Standards Symposium Highlights Security, Privacy On Eve Of World Telecom Standardization Assembly

The 2016 Global Standards Symposium (GSS2016) organised by the UN International Telecommunication Union (ITU) in Hammamet, Tunisia, this week in its conclusions heavily supported privacy by design and collaboration on privacy issues. The consensus of participants was a little shaky though, with some representatives like the United Kingdom and United States questioning the procedure to approve conclusions immediately after the one day event on 24 October.

The GSS, taking place for the third time, gave a first taste of more controversies to come during the World Telecom Standardization Assembly 2016 (WTSA) taking place from 25 October to 3 November. WTSA is meeting on an every-four-year basis to decide the programme of the next four years of work of the standardization branch of the ITU, the ITU Telecom Standardization Sector (ITU-T) in the next seven days.

“Security, Privacy and Trust in Standardization” was the topic chosen for the third edition of the GSS which, according to ITU Secretary General Houlin Zhao, is expected to “contribute to the communications among policymakers, industry players and standard bodies.”

John Edwards, privacy commissioner of New Zealand, in Hammamet spoke of “shockwaves” resulting from the Snowden revelations, and called on governments to consider international norm-setting in privacy. The Annual Conference of Data Protection and Privacy Officers has called for norm-setting since its meeting in Montreux in 2005.

Besides privacy-enhancing technologies, privacy by design and  the “leveraging of international frameworks that contain basic principles of security, privacy and trust,” the conclusions also “stressed” security goals, including “sharing of information between public and private sectors on threats to the ICT infrastructure,” and a joint effort “to develop national capabilities to protect from cyber-attacks.” ITU experiences 1 million attacks every day, according to Reinhard Scholl, deputy director of ITU-T, of which he called 10,000 serious.

With a much-publicised attack on the internet domain name system (DNS) infrastructure provider Dyn on 21 October, there were also rather blunt calls for government interventions to “enforce” security.

Alibaba Vice President for Security Du Yuejin said during the discussion user s could not do too much about attacks.  Many basic security elements could be only “forced through government agencies,” he said.

More state involvement and intergovernmental involvement in operational issues on the internet is a divisive line that cuts through the ITU membership once more.

For the WTSA proposals like a request for ITU to push the handle system (an alternative object identifier system), to get involved on potential IP (internet protocol) or domain address allocation imbalances, requests for “supervision, potential regulation and revenue sharing of Over-The-Top-Providers” (OTT) could result in considerable discussion during WTSA.

All these proposals are presented by the African states, which also want to put their dot.africa-issue before the ITU-T. The proposal that the ITU telecom standardization sector should set up Internet Exchanges has been challenged already in written submissions, for example by the US.

The Internet Society has a list of additional concerns, including a potential regulation of VoIP (voice over IP), and more generally, the expansion of the ITU mandate into areas of privacy. One big turf race ongoing according to experts is the one on who should set standards and rules for the Internet of Things.

What was curious for the GSS meeting was that despite focussing on privacy and collaboration with other standards bodies, neither W3C (World Wide Web Consortium) nor the Internet Engineering Task Force – which both have engaged in considerable work on privacy in standards work – attended this year’s GSS16. But present were the standards bodies IEEE, ISO, IEC and CEN-CENELEC.

 

Image Credits: ITU