Net neutrality rules need updating for an evolving internet ecosystem, the U.K. Office of Communications said in an Oct. 21 consultation. EU net neutrality legislation enacted in 2016 became part of U.K. law after Brexit, but because the rules constrain ISPs' activities, they may be viewed as hampering ISPs' ability to innovate, develop new services and manage their network for better user experiences, said Ofcom, seeking comments by Jan. 13. It proposed allowing ISPs to: (1) Offer premium quality packages and services, such as for people who have high-quality virtual reality apps. (2) Develop "specialized services" for content and applications that need to be optimized. (3) Use traffic management measures to manage their networks. (4) Offer zero-rating (where the data used by certain websites or apps is not counted toward a customer’s overall data allowance) in most cases. The regulator is also considering possible new laws that would allow retail packages to offer different quality standards (such as for a package that only has a specific gaming app that needs guaranteed low latency); and give ISPs more flexibility to use traffic management for specific content to address congestion. Ofcom also waded into the debate on whether ISPs should be able to charge content providers for carrying traffic (see 2210130001), saying, "While there are potential benefits to a charging regime, we have not yet seen sufficient evidence that this is needed." That's a decision for the government and Parliament, Ofcom noted. A statement is due next fall.
China Unicom (Americas) asked the FCC to reconsider its September decision to add it to the agency’s list of "covered" equipment suppliers -- deemed to present security concerns (see 2209200045). CUA questioned whether it had been given adequate opportunity to respond and said an April 2020 letter asking the company to explain why the FCC shouldn't begin the process of revoking its domestic and international authorizations can’t be used to place it on the covered list. “Two years after receiving a letter that explicitly declined even to recommend any action, including under the Secure Networks Act, and five months after CUA ceased offering services under section 214 of the Communications Act, the [Public Safety] Bureau has concluded that the two-year-old 2020 Letter was a determination that the now-terminated services are currently capable of posing a threat to national security,” CUA said in a filing posted Friday in docket 18-89. “That conclusion is inexplicable,” the company said: “It is contrary to the Secure Networks Act; a non-recommendation presenting unsigned ‘views,’ developed without any process or participation by the affected company, could not have been a determination triggering a Secure Networks Act listing with all its consequences, even at the time it was made, much less two years later.”
China’s Dahua Technology, one of the companies on the FCC’s list of companies deemed to be a threat to U.S. networks, said the FCC shouldn’t bar the gear it sells in the U.S. from being authorized for use in the U.S. The FCC is expected to approve soon a recent draft order circulated by Chairwoman Jessica Rosenworcel that would further clamp down on gear from mostly Chinese companies, preventing the sale of yet-to-be authorized equipment (see 2210130076). “The Secure Equipment Act of 2021 arguably does not encompass any Dahua USA products currently sold in the United States,” said a filing posted Thursday in docket 21-232. “Only network equipment used by broadband service providers that is ‘essential to the provision’ of any ‘high-speed, switched, broadband telecommunications capability’ can be included on the Covered List,” Dahua said: “The scope of the Covered List should not include video cameras, video security systems, or accessories that are not used in providing broadband or telecommunications services. As Dahua USA has continuously emphasized, Dahua USA equipment is typically considered a peripheral device, and none of its products are telecommunications equipment.”
With the FCC poised to further clamp down on gear from companies on its covered list, preventing the sale of yet-to-be authorized equipment in the U.S. (see 2210130076), China’s Hikvision defended its product line and questioned whether it should be on the list. Representatives of the company reported on meetings with aides to Commissioners Geoffrey Starks and Nathan Simington, in a filing posted Tuesday in docket 21-232. “Nothing in the record establishes that Hikvision video surveillance equipment poses a threat to the operation or security of internet service providers’ or telecommunications carriers’ broadband networks,” the company said: “Nor does anything in the record establish that Hikvision poses a credible threat of espionage on U.S. private end users who choose to purchase and deploy Hikvision video surveillance equipment.”
Ukraine's digital domain has been impressively resilient in the face of Russian aggression, speakers said at a Monday Centre for European Policies hybrid event on how new technologies can help rebuild the country. Ukraine's activities in cybersecurity, transitioning to digital platforms and communicating with its citizens have been extraordinary, said Mark Bowman, European Bank for Reconstruction and Development vice president-policy and partnerships. The country has been proactive in developing its digital sector, such as by investing time and resources in the creation of an app that allows refugees to go to European countries with digital documents, said CEPS Research Fellow Tinatin Akhvlediani. The government made many legislative changes during the conflict to digitize key government services, she said. Microsoft contributed to Ukrainian resilience by identifying cyberattacks and warning the government, and by helping transfer data to the cloud outside the country, said Nanna-Louise Wildfang-Linde, vice president-European government affairs. It also helped identify and combat misinformation and is working with the International Court of Justice to collect and protect documentation of war crimes in the cloud, she said. Ukraine receives about 20% of all the world's cyberattacks, but it continues to function well, she said. When war broke out, the European Commission had to ensure backup and data storage outside Ukraine and help route and reroute communications traffic, said Pearse O'Donohue, European Commission Future Networks Directorate director. To do that, the EC tweaked roaming and data protection regulations to enable backup and storage of sensitive Ukrainian data and allow more cooperation between mobile operators and service providers. O'Donohue cited anecdotal evidence of people performing battlefield repairs of networks between Ukraine and nearby friendly nations. The EC is also battling disinformation and propaganda, he said. Asked what Ukraine may need in the future, Akhvlediani noted about 40% of the population lacked computers at home before the invasion, and one-third didn't use the internet for anything but social media. Ukraine has a gap in digital infrastructure and computer skills, but about 80% of the population accesses social media, making them vulnerable to disinformation and Russian propaganda, she said. For the nation's long-term needs, policymakers must analyze the region's vulnerabilities, said O'Donohue. Ukraine's physical infrastructure is vulnerable, although there has been relatively little damage to radio access networks except for masts, he noted. And there are also risks to the internet backbone -- such as domain name servers and root server -- for which multiple paths and backups are needed, he said. Another vulnerability arises from the internet being global and open to all, which invites misinformation, he said. Europe has had a massive number of cyberattacks, many highly sophisticated, and government cooperation against them will be part of the future, O'Donohue said: As economies become more digitally sophisticated, they're more vulnerable to cyberattacks, and digital defense will have to become part of policy.
Ericsson signed a long-term 5G contract with Indian communications service provider Reliance Jio to launch a 5G stand-alone network there. “Jio transformed the digital landscape in India with the launch of LTE services in 2016,” said Jio Chairman Akash Ambani: “We are confident that Jio’s 5G network will accelerate India’s digitalization and will serve as the foundation for achieving our nation’s ‘Digital India’ vision.” Jio was the top spender in India's recent 5G spectrum auction.
5G's better connectivity carries potential risks to data protection and cybersecurity, and the regulatory landscape is murky, Hogan Lovells attorneys said Wednesday on a virtual law firm panel. To achieve increased connectivity, international data transfers must be more seamless and frequent than now, but legal frameworks currently restrict data flows, said Eduardo Ustaran. As 5G enables more data transfers, assessing the risks it poses becomes more important, he said. The U.K. Information Commissioner's Office requires organizations to undertake data risk assessments, but 5G changes the situation by introducing a new element of technology and possibly new equipment vendors. The picture is changing rapidly in the Asia-Pacific region, where there's a patchwork of fast-changing laws in each jurisdiction, with more restrictions on data transfers, said Mark Parsons. AI facilitated by 5G will have a growing significance in people's lives and will also accelerate the body of law around it, Ustaran said. Current laws commonly mandate increased accountability and governance for organizations involved in developing AI, he said. 5G was designed during an era more safety-focused than earlier mobile iterations, and some of its improvements do away with entire catalogs of cybersecurity threats, said Nathan Salminen: But every software has vulnerabilities, and "the danger here is unknown." The technology enables a huge amount of metadata that could threaten cybersecurity, said Ana Rumualdo; network and device security, encryption and government regulation will be important, as will limits on who can access all that real-time data. Asked about the current and future regulatory scene, speakers urged businesses to expect change. The U.K. wants to show its departure from the EU can deliver some benefits and the current government wants to support innovation and technological development, so will likely try a lighter regulatory approach, said Ustaran. Expect a more risk-based approach to regulation for technology and 5G, but also much uncertainty about what companies must do to comply, he said. The EU is focused on accountability and data governance; it worries about how much real-time data from individuals will be made available and how people can effectively enforce their rights, said Joke Bodewits. The U.S. has begun regulating critical infrastructure and software more closely, and many pieces of 5G will fall under those measures, said Salminen: Expect to see more 5G-specific legislation in coming years. There's a "glimmer" of convergence for privacy and data protection rules in Asia, but not as much of a focus on cybersecurity, said Parsons. Some countries, such as China and Vietnam, now have many regulations on 5G uses, and that trend will continue, raising questions about potential Balkanization across the region, he added.
GSMA warned that European deployment of 5G is proceeding more slowly than in the U.S., Japan and South Korea. At the end of June, operators in 34 European markets had launched commercial 5G services, with consumer take-up growing to 6% of the mobile customer base, said the Wednesday report: “Norway leads in adoption of the technology, with 16% now using 5G, but positive momentum is also evident in Switzerland (14%), Finland (13%), the U.K. (11%) and Germany (10%).” GSMA forecasts the adoption rate across Europe will hit 44% by 2025, led by the U.K. and Germany. “That rapid growth is outpaced by other world economies, with South Korea expected to hit 73% in the same time period” and “Japan and the US are likely to achieve 68% adoption,” the report said.
Dahua USA is fighting back at the FCC to keep from having its products barred from being authorized for use in the U.S. Dahua is already on the FCC’s “covered list” of mostly Chinese companies that are a security risk. After meeting with aides to Commissioner Brendan Carr last week (see 2209220049), Dahua met with staff from the Office of General Counsel. Dahua “discussed an overview of its equipment sold in North America and explained how Dahua Equipment is typically considered a peripheral device, and many of its products are neither video nor telecommunications equipment,” said a filing posted Friday in docket 21-232 on the latter meeting: The company “then described its cybersecurity firmware strategy, framework, and design, emphasized that cybersecurity is the most important focus of its product design.”
Chinese equipment maker Dahua asked for confidential treatment for information provided in a meeting Monday with staff for FCC Commissioner Brendan Carr. Dahua “provided the Commission with additional information regarding its product offerings and applications in the U.S., its cybersecurity practices, and its proposed safeguards for ensuring [National Defense Authorization Act] compliance,” said a filing posted Thursday in docket 21-232: “The Ex Parte also responds to certain questions raised by Commissioner Carr’s office.” In June (see Ref:2205020036]), Dahua told the FCC it has been unable to determine how much of its gear sold in the U.S. is “used for public safety, government facilities, critical infrastructure, and national security purposes.”