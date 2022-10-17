Privacy
New Unilateral American-E.U. Data Privacy Framework a Step in the Right Direction, Says Panel
‘This is a very important step,’ said Christopher Kuner, co-director of the Brussels Privacy Hub.
WASHINGTON, October 17, 2022 – President Joe Biden’s executive order to implement a European Union-U.S. data privacy framework is a big step toward establishing a more comprehensive transnational privacy regime, said experts at an Atlantic Council web event Monday.
“It’s been a long time coming but I think we reached a really good outcome here,” said Alex Greenstein, director of Privacy Shield, an office at the Department of Commerce.
The executive order – based on a March announcement and signed earlier this month – protects the countries’ personal and corporate data by limiting the Unites States’s signals intelligence collection to what is “necessary to advance a validated intelligence priority” and “proportionate to the validated intelligence priority.”
The order enumerates the purposes for which such intelligence may be gathered – e.g., protecting against a foreign military, terrorist, or cybersecurity threat – and the purposes for which it may not – e.g., burdening the free expression of political opinions, suppressing “legitimate privacy interests,” or disadvantaging individuals based on race, gender, or religion.
To ensure compliance, the order directs the attorney general to establish a Data Protection Review Court, which, as a subsidiary of the executive branch, will be stocked with judges from outside the federal government and will review cases with some degree of independence.
“This is a very important step,” said Christopher Kuner, co-director of the Brussels Privacy Hub. “But really we’re a ways away from a complete accepted transatlantic data privacy framework,” he added.
The EU is now expected to commit to some form of reciprocity. “This is not an international agreement,” Alisa Vekeman, head of the transatlantic data flows team for the European Commission, said at the event Monday. “There has been a unilateral process on the U.S. side, now there will be a unilateral process on the E.U. side.”
Current U.S.–E.U. negotiations are largely driven by the E.U. Court of Justice’s decision to strike down a previous framework, the “Privacy Shield,” in 2020. According to the White House, the new framework will “restore trust and stability to transatlantic data flows and reflects the strength of the enduring EU-U.S. relationship based on our shared values.”
Expert Opinion
Dmitry Sumin: Fraud, Risks and Security in Telecoms Today
STIR/SHAKEN offers no protection from fraud schemes besides robocalls and caller ID spoofing.
Telecommunications has always been an economic force on all sectors. It allows us to remain in contact and exchange information with each other from anywhere in the world, strengthening our existing bonds and creating new business opportunities.
The development of this industry is dictated by technological innovation and market changes. It offers steadily rising revenues for those who have adapted along with it.
In a similar fashion, fraud schemes also evolve, capitalizing on technological advancements.
For example, according to some researchers, subscriber/identity theft was prevalent in 2008 and 2011, but disappeared from the top 5 threats in 2013, 2015, and 2017. Instead, from 2011 to 2017, Interconnect Bypass fraud and International Revenue Share Fraud took top spots.
By 2021, the Communications Fraud Control Association reported that caller ID Spoofing, Wangiri, SMS Phishing or Pharming, Subscription Fraud and PBX Hacking as primary threats. Robocalls, one of the most notorious fraud schemes of the day, occupied tenth place in 2021.
While in some countries ID theft was a top cyber telecom crime of 2011, it’s on the rise in other countries only now. The industry has always faced new, emerging threats.
No one would have thought this sector might face today’s level and variety of fraud. The complexity of the problem is multifold. It’s of a global scale and overwhelming volume. It poses reputational and financial risks for telcos. It threatens the wallets of unwitting end-users. And there is an ongoing social dilemma regarding how to stop it.
Telecom fraud is no easy problem to solve. It requires cooperation between multiple parties, including governments, tech companies, and service providers.
International fight against fraud
Of all the fraud tactics, they all share one goal – stealing profits. Their targets are telcos, enterprises and end-users and they use various methods to achieve their goal.
Today, there are organizations involved in fighting fraud, bringing the agenda to government officials – bodies specifically designed to fight telecom fraud. Of the countries leading this movement are the United States and the United Kingdom. Other geographical regions have followed some protocols initiated by these states, with modifications to the local rules.
The USA made a significant step by introducing a structural, mandatory approach to fighting fraud when they passed the TRACED Act in 2019. The Traced Act imposed rules for large carriers to adopt the STIR/SHAKEN framework by June 30, 2021, and for small to mid-size carriers to complete adoption by 2023.
STIR/SHAKEN is a broad protocol for attesting the source of incoming calls, helping identify robocalls.
The U.S. government decided to take action, as robocalls have become a top threat in recent years. The new framework certainly helps the industry create a better, more regulated, organized reaction to fraud. Unfortunately, it offers no protection from fraud schemes besides robocalls and caller ID spoofing.
Meanwhile, other countries and telcos located internationally have adopted this framework too.
Such unification certainly helps in the fight against telecom fraud and should be viewed as a key step towards entirely eliminating this problem.
This threat, however, requires a much more nuanced response. The market consists of many international and national telcos involved in transit, termination, and other service provision. With the rise of fraud, new telecom companies have emerged. These are companies with one mission – to eliminate telecom fraud. This niche is relatively new to the telecommunications industry and exists only for fraud prevention.
Carriers often develop their own in-house solutions to protect their traffic and subscribers. However, the technology developed by companies focused on fraud prevention offer a much-needed, game-changing approach.
And if the past is any indication of the future, then fraudsters will continue evolving.
When will the fight end?
For quicker results and greater progress in the fight against fraud, all parties in this sector must continue exchanging the latest industry insights, forming knowledge-sharing communities and offering joint solutions, when possible. Newly emerging technology and initiatives in this field are helping establish a new set of global standards in fraud prevention among telcos.
New companies focusing explicitly on fraud-prevention are more technologically advanced, and their solutions deserve close attention. These innovations stop fraud and related losses in real time. They also guarantee protection from future, unprecedented, fraud manifestations we’ve yet to face.
The industry has changed. Its architecture involves one more layer – an anti-fraud solution that can save brand reputations and revenue loss and stop crime on your networks.
Dmitry Sumin is Head of Products at the AB Handshake Corporation. A graduate of the Moscow State University, he has more than 15 years’ experience in international roaming, interconnect and fraud management. He has worked for both vendors and network operators in the MVNO and telecommunications market. This piece is exclusive to Broadband Breakfast.
Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@breakfast.media. The views reflected in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.
Privacy
Led by Wyden, Democrats Call on NTIA to Reform Privacy Standards for .US Domains
The Democratic legislator called on NTIA end the automatic disclosure of .US web domain users’ personal information.
WASHINGTON, September 21, 2022 – A bicameral coalition led by Sen. Ron Wyden, D-Ore., on Wednesday called on the National Telecommunications and Information Administration to end the automatic disclosure of .US web domain users’ sensitive personal information.
The all-Democrat coalition – including Sen. Elizabeth Warren, D-Mass.; Sen. Brian Schatz, D-Hawaii; and Rep. Anna Eshoo, D-Calif. – laid out its concerns Wednesday in a letter to Administrator Alan Davidson of the NTIA:
“It is highly concerning that NTIA, since at least 2005, has not directed its contractors administering .US to adopt any protections for this sensitive information. The automatic public disclosure of users’ personal information puts them at enhanced risk for becoming victims of identity theft, spamming, spoofing, doxxing, online harassment, and even physical harm,” the coalition wrote.
Rejecting the NTIA’s current disclosure policy, the coalition called anonymity “a necessary component of free speech” and argued that with better privacy protections, .US domains would be more attractive to new website creators.
Besides making .US users’ information private, the letter recommends requiring users’ “affirmative, informed consent” for all third-party data transfers, strengthening barriers against law-enforcement investigations, and notifying users if a foreign government seeks access to their data. The coalition stated that instituting stronger privacy measures wouldn’t increase rates of online crime.
“A privacy- protective .US should support NTIA in these negotiations by providing a model for best practices in the broader domain name ecosystem. We urge you to continue the fight for privacy, expression, and human rights,” the letter said.
Privacy
EU’s Digital Services Act May Be a Model for the United States
The Digital Services Act imposes transparency requirements and other accountability measures for tech platforms.
September 16, 2022 – European Union’s Digital Service Act, particularly its data-sharing requirements, may become the model for future American future tech policy, said Mathias Vermeulen, public policy director at the AWO Agency, at a German Marshall Fund web panel Monday.
Now in the final stages of becoming law, the DSA aims to create a safer internet by introducing transparency requirements and other accountability measures for covered platforms. Of note to the German Marshall Fund paneliests was the DSA’s provision that, when cleared by regulators, “very large online platforms” – e.g., Facebook and Twitter – must provide data to third-party researchers for the purpose of ensuring DSA compliance.
In addition, the EU’s voluntary Code of Practice on Disinformation was unveiled in June, requiring opted-in platforms to combat disinformation by introducing bot-elimination schemes, demonetizing sources of alleged misinformation, and labeling political advertisements, among other measures. Signatories of the Code of Practice – including American tech giants Google Search, LinkedIn, Meta, Microsoft Bing, and Twitter – also agreed to proactively share data with researchers.
Vermeulen said that he expects the EU will soon draft new legislation to address the privacy concerns raised by the Digital Service Act’s data-sharing requirements.
The risks of large-scale data sharing
To protect user privacy, the DSA requires data handed over to researchers to be anonymized. Many experts believe that “anonymous” data is generally traceable to its source, however. Even the EU’s recommendations on data-anonymization best practices acknowledges the inherent privacy risks:
“Data controllers should consider that an anonymised dataset can still present residual risks to data subjects. Indeed, on the one hand, anonymisation and re-identification are active fields of research and new discoveries are regularly published, and on the other hand even anonymised data, like statistics, may be used to enrich existing profiles of individuals, thus creating new data protection issues.”
An essay from the Brookings Institution – generally supportive of the DSA’s data-sharing provisions – argues that many private researchers do not have the experience necessary to securely store sensitive data, recommending that the EU Commission establish or subsidize of secure centralized databases.
