Judging traffic differentiation as network neutrality violation according to internet regulation

Network Neutrality (NN) is a principle that establishes that traffic generated by Internet applications should be treated equally and it should not be affected by arbitrary interfer- ence, degradation, or interruption. Despite this common sense, NN has multiple defi- nitions spread across the academic literature, which differ primarily on what constitutes the proper equality level to consider the network as neutral. NN definitions may also be included in regulations that control activities on the Internet. However, the regulations are set by regulators whose acts are valid within a geographical area, named jurisdic- tion. Thus, both the academia and regulations provide multiple and heterogeneous NN definitions. In this thesis, the regulations are used as guidelines to detect NN violations, which are, by this approach, the adoption of traffic management practices prohibited by regulators. Thereafter, the solutions can provide helpful information for users to support claims against illegal traffic management practices. However, state-of-the-art solutions adopt strict academic definitions (e.g., all traffic must be treated equally) or adopt the regulatory definitions from one jurisdiction, which is not realistic or does not consider that multiple jurisdictions may be traversed in an end-to-end network path, respectively An impact analysis showed that, under certain circumstances, from 39% to 48% of the detected Traffic Differentiations (TDs) are not NN violations when the regulations are considered, exposing that the regulatory aspect must not be ignored. In this thesis, a Reg- ulation Assessment step is proposed to be performed after the TD detection. This step shall consider all NN definitions that may be found in an end-to-end network path and point out NN violation when they are violated. A service is proposed to perform this step for TD detection solutions, given the unfeasibility of every solution implementing the re- quired functionalities. A Proof-of-Concept (PoC) prototype was developed based on the requirements identified along with the impact analysis, which was evaluated using infor- mation about TDs detected by a state-of-the-art solution. The verdicts were inconclusive (the TD is an NN violation or not) for a quarter of the scenarios due to lack of information about the traversed network paths and the occurrence zones (where in the network path, the TD is suspected of being deployed). However, the literature already has proposals of approaches to obtain such information. These results should encourage TD detection solution proponents to collect this data and submit them for the Regulation Assessment.Neutralidade da rede (NR) é um princípio que estabelece que o tráfego de aplicações e serviços seja tratado igualitariamente e não deve ser afetado por interferência, degradação, ou interrupção arbitrária. Apesar deste senso comum, NR tem múltiplas definições na literatura acadêmica, que diferem principalmente no que constitui o nível de igualdade adequado para considerar a rede como neutra. As definições de NR também podem ser incluídas nas regulações que controlam as atividades na Internet. No entanto, tais regu- lações são definidas por reguladores cujos atos são válidos apenas dentro de uma área geográfica denominada jurisdição. Assim, tanto a academia quanto a regulação forne- cem definições múltiplas e heterogêneas de NR. Nesta tese, a regulação é utilizada como guia para detecção de violação da NR, que nesta abordagem, é a adoção de práticas de gerenciamento de tráfego proibidas pelos reguladores. No entanto, as soluções adotam definições estritas da academia (por exemplo, todo o tráfego deve ser tratado igualmente) ou adotam as definições regulatórias de uma jurisdição, o que pode não ser realista ou pode não considerar que várias jurisdições podem ser atravessadas em um caminho de rede, respectivamente. Nesta tese, é proposta uma etapa de Avaliação da Regulação após a detecção da Diferenciação de Tráfego (DT), que deve considerar todas as definições de NR que podem ser encontradas em um caminho de rede e sinalizar violações da NR quando elas forem violadas. Uma análise de impacto mostrou que, em determinadas cir- cunstâncias, de 39% a 48% das DTs detectadas não são violações quando a regulação é considerada. É proposto um serviço para realizar a etapa de Avaliação de Regulação, visto que seria inviável que todas as soluções tivessem que implementar tal etapa. Um protótipo foi desenvolvido e avaliado usando informações sobre DTs detectadas por uma solução do estado-da-arte. Os veredictos foram inconclusivos (a DT é uma violação ou não) para 75% dos cenários devido à falta de informações sobre os caminhos de rede percorridos e sobre onde a DT é suspeita de ser implantada. No entanto, existem propostas para realizar a coleta dessas informações e espera-se que os proponentes de soluções de detecção de DT passem a coletá-las e submetê-las para o serviço de Avaliação de Regulação

A review of behavioural research on data security

Protection of confidential information or data from being leaked to the public is a growing concern among organisations and individuals. This paper presents the results of the search for literature on behavioural and security aspects of data protection. The topics covered by this review include a summary of the changes brought about by the EU GDPR (General Data Protection Regulation). It covers human and behavioural aspects of data protection, security and data breach or loss (threats), IT architectures to protect data (prevention), managing data breaches (mitigation), risk assessment and data protection audits. A distinction is made between threats and prevention from within an organisation and from the outside

The New Gatekeepers: Private Firms as Public Enforcers

The world’s largest businesses must routinely police other businesses. By public mandate, Facebook monitors app developers’ privacy safeguards, Citibank audits call centers for deceptive sales practices, and Exxon reviews offshore oil platforms’ environmental standards. Scholars have devoted significant attention to how policy makers deploy other private sector enforcers, such as certification bodies, accountants, lawyers, and other periphery “gatekeepers.” However, the literature has yet to explore the emerging regulatory conscription of large firms at the center of the economy. This Article examines the rise of the enforcer-firm through case studies of the industries that are home to the most valuable companies, in technology, banking, oil, and pharmaceuticals. Over the past two decades, administrative agencies have used legal rules, guidance documents, and court orders to mandate that private firms in these and other industries perform the duties of a public regulator. More specifically, firms must write rules in their contracts that reserve the right to inspect third parties. When they find violations, they must pressure or punish the wrongdoer. This form of governance has important intellectual and policy implications. It imposes more of a public duty on the firm, alters corporate governance, and may even reshape business organizations. It also gives resource-strapped regulators promising tools. If designed poorly, however, the enforcer-firm will create an expansive area of unaccountable authority. Any comprehensive account of the firm or regulation must give a prominent role to the administrative state’s newest gatekeepers

Rule-Makers or Rule-Takers? Exploring the Transatlantic Trade and Investment Partnership

The Transatlantic Trade and Investment Partnership (TTIP) is an effort by the United States and the European Union to reposition themselves for a world of diffuse economic power and intensified global competition. It is a next-generation economic negotiation that breaks the mould of traditional trade agreements. At the heart of the ongoing talks is the question whether and in which areas the two major democratic actors in the global economy can address costly frictions generated by their deep commercial integration by aligning rules and other instruments. The aim is to reduce duplication in various ways in areas where levels of regulatory protection are equivalent as well as to foster wide-ranging regulatory cooperation and set a benchmark for high-quality global norms. In this volume, European and American experts explain the economic context of TTIP and its geopolitical implications, and then explore the challenges and consequences of US-EU negotiations across numerous sensitive areas, ranging from food safety and public procurement to economic and regulatory assessments of technical barriers to trade, automotive, chemicals, energy, services, investor-state dispute settlement mechanisms and regulatory cooperation. Their insights cut through the confusion and tremendous public controversies now swirling around TTIP, and help decision-makers understand how the United States and the European Union can remain rule-makers rather than rule-takers in a globalising world in which their relative influence is waning

Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013

This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in today’s online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such

Hitting Refresh: Regulating internet speech in the 21st century

By the mid-1990s, the internet had taken new form outside of its original military applications and became commercially available at an unprecedented rate. Western democracies recognized that such a new frontier, therefore, necessitated regulation. Their shared goal was to restrict objectionable content while simultaneously creating a pathway for this nascent industry to blossom. With this in mind, both the U.S. and European Union enacted linearly different and mutually exclusive regulatory regimes to govern “online intermediaries,” or sites like Facebook and Twitter that merely host the speech of their users. The E.U. enacted aggressive content removal statutes, while the U.S. offered nearly blanket immunity to these sites in the hope that the marketplace of ideas would dilute objectionable content. Using the U.S. and Germany as case studies, this thesis argues that, twenty years later, neither pathway emerged particularly victorious in their quest to curb the dissemination of radicalizing content. I find that the failure under the German preemptive framework derives from a contradictory monitoring obligation and lack of oversight by the European Commission on the state. Conversely, I find that the failure under the American deregulatory framework is rooted in a contradictory allocation of jurisdiction and a lack of oversight by the state upon intermediaries. By scrutinizing the incentive structures of both countries’ regulatory regimes, this thesis challenges the way Western democracies conceptualized and continue to conceptualize the internet and points out how neither extreme has responsively moderated internet speech

Identification of Causal Paths and Prediction of Runway Incursion Risk using Bayesian Belief Networks

In the U.S. and worldwide, runway incursions are widely acknowledged as a critical concern for aviation safety. However, despite widespread attempts to reduce the frequency of runway incursions, the rate at which these events occur in the U.S. has steadily risen over the past several years. Attempts to analyze runway incursion causation have been made, but these methods are often limited to investigations of discrete events and do not address the dynamic interactions that lead to breaches of runway safety. While the generally static nature of runway incursion research is understandable given that data are often sparsely available, the unmitigated rate at which runway incursions take place indicates a need for more comprehensive risk models that extend currently available research. This dissertation summarizes the existing literature, emphasizing the need for cross-domain methods of causation analysis applied to runway incursions in the U.S. and reviewing probabilistic methodologies for reasoning under uncertainty. A holistic modeling technique using Bayesian Belief Networks as a means of interpreting causation even in the presence of sparse data is outlined in three phases: causal factor identification, model development, and expert elicitation, with intended application at the systems or regulatory agency level. Further, the importance of investigating runway incursions probabilistically and incorporating information from human factors, technological, and organizational perspectives is supported. A method for structuring a Bayesian network using quantitative and qualitative event analysis in conjunction with structured expert probability estimation is outlined and results are presented for propagation of evidence through the model as well as for causal analysis. In this research, advances in the aggregation of runway incursion data are outlined, and a means of combining quantitative and qualitative information is developed. Building upon these data, a method for developing and validating a Bayesian network while maintaining operational transferability is also presented. Further, the body of knowledge is extended with respect to structured expert judgment, as operationalization is combined with elicitation of expert data to create a technique for gathering expert assessments of probability in a computationally compact manner while preserving mathematical accuracy in rank correlation and dependence structure. The model developed in this study is shown to produce accurate results within the U.S. aviation system, and to provide a dynamic, inferential platform for future evaluation of runway incursion causation. These results in part confirm what is known about runway incursion causation, but more importantly they shed more light on multifaceted causal interactions and do so in a modeling space that allows for causal inference and evaluation of changes to the system in a dynamic setting. Suggestions for future research are also discussed, most prominent of which is that this model allows for robust and flexible assessment of mitigation strategies within a holistic model of runway safety

Internet Monitor 2014: Reflections on the Digital World: Platforms, Policy, Privacy, and Public Discourse

This publication is the second annual report of the Internet Monitor project at the Berkman Centerfor Internet & Society at Harvard University. As with the inaugural report, this year’s edition is a collaborative effort of the extended Berkman community. Internet Monitor 2014: Reflections on the Digital World includes nearly three dozen contributions from friends and colleagues around the world that highlight and discuss some of the most compelling events and trends in the digitally networked environment over the past year. The result, intended for a general interest audience, brings together reflection and analysis on a broad range of issues and regions — from an examination of Europe’s “right to be forgotten” to a review of the current state of mobile security to an exploration of a new wave of movements attempting to counter hate speech online — and offers it up for debate and discussion. Our goal remains not to provide a definitive assessment of the “state of the Internet” but rather to provide a rich compendium of commentary on the year’s developments with respect to the online space. Last year’s report examined the dynamics of Internet controls and online activity through the actions of government, corporations, and civil society. We focus this year on the interplay between technological platforms and policy; growing tensions between protecting personal privacy and using big data for social good; the implications of digital communications tools for public discourse and collective action; and current debates around the future of Internet governance. The report reflects the diversity of ideas and input the Internet Monitor project seeks to invite. Some of the contributions are descriptive; others prescriptive. Some contain purely factual observations; others offer personal opinion. In addition to those in traditional essay format, contributions this year include a speculative fiction story exploring what our increasingly data-driven world might bring, a selection of “visual thinking” illustrations that accompany a number of essays, a “Year in Review” timeline that highlights many of the year’s most fascinating Internet-related news stories (and an interactive version of which is available at the netmonitor.org), and a slightly tongue-in-cheek “By the Numbers” section that offers a look at the year’s important digital statistics. We believe that each contribution offers insights, and hope they provoke further reflection, conversation, and debate in both offline and online settings around the globe