Do We Really Want The UN In Charge Of Cybersecurity Standards?
from the answer:-no dept
We've been talking quite a bit about the upcoming efforts by the International Telecommunication Union (ITU) to expand its ability to govern the internet, and numerous proposals are being submitted by various telcos along those lines. The folks over at CDT are ably demonstrating why this is dangerous in a number of ways, starting with why the ITU is the exact wrong place to be dealing with cybersecurity issues, even though many of the proposals deal with cybersecurity. Take, for example, the proposal of African Member States, which suggests that the ITU can be a central force in "harmonizing" data retention laws and rules. As CDT notes, this seems to assume that the only issue with data retention laws are that they are different in different countries. But that ignores the fact that many people question whether or not such laws even make sense in the first place:This reference to data retention well illustrates the problems with involving the ITU in issues related to cybercrime and cybersecurity. Not only do national laws on data retention vary greatly, but there is ongoing controversy about whether governments should impose data retention mandates at all. In addition, where data retention is required, there are many different views on the legal standards under which governments should be able to gain access to retained data – whether access should require a court order, for example. Such questions are crucial to adopting a data retention law, but are far outside the expertise of the ITU. Other concerns arise from the fact that data retained by a service provider may, absent specific legal and procedural safeguards, be subject to access by the government to investigate any crime, may be accessed by intelligence agencies, and may be shared with other governments to assist their investigations. In addition, the more data that companies are required to retain, and the longer the retention period, the greater the risk that personal information could be breached, leaked, or otherwise abused.Elsewhere, the report highlights how many of the proposals on "cybersecurity" seem more likely to set up rules and laws that help repressive regimes crack down on critics and dissidents. And that, of course, highlights the real problem here. There is nothing in the ITU that involves actually determining what's best for the public and for individuals' rights. Instead, the proposals are from big (often state-supported) telcos and governments themselves. The CDT paper correctly argues that a group like the ITU simply isn't as quick or as flexible as any reasonable body dealing with the rapidly changing, always dynamic world of cybersecurity. But it goes even further than that. An effective look at cybersecurity requires recognizing that governments and telcos often have views that are not at all in the best interests of citizens -- and handing off all discussions on "cybersecurity" regulations to such a body seems ripe for abuse in ways that may help governments or telcos, but at the expense of the public and their ability to speak out.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, data retention, flexibility, itu, regulation, security, telcos, un, wcit
Reader Comments
Subscribe: RSS
View by: Time | Thread
No
{REDACTED}
... No. No. No. No. No.
[ link to this | view in chronology ]
Re: No
The UN is a farce.
[ link to this | view in chronology ]
Re: No
No, no, no, no
God NO
GOD NO
GOD NO!
Yeah, it would take about 150 gajillion years before there'd be an actual plan so no. Around 3/4s of all security problems are down to human stupidity of one form or another.
[ link to this | view in chronology ]
http://www.dakdurieux.be/platte.php
[ link to this | view in chronology ]
Really what you want is nobody in charge, just total openness with no control, no intervention, and most of all, no liability or responsibility.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Total openness (as in no one blocking content because they don't like it or it hurts an outdated business model)? Yes, please.
No control (as in no one randomly seizing/shutting down websites because they don't like them, regardless of proof of doing anything wrong)? Yes, please.
No intervention (no one throttling a service because they want to promote another one instead)? Yes, please.
No liability or responsibility (as in no copyright trolls and no blaming a service for its' users)? Yes, please.
Unfortunately, in your twisted world view, you probably actually meant this as a negative.
[ link to this | view in chronology ]
Re: Re:
yeah, just like I am twisted for wanting laws against murder, rape, and theft.
What a twisted little fuck I am!
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
governments and telcos often have views that are not at all in the best interests of citizens
I think this pretty much covers anything anywhere. Just replace "telcos" with "big companies". And maybe remove "often" and replace it with "almost always".
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Should be total openness with no one in charge.It is Worldwide.
[ link to this | view in chronology ]
No UN
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The UN may do nothing at first, but...
[ link to this | view in chronology ]
Sure, let's put Mugabe in charge of the internet
http://en.wikipedia.org/wiki/Zimbabwean_dollar#Abandonment
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Cyber Security norms
[ link to this | view in chronology ]
Telcos have no idea
Telcos never grokked Kerckoffs principle, and that to make something secure, security must only lie in the keys. They still believe in "proprietary" and in "trade secret" and "closed source".
"Cyber Crime" for telcos consists mostly of "fraudulently using our services" (phreaking) and "not paying the bills".
Of course they've learned quite a bit since, but compared to ISPs (or even universities) they're neophytes. And you don't want to put slouches in charge of security.
[ link to this | view in chronology ]