SHA-1).

Their success prompted calls for a replacement algorithm. The U.S. National Institute of Standards and Technology had already announced that they planned to phase out the use of SHA-1 by 2010 in favour of the SHA-2 variants. The need for a replacement algorithm has now led NIST to launch a contest to devise a successor on 27 January 2007. The competition is to begin in the fall of 2008, and continue until 2011, with full completion and approval by 2012. Contests like this one have a promising history in cryptography. Notably, the Advanced Encryption Standard (devised as a more secure replacement to the prior Data Encryption Standard) was devised through an open competition between fifteen teams of cryptographers between 1997-2000.

The New York Times has published an article on the early moves by European governments to implement the European Union Data Retention Directive.  The initial programs proposed by the governments of Germany and the Netherlands are more stringent than the directive requires.  The New York Times has noted that some of the people involved in this issue are concerned that these programs may represent a policy shift within Europe, which has traditionally followed a policy of protecting individuals' privacy rights.

More information can be found here.

The New York Times article can be found here.

This summary provides a general discussion of the amended Information Network and Privacy Protection Act (“INPPA”) of Korea. INPPA sets out the minimum procedural requirements for lawful online transmissions in Korea whereby transmissions of advertised materials against recipients’ refusal to accept are strictly prohibited. Although these rules are applicable to unsolicited commercial e-mails via the internet, they were intended to apply to all modes of telecommunication such as cellular phones, facsimiles, etc.

The Korean government has made continuing efforts since 1999 to curb the increase in spam mail and has since been monitoring the effectiveness of the implementation of additional provisions. The new law targets senders of spam mail that are commercial in nature. Consistent with its effort to protect minors from being exposed to obscene and violent materials online, the Korean government has also included a provision in the INPPA that requires senders to label those materials as such.

More information can be found here. 

The Chairman’s Report (Version for Comments) from the ITU New Initiatives Programme workshop on The Future of Voice, held January 15-16, 2007 in the ITU Headquarter, has been made available for comments on the event's web-page.

To download the document, please click here. 

All comments and remarks, to be reflected in the final version of the Chairman’s Report should be sent via email to SPUmail@itu.int no later than the 19th February 2007.

 

Under the "Shaping Tomorrow's Networks Project" and in line with the stated objectives of the WSIS Tunis Agenda for the Information Society (November 2005), that “… ITU and other regional organisations should take steps to ensure rational, efficient and economic use of, and equitable access to, the radio-frequency spectrum by all countries ….”, ITU and the Ugo Bordoni Foundation (Italy) jointly organized a workshop to identify global trends and good practice in radio spectrum management.

The Workshop on "Market Mechanisms for Spectrum Management" was held from 22 to 23 January 2007 at ITU Headquarters, Geneva, Switzerland.  

In preparation for the workshop a Background Resources Website on Spectrum Management was created. This website aims to provide a number of background resources on regional and national initiatives as well as some background information on spectrum management policy and regulation in general.

Background papers as well as Contributions to the workshop can be found here.

To download the Speaker's Presentations, please click here.

Link to Workshop Webcast Archives is available here.

More information about the Shaping Tomorrow’s Networks Project can be found here.

More information about the workshop can be found here.

See the full ITU Press Release for the event here.

We would like to inform all workshop participants that the Chairman's Report will be made available at the event website in the next few weeks.

According to a recent article in The Register, two young Dutch hackers who built a large botnet were sentenced to prison earlier this week. The main suspect, now 20, was handed a two-year sentence and a €9,000 f($11,800) fine, while his 28-year-old partner was given 18 months and ordered to pay €4,000 0 ($5,200).

As stated by the article, the men, part of a larger hacking ring, and one other suspect, were arrested in 2005 for extorting a US company, stealing identities to purchase cameras and games consoles, and distribute spyware. The operation netted an estimated €60,000 over a period of six months.

Read the full The Register article here.

Two resolutions relating to cybersecurity and defining ITU's activity in that domain were adopted by ITU Member States at its Plenipotentiary Conference in Antalya, Turkey, held in November 2006. These are:

• RESOLUTION 130 (Rev. Antalya, 2006): Strengthening the role of ITU in building confidence and security in the use of information and communication technologies
  
• RESOLUTION 149 (Antalya, 2006): Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies

14-15 May 2007 The ITU has a new Secretary-General, Dr. Hamadoun Toure, who has indicated in his first public statements and to senior ITU staff that he considers cybersecurity and particularly follow-up to WSIS Action Line C5 to be a key strategic area of focus for future ITU activities.

The next annual facilitation/consultation meeting for WSIS Action Line C5 will be held 14-15 May 2007 at ITU in Geneva in conjunction with a cluster of events to be organized around 17 May (World Telecommunication and Information Society Day).  The meeting is open to all participants with an interest in C5 activities. More details concerning the draft agenda and administrative arrangements for the event will be circulated shortly along with a list of other WSIS-related meetings to be held 14-25 May 2005 in Geneva.

Further information will be posted at the WSIS C5: Partnerships for Global Cybersecurity website. Enquiries can be directed to cybersecurity@itu.int.

The European Parliament held an STOA Workshop on "RFID in the everyday life of Europeans: A citizen's perspective on ambient intelligence" on 24 January 2007. The workshop was organized as part of the project "RFID and identity management: Case Studies from the frontline of the development towards ambient intelligence" commissioned by the Scientific Technology Options Assessment (STOA) Panel of the European Parliament, and carried out by the European Technology Assessment Group.

ITU's Lara Srivastava delivered a presentation on the topic "Is our enviroment getting smarter? Are we". Her presentation is available here. 

Within the framework of the ITU New Initiatives Programme event on The Future of Voice held from 15-16 January 2007 in ITU Headquarter, Geneva, Mr Wolfgang Reichl, ÖFEG, Austria, submitted an interesting discussion material on "Balancing Innovation and Preservation in Telephony"

In paper's abstract Mr Reichl writes: Telephony might become just another application on the Internet. To examine if this is a likely or even desireable future, is the topic of this article. Everyone used to know what telephony is but with the appearance of software applications like Skype it isn't that easy anymore. Telephony in the traditional sense is interactive voice conversation between two people connected to a global network. When we talk about connectivity to a global network today, we envisage the Internet and when we talk about telephony, it is mobile telephony. The technological platform for telecommunications seems to evolve towards a common data network for all applications. The service specific silo-like networks convert towards a layered network architecture. When the underlying technology changes it remains critical to entangle the telephony application from technology. This article tries to find a clear seperation between application and technology and explores innovations of the telephony application in the light of convergence of computers, media and telecommunications. Innovations should be balanced against society's needs to preserve a world wide network for voice communications.

To download the paper, please click here.

After the ITU New Initiatives Programme event on the Future of Voice held on 15-16 January 2007 in ITU Headquarter, David Allen provided his direct comment on few issues discussed during the meeting.

To see video material, please click here.

 

The ITU workshop The Future of Voice held on the 15^th and 16^th of January 2007 in Geneva, Switzerland looked, inter alia, at the voice traffic and revenue trends in the last fifteen years.

On the global level, local and national long-distance reported telephone minutes per capita were growing in the 1990s and stably falling since the beginning of the new decade. A notable exception of the general rule is the US experiencing continuous growth in the number of local minutes: in 15 years, the number of local minutes per capita has grown four-fold. The international outgoing traffic grew significantly over the last fifteen years: in the Republic of Korea, in 2005 it was 15 times more intensive than in 1990, in the US – five times. Even though, since the beginning of the new century, the international voice traffic tends to slowly decrease.

If we look at the global telecom revenue, we will see the stable global expansion of the sector over the whole period. Voice revenue as a percentage of the total remains stable, while the traffic generated by users has doubled. In 2004, as in 1991, voice constituted more than 80% of telecom revenue surpassing, by far, income from any other source. In the coming years, voice is expected to stay strong driven by falling prices and increasing volumes of traffic.

What are the drivers behind these trends? Enlarged number of users, competition and market liberalization, enhanced innovation and emerging alternative communication platforms, migration to all-IP environment or all of these and more? The dynamics of development of the telecom sector is driven today by multiple factors in an increasingly complex environment both in developed and developing countries. Pressures are forcing change at different levels – market, regulation, type of technology, framed by the shift towards the emerging global economy.

For more insights of the debate on the future of voice, see the complete presentation of Tim Kelly, Head and Jaroslaw Ponder, Policy Analyst of the Strategy & Policy Unit of ITU.

More presentations and background materials on the subject can be found at the Future of Voice website.

For the purposes of the New Initiative Programme event on The Future of Voice, held on 15-16 January 2007 in ITU Headquarters, five background papers as well as four regional studies have been developed and presented for comments. In order to access documents, please click on the links below.

Background Papers

• "Innovation Dynamics in the IP Environment" by Dr. Knud Erik Skouby and Dr. Reza Tadayoni
• "The Future of Communications in Next Generation Networks" by Dr. James Alleman and Dr. Paul Rappoport
• "Regulatory Trends: New Enabling Environment" by Dr. Aniruddha Banerjee, Dr. Gary Madden, and Joachim Tan
• "The Status of Voice over Internet Protocol Worldwide, 2006" by Phillippa Biggs
• "The Future of Voice: Consumer Issues" by Ewan Sutherland

Regional Case Studies

• "Future of Voice in Africa" by Russell Southwood
• "Communications: Government and Business Practices in the Asia Pacific Region" by Khelia Johnson and Oluwaseun Oyeyipo
• "Regulatory Challenges of Voice over IP Telephony: Analysis for Selected South and Eastern European Countries" by Anna Riedel
• "Ruling Voice over IP: Challenges for Regulators in Latin America"

ITU held a workshop entitled The Future of Voice on the 15^th and 16^th of January 2007 at its headquarters in Geneva, Switzerland. This workshop organized under the ITU New Initiatives Programme focused on the role of voice communications in the future ubiquitous network environment.

For a long time, voice services have been the principal driver of telecommunication revenue and will probably continue to drive demand for some time. Nevertheless, it is becoming harder to sustain traditional models of per-minute pricing for voice as the service is increasingly carried over data channels that are priced on a flat-rate basis. Some of the key issues discussed during the event include:

• How are voice services evolving and what does this mean for users, providers and the telecommunication industry as a whole?
• How will fixed, mobile and internet-based phone services converge?
• How does messaging, gaming, multimedia fit in?
• Are voice services of the future most likely to be billed by the minute, by volume, or on a flat rate basis?
• What regulatory freedom should be given to operators to bundle voice with other services (e.g., multiple play: voice, video, internet and mobility)?
• What form of licensing, if any, will be necessary for voice service providers?
• What will be the new business models and revenue streams?
• What are the residual universal service obligations (e.g. emergency calls) that should be imposed on voice providers?

All presentations and background papers as well as a web archive of the event (video and audio) are available on the workshop website.

Several Internet-related Decisions and Resolutions were adopted at the ITU 2006 Plenipotentiary Conference. These include:

• DECISION GT-PLEN/A (Antalya, 2006): Fourth World Telecommunication Policy Forum
• RESOLUTION 101 (Rev. Antalya, 2006): Internet Protocol-based networks
• RESOLUTION 102 (Rev. Antalya, 2006): ITU’s role with regard to international public policy issues pertaining to the Internet and the management of Internet resources, including domain names and addresses
• RESOLUTION 130 (Rev. Antalya, 2006): Strengthening the role of ITU in building confidence and security in the use of information and communication technologies
• RESOLUTION 133 (Rev. Antalya, 2006): Role of administrations of Member States in the management of internationalized (multilingual) domain names
• RESOLUTION GT-PLEN/7 (Antalya, 2006): Study on the participation of all relevant stakeholders in the activities of the Union related to the World Summit on the Information Society

The text of these resolutions and decisions can be found here.

A presentation entitled Update on ITU Cybersecurity and Countering Spam Activities (PDF), was made by Robert Shaw, Deputy Head, ITU Strategy and Policy Unit, at the 2nd Joint London Action Plan (LAP) - EU Contact Network of Spam Authorities (CNSA) meeting on 13-14 December in Brussels.

At the same event, Mark Sunner of MessageLabs gave a presentation entitled Security Landscape Update describing the latest kinds of security threats, including the emergence of a new peer-to-peer 'SpamThru' zombie botnet (Slide 7).

In conjunction with the Forum at ITU TELECOM WORLD 2006, 4-8 December in Hong Kong, China, ITU is organizing a one day event on 8 December entitled "Countering Spam Cooperation Agenda". Key international and regional organizations involved in the fight against spam will gather to discuss greater collaborative efforts to combat spam and related threats. The event is open to all ITU TELECOM WORLD 2006 participants.

See the full ITU Press Release for the event here.

The UK Office of Communications (Ofcom) has launched its new book "Communications - The Next Decade". It consists of a series of essays by academics, politicians and regulators that examine the effect of convergence on the communications sector and the authors come to some provocative conclusions.

The book is available for download as a pdf either in sections or in its entirety from the Ofcom website.

OFCOM has just released its first research publication, The International Communications Market 2006. Report focuses specifically on the international communications market, reflecting the increasing impact of global issues on the UK commercial and regulatory communications agenda. 

To read executive summary, please click here.

To download the document, please click here.

OFCOM has just released a new public discussion document on Regulatory Challenges Posed by Next Generation Access Networks. 

To read executive summary, please click here.

To download the document, please click here.

A major new study prepared for the UMTS Forum by Booz Allen Hamilton quantifies the economic benefits of maintaining a harmonised approach to spectrum management across EU Member States.

To download the study click here.

On 16 November 2006, during the ECTA Conference 2006, Ms Viviane Reding, Member of the European Commission responsible for Information Society and Media spoke on From Service Competition to Infrastructure Competition: the Policy Options Now on the Table.

In her speach Ms Reding focused on recent trends in the European ICT sector. She discussed issues related to the efficient regulation, liberalization process, spectrum, investment, competition as well as "separation" stating:  

"...we have to be clear as to what is meant by terms like “structural separation” and "functional separation". The term "structural separation" has been used to mean several things: full divestiture of companies; legal separation with separate management structures; functional separation of organisational and management structures within vertically integrated undertakings; and simple accounting separation of specified activities within vertically integrated undertakings. I have expressed myself already in June in favour of finding a European way on the separation issue.

I believe that functional separation, which is a specific form of separation in the large sense as just described, could indeed serve to make competition more effective in a service-based competition environment where infrastructure-based competition is not expected to develop in a reasonable period. It may be a useful remedy in specific cases. It is certainly not a panacea. A cost benefit analysis therefore has to be made on a case by case basis, before such a remedy is imposed. And the effects of imposing such a remedy in Europe’s internal market have to be carefully analysed in each individual case. Functional separation is certainly a field where one will not be able to do without the “two pair of eyes” principle. "

For full version of the speach, please see here.

Ofcom published its second annual Technology Research and Development Report which provides an overview of emerging technologies that have the potential to make more efficient use of the radio spectrum.

More information can be found here.

A comprehensive and interactive Body of Knowledge (BoK) on infrastructure regulation is now available online. Funded by the Public Private Infrastructure Advisory Facility (PPIAF) and the World Bank, this website includes literature surveys, self-paced quizzes, a hyper-linked 90 page glossary, and 300 studies (in PDF). It should be useful for practitioners, researchers, students, and anyone interested in learning about utilities regulation. The material provides a set of regulatory concepts and readings which regulators and academics should find useful. The site was developed by the Public Utility Research Center (PURC) at the University of Florida, in collaboration with the University of Toulouse, the Pontificia Universidad Catolica (Lima), the World Bank and a panel of international experts. The BoK references publications and decisions by regulatory agencies and other governmental bodies; policy advisories by think tanks, consultants, donor agencies, and others; and research by academics, and other experts. The BoK is broad in scope, covering essential learning in the areas of policy reforms, market structure in network industries, finance, incentive regulation, service to the poor, pricing, service quality, cost analysis, regulatory institutions and instruments, legal frameworks, stakeholder involvement, negotiations, management and leadership, and public relations.

Suggestions for additional readings and topics can be made at the website. http://www.regulationbodyofknowledge.org

 

A presentation entitled "Evolution of Digital Media in a Convergent Era" (PDF), was made by Cristina Bueti, Project Officer, ITU Strategy and Policy Unit,at the Festival International du Film et de la Télévision on 4 November in Geneva, Switzerland.

As part of the Shaping Tomorrow’s Networks Programme and in line with the stated objectives of the WSIS Tunis Agenda for the Information Society (November 2005), that “… ITU and other regional organisations should take steps to ensure rational, efficient and economic use of, and equitable access to, the radio-frequency spectrum by all countries ….”, ITU (Strategy and Policy Unit and Radiocommunication Sector) and and the Ugo Bordoni Foundation will jointly host a workshop to identify global trends and good practice in radio spectrum management.

The Workshop on "Market Mechanisms for Spectrum Management" will be held from 22 to 23 January 2007 in Room C at ITU Headquarters, Geneva, Switzerland.

It will examine, inter alia, the use of market mechanisms for both primary allocation of spectrum (e.g., auctions) and for secondary trading. It will look at recent trends in ITU Member States, the increasing demand for spectrum and will examine future challenges in developing policies for access to radio spectrum.

ITU Member States, meeting participants and other interested parties are encouraged to send in their spectrum related contributions to the meeting. All contributions will be posted on the meeting website. Please send your contributions to spectrum@itu.int

More information can be found here.

"In a sweeping set of measures, the German Federal Network Agency has ordered more than 80 network operators and service providers not to bill or collect for any phone numbers used illegally. A large number of consumers had complained to the German Federal Network Agency about so-called ping calls and other forms of telephone spamming."

"A ping call is where a call is made to a telephone number and broken off after just one ring. The subscriber’s display shows a “missed call” with an expensive premium-rate number or an 0137 number. In addition to these ping calls, another form of telephone spamming promises prizes where the person called hears a prerecorded message saying that they have won a large amount of money that can be collected by calling an expensive premium-rate number."

"The Federal Network Agency’s stringent measures are a continuation of the intense battle against telephone spam. Since May 2006 alone, the Federal Network Agency has disconnected 237 call numbers on account of ping calls and prize promises. In addition, a ban has been imposed on billing and collecting for 78 call numbers. These bans protect consumers that have called a spam number back, and prevents them from having to pay any charges. The spammer does not receive any payment for the calls initiated."

See the Federal Network Agency's press release here.

In his remarks at the First Meeting of the Internet Governance Forum in Athens, Greece, 30 October 2006, ITU Secretary-General Yoshio Utsumi, encouraged meeting participants to "welcome open debate in the great spirit of Athenian democracy".

See the transcript of Secretary-General Utsumi's speech here.

"Authentication processes can contribute to the protection of privacy by reducing the risk of unauthorized disclosures, but only if they are appropriately designed given the sensitivity of the information and the risks associated with the information. Overly rigorous authentication process, or requiring individuals to authenticate themselves unnecessarily, can be privacy intrusive."

The Office of the Privacy Commissioner of Canada's recently released new Guidelines for Identification and Authentication. The Guidelines are intended to help organizations develop appropriate identification and authentication processes in ways that respect the fair information practices in the Personal Information Protection and Electronic Documents Act (PIPEDA) and ensure compliance with its security provisions by providing the strongest protection for customers’ personal information. The scope of the document is limited to identification and authentication techniques between organizations and individuals.

These guidelines were released by the Canadian Privacy Comissioner, is a good document discussing both privacy risks and security threats:

See also a more detailed document published by Industry Canada in 2004 named "Principles for Electronic Authentication".

This article was accessed through Schneier's blog: Schneier on Security.

United Kingdom's telecommunications regulator Ofcom criticized a proposed European Union law regulating the internet, warning that "it could devastate the continent's internet-TV, mobile-multimedia and online-games industries". Under the EU proposal, many internet broadcasts would face the same requirements on advertising content and production quotas as traditional television.

The U.K. regulator hired Rand Corp. to conduct an impact-assessment study, which outlined the possible negative effects. There are major uncertainties about the future "trajectory" of Internet TV, the regulator said in a note accompanying the study. "Creators will simply distribute their own material via the open Internet, bypassing the need for any form of commercial relationship with other distributors," the regulator said, adding that internet broadcasters would move offshore to escape the regulation. The U.K. position is crucial.

When the EU proposal was first floated last year, London opposed all extension of broadcasting rules to new media. Ofcom spokesman Simon Bates said the U.K. has realized that some new services will fall under the regulation. The key is to gain exemptions for particularly vulnerable services. "We understand that some TV-like services that look like TV and feel like TV warrant some protection," he said, adding that fledgling services should remain exempt. "Our worst fear would be if blogs are required to be regulated like mass-media television services, with rules for example about offensive content." If infant industries are regulated, Ofcom says they risk being pushed offshore. Even though mobile-phone operators could restrict their services available on the open Internet, the EU regulation would give them "incentives to artificially structure businesses so that the regulatable activity of making and creating content takes place outside the EU." The regulation could devastate Europe's online-games industry, the report added. "Rand Europe finds that this industry is global, and that the added value activity of creating and developing games is highly 'portable,'" the regulator writes. "This industry is therefore highly susceptible to increases in regulation in one territory, however small, especially when that regulation does not have parallels in other territories." The regulator recommends "excluding online games altogether from the scope" of the EU regulation.

The European Parliament is scheduled to vote on the proposal by year end. EU governments meeting in the Brussels-based Council of Ministers also must approve it. Intellect, a U.K. trade association, recently said the regulation threatens to stifle services such as on-demand and interactive-video content.

Please see William Echikson's article in Wall Street Journal Europe for more details.

With the second meeting of the Focus Group on IPTV seeing a record number of participants and contributions, experts have declared satisfaction that work towards a set of standards for IPTV is well on track.

A recent report from industry analyst Gartner says that the number of households around the world subscribing to IPTV services offered by telecom carriers will reach 48.8 million in 2010. Buoyed by new service launches, IPTV subscribers will more than double in 2007 from an expected 6.4 million in 2006 to 13.3 million according to Gartner. Experts agree that it is imperative that standards needs are met if these impressive figures are to be achieved.

A key achievement at the FG IPTV meeting in Korea was progress towards a standardized IPTV architecture: The group agreed that IPTV architecture shall allow for both NGN and non-NGN approaches to IPTV, and within the NGN-approach, include both IMS and non-IMS based approaches.

Ghassem Koleyni, chair of the group stated that: "I am particularly happy that we have achieved so much progress in ITU-T Working Group 1 (service requirements and architecture). The level of participation in this group is growing and progress is overall good. But requirements and architecture are of such fundamental importance that getting a fix on these points, at this stage, is very satisfying. In order to gain momentum here we will convene an electronic meeting looking specifically at requirements and architecture, 18-21 December."

The Korea meeting agreed on the following definition of IPTV: "IPTV is defined as multimedia services such as television/video/ audio/text/graphics/data delivered over IP based networks managed to provide the required level of QoS/QoE, security, interactivity and reliability."

The FG IPTV meeting was preceded by an ITU-T workshop. The event attended by over 400 and held in Seoul provided a view and examination of IPTV standardization, political and regulatory aspects, business models and various case studies as well as technical developments and service provider’s operational aspects. A roundtable discussion at the event concluded that global standardisation and interoperability are key for further development of IPTV worldwide. Other issues that might be further discussed at an international level, according to the roundtable’s twenty participants, include digital rights management (DRM).

The next face-to-face meeting of the FG IPTV is scheduled for 22-26 January 2007 at the Microsoft facilities, Mountain View, California, USA at the invitation of Alliance for Telecommunications Industry Solutions (ATIS).

For more information see the ITU-T IPTV Focus Group website.

On 16 October 2006, Mauritius officially launched their Anti-Spam Awareness Campaign. On this occasion the Minister of IT and Telecommunications also presented a dedicated Anti-Spam Website with resource aimed at raising awareness and sharing information on spam, malwares, etc.

In Mauritius, the spamming problem is gaining in magnitude and there is a need to have a concerted approach to address this issue. Without remedial action to address the problem of spam in Mauritius, the country runs the risk of being seen as a safe haven for spammers and there is the risk that legitimate email traffic from Mauritius to other countries which have anti-spam legislation, could be blocked. In this context, the National Computer Board has set up a National Anti Spam Committee to co-ordinate activities at the national level with regards to combating spam.

The Anti-Spam Co-ordination Committee consists of representatives from the following national organisations: National Computer Board; IT Security Unit, Ministry of IT and Telecommunications; Ministry of Education and Human Resources; Ministry of Industry, Commerce, Small and Medium Enterprises and Cooperatives; Ministry of Foreign Affairs, International Trade and Cooperation Joint Economic Council; Mauritius Chamber of Commerce and Industry (MCCI); State Law Office; ICT Authority; Mauritius IT Industry Association; Internet Society; University of Mauritius (UOM); University of Technology; Telecom Plus/Mauritius Telecom ACT.

For further information see the newly launched Anti-Spam Website and Mauritius' Anti-Spam Action Plan.

The Journal du Net states in a recent article that organized cybercrimes represent a growing risk for internet users. Hackers use new techniques to hide and make their attacks more efficient. Their main goal is not to destroy computers. With the rapid development of e-commerce, hackers want to take over personal data and make as much profit as they can with it.

To achieve this, they use different forms of worms or trojans send from servers hosted in countries where the legislation is less strict. To protect their economic interests, businesses need to include employees in their security policies so they do not become the weak link in the security chain.

See Journal du Net for the full article in French.

The 13th European Conference of Postal and Telecommunications Administrations' (CEPT) Conference, took place in Berlin 11-12 October 2006. The title of the conference was "Regulations under Challenge".

The conference looked at the electronic communications policy and regulatory matters with the aim of facilitating a fruitful dialogue between regulators working at different levels of international and national institutions, industry and users on topics including: forward-looking regulatory and policy developments in a rapidly changing environment; technological, market and other developments with potential impact on regulations; and the impact of regulations on technology developments and telecom markets.

The first day, "Policy challenges", featured visionary keynote speeches by top level speakers, followed by plenary sessions presenting views from industry, the European Commission, regulators and others. Speakers included: Yoshio Utsumi (ITU), Guido Landheer (CEPT), Fabio Colasanti (EC), Michael Bartholomew (ETNO), Kevin Power (ECTA), Tom Lindström (EICTA), Sergio Antocicco (INTUG), Peter Scott (EC), Kip Meek (ERG and OFCOM), Mathias Kurth (RSPG), Rainer Münch (ETSI TISPAN), Kenneth Neil Cukier (The Economist) and Chris Marsden (RAND).

The second day, "Regulatory practices under challenge", addressed more specific topics in two parallel tracks. An overview of the state of the art in VoIP from a regulator's and incumbent's viewpoint was given in sessions on Digital Dividend, Spectrum Management Reform, New Technologies and Suitable Regulation, Building Blocks of NGN, NGN Challenges, and the Future of Telecommunications.

The meeting programme and the presentations can be found here.

This information was accessed through Richard's Blog for VoIP and ENUM

The first meeting of the Internet Governance Forum (IGF) will be held in Athens, Greece from 30 October - 2 November 2006.

The current programme is available here.

A couple of related websites have been unveiled:

• Australian academic Jeremy Malcolm has established IGFWatch at igfwatch.org.
  
• Jeremy Malcolm and also joined with UK journalist Kieren McCarthy to establish the IGF Community Site at www.igf2006.info for interaction before, during and after the event.

CircleID has a related article asking What Will Be the Outcome of the Internet Governance Forum Meeting in Athens?

Business Week Online shows in a recent article entitled "Needed: A National Cyber Security Law'" that more and more people have their personal information lost, stolen or compromised. Security breaches are eroding their trust in the capability of the Internet to deal with their private personal information. This growing confidence-deficit represents a serious threat to the economic growth of each country, according to the article. Therefore, it is time for officials to act by passing strong data-security laws. These national laws must aim to both prevent further data breaches and address leaks once they occur.

"To accomplish these goals, lawmakers should establish reasonable security measures, create a consistent and recognizable notification standard, encourage best practices such as encryption, and include effective enforcement capabilities".

See Business Week Online for the full article.

Computer World released an article entitled “Ten security trends worth watching”, based on Bruce Schneier’s speech at last month’s Hack in the Box Security Conference in Kuala Lumpur, Malaysia.

Mr. Schneier identified 10 trends affecting information security today:

1. Information is more valuable than ever.
2. Networks are critical infrastructure. "If the Net goes down, or part of the Net goes down, it really affects the economy".
3. Users do not necessarily control information about themselves. For example, Internet service providers have control over records the Web sites that users visit and email messages they send and receive.
4. Hacking is increasingly a criminal profession. More and more, attacks are organized and led by criminals who are driven by a profit motive.
5. Complexity is your enemy. "As systems get more complex they get less secure". Mr. Schneier mentioned that the Internet is "the most complex machine ever built".
6. Attacks are faster than patches. New vulnerabilities and exploits are being discovered faster than vendors can patch them.
7. Worms are more sophisticated than ever. 
8. The endpoint is the weakest link. "It doesn't matter how good your authentication schemes are if the remote computer isn't trustworthy".
9. End users are seen as threats.
10. Regulations will drive security audits.

See Computer World for the full article.

"The existing identity infrastructure of the Internet is no longer sustainable. The level of fraudulent activity online has grown exponentially over the years and is now threatening to cripple e-commerce. Something must be done now before consumer confidence and trust in online activities are so diminished as to lead to its demise." A recently released paper by the Information and Privacy Commissioner of Ontario, Canada, Ann Cavoukian, tries to address this: 7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age. 

See more information on the 7 Laws in the related news release and brochure.

The European Commission held its final conference on Radio Frequency Identification (RFID) on 16 October 2006 in Brussels, to close the series of consultations initiatives announced by Commissioner Viviane Reding at CeBit in March 2006. The conference (RFID: Heading for the Future) was opened by the Commissioner and featured Commission officials, members of the European Parliament, and relevant stakeholders from industry, government and civil society who have been involved in the ongoing European debate about RFID. ITU's Lara Srivastava spoke at the conference on the topic "RFID: from identification to identity" and her presentation is available here.

More information about the EU's RFID consultation is available here.

 

 

The Digital Opportunity Index (DOI) is a composite index that has been developed by the ITU/Digital Opportunity Platform to measure countries' progress in ICTs and digital opportunity, as part of the endorsed methodology for WSIS evaluation and follow-up. It is a flexible methodology that has been used in many different ways. Every day this week, SPU will demonstrate a different application of the DOI, to show its flexible and versatile applications for policy analysis.

The urban/rural digital divide is one of the most obvious divisions in many countries (depending on their geography, degree of urbanisation and industrial development, among other factors). ITU has traditionally sought to monitor the urban/rural divide in telecoms using the indicators of % of main lines in urban areas and mainlines in the largest city. For example, in China, as recently as 2004, just over two-thirds of all mainlines were to be found in urban areas (World Telecommunication Indicators).

However, the urban/rural divide extends far beyond connectivity. Differences in digital opportunity between urban and rural areas are also evident in the price of access to ICTs (often more expensive in rural areas), speed and quality of access (what the Nigerian blogger Oro calls "plug and pray") and technology in e.g., coverage of population with a mobile signal. The Digital Opportunity Index measures all these different aspects to access to ICTs.

For most countries, detailed data on urban/rural differences for all these aspects are difficult to come by. However, at the recent Digital Opportunity Forum held in Korea, the Egyptian Ministry of Communications and Information Technology presented its expert analysis of the urban/rural divide in Egypt (see figure below). Taking into account differences in price, coverage, Internet availability and usage, the Ministry calculated that the rural population in Egypt has one quarter less opportunity to access and use ICTs as in urban areas. This points to a measurable and significant urban/rural divide in connectivity in a country where the vast majority of the population (95%) live in the fertile Nile valley. The DOI provides a means not only of quantifying the extent of this urban/rural divide, but also of monitoring its future evolution.

The urban/rural divide in Egypt

Source: Egyptian Ministry of Communications and Information Technology, presented to the Digital Opportunity Forum, 1 September 2006.

For more information about the Digital Opportunity Index, click here.

The ITU’s Strategy and Policy Unit (SPU) is delighted to announce over 70,000 downloads of its major new report, the World Information Society Report (WISR) since July.

The World Information Society Report charts progress in building the Information Society and track the dynamics driving digital opportunity worldwide using a new tool—the Digital Opportunity Index (DOI). The Digital Opportunity Index can strengthen policy-making by monitoring the critical areas of the digital divide, universal access, gender and the promotion of broadband and universal service policies. The DOI has been cited by the US Federal Communications Commission to measure the state of broadband in the United States, monitored in Ireland to track the price of broadband and used by the Egyptian Government to measure the urban-rural divide in Egypt.

Every day this week, SPU will profile a different practical application of the Digital Opportunity Index, to demonstrate its genuine use for policy purposes and to show how it can monitor WSIS follow-up. The Digital Opportunity Index is relevant for policy-makers, regulators, academics, public and other stakeholders with an interest in telecommunications and development.

To find out more, please click here.

As a result of a British documentary, India is now under pressure to strengthen its laws combating data theft and other electronic crimes in the country. Amendments to India’s IT Act of 2000 have been proposed and should be enacted by the national parliament in its upcoming winter.

Read the full Information Week article here.

See also Department of Information Technology, Ministry of Communication and Information Technologies for more information.

An Open Event on "Security and Identity Management in a Federated World" was held on 2 October 2006, hosted by the Ecole Polytechnique Federale de Lausanne (EPFL) in collaboration with Sun Microsystems. Speakers included Sun Microsystems' John Gage and Liberty Alliance's Hellmuth Broda. ITU's Lara Srivastava participated in the event and spoke on "the problem of identity in networked spaces". Her presentation is available here.

The subject of digital identity will be examined more closely in the forthcoming 2006 ITU Internet Report entitled "digital.life", to be released at ITU Telecom World 2006, 4-8 December 2006 (Hong Kong, China).

 

Three of the world's leading Internet Exchange Points (IXPs), AMS-IX, DE-CIX and LINX are hosting the first European Peering Forum on 29-30 November 2006 in Frankfurt, Germany.

Sponsored by Foundry Networks and IXEurope, the event is designed to bring together representatives from the respective IXP member organisations to discuss all aspects of peering from negotiating to operations. (Peering is a cost neutral arrangement between two Internet Service Providers (ISPs) to exchange Internet traffic. It is undertaken to reduce costs and provide more direct routing of that traffic.)

For more information on the event see the European Peering Forum website.

This story was accessed through Total Telecom.

The OECD's Information, Computer and Communications Policy Committee (ICCP) organised a one-day international Forum on "Next Generation Networks: Evolution and Policy Considerations", which was held on Tuesday, 3 October 2006 in Budapest, Hungary.

For more information about the event see the OECD website.

Wired News in an article brings attention to the insecurity of some of the new technologies online. “VOIP and Ajax -- are dangerously insecure, and likely to only get worse as they become more prevalent, according to security researchers presenting their findings at the ToorCon security conference.”

"Voice over internet protocol is going mainstream, available to consumers and increasingly replacing the private phone systems in businesses of all sizes. Like the traditional phone, a VOIP call is broken into two parts, or channels. The first is signaling, which negotiates things like when to start and stop a call, what to do if another call comes in, and what to do if something about the call changes. The second part is media, the bit where we talk. In most VOIP systems neither of these channels is actually encrypted."

"According to Dustin Trammell, VOIP security researcher at Tipping Point, this leaves most VOIP calls vulnerable. Calls can be hijacked without either party's knowledge anywhere along the route over the net that connects the call, and nearly all VOIP systems can fall victim to signal-channel attacks that can fake caller ID, degrade call quality, end calls suddenly, and crash the end device -- either your VOIP phone or computer. Internet telephony can even fall victim to denial-of-service attacks that flood a phone with fake requests to start a call, rendering it useless."

Read the full Wired News article on VOIP and AJAX security issues.

The Finnish Regulatory Communications Authority Ficora launched .8.5.3.e164.arpa user ENUM into public commercial operation after a successful pilot phase that started in 2003. The database was cleared between the pilot phase and commercial operation and thus there are no delegations at the moment. A Ficora representative says: "Our next aim is to get as much support from telcos and registrars for ENUM as possible. Currently I'm optimistic for their support since we are having good discussions with all major Finnish telcos."

User ENUM is currently in commercial operation in Austria, Poland, Romania, Germany, Netherlands, and Finland. Ireland is still in negotiations.

This article was accessed through Richard's Blog on VOIP and ENUM.

What is ENUM?
ENUM is a protocol that is the result of work of the Internet Engineering Task Force's (IETF's) Telephone Number Mapping Working Group. The charter of this working group was to define a Domain Name System (DNS)-based architecture and protocols for mapping a telephone number to a Uniform Resource Identifier (URI) which can be used to contact a resource associated with that number. The protocol itself is defined in RFC 3761: The E.164 to URI DDDS Application (ENUM), which obsoletes RFC 2916. The protocol provides facilities to resolve E.164 telephone numbers into other resources or services on the internet. ITU-T Recommendation E.164 is the international public telecommunication telephone numbering plan and current ENUM delegations can be found here. More information on ENUM can be found here.

"The ICT industry is expected to grow by 6% in 2006 and, looking ahead, highest growth will be driven by Internet-related investments, Linux servers, digital storage, personal digital assistants and new portable consumer products." But any return to the heady days of 20% and 30% growth in many products and market segments in the 1990s are unlikely, according to the 2006 edition of the OECD’s Information Technology Outlook 2006.

For more information, see the OECD Information and Communications Policy website.

The European Commission has signed a contract with the consortium Equant/Hewlett Packard for the provision of the infrastructure replacing several data communication infrastructures at EU level. sTESTA (Trans European Services for Telematics between Administrations), is the European Union's classified telecommunication network and responds to the growing need for secure information exchange between European and National administrations.

In order to respond to the need for a telecommunication network serving multiple stakeholders in multiple policy areas, the European Commission, the European Council, Europol and the European Railway Agency have joined forces. The sTESTA framework contract was awarded following a jointly launched tendering procedure. This contract will allow European and National Administrations to exchange data within several policy areas in a secured and reliable way. Commission Vice President Günter Verheugen, responsible for enterprise and industry policy, said: "This initiative will make the EU’s electronic communication infrastructure considerably more efficient. It will enable us to better respond to the many challenges in the field of eGovernment, making our society more modern and safer."

Read more in the EC Press Release.

The ITU and the EU's Daidalos Project plan a workshop on "Digital Identity for NGN" Dec. 5 in Geneva, officials said Mon. The Daidalos Project and VeriSign are advancing global standardization of digital identity management at the ITU, officials said. Proposals have been floated at ITU on handling the issue, but consensus is still forming. The aim of the workshop is to understand better providers' need to offer digital identity across layers of communication systems, administrative domains and other boundaries, documents said. Key challenges for developing a more consistent approach are to tackle the conflicting requirements of privacy, identification and security, documents said. The NGN-GSI Event will focus on identity management as a key theme during its meeting Oct. 23-Nov. 3, said an official involved in the work. The past year or 2, several research institutes in Japan, S. Korea and Switzerland have been interested in sensor network identifiers, he added. There's supposed to be an identity management piece in the October 23-24 Grid Workshop as well, the official said: "There's a whole burgeoning world of communicating sensor devices, and [they] will need some kind of identity to communicate whatever kind of sensing information they have."

Source: Warren's Washington Internet Daily

The International Telecommunication Union along with the Commonwealth Telecommunication Organization (CTO) organized a three-day Forum 26-28 September on Using ICT for Effective Disaster Management. The meeting at Ochos Rios, Jamaica adopted a road map for better coordination in the use of state-of-the-art information and communication technologies (ICT) aimed at improved disaster preparedness and mitigation.

The roadmap includes: formulation of appropriate policies deployment of appropriate technologies ratification and implementation of the Tampere Convention for free movement of technical equipment in case of disaster capacity building for users of ICT services and applications establishment of national platforms that help countries to be ready to use ICT when disasters strike development of common regional strategies on integrating ICT in all phases of disaster mitigation: early warning, preparedness, response and relief

At the Ochos Rios meeting, comments from Jamaican government officials and several regional Caribbean representatives focused on the ability, or lack of ability, of governments, telecom carriers, IT backup service providers, businesses enterprise customers and other private-sector organizations to cope with their most comment peril: tropical hurricanes. The intense 2005 hurricane season brought a record 27 storms (including Emily, Katrina and Wilma) into the region. "Following the 2004 Ivan hurricane disaster and Emily in 2005, it became evident that the lack of communications was one of the significant weaknesses of the regional disaster management framework," says Philip Paulwell, Jamaica's Minister of Industry, Technology, Energy Commerce. "Intra-agency communications as well as public information have been identified as requiring improvement." "There's an urgent need to establish effective and comprehensive communication links between the affected areas, national disaster response facilities and with the larger international community.

For further details, see the ITU press release on this topic.

The United States National Cyber Security Alliance (NCSA), a consortium of government agencies and private industry sponsors, aims to educate the public about core security protections this October, during the national cyber security awareness month, with its campaign on 'Cyber Security: Make It A Habit'.

U.S. National Cyber Security Awareness Month is a national campaign designed to increase the public’s awareness of cyber security and crimes issues, so that users can take precautions to avoid these threats on the Internet. The month will feature public relations activities, educational programs, events and initiatives throughout October that targets Home Users, Small Businesses, Education audiences (K-12 and higher education), and Child Safety online.

See the U.S. National Cyber Security Awareness Month 2006 website for further information on this collective effort aimed at protecting the public from internet threats.

PhishTank is a collaborative clearing house for data and information about phishing on the Internet. PhishTank was launched by the people behind OpenDNS and will be used to dynamically block access to phishing sites. For more information, see their FAQ.

"Yahoo has announced it will give away the browser-based authentication used in its email service, considered to be the company's 'crown jewel', in a bid to encourage software developers to build new applications based on e-mail". 

"Yahoo is a very large company but we can't build every applications that a user might want," a Yahoo representative said in an interview. "You can imagine tens of thousands of niche applications (springing) from Yahoo Mail." "Software developers have traditionally kept careful control of the underlying programming code of their products and allowed outsiders to make only incremental improvements. In recent years, Web developers have opened up that process to encourage outsiders far deeper access to the underlying code. Open applications like Google Maps and Yahoo's own Flickr have inspired a new wave of programming in which developers can combine software features from different companies to create what are known as 'mashups' -- hybrid Web products"

"Yahoo made the announcement ahead of a 24-hour Yahoo Hack Day, where it had invited more than 500 mostly youthful outside programmers to build new applications using Yahoo services. Considering the different needs of its huge user base (257 million people use Yahoo Mail), Yahoo has decided it can't build or buy enough innovation, so they are enlisting the worldwide developer community. The code will be released late in 2006. Yahoo notes that there are 'no security risks' since they keep absolute control of usernames and passwords."

Read the full article in Yahoo News.
This story was accessed through Slashdot.

A Strategic and Coordinated Approach Needed for Cybersecurity In a recent GovTech article, the Cyber Security Industry Alliance (CSIA) calls for a more strategic and coordinated approach from the U.S. government to ensure the nation's cybersecurity.

CSIA’s Executive Director Paul Kurtz emphasized that "the level of attention given to securing our information infrastructure is inadequate considering the reliance of Americans on the nation’s cyber systems." "In testimony before the House Committee on Energy and Commerce's Subcommittee on Telecommunications and the Internet, Kurtz highlighted the importance of the nation's cyber systems, calling them the newest and most pervasive portion of our critical infrastructure, and discussed the federal government's role in its protection. At the core of CSIA's recommendations is the need for a Strategic National Information Assurance Policy that would outline the key roles that relevant government agencies should play in the protection of our cyber infrastructure."

"No single entity owns our information infrastructure and no single government agency is solely responsible for its protection." "While the Department of Homeland Security clearly plays a critical role, many other agencies share responsibility for the overall well being of our cyber systems," said Kurtz. "Yet the government has shown little strategic direction or leadership when it comes to ensuring the resiliency and integrity of our information infrastructure and the protection of the privacy of our citizens. This is baffling when one considers that nearly every service we use, from our communications and utility networks to our financial and medical systems, is in some way reliant upon our nation's digital networks." Kurtz called out the need for a cyber early warning system that provides the nation with situational awareness of attacks.

Read the full story here.

The ITU has unveiled a new website Partnerships for Global Cybersecurity dedicated to moderation/facilitation activities related to implementation of WSIS Action Line C5: Building Confidence and Security in the Use of ICTs.

Background

The outcome documents from the World Summit on the Information Society (WSIS) emphasize that building confidence and security in the use of ICTs is a necessary pillar for building a global information society (see extracts). The Tunis Agenda describes the establishment of a mechanism for implementation and follow-up to WSIS and requests ITU to play a facilitator/moderator role for WSIS Action Line C5: Building Confidence and Security in the Use of ICTs. In order to stress the importance of the multi-stakeholder implementation of related work programmes, ITU has named this the Partnerships for Global Cybersecurity initiative.

Here's how to participate and how to contact us if you would like to contribute to the work programmes.

Work Programmes

Based on the first facilitation meeting held in May 2006 and the related Chairman's Report, work programmes in three focus areas have been initiated:

• Focus Area 1 (National Strategies): The development of a generic model framework or toolkit that national policy-makers could use to develop and implement a national cybersecurity or CIIP (Critical Information Infrastructure Protection) programme. More information on activities, mailing lists and events.
  
• Focus Area 2 (Legal Frameworks): Capacity-building on the harmonization of cybercrime legislation, the Council of Europe's Convention on Cybercrime, and enforcement. More information on activities, mailing lists and events.
  
• Focus Area 3 (Watch, Warning and Incident Response): Information-sharing of best practices on developing watch, warning and incident response capabilities. More information on activities, mailing lists and events.

For general information on WSIS implementation as a whole, including other action lines and themes, see here.

 

Dear Subscribers,

We regret to inform you that as a result of scheduling complications it has been necessary to postpone the Market Mechanisms for Spectrum Management Workshop from the 2nd and 3rd of November 2006 to the 22nd and 23rd of January 2007.

We apologize for any inconvenience this may cause.

Those directly affected will be contacted by us individually.

More information about the workshop and related activities can be found here.

"Chapter Four: From Measurement to Policy-Making" considers the changing telecommunications policy landscape, in areas of universal access/service, affordability, digital inclusion, broadband and wireless, amongst others. It shows how policy-makers can use the Digital Opportunity Index (DOI) to inform policy-making and policy design to achieve the WSIS goals. The DOI is not an abstract mathematical construction, but has real ‘hands-on’ applications for policy-makers, particularly in the context of the commitments made by governments at the World Summit on the Information Society.

Chapter Four uses the DOI for analysing digital gaps between regions at the national and international levels, for assessing gender gaps and for monitoring digital inclusion. The DOI is a useful policy tool that can be adapted to assess all of these data requirements. Chapter four of the World Information Society Report uses the DOI to analyse digital opportunity throughout the continent of Africa; perform a benchmark comparison of India’s performance relative to its neighbouring countries (see Figure below); examine regional disparities in digital opportunity in Brazil; and examine the gender gap in the Czech Republic. The chapter also outlines the next steps in ICT measurement for policy-making that the Digital Opportunity Platform plans to undertake.

Using the DOI for Policy Purposes

To find out more about the World Information Society Report, please click here.

"Chapter Three: Information Society Trends" tracks the shifting dynamics of the Information Society worldwide. It monitors the changes in digital opportunity across different countries and regions, and investigates those that have made the strongest gains in digital opportunity.

The Asian economies of the Republic of Korea and Japan continue to lead in digital opportunity, mainly due to their pioneering take-up of broadband and 3G mobile services. Nearly all Internet subscribers in the Republic of Korea are broadband subscribers, whilst Japan is the only market where Internet subscribers are most likely to access Internet over their mobile. Dramatic progress has been achieved by developing countries, however, which made the greatest progress in digital opportunity - notably India, where digital opportunity nearly doubled between 2001 and 2005, and China, which experienced remarkably strong gains in infrastructure. Some countries are leveraging their investments in infrastructure more successfully than others, however.

Major Gainers in digital opportunity (2001-2005)

Note: Component indices of the DOI are represented by O = Opportunity; I = Infrastructure; U = Utilization.

Chapter three analyses trends in digital opportunity, broadband speed and price, as well as the price of other telecommunication services. Find out more about the WISR here.

"Chapter Two: Measuring the Information Society" introduces the structure and methodology of the Digital Opportunity Index (DOI). It explains why the component indicators were chosen and how they measure different aspects of digital opportunity, in: opportunity to access telecommunications (including basic access to telecommunications and affordability, with detailed price information); the basic infrastructure available in a country; and actual utilization of ICTs, in the use of the Internet and broadband technologies (fixed and mobile).

This chapter reviews trends in the individual indicators making up the DOI, including: the growth of mobile coverage (both 2G and 3G); a comparison of Internet and mobile prices; household penetration of ICTs and broadband and mobile Internet. It illustrates these trends with a wealth of country information and regional comparisons, to show how the DOI captures the growth in digital opportunity around the world.

The DOI is a flexible and forward-looking index, which includes measurement of the promising technologies of tomorrow in broadband and mobile Internet subscribers (as a proportion of total Internet subscribers and total mobile subscribers). It is the major index to date that includes up-to-date and current price information for both mobile and Internet access. Find out more and download the DOI as part of the World Information Society Report here.

Structure of the DOI:

The DOI is currently being updated for 2006 information, as part of the ongoing work programme of the Digital Opportunity Platform.

 

"Chapter One: A Summit for Building the Information Society" outlines the background to the World Information Society Report (WISR). It sets out the background to the World Summit on the Information Society (WSIS) in the origins, aims and achievements of the Summit. In particular, it considers the call by member governments for an effective means and methodology for follow-up to monitor progress in building the Information Society through implementation of the Summit's recommendations.

The Geneva Plan of Action calls for a composite ICT Development (Digital Opportunity) Index to be published annually, or every two years, in a report on ICT development to clarify the magnitude of the digital divide in both its domestic and international dimensions.

Chapter One of the WISR reviews WSIS implementation since the Summit concluded in Tunis in November 2005, and explains why composite indices give a more complete picture of the development of the Information Society in any given economy than a single indicator. It gives an overview of the main composite Indices for measuring Digital Opportunity, and how they differ. It concludes by explaining the main virtues of the Digital Opportunity Index, especially for developing countries: it evaluates digital opportunity in 180 countries, the most of any index published to date; it is based on standard indicators (as defined by the Partnership for Measuring ICT for Development); it uses objective data rather than survey data; it can be split into its fixed and mobile components, so developing countries can be measured on the basis of their strengths; it uses household penetration data (which favour developing countries, on the basis of their large average household size); and it is simple and easy-to-use.

"Chapter One: A Summit for Building the Information Society" of the World Information Society Report can be downloaded for free here.

Business Communications Review has an article entitled The Botnet Threat reviewing a recent report put out by Arbor Networks, which surveyed ISPs about their biggest security concerns.

"When they surveyed 55 ISPs, McPherson and Labovitz discovered that distributed denial of service attacks, and the related threat of botnets, remain the biggest security problem that ISPs face. Together, these two elements were named as the top threat by 77 percent of respondents. "Brute-force attacks remain the most predominant attack type on the Internet today," the authors write.

The largest sustained attack reported by the survey respondents was a whopping 17 Gbps; a UDP flood of 22 million packets per second (pps) and a SYN flood of 14 million pps have also been reported. "The magnitude of these attacks is incredible when you consider that a 14 Mpps SYN flood can nearly fill an entire OC-192 (10 Gbps) circuit with a minimum packet size," McPherson and Labovitz write. "Any one of these attacks, or even a fraction thereof, can create significant pain for even the largest ISP networks in the world today."

The report also cites what the authors call "a new and disturbing observation" made by one respondent: Not only are botnets highly organized and "uniformly gargantuan," but there's an increasing amount of marketing of these botnets. ("Blast your affiliate numbers overnight!" is a typical pitch they report seeing.)"

The ITU’s Strategy and Policy Unit (SPU) is delighted to announce over 17,000 downloads of its major new report, the World Information Society Report (WISR), over the two months since its publication.

As part of the ITU’s follow-up to the World Summit on the Information Society (WSIS), the Report charts progress in building the Information Society and track the dynamics driving digital opportunity worldwide using a new tool—the Digital Opportunity Index (DOI). The DOI is part of the agreed evaluation methodology endorsed during the WSIS and will be published annually in the World Information Society Report to track progress in reaching the WSIS targets and building a diverse and inclusive Information Society by 2015.

The WISR shows how the Digital Opportunity Index can be used to strengthen policy-making by monitoring the critical areas of the digital divide, universal access, gender and the promotion of broadband and universal service policies. The Report is addressed to policy-makers, regulators, academics, public and other stakeholders with an interest in telecommunications and development.

Starting next week, SPU will profile a different chapter of the World Information Society Report each day, to show how the Information Society is evolving and how you can contribute to WSIS follow-up. 

For more information, please see the WISR website. 

InfoWorld reports that the U.S. Department of Homeland Security has released the findings of Operation Cyber Storm, a large-scale simulation of combined cyber-physical attacks on U.S. critical infrastructure.

"The U.S. Department of Homeland Security (DHS) released its public findings from Operation Cyber Storm, a large-scale tabletop simulation of a coordinated cyber attack on the government and critical infrastructure that was held in February, 2006. The exercise involved US-CERT, the Homeland Security Operation center as well as the National Cyber Response Coordination Group (NCRCG) and the Intragency Incident Management Group (IIMG), various ISACs from the transportation, energy, IT and telecommunications sectors, and 100 private sector companies." "The exercise simulated a large-scale cyber campaign that disrupts multiple critical infrastructure, as well as simulated "physical demonstrations and distrubances" to test the ability of government to respond to multiple incidents simultaneously, even when its not clear that the events are related (read: 9/11)."

From the article: According to DHS, "observers noted that players had difficulty ascertaining what organizations and whom within those organizations to contact when there was no previously established relationship or pre-determined plans for response coordination and risk assessments/mitigation. There was a general recognition of the difficulties organizations faced when attempting to establish trust with unfamiliar organizations during time of crisis."

Read the InfoWorld article here.
See the DHS press release on Operation Cyber Storm. 

This article was accessed via Slashdot.

Within the framework of the 17th European Regional ITS Conference, session on the Next Generation Infrastructure (see programme)C.B. Blankart, G. Knieps, and P. Zenhäusern presented their new paper on "Regulation of New Markets in Telecommunications? Market Dynamics and Shrinking Monopolistic Bottlenecks".

In the paper the Authors focuse on the debate on the EU telecommunications regulatory framework and analyse whether new markets create new monopolistic bottlenecks or extend the borderlines of existing bottlenecks. Three kinds of transmission qualities on service markets can be dif-ferentiated according to the products provided: narrowband services like PSTN/ISDN or GSM, semi high-speed broadband services like broadband inter-net access up to 6 Mbps download and VDSL services up to 50 Mbps. As long as, due to the absence of alternative network infrastructures, a monopolistic bot-tleneck in local infrastructure networks exists the question arises what the re-maining bottleneck components are for these different markets. In this paper we will demonstrate the shrinking-bottleneck hypothesis.

Download the full version of the paper.

European Commission published three studies by external consultants on the review of the EU 2003 regulatory framework.The three studies are the following:

• An assessment of the regulatory framework for electronic communications: growth and investment in the EU e-Communications sector, by London Economics, in association with PricewaterhouseCoopers.
• Preparing the next steps in regulation of electronic communications, by Hogan & Hartson and Analysys.
• Experts’ report in relation with the Review of the Recommendation on markets subject to ex ante regulation, by Dr Ulrich Stumpf, Professor Martin Cave and Professor Tommaso Valletti.

A recent APDIP e-Note goes into the discussion of Internationalized Domain Names (IDNs) and Internet Governance.

As the number of non-English speakers on the Internet grows exponentially, the limitations of the Domain Name System have become evident to many.

The APDIP e-Note examines "how IDNs relate to cultural diversity and the basic human right to communicate in one's own language on the Internet. While the bulk of the content on the Internet has been in English, this is rapidly changing. In China, for example, over 60 million of the nation's 100 million-plus users browse the web only in Chinese, yet top-level domain names remain in Roman script for all users. The APDIP e-Note further discusses the ongoing debate on how best to allow users to navigate the Internet in their own language. Different systems available for multilingual domain names and future scenarios are also explored.

Download the full APDIP e-Note.
View other APDIP e-Resources here.

The Asia-Pacific Development Information Programme (APDIP) is an initiative of the United Nations Development Programme (UNDP) that aims to promote the development and application of Information and Communications Technology (ICT) for sustainable human development in the Asia-Pacific region.

A select committee has recommended a major change to New Zealand's anti-spam bill, suggesting anyone should be able to send unsolicited emails that are of an entirely non-commercial nature and need not desist even if asked to do so by the recipient. The original anti-spam bill said that organisations that sent unsolicited emails to promote their aims or ideals - such as school newsletters and messages from political lobbyists - would fall foul of the spam bill. This is if they did not stop sending messages when asked to do so, by letting recipients "opt-out". The select committee dropped this requirement in amendments it proposed early September 2006.

The proposed amendments also drop the legal requirement that spam be reported to a customer's internet service provider before Internal Affairs could take action. Other proposed amendments eliminate the distinction between emails whose prime purpose is commercial and ones that are primarily promotional, but which contain a commercial element, and lift a ban on possessing or supplying email harvesting software, but bans New Zealanders from using such software to send spam.

This news item was retrieved through the APCAUCE Newslog.
The full article is available at stuff.co.nz.

In a recent press release, Gartner, Inc. says that the number of households around the world subscribing to Internet Protocol television (IPTV) services offered by telecom carriers will reach 48.8 million in 2010. Buoyed by new service launches, IPTV subscribers will more than double in 2007 from an expected 6.4 million in 2006 to 13.3 million according to Gartner.

Despite the eight-fold increase in users between 2006 and 2010, Gartner says that carriers will struggle to turn IPTV into a mainstream Pay TV distribution platform on par with established cable or satellite services. "The difficulty in carving out a distinctive proposition that will clearly differentiate early IPTV services from other established TV options will lead many service providers around the world to drive adoption by competing on price in the next few years", said Elroy Jopling, research director at Gartner. "As a result, the global picture for IPTV revenue is much less impressive than for subscriber numbers."

"Global IPTV revenue during the period will grow from $872 million in 2006 to a still relatively modest $13.2 billion by 2010. IPTV will not be a panacea to replace diminishing voice revenue for carriers, but in the medium term it can be a powerful tool for carriers in helping retain customers on their existing voice and broadband services."

Gartner defines IPTV as the delivery of video programming (either broadcast or on-demand) over a carrier’s managed broadband network to a customer’s TV set. It does not include streaming media over the Internet to a PC.

See the full press release on the Garner website.

A presentation entitled "Booming Broadband for a Wireless World" was given by Lara Srivastava of ITU on 22 August 2006 at BroadbandAsia 2006 in Shanghai, China. Other speakers included, inter alia, L. Ladid (President, IPv6 Forum), T. Poulos (Asia-Pacific Head, Global Billing Association), A. Hassan (Executive Director, Wi-Fi Alliance), J. Wang (Secretary-General, TD-SCDMA Forum), S. Ramaswamy (Senior Vice President, Bharti AirTel).

On the 5th of May 2006, France and Japan signed a joint statement within the framework of a coordinated international action in order to fight spam. Both countries especially consider to exchange informations and good practices regarding the field of anti-spam policies and strategies.

The French Direction du Developpement des Medias (DDM) has more information on their website.

See other spam-related articles on the OECD Task Force on Spam website

The Vietnamese Ministry of Trade is drafting a circular governing advertising activities by electronic means, including emails, pop-ups and mobile phone messages.

"Local Internet users have been bombarded with spam mails but most of them are from overseas. Now such a circular is necessary as local spamming activities are on the rise.

The circular has basic requirements for users to fight spams such as opt-out options, genuine sender addresses, sender telephone numbers and obvious headings. But it seems that the draft circular is too lenient towards spammers when it provides them five working days before they have to stop their spams in case recipients choose to opt out. It also allows for the collection of personal data including email addresses and telephone numbers. Even though the circular requires collecting parties to ask for permission first and to keep those data confidential, this provision can be abused and can cause disputes later on.

This is all the more possible because the circular provides two scenarios: A complete ban of sales of email addresses and telephone numbers to advertisers; or allowing such an activity. Unsolicited short mobile messages are now possible because some carriers are selling subscribers’ numbers to various advertising companies. Users are especially frustrated when senders use some automatic message generation device so that they might receive an advertising message in the middle of the night.

The fines provided in the draft circular are from VND5 million to VND20 million, which many say are not heavy enough to prevent harmful violations of personal information."

[via APCAUCE and Viet Nam News]

An article entitled New regulation to monitor online video spoof craze in Xinhua Online says that new regulations are in the pipeline to regulate video content on the internet in the wake of a surge in short satirical films online, according to the Chinese State Administration of Radio, Film and Television.

"Video spoofs have become so popular that netizens have even coined a slang term, "egao," to describe the act of using real film clips to create mocking send-ups.

From late August or September, only authorized websites such as sina.com, sohu.com and netease.com, will be allowed to show short films under the new regulations, Xinhua News Agency reported, citing an announcement by the administration."

[via Smart Mobs]

At the invitation of the Government of Cameroon and Cameroon's Telecommunications Regulatory Board (ART), FTRA-2006, on the theme "IP networks and related services: Challenges for African regulators", was held in Yaoundé, Cameroon, on 7 and 8 June 2006. Eighty-three participants from 23 countries and 11 organizations attended the forum.

Participants emphasized the need to review the telecommunications-ICT political, legal, administrative and regulatory issues with a view to their inclusion of aspects relating to the Internet and related services, and the need for human capacity building for regulators in a rapidly changing telecommunications environment. After the successful establishment of sub-regional African Telecommunication Regulatory Associations, the Forum discussed the creation of a PAN African Regulatory Association building on the achievement of the African Telecommunication Regulators Network (ATRN) with the aim of putting in place an efficient mechanism capable of decision-making at the continental level. They finally agreed in principle on the establishment of such an association and its integration in the African Telecommunications Union (ATU). The recommendations agreed on may be found in the final communiqué.

FTRA-2007 will be held in Nairobi, Kenya with the exact dates announced at a later date.

[via the ITU-D Newslog]

The International Herald Tribune has an article about the growing problem of "cyberviolence" in South Korea, which has one of the world's most developed Internet communities:

'Complaints filed with the government's Korea Internet Safety Commission more than doubled to 42,643 last year from 18,031 in 2003. Women have reported sexual harassment. A 16-year- old schoolgirl accused of informing on an abusive teacher ran away after her photos and insults were splashed on her school Web site. A singer struggled with rumors that she was a man. Twist Kim, a singer and comedian, had a nervous breakdown after pornographic Web sites proliferated under his name, as if he had created them, causing television stations to spurn him.

In most countries, Internet users oppose government attempts to censor the Internet. In South Korea, however, in both government-funded and private surveys, a majority of people support official intervention to check unbridled freedom of speech on the Internet.

A poll taken in November showed that nearly one of 10 South Koreans from 13 to 65 said they had experienced cyberviolence.

The problem in South Korea may presage what will happen in other countries, according to the authorities, who have begun cracking down on the problem.

"In the past few years, the Internet has grown in South Korea explosively," said Kim Sung Ho, secretary general at Kinternet, a lobby of domestic portals. "The Internet community has developed faster and stronger in South Korea than elsewhere. So we are struggling with its side effects earlier than other nations."

Since last year, dozens of people have been indicted on charges of criminal contempt or slander for writing or spreading malicious online insults about victims like Kim Myong Jae. They face fines of as much as 2 million won, or $2,067.

This month, the National Assembly will debate a bill that would require the nation's 30 major Internet portals and newspaper Web sites to confirm the identities of visitors before allowing them to use bulletin boards, the main channel of cyberviolence.

"The idea is to make people feel more responsible for what they are posting on the Net," said Oh Sang Kyoon, a director at the Ministry of Information and Communications. "Victims cannot live a normal life. They quit jobs and run away from society. They even flee the country. It's like lynching victims in a 'people's court on the Web.'"

Some critics question whether such a law would solve the problem. Cyberviolence, they say, has been increasing even though most of the country's major Web sites are already applying the policy.

"This is violating privacy in the name of protecting it," said Oh Byoung Il, director general at jinbo.net, a civic group. "It discourages anonymous whistle- blowers. It impedes the free flow of communication, the soul of the Internet."

Official interference will also discriminate in favor of foreign portals like Google, said Kim of Kinternet. For instance, when users search for "sex" in a South Korean portal, they must first prove they are adults by supplying personal data - a requirement that does not apply to the Korean-language Google, which operates with an overseas server.

But Kim Myong Jae condemned the portals as willing accomplices in online mob attacks. While painfully slow to respond to victims' complaints, Kim said, the portals - the largest of which, naver.com, attracts 15 million users a day - highlight real-time lists of the most- clicked-on news, thus helping spread sensational, and often libelous, items.

Kim said he had filed suit against the nation's top four portals: Naver, Daum, Yahoo! Korea and Nate.

And portals say they are now screening their contents more vigorously. "Rather than being an arena for sound debate, the Web bulletin boards have to some extent become a place for verbal defecation," said Choi Soo Yeon, a naver.com spokeswoman. "We have 300 monitors who work round the clock to delete abusive and defamatory language." But ultimately, the portals say, the users who post on the Web should be responsible for content.

South Korea saw an explosion of Internet users as the country emerged from decades of military rule, and citizens jumped on the new technology as a way of expressing long-suppressed views. About 33 million South Koreans - out of a population of 48 million - use the Internet, most of them with broadband connections. And many of them are not shy about their feelings.

News articles on portals or newspaper Web sites often are accompanied by feedback sections, where readers comments. Some news articles attract thousands of entries, ranging from thoughtful comments to raving obscenities. When suspicions first emerged last year that the cloning expert Hwang Woo Suk had faked his groundbreaking work, few dared to speak in public against the man lionized as a hero. Scientists, who unveiled evidence of fabrication through anonymous postings, brought about Hwang's downfall.

One of the most famous victims of online mob rule was the so-called "dog-poop girl." A cellphone photograph of a girl who failed to clean up after her dog in a subway car was posted on the Internet. For weeks, people pursued her relentlessly; the girl reportedly dropped out of school as a result.

To Kim Myong Jae, it was familiar. "Two months after I became the target, I visited a plaza near my old company. I dressed differently. Still a person reported my appearance on the Web, how I looked and how that person felt sick to see me," Kim said. "It's a handicap I may have to carry for a long time."'

An article in Computer World describes how a researcher has announced at the Black Hat USA security conference that he will release a tool to test for "network neutrality".

The researcher, Dan Kaminsky, calls his technique "TCP-based active probing for faults." He plans to post information on TCP-based active probing for faults at www.doxpara.com.

A forthcoming ITU-T IPTV Global Technical Workshop will review and examine IPTV standardization, political and regulatory aspects, business models and various case studies as well as technical developments and service provider’s operational aspects.

IPTV represents a convergence between the traditional telecommunication and broadcast industries. And, as with any convergence a lot of work is needed to ensure interoperability. Globally accepted standards are clearly a key enabler for this. With many of the conditions necessary for IPTV rollout in place - global IP connectivity over managed broadband infrastructure with such guarantees as QoS and security, and broadband connectivity with enhanced network capabilities - there is a strong demand for standards to ensure smooth service rollout and interoperability.

The workshop will provide a review of the current status of IPTV work as well as an examination of where to go next.

See the meeting website for further information.

[ITU-T Newslog]

The top three antivirus programs -- from Symantec, McAfee, and Trend Micro -- are less likely to detect new viruses and worms than less popular programs, because virus writers specifically test their work against those programs:

"On Wednesday, the general manager of Australia's Computer Emergency Response Team (AusCERT), Graham Ingram, described how the threat landscape has changed -- along with the skill of malware authors.

"We are getting code of a quality that is probably worthy of software engineers. Not application developers but software engineers," said Ingram.

However, the actual reason why the top selling antivirus applications don't work is because malware authors are specifically testing their Trojans and viruses to make sure they can bypass these applications before releasing them in the wild.

It's interesting to watch the landscape change, as malware becomes less the province of hackers and more the province of criminals. This is one move in a continuous arms race between attacker and defender."

[via Schneier on Security]

In separate reporting on the Black Hat USA conference, experts say that the spyware problem has "gotten so bad that it is unlikely it can ever be solved on a technical level. Instead, the solution will have to come from regulators and law enforcement agencies" .

"It's not technically feasible to stop spyware. You will not be able to stop this technically "This problem lives at the legal-technical boundary. We can't go around arresting people," said Dan Kaminsky, senior security researcher and founder of Seattle-based Doxpara Research, speaking on a spyware panel at the recent Black Hat USA 2006 event. "We need to create standards that clearly delineate legitimate code from illegitimate code where you throw people in jail."

Analysis and Recommendations on the Exhaustion of IPv4 Address Space from the Japan Network Information Center (JPNIC), March 24, 2006, (from the original report in Japanese).

Study Group 17 (Security, languages and telecommunication software) has been instructed by Resolution 48 of the World Telecommunication Standardization Assembly (Florianópolis, 2004) to study Internationalized Domain Names (IDN). It is considered that implementation of IDN will contribute to easier and greater use of the Internet in those countries where the native or official languages are not represented in IRA (International Reference Alphabet) characters.

To meet this obligation, Study Group 17 developed new Question 16, Internationalized Domain Names tasked in particular to investigate all relevant issues in the field of IDN. The mandate for Question 16 is available on the Study Group 17 website.

Question 16 was approved at the April 2006 Study Group 17 meeting in Jeju, Korea. At this meeting Question 16 drafted a questionnaire for a Circular to Member States, requesting information on their experiences in the use of IDN. TSB Circular 96 was issued on 31 May 2006.

The ITU-T has unveiled an IDN resource site to share information on work progress, achievements and acquired knowledge in the field of IDN. It includes an introduction to IDN, information about related events, standards materials, news, information on national and other IDN developments and a FAQ.

[via the ITU-T Newslog]

Colombian Comission for Telecommunication Regulation has just released new report on "Developments in the Telecommunication Sector".

This report has been prepared as a contribution to the New Initiatives Programme project on the Future of Voice. Further information on the project can be found here. The analysis is available here or on the website with background materials of the project the Future of Voice.

"To protect Internet users from online fraudsters and defend the Internet against scammers commandeering network resources, the two most influential global trade associations combating Internet crime have jointly released an explicit new set of Best Practices to combat “phishing,” a major cause of online identify theft and fraud. The recommendations will help Internet Service Providers (ISPs) and mailbox providers better police their own infrastructures and filter traffic traversing their networks."

The Anti-Phishing Working Group (APWG) and the Messaging Anti-Abuse Group (MAAWG) jointly developed the recommendations outlined in "Anti-Phishing Best Practices for ISPs and Mailbox Providers." The paper provides technical and business practices to help ISPs and mailbox providers thwart phishing attacks and other malevolent network abuses and also includes practices to respond constructively when these attacks occur. “Phishing” employs deceptive technology such as spoofing and social engineering to steal consumers' personal identity and financial account data, and has become a major concern."

To download the full recommendations, click here.

The Secretary-General of the United Nations has announced the convening of the Internet Governance Forum, to be held in Athens on 30 October - 2 November 2006.

The Secretary-General's message is available in all UN languages: [English] [Français] [中文] [عربي] [Русский] [Español]. The message in English reads:

"The second phase of the World Summit on the Information Society (WSIS), held in Tunis on 13-15 November 2005, invited me to convene a new forum for multi-stakeholder policy dialogue -- called the Internet Governance Forum (IGF). The Summit asked me to convene the Forum by the second quarter of 2006 and to implement this mandate in an open and inclusive process.

The Government of Greece made the generous offer to host the first meeting of the IGF and proposed that it take place in Athens on 30 October - 2 November 2006.

I have asked my Special Adviser for Internet Governance, Mr. Nitin Desai, to assist me in the task of convening the IGF and I have also set up a small secretariat in Geneva to support this process. Two rounds of consultations open to all stakeholders held in Geneva on 16-17 February and 19 May have contributed towards a common understanding with regard to the format and content of the first IGF meeting. I have also appointed an Advisory Group with the task of assisting me in preparing the IGF meeting.

The Advisory Group held a meeting in Geneva on 22 and 23 May 2006 and made recommendations for the agenda and the programme, as well as the structure and format of the first meeting of the IGF in Athens.

As the IGF is about the Internet, it is appropriate to make use of electronic means of communication to convene its inaugural meeting. The document adopted by WSIS -- the Tunis Agenda for the Information Society -- calls on me "to extend invitations to all stakeholders and relevant parties to participate at the inaugural meeting of the IGF". Therefore, it is my pleasure to make use of the World Wide Web to invite all stakeholders -- governments, the private sector and civil society, including the academic and technical communities, to attend the first meeting of the IGF in Athens. The overall theme of the meeting will be "Internet Governance for Development". The agenda will be structured along the following broad themes.

• Openness - Freedom of expression, free flow of information, ideas and knowledge
• Security - Creating trust and confidence through collaboration
• Diversity - Promoting multilingualism and local content
• Access - Internet Connectivity: Policy and Cost

Capacity-building will be a cross-cutting priority.

The meeting will be open for all WSIS accredited entities. Other institutions and persons with proven expertise and experience in matters related to Internet governance may also apply to attend.

In its short life, the Internet has become an agent of dramatic, even revolutionary change and maybe one of today's greatest instruments of progress. It is a marvelous tool to promote and defend freedom and to give access to information and knowledge. WSIS saw the beginning of a dialogue between two different cultures: the non-governmental Internet community, with its traditions of informal, bottom-up decision-making; and the more formal, structured world of governments and intergovernmental organizations. It is my hope that the IGF will deepen this dialogue and contribute to a better understanding of how we can make full use of the potential the Internet has to offer for all people in the world.

(Signed) Kofi A. Annan" 

[via the Internet Governance Forum]

The European Commission recently published the draft of the new roaming regulation to bring down the high roaming charges within Europe.

What will the regulation mean for consumers?

• "Prices paid for international roaming when travelling within the European Union will not be unjustifiably higher than the charges for calls paid within the user’s country.
  
• Consumers will benefit from lower prices for making calls in the visited country, back home or to any other EU Member State.
  
• Consumers will make considerable savings when receiving calls.
  
• Prices operators charge each other (wholesale charges) will be considerably lower than what they are today. This ensures all operators will be in a position to offer lower retail tariffs.
  
• Transparency of roaming charges for consumers will be enhanced. Mobile operators will be required to provide customers with full information on applicable roaming charges when subscriptions are taken out and to update consumers regularly about these charges. Consumers can ask for information on roaming charges free of charge either via SMS or voice call.
  
• National regulators will also be tasked to monitor closely the development of roaming charges for SMS and multi-media message services (MMS)."
  
• Etc.

Read more about the roaming regulation on the EC website.

This article was accessed through Richard's Blog for VoIP and ENUM.

A presentation entitled Networks in Transition: Emerging Policy and Regulatory Challenges of Next Generation Networks (PDF) was made by Robert Shaw, Deputy Head, ITU Strategy and Policy Unit, at the Masters of Communication Management (MCM) Annual Conference, Goodenough College on 6 July 2006 in London, England.

Cullen International has just released new Cross-Country Analysis on IPTV Commercial Offers.

Apart from the overview of the commercial offerings available in selected EU countries the material provides comprehensive comparison of the national regulatory frameworks for the IPTV.

The analysis is available here or on the website with background materials for the New Initiatives Programme project on the Future of Voice. Further information on the project can be found here.

On 20 June 2006 Singapore launched a new ten-year infocomm masterplan that will propel the nation into 2015 and beyond, with a line-up of activities and goals that spell benefits for the people, businesses and the global community. The vision is to turn the country into an Intelligent Nation and Global City, Powered by infocomm. The masterplan recommends the way forward for Singapore, into a future where infocomm will bring a sea change and become intrinsic in the way people live, learn, work and play.

The masterplan sets bold targets for 2015:

• Singapore to be No. 1 in the world in harnessing infocomm to add value to the economy and society
• Achieve a two-fold increase in value-added¹ of the infocomm industry to S$26 billion
• See a three-fold increase in infocomm export revenue to S$60 billion
• Create 80,000 additional jobs²
• Have at least 90 per cent of homes using broadband
• Ensure 100 per cent computer ownership for all homes with school-going children

Further information on the masterplan is available here.

A presentation entitled What Rules for IP-enabled NGNs? (PDF) was made by Robert Shaw, Deputy Head, ITU Strategy and Policy Unit at a London Business School Global Communications Consortium event entitled "Next Generation Networks - Investment & Regulation" on 29 June 2006 in London, England.

A presentation entitled Cybersecurity & Spam after WSIS: How MAAWG Can Help (PDF) was made by Robert Shaw, Deputy Head, ITU Strategy and Policy Unit at the Messaging Anti-Abuse Working Group meeting held 27-29 June 2006 in Brussels, Belgium.

The European Commission published the Communication on the Review of the EU Regulatory Framework for electronic communications networks and services and launched public consultation.

Further information is availabel at the EC's website.

Indicative Timetable with Roadmap for the 2006 Review
Call for Input	25 Nov 05 - 31 Jan 06
European Commission published Communication on Market Reviews under the EU Regulatory Framework	8 February 2006
11th Implementation Report published	20 February 2006
Publication of contributions for Call of Input	March 2006
Communication on the Review of the EU Regulatory Framework for electronic communications networks and services and launch of public consultation	29 June 2006
Recommendation on relevant markets and launch of public consultation	29 June 2006
Public Consultation	29 June - 27 Oct 2006
Public workshop: Public Consultation on the Communication on the Review of the regulatory framework for electronic communications networks and services	20 September 2006 (provisional)
Publication of contributions to Public Consultation	4th Quarter 2006
Communication reporting on the public consultation on the functioning of the regulatory framework for electronic communications networks and services	4th Quarter 2006
Proposals for European Parliament and Council Directives modifying the regulatory framework for electronic communications and services	4th Quarter 2006

Source: European Commission  

Anti–spam legislation for the Cayman Islands is being considered by the Information and Communications Technology Authority.

The ITCA is now seeking input through a public consultation campaign. The goal is to ensure that any anti–spam legislation enacted in Cayman Islands is an effective tool as part of a multi–pronged attack on spam.

More information can be found here.

The Department of Communications, Information Technology and the Arts has conducted a legislative review of the Spam Act.

The review is required by legislation to assess the operation of the Spam Act after two years of its operation. The Department prepared a report based on the submissions received. The Minister tabled the report in Parliament on 22 June 2006.

The Minister’s press release is available here.

More information can be found here.

The ITU held an international workshop under its New Initiatives Programme on the topic "The Regulatory Environment for Future Mobile Multimedia Services" in Mainz (Germany) from 21-23 June 2006. The final report [PDF]  of the chairman has now been published.

Workshop presentations can be found here. Background documents, including country case studies and thematic papers are also available on the workshop homepage.

 

Interim results of the investigation on regional policy and regulatory trends related to the Voice over IP have been presented today as a contribution to the ITU New Initiative Programme project on the Future of Voice.

In her presentation, Ms Anna Riedel focused on VoIP in South and Eastern Europe: Strategy and Policy Considerations [pdf]
Ms Nathaly Rey concentrated on Ruling Voice over IP: Challenges for Regulators in Latin America [pdf]

Both presentations are available on the new resources website related to the Future of Voice project.

ITU and infoDev, recently launched a new module of their collaborative online ICT Regulation Toolkit. This module is dedicated to the Legal and Institutional Aspects of Regulation

"This is the single most helpful regulatory tool that I have seen", said Dr. Salomão Manhiça Chairman, Instituto Nacional de Telecomunicações de Moçambique, Mozambique. "It has such a tremendous potential to assist all the staff at the INCM, as well as to help me too", he added. Tracy Cohen, Councillor of the Independent Communications Authority of South Africa, agrees: "The ICT Regulation Toolkit is a critical resource for regulators, both in developed and developing countries. With its origins in the well known 2000 Telecommunications Regulation Handbook, its credibility and usefulness is already established. The revised toolkit builds on this reputation and is essential reading for all regulators needing to gain access to the leading thinking on effective regulation, especially in a converging environment." The ICT legal and institutional framework determines how rapidly markets grow in different countries and how many users have access to ICT. An enabling environment is key to reaching the goal of connecting all the world’s villages to ICT by 2015, as agreed by world leaders at the World Summit on the Information Society.

For further information, access the Legal and Institutional Framework Module and other modules of the ICT Regulation Toolkit.

United Kingdom's Ofcom is currently working on a publication examining various national and international approaches to protecting consumers on the internet.

Coincidening with this publication, the regulator will hold a seminar will that allow stakeholders to examine the results of Ofcom's survey, hear the views of Internet industry stakeholders and discuss what can be done in the future to better protect consumers on the Internet. Ofcom organising such an event is a measure of the challenge posed to both regulator and consumer by the growth of net services and the collision of the highly regulated world of broadcasting with the virtually unregulated world of the internet.

This news item was accessed through Roger Darlington's CommsWatch blog.

According to a recently released article by CircleID, the United Kingdom today is one of the main attack targets by phishing organized crime groups, globally. Worldwide it is estimated (CircleID) that phishing damages will amount to about two billions USD in 2006 -- not counting risk management measures such as preventative measures, counter-measures, incident response and PR damages.

In most cases, phishing is caused by the fault of the users, either by entering the wrong web page, not keeping their computers secure or falling for cheap scams. Often this is due to lack of awareness or ability in the realm of Internet use rather than incompetence by the users.

For more information see CircleID article on Phishing: Competing on Security. 

A news release by the Japanese MIC announces the signing of a "Joint Statement between France and Japan, Concerning Cooperation in the Field of Anti-spam Policies and Strategies".

Particular areas of cooperation will include:

• Exchanging information about anti-spam activities such as anti-spam policies and strategies, as well as technical and educational solutions to spam, including mobile spam;
• Encouraging the adoption of effective anti-spam technologies and network management practices by French and Japanese Internet service providers and major business network managers, and further cooperation between government and private sectors;
• Supporting French and Japanese marketers or bulk email senders in adopting spam-free marketing techniques;
• Identifying and promoting user practices and behaviours which can effectively control and limit spam and supporting the development of public relations and awareness campaigns for the multi-stakeholders to foster increased adoption of anti-spam practices and behaviours by end users in France and Japan;
• Cooperating to strengthen anti-spam initiatives being considered in international forum.

More information can be found here.

[Via APCAUCEWiki News]

OVUM's Research Director, Mr. Dan Bieler, presents few observations on NGNs.

To read the article, please click here.  

 

Will Content Be King?, presentation by Robert Shaw, Deputy Head, ITU Strategy and Policy Unit, at the 7 June 2006 conference Digital Content: a Modern Fairy Tale or the Old King in the New Clothes in Vilnius, Lithuania. The event was organized by the law offices of Norcous & Partners, in association with the Communications Regulatory Authority of the Republic of Lithuania and Vilnius University Faculty of Law.

The ITU has just published an Issues Paper on the Regulatory Environment for Future Mobile Multimedia Services, available for download here (.pdf format).

The paper was prepared by Lara Srivastava, of the Strategy and Policy Unit (ITU), and Ingrid Silver & Rod Kirwan of the law practice of Denton Wilde Sapte.

Together with case studies (on Germany, China, Hong Kong SAR) and a thematic paper on spectrum flexibility, these background papers will form part of the input material for an international ITU New Initiatives Workshop on The Regulatory Environment for Future Mobile Multimedia Services, to be held in Mainz (Germany) from 21-23 June 2006, and jointly hosted by Germany's Federal Network Agency.

The Advance Programme for the workshop is now on-line, and will be regularly updated.

More information about the ITU New Initiatives Programme can be found here.
More information about the international workshop on the topic can be found here.  

 

The 5th Annual Mobility Roundtable was held in Helsinki from 1-2 June 2006, hosted by the Helsinki School of Economics. Since 2002, mobility roundtables have been held in Tokyo (Japan), Stockholm (Sweden), Austin (United States), and Hong Kong, China. The main objectives of the roundtables are:

1. to build and support a sustainable international network of research and industry best practices for the mobile communication and computing business, market and industry;
2. to exchange research and knowledge about best practices for different mobile modes of business; and
3. to facilitate communication and collaboration among global researchers, practitioners and policy makers.

The 2006 programme, and all final papers can be found here. There were four keynote speakers at the event: Jarkko Sairanen (Vice President and Head of Corporate Strategy, Nokia), Dr. Elizabeth Keating (University of Texas at Austin), Ari Tolonen (CEO, InfoBuild), and Lara Srivastava (ITU).   Lara Srivastava is a member of the international advisory committee for the mobility roundtables. Her keynote address was entitled "Mobiles for a Smaller World" and is available here.

The 6th roundtable will be held in Los Angeles (California) in June 2007, hosted by the University of Southern California.

Do not panic if your data is hidden by virus writers demanding a ransom. A woman from Greater Manchester has become a victim of an internet scam in which hackers hijack computer files and blackmail owners to get them back.

More information can be found here.

Study Group 17 Questionnaire on information about experiences on the use of IDN

"The World Telecommunication Standardization Assembly (Florianópolis, 2004) in Resolution 48 instructed Study Group 17 (Security, languages and telecommunication software) to study Internationalized Domain Names (IDN).  The belief is that IDN implementation will contribute to easier and greater use of the Internet in those countries where the native or official languages are not represented in ASCII characters.

To assist this plan, Question 16/17 (Internationalized Domain Names) has been brought into being and tasked with investigating all relevant issues in the field of IDNs.

To recognize national, regional and international issues concerning IDNs, Study Group 17 prepared a questionnaire (see Annex 1) on information about experiences on the use of IDNs.

The objective of this questionnaire is to collect information and experiences on Internationalized Domain Names under ccTLD (country code Top Level Domain) around the globe. This will help identify Member States’ needs and practices concerning this subject. This information will serve to prepare a report on the implementation of IDNs and facilitate future work on IDN within Study Group 17.

If there are two or more ccTLDs in the responder's Member State, please complete separate answer sheets for each, unless they have exactly the same answers.

If the Member State is not responsible for the ccTLD, please forward the questionnaire to the concerned body."

Australian PC users can now get more proactive about combating SPAM email with the launch of a reporting system by the Australian Communications and Media Authority.

More information can be found here.

The German government is preparing a law that would allow the use of mobile phone jammers during major events and in prisons. The blocking of mobile phone use by criminals is seen as an important measure in the war against crime and terrorism.

By transmitting on the same radio frequencies as the mobile phone, a phone jammer can effortlessly stifle annoying chatter in movie theatres, at funerals or in hospitals. However, in many countries, including Germany, the technology is officially illegal. Phone jammers not only disrupt licensed services operated by the mobile carriers, but might also disrupt other services operating in adjacent bands.

Read the full article from The Register here.

The winners of the third annual Mobile Entertainment Awards (the "Meffys") were announced by the Mobile Entertainment Forum (MEF) this week in London.

The mobile games award went to Digital Chocolate, the mobile music award to Warner Music's WAMO Packs, the mobile content award to Chooz Active Content's Foreplay, and the mobile entertainment handset award to Nokia's N70. Wiinners in other categories included Bango, France Telecom, 3 UK and Yospace.  The special recognition award was given to Jim Brailean, CEO/President and Founder of PacketVideo. The top entries for each category were selected by panels of independent industry media and analyst experts.

The Awards took place alongside Mobile Entertainment Market (MEM) 2006 at Islington's Business Design Centre in London (UK), at which the MEF also revealed its new Board of Directors. Ingrid Silver (Partner, Denton Wilde Sapte) was newly elected to the MEF Board and attended the Meffys reception with ITU's Lara Srivastava. Ingrid Silver and Lara Srivastava (with Rod Kirwan of Denton's) are presently co-authoring a paper on "The Regulatory Environment for Future Mobile Multimedia Services" as part of the ITU's New Initiatives Programme. The paper will be presented at an international workshop on the topic to be held in Mainz, Germany from 21-23 June 2006.

 

Winners of the Prix Ars Electronica 2006, one of the most important awards for creativity and pioneering spirit in the field of digital media, have been announced. The competition called for entries in 7 categories, including a youth competition and a grant for young creative talent:

• Digital Communities

• Computer Animation / Visual Effects

• Digital Music

• Interactive Art

• Net Vision

• u19 – freestyle computing

• [the next idea] Art and Technology Grant

The 2006 winner for the Digital Communities category was "canal*ACCESSIBLE". Canal Accessible was chosen because it addresses the accessibility or inaccessibility inherent in the topographical surroundings of people who have difficulty walking. The city of Barcelona was taken as an example:  handicapped individuals document the problems they encounter on their way through the city by using images and, in a few cases, sound recordings. This material is posted to the website, and the places at which each one was created are specified on a city map. These locations can then be accessed using a built-in “find” function. ITU's Lara Srivastava was Jury Member for the Digital Communities category, which explores the promotion of the social use of ICTs and the creation of common public goods, the sharing of knowledge, and the narrowing of the digital divide. This category was introduced to the Prix in 2004 by Jury Member Andreas Hirsch and Howard Rheingold. The other Jury members were: Steven Clift (Chairman, e-democracy.org) and Peter Kuthan (Founder, Tonga Online).

The prizes will be awarded at the annual Ars Electronica Festival (31 August - 5 September 2006). More information about the winners can be found here.

The Continued Transition of the Technical Coordination and Management of the Internet Domain Name and Addressing System

SUMMARY: The United States Department of Commerce’s National Telecommunications and Information Administration (NTIA) seeks comment on the continuation of the transition of the technical coordination and management of the Internet domain name and addressing system (Internet DNS) to the private sector. In June 1998, the Department issued a statement of policy on the privatization of the Internet DNS, which among other things articulated four primary functions for global Internet DNS coordination and management, the need to have these functions performed by the private sector and four principles to guide the transition to private sector management of the Internet DNS. On June 30, 2005, NTIA released the U.S. Principles on the Internet’s Domain Name and Addressing System further elaborating on these issues. The Department of Commerce seeks comment regarding the progress of this transition and announces a public meeting to be held on July 26, 2006, to discuss issues associated with this transition.

This brochure summarizes the results of a workshop on Tomorrow’s Networks Today, held in Saint Vincent (Aosta), Italy from 7 to 8 October 2005. It was prepared by Cristina Bueti and Marco Obiso on the basis of specially prepared case studies, input documents and contributions to the workshop. The enclosed CD-Rom contains the background materials and documents of the workshop as well as a wide range of background resources related to tomorrow’s networks.

More information can be found here.

Click here to buy the brochure.

ITU has just released its new statistics on global broadband penetration per 100 inhabitants as of 1 January 2006. Iceland has taken over as this year's leader from Korea with Netherlands, Denmark and Hong Kong, China rounding out the top five.

The April MessageLabs Intelligence Report includes analysis of the threat landscape during the first quarter of 2006. Overall, threat levels remained largely stable with previous months, with the U.S. continuing to play the role as the largest source of malware, spam and phishing attacks, hosting 18.1 percent of the world’s compromised (zombie) computers in the first quarter of 2006 (down from a high of 44 percent in Q2 05).

More information can be found here.

On 17 May, World Information Society Day, ITU together with other partners (including UNCTAD and the KADO) launched a new series of reports entitled World Information Society Report. The summary of the report is available on the website at www.itu.int/wisr. The report itself will be published in June 2006.

The partners involved have created the Digital Opportunity Index (DOI) to measure digital opportunity for 180 economies. It is a composite index created from a set of eleven internationally agreed core ICT indicators (established by the Partnership on Measurement of the Information Society). The DOI has a flexible and versatile structure, based on three categories: opportunity, infrastructure and utilization.  This classification is intended to help policy-makers in determining where countries are strong and weak in order to focus attention on priority areas. The top ten economies for Digital Opportunity are shown below on the left with Korea and Japan leading the rankings. The top major gainers in the DOI during the period 2001-2005 is shown on the right with India and China leading with the most gains. The rankings of all measured economies is shown on page 17 of the World Information Society Report summary.

  

17 May 2006 On 17 May, World Information Society Day, ITU together with other partners (including UNCTAD and the KADO) launched a new series of reports entitled World Information Society Reports. It is intended to be an annual report, tracking progress in implementing the outcomes from the World Summit on the Information Society (WSIS). The reports will include a new benchmarking tool, the Digital Opportunity Index, which is a composite index for measurement of the information society, endorsed by the Tunis Phase of the WSIS. The summary of the report is available on the website at www.itu.int/wisr. The report itself will be published in June 2006.

The Filipino telecoms watchdog, the National Telecommunications Commission (NTC), says it will revoke the mobile licence of any operator found guilty of breaking its guidelines on unsolicited broadcast messaging via SMS. The amended rules and regulations also require content providers – alleged to have sent out spam promos to subscribers – to register with the NTC.

This will serve as the basis of an application with the Department of Trade and Industry that grants permits to allow companies to advertise promos. Mobile phone operators and content providers risk being blacklisted if found guilty of violating the agency’s rules.

More information can be found here.

The Draft Amendement to the Rules and Regulations on Broadcast Messaging Service is available here.

The European Commission has launched a public consultation on RFID, with a view to developing a coherent RFID Policy for Europe. In order to prepare for the consultation, the Commission is organizing a series of workshops (5) between March and June 2006, in which experts and stakeholders from all over Europe and the world come together to debate the key issues.

ITU's Lara Srivastava spoke at the first workshop (6-7 March 2006), and also at the third workshop in the series held 16-17 May 2006 on "RFID Security, Data Protection & Privacy, Health and Safety Issues" (see the presentation here). The Policy Framework Paper written by the Commission in advance of the meeting highlighted the vision of the ITU's 2006 Internet Report on "The Internet of Things" released in November 2005.

Two more workshops are planned in early June, after which the Commission will open up the debate for a wider on-line public consultation, resulting in a Communication on RFID to be issued later this year.

For more information, including webcasts, see the European Commission RFID Consultation Website.

 

The Security Assertion Markup Language (SAML) and Extensible Access Control Markup Language (XACML) authored by OASIS (Organization for the Advancement of Structured Information Standards) have been consented as internationally recognised ITU-T Recommendations. The announcement is the first result of the formal relationship between the standardization sector of ITU and OASIS.

The standards (ITU-T Recommendations X.1141 (SAML) and X.1142 (XACML)) address the concern of how to allow safe single sign-on, a system that enables a user to authenticate once and gain access to the resources of multiple software systems. While solutions existed in this space, all were proprietary, and therefore not addressing the problem on a global level.

SAML and XACML are designed to control access to devices and applications on a network. The need for standards in this area has become more of an issue as business networks increasingly use the public Internet.

SAML addresses authentication and provides a mechanism for transferring authentication and authorization decisions between cooperating entities, XACML leverages this information to determine access to resources by focusing on the mechanism for arriving at those authorization decisions.

An additional feature of SAML is that it allows organizations to communicate information without any change to their own internal security architectures.

[via ITU-T Newslog]

From the Wall Street Journal: Plan for Adult Area Sparks a Fight On Control of Web, by Christopher Rhoads

Mobile Industry Outlook 2006, a new 180-page report from Informa Telecoms & Media answers the most significant questions facing today's mobile operators, equipment vendors and handset vendors as they seek to plan their strategy in 2006.

The report is available here.

From Newsweek's international edition: The Internet Breaks Up.

Now underway is the ITU/UNESCO Global Symposium on Promoting the Multilingual Internet which is a follow-up to Phase 2 of the World Summit on the Information Society (WSIS). The Tunis Agenda for the Information Society, adopted at the Tunis Phase of WSIS, highlights the importance of multilingualism for bridging the digital divide. It identifies ITU as taking the lead role in the implementation of information and communication infrastructure (WSIS Tunis Agenda Action Line C2), ITU/UNESCO for access to information and knowledge (WSIS Tunis Agenda Action Line C3), and UNESCO for cultural diversity and identity, linguistic diversity and local content (WSIS Tunis Agenda Action Line C8).

The event is being audiocast live in Arabic, Chinese, English, French, Russian and Spanish. The programme is available here and contains links to all the presentations and speaker biographies.

3 Italia has launched Walk TV, the first digital TV mobile broadcast using DVB-H technology in Europe. Programming will initially consist of channels from state broadcaster RAI, Mediaset and News Corp unit Sky Italia. And in June, the TV services will expand to include 3 Italia's own La3-branded channels, and World Cup soccer action, for which 3 Italia has bought the DVB-H Italian territory rights.

The 3 Italia DVB-H service reaches 65% of Italy's population and customers will need specific handsets to access the content.

More information can be found here.

Singapore’s mobile users – 99.8% of Singapore’s population, according to the Infocomm Development Authority’s (IDA) February 2006 stats – will have more protection against mobile spam in the future. IDA has put its foot down on this issue, warning of “swift enforcement” of penalties should mobile operators continue to fail to resolve mobile spam issues satisfactorily.

A strong warning letter was sent to SingTel, StarHub and M1, the three mobile operators in Singapore. In addition, IDA decided to make an example of errant content operator mTouche in the highly publicized mTouche spam case. Between 30th January to 5th February this year, 300,000 mobile end users were billed S$1 for unsolicited SMSes sent by mTouche through the three telcos.

More information can be found here.

The US Federal Communications Commission today adopted a Second Report and Order and Memorandum Opinion and Order (Order) that addresses several issues regarding implementation of the Communications Assistance for Law Enforcement Act (CALEA), enacted in 1994. Among other things, the Order affirms that the CALEA compliance deadline for facilities-based broadband Internet access and interconnected VoIP services will be May 14, 2007, as established by the First Report and Order in this proceeding. The Order concludes that this deadline gives providers of these services sufficient time to develop compliance solutions, and notes that standards developments for these services are already well underway. Further details and background are available in the FCC news release and statement by individual FCC commissioners:

• News Release: Word | Acrobat
• Martin Statement: Word | Acrobat
• Copps Statement: Word | Acrobat
• Adelstein Statement: Word | Acrobat
• Tate Statement: Word | Acrobat

At a recent Study Group 17 (SG17) meeting in Korea, SG17 gave final approval to a Question on Internationalized Domain Names (IDN) that provides direction and focus to ongoing work.

The news comes as ITU makes final preparations for the Global Symposium on Promoting the Multilingual Internet, it is convening together with UNESCO, 9-11 May 2006.

ITU-T was mandated to work on IDN at the 2004 World Telecommunication Standardization Assembly in Brazil. IDN will contribute to easier and greater use of the Internet in those countries where the native or official languages are not represented in ASCII characters.

Andrzej Bartosiewicz, representing Poland and acting as Rapporteur for IDNs said: “We have received a number of contributions in this area and have been impressed with the level of interest and the productive nature of discussions. There are a number of organizations working in the field and I believe coordination will be an important focus of any work. The upcoming workshop will be a particularly useful tool for facilitating networking between experts in the field and furthering the study in general.”

Bartosiewicz said that a webpage will be published shortly with news on ITU-T study in the area, as well as related events and technical documents. An official 'circular letter' will be sent sent to Member States he said, requesting information about their experiences on the use of IDN. Given the response to this communication SG 17 will be able to better assess the current situation and needs.

[via the ITU-T Newslog]

The Wealth of Networks: How Social Production Transforms Markets and Freedom by Yochai Benkler, Yale University Press.

Information, knowledge, and culture are central to human freedom and human development. How they are produced and exchanged in our society critically affects the way we see the state of the world as it is and might be; who decides these questions; and how we, as societies and polities, come to understand what can and ought to be done. For more than 150 years, modern complex democracies have depended in large measure on an industrial information economy for these basic functions. In the past decade and a half, we have begun to see a radical change in the organization of information production. Enabled by technological change, we are beginning to see a series of economic, social, and cultural adaptations that make possible a radical transformation of how we make the information environment we occupy as autonomous individuals, citizens, and members of cultural and social groups. It seems passé today to speak of "the Internet revolution." In some academic circles, it is positively naïve. But it should not be. The change brought about by the networked information environment is deep. It is structural. It goes to the very foundations of how liberal markets and liberal democracies have coevolved for almost two centuries.

A series of changes in the technologies, economic organization, and social practices of production in this environment has created new opportunities for how we make and exchange information, knowledge, and culture. These changes have increased the role of nonmarket and nonproprietary production, both by individuals alone and by cooperative efforts in a wide range of loosely or tightly woven collaborations. These newly emerging practices have seen remarkable success in areas as diverse as software development and investigative reporting, avant-garde video and multiplayer online games. Together, they hint at the emergence of a new information environment, one in which individuals are free to take a more active role than was possible in the industrial information economy of the twentieth century. This new freedom holds great practical promise: as a dimension of individual freedom; as a platform for better democratic participation; as a medium to foster a more critical and self-reflective culture; and, in an increasingly information dependent global economy, as a mechanism to achieve improvements in human development everywhere.

The rise of greater scope for individual and cooperative nonmarket production of information and culture, however, threatens the incumbents of the industrial information economy. At the beginning of the twenty-first century, we find ourselves in the midst of a battle over the institutional ecology of the digital environment. A wide range of laws and institutions—from broad areas like telecommunications, copyright, or international trade regulation, to minutiae like the rules for registering domain names or whether digital television receivers will be required by law to recognize a particular code—are being tugged and warped in efforts to tilt the playing field toward one way of doing things or the other. How these battles turn out over the next decade or so will likely have a significant effect on how we come to know what is going on in the world we occupy, and to what extent and in what forms we will be able—as autonomous individuals, as citizens, and as participants in cultures and communities—to affect how we and others see the world as it is and as it might be.

Following a decision by ITU Council during Council 2006 held 19-28 April, the following documents are available: Council Document 2006/04: ITU activities related to Internet Protocol (IP)-based networks and management of Internet domain names and addresses; including activities related to Internet governance (PDF), Addendum 1 (PDF), Briefing Note (PDF).

References to related materials can be found here and here.

A new wave of spam could be on the way that tricks recipients by looking like it’s a message sent from their friends' e-mail address. This sort of spam would bypass even those filters that currently weed out 99% of the bad stuff, says John Aycock, an assistant professor of computer science at the University of Calgary.

Aycock and student Nathan Friess conducted research and wrote a paper dubbed "Spam Zombies from Outer Space" to show that generating such customized spam -- such as in the form of e-mail replies -- would not be too difficult, as has been assumed in the past. Spammers have leaned toward bulk e-mail generation that is less customized.

More information can be found here.

In a press release, the European Commission has indicated its views on follow-up to the international policy commitments made at WSIS:

To keep up the momentum of the successful World Summit on Information Society (Tunis, 16-18 November 2005), the European Commission has set out today its priorities for implementing the international policy commitments made at the Summit. These priorities include safeguarding and strengthening human rights, in particular the freedom to receive and access information. Information and communication technologies (ICTs) should be used to contribute to open democratic societies and to economic and social progress worldwide. The Commission calls for continuing international talks to improve Internet governance through the two new processes created by the Summit: the multi-stakeholder Internet Governance Forum and the mechanism of enhanced cooperation that will involve all governments on an equal footing.

The EC has also issued a FAQ on Internet Governance.

Looking back, 2005 saw a rise in profit-driven attacks. These were reflected by phishing, which now represents as much as one percent of the global e-mail traffic and is far more effective than spamming.

Viruses, worms, and malicious software are becoming part and parcel of information and communications technology. According to Trend Micro's report, called Virus and Spam Roundup 2005 and Predictions for 2006, this year will see more spy phishing and spear phishing on the Internet.

More information can be found here.

Though the United States is making progress in the war on unsolicited commercial e-mail, or spam, it still generates more than any other nation in the world, according to recent statistics from Sophos, a provider of anti-malware solutions.

Sophos ranked spam outputs of the top 12 countries and top six continents based on messages it received in its “global network of spam traps” between January and March, according to the group’s release.

More information can be found here.

Brough's Communications points to Yale's Yochai Benkler's Coase’s Penguin, or, Linux and The Nature of the Firm whichs suggests that the open source development phenomenon has much deeper significance.

For decades our understanding of economic production has been that individuals order their productive activities in one of two ways: either as employees in firms, following the directions of managers, or as individuals in markets, following price signals. This dichotomy was first identified in the early work of Nobel laureate Ronald Coase, and was developed most explicitly in the work of neo-institutional economist Oliver Williamson. In the past three or four years, public attention has focused on a fifteen-year-old social-economic phenomenon in the software development world. This phenomenon, called free software or open source software, involves thousands or even tens of thousands of programmers contributing to large and small scale project, where the central organizing principle is that the software remains free of most constraints on copying and use common to proprietary materials. No one "owns" the software in the traditional sense of being able to command how it is used or developed, or to control its disposition. The result is the emergence of a vibrant, innovative and productive collaboration, whose participants are not organized in firms and do not choose their projects in response to price signals.

In this paper I explain that while free software is highly visible, it is in fact only one example of a much broader social-economic phenomenon. I suggest that we are seeing is the broad and deep emergence of a new, third mode of production in the digitally networked environment. I call this mode "commons-based peer-production," to distinguish it from the property- and contract-based models of firms and markets. Its central characteristic is that groups of individuals successfully collaborate on large-scale projects following a diverse cluster of motivational drives and social signals, rather than either market prices or managerial commands.

The paper also explains why this mode has systematic advantages over markets and managerial hierarchies when the object of production is information or culture, and where the capital investment necessary for production-computers and communications capabilities-is widely distributed instead of concentrated. In particular, this mode of production is better than firms and markets for two reasons. First, it is better at identifying and assigning human capital to information and cultural production processes. In this regard, peer-production has an advantage in what I call "information opportunity cost." That is, it loses less information about who the best person for a given job might be than do either of the other two organizational modes. Second, there are substantial increasing returns to allow very larger clusters of potential contributors to interact with very large clusters of information resources in search of new projects and collaboration enterprises. Removing property and contract as the organizing principles of collaboration substantially reduces transaction costs involved in allowing these large clusters of potential contributors to review and select which resources to work on, for which projects, and with which collaborators. This results in allocation gains, that increase more than proportionately with the increase in the number of individuals and resources that are part of the system. The article concludes with an overview of how these models use a variety of technological and social strategies to overcome the collective action problems usually solved in managerial and market-based systems by property and contract.

The National Communications Authority of Hungary (NCAH) started last summer the elaboration of a regulatory strategy for the period 2006 to 2010. In this process a detailed breakdown is given of the means by which NCAH intends to promote the development of electronic communications markets which play an increasingly important role in the Hungarian economy contributing to the creation of the information society and consequent improvement of the country’s competitiveness.

The concept is available here.

The Telecommunications Policy Review Panel was established by the Minister of Industry on April 11, 2005, to conduct a review of Canada's telecommunications framework. The Panel was asked in particular to recommend on:

1. how to implement an efficient, fair, functional and forward-looking regulatory framework that serves Canadian consumers and businesses, and that can adapt to a changing technological landscape,
2. mechanisms to ensure that all Canadians continue to have an appropriate level of access to modern telecommunications services,
3. measures to promote the development, adoption and expanded use of advanced telecommunications services across the economy.

The Panel's reviewed Canada's telecommunications policy and regulatory framework and made recommendations on how to make it a model of 21st century regulation.

The Final Report of the Telecommunications Policy Review Panel 2006 is available here.

On 6 April 2006 Quallo Center held 2006 Quello Communication Law and Policy Symposium.

For programme of the event and presentations please click here.

The Federal Trade Commission (FTC) joined 29 other countries in calling for increased cooperation between nations in combating spam. The FTC signed off on a set of anti-spam recommendations by the Organization for Economic Cooperation and Development (OECD), a coalition of 30 countries organized to promote economic growth and trade.

More information about OECD activities on  countering spam can be found here.

Please clik here to read the article.

The third edition of the International Critical Information Infrastructure Protection (CIIP) Handbook focuses on key aspects of CIIP related to security policy.

The CIIP Handbook is the product of a joint effort within the Comprehensive Risk Analysis and Management Network (CRN) partner network. The CRN is run by the Center for Security Studies (CSS) at the Swiss Federal Institute of Technology (ETH Zurich) and is a member of the Center for Comparative and International Studies (CIS).

"The first (2002) edition of the CIIP Handbook contained an inventory of protection policies in eight countries (Australia, Canada, Germany, the Netherlands, Norway, Sweden, Switzerland, and the United States) and their methods employed for CII assessment. The second edition (2004) included an update of existing surveys and covered six additional countries (Austria, Finland, France, the United Kingdom, Italy, and New Zealand) as well as international protection efforts."

"The latest version continues the tradition of the past two editions, while its scope has been extended: not only has the country survey section been further expanded with a specific focus on Asia by including India, Japan, the Republic of Korea, Malaysia, Singapore, and Russia, but it is also accompanied by a second volume with in-depth analysis of key issues related to CIIP."

Please click here to read more about the 2006 CIIP Handbook.

Volume 1 of the 2006 CIIP Handbook can be downloaded here.
Volume 2 of the 2006 CIIP Handbook can be downloaded here. 

The United States National Science and Technology Council (NSTC), a Cabinet-level Council that coordinates science and technology policies across the Federal Government, on April 17th, 2006, released the Federal Plan for Cyber Security and Information Assurance Research and Development.

"This report sets out a framework for multi-agency coordination of Federal R&D investments in technologies that can better secure the interconnected computing systems, networks, and information that together make up the U.S. information technology (IT) infrastructure."

"This country’s IT infrastructure – which includes not only the public Internet but also the networking and IT systems that control critical infrastructures ranging from power grids to emergency communications systems – is vital not only to our national and homeland security but to our economic security," said John H. Marburger III, Science Adviser to the President and Director of the Office of Science and Technology Policy (OSTP). "This report provides a blueprint for coordination of Federal R&D across agencies that will maximize the impact of investments in this key area of the national interest."

The Plan was prepared by the Interagency Working Group (IWG) on Cyber Security and Information Assurance (CSIA), whose members represent more than 20 government organizations. The CSIA IWG operates under the auspices of the NSTC’s Subcommittee on Infrastructure and Subcommittee on Networking and Information Technology Research and Development (NITRD).

The Federal Plan for Cyber Security and Information Assurance Research and Development is available through the NITRD Program Web site.

Please see the recent Press Release and the Federal Plan for further details on these activities.

The ITU has released the Results of its 2006-2007 Questionnaire on Future Topics  for workshops under the ITU New Initiatives Programme.

The top three winners are as follows:

1. Pushing the Boundaries - Wireless Networking

2. The Future of Voice

3. Privacy and Data Protection in Telecommunications

More information about the ITU New Initiatives Programme can be found here.