Do We Really Want The UN In Charge Of Cybersecurity Standards?

from the answer:-no dept

We've been talking quite a bit about the upcoming efforts by the International Telecommunication Union (ITU) to expand its ability to govern the internet, and numerous proposals are being submitted by various telcos along those lines. The folks over at CDT are ably demonstrating why this is dangerous in a number of ways, starting with why the ITU is the exact wrong place to be dealing with cybersecurity issues, even though many of the proposals deal with cybersecurity. Take, for example, the proposal of African Member States, which suggests that the ITU can be a central force in "harmonizing" data retention laws and rules. As CDT notes, this seems to assume that the only issue with data retention laws are that they are different in different countries. But that ignores the fact that many people question whether or not such laws even make sense in the first place:
This reference to data retention well illustrates the problems with involving the ITU in issues related to cybercrime and cybersecurity. Not only do national laws on data retention vary greatly, but there is ongoing controversy about whether governments should impose data retention mandates at all. In addition, where data retention is required, there are many different views on the legal standards under which governments should be able to gain access to retained data – whether access should require a court order, for example. Such questions are crucial to adopting a data retention law, but are far outside the expertise of the ITU. Other concerns arise from the fact that data retained by a service provider may, absent specific legal and procedural safeguards, be subject to access by the government to investigate any crime, may be accessed by intelligence agencies, and may be shared with other governments to assist their investigations. In addition, the more data that companies are required to retain, and the longer the retention period, the greater the risk that personal information could be breached, leaked, or otherwise abused.
Elsewhere, the report highlights how many of the proposals on "cybersecurity" seem more likely to set up rules and laws that help repressive regimes crack down on critics and dissidents. And that, of course, highlights the real problem here. There is nothing in the ITU that involves actually determining what's best for the public and for individuals' rights. Instead, the proposals are from big (often state-supported) telcos and governments themselves. The CDT paper correctly argues that a group like the ITU simply isn't as quick or as flexible as any reasonable body dealing with the rapidly changing, always dynamic world of cybersecurity. But it goes even further than that. An effective look at cybersecurity requires recognizing that governments and telcos often have views that are not at all in the best interests of citizens -- and handing off all discussions on "cybersecurity" regulations to such a body seems ripe for abuse in ways that may help governments or telcos, but at the expense of the public and their ability to speak out.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, data retention, flexibility, itu, regulation, security, telcos, un, wcit


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    xenomancer (profile), 11 Sep 2012 @ 4:15am

    No

    No. No. No. No. No. ...
    {REDACTED}
    ... No. No. No. No. No.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Sep 2012 @ 5:12am

      Re: No

      I'm with this guy.

      The UN is a farce.

      link to this | view in chronology ]

    • icon
      The eejit (profile), 11 Sep 2012 @ 5:45am

      Re: No

      No, No, No, No
      No, no, no, no
      God NO
      GOD NO
      GOD NO!

      Yeah, it would take about 150 gajillion years before there'd be an actual plan so no. Around 3/4s of all security problems are down to human stupidity of one form or another.

      link to this | view in chronology ]

  • identicon
    jamescameron, 11 Sep 2012 @ 5:56am

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Sep 2012 @ 6:04am

    "Do We Really Want The UN In Charge Of Cybersecurity Standards?"

    Really what you want is nobody in charge, just total openness with no control, no intervention, and most of all, no liability or responsibility.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Sep 2012 @ 6:33am

      Re:

      Good point. The UN is perfect for doing nothing...

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Sep 2012 @ 6:37am

      Re:

      I can't tell, are you saying this as if this is some horrible suggestion, or as if it's the obvious truth? It's tough to tell.

      Total openness (as in no one blocking content because they don't like it or it hurts an outdated business model)? Yes, please.

      No control (as in no one randomly seizing/shutting down websites because they don't like them, regardless of proof of doing anything wrong)? Yes, please.

      No intervention (no one throttling a service because they want to promote another one instead)? Yes, please.

      No liability or responsibility (as in no copyright trolls and no blaming a service for its' users)? Yes, please.

      Unfortunately, in your twisted world view, you probably actually meant this as a negative.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 11 Sep 2012 @ 7:07am

        Re: Re:

        "Unfortunately, in your twisted world view, you probably actually meant this as a negative."

        yeah, just like I am twisted for wanting laws against murder, rape, and theft.

        What a twisted little fuck I am!

        link to this | view in chronology ]

  • icon
    Ninja (profile), 11 Sep 2012 @ 6:04am

    An effective look at cybersecurity requires recognizing that governments and telcos often have views that are not at all in the best interests of citizens -- and handing off all discussions on "cybersecurity" regulations to such a body seems ripe for abuse in ways that may help governments or telcos, but at the expense of the public and their ability to speak out.

    governments and telcos often have views that are not at all in the best interests of citizens

    I think this pretty much covers anything anywhere. Just replace "telcos" with "big companies". And maybe remove "often" and replace it with "almost always".

    link to this | view in chronology ]

  • icon
    droozilla (profile), 11 Sep 2012 @ 6:05am

    Let's get working on these mesh networks. Fuck all these idiots.

    link to this | view in chronology ]

  • icon
    gorehound (profile), 11 Sep 2012 @ 6:09am

    No Way ! We do not want to see them in charge.
    Should be total openness with no one in charge.It is Worldwide.

    link to this | view in chronology ]

  • icon
    rebrad (profile), 11 Sep 2012 @ 6:32am

    No UN

    I don't want the UN in charge of anything. They are the most corrupt organization on this planet.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Sep 2012 @ 6:57am

    tell me if that would be any worse than having the USA in charge. with what the government has done/is planning to do in the near future, the people are going to be well and truly fucked either way. it just needs a decision made as to who is going to be the most gentle and do the least amount of harm, although i doubt if there is even the minutest difference between them. personally, with the paranoia showing in US government over the smallest of issues, i reckon the EU would be a better option. even better would be to leave the whole issue alone!

    link to this | view in chronology ]

  • icon
    Skeptical Cynic (profile), 11 Sep 2012 @ 7:01am

    The UN may do nothing at first, but...

    when they do I will bet my right leg that it will not be good for us citizens of the world, and especially bad for the US.

    link to this | view in chronology ]

  • icon
    Sinan Unur (profile), 11 Sep 2012 @ 7:04am

    Sure, let's put Mugabe in charge of the internet

    Obviously, nothing could go wrong with that.

    http://en.wikipedia.org/wiki/Zimbabwean_dollar#Abandonment

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Sep 2012 @ 9:16am

    I for one do not wish to give any sovereignty over to any international body.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Sep 2012 @ 11:54pm

    What does "cybersecurity" mean?

    link to this | view in chronology ]

  • icon
    PCCare247 (profile), 12 Sep 2012 @ 2:53am

    Cyber Security norms

    With increasing incidences of Cyber crime, setting up certain norms would be a good move.

    link to this | view in chronology ]

  • icon
    Seegras (profile), 12 Sep 2012 @ 6:33am

    Telcos have no idea

    In general, telcos are completely incompetent when it comes to security. They've come late to realize that the whole world had already been doing internet over their lines. And they've never had any experience with a hostile world out there.

    Telcos never grokked Kerckoffs principle, and that to make something secure, security must only lie in the keys. They still believe in "proprietary" and in "trade secret" and "closed source".

    "Cyber Crime" for telcos consists mostly of "fraudulently using our services" (phreaking) and "not paying the bills".

    Of course they've learned quite a bit since, but compared to ISPs (or even universities) they're neophytes. And you don't want to put slouches in charge of security.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.