Do We Really Want The UN In Charge Of Cybersecurity Standards?
from the answer:-no dept
We’ve been talking quite a bit about the upcoming efforts by the International Telecommunication Union (ITU) to expand its ability to govern the internet, and numerous proposals are being submitted by various telcos along those lines. The folks over at CDT are ably demonstrating why this is dangerous in a number of ways, starting with why the ITU is the exact wrong place to be dealing with cybersecurity issues, even though many of the proposals deal with cybersecurity. Take, for example, the proposal of African Member States, which suggests that the ITU can be a central force in “harmonizing” data retention laws and rules. As CDT notes, this seems to assume that the only issue with data retention laws are that they are different in different countries. But that ignores the fact that many people question whether or not such laws even make sense in the first place:
This reference to data retention well illustrates the problems with involving the ITU in issues related to cybercrime and cybersecurity. Not only do national laws on data retention vary greatly, but there is ongoing controversy about whether governments should impose data retention mandates at all. In addition, where data retention is required, there are many different views on the legal standards under which governments should be able to gain access to retained data – whether access should require a court order, for example. Such questions are crucial to adopting a data retention law, but are far outside the expertise of the ITU. Other concerns arise from the fact that data retained by a service provider may, absent specific legal and procedural safeguards, be subject to access by the government to investigate any crime, may be accessed by intelligence agencies, and may be shared with other governments to assist their investigations. In addition, the more data that companies are required to retain, and the longer the retention period, the greater the risk that personal information could be breached, leaked, or otherwise abused.
Elsewhere, the report highlights how many of the proposals on “cybersecurity” seem more likely to set up rules and laws that help repressive regimes crack down on critics and dissidents. And that, of course, highlights the real problem here. There is nothing in the ITU that involves actually determining what’s best for the public and for individuals’ rights. Instead, the proposals are from big (often state-supported) telcos and governments themselves. The CDT paper correctly argues that a group like the ITU simply isn’t as quick or as flexible as any reasonable body dealing with the rapidly changing, always dynamic world of cybersecurity. But it goes even further than that. An effective look at cybersecurity requires recognizing that governments and telcos often have views that are not at all in the best interests of citizens — and handing off all discussions on “cybersecurity” regulations to such a body seems ripe for abuse in ways that may help governments or telcos, but at the expense of the public and their ability to speak out.
Filed Under: cybersecurity, data retention, flexibility, itu, regulation, security, telcos, un, wcit
Comments on “Do We Really Want The UN In Charge Of Cybersecurity Standards?”
No. No. No. No. No. …
… No. No. No. No. No.
I’m with this guy.
The UN is a farce.
No, No, No, No
No, no, no, no
Yeah, it would take about 150 gajillion years before there’d be an actual plan so no. Around 3/4s of all security problems are down to human stupidity of one form or another.
No. No. No. No. No. .
“Do We Really Want The UN In Charge Of Cybersecurity Standards?”
Really what you want is nobody in charge, just total openness with no control, no intervention, and most of all, no liability or responsibility.
Good point. The UN is perfect for doing nothing…
I can’t tell, are you saying this as if this is some horrible suggestion, or as if it’s the obvious truth? It’s tough to tell.
Total openness (as in no one blocking content because they don’t like it or it hurts an outdated business model)? Yes, please.
No control (as in no one randomly seizing/shutting down websites because they don’t like them, regardless of proof of doing anything wrong)? Yes, please.
No intervention (no one throttling a service because they want to promote another one instead)? Yes, please.
No liability or responsibility (as in no copyright trolls and no blaming a service for its’ users)? Yes, please.
Unfortunately, in your twisted world view, you probably actually meant this as a negative.
Re: Re: Re:
“Unfortunately, in your twisted world view, you probably actually meant this as a negative.”
yeah, just like I am twisted for wanting laws against murder, rape, and theft.
What a twisted little fuck I am!
Re: Re: Re: Re:
Why would you want laws against murder and theft? That would be silly!
An effective look at cybersecurity requires recognizing that governments and telcos often have views that are not at all in the best interests of citizens — and handing off all discussions on “cybersecurity” regulations to such a body seems ripe for abuse in ways that may help governments or telcos, but at the expense of the public and their ability to speak out.
governments and telcos often have views that are not at all in the best interests of citizens
I think this pretty much covers anything anywhere. Just replace “telcos” with “big companies”. And maybe remove “often” and replace it with “almost always”.
Let’s get working on these mesh networks. Fuck all these idiots.
No Way ! We do not want to see them in charge.
Should be total openness with no one in charge.It is Worldwide.
I don’t want the UN in charge of anything. They are the most corrupt organization on this planet.
tell me if that would be any worse than having the USA in charge. with what the government has done/is planning to do in the near future, the people are going to be well and truly fucked either way. it just needs a decision made as to who is going to be the most gentle and do the least amount of harm, although i doubt if there is even the minutest difference between them. personally, with the paranoia showing in US government over the smallest of issues, i reckon the EU would be a better option. even better would be to leave the whole issue alone!
The UN may do nothing at first, but...
when they do I will bet my right leg that it will not be good for us citizens of the world, and especially bad for the US.
Sure, let's put Mugabe in charge of the internet
Obviously, nothing could go wrong with that.
I for one do not wish to give any sovereignty over to any international body.
What does “cybersecurity” mean?
Cyber Security norms
With increasing incidences of Cyber crime, setting up certain norms would be a good move.
Telcos have no idea
In general, telcos are completely incompetent when it comes to security. They’ve come late to realize that the whole world had already been doing internet over their lines. And they’ve never had any experience with a hostile world out there.
Telcos never grokked Kerckoffs principle, and that to make something secure, security must only lie in the keys. They still believe in “proprietary” and in “trade secret” and “closed source”.
“Cyber Crime” for telcos consists mostly of “fraudulently using our services” (phreaking) and “not paying the bills”.
Of course they’ve learned quite a bit since, but compared to ISPs (or even universities) they’re neophytes. And you don’t want to put slouches in charge of security.