[governance] Re: IG questions that are not ICANN [was: Irony]

William Drake drake at hei.unige.ch
Mon Dec 10 03:54:09 EST 2007


Good morning, sunshine,

On 12/10/07 3:14 AM, "Milton L Mueller" <mueller at syr.edu> wrote:

>> -----Original Message-----
>> From: William Drake [mailto:drake at hei.unige.ch]
>> See above.  Re: flawed yes, but fatally---this obviously depends on the
>> issue, the industry players involved, their degree of consensus and
>> support
>> for the approach taken and their ability to implement it, which with
>> respect
>> to security I wouldn't make a sweeping statement about before actually
>> investigating.  When law enforcement, national security, and intelligence
>> agencies work with major telcos, manufacturers, applications providers etc
>> it seems odd to just assume this cannot matter at all.
> 
> That kind of work is going on in many places, and the ITU is not the most
> significant place for it. Indeed, the ITU is rather marginalized these days.

This authoritative pronouncement is based on what, precisely?  You've mapped
the topology of all the work being done on all the security issues in all
the relevant institutions, examined the ITU work program in relation to
this, and determined that there is no interface and cross-pollination
between these efforts, and that the routine practice of bringing work from,
e.g. regional and tech-specific forums into ITU for multilateral adoption at
the global level is of no significance to anything, and hence all the
thousands of people involved from every government, major network operator,
manufacturer, etc that are constantly over here just come to go shopping?
Or are you really saying that you don't follow these things and therefore
they don't matter?

I have, as you know, written quite a bit over the years about the historical
evolution and contemporary decline of the telecom regime, so I not only get
the marginalization argument, but have made it.  However, it's worth noting
that this marginalization is relative; for example, while the telecom
regulation treaty directly shapes a declining share of activity, carriers
from the US alone (just one of 191 member states) still settle over $7
billion a year under its terms and are fairly concerned about current
proposals for change.  But that doesn't matter I guess, since it's not about
domain names.  The extent of marginalization is also highly variable: for
spectrum management it's non-existent, for standards, including
security-related aspects, it depends on a host of factors per previous. In
some cases the main action is elsewhere, in some it's not.

> And if civil society critics succeeded, after the kind of HUGE effort that it
> would take, in getting an influential seat at some ITU table then the chances
> are great that certain parties would forum-shift to somewhere else.

I have absolutely no illusions that CS would make a HUGE effort and wasn't
proposing this.  But since the Argentine-Swiss proposals to open the door to
CS are the focus of active debate right now, it'd be nice if CS wasn't
entirely silent, which just makes it easier for the more retrograde
governments to say why bother, they don't care anyway.  At a post-WSIS ITU
meeting a couple years ago, I presented a quickly assembled statement that
was signed by two dozen caucus people criticizing the CS lock out and saying
this is one of the reasons CS doesn't want ITU near IG, and it did get their
attention.  But now that friendly governments are actually trying to do
something about the matter, we're not there to offer any support.  Wille and
I made presentations on CS inclusion at a meeting this year that were
perceived I think as sort of solo views, not supported by any broader
constituency demand.  It'd have been nice if we'd had a sign on or
something, which is not all that hard to do, except when the gestalt is, who
cares, it's not ICANN.
 
> No one said the issues of lawful intercept and cybersecurity "don't matter."
> Indeed, if you've been paying attention to IGP's work at all you should know
> that we've been focusing on that quite a bit, with some relatively good
> results in the DNSSEC sphere.

Like all good citizens, I am a dutiful student and hang on IGP's every word.
Brendan's DNSSEC stuff is interesting and important, but it's a piece of a
much larger puzzle, which is what we're talking about.

> But this kind of politics is trench warfare and it makes little sense for CS
> groups to enter into a battle on the terms and conditions set by industry and
> govts, which is precisely what you are inviting us to do.

Then why did we/you participate in WSIS?  Why, for that matter, do you
participate in ICANN if this is a disqualifier?  That's the way the world
is, so why not pack up our tents and go home?
 
>> processes are nonetheless consequential, no?  Re: top down, ok if by this
>> you mean CS is excluded and a number of segments of relevant Internet
>> industries opt not to get involved.  But for those industry groupings that
>> opt to be involved, it is as bottom up as any other standards process.
> 
> Sure. But think of resource allocation. Scarce time, labor money. I don't see
> the case for CS involvement in ITU processes, or for fighting a process battle
> in that forum. 
> 
> You give me a specific issue worth fighting for, and show me that ITU is the
> best place to fight it, then I'll be there. But if you want me to knock my
> head against the wall of a 150 year old bureaucracy trying to gain some
> generic recognition for something called "civil society" no thanks.

Ok, restrict your head banging to a nine year old bureaucracy instead.

FYI, today begins a four day meeting of WP 2 of SG 17 and there's a ton of
people from irrelevant outfits like VeriSign over there.  Here's the piffle
WP 2 is currently working on:


* Supplement 1 to X.800-X.849 series on security: Security baseline for
network operators 
* Security architecture aspects of end users and networks in
telecommunications 
* Framework for creation, storage, distribution and enforcement of policies
for network security
* Network security assessment/guidelines based on ITU-T Recommendation X.805
* Framework for EAP-based authentication and key management
* Guidelines for implementing system and network security
* Overview of cybersecurity
* A vendor-neutral framework for automatic notification of security related
information and dissemination of updates
* Guidelines for telecommunication service providers for addressing the risk
of spyware and potentially unwanted software
* Guideline on preventing worm spreading in a data communication network
* User control enhanced digital identity interchange framework
* Identity management use cases and gap analysis
* Identity management framework for global interoperability
* Supplement to X-series Recommendations on identity management:  Identity
management lexicon 
* Requirements for global interoperable identity management
* Network security management framework
* Privacy guideline for RFID
* Requirement of security information sharing framework
* Service oriented architecture framework
* Service oriented architecture security
* Information security management guidelines for telecommunications based on
ISO/IEC 27002 
* Risk management guidelines for telecommunications
* Security incident management guidelines for telecommunications
* Telebiometrics related to human physiology
* BioAPI interworking protocol
* Telebiometrics authentication infrastructure
* Telebiometrics digital key framework
* A guideline of technical and managerial countermeasures for biometric data
security 
* A guideline for secure and efficient transmission of multibiometric data
* Telebiometrics system mechanism - General biometric authentication
protocol and profile on telecommunication system
* Telebiometrics system mechanism - Protection profile for client terminals
* Device certificate profile for the home network
* Guideline on user authentication mechanism for home network services
* Differentiated security service for secure mobile end-to-end data
communication 
* Authentication architecture in mobile end-to-end data communication
* Correlative reacting system in mobile network
* Security architecture for message security in mobile web services
* Guideline on secure password-based authentication protocol with key
exchange 
* Authorization framework for home network
* Security requirements and framework in multicast communication
* Privacy protection framework for networked RFID services
* Security requirements for peer-to-peer communications
* Security architecture for peer-to-peer network
* Secure end-to-end data communication techniques using TTP services
* Requirement and Framework for USN
* Requirement on countering spam
* Technical framework for countering email spam
* Framework of countering IP multimedia spam
* Guideline on countering email spam
* Overview of countering spam for IP multimedia applications
* Technical means for countering spam
* Interactive countering spam gateway system
* SMS filtering system based on usersĀ¹ rules

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20071210/869e5506/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: message-footer.txt
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20071210/869e5506/attachment.txt>


More information about the Governance mailing list