There aren’t any inherent obstacles in the Internet infrastructure to limit the accessibility of new generic top-level domains (gTLDs), but systems changes may be needed to completely open up the possibilities that gTLDs provide, said ICANN’s Universal Acceptance Steering Group (UASG) Monday in the results of a study. The Asia Pacific Network Information Centre’s APNIC Labs division did the study June 9-July 10 via an online advertisement using Google Ads, ICANN said. The study included more than 184 million automated tests involving more than 36 million end-users, the nonprofit said. There was a 5 percent failure rate of tested unique URL queries, ICANN said. The most common problems involved Adobe’s Flash product being used in Microsoft’s Internet Explorer browser and Mozilla’s Firefox browser when accessing Internationalized Domain Name TLDs, ICANN said. The problems the UASG report identified “resulted in a larger than expected number of IDN TLDs being unresolvable, clearly an issue for Universal Acceptance,” UASG Chairman Ram Mohan said in a news release. “The UASG is reaching out to Microsoft, Mozilla and Adobe to further investigate and mitigate this issue identified in the report, and ensure problems are resolved for all TLDs.” The study results “were in-line with our expectations," said ICANN Chief Technology Officer David Conrad in the news release. "However, there will need to be changes to systems and software to fully leverage the global opportunities these new TLDs enable.”

Global Cyberspace Cooperation Summit participants voted last week to adopt a set of cybersecurity principles that include “fact-driven, risk-informed, and transparent requirements to help information technology buyers acquire more secure products from global sources,” the EastWest Institute said Tuesday. The group hosted the summit that ended Thursday. The summit also adopted “rules of the road for the use of cyber weapons” and “streamlined procedures for fighting international cybercrime and protecting critical infrastructure,” EastWest said. The adopted cybersecurity principles build on reports from Huawei and Microsoft, EastWest said. “The world needs a way to better manage cybersecurity risks,” Microsoft Corporate Vice President-Trustworthy Computing Scott Charney said in an EastWest news release. “The answer lies in globally accepted cybersecurity norms of behavior for states, vendor transparency, and increased user control.” The private sector must act to address cybersecurity challenges, which “keep getting bigger as the rate of change accelerates,” CenturyLink Board Chairman William Owens said in the news release. “We can’t wait for governments to act.”

“To retain the value of human dignity and prevent individuals [from] being reduced to mere data subjects,” European Data Protection Supervisor (EDPS) Giovanni Buttarelli urged the EU and other international organizations to promote an “ethical dimension in future technologies” and announced the creation of a new EU data protection ethics board to help define new digital ethics, an EDPS news release said Friday. “The future technological environment will be made up of an interdependent ecosystem of legislators, corporations, IT developers and individuals” who are equally responsible for “shaping it,” Buttarelli said. “Any imbalance of power risks its sustainability,” he said. “The continued, massive and indiscriminate collection of personal information by governments and businesses risks killing the golden goose,” Buttarelli said. Buttarelli also urged passage of future-oriented laws that redress power imbalances and modernize data protection frameworks and said organizations should be accountable and have a new ethical approach to handling personal data they collect, which includes creating codes and policies that safeguard human dignity. He also asked the IT industry to design privacy-conscious technology.

OkCupid hasn’t implemented HTTPS sitewide to ensure user data is safeguarded, three years after the Electronic Frontier Foundation “first called out” the site, wrote EFF Activism Director Rainey Reitman in a blog post Friday. “For users who haven’t upgraded to paid accounts, their emails, chat sessions, searches, clicked links, pages viewed, and usernames are transmitted over the Internet in unencrypted plaintext, where they can be intercepted and read by anyone on the network.” OkCupid has enabled some HTTPS encryption on its site for those who pay to use the site and during the initial log in, she said. Failing to enable HTTPS across the entire site leaks a lot of data about most users, she said. Reitman encouraged the public to sign a petition started by Fight for the Future (see 1509110041) to “pressure the company into doing the right thing.”

In the wake of the Ashley Madison breach, Fight for the Future, a nonprofit aiming to “expand the Internet’s power for good,” announced Thursday it created a petition that asks dating site OkCupid to stop cutting corners and to implement basic user privacy protections. OkCupid “doesn’t use basic HTTPS encryption to protect user privacy, so everything you do on the site can be seen by anyone who wants to spy on you,” the petition says, which includes every question a user has answered, even those questions that were answered privately, every message sent, and every profile a user visited. “Dating sites house some of our most personal and potentially embarrassing data,” such as sexual preferences and health, drug use and other illegal activity, and political and religious views, the petition said. Cutting corners on security isn’t just sloppy, it’s unsafe, it said. OkCupid didn’t comment.

The FBI warned of possible cybercrime opportunities that have emerged due to an increased number of IoT devices. “Unsecured or weakly secured devices provide opportunities for cyber criminals to intrude upon private networks and gain access to other devices and information attached to these networks,” the Thursday alert said. “Devices with default passwords or open Wi-Fi connections are an easy target for cyber actors to exploit.” Among recommendations the FBI offered consumers are to: isolate IoT devices on their own protected networks; disable UPnP on routers; consider whether devices are ideal for their intended purpose; purchase devices from manufacturers with a trusted security record; update devices with security patches when available; change default passwords and open Wi-Fi connections; and be aware of device capabilities, especially if the device is used for medical purposes, is capable of remote operation or transmits data.

The Electronic Privacy Information Center filed an “expedited FOIA request to obtain a secret agreement between U.S. and EU law enforcement agencies concerning the transfer of personal data,” said a post on EPIC’s website Thursday. “‘There is an urgency to inform the public’ about the contents of the agreement.” The Department of Homeland Security has 10 days to respond to EPIC’s Freedom of Information Act request for information on the umbrella agreement, it said.

Dropbox joined the Internet Association, IA said in a news release Thursday. “We’re proud to join the Internet Association and look forward to supporting public policy outcomes that advance the interests of people who use Dropbox," said Amber Cottle, head of Dropbox global public policy and government affairs.

California Gov. Jerry Brown (D) vetoed a drone bill Wednesday that would have allowed trespassing charges to be filed against an individual flying drones less than 350 feet above real property without the express permission of the property owner, regardless whether anyone’s privacy was violated. In his veto message to the Senate, Brown said drone technology raises “novel issues that merit careful examination” but said he vetoed SB-142 because, “while well-intentioned,” it “could expose the occasional hobbyist and the FAA-approved commercial user alike to burdensome litigation and new causes of action.” Brown asked the state Senate to look at this issue more carefully. Brown signed a bill proposed by Sen. Anthony Cannella (R), SB-676, that enables easier prosecution of those who engage in cyber exploitation and revenge porn. Meanwhile, California’s Electronic Communications Privacy Act (SB-178) passed the Senate 32-4 Wednesday.

Microsoft released 12 updates to address vulnerabilities in Microsoft Windows that may allow an attacker to take control of an affected system, said a U.S. Computer Emergency Readiness Team alert Tuesday.