A Closer Look at the Security Proposal for the International Telecommunication Regulations

The recent media furore about the re-negotiation of the International Telecommunication Regulations (ITRs) has become a ludicrous cacophony of misinformed debate about how the International Telecommunication Union (ITU) is set to ‘take over the internet’ and start censoring public access at the WCIT-12 (World Conference on International Telecommunications).  An analysis of why the different factions are trying to wrest public opinion in their favour is not the point of this article, although it is simply naïve to think that Google et al don’t have their own underlying agendas, which are just as vested as those of Russia, China and the other purported ‘baddies’ taking part in the process. Enough has been written on both sides of the argument for an interested reader to make up their own mind about the situation.

I want to take a look at the proposals themselves, and more precisely the new draft article 5A on security.  Since the ITRs were last negotiated in 1988, much has happened in the development of telecommunications, greatest of which has been the internet itself. It has grown to the point where national critical infrastructures such as energy, financial and emergency services are increasingly using TCP/IP as the underlying communications protocol.  This has serious implications for a nation state because the internet is highly exploitable and the corruption of critical infrastructure could have a debilitating impact on public safety and national security. For this reason, cyber security has become just as important to governments as it has to banks and other private sector organizations.

International cyber security requirements have rarely been addressed outside of the recommendation and standardization arena. Aside from successful European Union legislation, the Council of Europe’s Convention on Cybercrime is the only international treaty to attempt a regulatory solution; yet its success is limited. Cyber security is much easier to address at the technical level and the ITRs provide a favorable framework in which to tackle this issue at a policy level.

There are 8 proposals for the new article tentatively entitled “confidence and security in the provision of international telecommunications and services”. Most of the proposals reflect the same spirit, albeit with varying language. Some of the proposals are based on previously negotiated language already agreed during past ITU conferences (the Geneva Plan of Action and the Tunis Agenda), most notably during the World Summit on the Information Society (WSIS) process.

The security proposals focus on the need for governments and the relevant operating agencies to ensure the security of the telecommunication infrastructure through a number of activities: network supervision and monitoring, cooperation with other states, industry and academia, national incident response capabilities, education and training, developing regulatory guidelines and supporting law enforcement, countering spam, protecting data and combating fraud among other actions. Many of these are already performed by more developed nations, but it is important that they be enshrined internationally and set as a basic requirement since not all member states are at the same level of development.

There will be little contest, except perhaps on form, as to the validity or necessity of article 5A. There might be more debate about the proposal which includes the Universal Declaration of Human Rights. Nonetheless, it is highly probable that all participating countries will agree on at least one thing – the need to secure their telecommunications infrastructure is paramount in the modern digital age, even if it is against other states or their own citizens.