ORAN opens up advancement of software solutions for 5G networks - key to virtualisation

A very good reading that explains technical details (in light language) of O-RAN and future of 5G/6G networks in terms of software virtualisation, supply chain diversification, pros and cons. Useful for DW on 5G, for ITP course, our work on standards, etc ||GingerP|| ||sorina|| ||JovanK|| ||VladaR||

Great visual of ORAN split options

Result of fragmentation of the RAN technology into smaller functions

Another reason why telecom operators get bound to major 5G operators for longer - and they want to avoid this

The key of the technical aspect of ORAN: to break down the technical structure into smaller pieces, based on functions pieces perform. This can dummer (and cheaper) radio units vs smarter baseband units (which can also be more based on software), or vice-versa as described below in the text

Important: RAN takes vast majority of costs.

So it's not so much about ensuring interoperability, as it is to avoid big players to lock them up

ORAN opens the network to diversity, but it doesn't necessarily help interoperability?

In spite of existing standards, there is no one who can guarantee that standards make products of various vendors fully interoperable. Later in the text, it says that this remains sort of a challenge with ORAN as well - as network gets more diversified in terms of vendors, more vendors should be 'hold to account' for interoperability. ||sorina||

ORAN emerged from the challenge of telecom operators which were bound to one of the three providers - and often remain locked for years.Politics didn't seem to play much at the time (though Huawei bans contributed, in UK and US, to the boost of ORAN) - but may capitalise from it.

It's not only about China and US, but all the others that would have to choose 'binary'.

These concepts are very broad. Devil is in details, as examples below show. It will get increasingly complex to understand how each bit of technology (like examples below) impact values and principles!

Linked to above: should laws be embeded into standards? Or, rather, standards could enable implementation of law, but leaving it open whether this is used or not?

This is important: attempts to enshrine various political/societal values into standards (be it by US, EU, or China). This seems to be new, and game-changing - it's not about market and efficiency of technology (only) any more. ||JovanK|| ||sorina||

Will Huawei and China have anything from fragmentation of standards? On contrary - same as US, they will loose the global markets they want to dominate (and particularly developed countries which are mainly close to US).

Now this is a real concern, I would say - the US steps against Huawei, rather than Chinese expected push for standards dominance (same as everyone else does).

So, what's really new there?

Interestingly, this was the same challenge for 5G: what will it really be used for, that current networks can't allow? And autonomous vehicles are one of examples for 5G; so what's new? There will be many speculations about why 6G is really needed (also as a business model), that 5G can't give (beyond mere speculations).

This will maintain the main role of ITU - esp. this interplay with satellites and frequencies. There is an intrinsic political component in it: states' regulators are the ones that determine national spectrum allocation, based on intern. agreements in ITU. This is unlikely to change.

3GPP is an industry association. We shouldn't neglect the role of ITU, which is the only one really dealing with spectrum regulation, but it also deals with network standardisation of 'International Mobile Telecommunications' (or IMT) as they label it (their IMT-2020 programme). It will be interesting to observe how the industry standardisation efforts and the political standardisation efforts will interplay in increasingly politicised environment. ||sorina|| ||JovanK||

I am not so sure. With open RAN, we are seeing digital giants like Microsoft entering the playground for 5G - and I bet they are there to stay, and shape the future. Though we have to wait and see how ORAN will play out in terms of business, efficiency, security, etc (there are high investments and expectations).

Most likely not just business ethos, but societal/political?

This may indeed make a change: China and India may be more likely to preserve their quality labour, rather than letting them braindrain to US. How about smaller countries - like Serbia - which will have limited opportunity for business growth (or not)?

One aspect I feel missing here is an open society. To what extent has the US open society, freedoms, etc allowed SV to flourish? To what extent is it so today? We see interesting 'green' and 'leftish' opinions emerging among SV workers (not leaders, though). Creativity probably requires all sorts of freedoms, including political.

Singapore is a very controlled society, with limited freedoms. This is much harder to change than many other aspects (education focus, immigration, etc). Is this a real barrier to Singapore (and other Asian places) to turn to SV? ||JovanK||

Housing also has a physical limitation in Singapore, unlike SV.

This also signals that SV can piggy-back mostly on young, single people, rather than on family people.

Yet, it seems this also drives academics and researchers out of academia, into business - and rarely gets them back (to the extent they should be). This erodes conventional education system. We may say that this pulse of commerce is important for education as well - we have missed it in the past; but, we may now have too much of commerce and too few of fundamental (non-comercialised) academia. While there certainly is a need to re-invent education, it shouldn't become fully commerce/monetisation-driven, as it seems to go more and more. How to ensure more philosophy, arts, fundamental sciences, humanity sciences, feed into all of the education, if all goes to commercialisation?

I wonder to how many people in SV this really is the key? For managers/start up founders that are driven by playing over and over (as an adrenaline addiction probably), this stays; but many 'ordinary workers' (especially those with families) would probably prefer more 'Singapore' model - off-time.

This 'always on' time is important for creativity and play, but it also confronts the needs for greater personal time (off-time) which, I guess, is indespensible for humanity to get back to it root values, away from money and towards other, more important aspects of well-being.

How to find the right balance?

While I don't think it is so ideal in SV, I believe this 'play' part is an important concept that makes people happier and more creative. 'Play' is/should be an important part of Diplo's work as well ||JovanK||

Worse than I thought (I though 10%...)

It is similar mindset in Israel as well. This makes it successful with innovations and high-tech as well.

powerful description

Is this a key word of SV: 'dreams'? Musk's dreams of space exploration, as high-end example?

Interesting: aiming for tectonic shifts and ideas, not small bites

Important!

Well put!

How do knowledge graphs deal with diverse opinions? For instance, it is streightforward that Zuckeberg and FB are connected through CEO edge, but how about multiple opinions between 'Facebook' and 'humanity'? What sort of 'definite answer' would knowledge graphs give - and is there a danger that they decide on a certain set of opinions, unlike the list of resources which allows readers to judge on his/her own?

I added notes to the original post as well.

A very interesting debate on Apple's new option for alerting about child sexual abuse content (photos) by matching them with known databases of such content - without actually revealing the content itself. I find the arguments of privacy-defenders problematic - I provided number of points below. It would be great to hear your thoughts/reflections? BTW look at the Apple's announcement (link in this document) where I posted comments on the technology/approach, as clarifications.

||GingerP|| ||StephanieBP|| ||JovanK|| ||AndrijanaG||

This is what concerns me with such initiatives. They are becoming 'fundamentalistic'. While even the security services have been trying to discuss options with the community (number of papers and proposed solutions, which were pushed backed by a community), the community is not even trying to find a mid-solution, or get into dialogue. They are very radical - 'halt immediately'. No space for dialogue on issues they identified: accountability, etc.

True concerns

Valid concern, and good example. Though sexual abuse is still ius cogens and visibility different from judgement on what is terrorist and not. Simply, a shift of Apple to include 'terrorism' in a same manner would be very noticeable and problematic from them, regardless of this (or other) technology they develop. It could/would hurt them.

Valid concern. But it is not about this technology - he clearly notes the example of FaceTime. It is about readiness of companies to compromise for markets - is this not a different (though) related issue?

This is a valid concern: that the next step could be terrorist content. But, unlike for child sexual abuse, there is no single/synced global database of content which can serve for checking/alerts; it would need to be government or few-governments databases only, and this would already trigger Apple or other providers not to extend their technology towards that. It will ultimately be decision of tech providers, but as always will depend on the market/demand.

With this logic, every new IoT is a surveillance device by default.

This is not really true: encryption stays, and there is no backdoor. There is only an add-on before the encryption. One option is to allow this as an opt-in or opt-out solution; thus parents can decide to switch on.

Well, that is true, but it is also impossible to create any technology that can't be misused. Thus, it is not only about control of the technology but also about control of the governments/society..

Could this happen? Possibly, if we don't control the LEA which tag sexual abuse content. But with global cooperation against sexual abuse, there are commonly shared databases across countries, and it might be harder to LEA of a single country to insert some political content within. Thus, there is some risk, but I think it is overstretched.

Indeed, they do - but they don't reveal content. They only signal if it matches with known sexual abuse content.

I understood this is an option that parents can switch on. Anyhow, from Apple's description it is not really an AI that reads the photos, but rather only crypto-signature which is matched with a known database of sexual abuse photos. This is quite different.

again, an overstatement - it does monitor, but not photos really: it has a (accurate) system to alert if a photo is child abuse, without seeing the photo

This might be an overstatement: it's not a backdoor really, it doesn't decrypt content

This, along with subsequent paragraphs, signal abandoning the GGE format, and replacing it with PoA (which may be focused on implementation of norms and capacity building, but also on shaping new measures).

Interesting 'suggestion' to categorise CERTs as critical infrastructure

This is a very important 'upgrade'. Vulnerabilities are being part of (legal) commercial services and products used by criminals as well as governments and security services to penetrate into systems. Overall, this reduces safety and security, and often endangers human rights (as security services use these tools to snoop on activists and journalists).

This measure clearly asks for curbing such (legal) practices. This may be used also by human right groups to put pressure on States where such businesses reside (businesses that produce offensive tools - including tools then used to attack activists).

CVD is linked with requests for assistance between countries, which were outlined above.

Direct call to control on a national level the exploitation of vulnerabilities (eg. vulnerabilities equities process - VEP, and in general transparency about how vulnerabilities are exploited).

Further work on such transparency and VEP measures, and even prohibiting exploitation of vulnerabilities is needed.

Par. 56-59 are a very important elaboration of the supply chain security measures, and the accountability of the private sector for security by design: through regulators' measures (such as certification schemes), interoperable standards, as well as vendor's good practices on security-by-design approach.

Very relevant for initiatives like the Geneva Dialogue on Responsible Behaviour in Cyberspace, Paris Call (Working group 6), and other.

Placing this under the part on critical infrastructure signals the growing importance of the topic (security of digital products)

Explicit reference to "mass surveillance" (as part of the compromise on other elements?)

Clearly setting an expectation of direct communication between parties (and 'proofs' - receipt) before any other action is undertaken

The report sets expectations for what an attribution might/should consist of. It is particularly interesting that it suggests 'evidence' of a bilateral exchange - thus encouraging direct cooperation and exchange before attribution is done.

In a way, the GGE report re-confirms that the framework for responsible behaviour is based on GGE and OEWG agreements. No other resolutions are mentioned here.

This was pushed in by China, though opposed by the West. Additional legally binding obligations most likely refer to a possible future Code of Conduct/global treaty (as proposed by the Shanghai Cooperation Organisation earlier)

While this gives 'mandate' to OEWG to discuss PoA, it doesn't limit the options of running the PoA through other venues ("including at") - GA, First Committee, GGE report, or other. One can expect, however, that PoA will be among first elements of the OEWG2 agenda.

PoA is framed in context of support with the capacities of states in implementations. PoA is, however, envisaged as a possible single process to replace other processes in terms of institutional dialogue - as a continuous process (https://dig.watch/updates/france-and-partners-propose-programme-action-advancing-responsible-state-behaviour) This framing is not helping with this.

Important element is the transparency and inclusiveness. Even if it is not explicit about the involvement of non-state stakeholders, transparency is rather clear here (one of the main remarks to the GGE work, besides being for a limited number of states, was its confidentiality and lack of transparency).

It was removed in the final round: "including terrorism, crime, development, human rights and Internet governance."

This is a continuous 'battle' on what the OEWG (ie UN institutional dialogue) talk and not talk about - in particular whether cybercrime should be included, and that it should (not) address Internet governance aspects such as content policy, or ICANN-related issues.

This is interesting: attribution to states was always contested. Yet here, we hear that non-states have capabilities that states have… yet we don't know what states have due to lack of transparency.

This may, in particular, refer to the UN digital cooperation track as well as the IGF, but also the 'digital elements' of the SDG process

Indirect reference to the call by the Global Commission on Stability of Cyberspace (GCSC) for the protection of the Public Core of the Internet: https://cyberstability.org/research/call-to-protect/ GCSC defines the public core to include packet routing and forwarding (thus routing protocols), naming and numbering system (thus ICANN and IANA work), cryptographic mechanisms of security and identity (including DNSSec and similar protocols), and physical transmission media (including submarine cables): https://cyberstability.org/wp-content/uploads/2018/07/Definition-of-the-Public-Core-of-the-Internet.pdf

Here, only a mention of 'general availibility and integrity of the Internet' was included, but this is a step forward. It is also mentioned in par. 26 under Norms, which is even more relevant.

It is pity this language has not been stronger, and more explicit. In particular, exploiting vulnerabilities should have been explicitly mentioned as 'disturbing' - if not condemned (having in mind SolarWinds and other examples).

Exploiting a vulnerability against one system discloses the vulnerability of a whole classes of commercial systems to the broader public. This then ends up being exploited by criminals against other such systems around the world, thereby weakening the entire cyberspace.

While it may be understood to fall under "malicious use of ICT", it is important to clearly spell it out.

It is pity this language has not been stronger, and more explicit. In particular, exploiting vulnerabilities should have been explicitly mentioned as 'disturbing' - if not condemned (having in mind SolarWinds and other examples).

Exploiting a vulnerability against one system discloses the vulnerability of a whole classes of commercial systems to the broader public. This then ends up being exploited by criminals against other such systems around the world, thereby weakening the entire cyberspace.

While it may be understood to fall under "malicious use of ICT", it is important to clearly spell it out.