84 Matching Annotations
  1. Jan 2022
    1. the U.S. government passed a sweeping cybersecurity bill called the Internet of Things Cybersecurity Improvement Act of 2020 at the very tail end of that year. The law is a more flexible and adaptable approach to cybersecurity than previous laws. Crucially, it requires the National Institute of Standards and Technology to establish best practices that other government agencies must then follow when purchasing IoT devices. The initial rules unveiled by NIST in 2021 include requiring an over-the-air update option for devices and unique device IDs. And while the law pertains only to devices purchased by the U.S. government, there’s little reason to suspect it won’t have ongoing and broad effects on the IoT industry. Companies will likely include NIST’s cybersecurity requirements in all of its devices, whether selling to the U.S. government or elsewhere.

      About US IoT cybersecurity improvement act 2020

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. Of the big three vendors, only Huawei is not a member, citing its belief that Open RAN systems cannot perform as well as the company's proprietary systems

      It will be important to follow China's attitude towards ORAN. Currently, it seems ORAN is not as efficient as proprietary - but this is likely to change. At some point, Huawei model may become less 'sellable' (ultimately, operators around the world decide on profit, especially when difference is big). Will Chinese industry ultimately turn to ORAN to some extent? Also, will China try to 'emphasise' some of the weaknesses of ORAN, eg. through cyberattacks against its virtualised elements? ||JovanK|| ||sorina|| ||AndrijanaG||

    2. Open RAN is here to stay.

      This is certain. It provides business advantages to operators, allows blooming new market, reduces dependencies, and has political impact. It will unbundle RAN dependencies and supply chain. Yet, it has drawbacks that we have to study.

    3. When an operator buys an end-to-end system from Nokia or Ericsson or Huawei, it also knows it can depend on that vendor to support the network when problems crop up. Not so with Open RAN deployments, where no single vendor is likely to claim responsibility for interoperability issues. Larger operators will likely be able to support their own Open RAN networks, but smaller operators may be reliant on companies like Mavenir, which have positioned themselves as system integrators.

      Another possible drawback of ORAN: ensuring interoperability of various vendors, in contrast to responsibility of big vendors (similar challenge to open source software). Open question: how can this impact security (similar to open source security issues)?

    4. Rakuten, in particular, faced some initial setbacks when its Open RAN network's performance didn't match the performance of a traditional end-to-end system

      (Current) Drawback of ORAN: Performance

    5. After a mandate from the British government to strip all Huawei components from wireless networks, England-based Vodafone is replacing those components in its own networks with Open RAN equivalents. Because of similar mandates, local operators in the United States, such as Idaho-based Inland Cellular, are doing the same.

      Politics influence uptake of ORAN as well: eg. Huawei ban

    6. RAN Intelligent Controller. The RIC collects data from the RAN components of dozens or hundreds of base stations at once and uses machine-learning techniques to reconfigure network operations in real time.

      Benefits of software-driven RAN: fine-tuning the performaces in real time, including though AI

    7. Every generation of our networks basically rely on special-purpose hardware with tightly coupled software. So every time we need to have an upgrade, or new release, or new fractional release, it takes years." In order to move away from a hardware-centric attitude, the O-RAN Alliance is also encouraging the wireless industry to incorporate more software into the RAN. Software-defined networks, which replace traditional hardware components with programmable software equivalents, are more flexible.

      Another benefit of ORAN for operators: moving away from hardware dependencies and lack of flexibility to update the network, towards software-driven RAN which are more flexible, updatable, and allow options for re-calibrating the network in realtime

    8. The goal in creating open standards for multiple kinds of splits is that operators can then purchase better-tailored components for the specific kind of network they're building. For example, an operator might opt for Split 8 for a large-scale deployment requiring a lot of radios. This split allows the radios to be as “dumb," and therefore cheap, as possible because all of the processing happens in the centralized unit.

      Benefit of ORAN options for operators: they can fine-tune network architecture, vendors, dependencies, costs

    9. inevitably create more points in the network for cyberattacks

      Important issue to study. Argument that more open standards bring more risks is somewhat true: it is harder to create attacks against more closed and specialised networks (plus, an attack against Huawei's network couldn't be applied to Ericsson's, etc) - but obscurity is not really a cure for security (most experts don't believe in 'security by obscurity'). More important element is that much of the functionality of ORAN will be moved to software and cloud, much like other ordinary services. This makes core telecom networks more 'ordinary', and prone to common cyber-attacks and vulnerabilities related to common digital networks. It is important to further study those risks. ||AndrijanaG|| ||VladaR||

    10. Open RAN makes it easier to focus on developing new software without worrying about losing potential customers intimidated by the task of integrating the tech into their wider networks

      ORAN opens up advancement of software solutions for 5G networks - key to virtualisation

    11. A very good reading that explains technical details (in light language) of O-RAN and future of 5G/6G networks in terms of software virtualisation, supply chain diversification, pros and cons. Useful for DW on 5G, for ITP course, our work on standards, etc ||GingerP|| ||sorina|| ||JovanK|| ||VladaR||

    12. Proposed Open RAN Functional Splits

      Great visual of ORAN split options

    13. Open RAN is making it possible to pick and choose different RAN components from different vendors

      Result of fragmentation of the RAN technology into smaller functions

    14. New wireless generations maintain backward compatibility, so that, for example, a 5G phone can operate on a 4G network when it's not within range of any 5G cells. So as operators build out their 5G deployments, they're mostly sticking with a single vendor's proprietary tech to ensure a smooth transition.

      Another reason why telecom operators get bound to major 5G operators for longer - and they want to avoid this

    15. In current 5G systems, the baseband unit splits those tasks between a distributed unit and a centralized unit. Open RAN concepts hope to build on that split to create more flexible, thinly sliced RANs.

      The key of the technical aspect of ORAN: to break down the technical structure into smaller pieces, based on functions pieces perform. This can dummer (and cheaper) radio units vs smarter baseband units (which can also be more based on software), or vice-versa as described below in the text

    16. RAN is the most expensive part of an operator's deployment," says Sridhar Rajagopal, the vice president of technology and strategy at Mavenir, a Texas-based company that provides end-to-end network software. “It takes almost 60, 70 percent of the deployment costs."

      Important: RAN takes vast majority of costs.

    17. they see Open RAN as a necessary tightening of the specifications to prevent big vendors from tacking their proprietary techniques onto the interfaces, thereby locking wireless operators into single-vendor networks

      So it's not so much about ensuring interoperability, as it is to avoid big players to lock them up

    18. O-RAN Alliance members hope Open RAN can plug the gaps created by 3GPP's specifications

      ORAN opens the network to diversity, but it doesn't necessarily help interoperability?

    19. there is currently no guarantee that a radio manufactured by one vendor will be interoperable with a baseband unit manufactured by another vendor.

      In spite of existing standards, there is no one who can guarantee that standards make products of various vendors fully interoperable. Later in the text, it says that this remains sort of a challenge with ORAN as well - as network gets more diversified in terms of vendors, more vendors should be 'hold to account' for interoperability. ||sorina||

    20. The group formed in 2018, when five operators—AT&T, China Mobile, Deutsche Telekom, NTT Docomo, and Orange—joined to spearhead more industry development of Open RAN.

      ORAN emerged from the challenge of telecom operators which were bound to one of the three providers - and often remain locked for years.Politics didn't seem to play much at the time (though Huawei bans contributed, in UK and US, to the boost of ORAN) - but may capitalise from it.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. Smartphone users in China

      It's not only about China and US, but all the others that would have to choose 'binary'.

    2. concepts like privacy, security, or sustainability

      These concepts are very broad. Devil is in details, as examples below show. It will get increasingly complex to understand how each bit of technology (like examples below) impact values and principles!

    3. The European Union has previously passed laws protecting personal data and privacy such as the General Data Protection Regulation (GDPR).

      Linked to above: should laws be embeded into standards? Or, rather, standards could enable implementation of law, but leaving it open whether this is used or not?

    4. personal liberty, data security, and privacy in Europe, and if we wish our new technologies to support those views, it needs to be baked into the technology

      This is important: attempts to enshrine various political/societal values into standards (be it by US, EU, or China). This seems to be new, and game-changing - it's not about market and efficiency of technology (only) any more. ||JovanK|| ||sorina||

    5. will drop

      Will Huawei and China have anything from fragmentation of standards? On contrary - same as US, they will loose the global markets they want to dominate (and particularly developed countries which are mainly close to US).

    6. Sources that IEEE Spectrum spoke to noted how the move increased tensions in the wireless industry,

      Now this is a real concern, I would say - the US steps against Huawei, rather than Chinese expected push for standards dominance (same as everyone else does).

    7. There is a lot of money, prestige, and influence in the offing for a company that gets the tech it's been championing into the standards.

      So, what's really new there?

    8. autonomous vehicles and holographic displays

      Interestingly, this was the same challenge for 5G: what will it really be used for, that current networks can't allow? And autonomous vehicles are one of examples for 5G; so what's new? There will be many speculations about why 6G is really needed (also as a business model), that 5G can't give (beyond mere speculations).

    9. spectrum sharing

      This will maintain the main role of ITU - esp. this interplay with satellites and frequencies. There is an intrinsic political component in it: states' regulators are the ones that determine national spectrum allocation, based on intern. agreements in ITU. This is unlikely to change.

    10. 3GPP

      3GPP is an industry association. We shouldn't neglect the role of ITU, which is the only one really dealing with spectrum regulation, but it also deals with network standardisation of 'International Mobile Telecommunications' (or IMT) as they label it (their IMT-2020 programme). It will be interesting to observe how the industry standardisation efforts and the political standardisation efforts will interplay in increasingly politicised environment. ||sorina|| ||JovanK||

    11. none of those companies make the equipment that will comprise the network

      I am not so sure. With open RAN, we are seeing digital giants like Microsoft entering the playground for 5G - and I bet they are there to stay, and shape the future. Though we have to wait and see how ORAN will play out in terms of business, efficiency, security, etc (there are high investments and expectations).

    Created with Sketch. Visit annotations in context

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. ethos

      Most likely not just business ethos, but societal/political?

    2. China and India

      This may indeed make a change: China and India may be more likely to preserve their quality labour, rather than letting them braindrain to US. How about smaller countries - like Serbia - which will have limited opportunity for business growth (or not)?

    3. Singapore

      One aspect I feel missing here is an open society. To what extent has the US open society, freedoms, etc allowed SV to flourish? To what extent is it so today? We see interesting 'green' and 'leftish' opinions emerging among SV workers (not leaders, though). Creativity probably requires all sorts of freedoms, including political.

      Singapore is a very controlled society, with limited freedoms. This is much harder to change than many other aspects (education focus, immigration, etc). Is this a real barrier to Singapore (and other Asian places) to turn to SV? ||JovanK||

    4. flexibility in housing benefits

      Housing also has a physical limitation in Singapore, unlike SV.

    5. most single people needing to find roommates

      This also signals that SV can piggy-back mostly on young, single people, rather than on family people.

    6. Cutting-edge researchers thus have a consistent pulse on commercial problems, and the system is flexible enough to accommodate their varied interests. 

      Yet, it seems this also drives academics and researchers out of academia, into business - and rarely gets them back (to the extent they should be). This erodes conventional education system. We may say that this pulse of commerce is important for education as well - we have missed it in the past; but, we may now have too much of commerce and too few of fundamental (non-comercialised) academia. While there certainly is a need to re-invent education, it shouldn't become fully commerce/monetisation-driven, as it seems to go more and more. How to ensure more philosophy, arts, fundamental sciences, humanity sciences, feed into all of the education, if all goes to commercialisation?

    7. the point of winning the game (for example, taking a company to an Initial Public Offering or an acquisition) is not to retire but to play the game again

      I wonder to how many people in SV this really is the key? For managers/start up founders that are driven by playing over and over (as an adrenaline addiction probably), this stays; but many 'ordinary workers' (especially those with families) would probably prefer more 'Singapore' model - off-time.

      This 'always on' time is important for creativity and play, but it also confronts the needs for greater personal time (off-time) which, I guess, is indespensible for humanity to get back to it root values, away from money and towards other, more important aspects of well-being.

      How to find the right balance?

    8. idea of work as play

      While I don't think it is so ideal in SV, I believe this 'play' part is an important concept that makes people happier and more creative. 'Play' is/should be an important part of Diplo's work as well ||JovanK||

    9. just one in a hundred investments is expected to provide the lion’s share of returns

      Worse than I thought (I though 10%...)

    10. Trying and failing are seen as valuable learning experiences rather than a judgement on someone’s competency

      It is similar mindset in Israel as well. This makes it successful with innovations and high-tech as well.

    11. failure is the median outcome

      powerful description

    12. dreamed

      Is this a key word of SV: 'dreams'? Musk's dreams of space exploration, as high-end example?

    13. biggest pay-offs come when you are imagining what the world should be and innovating towards that ideal, rather than aiming for incremental change

      Interesting: aiming for tectonic shifts and ideas, not small bites

    Created with Sketch. Visit annotations in context

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. One of the virtues of knowledge graphs is that their responses are intrinsically explainable

      Important!

    2. errors become more impactful

      Well put!

    3. give definite answers to user queries

      How do knowledge graphs deal with diverse opinions? For instance, it is streightforward that Zuckeberg and FB are connected through CEO edge, but how about multiple opinions between 'Facebook' and 'humanity'? What sort of 'definite answer' would knowledge graphs give - and is there a danger that they decide on a certain set of opinions, unlike the list of resources which allows readers to judge on his/her own?

    Created with Sketch. Visit annotations in context

    Created with Sketch. Annotators

    Created with Sketch. URL

  2. Aug 2021
    1. announced n

      I added notes to the original post as well.

    2. A very interesting debate on Apple's new option for alerting about child sexual abuse content (photos) by matching them with known databases of such content - without actually revealing the content itself. I find the arguments of privacy-defenders problematic - I provided number of points below. It would be great to hear your thoughts/reflections? BTW look at the Apple's announcement (link in this document) where I posted comments on the technology/approach, as clarifications.

      ||GingerP|| ||StephanieBP|| ||JovanK|| ||AndrijanaG||

    3. Apple Inc.'s deployment of its proposed content monitoring technology is halted immediately.

      This is what concerns me with such initiatives. They are becoming 'fundamentalistic'. While even the security services have been trying to discuss options with the community (number of papers and proposed solutions, which were pushed backed by a community), the community is not even trying to find a mid-solution, or get into dialogue. They are very radical - 'halt immediately'. No space for dialogue on issues they identified: accountability, etc.

    4. lack of accountability, technical barriers to expansion, and lack of analysis or even acknowledgement of the potential for errors and false positives.

      True concerns

    5. The database, managed by the Global Internet Forum to Counter Terrorism (GIFCT), is troublingly without external oversight, despite calls from civil society.”

      Valid concern, and good example. Though sexual abuse is still ius cogens and visibility different from judgement on what is terrorist and not. Simply, a shift of Apple to include 'terrorism' in a same manner would be very noticeable and problematic from them, regardless of this (or other) technology they develop. It could/would hurt them.

    6. What happens when local regulations in Saudi Arabia mandate that messages be scanned not for child sexual abuse, but for homosexuality or for offenses against the monarchy?

      Valid concern. But it is not about this technology - he clearly notes the example of FaceTime. It is about readiness of companies to compromise for markets - is this not a different (though) related issue?

    7. How long do you think it will be before the database is expanded to include "terrorist" content"?

      This is a valid concern: that the next step could be terrorist content. But, unlike for child sexual abuse, there is no single/synced global database of content which can serve for checking/alerts; it would need to be government or few-governments databases only, and this would already trigger Apple or other providers not to extend their technology towards that. It will ultimately be decision of tech providers, but as always will depend on the market/demand.

    8. it is a firm step towards prevalent surveillance and control

      With this logic, every new IoT is a surveillance device by default.

    9. Apple is replacing its industry-standard end-to-end encrypted messaging system with an infrastructure for surveillance and censorship

      This is not really true: encryption stays, and there is no backdoor. There is only an add-on before the encryption. One option is to allow this as an opt-in or opt-out solution; thus parents can decide to switch on.

    10. that can only be used for sexually explicit images sent or received by children

      Well, that is true, but it is also impossible to create any technology that can't be misused. Thus, it is not only about control of the technology but also about control of the governments/society..

    11. where our personal devices become a radical new tool for invasive surveillance

      Could this happen? Possibly, if we don't control the LEA which tag sexual abuse content. But with global cooperation against sexual abuse, there are commonly shared databases across countries, and it might be harder to LEA of a single country to insert some political content within. Thus, there is some risk, but I think it is overstretched.

    12. they have the potential to bypass any end-to-end encryption that would otherwise safeguard the user's privacy.

      Indeed, they do - but they don't reveal content. They only signal if it matches with known sexual abuse content.

    13. Another notifies a child's parents if iMessage is used to send or receive photos that a machine learning algorithm considers to contain nudity

      I understood this is an option that parents can switch on. Anyhow, from Apple's description it is not really an AI that reads the photos, but rather only crypto-signature which is matched with a known database of sexual abuse photos. This is quite different.

    14. monitoring

      again, an overstatement - it does monitor, but not photos really: it has a (accurate) system to alert if a photo is child abuse, without seeing the photo

    15. a backdoor

      This might be an overstatement: it's not a backdoor really, it doesn't decrypt content

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  3. Jun 2021
    1. continuation of the inclusive and transparent negotiation process

      This, along with subsequent paragraphs, signal abandoning the GGE format, and replacing it with PoA (which may be focused on implementation of norms and capacity building, but also on shaping new measures).

    2. categorize CERTs/CSIRTs as part of their critical infrastructure

      Interesting 'suggestion' to categorise CERTs as critical infrastructure

    3. curb their commercial distribution as a means to protect against any misuse that may pose a risk to international peace and security or human rights

      This is a very important 'upgrade'. Vulnerabilities are being part of (legal) commercial services and products used by criminals as well as governments and security services to penetrate into systems. Overall, this reduces safety and security, and often endangers human rights (as security services use these tools to snoop on activists and journalists).

      This measure clearly asks for curbing such (legal) practices. This may be used also by human right groups to put pressure on States where such businesses reside (businesses that produce offensive tools - including tools then used to attack activists).

    4. systematize the reporting of ICT vulnerabilities and requests for assistance between countries and emergency response teams

      CVD is linked with requests for assistance between countries, which were outlined above.

    5. he exploitation of vulnerabilities in ICT products

      Direct call to control on a national level the exploitation of vulnerabilities (eg. vulnerabilities equities process - VEP, and in general transparency about how vulnerabilities are exploited).

      Further work on such transparency and VEP measures, and even prohibiting exploitation of vulnerabilities is needed.

    6. security of ICT products

      Par. 56-59 are a very important elaboration of the supply chain security measures, and the accountability of the private sector for security by design: through regulators' measures (such as certification schemes), interoperable standards, as well as vendor's good practices on security-by-design approach.

      Very relevant for initiatives like the Geneva Dialogue on Responsible Behaviour in Cyberspace, Paris Call (Working group 6), and other.

    7. measures to ensure the safety and security of ICT products throughout their lifecycle

      Placing this under the part on critical infrastructure signals the growing importance of the topic (security of digital products)

    8. mass surveillance

      Explicit reference to "mass surveillance" (as part of the compromise on other elements?)

    9. An affected State should notify the State from which the activity is emanating. The notified Stateshould acknowledge receipt of the notificatio

      Clearly setting an expectation of direct communication between parties (and 'proofs' - receipt) before any other action is undertaken

    10. can include the incident’s technical attributes; its scope, scale and impact; the wider context, including the incident’s bearing on international peace and security; and the results of consultations between the States concerned

      The report sets expectations for what an attribution might/should consist of. It is particularly interesting that it suggests 'evidence' of a bilateral exchange - thus encouraging direct cooperation and exchange before attribution is done.

    11. The measures recommended by previous GGEs and the OEWG represent an initial framework for responsible State behaviour in the use of ICT

      In a way, the GGE report re-confirms that the framework for responsible behaviour is based on GGE and OEWG agreements. No other resolutions are mentioned here.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Annotators

    Created with Sketch. URL

  4. Mar 2021
    1. including the possibility of additional legally binding obligations.

      This was pushed in by China, though opposed by the West. Additional legally binding obligations most likely refer to a possible future Code of Conduct/global treaty (as proposed by the Shanghai Cooperation Organisation earlier)

    2. Programme of Action should be further elaborated including atthe Open-Ended Working Group

      While this gives 'mandate' to OEWG to discuss PoA, it doesn't limit the options of running the PoA through other venues ("including at") - GA, First Committee, GGE report, or other. One can expect, however, that PoA will be among first elements of the OEWG2 agenda.

    3. support the capacities of States in implementing commitments in their use of ICTs, in particular the Programme of Action

      PoA is framed in context of support with the capacities of states in implementations. PoA is, however, envisaged as a possible single process to replace other processes in terms of institutional dialogue - as a continuous process (https://dig.watch/updates/france-and-partners-propose-programme-action-advancing-responsible-state-behaviour) This framing is not helping with this.

    4. ensure the continuation of the inclusive and transparent negotiation process

      Important element is the transparency and inclusiveness. Even if it is not explicit about the involvement of non-state stakeholders, transparency is rather clear here (one of the main remarks to the GGE work, besides being for a limited number of states, was its confidentiality and lack of transparency).

    5. of other issues.7

      It was removed in the final round: "including terrorism, crime, development, human rights and Internet governance."

      This is a continuous 'battle' on what the OEWG (ie UN institutional dialogue) talk and not talk about - in particular whether cybercrime should be included, and that it should (not) address Internet governance aspects such as content policy, or ICANN-related issues.

    6. Some non-State actors have demonstrated ICT capabilities previously only available to States

      This is interesting: attribution to states was always contested. Yet here, we hear that non-states have capabilities that states have… yet we don't know what states have due to lack of transparency.

    7. The OEWG recognizes the importance and complementarity of specialized discussions on aspects of digital technologies addressed by other UN bodies and fora

      This may, in particular, refer to the UN digital cooperation track as well as the IGF, but also the 'digital elements' of the SDG process

    8. general availability or integrity of the Internet,

      Indirect reference to the call by the Global Commission on Stability of Cyberspace (GCSC) for the protection of the Public Core of the Internet: https://cyberstability.org/research/call-to-protect/ GCSC defines the public core to include packet routing and forwarding (thus routing protocols), naming and numbering system (thus ICANN and IANA work), cryptographic mechanisms of security and identity (including DNSSec and similar protocols), and physical transmission media (including submarine cables): https://cyberstability.org/wp-content/uploads/2018/07/Definition-of-the-Public-Core-of-the-Internet.pdf

      Here, only a mention of 'general availibility and integrity of the Internet' was included, but this is a step forward. It is also mentioned in par. 26 under Norms, which is even more relevant.

    9. The continuing increase in incidents involving the malicious use of ICTs by State and non-State actors, including terrorists and criminal groups,is a disturbing trend

      It is pity this language has not been stronger, and more explicit. In particular, exploiting vulnerabilities should have been explicitly mentioned as 'disturbing' - if not condemned (having in mind SolarWinds and other examples).

      Exploiting a vulnerability against one system discloses the vulnerability of a whole classes of commercial systems to the broader public. This then ends up being exploited by criminals against other such systems around the world, thereby weakening the entire cyberspace.

      While it may be understood to fall under "malicious use of ICT", it is important to clearly spell it out.

    10. The continuing increase in incidents involving the malicious use of ICTs by State and non-State actors, including terrorists and criminal groups,is a disturbing trend.

      It is pity this language has not been stronger, and more explicit. In particular, exploiting vulnerabilities should have been explicitly mentioned as 'disturbing' - if not condemned (having in mind SolarWinds and other examples).

      Exploiting a vulnerability against one system discloses the vulnerability of a whole classes of commercial systems to the broader public. This then ends up being exploited by criminals against other such systems around the world, thereby weakening the entire cyberspace.

      While it may be understood to fall under "malicious use of ICT", it is important to clearly spell it out.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL