Meanwhile the US and UK have their own plans for monitoring everything that moves over the net, whether on grounds of national security security, to "improve" service or to sell advertising. Talks or pots and kettles.
Where do the plans for an EU Cyber Security Directive fit? Will they do more good than harm, with (for example) calls for ever more comprehensive breach notification at a time where security experts tell us to assume that everything is already compromised? The headline objectives in the strategy are admirable but the impact assessment (see here for detail) makes no mention of the risk that Internet hubs will be moved off-shore to escape the tick box compliance routines, overheads and added insecurity that EU and national regulators are likely to mandate, unless users as well as suppliers come to together in an unprecedented pan-EU coalition to impose common sense when it comes to implementation.
I have blogged before of my fears that at the WCIT event in Dubai we won the battle but lost the war. It looks as though we may actually be about to turn victory into defeat even faster than I feared.
A more interesting question is whether we deserve to win - given that "we" is an odd alliance, including US IPR lawyers, Californian libertarians, Western liberals, Post Cold War defence interests and those whose business models are based on selling advertising to those using an outdated IPV4, English language world of computers talking to computers over landlines.