Archive

Category Archives for "Internet Society"

The Week in Internet News: Goodbye Yellow Brick Road

The FBI weighs in, again: The U.S. FBI, which has complained for years about the lack of access to encrypted communications, isn’t yet ready to call for legislation that would force tech companies to let police in, FCW.com reports. During a recent congressional hearing, Rep. Matt Gaetz (R-Fl.) asked if there was “meaningful legislation that Congress should consider so that technology partners have a yellow brick road to work with the government.” The decision “should be made by the American people through their elected representatives, not through one company making a business decision on behalf of all of us,” FBI Director Christopher Wray said.

Community networks rising: CircleID has a blog post featuring broadband predictions for 2020, including expectations that community broadband networks will see a “massive surge.” The prediction: “As the public becomes better acquainted with broadband policy issues thanks to the election cycle and the growing digital disparity, we are seeing that more and more communities are taking matters into their own hands.”

Super speedy: In related news, the UTOPIA Fiber network, boasting the fastest broadband speeds in the U.S., has expanded in Utah, KSL.com reports. The fiber network offers Continue reading

Announcing the Slates of Candidates for the 2020 Board of Trustees Elections

As Chair of the Internet Society Nominations Committee, I am pleased to announce the slates of candidates for the 2020 Board of Trustees elections. The candidates for each slate are listed below in alphabetical order by last name.

Chapters Election (two seats available)

  • Satish Babu
  • Maymouna Diop
  • Luis Miguel Martinez
  • Glenn McKnight
  • Amir Qayyum
  • Roberto Zambrana

Organization Members Election (one seat available)

  • Olivier Alais
  • Ted Hardie

Additional nominations for election to the Board of Trustees may be made by petition by the candidate, and filed with the Chair of the Nominations Committee using the online form available at the Petitions page: https://www.internetsociety.org/board-of-trustees/elections/2020/petitions/

The deadline for receipt of petition requests is Friday, 21 February at 15:00 UTC. The deadline for petition signatures is Friday, 28 February at 15:00 UTC. The names of any successful petitioners will be placed on the ballot. The final candidate slate will be announced on Monday, 2 March and voting will open on Thursday, 19 March.

Learn more about the candidates and the elections, including the petition process at: https://www.internetsociety.org/board-of-trustees/elections/

The Committee thanks all of the nominees who expressed interest and willingness to serve on the Internet Society Board of Trustees.

The post Continue reading

Learn, Contribute, and Engage! Introducing the Chapter Training Program!

Our members plays a vital role in working for a open, globally-connected, and secure Internet for all – through their experience, knowledge, and passion. For this reason, we’re excited to announce the Internet Society’s 2020 Chapters Training Program.

The Chapters Training Program will be the first engagement and learning program for members that focuses on developing new community leaders.  These community leaders can work together with their respective Chapters and create local awareness of our 2020 Action Plan work and explore options for members to become involved.

Growing and developing our communities is one of our main priorities. By launching this program we aim to strengthen three important development components for Chapters: Chapter alignment to Organizations Strategy, Capacity Building, and Community engagement.

Enrollment for Chapters interested in being part of the program will be open until February 9th . Chapters can subscribe here.

For Chapters interested on getting more details about the program, a video session is available.

We hope to get as many Chapters as possible for this first year pilot!

We can only grow if we innovate and work together. New ideas will always bring new opportunities. Join us and be part of this global initiative!

The post Learn, Contribute, Continue reading

You Asked and We Listened: New Features in the MANRS Observatory

Collaboration and shared responsibility are two pillars of the Mutually Agreed Norms for Routing Security (MANRS) initiative, which we support so that there is a baseline of routing security for network operators around the world.

The same values apply to running the MANRS Observatory, an online tool we launched in August that lets users track the state of Internet routing security and network operators their “MANRS-readiness.” Aggregating data from trusted sources, it relies on the community with a shared goal to protect the core of the Internet.

Since we rolled out the tool, many of you have shared that you would like to see updates to make it more informative, intuitive, and easy to use. We take your comments seriously, and we are delighted to introduce some of the new features to you.

We’ve made several improvements to the user interface, including:

  • Improved Search. The search network now displays the name of a network as you type an ASN. This feature is only available to MANRS participants; public access does not provide data for individual networks.
  • Report Sharing. Individual network reports that provide detailed information about potential incidents and cases of non-conformance can now be easily shared with Continue reading

The Week in Internet News: Broadband Finally Comes to Rural Areas in U.S.

Broadband expansions: There were several news articles this week about broadband deployments, including places in the U.S. that still were lacking access. Masslive.com reports that Princeton, Massachusetts, with a population of more than 3,400, finally has gotten high-speed Internet access. More than 35 towns in the state still lack access. In Princeton, the local pizza place had been popular because it had WiFi service not available in other parts of the town.

New fiber build: Meanwhile, Facebook and non-profit MCNC are planning to deploy a fiber broadband network in five Western North Carolina counties, USNews.com reports. The fiber network will connect, among other sites, schools in four districts, the North Carolina School for the Deaf, five health care sites, four community colleges, and four public safety locations.

Alexa, give me broadband: Nasdaq.com has an article on Amazon’s plans to become an Internet service provider using a satellite system made up of 3,236 satellites. Amazon is asking the U.S. Federal Communications Commission for permission, but some cable companies are opposed, as are SpaceX and OneWeb, which both have their own plans for satellite broadband service.

No faces on Facebook: Even as Facebook plans broadband expansions, it Continue reading

Introducing our Open Standards Everywhere project – securing web servers in 2020!

neon open sign on dark background

How do you make your web server as secure as possible – while using the latest open security standards? How do you ensure your web site is available to everyone  across all the global network of networks that is the Internet? 

For the Internet to remain open, globally-connected, trustworthy, and secure, we believe the networks and servers that make up the Internet need to be based on the latest and most secure standards coming out of the Internet Engineering Task Force (IETF). 

Many web server administrators may want to support the latest standards and protocols, but they don’t know how, and don’t necessarily have the time to figure it out. It may be item #393 in a long list of to-dos. Web site administrators may not be aware of the latest open standards, or may not know why they should support these standards. 

As part of our Action Plan 2020, we are launching the Open Standards Everywhere project, with a focus in 2020 on the security and availability of web servers.

The project has four main components: 

  1. Build four reference servers – Using apache and nginx, with and without a CDN, and using Continue reading

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data, and enable trust.

Let’s face it, protecting your privacy can feel overwhelming. It can seem like we conduct our entire lives online and it’s hard not to notice headlines about our privacy being undermined, like law enforcement trying to gain access to encrypted data. But whether you know it or not, you’re making choices about what you share and how you share it each day. These seemingly-small actions can make a big impact.

You might already be doing some of these, but here are six actions you can take to protect your privacy:

  • Use end-to-end encrypted messaging apps. Switch to using messaging apps that offer end-to-end encryption, such as WhatsApp, Signal, Threema, and Telegram. Some are better than others, so make sure to read the reviews.
  • Turn on encryption on your devices or services. Some devices or services will offer encryption, but not set it as the default. Make sure to turn on encryption.
  • Use strong passwords. Do not just use a default password, a simple guessable password, or a password that uses personal information, such as your pet’s name. Continue reading

The Week in Internet News: Apple Backs Away from Encryption Plan

Under pressure: Apple has scrapped plans to allow iPhone users to fully encrypt backups of their devices in iCloud after the U.S. FBI complained it would hinder investigations, Reuters reports. About two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, but its plans seem to have changed. Meanwhile, U.S. Attorney General William Barr and President Donald Trump have continued their pressure for tech vendors to build backdoors in encrypted devices, Politico says.

One high-profile phone: Two United Nations rights experts have accused Saudi Arabia of hacking the phone owned by Jeff Bezos, founder of Amazon.com and owner of the Washington Post, the New York Times says. The hack appears to be an attempt to influence the Post’s coverage of the kingdom, the U.N. people say. The hack of Bezos’ phone appears to have bypassed encryption through spyware, adds a Fortune story.

If it’s good for smartphones: Swiss cryptography firm Teserakt has introduced E4, “a sort of cryptographic implant that Internet of Things manufacturers can integrate into their servers,” Wired reports. The open source tool aims to be a comprehensive encryption solution for IoT.

Continue reading

ISPs Should Strongly Consider MANRS to Fight Cybercrime: World Economic Forum Report

A World Economic Forum (WEF) report released today recommends that Internet Service Providers (ISPs) should strongly consider joining the Mutually Agreed Norms for Routing Security (MANRS) initiative to improve the security of the Internet’s global routing system.

Systemic security issues about how traffic is routed on the Internet make it a relatively easy target for criminals. MANRS helps reduce the most common routing threats and increase efficiency and transparency among ISPs on peering relationships.

The WEF Centre for Cybersecurity identifies four actionable principles as effective in preventing malicious activities from getting “down the pipes” from network providers to consumers in the report Cybercrime Prevention: Principles for Internet Service Providers, released today in Davos, Switzerland.

The principles were developed and tested over a year with leading ISPs around the world and multilateral organizations, including BT, Deutsche Telekom, Du Telecom, Europol, Global Cyber Alliance, Korea Telecom, Proximus, Saudi Telcom, Singtel, Telstra, and ITU, WEF says in a press release.

One of the principles is to “take action to shore up the security of routing and signalling to reinforce effective defence against attacks”, and MANRS, a global initiative supported by the Internet Society, is one of the recommendations to achieve the principle Continue reading

Deep Dive: Scoring ISPs and Hosts on Privacy and Security

In April 2019 the Internet Society’s Online Trust Alliance (OTA) released its 10th Annual Online Trust Audit & Honor Roll. The Audit looks at the security and privacy practices of over 1,000 of the top sites on the Internet from retailers to governments. In this post we will take a deeper dive into the ISP/Hosts sector of the Audit. This sector is comprised of the top ISPs and other hosting organizations in the U.S. It includes everything from organizations that provide network access to organizations that host email services.

In the Audit, privacy statements are scored across 30 variables. ISP/Hosts were a decidedly mixed bag compared to other sectors, which tended to do either relatively well or poorly across the board in their statements. (Though to clear, the vast majority of organizations in the Audit had poor privacy statements, it was the most common reason for failure across privacy and security scoring.)

ISP/Hosts fell somewhat short in the presentation of their statements. OTA advocates several best practices that deal with how the privacy statement is displayed to make it as easy as possible for users to understand.

The simplest practice OTA advocates is a link to the privacy Continue reading

The Week in Internet News: Kentucky Broadband Program Stalls

Broadband delays: KentuckyWired, an ambitious plan to bring broadband services to underserved, rural parts of the state, is about two years behind schedule, the Courier Journal reports. As a result, the promise of new high-tech jobs has not materialized. About 405,000 residents of Kentucky have no access to wired broadband.

Cities take the lead: Meanwhile, a handful of cities in Oregon are considering municipal broadband projects, KPTV reports. Hillsboro is about to join the ranks of cities offering city-funded connectivity.

Tweets against encryption: U.S. President Donald Trump has tweeted a demand for Apple to defeat encryption on iPhones owned by criminal suspects, CNet says. Administration officials have criticized Apple for not unlocking a phone used by a dead mass shooter.

Election hacking: A security researcher has found that an election server in the U.S. state of Georgia may have been hacked in 2014, before a tight 2018 race for governor, Politico reports. If hackers did manage to breach the server, they would have “almost total control” of it, including the abilities to modify files, delete data, and install malware,” election security expert Logan Lamb said.

The cost of pulling the plug: Internet and social media shutdowns cost economies Continue reading

Pacific Report to the Dynamic Coalition of Small Island Developing States in the Internet Economy

2019 was an active year for Pacific involvement in the Internet economy. What we have demonstrated is that originating from small island developing states (SIDS) in the Pacific does not restrict one’s opportunity to become a leader within large international organizations like ICANN, which manages and allocates domain names and IP addresses globally.

I was very honored that my colleagues from the ICANN At-Large Advisory Committee (ALAC) elected me to be their Chair for 2019, and again for the upcoming year. It has enabled me to use my organizational management skills which I did by distance learning from Rarotonga through Massey University in New Zealand.

My Cook Islands colleague, Pua Hunter, was also elected at the recent ICANN meeting as regional co-chair for the Government Advisory Committee (GAC). She is already the chair of GAC’s Underserved Regions Committee. Such leadership roles have also been achieved by others from SIDS in other Internet-related organizations, which goes to show that being from small islands does not mean that we will go unnoticed if we are prepared to be active in our commitment to improving our regions.

The Pacific Islands Chapter of the Internet Society (PICISOC) received a boost at the elections last Continue reading

Community Radio and Network Providers Join Force to Grow the Internet

Last month, 40 community radio and network providers from all across Asia-Pacific journeyed by road from Bengaluru, India’s tech capital, to IruWay, a rural research lab about 80km away.

As the traffic and indiscriminate honking outside the megacity faded, Internet signal also weakened, and at some point, there was no connection at all – something that could make Internet-dependent city dwellers queasy. But the 40 participants traveling to attend the Community Network Exchange Asia-Pacific 2019 (CNX APAC) were undeterred. They have built or run radio or Internet networks for unconnected communities in many countries, including Bangladesh, Malaysia, Myanmar, Nepal, the Philippines and Thailand.

The event gathered the two groups, community radio and network providers. It was a bid to get communities that have community radio stations in place to also set up community networks – so that villages unserved by mobile network operators or Internet service providers can access the Internet and the benefits it offers.

Community radio stations play an important role in providing information to rural communities throughout the world. They have expertise in setting up the infrastructure as well as creating local content, both of which are crucial to the success of community networks. It is why the Continue reading

Deep Dive: U.S. Federal Government’s Security and Privacy Practices

In April 2019, the Internet Society’s Online Trust Alliance released its 10th Annual Online Trust Audit & Honor Roll. The Audit looks at the security and privacy practices of over 1,000 of the top sites on the Internet, from retailers to government sites. In this post we will take a deeper dive into the U.S. Federal Government sector of the Audit. The Government sector is defined as the top 100 sites in the U.S. Federal Government by traffic (based on Alexa ranking). Given the nature of the U.S. Government compared to companies, this sample has some unique properties, namely site security.

The most obvious place the government excels is in the area of encryption. The reason for this is largely due to a mandate from the Homeland Security Department that all U.S. Government sites be encrypted, but the standard should still be the same for any site. Put another way, the other sectors in the Audit do not have an excuse for lagging in security.

In site security the Government sector fared the best with 100% adoption of “Always-On Secure Socket Layer” (AOSSL) and/or “HTTP Strict Transport Security” (HSTS), compared to 91% of sites overall. The Continue reading

The Week in Internet News: Mexico, NYC Push for Internet Access for All

Everyone’s invited: Politicians in Mexico and New York City announced plans for universal Internet access in recent days. Mexican President Andres Manuel Lopez Obrador announced a plan to bring access to the large swaths of the country that don’t have it, including a government investment of more than $500,000, according to AA News. Meanwhile, New York City Major Bill de Blasio is pushing an “Internet master plan” to improve access. About 18 percent of the city’s residents have neither mobile nor home Internet connections, and about 40 percent have one or the other, but not both, the New York Daily News reports.

New pressure campaign: The U.S. FBI is asking Apple for help to access encrypted communications on an iPhone that belonged to the Saudi military student who killed three people last month at a naval base in Pensacola, Fla., the Washington Post reports. It’s unclear what information the FBI is looking for, given that the shooter is dead, but the request is a new step in the long-running fight between the U.S. government and large tech vendors over the use of encryption on smartphones and other devices.

Cyber retaliation: Many cybersecurity experts expect Iran to retaliate with cyberattacks Continue reading

‘Major Initiatives in Cybersecurity’ Shows Everyone Can Contribute to Trust

How do we work toward a more secure Internet?

In the Cyber Security discussions that take place in the various policy fora around the world, there is often little appreciation that the security of the Internet is a distributed responsibility, where many stakeholders take action.

By design, the Internet is a distributed system with no central core or point of control. Instead, Internet security is achieved by collaboration where multiple companies, organizations, governments, and individuals take action to improve the security and trustworthiness of the Internet – so that it is open, secure, and available to all.

Today we’ve published Major Initiatives in Cybersecurity: Public & Private Contributions Towards Increasing Internet Security to illustrate, via a handful of examples regarding Internet Infrastructure, there are a great number initiatives working, sometimes together and sometimes independently, in improving the Internet’s security. An approach we call collaborative security.

Major Initiatives in Cybersecurity describes Internet security as the part of cybersecurity that, broadly speaking, relates to the security of Internet infrastructure, the devices connected to it, and the technical building blocks from which applications and platforms are built.

We make no claim to completeness, but we do hope that the paper illustrates the complexity, breath, Continue reading

Strong Encryption Is Central to Good Security – India’s Proposed Intermediary Rules Puts It at Risk

Security and encryption experts from around the world are calling on the Indian Ministry of Electronics and Information Technology (MeiTy) to reconsider proposed amendments to intermediary liability rules that could weaken security and limit the use of strong encryption on the Internet. Coordinated by the Internet Society, nearly thirty computer security and cryptography experts from around the world signed “Open Letter: Concerns with Amendments to India’s Information Technology (Intermediaries Guidelines) Rules under the Information Technology Act.”

MeiTy is revising proposed amendments to the Information Technology (Intermediaries Guidelines) Rules. The proposed amendments would require intermediaries, like content platforms, Internet service providers, cybercafés, and others, to abide by strict, onerous requirements in order to not be held liable for the content sent or posted by their users. Freedom from intermediary liability is an important aspect of communications over the Internet. Without it, people cannot build and maintain platforms and services that have the ability to easily handle to billions of people.

The letter highlights concerns with these new rules, specifically requirements that intermediaries monitor and filter their users’ content. As these security experts state, “by tying intermediaries’ protection from liability to their ability to monitor communications being sent across their platforms or systems, the amendments would limit Continue reading

Indian Community Making the Right Connections

In the lead up to last month’s Internet Engineering Task Force meeting in Singapore, IETF 106, the India Internet Engineering Society (IIESoc) held its third annual Connections conference in Kolkata, India.

This pre-IETF event aims to increase participation in IETF discussions from the Asia-Pacific region, specifically India.

Like the years before it, this edition of Connections had four technology tracks across two days; the themes of which – IoT, security, routing, and research – were chosen with the audience and location in mind, given Kolkata is a major research hub in India. As such, there was record participation, with a large number of local students attending the event, many of whom were excited to learn about, discuss and contribute to the work being considered in the IETF and how they can contribute to this group.

The Importance of Being Involved

A feature of past Connections events has been the participation of IETF working group chairs and RFC contributors attending en route to the impending IETF conference. This year was no different and we were grateful to have former IETF chair, Fred Baker, who presented the keynote and shared his journey at the IETF during the meet and greet session.

The Continue reading

Deep Dive: How Does the Consumer Sector Score on Privacy and Security?

In April 2019 the Internet Society’s Online Trust Alliance released its 10th annual Online Trust Audit & Honor Roll. The Audit looks at the security and privacy practices of over 1,000 of the top sites on the Internet from retailers to government sites. In this post we will take a deeper dive into the Consumer section of the Audit. The Consumer section is a diverse set of sites including travel sites, hotels, and dating sites (see the methodology of the report for the full list).

In 2018 the Consumer section improved its standings with 85% making the honor roll, up from 76% in 2017. This was largely due to improvements in email security. Despite these gains in overall email security, TLS 1.3 adoption was actually down in 2018 (largely due to a change in the list of retail sites). Despite this OTA advocates the adoption of TLS 1.3.

Where these sites did stand out, compared to other sectors, was in privacy scores. Overall, the Consumer sector scored 43 out of 55 on their privacy tracker score, among the highest of any sector, and 33 out of 55 on their privacy statement, also among the highest.

The Consumer section Continue reading

The Week in Internet News: New Chinese Law Regulates Encryption

Crypto-regulation: A new law in China regulates the use of encryption, but it’s aimed at strengthening it, at least in some settings, Reuters reports. The law is aimed at aiding the development of a digital currency in China, and it is focused on “facilitating the development of the cryptography business and ensuring the security of cyberspace and information,” according to the official Xinhua news agency said. The law also that all state secrets be stored and transmitted using “core and common” encryption, Engadget says.

Build your own: Some rural Colorado communities are tired of waiting for large broadband providers to bring them service and are seeking grants or forming partnerships to build their own networks, the Canon City Daily Record says. Grants from the state at the Federal Communications Commission are helping communities build fiber networks.

Not so secure: Wyze Labs, the maker of a line of IoT-connected security cameras, has announced a data breach affecting 2.4 million customers. The breach included WiFi network details and customer email addresses, Salon reports. The security cameras don’t appear to be compromised, but compromised email addresses can lead to further customer data breaches, the story notes. Also, there’s this: “The blog Twelve Security Continue reading

1 15 16 17 18 19 69