Successful First Event in the Canadian Multistakeholder Process – Enhancing IoT Security Series

On April 4, 2018, over 80 individuals met in Ottawa and virtually via livestream for the first event in the Canadian Multistakeholder Process – Enhancing IoT Security series. Participants represented a wide-range of stakeholder groups, including government, academia, public interest, and industry representatives. Two Internet Society Organization Members, the Canadian Internet Registration Authority and CANARIE, as well as Innovation, Science and Economic Development Canada and the Canadian Internet Policy and Public Interest Clinic were partners for this event. IoT security is a complex issue that requires all stakeholders to cooperate and participate in the development of solutions, and we were pleased to have such truly multistakeholder representation.

The event kicked off with an interactive presentation from Larry Strickling, Executive Director of the Collaborative Governance Project. Strickling provided an overview of the multistakeholder process and facilitated a discussion among participants to determine ground rules and define what constitutes consensus. Participants, both those remote and in person, outlined over a dozen rules and three key metrics for determining consensus, which will be used throughout the entirety of the project.

In the morning, participants heard from a series of speakers who presented on IoT security and risk, the balance between IoT’s technological Continue reading

New developments in the net neutrality debate

Democrats in the USA haven’t given up on net neutrality since the FCC voted to repeal the 2015 Open Internet Order in December.

Senator Markey, a Democrat from Massachusetts, has put forward a bill that would use the Congressional Review Act (CRA) to reverse the Federal Communications Commission’s (FCC) decision. The CRA allows lawmakers 60 legislative days after the FCC submits its regulations to Congress to take action.

That bill now has the support of more than 40 Senators, including Senator Susan Collins (R-Maine), its first Republican supporter.

Senator Markey needs 52 votes to get the bill passed in the Senate, which is unlikely given that Republicans remain in control of both chambers of Congress. Nevertheless, Democrats see value in forcing a vote on the bill ahead of the 2018 midterm elections. Polls indicate that 83 per cent of Americans support keeping the FCC’s net neutrality rules.

If the bill fails to move forward, Congress may pursue a legislative solution – a bill that would codify net neutrality rules into law, rather than a reversal of the FCC’s decision. In fact, the Republicans are possibly signaling an appetite to come to a legislative solution to this issue. Regardless of Continue reading

Let’s Mobilize for Better Data Stewardship

If we want organizations like Equifax to be good data stewards, we, the users and consumers, must mobilize.

In October, the Internet Society explored why the dominant approach to data handling, based around the concepts of risk and compliance, does not work. To recap: “…data handlers try to adhere to regulatory requirements and minimize the risk to themselves – not necessarily to the individuals whose data they handle. For some data handlers, the risk that poor security creates may not extend to them.”

Euphemistically put, Equifax has not been an example of forthcomingness, transparency, and accountability. Users can change this paradigm. Users can shift the cost of a data breach onto the data handler by holding the accountable for their action or lack of action.

The key is to organize. For example, Consumer Reports is organizing a campaign calling on Equifax to take the next steps to address the fallout from the data breach. Their first step was to deliver a petition signed by over 180,000 individuals to Equifax’s headquarters.

The Internet Society just pledged $10k to this cause, to help Consumer Reports make sure Equifax does everything in its power to make things right for consumers in Continue reading

Net Neutrality and the FCC’s December 14 Vote

We need a more sustainable approach to Network Neutrality

Yesterday, Federal Communications Commission (FCC) Chair Ajit Pai announced that in the FCC’s upcoming December 14 meeting they will vote to remove the Title II classification of Internet service providers.

As we outlined in our Policy Brief on Network Neutrality, the core principles of choice and transparency are fundamental to a free and open Internet that benefits users around the world. Simply put, users should be able to access the Internet content and services they choose without corporate or government interference.

Now is not the time to give up on these goals. Regardless of the action the FCC takes in the coming weeks, the Internet Society will continue to fight alongside allies around the world for our fundamental goal – to ensure an open Internet, characterized by access, choice and transparency for all users around the world.

Thus, we believe that strong rules are still needed – merely focusing on transparency is not enough to protect users’ access to an Open Internet.

We hope that the U.S. government can take a more sustainable approach to net neutrality; one that upholds the principles that are rooted in the Internet Society’s core values of a global and open Internet. Between Continue reading

ISOC hosts successful inaugural Indigenous Connectivity Summit

If U.S. Senator of New Mexico Tom Udall’s call that “we must do better” to ensure connectivity in Indigenous communities set the tone, delegates of the Indigenous Connectivity Summit (ICS) in Santa Fe this month left with little doubt in our ability to do so.

Whether it’s a pueblo at the top of a mountain or a fly-in region in the Arctic, Internet access in many Indigenous communities is characterized by high costs, low speeds, data caps and poor or non-existent service.

At the Internet Society, we work to make sure the Internet is open and accessible to everyone, everywhere. The ICS was the first event of its kind to focus on ensuring Alaska Native, American Indian, First Nations, Métis, and Inuit communities have access to affordable, high-quality and sustainable Internet access. We heard from several Indigenous community network operators in North America and abroad about their experiences and the impact it’s had on their communities.

Perhaps the most resonant and inspiring message at the ICS was the potential of Indigenous community networks to provide access where commercial networks do not reach or serve, or areas where they may not be economically viable to operate. Speakers shared success stories Continue reading

Strong Encryption Is Essential to Our Security, Not a Barrier

Encryption technologies help protect user data from theft and they help secure critical infrastructure and services that societies depend on. But, encryption is also available to criminals and terrorists. This puts law enforcement agencies in a difficult position. In effect, they are faced with the dilemma of how to gather evidence on criminals and other adversaries who may be using encryption, while at the same time, not putting the safety of law-abiding citizens at greater risk. While we at the Internet Society recognize the challenges facing law enforcement, we believe that strong encryption should be available to all Internet users as it is an important technical solution to protect their communications and data.

This dilemma was voiced by U.S. Deputy Attorney General Rod Rosenstein in a recent speech. He argued that “Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones that permit criminals and terrorists to operate without detection by police and without accountability by judges and juries.”

This problem, claimed Rosenstein, can be solved with what he calls “responsible encryption.” To Rosenstein, “responsible encryption” could “involve effective, secure encryption that allows access only with judicial authorization.” Unfortunately, if Continue reading

Community Networks: By Indigenous Communities, for Indigenous Communities

At the Internet Society, we believe that the Internet is for everyone. We’re standing by that belief by supporting network development and deployment for indigenous communities that face Internet access challenges.

Community networks, communications infrastructure deployed and operated by local people, offer indigenous communities a way to access the Internet to meet their own needs. These community networks offer a connection to health, education, and economic strength. For many, affordable, high-quality Internet access means community sustainability. In addition, community networks encourage policymakers and regulators to examine new ways and means to fill local digital divides, like supporting local content in the appropriate language(s).

These benefits are not theoretical; we have seen great changes through small projects and united community members working toward a common goal. There are many success stories of indigenous community networks around the world. Take a look at how some of our partners have been working with indigenous communities to develop community networks:

• The First Mile Connectivity Consortium supports remote and rural First Nations developing and innovating with information and communication technologies (ICT) through research, policy, and outreach. Their website highlights stories of people like Bruce Buffalo, who developed a system that offers four free Internet access Continue reading

Out of the Section 230 Weeds: Internet Publisher-Providers

On Tuesday, the U.S. Congress continued to grapple with the potential implications of the Stop Enabling Sex Traffickers Act (SESTA). SESTA would carve out an exception to Section 230 of the 1996 Communications Decency Act, which is considered a bedrock upon which the modern Internet has flourished. If SESTA became law, websites that host ads for sex with children would be not be immune from state prosecutions and private lawsuits [although under 320(c)(1), websites are already subject to federal criminal law statutes].

Section 230 of the Communications Decency Act (c)(1) states, “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” 230(c)(2) protects actors who proactively block and screen for offensive material. These provisions have allowed the Internet to grow and develop without the threat of lawsuits smothering its potential. If the websites of 1990 had been liable for everything their users posted, the Internet would look very different today.

Since 1996, the Internet has dramatically changed in ways unanticipated by the Communications Decency Act. The Internet provides the platform to publish material that can reach enormous numbers of people around Continue reading

Post Equifax, We Need to Reconsider How to Identify People 

Victims of identity theft will tell you the experience is like having your personal life broken into, tossed around, and thrown out onto the street. It is a violation that is indescribable. Then, you could discover that strangers are impersonating you, carrying out crimes under your name, and destroying your reputation. Unraveling the mess that follows is a long, painful and never-ending process – all this because someone else was careless or willfully negligent with your data.

Even if your data was not exposed in the Equifax breach, you should be both concerned and angry. This is a potentially catastrophic breach: roughly 143 million individuals (approximately 45% of the US population) now face the prospect of identity theft.

As a society, we need to seriously rethink why and how we identify people. How did the social security number become the default identifier, especially for non-governmental functions such as credit reporting? When the Social Security Administration first issued SSNs in 1936, their “sole purpose” was to track the earning history of workers for benefits. In fact, Kaya Yurieff points out that until 1972, the bottom of the card read: “FOR SOCIAL SECURITY PURPOSES — NOT FOR IDENTIFICATION.”

Social security numbers Continue reading

Connecting Indigenous Communities

Internet access is often a challenge associated with developing countries. But while many of us in North America have the privilege of access at our fingertips, it’s still a huge barrier to success for many rural and remote Indigenous communities in Canada and the United States.

According to the 2016 Broadband Progress Report, 10% of Americans lack access to broadband. The contrast is even more striking when you look at Internet access in rural areas, with 39% lacking access to broadband of 25/4Mbps, compared to 4% in urban areas.

Many Canadian rural and remote communities face similar access issues. In December 2016, the Canadian Radio-television and Telecommunications Commission (CRTC) set targets for Internet service providers (ISPs) to offer customers in all parts of the country broadband at 50/10Mbps with the option of unlimited data. CRTC estimates two million households, or roughly 18% of Canadians, don’t have access to those speeds or data.

Let those figures sink in for a minute. Today in 2017, millions of people in North America still don’t have access to broadband Internet.

It’s an even harder to pill to swallow when you realize how disproportionately and gravely it affects indigenous communities, many of which are Continue reading

Evidence at the cost of trust: The trouble with the Department of Justice – DreamHost case

The social and economic benefits of the Internet cannot be realized without users’ ability to communicate and organize privately, and, where appropriate, anonymously. Data collection warrants must strike a balance to protect these benefits without impeding law enforcement’s ability to enforce the law. In recent weeks, the United States Department of Justice’s (DoJ) conflict with DreamHost, a website hosting service, has underscored the importance of this balance.

A week after the 2017 U.S. presidential inauguration, the DoJ issued a warrant to DreamHost to gather evidence for almost 200 cases related to violence that occurred during Inauguration Day protests. DreamHost had provided services to a website used to coordinate protests during the presidential inauguration.

The initial warrant was broad in scope; DreamHost stated that compliance would mean handing over records relating to 1.3 million IP addresses. This July, the DoJ went even further, issuing a new warrant asking for “Files, databases, and database records” regarding the website in question. DreamHost’s filing with the court specifies that the DoJ sought: the IP addresses of visitors to the website; which website pages were viewed by visitors; and a description of the software running on visitors’ computers.

The DoJ itself appears to Continue reading