Skip to Content

Cybersecurity & Standards

Global Policy Weekly – April 3, 2013

CDT’s Global Policy Weekly highlights the latest Internet policy developments and proposals from around the world, compiled by CDT’s Global Internet Freedom Project.


Anti-spam non-profit Spamhaus fell victim to a number of large denial-of-service attacks that appear to implicate Dutch hosting service CyberBunker, which had been a target of Spamhaus’s anti-spam efforts in the past. Sven Olaf Kamphuis, a spokesperson for CyberBunker, denied that the company was behind the attacks. While some reports indicated that the attack “threatened” the entire Internet, other commentators note that the size of the attack, while large, was not unheard of. The attack was also notable because it ended up impacting three large Internet Exchange Points, making the effect felt beyond the initial target.

The NATO Cooperative Cyber Defense Center of Excellence commissioned a report on the the Stuxnet cyberattack against Iran’s uranium enrichment program in 2009 and 2010. While the United States government has never admitted any connection to the attack, it is widely believed that the US was behind Stuxnet. The 20 expert authors of the NATO study unanimously agreed that Stuxnet was an “act of force” and probably illegal under international law. The writers were unsure if it was an “armed attack,” under which the Geneva Convention’s laws of war would apply.

The Canadian Supreme Court ruled that members of law enforcement need a wiretap order to intercept a person’s text messages as they are sent and received. The ruling gives text messages the same level of protection as voice conversations over the phone. Privacy provisions in the Canadian Criminal Code make it more difficult to get a wiretap order than a standard warrant, in order to protect private communications. Commentators point out that protections in the United States are much less clear cut, with courts divided on whether law enforcement needs a warrant to access text messages.


The National Human Rights Commission of South Korea has recommended that South Korea carefully the human-rights impact of its “three-strikes” law on copyright infringement (among other copyright reform recommendations). Also known as graduated response, the law enables government officials to compel Korean online service providers to freeze accounts of serial infringers with little to no judicial oversight or right to appeal. Choi Jae-Cheon and twelve of his colleagues in the Korean National Assembly announced that they will introduce a bill to repeal the law. An international coalition of human rights groups has written a letter in support of Mr. Choi’s initiative.


Mexico’s lower house voted in support of a bill to reform the country’s telecommunications sector, including the mobile market. If passed, the bill will establish a new regulatory body with the authority to break up dominant firms, establish asymmetric regulation, and force companies to unbundle services. Currently there is very little competition in the telephone market; 70% of mobile phones and broadband and 75% of fixed telephone lines are controlled by America Movil SAB. The Senate is expected to vote on the proposed law in April.


Slovenia’s Information Commissioner brought the country’s implementation of the data retention directive to Constitutional Court. The Commissioner challenged the constitutionality of the Act on Electronic Communications, saying that it violated the principle of proportionality. The Slovenian implementation extended data retention practices to all criminal offenses, as well as cases of national security, constitutional order, and state political and economic interests. The court is expected to rule on the case in the coming year. CDT has released this brief overview of data retention mandates and privacy in 2012.