Two US Government contractors and the National Institute of Science and Technology have released a white paper, "Statement of Needed Internet Capability," detailing possible alternatives and considerations for a Trust Anchor Repository (TAR) to support DNSSEC deployment. Importantly, the document highlights policy choices, and raises interesting questions about a Global TAR as a solution for helping secure the DNS and the role of national security interests.   more »

Public Interest Registry wants to implement DNSSEC in the .org zone. According to ICANN's regulations, this is a "new registry service" and it has to be reviewed by a committee of technical experts to assess its impact on the security and stability of the Internet before it can be approved. The expert panel released its report on PIR's proposal June 4. The report, like so many things associated with DNSSEC implementation, has fascinating implications which are buried in technical details that few people will understand. One conclusion that could be drawn from the report is that the US government's insistence on maintaining control of the root zone file is actually decreasing Internet security.   more »

Initiated in spring 2006 in conjunction with the UN Internet Governance Forum, the Global Internet Governance Academic Network (GigaNet) is hosting several events this year, including an upcoming international workshop on "Global Internet Governance: An Interdisciplinary Research Field in Construction" in Paris, 23 June 2008, from 08:30 to 13:30, concurrent with the ICANN-Paris meeting. [invitation-fr] [invitation-en]

The purpose of the workshop, the first of its sort, is to allow scholars involved in Internet Governance related research to describe their ongoing research projects to other scholars in the field, in order to share ideas, forge possible collaborations, and identify emerging research themes in the field. Scholars from various academic disciplines and all regions of the world are expected to contribute to this reflexive exercise, with the long-term objective of collectively building this interdisciplinary research field.   more »

This is a book about Internet governance, despite the fact that the author refuses to use that term and, near the end of the book, rather testily distances himself from the Internet Governance Forum and related attempts to develop and reform global Internet governance. Despite that, the book is a well-researched and well-constructed analysis of the architectural issues underlying some of the policy problems (and opportunities) facing the Internet. It is worth reading – and worth critiquing – for the debate will shed light on some of the key choices we have to make regarding the governance of the Internet. Although Zittrain inevitably couches his argument in terms of technical architecture, “tools” and “code,” the problems the book raises are often more political than technical. His analysis suffers a bit from the lack of a more sustained and self-conscious engagement with the political, international and institutional aspects of Internet governance. This blog post conducts a full review.   more »

The OCED has officially released the "Economics Of Malware: Security Decisions, Incentives and Externalities" a study co-authored by IGP Scientific Committee member Michel van Eeten and Johannes Bauer. From the paper:

Malicious software, or malware for short, has become a critical security threat to all who rely on the Internet for their daily business, whether they are large organisations or home users. While originating in criminal behaviour, the magnitude and impact of the malware threat are also influenced by the decisions and behaviour of legitimate market players such as Internet Service Providers (ISPs), software vendors, e-commerce companies, hardware manufacturers, registrars and, last but not least, end users. This working paper reports on qualitative empirical research into the incentives of market players when dealing with malware. The results indicate a number of market-based incentive mechanisms that contribute to enhanced security but also other instances in which decentralised actions may lead to sub-optimal outcomes - i.e. where significant externalities emerge.

The study is referenced extensively in the Ministerial Background Report, "Malicious Software (Malware): A Security Threat to the Internet Economy", that was prepared for the upcoming OECD Ministerial meeting to be held in Seoul, Korea Jun 17-18 on the “Future of the Internet Economy”. The Background Report is being used to inform policymakers, including civil society, governments and the private sector, "about the evolution and impact of malware, as well as the counter-measures being taken. It concludes with suggestions for greater co-operation across the various international communities addressing malware."