[governance] Re: IG questions that are not ICANN [was: Irony]

Carlos Afonso ca at rits.org.br
Mon Dec 10 18:14:16 EST 2007 

You can sure include the caucus in the list, Ian. Nobody is perfect... :)

--c.a.

Ian Peter wrote:
> What Bill said – if we are going to do anything in the field of Internet
> governance, we have to deal with less than perfect organizations such as UN,
> governments, corporations, ITU, ICANN, IGP, and, dare I say it, the civil
> society caucus.
> 
>  
> 
> If we can find a way to participate, we should. We should at least follow
> Bill’s suggestion that we ask for CS participation on the Committee of
> Experts. We could submit a raft of names for consideration asking that at
> least one be appointed (all submitted candidates should be people who we
> know would report back and liaise with CS)
> 
>  
> 
> Ian Peter
> 
> Ian Peter and Associates Pty Ltd
> 
> PO Box 10670 Adelaide St  Brisbane 4000
> 
> Australia
> 
> Tel (+614) 1966 7772 or (+612) 6687 0773
> 
> www.ianpeter.com
> 
> www.internetmark2.org
> 
> www.nethistory.info
> 
>  
> 
>    _____  
> 
> From: William Drake [mailto:drake at hei.unige.ch] 
> Sent: 10 December 2007 19:54
> To: Governance
> Subject: Re: [governance] Re: IG questions that are not ICANN [was: Irony]
> 
>  
> 
> Good morning, sunshine,
> 
> On 12/10/07 3:14 AM, "Milton L Mueller" <mueller at syr.edu> wrote:
> 
>>> -----Original Message-----
>>> From: William Drake [HYPERLINK
> "mailto:drake at hei.unige.ch%5d"mailto:drake at hei.unige.ch]
>>> See above.  Re: flawed yes, but fatally---this obviously depends on the
>>> issue, the industry players involved, their degree of consensus and
>>> support
>>> for the approach taken and their ability to implement it, which with
>>> respect
>>> to security I wouldn't make a sweeping statement about before actually
>>> investigating.  When law enforcement, national security, and intelligence
>>> agencies work with major telcos, manufacturers, applications providers
> etc
>>> it seems odd to just assume this cannot matter at all. 
>> That kind of work is going on in many places, and the ITU is not the most 
>> significant place for it. Indeed, the ITU is rather marginalized these
> days. 
> 
> This authoritative pronouncement is based on what, precisely?  You've mapped
> the topology of all the work being done on all the security issues in all
> the relevant institutions, examined the ITU work program in relation to
> this, and determined that there is no interface and cross-pollination
> between these efforts, and that the routine practice of bringing work from,
> e.g. regional and tech-specific forums into ITU for multilateral adoption at
> the global level is of no significance to anything, and hence all the
> thousands of people involved from every government, major network operator,
> manufacturer, etc that are constantly over here just come to go shopping?
> Or are you really saying that you don't follow these things and therefore
> they don't matter?
> 
> I have, as you know, written quite a bit over the years about the historical
> evolution and contemporary decline of the telecom regime, so I not only get
> the marginalization argument, but have made it.  However, it's worth noting
> that this marginalization is relative; for example, while the telecom
> regulation treaty directly shapes a declining share of activity, carriers
> from the US alone (just one of 191 member states) still settle over $7
> billion a year under its terms and are fairly concerned about current
> proposals for change.  But that doesn't matter I guess, since it's not about
> domain names.  The extent of marginalization is also highly variable: for
> spectrum management it's non-existent, for standards, including
> security-related aspects, it depends on a host of factors per previous. In
> some cases the main action is elsewhere, in some it's not.
> 
>> And if civil society critics succeeded, after the kind of HUGE effort that
> it 
>> would take, in getting an influential seat at some ITU table then the
> chances 
>> are great that certain parties would forum-shift to somewhere else. 
> 
> I have absolutely no illusions that CS would make a HUGE effort and wasn't
> proposing this.  But since the Argentine-Swiss proposals to open the door to
> CS are the focus of active debate right now, it'd be nice if CS wasn't
> entirely silent, which just makes it easier for the more retrograde
> governments to say why bother, they don't care anyway.  At a post-WSIS ITU
> meeting a couple years ago, I presented a quickly assembled statement that
> was signed by two dozen caucus people criticizing the CS lock out and saying
> this is one of the reasons CS doesn't want ITU near IG, and it did get their
> attention.  But now that friendly governments are actually trying to do
> something about the matter, we're not there to offer any support.  Wille and
> I made presentations on CS inclusion at a meeting this year that were
> perceived I think as sort of solo views, not supported by any broader
> constituency demand.  It'd have been nice if we'd had a sign on or
> something, which is not all that hard to do, except when the gestalt is, who
> cares, it's not ICANN.
>  
>> No one said the issues of lawful intercept and cybersecurity "don't
> matter." 
>> Indeed, if you've been paying attention to IGP's work at all you should
> know 
>> that we've been focusing on that quite a bit, with some relatively good 
>> results in the DNSSEC sphere. 
> 
> Like all good citizens, I am a dutiful student and hang on IGP's every word.
> Brendan's DNSSEC stuff is interesting and important, but it's a piece of a
> much larger puzzle, which is what we're talking about.
> 
>> But this kind of politics is trench warfare and it makes little sense for
> CS 
>> groups to enter into a battle on the terms and conditions set by industry
> and 
>> govts, which is precisely what you are inviting us to do. 
> 
> Then why did we/you participate in WSIS?  Why, for that matter, do you
> participate in ICANN if this is a disqualifier?  That's the way the world
> is, so why not pack up our tents and go home?
>  
>>> processes are nonetheless consequential, no?  Re: top down, ok if by this
>>> you mean CS is excluded and a number of segments of relevant Internet
>>> industries opt not to get involved.  But for those industry groupings
> that
>>> opt to be involved, it is as bottom up as any other standards process.
>> Sure. But think of resource allocation. Scarce time, labor money. I don't
> see 
>> the case for CS involvement in ITU processes, or for fighting a process
> battle 
>> in that forum. 
>>
>> You give me a specific issue worth fighting for, and show me that ITU is
> the 
>> best place to fight it, then I'll be there. But if you want me to knock my
> 
>> head against the wall of a 150 year old bureaucracy trying to gain some 
>> generic recognition for something called "civil society" no thanks. 
> 
> Ok, restrict your head banging to a nine year old bureaucracy instead.
> 
> FYI, today begins a four day meeting of WP 2 of SG 17 and there's a ton of
> people from irrelevant outfits like VeriSign over there.  Here's the piffle
> WP 2 is currently working on:
> 
> 
> 
> *	Supplement 1 to X.800-X.849 series on security: Security baseline
> for network operators 
> *	Security architecture aspects of end users and networks in
> telecommunications 
> *	Framework for creation, storage, distribution and enforcement of
> policies for network security 
> *	Network security assessment/guidelines based on ITU-T Recommendation
> X.805 
> *	Framework for EAP-based authentication and key management 
> *	Guidelines for implementing system and network security 
> *	Overview of cybersecurity 
> *	A vendor-neutral framework for automatic notification of security
> related information and dissemination of updates 
> *	Guidelines for telecommunication service providers for addressing
> the risk of spyware and potentially unwanted software 
> *	Guideline on preventing worm spreading in a data communication
> network 
> *	User control enhanced digital identity interchange framework 
> *	Identity management use cases and gap analysis 
> *	Identity management framework for global interoperability 
> *	Supplement to X-series Recommendations on identity management:
> Identity management lexicon 
> *	Requirements for global interoperable identity management 
> *	Network security management framework 
> *	Privacy guideline for RFID 
> *	Requirement of security information sharing framework 
> *	Service oriented architecture framework 
> *	Service oriented architecture security 
> *	Information security management guidelines for telecommunications
> based on ISO/IEC 27002 
> *	Risk management guidelines for telecommunications 
> *	Security incident management guidelines for telecommunications 
> *	Telebiometrics related to human physiology 
> *	BioAPI interworking protocol 
> *	Telebiometrics authentication infrastructure 
> *	Telebiometrics digital key framework 
> *	A guideline of technical and managerial countermeasures for
> biometric data security 
> *	A guideline for secure and efficient transmission of multibiometric
> data 
> *	Telebiometrics system mechanism - General biometric authentication
> protocol and profile on telecommunication system 
> *	Telebiometrics system mechanism - Protection profile for client
> terminals 
> *	Device certificate profile for the home network 
> *	Guideline on user authentication mechanism for home network services
> 
> *	Differentiated security service for secure mobile end-to-end data
> communication 
> *	Authentication architecture in mobile end-to-end data communication 
> *	Correlative reacting system in mobile network 
> *	Security architecture for message security in mobile web services 
> *	Guideline on secure password-based authentication protocol with key
> exchange 
> *	Authorization framework for home network 
> *	Security requirements and framework in multicast communication 
> *	Privacy protection framework for networked RFID services 
> *	Security requirements for peer-to-peer communications 
> *	Security architecture for peer-to-peer network 
> *	Secure end-to-end data communication techniques using TTP services 
> *	Requirement and Framework for USN 
> *	Requirement on countering spam 
> *	Technical framework for countering email spam 
> *	Framework of countering IP multimedia spam 
> *	Guideline on countering email spam 
> *	Overview of countering spam for IP multimedia applications 
> *	Technical means for countering spam 
> *	Interactive countering spam gateway system 
> *	SMS filtering system based on users’ rules
> 
> 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.16.17/1179 - Release Date: 09/12/2007
> 11:06
> 
> 
> 
> No virus found in this outgoing message.
> Checked by AVG Free Edition. 
> Version: 7.5.503 / Virus Database: 269.16.17/1179 - Release Date: 09/12/2007
> 11:06
>  
> 
> 

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list