"The security industry doesn't have a lobby, common sense doesn't have a lobby, technical excellence doesn't have a lobby," he said. "We need to get involved in layers eight and nine – the economic and political spheres. In the coming decade the future of the internet will be decided not by IETF, but by people outside it, and that worries me. I'm not sure they'll do a great job."
This past week saw not one, but two, important conferences - on security, and on mobile technologies. The above quote originates from Bruce Schneier and gave us flashbacks of what is happening presently at the European Parliament.
A dossier just passing through the ITRE committee deals with critical information infrastructure protection. It deals with the update of the critical infrastructure protection directive from 2008, and which priorities should be set for the Commission during the revision. The rapporteur correctly identifies ICT infrastructures as critical, and recommends in the 7th paragraph that the Commission should propose binding measures for Cyber Emergency Response Team cooperation. Only - CERTs in Europe already cooperate fine, at least if one is to believe ENISAs findings from earlier this week.
Apart from that, there is a growing realization that many critical infrastructures are owned and operated by private actors and that therefore the private actors are the agents that need incentives to be sufficiently secure - why is that a standard household router comes with a randomized password for the WPA network access, while the router itself can many times be accessed with the password "admin", five letters, all lower case?
Unfortunately many politicians are very fearful of over-regulation, which causes them to regulate the wrong things and regulate badly instead of regulating the right things and regulating well. The fact that the Council and the Commission both appear to be favouring a solution wherein the Commission gets a larger responsibility for the coordination of CERTs and law enforcement agencies doesn't help - in the European Parliament, the will for institutional compromise leads us to sometimes ill-conceived considerations where we give in to the wish of the other institutions rather than making a stronger stand for what quite clearly makes more organisation sense: keeping the responsibility for compiling best practises with ENISA. We'll see where the debate heads before the final vote on the dossier in a month or so.
Mobile World Congress and mobile technologies
The Mobile World Congress in Barcelona has been topping several news flows I follow.
While ANCOM, the national regulatory agency in Romania, has produced new regulations for how operators must keep their users informed about terms and conditions, as well as imposing maximum binding times for rentals, in Sweden the customer service of a large telco has been reported to the police for helping consumers escape long binding times. Swedish PTS has no equivalent of the current guidelines from ANCOM, but their present recommendations on pricing can nevertheless be found here.
Mobile CEOs, however, reportedly feel that they're not getting sufficient support from public authorities. They feel over-regulated, and under-benefitted in the spectrum auction processes.
The European Commission presently has a consultation open on online and mobile payments. They want to enhance the Single European Payment Area (SEPA), and the Mobile World Congress presents several alternatives to do so: Orange invests in France; Samsung and VISA invest in the Olympics; Vodafone and VISA initiate partnerships, etc.
Sending the Commission a friendly reminder on how important it is with open standards, interoperability, freely accessible standards and accessible platforms - also for people who may want to innovate or collaborate on these platforms - surely doesn't hurt.
Add new comment