Network and information security is a Biden administration priority, said Ruth Berry, White House National Security Council digital technology policy director. The need to secure the entire network "could not be higher" due to risks from untrustworthy equipment vendors such as Huawei and the lack of competition and diversity in the telecom supply chain, she said at a Wednesday European Telecommunications Network Operators Association/USTelecom webinar. Europe sees progress on network cybersecurity issues, and many opportunities for common rules, from the EU-U.S. Trade and Technology Council (TTC), said Thibaut Kleiner, director-policy, strategy and outreach, European Commission communications networks, content and technology directorate. Another international concern is that online platforms and apps are generating increasing network costs, noted ETNO Director General Lise Fuhr. Kleiner said the COVID-19 pandemic was a "stress test" for European networks, and it showed that the regulatory framework hasn't harmed quality or reliability. It's fair to ask who should pay for network upgrades such as 5G, he said, but the EU hasn't reached the point where it needs to intervene in the relationship between telcos and platforms. The emergence of the "splinternet" is very worrying, said Kleiner: The EU continues to support ICANN and its internet governance and infrastructure, and hopes to publish Europe's vision for the internet sector's future at month's end. USTelecom President Jonathan Spalter welcomed the U.S. government push to establish an alliance for the future of the internet, which will address data privacy, data security, cybersecurity, competition policy and other issues. The original optimistic vision of the internet "is now in flux" as shown by misinformation, internet shutdowns and use of the network by autocrats, Berry said. The alliance is expected to launch in coming weeks, she noted: It will let governments recommit to original internet principles of openness, security and more, and will enable a global conversation on how to push back against challenges. The U.S. agrees with the EU that the global community should continue to manage the internet's fundamental infrastructure, without undermining the multistakeholder approach, she said. Another "burning issue" is the semiconductor supply chain, Kleiner noted: The EU Chips Act (see 2201100033) will align with a U.S. initiative.
Dugie Standeford
Dugie Standeford, European Correspondent, Communications Daily and Privacy Daily, is a former lawyer. She joined Warren Communications News in 2000 to report on internet policy and regulation. In 2003 she moved to the U.K. and since then has covered European telecommunications issues. She previously covered the U.S. Occupational Safety and Health Administration and intellectual property law matters. She has a degree in psychology from Duke University and a law degree from the University of Tulsa College of Law.
A European Commission proposal on semiconductors could emerge shortly, Internal Market Commissioner Thierry Breton said Monday in an online Politico interview. The European Chips Act is needed because Europe must be able to produce more on its soil and export more chips, he said. The EC wants to ensure the right level of R&D and have the appropriate level of cooperation between Europe and its partners, he said. It makes sense for the EU to spread its chip investment across the continent, but boosting chip manufacturing requires capacity, a good level of stable energy and other elements, so ramping up production must be done where those factors exist, he said. The EC announced an industrial alliance on microchips, and Breton was asked whether that alliance would welcome companies like Intel from outside Europe. Europe must first establish its own strategy, he said: Once that's done, players from elsewhere will be welcome. On the Digital Services Act (DSA) and Digital Markets Act (DMA), Breton hopes to conclude the measures under the current EU French presidency, which ends July 1. Three recent developments are worrying European telcos, said European Telecommunications Network Operators Association Director General Lise Fuhr, who hosted the event. They're starting to grasp the effects of global technical turmoil, which will affect Europe more than the U.S.; American companies have launched a new initiative to conquer the "metaverse"; and operators more clearly recognize how today's tech power becomes unrivaled economic power, as shown by Apple's revenue. But telcos have reasons for confidence in the EU, she said: It changed its approach to new technologies and is less naive about big tech, as shown by the DMA/DSA; it has started to see the correlation between big tech and green issues; and policymakers are starting to view the tech sector as a growth industry rather than something to squeeze for revenue. Nevertheless, she warned, ETNO's reasons to be confident don't relieve its concerns.
Google and Facebook breached French data protection laws on cookies, the Commission Nationale de l'Informatique et des Libertes (CNIL) said Thursday. It fined Google 150 million euros ($170.2 million), Facebook 60 million euros ($68.1 million). The data protection authority said it received "many complaints" from users about the difficulty of refusing cookies on the companies' websites. Investigations found google.fr, youtube.com and facebook.com offered buttons allowing users immediately to accept cookies, but the process for refusing them required several clicks. Making the refusal mechanism more complex discourages cookie refusals and encourages users to opt into them, negatively affecting users' freedom to consent, CNIL said. Google emailed that it understands its responsibility to protect users' trust and is "committing to further changes and active work with the CNIL "in light of the decision. Facebook parent Meta emailed it's reviewing the decision and remains "committed to working with relevant authorities" to improve its cookie controls. Data protection is among key priorities of the EU French Presidency, which took office Jan.1. Its work program for the six-month term includes several digital technology areas, including personal data protection in electronic communications that will complement the general data protection regulation. Other priorities: Development of "human-centred artificial intelligence," boosting cybersecurity, and beginning work on a data act as part of a framework to enable data exchange while ensuring secure sharing mechanisms.
As interest grows in Web 3.0, blockchain domain names are increasingly seen as a key service, experts told us. Blockchain domains have been around for several years (see 1810040002) but the idea of a decentralized system that could fix many of the problems with the current web brought them into sharper focus. Web 3.0 fans say it could, among other benefits, improve domain security and offer additional services the ICANN domain name system (DNS) can't. Skeptics say blockchain domains could hamper law enforcement and intellectual property rights, and they raise interoperability and inefficiency issues.
Regulations intended to rein in large internet platforms moved forward Tuesday as EU lawmakers debated the Digital Markets Act (DMA) and a key committee approved its report on the Digital Services Act (DSA). The measures appear to be generally popular, but some lawmakers and stakeholders said they don't go far enough. The DMA seeks to create a level playing field in the digital sector by regulating "gatekeepers" that control core platform services to the detriment of competition. The DSA aims to protect users from illegal goods, services or content by, among other things, imposing due diligence requirements on online intermediaries (see 2012150022). Amendments to the report were to be voted Tuesday, with a final vote scheduled Wednesday. That will set parliament's negotiating position for talks with governments in the council, who agreed on their approach in November (see 2111260016). The DMA would put Europe in the leadership of the digital space, said Internal Market Commissioner Thierry Breton. He noted criticism from across the Atlantic but said the DMA isn't against any country or company, but rather an effort to regulate that space. Lawmakers generally supported the DMA subject to several changes, including ensuring that social media platforms and messaging services are interoperable, that they're safe and protective of personal data, and banning personalized kids advertising. Some members worried that the parliamentary version weakens the EC proposal by, for example, reducing companies that will fall within its scope. The lead committee vetting the DSA, the Internal Market and Consumer Protection Committee, OK'd its report. The approach taken by IMCO rapporteur Christel Schaldemose, of the Party of Socialists and Democrats and Denmark, got backing from other committees that reviewed the proposal, she told a Tuesday briefing. Compromises included: It safeguards intermediary liability provisions in the EU e-commerce directive, and opens the "black box of algorithms," forcing large platforms to disclose such things as content that may breach their terms. Members of European Parliament introduced a right for consumers and businesses to seek compensation for DSA violations. Asked which changes might be controversial in talks with governments, Schaldemose said that the council wants to finish work quickly could be problematic. Targeted ads and the black box of algorithms might be tricky, she said. The European Consumer Organisation urged MEPs to "aim for a stronger liability regime for marketplaces when consumers are harmed, a ban on surveillance advertising altogether, and for all platforms to have to verify the legality of sellers and their products, not just the large ones." "Further work is needed on marketplace obligations, user redress, and data disclosure to law enforcement and researchers," emailed the Computer & Communications Industry Association. Parliament votes on the amended DSA proposal in January.
EU governments are keen to support GAIA-X, an initiative to develop European cloud and data services, they said at a Thursday hybrid conference. Policymakers, scientists and businesses worldwide are working to create a federated and secure data infrastructure that will enable data-sharing by enterprises and citizens in a way that allows them to keep control over it, GAIA-X's website says. Government officials from Spain, France, Germany and the Netherlands said they want Europe to have digital sovereignty that aligns with EU rules. France wants GAIA-X to provide visibility and transparency to users on sovereignty and protection against extraterritorial regulation, said Mathieu Weill, French Ministry of Economy digital economy department head. The project's other pillar is creating data spaces, and Germany wants an "active and engaged community" to bring shared data spaces to life, said Stefan Schnorr, Federal Ministry for Economic Affairs and Energy digital and innovation policy department head. The Netherlands is active in data-sharing covering thousands of businesses and wants to stimulate public sector participation, said Jos de Groot, Netherlands Ministry of Economic Affairs telecom market department director. GAIA-X needs a human-centric perspective and a clear process for sharing data, said Carme Artigas, Spanish secretary of state-digitization and artificial intelligence. Other countries outside European are also developing cloud infrastructure, so solutions are needed to allow data to be transferable among systems, Schnorr said; the key is for data to be able to be moved transparently, securely and in a trusted manner. GAIA-X faces criticism because its members include U.S. and Chinese companies. The project is private sector-driven, said Weill: Governments are here to support it and ensure it upholds European values but have no say in membership. The European project needs a global infrastructure, Schnorr added.
As demand and prices for IP version 4 addresses rise, cybersecurity threats are also increasing, IPv4 marketplace IPXO said. The price surge likely leads to increased cybercrime as crooks hijack and sell unused addresses in underground markets, said CEO Vincentas Grinius. The answer isn't to adopt IPv6 but to look to a more sustainable form of internet governance such as leasing IPv4 addresses, he said. IPv4 addresses are a problem if they're made available via carrier-grade network address translation (NAT), which uses a single address for multiple subscribers and can hide cybercriminals, said IPv6 Forum President Latif Ladid. Key industries use IPv6, he said.
Sanctions imposed on Afghanistan will hurt its internet, an Urban Media Institute webinar was told Tuesday. Afghanistan lags neighbors Iran and Pakistan, where the internet emerged in the 1990s, said Mujibullah Shams, a member of the National Information Technology Professional Association of Afghanistan (NITPAA). Afghanistan was engaged in civil war then and, before 2002, the Taliban banned Western technologies such as broadcasting and the internet. When the new government took over in 2003, the country-code top-level domain (ccTLD) .af was delegated to a government ministry. Around 327,0000 IP addresses are allocated to the country, which has about 12 million users. Afghanistan faces "enormous challenges," said NITPAA President Mohibullah Utmankhil, a professor at Kabul Polytechnic University. About 25 provinces have long been connected to fiber networks, but foreign aid supported these: There are some 63 registered ISPs, but since aid organizations pulled out, they're suffering financially. If this continues, Afghanistan could lose internet connections with its neighbors; and even maintaining its current IT infrastructure is in doubt, he said. Others such as Microsoft and Amazon are limiting their cloud services to the country, he said. It's reported that less than 10% of .af domain names are hosted in-country, and if anywhere they're hosted imposes sanctions, that may affect those domains, he said. The ccTLD itself is outside Taliban control, but the government has apparently locked all gov.af domains, he noted. The Afghan internet community is committed to bringing the technology to the country, said Digital Medusa Director Farzaneh Badii. But the ccTLD .af could become dormant if registrars can't register af. domain names, or if the Taliban or some other regime takes control of the ccTLD, she said. Even registries that manage generic TLDs such as .com have become "sensitive" about providing services to residents of sanctioned nations, she said. Another worry is that IP addresses could be pulled back from Afghanistan, severing its connection to the world, she noted. ICANN doesn't play a day-to-day role in ccTLD management because that's a local responsibility, emailed a spokesperson. The decision to remove responsibility for a domain to a different entity must be arrived at locally, including by the government in charge, and would be submitted to ICANN for recognition, she wrote. The .af domain is managed by the Ministry of Communications IT, she added. "Any ICANN assessment relating to a requested change is limited to ensuring ongoing stability of the domain is preserved and the request is in accordance with local decision-making."
A 2017 European Commission antitrust decision on Google Shopping was correct, as was the $1.7 billion fine (see 1903200004), the EU General Court confirmed Wednesday in Google and Alphabet v. Commission, case T-612/17. The court mostly dismissed Google's appeal. The ruling, which Google can appeal to the Court of Justice within two months, was cheered by consumers, rivals and the EC, which said it clears the path toward better platform regulation.
A U.K. proposal for reining in tech companies could affect intermediary liability protections and set up a conflict with a similar measure moving through the EU legislative process, experts said. The draft Online Safety Bill (OSB) establishes a new regulatory regime to address content harmful to children and illegal online content. The EU Digital Services Act (DSA) seeks to boost user trust in online services by countering illegal content and by making platforms, especially very large ones, more accountable (see 2012150022). But unlike the OSB, the DSA builds on existing "safe harbor" rules for intermediaries. It also addresses only illegal content, while the U.K. measure gets into the murky area of harmful material.