The testimony detailed key principles for ensuring the security of election infrastructure, including by using machines with a durable paper trail and by providing counties with the necessary resources. Legislators were engaged, asking detailed follow-ups about voting machine security and about .GOV domains.

Watch a recording of the full testimony, including Q&A, here.

Read the full testimony here.

The post CDT Testimony Before the Pennsylvania House of Representatives on Election Security appeared first on Center for Democracy and Technology.

Although schools were experiencing ransomware attacks before the pandemic (in 2019 Louisiana was forced to declare a state of emergency in response to ransomware attacks), their prevalence has increased during the pandemic. Additionally, these attacks have the potential to be particularly devastating as schools are now heavily dependent on technology for remote learning, and students are already behind on instructional time. The Clark County School District in Nevada also had to deal with the exfiltration of its data, adding all the concerns of a typical data breach (loss of trust, identity theft of students and staff, secondary breaches, etc.) to the lost access and instructional time.

Schools are appealing targets for ransomware, because they maintain large amounts of data and are often under-resourced with respect to technology and technical expertise. However, there are steps schools can take to reduce the risk of a successful attack and minimize the harm if such an attack occurs. 

Prevention

Cybersecurity Best Practices

Because attackers must exploit some sort of vulnerability in order to get the ransomware onto the targeted system, standard cybersecurity practices are an important part of prevention. Best practices include: keeping systems’ software up to date to ensure that they have the latest security patches and thus are vulnerable to fewer attacks; training staff on cybersecurity so they do not inadvertently undermine systems’ security (such as by clicking on a malicious link or opening a malicious attachment to an email); and implementing security features such as multifactor authentication to make it easy for users to keep the system secure (particularly if users are able to use a single sign on (SSO) system to access most or all of their accounts).

Backing Up Data and Systems

A key element of being prepared for ransomware specifically is backing up systems and data. While this will not prevent the exfiltration of data (discussed below), it can help restore systems more quickly without paying the demanded ransom. However, more sophisticated ransomware will try to defeat the backup process, often by encrypting the backed up data as well or deleting it altogether. There are a few approaches to making backups that are robust enough to mitigate this risk:

• Off-site backups, which are backups that are stored in a different place or system as the primary data (such as a separate cloud instance or with a different provider), may provide more security than a backup that exists on the same system as the primary data. However, if these backups are done automatically, they may still be vulnerable if the scheduled backup happens after the ransomware infection, and thus backs up the encrypted data. 
• “Air-gapping” the data backup provides stronger protection than off-site backups. Air-gapped backups are fully disconnected from the internet, serving as strong protection against that backup becoming infected with malware. However, air-gapping drives can be labor-intensive, as the process typically cannot be fully automated since disconnecting a backup physically (unplugging it) is generally the most effective approach. So, depending on an organization’s resources, it may make sense to prioritize air-gapping critical data and data that will not change frequently to minimize the need for this step.
• Another backup technique is to use Write Once, Read Many (WORM) drives. These are drives that can only be written one time, permanently, and then the data cannot be changed. While these are effective against ransomware (since the original, uncorrupted data cannot be overwritten by corrupted or encrypted data), they are expensive, as every backup requires a new drive. Thus, much like air-gapped drives, it might be necessary for an organization to reserve this approach for critical data that is worth the extra cost, or relatively stable data that does not change regularly, thus giving the drive a longer lifespan.

Alternative communications

If a ransomware attack is pervasive enough, it may also impact communications systems like email or even office phone functionality (“softphones” that use the internet to make calls rather than a traditional phone provider may be vulnerable). Schools should have emergency channels of communication in place. This may mean a phone tree or call list to notify those who need to play a role in restoring the system, as well as a separate, non-soft phone line for staff to report ransomware (or other incidents) if they are unable to use normal channels.

Response

Restoring from Backups

Regardless of how an organization backs up its data, it is important to have a plan in place to restore from those backups. Additionally, organizations should routinely confirm that backups are successfully completed and practice this restoration process to ensure that it works as expected, especially as systems are updated over time. If organizations contract out their IT or otherwise do not maintain their own systems, this may mean engaging with the responsible parties to ensure they have a system for monitoring and testing data restoration. For organizations that manage their own systems, this may mean having a test bed (a separate copy of the live system to run tests and try out upgrades) that they can use to practice wiping and restoring. Test beds can be as simple as one or two computers that simulate the main functions of the system to practice restoration on a small scale. 

A complicating factor in restoration is ensuring that the ransomware is fully purged from the system before it is restored from the back up—if the ransomware has not been eradicated, it may re-infect the system after restoration. Consequently, it is also important to keep a separate, air-gapped copy of the backup while restoring, in the event that the backup data is corrupted during the restoration process.

If a school does not have backups sufficient to restore their systems, they may be considering paying the ransom. However, there are legal and policy concerns to weigh before undertaking this decision, so schools should consult with their counsel and with law enforcement before taking any action.

Communication

Another important component of responding to a ransomware attack is communicating to affected parties and potentially law enforcement, usually under the guidance of legal counsel. If student or teacher data were exfiltrated, those populations should be notified. In some cases, there may be a legal requirement to do so, but there are also other reasons to communicate with the school community about an attack. Communication can help establish trust with the community, and ensure that they have accurate information from a reputable source. As part of the communication, the community should be given the information and assistance they need to protect themselves from the fallout, such as taking steps to avoid identity theft. There are also best practices to consider when communicating about an attack. Information should be timely as possible, but organizations should ensure they have accurate information before communicating, particularly about evolving incidents. Additionally, communication should be widely accessible to the community, which may mean offering the information in a variety of formats and languages.

In addition to communicating with the school community, communicating to law enforcement can be useful both for the victim organization and also as part of an information-sharing strategy to prevent other attacks and develop responses and software patches. Both local law enforcement and federal agencies may be able to assist organizations in investigating and recovering from an attack. Sharing with Information Sharing and Analysis Centers (ISACs) can also be a part of this information-building approach. Additionally, schools should have a plan for communicating with the media if necessary, and have channels in place for staff to communicate back to the organization, both to raise issues they are facing and to pass along any information requests they receive from families and the media.

Ransomware attacks can rob students of acutely needed instructional time and jeopardize financial security. Thus, it is important that schools take the necessary steps to protect themselves and, in turn, their students.

Further Reading:

• https://studentprivacy.ed.gov/resources/data-breach-scenario-trainings
• https://www.consumer.ftc.gov/articles/0040-child-identity-theft
• https://www.ibm.com/downloads/cas/EV6NAQR4
• https://www.cisa.gov/ransomware
• https://us-cert.cisa.gov/ncas/alerts/aa20-302a
• https://www.cisecurity.org/ms-isac/ 
• https://level-up.cc/curriculum/malware-protection/safer-software-updating/
• https://www.atlantech.net/blog/full-backup-vs.-incremental-backup-vs.-differential-backup-which-is-best

Ransomware Incident Response Checklist

Preparing before an incident and responding effectively, should one occur, can greatly reduce the harm the incident causes. In addition to the steps schools should take in the event of a standard data breach attack, there are steps specific to ransomware that will help minimize the damage. The steps presented here are intended to supplement those laid out in the Data Breach Response Checklist offered by the U.S. Department of Education.

Before the Incident:

• Prepare a ransomware response protocol
  • Assign roles and responsibilities. This should include someone responsible for overseeing restoration of systems impacted by the attack, someone to communicate with law enforcement and other partners, and a point of contact for students and families.
  • Put procedures in place for each role. Processes for restoration should be well documented, and a list of contacts at law enforcement agencies should be established. This may include federal agencies like the FBI, local law enforcement, and other partners like Information Sharing and Analysis Centers (ISACs).
• Establish backup practices
  • Set a schedule for backing up data. Information that changes regularly and is important for providing day-to-day educational services may need to be backed up more often than data that is more stable or less critical.
  • Critical data should also be periodically backed up to an off-site or air-gapped location, which is not connected to or accessible from the main system. This is to ensure that the most critical data is still available even if the regular backups are corrupted in a ransomware attack. Ensure that each new off-site backup is clean before erasing the last off-site backup.
  • Run sessions to practice restoring from backups. This will ensure that the backups are accessible to those who need them and sufficient to restore the system. Additionally, running trial sessions regularly will ensure that restoration protocols stay up to date as your systems are updated or changed. Typically, these sessions are run on a test bed (a separate copy of the live system to run tests and try out upgrades) to avoid affecting the main system during testing and practice. A testbed can be as simple as one or two computers that simulate the main functions of the system to practice restoration on a small scale.

During / After the Incident:

• Ensure protection of the data.
  • Before you restore the system, consider contacting law enforcement. They may be able to assist, but may also request information that may help them identify attackers or assist with or prevent later attacks, and the process of restoring the system may make it impossible to obtain that information.
  • Also before attempting any restoration of the active system, ensure that the infected computers are isolated from any that remain unaffected (for instance, if a teacher laptop has been unaffected, ask them to disconnect it from the internet to prevent it from receiving infected updates from the main system), and that the malware has been scrubbed from the system. This will help prevent the corruption of any backups you are using to restore the system.
  • If the regular backups are corrupted and you need to restore critical systems from the off-site or air-gapped backup, replicate the off-site backup using a clean computer before you attempt to use the backup to restore the system. This will ensure that even if the main system has not been adequately cleaned of the ransomware and is able to corrupt the off-site backup when it is connected to the main system, there will still be a clean copy of any critical data.
• Use fallback communication channels to inform staff of the incident.
  • Provide them with instructions about whether or not to use school systems, how to handle any ransom demands they may receive, and provide them with a protocol for handling questions they get from students and families (what, if any, information teachers can provide to families and who families should contact for further information).
• Communicate with parents and families when possible.
  • In some cases there may be a legal requirement to do so, but there are also other reasons to communicate with the school community about an attack. It can help establish trust with the community, and ensure that they have accurate information from a reputable source.
  • Additionally, parents and families may need to take steps to protect themselves if sensitive data has been exfiltrated as part of the attack, or if attackers are using their contact information to try to launch another attack. Schools should communicate in a timely way, but ensuring the communications are accurate should be a priority, particularly for still-evolving incidents.
  • Communication should be widely accessible to the community, which may mean offering the information in a variety of formats and languages.

The post Ransomware in Schools: Best Practices for Prevention and Mitigation appeared first on Center for Democracy and Technology.

It would also improve the options available to voters for casting their vote, in part by expanding access to absentee ballots and improving absentee voting systems. The first version of the For the People Act, passed by the U.S. House of Representatives in 2019, included absentee-related provisions that would:

• Ensure that all eligible voters can vote absentee by mail.
• Require states to process ballots that have been postmarked by Election Day.
• Require states to notify voters if their absentee ballot signature was judged invalid, and give voters another opportunity to verify their vote.
• Enable voters with disabilities to electronically request or receive applications to register to vote or receive an absentee ballot.

This year, the House passed an updated version, which adds several new absentee-related provisions:

• Require states to prepay the return postage for ballots. Fewer than half of states have laws requiring return postage for ballots to be prepaid, raising a monetary and an inconvenience barrier to voting absentee.
• Require states to provide secure and accessible ballot drop boxes, equitably distributed across the state, with more drop boxes in more populous counties. Last year, we saw states like Texas reduce the number of drop-off locations to just one per county; this would put an end to that.
• Require states to begin processing and scanning absentee ballots 14 days prior to Election Day. Election officials in some states were prevented from processing absentee ballots until Election Day, which set the stage for election-related disinformation last year and ultimately helped lead to violence. CDT has previously called for eliminating this unnecessary delay, which this provision does.

Absentee voting became a huge source of controversy, with detractors spreading the myth that it enables mass fraud, or that it would disproportionately help Democrats (a new paper shows it didn’t). But with the COVID-19 pandemic leading to historically high rates of absentee voting, it seems likely that many voters will continue to want the flexibility of voting easily from home. Some state legislators attempting to roll back absentee eligibility are facing resistance from their constituents; for example, one poll found 52% of Iowans are against a proposed effort to limit absentee voting in their state, and only 42% are in favor.

Expanding and improving absentee voting is a great way to improve voter access, while potentially increasing the number of votes cast on hand-marked paper ballots, the gold standard for election auditability. And by spreading voting out over time and space, absentee voting can lessen the impact of a potential Election Day cyber-attack on polling place infrastructure, like e-pollbooks.

The For the People Act appears unlikely to pass the Senate in its current form. And election officials are not happy about every provision in the bill; some requirements appear to be impossible to satisfy, and some requirements don’t come paired with the funding election officials will need.

But sections from bills that don’t pass are often mixed and matched into other bills that do have a chance of passage. Here’s hoping that Congress can pass these much-needed absentee-related provisions on a bipartisan basis. Giving voters more options shouldn’t be controversial.

The post Updated For the People Act Has Some Much-Needed Improvements for Absentee Voting appeared first on Center for Democracy and Technology.

CDT’s Tech Talk is a podcast where we dish on tech and Internet policy, while also explaining what these policies mean to our daily lives. You can find Tech Talk on Spotify, SoundCloud, iTunes, and Google Play, as well as Stitcher and TuneIn.

We have another exciting show for you this week!

Last month, the Center for Democracy & Technology in partnership with the KAS Foundation, issued a report examining cybersecurity vulnerabilities in the U.S. election system. The report, an Agenda for U.S. Election Cybersecurity, looks beyond the scope of the recently updated federal voting machine guidelines and examines vulnerabilities in election infrastructure in four additional areas: voter registration systems; poll books; absentee and mail-in voting; and the people who are involved in elections.

Here to talk more about this report and what can be done to help restore public confidence in the election process is CDT’s Senior Technologist for Elections and Democracy, Will Adler.

Listen

The post Tech Talk: Beyond the 2020 Election — Talking Tech W/ Will Adler appeared first on Center for Democracy and Technology.

While the updated VVSGs are essential for election security, their scope is limited to “voting systems,” the hardware and software used to cast and count ballots. 

But election cybersecurity is about more than just voting machines.

That’s why CDT, in collaboration with the Konrad-Adenauer-Stiftung (KAS) foundation, issued a new report today, An Agenda for U.S. Election Cybersecurity, that considers election infrastructure components beyond voting systems. As shown in the below figure, voting systems are just one component of election infrastructure that must be secured.

In the report, we describe best practices and policy considerations for election officials, members of Congress, and federal agencies, on the following components of election infrastructure:

• Voter registration systems
• Poll books
• Voting machines
• Absentee and mail-in voting
• Tabulation and reporting
• Individuals involved in elections

The cybersecurity of non-voting systems is just as critical to the integrity of the vote. For example, a cyber attacker could wreak havoc if they were to successfully attack state voter registration systems at a critical time. We got a sense of what that could look like last year when, on the last day for Floridians to register to vote, pop star Ariana Grande tweeted out a note encouraging her followers to register, causing traffic to spike up to 1.1 million requests per hour.

The traffic, and misconfigured servers, led to the system becoming unavailable, preventing voters from being able to register and leading to eventual litigation. Had this been the result of an intentional attack—or had it been paired with a disinformation campaign spreading lies about the provenance or purpose of the attack—it could have more seriously undermined trust in the election.

Another component of election infrastructure that must be secured is poll books. Instead of signing voters into a physical poll book, states are increasingly using internet-connected e-poll books to check in voters. These have several advantages, including: speeding up the check-in process; enabling real-time updates to the voter registration database, including registering voters as they check in; and enabling a vote center model in which voters of a jurisdiction can show up at any polling place. 

But because e-poll books must be connected to the internet, they create cybersecurity vulnerabilities. Specifically, if a cyber attack successfully targeted an e-poll book system, in-person voting could be halted for hours. This elevates the importance of securing these systems and ensuring that jurisdictions, to the extent possible, have paper backups on hand.

One major improvement Congress could make to election security would be to consistently fund the Election Assistance Commission at higher levels. For one thing, more funding could streamline the VVSG updating process and ensure that they are more responsive to current conditions. The EAC could also expand its scope, potentially providing guidance for states on best cybersecurity practices on non-voting systems like e-poll books. 

The EAC has shown an interest in this kind of program, partnering with the Center for Internet Security to pilot a program focused on securing non-voting election technology. This is a promising venture, and we support the EAC receiving funding sufficient to help secure even more of American election infrastructure.

Despite election experts describing the 2020 election as the most secure in American history, many voters distrust the results. A functioning democracy depends on widespread trust, and that in turn depends on secure elections infrastructure. While there were no major successful cyber attacks on our election infrastructure last year, we should not rest on our laurels. We hope that the best practices and policy considerations we offer provide an agenda for ensuring the resilience of American democracy.

The post Election Cybersecurity is About More than Just Voting Machines appeared first on Center for Democracy and Technology.

CDT, in collaboration with Konrad-Adenauer-Stiftung (KAS), has released a report outlining an agenda for important U.S. election cybersecurity improvements for 2021 and beyond. The introduction of the report is pasted below, and you can read the whole report here.

***

Introduction: U.S. democracy in the digital age

Although no election is flawless, a functioning democratic government rests on the people’s trust in electoral systems to produce fair and accurate results. Yet, during political campaigns, and before, during and after the elections themselves, malicious actors can influence information flows; public opinion is often manufactured and manipulated; and digital and analogue election infrastructure continue to have weaknesses. Policymakers can support the work of election officials to ensure that the elections are fair, secure, and efficient, that voters have the ability to cast their vote without obstacle and, most importantly, that every vote is counted as intended.

This year, the COVID-19 pandemic posed an extra challenge for election officials. But even without a pandemic, election administration is more complicated than it might seem at first glance. The following graphic, reproduced from election administration expert Charles Stewart III, depicts the components of election infrastructure and the paths by which information flows between them:

It is critical to secure these connections and transmissions, especially those across the open internet, which are represented by solid lines in the figure. A cyber attack, ranging from data capture to manipulation, is possible any time information is transmitted over the internet. It is also critical to physically secure even the “air-gapped” components that are not connected to the internet. There are known security flaws with many components and machines still in use that could enable a hacker with physical access to change the software on a machine.

One challenge to secure elections is that responsibility for components of election infrastructure are spread across a large number of jurisdictions and authorities. The federal government sets some minimum standards for election machinery and operations and provides some guidance and assistance. States maintain voter registration databases and statewide results reporting systems. But counties and localities are responsible for running the elections themselves: checking people in, administering in person voting infrastructure, and tallying votes. This creates the possibility for diffusion of responsibility, making security dependent on good communication across federal, state, and local levels. Fortunately, there have been significant improvements in coordination in recent years.

Improvements to security are not only about ensuring that components cannot be tampered with, but also about improving trust. Even with no evidence of major problems in the 2020 general election, and with a coalition of election officials releasing a statement saying that the election “was the most secure in American history,” the weeks following the election were marked by rampant disinformation campaigns about alleged but unproven insecurities in the electoral process. This clearly demonstrates that there is work to be done not only to secure elections but to convince the public that elections, and election results, can be trusted. This involves making real improvements to cybersecurity and electoral processes, as well as engaging in voter education about how elections work and what safeguards exist to secure them.

For this report, we explore the challenges of maintaining security in U.S. elections and how election officials and policymakers might best address them. We examine the vulnerabilities in various components of the election infrastructure used in the biennial national elections. We analyze an array of events and situations that arose in recent elections including those in 2020, and we offer best practices for a U.S. elections cybersecurity agenda. While focused on American elections, we hope that some of the findings here can also provide guidance for other countries with different election infrastructures and needs.

Read the full report here.

The post CDT Report: An Agenda for U.S. Election Cybersecurity appeared first on Center for Democracy and Technology.

In these comments, CDT shares analysis and resources addressing three specific topics relevant to disinformation:

• Existing research and the gaps in our understanding of how disinformation affects vulnerable communities;
• Election-related disinformation and its relationship to voter suppression; and
• The risks to freedom of expression that arise at the intersection of intermediary liability law and disinformation.

Read the full comments here.

The post CDT Comments to the UN Special Rapporteur on Freedom of Expression for Upcoming Report on Disinformation appeared first on Center for Democracy and Technology.

William T. Adler, Center for Democracy & Technology (CDT)
David Levine, Alliance for Securing Democracy (ASD)

***

Introduction

The deadly events of January 6, 2021 have made it abundantly clear that there is a severe crisis of trust in American democracy.

The thousands of rioters who stormed the Capitol building and disrupted the Congressional certification of the election had their anger stoked by repeated unproven claims about the 2020 presidential election. Five people died in the insurrection, including two Capitol Hill police officers. Despite no evidence of major successful attacks on our election infrastructure or voter fraud on a scale that could change the outcome of the election, confidence in the 2020 presidential election results is sharply divided along partisan lines.

A functioning democracy depends on widespread trust in its electoral systems. As President Biden begins his term, one major task for his administration and leaders across the country is to understand why so many Americans refuse to accept the results of the election, and to take steps to bolster trust in democracy.

After years of domestic and foreign attacks intended to sow distrust in democracy, rebuilding trust will be neither fast nor easy. But as a first step, the President should issue an executive order (EO) establishing a Presidential Commission on Election Resilience and Trust (PCERT).

The Commission would identify best practices and make recommendations to ensure that more Americans believe our elections are legitimate. In 2013, President Obama established a Presidential Commission on Election Administration (PCEA), which produced recommendations that ultimately were widely adopted. The successful PCEA can serve as a blueprint for how this new commission can effectively address the problems of today.

We suggest this Commission focus on the following three topics, at a minimum:

1. Best practices for bolstering trust in elections, such as more widespread adoption of robust post-election audits, which can increase voter confidence in election outcomes regardless of who wins;
2. Best practices for countering false information from foreign and domestic actors that undermines confidence in election integrity; and
3. How and whether to make permanent some of the administrative and policy changes state and local officials made in response to the coronavirus pandemic, such as expansion of absentee voting, early voting, and others.

There appears to be growing bipartisan support for tackling these challenges. The Capitol siege should serve as a call for the parties to transcend partisan divisions and work together. The Commission will not solve all the problems that ail our democracy, but its recommendations should lay the groundwork for a more informed, rational, and sober discussion of these issues.

The Commission should ultimately present a series of recommendations for election officials, lawmakers, members of the media, civic leaders, social media platforms, and others aimed at improving U.S. election administration and voter confidence.

Read the full report here.

You can also find this report on ASD’s website here.

The post CDT & ASD Joint Report – Trusting the Vote: Establishing a Presidential Commission on Election Resilience and Trust appeared first on Center for Democracy and Technology.

Many things have gotten us to this low point: years-long campaigns to falsely raise the specter of voter fraud, the rapid spread of misinformation over the internet, and the rise of far-right extremism. Accordingly, we will need all hands on deck to understand how to address this crisis. Election officials, members of the media, social media stakeholders, and experts in misinformation from across the political spectrum will need to collaborate to study the problem and recommend next steps.

That’s why, today, CDT and the Alliance for Securing Democracy are calling on President Biden to create a bipartisan commission of experts from multiple sectors, to recommend ways to restore public trust in democracy. We are calling this the Presidential Commission on Election Resilience and Trust, or PCERT.

In 2013, President Obama established by executive order the Presidential Commission on Election Administration. He tasked it with identifying ways to make election administration more efficient, improve the voter experience (for example, by reducing wait times), and improve ballot access for marginalized voters such as those with disabilities. Many of the recommendations made by this commission were ultimately adopted, and the commission was generally considered a success.

If the membership of PCERT is well-chosen, drawing from the public and private sector, including people with relevant experience, we believe PCERT can replicate the success of the previous commission.

We recommend PCERT focus on three topics:

1. Best practices for bolstering trust in elections, such as more widespread adoption of robust post-election audits, which can increase voter confidence in election outcomes regardless of who wins;
2. Best practices for countering false information from foreign and domestic actors that undermines confidence in election integrity; and
3. How and whether to make permanent some of the administrative and policy changes state and local officials made in response to the coronavirus pandemic, such as expansion of absentee voting and early voting.

With the House and Senate set to consider democracy reform in the For the People Act, Congress is actively engaged in debate on these issues. But even if the legislation passes, our work will not be over. As President Biden said in his inaugural address, “democracy is fragile.” And it will take all of us to strengthen it. 

A commission is not a panacea, but its recommendations should lay the groundwork for more informed, rational, and sober ways to help strengthen and protect our democracy.

The post President Biden Should Establish a Commission to Restore Trust in Democracy appeared first on Center for Democracy and Technology.

SUBSCRIBE

The ways in which people experience the internet, and the accompanying civil and human rights concerns, are fundamentally informed by its core infrastructure. However, the internet’s ongoing development, implementation, and maintenance remain practically invisible to the broader public. 

Instead, debates about these technical problems take place within a narrow and complex landscape of internet standards development organizations that convene experts in the public interest. 

Understanding the issues that arise in these conversations — such as net neutrality and the architecture tradeoffs between user privacy and network security — can help provide a fuller picture of technology’s role in societies around the world.

We’re calling the newsletter I*: Navigating Internet Governance and Standards. It will highlight emerging issues and clearly explain their technical underpinnings for a non-technical audience. 

It will also provide brief and clear expert insight into trusted and curated source material, focusing on the current privacy and free expression controversies within several “I-star” standards-setting organizations — namely, the Internet Corporation for Assigned Names and Numbers (ICANN), the Internet Engineering Task Force (IETF), the Institute of Electrical and Electronics Engineers (IEEE), and the International Telecommunication Union (ITU).

SUBSCRIBE

From the systems that determine routes for sending and receiving data across the internet and the new internet protocols containing “killswitches” that could have dramatic implications for free expression, to the rollout of end-to-end encryption for messaging services and the antitrust implications of placement in search results, public interest technology issues have an impact on every user of the internet around the world.

CDT has a long history in the internet governance arena. In 2000, we started the Internet Standards, Technology & Policy Project with the goals of driving public interest involvement in key internet standards-setting bodies, and making technical resources available to policymakers and advocates. Since then, we have continuously engaged in internet standards debates over issues like the IANA transition and privacy safeguards for location information.

We look forward to sharing with you the things technologists working in the public interest are thinking about, and why they’re important!

Subscribe to the newsletter here.

SUBSCRIBE

The post New CDT Newsletter for Journalists Highlights Emerging Internet Infrastructure Issues appeared first on Center for Democracy and Technology.