Citizen Lab Director Ronald Deibert and Research Manager Masashi Crete-Nishihata’s piece on ethics in cyberspace, “Blurred Boundaries: Probing the Ethics of Cyberspace Research”, as well as Professor Deibert’s article titled “Dark Guests and Great Firewalls: The Internet and Chinese Security Policy”, are listed free for download and can be accessed here.

Below is the Supreme Leader of Iran’s response (Fatwa) to a question by a Mehr News Agency reporter on the use of circumvention tools:

Mehr News Agency Reporter: Some news websites have been filtered. Some people, such as journalists, due to their occupation need to access these websites to gather news and information. Usually, the news covered on the filtered websites is not available on permitted websites. What is the religious order on the use of circumvention tools for those whose jobs necessitate access?

Supreme Leader: In general, the use of circumvention tools has to be inline with the rules and regulations of the Islamic Republic, and violation of the laws is not permissible.

Some time after, the web-pages containing this news were blocked on a few ISPs as a result of the automatic blocking by words – in this case ‘circumvention tools’ or ‘anti-filtering’.

See here for an English report on the topic by Radio-Free-Europe.

Going Local

In a letter to the Director General of the Central Bank of Iran, the Minister of Communications wrote:

From now on, only local E-mail addresses will be accepted from clients while opening up new accounts. Also, sending bank statements to foreign E-mail addresses is banned.

According to the letter, this decision has been implemented in order to realize some of the provisions of Article 46 of the Fifth Economic Development Plan (2010-2015). It  identifies E-mail services such as G-mail, Yahoo, etc as one of the tools for foreign sources to gain access to users’ personal information.

What Is In a Name?

ISNA (Iranian Students’ News Agency) has asked other Iranian news agencies to follow in its suite in boycotting Google. This move comes after Google’s refusal to include “Persian Gulf” on its Google-Map services. Some experts believe that ISNA’s decision could lead to blocking Google completely in the country.

Cutting Ties

On the morning of Tuesday May 8^th, some IPs were disconnected in Tehran. IT-Analyze reports that thirteen Iranian ISPs failed to meet their payment deadlines to a Dutch company from which the IPs were purchased. This led to the disconnection of the IPs by the TCI (Telecommunications Company ofIran).

In a separate article, the TCI announced that the disconnection of IPs is not under its jurisdiction and that is has not disconnected any IPs inTehran.

Counter-Measure

Pasha Naser-Abadi’s book titled “Countering Threats in Cyberspace” has been published. The book which also includes the Cyber Crimes Law is based on the author’s personal experiences with users.

**Countering Threats in

Cyberspace” Cover

Unknown Origins

The VP of Development at the IT Organization of Iran commented regarding lingering uncertainties on the cause of the alleged cyber attack against the Ministry of Oil:

It is not yet clear whether the disruption in the Ministry of Oil’s website was intentional or due to negligence.

He continued:

Regardless, every incident should be considered a warning and we should work to remedy the situation.

Power Monopoly

Paydari Group’s Internet TV channel has been filtered in Iran. The reason behind this decision is yet to be officially announced.  Paydari Front – which can loosely be translated to the ‘Resistance Front’ – is a principalist political group, with close ties to the Supreme Leader.  One of the group’s main reasons for the establishment of an Internet TV channel was to counter the monopoly of the IRIB (Iranian Broadcasting) in the field.

Some Statistics

Mehr News Agency reported on the latest statistics of the telecommunications network in the country. This report puts the number of internet users at 28.5million, with 1,154 cities connected to the data network. Mehr also states that 334 universities are connected to the internet through a fiber-optic connection. The source of these statistics is unclear.

The Iranian Ministry of Science has come under attack, less than a week after the Ministry of Oil was forced offline due a cyber attack. According to one source from the Ministry, its joint projects with the Ministry of Defense were most probably of the most interest to the attackers.

According to BBC-Persian, the Iranian Ministry of Science has confirmed that its computer section has come under cyber attack, however, no damage has been incurred.

Tabnak News also reported that although the Ministry of Oil is back online, the intranet (internal network) of its subsidiary companies is still disconnected. The National Oil Distribution Company’s website has also changed its content, and no longer includes usage, export and related details.

Following the recent cyber attacks against Iran’s Ministry of Oil, the Deputy Minister of Oil at the Civil Defense Organization said that the nature of the cyber attack and its perpetrators had been identified. He clarified that details could not yet be revealed as it was an ongoing case. He added:  “On a general note, the attack was carried out by a virus aiming to steal and destroy the Ministry’s data.”

Responsibilities

Deputy Minister of Communications said that the 3^rd Operator (RighTel) needs to be held accountable for the obligations which it has failed to fulfill and for the delays in delivering its services.

The Monitor

The IT Organization of Iran issued the National System of Information Security Management Activities (NAMA) certificate to five private companies. The issuing of these certificates is meant to promote and develop the information security management culture, promote security in the information exchange environment and to monitor the implementation of the information security management system.

Moving Up

The Director of the Center for National Management and Development of Internet, Mohammad-Reza Tavakoli, reported that there had been ‘dramatic growth’ in the number of internet users in the country. He added that a report of the latest results will be shortly published on www.iriu.ir website. This website, currently in its beta version, provides an interactive system for determining the internet penetration rate across the country.

Out of Service

The website, of The Organization for Targeted Subsidies was out of access on the day it had announced as its deadline for opting in/out of the second phase national subsidies. At the time of this report the website was back in service.

Lagging Behind

Iran’s member to the International Confederation of E-Government announced that the country was ranked 100th out of 190 countries on the list, a two place improvement from the previous year. The UAE ranks 28^th, Bahrain is 36^th, while Kazakhstan is 38^th. The Maldives is also ahead of Iran ranking 95^th. According to the 5^th Economic Development, the E-governance system should be implemented in Iran by 2015.

In his piece, Professor Deibert writes about Canada’s role in securing cyberspace, quasi-national cyber armies such as the Syrian Electronic Army and the challenges faced by global civil society in cyberspace.

You can also read CJFE’s report card, which grades key free expression issues and major institutions.

To view the full Review, see here.

In the article, Najera writes, as “a journalist living in exile as a consequence of my job exposing official corruption and the impunity enjoyed by Mexico’s drug cartels, World Press Freedom Day represents nothing but sadness and adds another mark to a calendar filled with unanswered calls for justice.”

To read the full piece, see here.

Unlike the previous document – which represented the government’s formal recommendations – these draft By-laws are simply that, a draft. They were produced by our office solely to catalyze discussions among NSTIC stakeholders and, we hope, accelerate the work of the Identity Ecosystem Steering Group when it formally convenes in the months ahead.

One can only speculate about where some of the ideas for the draft by-laws actually came from. A dozen proposals to provide the Secretariat function for the IESG were recently submitted by organizations which might want to influence how it governs. (disclosure: an organization with which I’m affiliated participated in developing one proposal) Others have also indicated their interest in shaping the IESG. For example, the Open Identity Exchange, which is an association for Internet identity industry players (e.g., AT&T, Google, Paypal, Verizon, Experian, etc.), indicated its Advisory Board would produce a set of draft governing documents for the community to vet. It released comments today which raise many good questions pertaining to the IESG’s actual purpose, how it functions, and its corporate structure.

For those not following the development of NSTIC closely, the DoC proposed an IESG structure largely consistent with earlier comments submitted by Open Identity Exchange and others. These comments suggested a structure similar to another industry effort, the Smart Grid Interoperability Panel. In the IESG, a multistakeholder Membership participates in a Plenary Body with various Standing Committees and Working Groups. The Plenary makes specific “policy and standards” recommendations either by consensus or voting to a Management Council, which provides organizational oversight and ratifies recommendations. Leadership of the Plenary is derived from the Membership, while the Management Council is elected by the Membership from a slate of candidates provided by a Nominating Committee. The by-laws attempt to flesh out this structure with some details about roles, participation and decision making in a consensus driven, multistakeholder governance institution. While the draft represents a helpful first attempt, there are some fundamental issues with which the community still needs to grapple. In this post, I’ll tackle one issue – revolving around public involvement.

The NSTIC promotes a vision of multistakeholder identity governance incorporating academia, industry, standards organizations, government and civil society. While “multistakeholderism” is in vogue with the USG for describing Internet governance institutions, it is critical to understand the political science behind it. For instance, the practical and organizational challenges associated with reflecting the interests of large numbers of people with small stakes in an outcome are well known from collective action and institutional theory (Olson 1965; Ostrom and Ostrom, 1975). The logic of collective action will hold true for the IESG. Average users which compose civil society, whose stake in identity governance is small, are unlikely to have a strong enough incentive to devote the time it takes to become regularly involved in a complex, multi-tiered governance structure. On the other hand, more concentrated interests, like businesses and governments, stand to benefit substantially from Internet identity governance, and therefore will devote the resources to participate and influence outcomes.

As it stands, the IESG’s governing documents do not really confront this problem and perhaps makes it worse. While 14 different stakeholder groups are identified (including one for “unaffiliated individuals”), two classes of membership are proposed, observing (non-voting) and participating (voting). The bar for being a participating voting member is having your attendance recorded at meetings (either in-person or virtually). However, for average users that may even be too high. There is a risk that average users will be disenfranchised.

One answer is direct election by users of some or all of the Management Council. Elections provide a low-cost way for users to exercise input. One thing going in IESG’s favor is that “users” are clearly defined – they are individuals who use the trusted online identities governed by the IESG. This makes implementing an election relatively straightforward for the Secretariat and helps ensure that those setting policy and standards in the IESG remain attuned to the public interest. In this regard, it makes debate over one issue identified in Open Identity Exchange’s recent comments – corporate structure – incredibly important. Whatever structure is chosen must support a Membership that includes enfranchised users.

Another, less obvious answer is not to focus so much on participation. Rather, the governing documents should ensure there are strong forms of accountability in place. This makes theoretical as well as practical sense, and has been observed in other Internet governance institutions like ICANN (Internet Governance Project 2009). A lightweight governance structure like the proposed IESG cannot expend substantial resources on “outreach” efforts to increase participation. Instead, robust accountability mechanisms incorporated into the governing documents can be exercised when decisions are taken that are contrary to the public interest. Examples might include an independent review process to challenge specific decisions taken by the Management Council or, in more serious cases, recall mechanisms for the Management Council or Nominating Committee.

Needless to say, such answers might be less than palatable to organizations not used to multistakeholder Internet governance.

How should these actors behave in cyberspace? Do they have different roles as stewards? What should they do or not do? Where are the gaps? What is an appropriate balance? Do we need stewardship in cyberspace at all? And how does stewardship relate to strategy in cyberspace?

To explore stewardship and how it relates to cyberspace we have commissioned a special paper series with contributions from thought leaders in the field. We are pleased to announce the release of the final set of papers in the Cyber Dialogue 2012 Stewardship Series.

The full series includes:

Christopher Bronk – A Governance Switchboard: Scalability Issues in International Cyber Policymaking.

Franklyn Griffiths – Stewardship as Concept and Practice in an Arctic Context

Melissa E Hathaway and John E. Savage – Stewardship of Cyberspace: Duties for Internet Service Providers

Sandro Gaycken and Felix ‘FX’ Lindner – Zero-Day Governance: An (Inexpensive) Solution to the Cyber Security Problem

Duncan B. Hollis – Stewardship vs Sovereignty?: International Law and the Apportionment of Cyberspace

Roger Hurwtiz – Taking Care: Four Takes on the Cyber Steward

James Andrew Lewis – Stewardship, Security, and Cyberspace

Stefania Milan – When Politics and Technology Speak the Same Language

Milton Mueller – Stewardship and the Management of Internet Protocol Addresses

Thomas Rid – Subversion and Stewardship

The United States Government has expressed its commitment to preserving the Internet’s successful multi-stakeholder governance model and understands that this commitment is shared by many in the private sector, civil society, and academia.  During this session, the US government’s perspective on a range of Internet governance challenges and opportunities will be shared.

The White House recently chartered the Subcommittee on Global Internet Governance of the National Science and Technology Committee (NSTC).  This subcommittee is chaired by Administrator Strickling and Ambassador Verveer and is comprised of senior officials across the government.   The purpose of this subcommittee is to consider U.S. efforts in various international fora that bolster the multi-stakeholder approach to Internet governance, support the continuity of existing Internet institutions, and confront proposals detrimental to the multi-stakeholder model. Because the multi-stakeholder system is essential to the Internet’s continued success, the co-chairs determined that discussion with relevant private sector representatives would be a vital first step.

Tikk’s presentation in the day two plenary session focused on the applicability of existing international legal instruments to most issues addressed in the Concept Convention and called for more critical research behind and expert involvement in strategic international discussions on contemporary cyber security concerns.