[governance] Re: IG questions that are not ICANN [was: Irony]

William Drake drake at hei.unige.ch
Mon Dec 3 15:57:53 EST 2007 

Hi,

On 12/2/07 6:07 PM, "Meryem Marzouki" <marzouki at ras.eu.org> wrote:

> That said, I've got the impression that the recent discussion on
> cybercrime on this list is rather mixing apples and oranges: one
> cannot address in the same way phishing (and all its versions
> depending on which technology is used), spam, different kinds of
> transnational organized crime commited using computers and networks
> (including money laundering), the issue of infrastructure security
> (involving in its turn different issues whether you consider, say, a
> nuclear plant or any other critical infrastructure on the one hand
> and the security of SMEs networks and computers on the other hand),
> etc. Moreover, this shouldn't be mixed up with issues mainly dealing
> with conflicts of rights, conflicts of jurisdictions and the absence
> of dual criminality (e.g. someone mentioned illegal gambling in a
> discussion on spam). Each category involve different problems, and
> different possible solutions, or at least different ways of
> addressing these problems.

I agree, we're dealing with a very distributed architecture with regard to
security issues, and I'm a bit concerned/bemused by some of the
intergovernmental efforts to treat all the diverse issues and institutions
in a overly aggregated manner.  As I noted in a talk at a Rio workshop, a
potentially problematic case in point is the ITU's Global Cybersecurity
Agenda, which seeks to do the following:

1. Elaboration of strategies for the development of a model cybercrime
legislation that is globally applicable and interoperable with existing
national and regional legislative measures.
2.  Elaboration of strategies for the creation of appropriate national and
regional organizational structures and policies on cybercrime.
3.  Development of a strategy for the establishment of globally accepted
minimum security criteria and accreditation schemes for software
applications and systems.
4. Development of strategies for the creation of a global framework for
watch, warning and incident response to ensure cross-border coordination
between new and existing initiatives.
5.  Development of strategies for the creation and endorsement of a generic
and universal digital identity system and the necessary organizational
structures to ensure the recognition of digital credentials for individuals
across geographical boundaries.
6.  Development of a global strategy to facilitate human and institutional
capacity-building to enhance knowledge and know-how across sectors and in
all the above-mentioned areas.
7.  Advice on potential framework for a global multi-stakeholder strategy
for international cooperation, dialogue and coordination in all the
above-mentioned areas.

This is pretty sweeping.  And to chart the course, the ITU is assembling a
High-Level Experts Group on Cybersecurity that is to comprise:

*Member States - government representatives of countries from the five world
regions
*Industry - manufacturers, operators, service providers, software
developers, security and other information technology firms
*Regional and International organizations
*Academic and research institutions
*Individual experts

You will note that there is no designated role for civil society
organizations.  

Before the ITU's 191 member governments go off and decide on model
cybercrime legislation that is globally applicable, globally accepted
minimum security criteria and accreditation schemes, a global framework for
watch warning and incident response, and a framework for a global
multi-stakeholder [sic] strategy for international cooperation, it might be
good if CS people and fellow travelers were to do some work on these issues
and maybe even ask for a seat at the table.  Might this be a role for the
IGC?  Could there be a tie-in to the OECD ministerial as well?

Best,

Bill


____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list