The ACMA’s international engagement - regulating in a globalised communications and media environment

The ACMA’s overriding purpose is to make communications and media work in the public interest, and its international engagement is central to achieving this. The role of international engagement in both protecting and promoting Australia’s communications and media interests is reflected in the legislation the ACMA administers - particularly for spectrum management, telecommunications and radiocommunications standards-setting, unsolicited communications and cybersecurity, and online content. These areas of the ACMA’s work span jurisdictional boundaries, often making it necessary to engage with international bodies and overseas regulators to develop effective responses to the challenges they raise. The ACMA and its predecessors have been engaging with overseas organisations and in international fora for many years. However, the continued global integration of communications and media markets and services, and the disruptive impacts of digital technologies is driving the need for greater collaboration and cooperation between countries. The ACMA is one of many communications and media regulators around the world looking to maximise the social and economic benefits of digital technologies through developing best-practice responses to these challenges. International engagement is an important way the ACMA advances policies and programs that will help to reduce harms and promote outcomes in the interests of Australian business and the community. For example, the ACMA’s international engagement aims to prevent cybersecurity threats and unsolicited communications at the source country through entering bilateral and multilateral arrangements to support a safer networked environment. And, along with other international regulators, the ACMA is looking to ensure that sufficient spectrum is available to cater for the expected growth in mobile broadband services through regional and global harmonisation to foster innovation and productivity within the Australian communications sector. Through engaging with overseas regulators and other international bodies, the ACMA can learn from their experiences and enhance its own regulatory practice. In so doing, the ACMA ensures its decisions and approaches reflect world’s best practice, and as an organisation it is well positioned to respond to the pressures and demands of the evolving environment in which it operates

An Architecture for Spam Regulation

Junk email, commonly referred to as spam, is the current scourge of the Internet. In late 2004, unwanted email messages were being delivered at a rate of 12.4 billion per day. The variety of tools used to combat spam have failed to make a significant impact. Legislative efforts, such as the CAN-SPAM Act of 2003, met with substantial enforcement complications. The communications industry responded with a variety of technical advances, such as filters and blacklists, but those innovations are still unable to reliably distinguish between wanted and unwanted messages. Real coordination between legislative and technical spam control tactics has yet to happen, and it has been suggested that the consensus necessary to support such coordination is not available. This Note explains how spammers operate and suggests that failure to effectively combat spam may drive email users to other means of electronic communication. A short history of legal and technical responses to the spam problem is presented, including a look at how the First Amendment affects the effort to reduce spam. Authentication-based systems of regulating spam, proposed by private industry, are then examined in detail. This Note suggests alterations of those systems, allowing for greater First Amendment protection for message senders and greater individual control over receipt of messages. Finally, this Note concludes by arguing that an architectural framework based on these authentication systems would effectively enable legislators and the Internet industry to work together to reduce spare, backed by the support of an Internet community eager for the end of unwanted email messages

An Architecture for Spam Regulation

Junk email, commonly referred to as spam, is the current scourge of the Internet. In late 2004, unwanted email messages were being delivered at a rate of 12.4 billion per day. The variety of tools used to combat spam have failed to make a significant impact. Legislative efforts, such as the CAN-SPAM Act of 2003, met with substantial enforcement complications. The communications industry responded with a variety of technical advances, such as filters and blacklists, but those innovations are still unable to reliably distinguish between wanted and unwanted messages. Real coordination between legislative and technical spam control tactics has yet to happen, and it has been suggested that the consensus necessary to support such coordination is not available. This Note explains how spammers operate and suggests that failure to effectively combat spam may drive email users to other means of electronic communication. A short history of legal and technical responses to the spam problem is presented, including a look at how the First Amendment affects the effort to reduce spam. Authentication-based systems of regulating spam, proposed by private industry, are then examined in detail. This Note suggests alterations of those systems, allowing for greater First Amendment protection for message senders and greater individual control over receipt of messages. Finally, this Note concludes by arguing that an architectural framework based on these authentication systems would effectively enable legislators and the Internet industry to work together to reduce spare, backed by the support of an Internet community eager for the end of unwanted email messages

Preemption of State Spam Laws by the Federal Can-Spam Act

Unsolicited bulk commercial email is an increasing problem, and though many states have passed laws aimed at curbing its use and abuse, for several years the federal government took no action. In 2003 that changed when Congress passed the CAN-SPAM Act. Though the law contains many different restrictions on spam messages, including some restriction of nearly every type that states had adopted, the Act was widely criticized as weak. Many of the CAN-SPAM Act\u27s provisions are weaker than corresponding provisions of state law, and the Act preempts most state spam laws that would go farther, including two state laws that would have banned all spam. Despite these weaknesses, this Comment argues that when properly interpreted the CAN-SPAM Act leaves key state law provisions in force, and accordingly is stronger than many spam opponents first thought. First, the law explicitly preserves state laws to the extent that they prohibit falsity or deception in any portion of a commercial electronic mail message or information attached thereto. Though Congress was primarily concerned with saving state consumer protection laws, this language can be applied much more broadly. Second, the law is silent on the question of state law enforcement methods. State enforcement can be, and frequently is, substantially stronger than federal enforcement, which is largely limited to actions by the federal government, internet service providers, and state agencies. The Comment concludes by arguing that this narrow interpretation of its preemption clause is most consistent with the CAN-SPAM Act\u27s twin policy goals. By limiting the substantive provisions states may adopt, the Act prevents states from enacting inconsistent laws and enforces a uniform national spam policy. At the same time, narrowly interpreting the preemption clause permits states to experiment within the limits of that policy, in hopes of finding the most effective set of spam regulations

The Benefits and Costs of Online Privacy Legislation

Many people are concerned that information about their private life is more readily available and more easily captured on the Internet as compared to offline technologies. Specific concerns include unwanted email, credit card fraud, identity theft, and harassment. This paper analyzes key issues surrounding the protection of online privacy. It makes three important contributions: First, it provides the most comprehensive assessment to date of the estimated benefits and costs of regulating online privacy. Second, it provides the most comprehensive evaluation of legislation and legislative proposals in the U.S. aimed at protecting online privacy. Finally, it offers some policy prescriptions for the regulation of online privacy and suggests areas for future research. After analyzing the current debate on online privacy and assessing the potential costs and benefits of proposed regulations, our specific recommendations concerning the government's involvement in protecting online privacy include the following: The government should fund research that evaluates the effectiveness of existing privacy legislation before considering new regulations. The government should not generally regulate matters of privacy differently based on whether an issue arises online or offline. The government should not require a Web site to provide notification of its privacy policy because the vast majority of commercial U.S.-based Web sites already do so. The government should distinguish between how it regulates the use and dissemination of highly sensitive information, such as certain health records or Social Security numbers, versus more general information, such as consumer name and purchasing habits. The government should not require companies to provide consumers broad access to the personal information that is collected online for marketing purposes because the benefits do not appear to be significant and the costs could be quite high. The government should make it easier for the public to obtain information on online privacy and the tools available for consumers to protect their own privacy. The message of this paper is not that online privacy should be unregulated, but rather that policy makers should think through their options carefully, weighing the likely costs and benefits of each proposal.

$1.00 per RT #BostonMarathon #PrayForBoston: analyzing fake content on Twitter

This study found that 29% of the most viral content on Twitter during the Boston bombing crisis were rumors and fake content.AbstractOnline social media has emerged as one of the prominent channels for dissemination of information during real world events. Malicious content is posted online during events, which can result in damage, chaos and monetary losses in the real world. We analyzed one such media i.e. Twitter, for content generated during the event of Boston Marathon Blasts, that occurred on April, 15th, 2013. A lot of fake content and malicious profiles originated on Twitter network during this event. The aim of this work is to perform in-depth characterization of what factors influenced in malicious content and profiles becoming viral. Our results showed that 29% of the most viral content on Twitter, during the Boston crisis were rumors and fake content; while 51% was generic opinions and comments; and rest was true information. We found that large number of users with high social reputation and verified accounts were responsible for spreading the fake content. Next, we used regression prediction model, to verify that, overall impact of all users who propagate the fake content at a given time, can be used to estimate the growth of that content in future. Many malicious accounts were created on Twitter during the Boston event, that were later suspended by Twitter. We identified over six thousand such user profiles, we observed that the creation of such profiles surged considerably right after the blasts occurred. We identified closed community structure and star formation in the interaction network of these suspended profiles amongst themselves

A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems

Cybercrime and Cyber-security Issues Associated with China: Some Economic and Institutional Considerations

China is linked to cybercrimes of diverse types, scales, motivations and objectives. The Chinese cyberspace thus provides an interesting setting for the study of cybercrimes. In this paper, we first develop typology, classification and characterization of cybercrimes associated with China, which would help us understand modus operandi, structures, profiles and personal characteristics of cybercrime organizations and potential perpetrators, the signature aspects and goals of cybercrimes, the nature and backgrounds of the criminal groups involved, characteristics of potential targets for criminal activities, the nature and extent of the damage inflicted on the victims and the implications to and responses elicited from various actors. We then examine this issue from developmental and international political economy angles. Specifically, we delineate salient features of China’s politics, culture, human capital and technological issues from the standpoint of cyber-security and analyze emerging international relations and international trade issues associated with this phenomenon. Our analysis indicates that China’s global ambition, the shift in the base of regime legitimacy from MarxLeninism to economic growth, the strong state and weak civil society explain the distinctive pattern of the country’s cyber-attack and cyber-security landscapes