The GovLab SCAN – Issue 63

Samantha Grassle also contributed to this post.

As part of the GovLab’s Living Labs on Smarter Governance project, this is our 63rd edition of The SCAN – Selected Curation of Articles on Net-Governance. Feel free to share your suggestions with us at SCAN@thegovlab.org.

This week’s highlights:

• The Global Network of Internet and Society Research Centers (NoC) and the Berkman Center for Internet & Society have released a new paper, Governance of Online Intermediaries: Observations from a Series of National Case Studies, that examines online intermediary liability through the use of case studies covering issues and frameworks in Brazil, the European Union, India, South Korea, the United States, Thailand, Turkey, and Vietnam,

• Lenovo has come under fire for shipping Windows computers preloaded with hidden adware dubbed Superfish, which exposed Lenovo users to man-in-the-middle attacks.

• AT&T has rolled out high speed fiber-to-home Internet service in Kansas City for $70 a month; however, customers will have to pay an additional $29 per month to opt out of AT&T using their data for advertising. The articles AT&T charges $29 for privacy. Time for others to do the same and Don’t let AT&T mislead you about its $29 “privacy fee” provide two viewpoints on this controversial move by AT&T.

ICANN and IANA

Murphy, Kevin. Group forms to stop new gTLDs breaking stuff. Domain Incite. February 17, 2015.

• Due to the compatibility problems faced by new gTLD registrants over a year into the new gTLD program, a group of domain industry companies have joined to form a new Universal Acceptance Steering Group (UASG) to address these problems. The group is supported by the Internet Corporation of Assigned Names and Numbers (ICANN) and the Domain Name Association, and members include Donuts, Google, Microsoft, Go Daddy and Afilias. According to the UASG, “this is a project that will take years to make progress on.”

Sarkar, Dibya. NTIA says ICANN-oversign plan may be ready in late July; news report says that could be delayed. FierceGovernmentIT. February 17, 2015.

• On February 11, the IANA Stewardship Transition Coordination Group (ICG) released a report indicating that the group hopes to submit “a final, consolidated plan to NTIA by the end of July.” However, several media outlet reported that this is a “best case scenario” and that this could be delayed further which would interfere with the September 30 IANA transition deadline. The NTIA responded to these concerns by saying there is “no deadline for the transition and if the community needs more time then the current contract can be extended.”

Strickling, Lawrence E. Stakeholders Continue Historic Work on Internet DNS Transition at ICANN Singapore Meeting. National Telecommunications & Information Administration Blog. February 19, 2015.

• In this blog post, Strickling provides an overview of where the IANA transition stands as the one-year anniversary of the announcement approaches. He provides an update on the two tracks of work and expresses that he is optimistic that all parties are on schedule to complete a transition plan by the summer. Strickling also mentions that the NTIA has “the flexibility to extend the contract if the community needs more time to develop the best plan possible.”

Internet Governance

Auerbach, David. You Had One Job, Lenovo. Slate. February 20, 2015.

• Lenovo has come under fire for shipping Windows laptops preloaded with hidden adware, dubbed Superfish, that suggests its own shopping results into browsers when users searched on Google, Amazon, and other sites. This article discusses why Superfish is “the most virulent, evil adware you could find”: it compromises browser security “and allows anyone on your Wi-Fi network to hijack your browser silently and collect your bank credentials, passwords, and anything else you might conceivably type there.” Uninstalling Superfish does not remove the problem, and while Lenovo initially mostly dismissed the issue, it has now stated that it will release a removal tool on Friday to fix the problem.

Finley, Klint. Google Looks to Break Into China With a New YouTube Channel. Wired. February 17, 2015.

• Google has launched “a new Chinese-language YouTube channel to educate Chinese programmers on the ins and outs of various Google technologies, such as its Android mobile operating system and Compute Engine cloud computing service.” In this article, Klint discusses the irony of this move given that YouTube and Google’s search engine are both officially blocked in China, and Google’s “tumultuous relationship with the Chinese Government.”  Despite these issues, Klint points out that some of Google’s other technologies are very popular in China; for example, Google’s Android operating system is is the most popular smartphone operating system in China.

Higginbotham, Stacey. Don’t let AT&T mislead you about its $29 “privacy fee”. GigaOm. February 19, 2015.

• This article addresses AT&T’s rollout of high speed fiber-to-home Internet service in Kansas City, and its move to charge users $29 a month to opt out of having their data used for advertising. Stacey Higginbotham, the author, argues that the true cost of the privacy option is $44 a month or higher due to associated fees, contrary to the $29 per month being reported by the Internet service provider and the media. She states that customers are choosing to forego their privacy “not because they get a $29 discount, but because after going through a fairly complicated sign up process and managing to click on the right button to even see the option to protect their privacy, they suddenly realize that keeping their privacy doesn’t cost $29 but rather $44 or even $66 per month.”

Kurbalija, Jovan. In the Internet We Trust: Is There a Need for an Internet Social Contract? Huffington Post. February 13, 2015.

• In this article, Jovan Kurbalija, Founding director of DiploFoundation and Head of the Geneva Internet Platform, discusses the relevance of trust online, how online trust is machine-driven, and systemic challenges for trust online. He offers some steps to ensure trust and growth of the Internet economy, including transparency in the way data is handled, and that governments and public authorities should place requirements on terms of service (ToS) to ensure they are clear, concise, available and not hidden, and use larger font sizes for fine print stipulations. He ends by stating that “modern society may need a new Internet social contract between users, Internet companies, and governments.” He states that there is cause for “cautious optimism” as “a trustworthy Internet is in the interests of the majority.”

Micek, Peter. Access submits evidence to International Criminal Court on net shutdown in Central African Republic. Access Blog. February 17, 2015.

• This blog post highlights how the organization Access recently “submitted evidence to the International Criminal Court (ICC) about the SMS shutdown in the Central African Republic (CAR) during June and July 2014.” The shutdown lasted about 6 weeks, and according to Access this exacerbated unrest in the country. In the report to the ICC, Access recommended “that prosecutors should study the human rights impacts of the government-ordered network shutdown, identify those responsible, and hold them accountable in order to set a precedent in CAR and around the world.”

Paul, Kari. Russia Wants to Block Tor, But It Probably Can’t. Vice. February 18, 2015.

• While the Russian government stated last week that it wants to block the anonymizing software Tor, currently used by 150,000 Russians daily. However, “how likely is it that they will succeed at censoring a tool that is itself used to circumvent censorship?” According to Jillian York, Director for International Freedom of Expression at the Electronic Frontier Foundation, blocking VPNs (Virtual Proxy Networks) is easier than Tor. While governments can block access from IP addresses associated with VPN providers, blocking Tor is more complex as it requires blocking destination nodes rather than URLs or IP addresses. The article discusses how China is the only country that has successfully blocked Tor, and that one of the main reasons Russia would have difficulties following China’s example is that very few sites Russians use are hosted in Russia.

Roberts, Jeff John. AT&T charges $29 for privacy. Time for others to do the same. GigaOm. February 17, 2015.

• AT&T has rolled out high speed fiber-to-home Internet service in Kansas City for $70 a month; however, customers will have to pay an additional $29 per month to opt out of AT&T using their data for advertising. This data includes individual Web browsing information, including search terms and web pages visited, and “customers can’t thwart AT&T ‘s data collection through cookie settings or private browsing since the company is drawing the data right from their fiber connection.” In this article, Roberts argues that the companies have often offered free services at the cost of personal information, and that AT&T has merely made this explicit in its new terms. According to Roberts, “it’s high time to consider pay-for-privacy” as a way of addressing the misuse of consumer data.

Schroeder, Stan. Proposed rule would give U.S. power to cybersnoop worldwide, Google warns. Mashable. February 19, 2015.

• The U.S. Department of Justice recently moved to amend Rule 41, which governs the issuance of search warrants. The rule currently restricts judges from issuing warrants for outside their districts, but the amendment would “let the U.S. government obtain warrants for searches of electronic storage media if their physical location is concealed through technological means.” Google’s Legal Director, Richard Salgado, has stated that this change “could have profound implications for the privacy rights and security interests of everyone who uses the Internet.” According to Salgado, the amended rule will “likely end up being used by U.S. authorities to directly search computers and devices around the world.” Google filed comments opposing this change last week. According to a statement by a spokesman for the Department of Justice, the proposal “would not authorize any searches not already authorized under current law” and the rule change “will ensure that courts can be asked to review warrant applications for probable cause in situations where is it currently unclear what judge has authority to review a warrant application.”

Wilhelm, Alex and Sarah Buhr. The NSA Reportedly Stole Millions of SIM Encryption Keys To Gather Private Data. TechCrunch. February 19, 2015.

• This article highlights recent revelations that the American National Security Agency (NSA) and British Government Communications Headquarters (GCHQ) “stole SIM card encryption keys from a Dutch manufacturer called Gemalto “allowing the groups to decrypt cellular communications data” from around the world. According to information collected from the Snowden leaks, the “NSA and the GCHQ formed a group called the Mobile Handset Exploitation Team (MHET)” and they managed to “infiltrate Gemalto by tracking the communications of it’s employees.” This new information has prompted digital rights groups like the Electronic Frontier Foundation to express outrage.

Papers and Reports

Chertoff, Michael, and Simon, Tobby. The Impact of the Dark Web on Internet Governance and Cyber Security. The Global Commission on Internet Governance. February 17, 2015.

• This report by the Global Commission on Internet Governance aims to “provide a broader understanding of the dark Web and its impact on our lives.” The report begins with an outline of several types of cybercrime in the dark Web, followed by an examination of some of the reasons that users choose to be anonymous online. The report also discusses efforts to monitor the dark Web, including hidden service monitoring, customer data monitoring, and semantic analysis methods. The authors conclude that researchers need “new ways to spot upcoming malicious services to deal with new phenomena as quickly as possible.”

Gasser, Urs, and Schulz, Wolfgang. Governance of Online Intermediaries: Observations from a Series of National Case Studies. Berkman Center Research Publication No. 2015-5. February 18, 2015.

• This paper “seeks to distill key observations and provide a high-level analysis of some of the structural elements that characterize varying governance regimes, with a focus on intermediary liability regimes and their evolution.” The authors build upon eight in-depth case studies and use cases “examining online intermediary governance frameworks and issues in Brazil, the European Union, India, South Korea, the United States, Thailand, Turkey, and Vietnam.”

Events

(The below includes both past and upcoming events. See The GovLab’s Master Events Calendar for more Internet Governance events)

---

[Webinar] Internet governance in February 2015. DiploFoundation. February 27, 2015.

• In this monthly briefing of main Internet governance related events, the Geneva Internet Platform (GIP), run by the DiploFoundation, will cover provide an overview of the main issues in February, including “Net Neutrality, as the FCC prepares to vote for new proposals. Cybersecurity is also at the forefront, as banks are once again a target for hackers, while new proposals for government and private sector cooperation unfold in the USA. What impact will these developments – any many others – have on the global digital policy process? What are the updates from the IG Barometer, and what can we expect in March?”