Digital Discourse / Archives for Mark MacCarthy

The Value of Large-Scale Data Collection and Analysis: BotNet Prevention

May 30, 2012 By

At today’s White House event on Stopping Botnets, Michael DeCesare, Co-President of McAfee, made a compelling case for the value of large-scale data analysis in botnet prevention.

“We’re often asked what can be done to combat botnets, and here is the basic answer: We need to make sure that individual machines are not infected in the first place. We need to do this by delivering security faster than our adversaries deliver malware…Indeed, having real-time visibility into emerging threats and a comprehensive view across the threat landscape is a powerful means of defeating botnets, which can multiply extremely quickly. One robust technology that enables this real-time global visibility is called Global Threat Intelligence. With Global Threat Intelligence, millions of sensors scan the Internet across the globe and feedback real-time data on botnets and other threats. This data is instantaneously correlated and fed back into security products, delivering real-time protection to customers, as we identify and block the malicious files, IPs and URLs used by the botnets. With even more threat data from more security organizations fed into this network, customers would get even more comprehensive visibility into the quickly changing patterns of botnet infestations and could take immediate steps to counter them.”

Mr. DeCesare’s comment at the White House today echoes what all security professionals know: constant monitoring of the Internet by security firms and real-time analysis of the vast quantities of data collected is absolutely vital to the fight against infected computers and other cybersecurity threats.

Other companies also collect and analyze Internet data for the purpose of cybersecurity threat detection. Google recently launched a notification effort for users of computers and routers infected with the DNSChanger malware. Users will see a message at the top of the Google search results page. Without the compilation and analysis of vast amounts of Internet information such a notification project could not even get off the ground.

The problem is enormous. According to McAfee’s latest quarterly report, more than 5 million systems were infected with botnets per month between January and March of 2012. The collection and analysis of massive amounts of Internet data for security threats cannot by itself solve this worldwide collective problem. But without it efforts to reduce the problem will surely fail.

At the White House meeting today, speakers emphasized the need for public private partnerships, collaboration across industry, the need for all agents in the ecosystem to do their part, the importance of the government as a convener of collective effort. While all this is important and can be done with additional regulation, the domestic and international policy space must be large enough to accommodate the needs of security firms to collect and analyze large amounts of Internet data.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: Policy, Policy - Cybersecurity Tagged With: ,

Forced Localization: The New Protectionism

May 22, 2012 By

What do the following examples have in common?

  • In 2009, China proposed an indigenous innovation policy that would have explicitly restricted government contracts to goods whose embodied intellectual property was domestically owned.
  • In 2010, Norway ruled that cities could not use cloud computing services unless the servers were located domestically. Denmark followed suit in 2011.
  • In 2011, Kazakhstan attempted to require all .kz domains to operate on domestic servers.
  • In 2012, India proposed a requirement that government agencies purchase electronic goods and services with 30% local content.

These cases are examples of required localization: governments attempt to restrict the sale of goods and services within their territory to those which have been produced locally. The localization can be in terms of embodied intellectual property rights, manufacturing facilities, or facilities providing cloud computing services.

Governments cite national security concerns, or consumer protection issues or privacy and government access worries when imposing these restrictions. From a trade and economic point of view, however, they increase economic nationalism at the expense international trade.

What seemed like a series of isolated incidents now seems to be a trend, which if left unchecked, could seriously undermine the goal of increasing the flow of goods and services across borders. The 2012 Special 301 Report (p. 18) and the 2012 Section 1377 telecom trade report document the extent to which these localization initiatives could hinder bi-lateral, regional and global economic integration.

SIIA and other worldwide businesses and trade associations are seeking an effective response to the growing threat of a new protectionism based on localization initiatives.

Two principals that are gaining wide currency among industry and NGOs stand in stark opposition to this new protectionism. These principles are embodied in the agreement between the Office of the United States Trade Representative and the European Commission on a set of trade-related principles for information and communication technology (ICT) services:

  • Cross-Border Information Flows: Governments should not prevent service suppliers of other countries, or customers of those suppliers, from electronically transferring information internally or across borders, accessing publicly available information, or accessing their own information stored in other countries.
  • Local Infrastructure: Governments should not require ICT service suppliers to use local infrastructure, or establish a local presence, as a condition of supplying services. In addition, governments should not give priority or preferential treatment to national suppliers of ICT services in the use of local infrastructure, national spectrum, or orbital resources.

Since this agreement was made in April 2011, several intergovernmental, industry and non-governmental civil society groups have endorsed these principles, including SIIA, the Aspen Institute, the Organization for Economic Cooperation and Development (OECD), and a group of trade associations and companies lead by the National Foreign Trade Council.

There is momentum in both the private sector and the U.S. government to take on this issue in the strongest possible way. The US government is ramping up its efforts to move these principles forward. For instance, they are embodied in the electronic commerce chapter of the U.S. proposal in the Trans-Pacific Partnership (TPP) trade negotiations.

SIIA urges that this issue be moved to the highest levels of U.S. government decision making and raised in all significant international venues including economic gatherings of heads of state such as the recent G-8 meeting, meetings of the ministers of the Asia Pacific Economic Cooperation group, committees of the World Trade Organization, OECD working groups and trade discussions such as TPP. Only a sustained, high-level commitment from the U. S. government will turn the tide against this new form of economic nationalism.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: Cloud Computing, Government, Policy, Policy - Cloud Computing, Software Tagged With: , , ,

Mobile Payments Get Currency

April 25, 2012 By

The FTC is looking at mobile payments this Thursday, an event that caps several weeks of intense attention to this innovative new technology by policymakers. In March the House Financial Services Committee and the Senate Banking Committee held hearings. And the Internet Caucus held a Congressional briefing, which I chaired.

Several years ago a study by ITIF highlighted mobile payment’s opportunities for efficiencies, growth and innovation. It wondered why it hadn’t taken off in the US, the way it had in other jurisdictions such as Japan and Korea. Since then Square, Intuit, Google, ISIS, PayPal have all ramped up their efforts to bring the new service to consumers and retailers in an attractive easy to use package. The majority of Americans will be embracing mobile payments by 2020, a Pew Internet study found last week.

The benefits are enormous. Mobile payment technology means faster checkout, more through put for merchants, the opportunity to send and receive offers and promotions, greater security, and a platform for new innovative services that haven’t been created yet.

It is worth pausing on the benefits of increased security. Unlike traditional magnetic stripe payment card transactions, mobile payments use a different security code for each transaction. Even if the transaction data is compromised, it cannot be used to make a counterfeit card that would work at the point of sale. This takes the merchant system out of harm’s way and reduces risk to cardholders. Mobile payments implemented on a smartphone can also be protected by a password or PIN number, adding barriers to illicit use of a lost or stolen phone. If asked to choose based on security, shoppers would be smart to use mobile payments over traditional cards.

Some have suggested that mobile payments create increased privacy risks because new information would be available to new players. But these risks are speculative and are being addressed in advance by market players who design their systems to be privacy-protective. They know that the market will only work on the basis of trust, careful handling of personal information, and a compelling user experience.

Mobile payment providers collect location information from their users, but only with affirmative consent. Product specific information isn’t collected at all and so cannot be added to a consumer profile to target ads. Cell phone and email information are available to mobile payment service providers at the time of sign up, but are not transferred to third parties such as retailers. Mobile payment services are savvy enough to avoid the mistake of allowing secret, undesirable acquisition of contact information by third parties. Under the Google Wallet rules, for example, contact information could not be disclosed to a retailer for marketing or advertising purposes without affirmative consent.

The privacy default for mobile payments is that consent is needed for any sharing of consumers’ personal information for marketing purposes. Industry participants have set up their systems with this requirement for consent as the default. This privacy-by-default approach renders concerns about privacy violations more theoretical than real. Mobile payment users can feel confident that they can enjoy the conveniences and added security and usefulness of mobile payments without worrying about privacy violations.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: All About Mobile, Government, Mobility, Policy, Policy - Cybersecurity, Policy - Privacy, Software, Software Events Tagged With: , , ,

SIIA Welcomes Aspen Insitute’s Cross Border Data Principles

April 24, 2012 By

Today the Aspen Institute released its first report on its IDEA project. It is a first-rate summary of Internet freedom issues and a call to action to implement principles designed to keep the Internet an open, vibrant platform for free expression and economic activity. In particular, the report endorses the cross-border data flow principles that SIIA has been supporting:

Free Flow of Information Principles
1. Governments should allow the free flow of information globally.
a. Allowing information to move freely and be stored globally permits the capture of economies of scale and makes it possible to reap the economic benefits associated with the Internet.
2. Governments should not artificially or geographically restrict facilities and information storage.
a. Artificially limiting the location of data geographically reduces the resiliency of the Internet and undermines its stability.
b. Governments should not require that facilities or information be located in a specific country or region.

SIIA member companies rely on the Internet as a platform for free expression, the distribution of content protection by strong intellectual property rules, electronic commerce, cloud computing and a unprecedented range of economic and cultural activities. SIIA is committed to maintaining the openness and viability of a free Internet. SIIA congratulates the Aspen Institute for putting together these principles and for carrying forward this important work. We look forward to working with policy makers to implement them.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: Policy, Policy - Cloud Computing, PSIG Tagged With: ,

SIIA Welcomes New FTC Privacy Report

March 26, 2012 By

SIIA welcomes today’s clarification of the FTC’s policies in the area of online privacy. This clarification is especially important because of the FTC’s substantial authority to bring cases against the companies it claims are in violation of its policies. SIIA has long supported a collaborative, public-private approach as the best way to ensure consumer privacy, and we cannot endorse the report’s call for new legislation. In light of the FTC’s substantial authority in this area, we do not believe there is a need for new privacy legislation.

Read today’s coverage of SIIA’s stance:

FTC Report Calls for Transparency, Stops Short on Do Not Track Law – E-Commerce Times

FTC privacy: Key excerpts from the report – Washington Post

FTC Pushes ‘Do Not Track’ Privacy Option for Consumers – National Journal

FTC Chairman: Do-Not-Track Law May Not Be Needed – PC World

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: ,

Reply to Chertoff: Do Not Let the Perfect be the Enemy of the Good on Privacy and the Cloud

February 10, 2012 By

In his recent op-ed (Cloud computing and the looming global privacy battle, February 9, 2012), Michael Chertoff properly worries about privacy in the cloud. But he’s wrong to think that all problems are equally important or that they all must be solved at once.

We shouldn’t wait for harmonized privacy regimes before making progress on cross border data flows. The priority going forward should be a system of clear and simple procedures that allow global companies to comply with substantively different privacy regimes. In the absence of simple compliance procedures, millions of dollars will be spent on unnecessary bureaucratic paper shuffling instead of on productive investments that can generate economic growth and jobs. Eliminating this waste must be a priority, especially given the worldwide economic challenges.

One way forward is through international agreements that put streamlined compliance procedures in place. To accomplish this, countries have to be willing to approve data transfers across borders when companies demonstrate that they are in compliance with local rules. Mechanisms adopted by the Asia Pacific Economic Cooperation group move in this direction. Proposals tabled in the Trans Pacific Partnership trade discussions also contain this key idea. And the European Union’s proposed data protection regulation provides that compliance can be based on contracts, binding corporate rules or codes of conduct approved by single EU member regulator.

Deep integration of privacy regimes is a worthy, but distant goal. Fostering interoperability and cross border data flows are urgent immediate needs. We shouldn’t let the perfect be the enemy of the good.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: All About the Cloud, Cloud Computing, Cloud/Gov, Policy, Policy - Privacy, Software Tagged With: ,

Internet Freedom is an Economic Issue, Too

February 6, 2012 By

Much has been accomplished in the two years since Secretary of State Hilary Clinton launched a foreign policy initiative designed to press other governments to recognize the unrestricted flow of information on the Internet as a human right. The thirty-four countries in the Organization for Economic Cooperation and Development (OECD) adopted Principles for Internet Policy Making. The principles call for free flow of information on the Internet, especially across borders. This approach extends ideals of free expression and exchange of ideas–at the heart of our First Amendment and the United Nations Declaration of Human Rights–to the global Internet.

But there is another way to look at Internet freedom. When a country keeps out or restricts offshore social networks, search engines and micro blog platforms, or restricts access to offshore news and cultural affairs sites, or requires domestic location of cloud computing facilities, or does not allow the transfer of information abroad for data processing, this assault on freedom becomes protectionism. These actions have a substantial effect on trade, jobs, and economic growth. Internet freedom is an economic issue, too. And thinking of Internet freedom as a trade issue provides its proponents with a range of new tools and policy mechanisms for advancing this public policy objective.

Several recent industry initiatives recognize the economic dimensions of Internet freedom. The principles on cross-border data flows, adopted by National Foreign Trade Council, SIIA and other trade associations in November, call for governments to allow the unrestricted flow of information across borders and to refrain from imposing localization requirements on remote computer processing services. In April, the U.S.Trade Representative (USTR) and the EU signed an agreement on trade in the information and Computer Technology services, which also contain these principles of no data barriers and no localization requirements.

Restrictions on Internet-based services are problematic under General Agreement on Trade in Services (GATs). GATs generally prohibits barriers on cross-border flows of information related to Internet-based services when the country has agreed to open that service sector. These commitments can be enforced through a well-developed dispute resolution mechanism at the World Trade Organization. Are existing restraints on Internet-based services acceptable under WTO rules? Exploring that question would provide a step toward thinking of Internet freedom as an economic and trade issue.

It is true that countries retain the right under GATs to pursue a variety of domestic public policies, even if it has a chilling effect on trade. Countries have substantial leeway to provide for privacy, consumer protection, cybersecurity, and the protection of intellectual property. They can also take measures that are ‘‘necessary to protect public morals or to maintain public order.’’ Many restrictions on Internet-based services might seem to be legitimate under these exceptions.

But these exceptions are limited. The public morals exception, for example, must be “necessary” to achieving the public policy goal and no more restrictive of trade than is necessary to achieve this objective. Under existing WTO precedents, countries must do more than claim the exemption under these WTO precedents; they must be able to show that is narrowly tailored to meet the public policy objective.

Trade negotiations can be a tool in advancing Internet freedom. The U.S. – Korea Free Trade Agreement recently approved by Congress calls for the signatories to “endeavor to refrain from imposing or maintaining unnecessary barriers to electronic information flows across borders.” The U.S. is attempting to improve on this hortatory language in discussions surrounding the Trans Pacific Partnership (TPP) trade agreement. They have tabled proposals to eliminate barriers to information flows across borders and to prohibit a domestic presence for remote data processing.

The TPP proposals acknowledge that countries can have different substantive privacy regimes, but narrows this exception by proposing that enforcement cannot take the form of a ban on transfers of information. A country’s privacy regime must allow global companies to demonstrate compliance with local privacy rules through mechanisms such as binding contracts or adherence to enforceable codes of conduct.

The proponents of Internet freedom need new tools and policy mechanisms for advancing this noble objective. Thinking of Internet freedom as a trade issue provides just that.

Mark MacCarthy will participate in a free panel discussion, “The Global Internet and the Free Flow of Information,” Tuesday, February 7th, 9:30 am-12:30 pm at the Pew DC Conference Center, for part two of Media Access Project’s fifth annual Forum Series.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: Policy Tagged With: ,
« Older Posts
Newer Posts »