Posts tagged as:

Belgian Ruling Against Yahoo! Sets Dangerous Precedent for Regulation of Internet

by on July 12, 2009 · 6 comments

We often talk about the problem of having all 50 states impose different regulatory requirements on the Internet, with the most restrictive standard effectively applying to all Internet actors.Fortunately, in the U.S. such efforts can be stamped down either by invoking the “Dormant Commerce Clause” (DCC) in court or by passing “preemptive federal regulation.”  (Unfortunately, most who complain about patchwork approaches, both in industry and the advocacy community, usually forget about the DCC and move right to federal legislation.)

But what about the 195 independent countries in the world (to say nothing of their regional/local subdivisions)? What if they each tried regulating Internet activity? Our friends at the Center for Democracy at Technology report on a scary precedent set by a Belgian court in March when it ruled that Belgian law applied to Yahoo! merely because Belgian citizens could access Yahoo! Mail. Thus, the court ruled that Yahoo! violated Belgian law when the company refused to hand over user data in response to an email from a Belgian prosecutor. CDT rightly applauds Yahoo! for insisting that the Belgians “follow established diplomatic and legal processes in order to gain access to user information.” But as the post notes, the really scary prospect is that of one country asserting authority over every site or service on the Internet that can be accessed in their country.

If this precedent stands, it’s likely to cause, at the very least, many companies to limit access to their sites or services by persons from countries with burdensome regulatory approaches. Even if those foreign laws are well-intentioned and laudable—such as efforts to punish fraud (as in the Belgian case) or to crack down on, say, child porn or protect user privacy)—the result could be to balkanize Internet services.  This would be especially unfortunate, given the incredible importance of services that might previously have seemed “un-serious” like Twitter or Facebook as “technologies of freedom.” CDT notes the danger to Internet freedom:

To understand how problematic this ruling is, we need only imagine how the governments of China, Iran, Vietnam or other repressive regime of your choice may decide that the precedent set here is one well worth following. Such actions undermine Belgium’s moral authority since, after all, it would only be hypocritical for Western democracies to criticize such radically overbroad assertions of jurisdiction by other nations.

SHARE: 6 comments

The Costs of SSL Encryption for Webmail & Other Cloud Services

by on June 16, 2009 · 23 comments

Internet policy Shame Artist extraordinaire Chris Soghoian has struck again! Chris recently shamed the online advertising industry into improving their privacy practices with his Targeted Advertising Cookie Opt-Out (TACO) plug-in for Firefox. Now Chris has set his sight on the security practices of cloud service providers.

A letter released this morning, signed by 37 leading online security experts (and organized by Chris), calls on Google to offer persistent SSL (HTTPS) encryption by default for all Google servicesor at the very least, to make more visible the option currently given to users to opt-in to use SSL for all communications. Google, in its response, indicated that it was already “looking into whether it would make sense to turn on HTTPS as the default for all Gmail users.”

While Google’s response identifies some clear problems with implementing persistent SSL for all users (esp. connection speed), few would deny that it makes sense for webmail providers to encrypt all traffic using SSL, rather than sending email data “in the clear,” which risks interception by hackers. We at PFF hold no brief for Google, in fact we have found ourselves disagreeing with them on many other occasions on a range of issues (most notably net neutrality mandates). Nonetheless, on this front, Google has long been a leader, having offered SSL since Gmail launched and having begun providing the persistent HTTPS option last summer while most of their competitors still use SSL only for the initial authentication that occurs when a user first signs in. While the letter focuses on Google and webmail in particular, this issue has far broader implications for all online cloud service providers.

No Free Lunch: The Costs of Encryption Gmail, Yahoo! Mail, Hotmail, etc. are, of course, “free” ( i.e., ad-supported). Google in particular has lead the way in increasing the functionality offered in Gmail, not just constantly increasing the total storage space provided to every user (now over 7GB), but regularly adding innovative new features—at no charge to users. Continue reading →

SHARE: 23 comments