SOSi Report on Cybersecurity Threats of China's Internet of Things (IoT)

A report, contracted by the USCC [U.S.-CHINA Economic And Security Review Commission] and authored by SOS International, outlines China’s state-led approach to IoT development, assesses the implications for the U.S. economy, national security, and the privacy of U.S. data, and makes recommendations for U.S. policymakers. China’s concerted, state-led approach, including ongoing efforts to influence international IoT standards, has put China in a position to credibly compete against the United States and other leaders in the emerging IoT industry. China’s research into IoT security vulnerabilities and its growing civil-military cooperation raise concerns about gaining unauthorized access to IoT devices and sensitive data. In addition, China’s authorized access to the IoT data of U.S. consumers will only grow as Chinese IoT companies leverage their advantages in production and cost to gain market share in the United States based on the terms of use and sweeping Chinese government data access powers.

Full SOSi Report (pdf)

Key Findings: 
  • The Chinese government is driving development of the IoT—an industry it views as strategic— through the creation of IoT industrial and innovation centers, extensive financial support, and favorable regulations. Foreign firms, which are considered strategic rivals, face an uneven playing field and are subject to a number of policies that disadvantage them in favor of domestic firms, including restrictions on foreign investment, selective enforcement of Chinese laws to hinder the operation of foreign IoT firms in China, and forced technology transfer. 
  • China’s large market size, production capacity, and government support offer it some significant advantages, but it is still behind U.S. and other foreign leaders in many IoT technologies. Therefore, there is still a window for U.S. companies and the U.S. government to maintain a technological edge and influence future IoT development, standards, and roll-out. 
  • The Chinese government is actively attempting to influence international technical standards for the IoT that would benefit Chinese companies at the expense of U.S. and other foreign counterparts. China pursues a more coordinated and comprehensive strategy than the United States’ private-sector-led approach with U.S. entities often absent from key international standardization processes.
  • China has laid a solid groundwork for a comprehensive roll-out of fifth-generation wireless technology (5G), which will make the IoT faster and more effective, relying on a whole-ofcountry approach that has created an entire ecosystem for domestically manufactured 5G technologies and furthered their inclusion in international technical standards. China is on track to roll-out the largest and most reliable 5G networks, gaining a head start in developing the technologies that 5G enables—first among them, the IoT.  
  • Chinese-manufactured IoT devices have already become common vehicles for unauthorized access due to their widespread usage and insecure device configurations that have resulted in surreptitious data collection and the exploitation for cyberattacks, unauthorized remote access, and data theft. 
  • China is actively researching IoT vulnerabilities, both for security purposes and almost certainly to collect intelligence, conduct network reconnaissance for cyberattacks, and enhance its domestic surveillance powers. The combination of widespread adoption of IoT products and Chinese research into IoT exploits raises the threat of unauthorized access to U.S.-based IoT devices and networks. 
  • China’s authorized access to the IoT data of U.S. consumers will only grow as Chinese IoT companies leverage their advantages in production and cost to gain market share in the United States. 
  • While authorized data access, collection, and processing are indispensable parts of the IoT’s transformative potential, China poses a grave threat to U.S. privacy as its government and surveillance apparatuses are empowered to access this data well in excess of accepted international norms. In the short term, Chinese government and corporate access to U.S. data would be a huge opportunity for Chinese intelligence targeting operations. In the longer term, such access would provide a major edge to Chinese artificial intelligence (AI) development efforts, eventually culminating in a substantial Chinese economic advantage in another field that is expected to shape the economy of the future.  Existing U.S. data protections appear insufficient to protect U.S. data against harmful but authorized data access. The patchwork nature of U.S. laws and authorities leaves loopholes that could facilitate Chinese access to U.S. IoT data in bulk, an especially risky proposition given known Chinese motivations for accessing big data.
See also:
Full Press Release (embed below):

feedback & comments via twitter @DomainMondo



Facebook $FB Q3 2018 Earnings LIVE Webcast Oct 30, 5pm EDT

Facebook’s 2018 Just Keeps Getting Worse

30 million Facebook users had their accounts hacked (Fortune.com video, Oct 12, 2018).

Facebook, Inc.
Principal domains: facebook.com, whatsapp.com, messenger.com, instagram.com, oculus.com
Investor Relations: https://investor.fb.com/

Facebook Q3 2018 Earnings LIVE Webcast Oct 30, 2018, 5:00 pm EDT

Third quarter 2018 financial results will be released after market close on Tuesday, October 30, 2018. The live webcast (and replay), the company's earnings press release, financial tables, and slide presentation will be available from the investor relations website. A telephonic replay will be available for one week following the conference call at 404.537.3406 or 855.859.2056, Conference ID: 5638138.

UPDATE: Q3 2018 GAAP EPS of $1.76 beats by $0.30, revenue of $13.73B (+32.9% Y/Y) misses consensus estimates by $40M, user growth slowsEarnings Release (pdf) and Slides (pdf).

feedback & comments via twitter @DomainMondo



PP-18, ITU Plenipotentiary Conference 2018, Dubai, UAE

PP-18, ITU Plenipotentiary Conference 2018 | Dubai, UAE 29 Oct - 16 Nov 2-18
The ITU Plenipotentiary Conference consists of the representatives of the Member States of the Union. The Plenipotentiary Conference is the highest policy-making body of the International Telecommunication Union (ITU).

UPDATE Nov 1, 2018: Doreen Bogdan Martin (USA) elected!--first woman ever to hold an elective leadership position in the history of the ITU--congrats to Doreen and the ITU, as well as NTIA Administrator David Redl and staff, and Trump administration, for supporting her candidacy:
David Redl's article above, March, 2018-- NTIA worked hard in support of the election of Doreen Bogdan-Martin
Held every four years, the Plenipotentiary is the key event at which ITU Member States decide on the future role of the International Telecommunication Union (ITU), thereby determining the organization’s ability to influence and affect the development of information and communication technologies (ICTs) worldwide. The 'Plenipot' sets the ITU's general policies; adopts four-year strategic and financial plans; and elects the senior management team of the organization, the Member States of the Council, and the members of the Radio Regulations Board.
ITU News Magazine (pdf) excerpt:

Internet Related Resolutions:
Excerpt from Internet Society Background Paper on ITU Plenipotentiary 2018 (pdf)
In 2018, the ITU Plenipotentiary Conference will meet for the 20th time in Dubai, United Arab Emirates, from Monday, 29 October to Friday, 16 November 2018.

Date and Time in Dubai:

#Netgov #Cyber #G20 #IGF2018 #Plenipot18 @UN @ITU @ILO @WTO @G20org #Plenipot @WSISprocess @WEF @theGCSC @theGFCE @ICANN @ITUSecGen

Remarks of Assistant Secretary Redl at the Media Institute Communications Forum Luncheon | ntia.doc.gov May 17, 2018 excerpt:

feedback & comments via twitter @DomainMondo



News Review | ICANN63, Barcelona: The Good, The Bad, and The Ugly

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2018-10-28 with analysis and opinion: Features • 1) ICANN63, Barcelona: The Good, The Bad and The Ugly2) Other ICANN News: a. GDPR & WHOIS, UAM ... d. EPDP Meetings Oct 30 & Nov 1 and more, 3) Names, Domains & Trademarks: Fair Use vs. EU Copyright Directive, 4) ICYMI: Getting the World Online, 5) Most Read.

1) ICANN63, Barcelona: The Good, The Bad and The Ugly
 The Good, The Bad, And The Ugly  ICANN63
a. EPDP Working Group meetings at ICANN63 Highlights: 

 Registrants' Rights and Responsibilities
 Tucows Letter to ICANN re: AppDetex
We emphasize the GAC consensus advice from ICANN62 that urged ICANN to take all steps necessary to ensure the development and implementation of a unified access model that addresses accreditation, authentication, access and accountability, and applies to all contracted parties. We welcome ICANN’s efforts to facilitate the necessary community discussion through the Unified Access Model papers and emphasize the need to drive these discussions towards concrete and timely results.--ICANN63 GAC Communique (pdf)
For more on EPDP & GDPR at ICANN63 see last week's News Review: ICANN63 Meeting Oct 20-25, ICANN's Tipping Point?, but if you want ICANN's 'sanitized' version, here it is:

b. ICANN Dysfunction
"Wishlist" is a Forbidden Word? (graphic)
Review of all Rights Protection Mechanisms (RPMs) in all gTLDs PDP Working Group a/k/a RPM-WG:
  • Exhibit 1: 23 Oct 2018 email to RPM-WG Public Mail List from WG Co-Chair Phil Corwin (RySG - Verisign) "Note to Mr. Kirikos Regarding His Characterization of URS Sub-team Recommendations as 'Wishlists'";
  • Exhibit 2: 23 Oct 2018 reply email from Mr. Kirikos;
  • Exhibit 3: 21 Oct 2018 GNSO Council meeting transcript (pdf) pp. 23-36;

c. Slides (pdf) from ICANN63 Session 24 Oct 2018: What Issues and Challenges are Registrants Having Managing Domain Names?

d. GAC Communique (pdf):
"The GAC is not in a position to approve or reject the [CCWG WS2 on ICANN Accountability] recommendations on jurisdiction. Some GAC members support the recommendations. Other GAC members consider that they fall short of the objectives envisaged for Work Stream 2 and only partly mitigate the risks associated with ICANN’s subjection to US jurisdiction. The reasons why these members object to approving the recommendations are documented in the dissenting statement [pdf] submitted to the CCWG by Brazil." (emphasis and links added)
The GAC will next meet at ICANN64, Kobe, Japan, 9-14 Mar 2019.

e. ICANN63 pre- and post-meeting reports | ICANN.org.

f.  That sad Public Forum 2 at ICANN63--note particularly Amadeu Abril I Abril and Marilyn Cade's comments about ICANN's 'revolving door' and public perceptions of an unethical ICANN and its leadership--transcript (pdf) pp. 20-22, 29-31, 47-49.

Editor's final ICANN63 note: kudos to 
  • The Non-Commercial Stakeholders Group, Stephanie Perrin, Milton Mueller, and the entire NCSG's EPDP delegation, for standing up for registrants and registrants' rights;
  • Paul Foody for exposing the dysfunctional and corrupt foundation of ICANN's new gTLDs program at ICANN63's Public Forum 1, see transcript (pdf), pp.50-54.
Lastly, holding ICANN accountable: my comment (pdf) embed below, submitted Oct 21, 2018 (during ICANN63) re: Draft Final Report of The Second Security and Stability Advisory Committee Review (SSAC2). The public comment period closes 3 Dec 2018 23:59 UTC (subject to change by ICANN org).

2) Other ICANN News
graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
a. ICANN Board of Directors Report (pdf):
 Board Report - Genval Workshop
ICANN CEO Goran Marby: "... We continue to make significant progress in identifying a permanent solution for bringing ICANN and its contracted parties into compliance with the GDPR. With the Temporary Specification for gTLD Registration Data now in full effect, the org has shifted its focus towards developing a proposed unified access model. Please follow updates [here] ...." [p.3 of 87](emphasis added)
"DNS Engineering: As a security measure to mitigate Spectre/Meltdown vulnerabilities, all IMRS (ICANN Managed Root Servers) have a newly patched kernel and have been rebooted. Several new IMRS hosts were brought online. We completed testing of IANA domain moves from GoDaddy to CSC (IETF Trust). We implemented templates for better management of ICANN domains with ICANN domain registrars."[p.29 of 87](emphasis added).

b. FY18 Annual Report (pdf) of Expense Reimbursement and Other Payments to ICANN Directors for the Period 1 July 2017 Through 30 June 2018.

c. Summary of RDS PDP Organizational Lessons Learned  (pdf). Editor's Note: Another Story of ICANN Dysfunction--the RDS PDP. Stephanie Perrin's recent (Oct 22, 2018 pdf) take at ICANN63:

d. EPDP Meetings this coming week:
EPDP Meetings' start time this week: 13:00 UTC (9am EDT). Observers: Adobe Connect, or audio cast (browser or app). See also  GNSO Council EPDP page and updatesLinks to all EPDP meetings' transcripts and recordings are on the GNSO calendar. Other EPDP links: wikimail listaction itemsTemp SpecEPDP Charter (pdf), Data Elements Workbooks (pdf).

Thursday Nov 1 (wiki page, documents) agenda, meeting transcript (pdf), Adobe recording, MP3, Nov 1, 2018, EPDP draft Initial Report (pdf) prepared by ICANN staff. Notes and action items are here,  chat transcript (pdf) embed below: 

Tuesday Oct 30 (agenda, documents, recordings); Editor's note: see thisthisthis, and this on the mail list. High-level Notes/Actions here. Meeting transcript (pdf)l chat transcript (pdf) embed below:

e. More ICANN Dysfunction: Interim Supplementary Rules for the Independent Review Process (IRP):

f. is for FAILING new gTLDs: Minutes of ICANN Board Finance Committee (BFC) Meeting 3 Oct 2018: "The BFC further noted that the operations funding for FY18 was US$600,000 lower than the FY17 actuals and US$8.8 million lower than the FY18 adopted budget. During the course of FY18, there was a significant drop in the funding forecast against the adopted budget mainly due to the slower-than-anticipated growth of new gTLD registrations.

g. ICANN Board of Directors: Approved Board Resolutions 25 Oct 2018 | Organizational Meeting of the ICANN Board: no major organizaitonal changes. ICANN Annual Report for period July 1, 2017 - June 30 2018 (pdf). The ICANN Board adopted the Independent Review Process Interim Supplementary Procedures and other Board Resolutions at a Regular Meeting of the ICANN Board 25 Oct 2018, including Deferral of Transition to Thick WHOIS Consensus Policy Implementation for .COM, .NET, and .JOBS, and Replenishment of the Reserve Fund:
Resolved (2018.10.25.22), the Board directs the President and CEO, or his designee(s), to take all actions necessary to increase the Reserve Fund through annual excesses from the operating fund of ICANN organization by a total amount of US$32 million over a period of seven to eight years, starting with FY19.
Resolved (2018.10.25.23), the Board directs the President and CEO, or his designee(s), to take all actions necessary to allocate US$36 million of [new gTLD] auction proceeds to the Reserve Fund, as soon as technically feasible.
h. ICANN Public Comment Periods closing in November here.

i. GNSO Council Leadership: Keith Drazek (RySG - Verisign), Pam Little (RrSG - Alibaba Group), Rafik Dammak (NCSG - NTT Communications):
Editor's note: Pam Little is "first class" and a great choice! Someone at Alibaba Group also made a brilliant move in hiring her!

3) Names, Domains & Trademarks
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
a. Fair Use vs. EU Copyright Directive: 
“This [EU] Legislation Poses A Threat To Both Your Livelihood And Your Ability To Share Your Voice With The World.”
YouTube CEO says EU regulation will be bad for creators--‘Article 13 threatens hundreds of thousands of jobs’--theverge.com. Editor's note: many "creators" are domain name registrants.

b. ICYMI: Verisign $VRSN Q3 2018 Earnings, LIVE Webcast Oct 25: Verisign has "entered into an agreement with NeuStar, Inc. (“Neustar”) to sell the rights, economic benefits, and obligations, in all customer contracts related to its Security Services business."  Verisign's Chairman, President & CEO James Bidzos also said:
"To update you on our discussion about the Cooperative Agreement, we are mindful of the upcoming expiration and are progressing with the NTIA to amend the Cooperative Agreement by mutual agreement. When we are able to provide more information, we will do so. I will tell you that we are confident that an amended agreement can be executed before the expiration of the current term which is the end of November. However, until that process is complete, there is nothing more that we can disclose at this time."--transcript via SeekingAlpha.com (emphasis added).

4) ICYMI Internet Domain News 
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com
Almost 50% of the world is online, but getting the rest of the world online will be far more difficult--theguardian.com.
source: statista.com
Growth in global internet access dropped from 19% in 2007 to less than 6% last year--new data suggests the digital revolution will remain out of reach for billions--theweek.co.uk.

EU, US, China: There May Soon Be Three Internets. America’s Won’t Necessarily Be the Best. A breakup of the web grants privacy, security and freedom to some, and not so much to others.--Editorial, NYTimes.com.

5) Most Read Posts this past week on DomainMondo.com: 
graphic "Domain Mondo" ©2017 DomainMondo.com

-- John Poole, Editor  Domain Mondo 

feedback & comments via twitter @DomainMondo



Tech Review | Internet of Things Creating New Avenues for Cybercrime

graphic "Tech Review" ©2017 DomainMondo.com
Tech Review (TR 2018-10-27)--Domain Mondo's weekly review of tech investing news with commentary, analysis and opinion: Features • 1) Internet of Things Creating New Avenues for Cybercrime, 2) How China Went From Copying Tech to Cutting Edge, 3) Investing: The Week, Investing Notes, 4)ICYMI Tech News.

1) Internet of Things Creating New Avenues for Cybercrime

FT.com and Chubb.com video above published Oct 1, 2018: the Internet of Things (IoT) is creating new avenues for cybercrime. Cybersecurity practices in businesses vary from one company to another but just who is responsible for maintaining cybersecurity practices remains a big question in Cyber Risk Management and Cybersecurity.
SoftBank says there will be a trillion connected devices by 2025 and that "these devices, connected through the internet of things" will "generate $11 trillion in value by that time."-VentureBeat.com.

2) How China Went From Copying Tech to Cutting Edge

China's technology industry is developing into a serious rival to Silicon Valley, but there are political hurdles ahead. Bloomberg QuickTake explains how China's tech companies went from copycats to cutting edge, and why the U.S. government is crying foul. Bloomberg.com video above published Oct 16, 2018.

3) Investing
graphic: "INVESTING"  ©2017 DomainMondo.com
The Week: NASDAQ Composite -3.8% | S&P 500 Index -3.9% | DJIA -3%
The Market Sell-Off Is Overdone, This Is a 'Buying Opportunity'--Mikio Kumada, executive director and global strategist at LGT Capital Partners (domain: lgtcp.com), discusses the market sell-off and what to look out for in the future--video here.
Wall Street's Charging Bull
graphic of Charging Bull | DomainMondo.com
Investing Notes:

US: The party’s far from over for the U.S. economy, as Q3 GDP growth shows--GDP growth of 3.5% marks best two-quarter stretch in four years--a vigorous gain following a 4.2% burst of growth in the second quarter positions the economy for its best performance in 13 years. The last time the U.S. posted 3% growth for a full year was in 2005.

EU: Italy’s Debt Crisis--the European Union rejects Italy's budget--Italy has three weeks to revise its budget under the EU’s rules (Editor's note: don't hold your breath.)

China: policymakers in China have been left searching for answers to the trade war with the US because the domestic think tanks called on for guidance have provided “filtered information” to avoid offending supervisors--scmp.com.

Brexit: Lloyd's (lloyds.com) Chairman: "Our customers will be unaffected by Brexit."--CNBC.com video.

4) ICYMI Tech News:
graphic: "ICYMI Tech News" ©2017 DomainMondo.com
source: statista.com
  • Why Netflix $NFLX Is Selling $2 Billion of Junk Bonds--Bloomberg.com (video). Netflix will spend $18.6 billion on content, and forecasts $3 billion negative cash flow for 2018 and 2019, betting aggressive spending leads to more subscribers--NYTimes.com.
  • Lobbying: Amazon spent $3.63M on lobbying in Q3, up from $3.47M in Q2, as it seeks JEDI, a big Pentagon contract; Google spent $5.46M, up 30%+ YoY, while Facebook spent $2.82M--Bloomberg.com.
  • Verizon $VZ and Altaba $AABA have agreed to pay $50M in damages, up to $37.5M in legal fees, and provide credit monitoring for Yahoo users affected by Yahoo's 2013 security breach.
  • Facebook $FB is reportedly trying to buy a major cybersecurity firm. Meanwhile Oculus founder Brendan Iribe is leaving Facebook--Bloomberg.com (video).
  • Cloudflare Inc, is preparing an initial public offering (IPO) that could value the startup at more than $3.5 billion.
  • Google $GOOG $GOOGL will open source its firmware for Titan M, a Pixel 3 secure chip handling Verified Boot which also has its own isolated storage and RAM--wired.com.
  • Wealthfront, a digital wealth management startup will offer its automated financial planning tool (robo-advisor) for free by the end of the year.
  • Personal Tech Tip: "... if you always charge your phone at 25 percent, the battery will only work to its full potential for 500 charges ... opting to charging at 75 percent will give you up to 2,500 fully powered charges"--lifehack.org.

-- John Poole, Editor, Domain Mondo  

feedback & comments via twitter @DomainMondo




Q3 2018 Earnings LIVE Webcasts Thursday Oct 25:
Tesla $TSLA Q3 2018 Earnings LIVE Webcast Oct 24 REPLAY
Twitter $TWTR:
Tech Bounce Looks Short-Lived After Whiffs by Amazon, Alphabet--Bloomberg.com

feedback & comments via twitter @DomainMondo



Amazon $AMZN Q3 2018 Earnings LIVE Webcast Oct 25, 5:30pm EDT

source: statista.com
Amazon.com, Inc.
Amazon.com, Inc. Q3 2018 Earnings LIVE Webcast October 25, 2018, 5:30 p.m. EDT. The audio and associated slides will be available for at least three months thereafter at ir.aboutamazon.com.

Amazon -5% on Q3 revenue miss; AWS +46% Y/Y--SeekingAlpha.com.

See  also "Amazon's Focus On High Standards - Does It Matter For Investors?"--seekingalpha.com:

It's easy to take for granted how unconventional Jeff Bezos is, but his approach to Amazon's business is worth a closer look. We do a close read of the 2017 shareholder letter he published this April to see if we can better understand the company as a business and as an investment. This also is a prequel for our miniseries on Amazon to come this November. As might be expected, there's a lot to discuss.
Topics covered:
3:00 – Setting the scene – Amazon’s 4-part shareholder letter
5:00 – The intro and the key performance indicators – the unique focus of Amazon’s letter
10:00 – The letter as sign of Bezos’s triumph, and as the changing context of the Amazon story
14:00 – Customer divinity and Amazon’s high standards – investment edge?
20:30 – The meta narrative and the six steps ahead thesis
24:00 – Tackling the quality vs. value narrative again and trying to translate this into the investment case
32:15 – The perfect handstand bit and the value of handstand philosophy
40:30 – Picking apart the 6-page memo process
47:30 - Amazon’s recent milestones, and there are many of ‘em – the all-binding importance of revenue
57:45 – Riding the Treasure Truck
1:01:45 – Singing Internationale about Amazon’s human resources policies, and the Bezosian meta-narrative
1:07:45 – What does all this tell us about Amazon as an investment?
1:11:30 – 2017 vs. 1997 letter

feedback & comments via twitter @DomainMondo


Alphabet $GOOG $GOOGL Q3 2018 Earnings LIVE Webcast Oct 25

 Alphabet $GOOG $GOOGL Q3 2018 Earnings Call Oct 25
Alphabet Q3 2018 Earnings Call on YouTube.com, 4:30pm EDT, Thursday, Oct 25, 2018.

UPDATE: Earnings Press Release (pdf)
Alphabet beats by $2.65, misses on revenue--SeekingAlpha.com

Alphabet Inc. (NASDAQ: GOOG, GOOGL) will hold its quarterly conference call to discuss third quarter 2018 financial results on Thursday, October 25, at 4:30 p.m. ET.
The live webcast of the earnings conference call can also be accessed here. A replay of the webcast will be available following the conference call. Please visit the Investor Relations website at abc.xyz/investor on October 25, 2018 to view the earnings release prior to the conference call.

About Alphabet Inc.(source: Alphabet): "Larry Page and Sergey Brin founded Google in September 1998. Since then, the company has grown to more than 80,000 employees worldwide, with a wide range of popular products and platforms like Search, Maps, Ads, Gmail, Android, Chrome, and YouTube. In October 2015, Alphabet became the parent holding company of Google. You can read more about Alphabet’s mission here."

feedback & comments via twitter @DomainMondo


Domain Mondo archive