<HTML>
<HEAD>
<TITLE>Re: [governance] Re: IG questions that are not ICANN [was: Irony]</TITLE>
</HEAD>
<BODY>
<FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Good morning, sunshine,<BR>
<BR>
On 12/10/07 3:14 AM, "Milton L Mueller" <mueller@syr.edu> wrote:<BR>
<BR>
<FONT COLOR="#008000">>> -----Original Message-----<BR>
>> From: William Drake [<a href="mailto:drake@hei.unige.ch]">mailto:drake@hei.unige.ch]</a><BR>
>> See above. Re: flawed yes, but fatally---this obviously depends on the<BR>
>> issue, the industry players involved, their degree of consensus and<BR>
>> support<BR>
>> for the approach taken and their ability to implement it, which with<BR>
>> respect<BR>
>> to security I wouldn't make a sweeping statement about before actually<BR>
>> investigating. When law enforcement, national security, and intelligence<BR>
>> agencies work with major telcos, manufacturers, applications providers etc<BR>
>> it seems odd to just assume this cannot matter at all. <BR>
</FONT><FONT COLOR="#0000FF">> <BR>
> That kind of work is going on in many places, and the ITU is not the most <BR>
> significant place for it. Indeed, the ITU is rather marginalized these days. <BR>
</FONT><BR>
This authoritative pronouncement is based on what, precisely? You've mapped the topology of all the work being done on all the security issues in all the relevant institutions, examined the ITU work program in relation to this, and determined that there is no interface and cross-pollination between these efforts, and that the routine practice of bringing work from, e.g. regional and tech-specific forums into ITU for multilateral adoption at the global level is of no significance to anything, and hence all the thousands of people involved from every government, major network operator, manufacturer, etc that are constantly over here just come to go shopping? Or are you really saying that you don't follow these things and therefore they don't matter?<BR>
<BR>
I have, as you know, written quite a bit over the years about the historical evolution and contemporary decline of the telecom regime, so I not only get the marginalization argument, but have made it. However, it's worth noting that this marginalization is relative; for example, while the telecom regulation treaty directly shapes a declining share of activity, carriers from the US alone (just one of 191 member states) still settle over $7 billion a year under its terms and are fairly concerned about current proposals for change. But that doesn't matter I guess, since it's not about domain names. The extent of marginalization is also highly variable: for spectrum management it's non-existent, for standards, including security-related aspects, it depends on a host of factors per previous. In some cases the main action is elsewhere, in some it's not.<BR>
<BR>
<FONT COLOR="#0000FF">> And if civil society critics succeeded, after the kind of HUGE effort that it <BR>
> would take, in getting an influential seat at some ITU table then the chances <BR>
> are great that certain parties would forum-shift to somewhere else. <BR>
</FONT><BR>
I have absolutely no illusions that CS would make a HUGE effort and wasn't proposing this. But since the Argentine-Swiss proposals to open the door to CS are the focus of active debate right now, it'd be nice if CS wasn't entirely silent, which just makes it easier for the more retrograde governments to say why bother, they don't care anyway. At a post-WSIS ITU meeting a couple years ago, I presented a quickly assembled statement that was signed by two dozen caucus people criticizing the CS lock out and saying this is one of the reasons CS doesn't want ITU near IG, and it did get their attention. But now that friendly governments are actually trying to do something about the matter, we're not there to offer any support. Wille and I made presentations on CS inclusion at a meeting this year that were perceived I think as sort of solo views, not supported by any broader constituency demand. It'd have been nice if we'd had a sign on or something, which is not all that hard to do, except when the gestalt is, who cares, it's not ICANN.<BR>
<BR>
<FONT COLOR="#0000FF">> No one said the issues of lawful intercept and cybersecurity "don't matter." <BR>
> Indeed, if you've been paying attention to IGP's work at all you should know <BR>
> that we've been focusing on that quite a bit, with some relatively good <BR>
> results in the DNSSEC sphere. <BR>
</FONT><BR>
Like all good citizens, I am a dutiful student and hang on IGP's every word. Brendan's DNSSEC stuff is interesting and important, but it's a piece of a much larger puzzle, which is what we're talking about.<BR>
<BR>
<FONT COLOR="#0000FF">> But this kind of politics is trench warfare and it makes little sense for CS <BR>
> groups to enter into a battle on the terms and conditions set by industry and <BR>
> govts, which is precisely what you are inviting us to do. <BR>
</FONT><BR>
Then why did we/you participate in WSIS? Why, for that matter, do you participate in ICANN if this is a disqualifier? That's the way the world is, so why not pack up our tents and go home?<BR>
<BR>
<FONT COLOR="#008000">>> processes are nonetheless consequential, no? Re: top down, ok if by this<BR>
>> you mean CS is excluded and a number of segments of relevant Internet<BR>
>> industries opt not to get involved. But for those industry groupings that<BR>
>> opt to be involved, it is as bottom up as any other standards process.<BR>
</FONT><FONT COLOR="#0000FF">> <BR>
> Sure. But think of resource allocation. Scarce time, labor money. I don't see <BR>
> the case for CS involvement in ITU processes, or for fighting a process battle <BR>
> in that forum. <BR>
> <BR>
> You give me a specific issue worth fighting for, and show me that ITU is the <BR>
> best place to fight it, then I'll be there. But if you want me to knock my <BR>
> head against the wall of a 150 year old bureaucracy trying to gain some <BR>
> generic recognition for something called "civil society" no thanks. <BR>
</FONT><BR>
Ok, restrict your head banging to a nine year old bureaucracy instead.<BR>
<BR>
FYI, today begins a four day meeting of WP 2 of SG 17 and there's a ton of people from irrelevant outfits like VeriSign over there. Here's the piffle WP 2 is currently working on:<BR>
<BR>
<BR>
</SPAN></FONT><UL><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Supplement 1 to X.800-X.849 series on security: Security baseline for network operators
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Security architecture aspects of end users and networks in telecommunications
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Framework for creation, storage, distribution and enforcement of policies for network security
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Network security assessment/guidelines based on ITU-T Recommendation X.805
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Framework for EAP-based authentication and key management
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Guidelines for implementing system and network security
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Overview of cybersecurity
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>A vendor-neutral framework for automatic notification of security related information and dissemination of updates
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Guidelines for telecommunication service providers for addressing the risk of spyware and potentially unwanted software
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Guideline on preventing worm spreading in a data communication network
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>User control enhanced digital identity interchange framework
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Identity management use cases and gap analysis
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Identity management framework for global interoperability
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Supplement to X-series Recommendations on identity management: Identity management lexicon
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Requirements for global interoperable identity management
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Network security management framework
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Privacy guideline for RFID
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Requirement of security information sharing framework
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Service oriented architecture framework
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Service oriented architecture security
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Information security management guidelines for telecommunications based on ISO/IEC 27002
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Risk management guidelines for telecommunications
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Security incident management guidelines for telecommunications
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Telebiometrics related to human physiology
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>BioAPI interworking protocol
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Telebiometrics authentication infrastructure
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Telebiometrics digital key framework
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>A guideline of technical and managerial countermeasures for biometric data security
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>A guideline for secure and efficient transmission of multibiometric data
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Telebiometrics system mechanism - General biometric authentication protocol and profile on telecommunication system
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Telebiometrics system mechanism - Protection profile for client terminals
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Device certificate profile for the home network
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Guideline on user authentication mechanism for home network services
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Differentiated security service for secure mobile end-to-end data communication
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Authentication architecture in mobile end-to-end data communication
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Correlative reacting system in mobile network
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Security architecture for message security in mobile web services
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Guideline on secure password-based authentication protocol with key exchange
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Authorization framework for home network
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Security requirements and framework in multicast communication
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Privacy protection framework for networked RFID services
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Security requirements for peer-to-peer communications
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Security architecture for peer-to-peer network
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Secure end-to-end data communication techniques using TTP services
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Requirement and Framework for USN
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Requirement on countering spam
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Technical framework for countering email spam
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Framework of countering IP multimedia spam
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Guideline on countering email spam
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Overview of countering spam for IP multimedia applications
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Technical means for countering spam
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>Interactive countering spam gateway system
</SPAN></FONT><LI><FONT FACE="Arial"><SPAN STYLE='font-size:18.0px'>SMS filtering system based on users’ rules</SPAN></FONT></UL>
</BODY>
</HTML>