HomeDM3Z Blog

Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

[Author’s note: As I write this in October, the second massive denial of service attack in two weeks threatening to take down significant sections of the internet has just ended. Could full implementation of Operation Safety-Net have prevented this?

Over the past few years, the Pervasive Monitoring SIG within M3AAWG has worked to educate members and the community at large about better practices for message encryption and data privacy.  Messaging abuse, such as Man-in-the-Middle attacks, continues to threaten end-users and make confidential personal and business data more accessible to cybercriminals. After the revelations made by various whistleblowers around the world, we now know that we’re being watched at an ever-increasing rate, and even if we believe we’re innocent, our privacy could be violated without just cause. read more

Ongoing disclosures about the pervasive monitoring of email, voice and other network traffic remain an industry concern and major companies in the online ecosystem have been publicly identified as specific targets for non-consensual eavesdropping activity.  As a result, both the general public and various technical communities have a heightened interest in implementing measures that could protect operational security and customer privacy.

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) supports the use of effective, end-to-end encryption. Mechanisms that intentionally compromise encryption put that effectiveness at risk. Therefore M3AAWG endorses the recommendations in the recent paper "Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications" written by 15 noted security experts.

Had you been in the general vicinity of the Palace Hotel in San Francisco a couple of weeks ago– say, Thursday evening, maybe just before an early dinner time – you might have heard thunderous applause spilling from the open entrance into the evening air. You might have thought an A-list celebrity had just been introduced on stage to the gathered membership of M3AAWG, as our 33rd General Meeting drew to a close.

Nope. This was a slightly bigger deal.

Over the past year or so, messaging security and encryption has been increasingly in the spotlight.   We now send and receive more data over the Internet than ever before, yet until recently, email messages have been typically transmitted in clear text. This lack of encryption allows any interested party with just a little know-how and some basic equipment to potentially intercept the content therein: they can read personal information, bills, social media notices, birthday invitations, promotional material and even access pictures of loved ones or other sensitive attachments.  

M3AAWG has issued its first report examining the level of bot infections on consumer networks and the percentage of subscribers notified.  This is significant in that it is the first cooperative effort by network service providers to quantify the extent of malicious bots infecting their subscribers.  The M3AAWG Bot Metrics Report also provides data on the implementation of a portion of the Anti-Bot Code of Conduct for ISPs developed at the FCC’s Communications Security Reliability and Interoperability Council (CSRIC) under the leadership of M3AAWG Chairman Emeritus Michael O’Reirdan.

M3AAWG has a long history of featuring diverse keynotes as part of its members-only meetings, with speakers ranging from noted cybersecurity journalist Brian Krebs to General David B. Warner of the U.S. Air Force Space Command (AFSC) to Canadian Privacy Commissioner Jennifer Stoddart, among others.

Categories: 

Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them. The nomination process is simple, open to anyone, and free of charge. To be considered for the October 2014 J. D.

Categories: 

M3AAWG was formed almost ten years ago over concerns that email, one of the Internet’s two “killer apps” at the time, might collapse due to out-of-control volumes of spam. Fortunately today, even with vastly more spam bombarding the networks, our operator members report they’re now able to stop about 90 percent of abusive messages before they reach users’ inboxes, per our email metrics reporting program.

Categories: 

Pages

Subscribe to DM3Z Blog