Why You Should Be Worried About The ITU's Bizarre Claim To Have A Mandate Over Internet Security

from the looking-to-remain-relevant dept

We just recently wrote about how the UN's ITU (International Telecommunications Union) has been seeking to massively expand its mandate to take over international governance issues related to the internet, based on no real mandate other than one of its own making. Because of this, there are reasonable fears that it will end up creating dangerous rules that favor the incumbent telcos (often closely associated with certain governments) over what's actually best for the internet. Part of that analysis suggested that this was about the ITU trying to remain relevant in any way it could. After all, the core reason for the ITU existing for more than a century and a half was to deal with how different telcos would do the kinds of things that people no longer rely on telcos for. Because of that, they've basically been pretending that they should be involved in all sorts of unrelated things.

For example, plenty of the recent discussions coming out of the ITU have been focused on internet security issues. And you could argue that there are some significant security concerns that need attention. But is the ITU the proper body for this? Almost certainly not. Anthony Rutkowski has written up a history of the ITU's relationship to security noting that, at best, the ITU has tended to completely ignore security issues, and at worst, "treated security as a kind of vague requirement." The conclusion is pretty clear. The ITU isn't the proper body to be dealing with security at all. It has neither the mandate nor the necessary expertise.
So why is this ITU security history relevant today? Because its Secretary-General's new draft of an unneeded and worthless treaty instrument called the International Telecommunication Regulations mentions the word "security" no less than 36 times. Although the term "security" is never defined, the draft leaves the impression that the ITU is competent to deal with the subject of network security.

The reality today is that almost all work relating to network security occurs in myriad other public-private global bodies where it is pursued on a significant scale among expert communities. It is that array of work in other venues that is used worldwide. What purports to occur in the ITU is basically irrelevant and involves a relative handful of people who appear at meetings or workshops in ITU-T, ITU-D, or the General Secretariat for the purposes of maintaining largely website-based fictions to appear responsive to some political mandate of its conferences or leadership. Although a few knowledgeable and dedicated individuals participate in its work, the ITU as an institution has not possessed in modern history, and today does not possess the competence to deal with the subject matter of network security; and treaty mandates will not alter that reality.

Any treaty-based reliance on the ITU's network security competency would be perilous for the global infrastructure and irresponsible for nation States to recognize. I should know — I was the designated leader of the ITU-T cybersecurity work for the past four years who had to deal with these realities.
In other words, yet another overreach by the ITU to take on something it is not qualified to handle, and which will almost certainly result in a bad situation, driven by political interests, rather than actual security issues.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: internet security, itu, un


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 8 Oct 2012 @ 8:30am

    the way things are going, the internet is going to be used only by governments and certain businesses/industries. the general public is being restricted more and more by lies, bullshit and fear mongering put out by those mentioned above. this is the only way it is going to be able to be regulated and all those various bodies jockeying for position will end up with their own particular parts to keep working. because atm governments cant get the amount of tax they want, cant monitor all the users and uses there are and companies haven't got the control they want, the public will be forced out. think about it. the general populace having more use of something than anyone else, especially those in official positions? it's gotta be stopped and quickly!

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.