Do We Really Want The UN In Charge Of Cybersecurity Standards?

from the answer:-no dept

We've been talking quite a bit about the upcoming efforts by the International Telecommunication Union (ITU) to expand its ability to govern the internet, and numerous proposals are being submitted by various telcos along those lines. The folks over at CDT are ably demonstrating why this is dangerous in a number of ways, starting with why the ITU is the exact wrong place to be dealing with cybersecurity issues, even though many of the proposals deal with cybersecurity. Take, for example, the proposal of African Member States, which suggests that the ITU can be a central force in "harmonizing" data retention laws and rules. As CDT notes, this seems to assume that the only issue with data retention laws are that they are different in different countries. But that ignores the fact that many people question whether or not such laws even make sense in the first place:
This reference to data retention well illustrates the problems with involving the ITU in issues related to cybercrime and cybersecurity. Not only do national laws on data retention vary greatly, but there is ongoing controversy about whether governments should impose data retention mandates at all. In addition, where data retention is required, there are many different views on the legal standards under which governments should be able to gain access to retained data – whether access should require a court order, for example. Such questions are crucial to adopting a data retention law, but are far outside the expertise of the ITU. Other concerns arise from the fact that data retained by a service provider may, absent specific legal and procedural safeguards, be subject to access by the government to investigate any crime, may be accessed by intelligence agencies, and may be shared with other governments to assist their investigations. In addition, the more data that companies are required to retain, and the longer the retention period, the greater the risk that personal information could be breached, leaked, or otherwise abused.
Elsewhere, the report highlights how many of the proposals on "cybersecurity" seem more likely to set up rules and laws that help repressive regimes crack down on critics and dissidents. And that, of course, highlights the real problem here. There is nothing in the ITU that involves actually determining what's best for the public and for individuals' rights. Instead, the proposals are from big (often state-supported) telcos and governments themselves. The CDT paper correctly argues that a group like the ITU simply isn't as quick or as flexible as any reasonable body dealing with the rapidly changing, always dynamic world of cybersecurity. But it goes even further than that. An effective look at cybersecurity requires recognizing that governments and telcos often have views that are not at all in the best interests of citizens -- and handing off all discussions on "cybersecurity" regulations to such a body seems ripe for abuse in ways that may help governments or telcos, but at the expense of the public and their ability to speak out.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    xenomancer (profile), Sep 11th, 2012 @ 4:15am

    No

    No. No. No. No. No. ...
    {REDACTED}
    ... No. No. No. No. No.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Sep 11th, 2012 @ 5:12am

    Re: No

    I'm with this guy.

    The UN is a farce.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    The eejit (profile), Sep 11th, 2012 @ 5:45am

    Re: No

    No, No, No, No
    No, no, no, no
    God NO
    GOD NO
    GOD NO!

    Yeah, it would take about 150 gajillion years before there'd be an actual plan so no. Around 3/4s of all security problems are down to human stupidity of one form or another.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    jamescameron, Sep 11th, 2012 @ 5:56am

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Sep 11th, 2012 @ 6:04am

    "Do We Really Want The UN In Charge Of Cybersecurity Standards?"

    Really what you want is nobody in charge, just total openness with no control, no intervention, and most of all, no liability or responsibility.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Ninja (profile), Sep 11th, 2012 @ 6:04am

    An effective look at cybersecurity requires recognizing that governments and telcos often have views that are not at all in the best interests of citizens -- and handing off all discussions on "cybersecurity" regulations to such a body seems ripe for abuse in ways that may help governments or telcos, but at the expense of the public and their ability to speak out.

    governments and telcos often have views that are not at all in the best interests of citizens

    I think this pretty much covers anything anywhere. Just replace "telcos" with "big companies". And maybe remove "often" and replace it with "almost always".

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    droozilla (profile), Sep 11th, 2012 @ 6:05am

    Let's get working on these mesh networks. Fuck all these idiots.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    gorehound (profile), Sep 11th, 2012 @ 6:09am

    No Way ! We do not want to see them in charge.
    Should be total openness with no one in charge.It is Worldwide.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    rebrad (profile), Sep 11th, 2012 @ 6:32am

    No UN

    I don't want the UN in charge of anything. They are the most corrupt organization on this planet.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Sep 11th, 2012 @ 6:33am

    Re:

    Good point. The UN is perfect for doing nothing...

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Sep 11th, 2012 @ 6:37am

    Re:

    I can't tell, are you saying this as if this is some horrible suggestion, or as if it's the obvious truth? It's tough to tell.

    Total openness (as in no one blocking content because they don't like it or it hurts an outdated business model)? Yes, please.

    No control (as in no one randomly seizing/shutting down websites because they don't like them, regardless of proof of doing anything wrong)? Yes, please.

    No intervention (no one throttling a service because they want to promote another one instead)? Yes, please.

    No liability or responsibility (as in no copyright trolls and no blaming a service for its' users)? Yes, please.

    Unfortunately, in your twisted world view, you probably actually meant this as a negative.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Sep 11th, 2012 @ 6:57am

    tell me if that would be any worse than having the USA in charge. with what the government has done/is planning to do in the near future, the people are going to be well and truly fucked either way. it just needs a decision made as to who is going to be the most gentle and do the least amount of harm, although i doubt if there is even the minutest difference between them. personally, with the paranoia showing in US government over the smallest of issues, i reckon the EU would be a better option. even better would be to leave the whole issue alone!

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Skeptical Cynic (profile), Sep 11th, 2012 @ 7:01am

    The UN may do nothing at first, but...

    when they do I will bet my right leg that it will not be good for us citizens of the world, and especially bad for the US.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Sinan Unur (profile), Sep 11th, 2012 @ 7:04am

    Sure, let's put Mugabe in charge of the internet

    Obviously, nothing could go wrong with that.

    http://en.wikipedia.org/wiki/Zimbabwean_dollar#Abandonment

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Sep 11th, 2012 @ 7:07am

    Re: Re:

    "Unfortunately, in your twisted world view, you probably actually meant this as a negative."

    yeah, just like I am twisted for wanting laws against murder, rape, and theft.

    What a twisted little fuck I am!

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Sep 11th, 2012 @ 9:16am

    I for one do not wish to give any sovereignty over to any international body.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    The eejit (profile), Sep 11th, 2012 @ 9:50am

    Re: Re: Re:

    Why would you want laws against murder and theft? That would be silly!

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Sep 11th, 2012 @ 11:54pm

    What does "cybersecurity" mean?

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    PCCare247 (profile), Sep 12th, 2012 @ 2:53am

    Cyber Security norms

    With increasing incidences of Cyber crime, setting up certain norms would be a good move.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Seegras (profile), Sep 12th, 2012 @ 6:33am

    Telcos have no idea

    In general, telcos are completely incompetent when it comes to security. They've come late to realize that the whole world had already been doing internet over their lines. And they've never had any experience with a hostile world out there.

    Telcos never grokked Kerckoffs principle, and that to make something secure, security must only lie in the keys. They still believe in "proprietary" and in "trade secret" and "closed source".

    "Cyber Crime" for telcos consists mostly of "fraudulently using our services" (phreaking) and "not paying the bills".

    Of course they've learned quite a bit since, but compared to ISPs (or even universities) they're neophytes. And you don't want to put slouches in charge of security.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This