I'm sitting in the Popov Room of the ITU Tower in Geneva, the room is quiet, the atmosphere placid, chairs are empty. The final meeting of the CWG WCIT prep WG has just concluded its work and the chair will be reporting to the Council the results of our work. I find myself strangely calm and looking forward to my next week, to be spent in Prague.
The bulk of the work of this WG can be found in TD-62 and TD-64, unofficial copies of which can be found here. Should you choose to read through the documents, and they are lengthy at approximately 375 pages, you might think that a number of the proposals were directed at the Internet. Inclusion of terms like Internet Protocol, SPAM, cybersecurity, naming, and addressing is evidence of this fact. What you might not know is that the ITU Secretary General has indicated quite the opposite stating "that Internet issues will be discussed at the World Policy Forum in 2013" not at the WCIT.
Discussions in the CWG WCIT prep WG related to the Internet fall loosely into three categories, Economics, Cybersecurity, and Governance. Below I'll do my best to discuss proposals in these areas and how they might impact the Internet.
It has been suggested that "the most important battleground in the WCIT is ... the flows of funds among carriers ...". Settlements, the term that describes that flow between traditional telephony operators, is an important issue, and how Member States choose to address it could significantly alter the economics and dynamics of the Internet for years to come.
Prior to 1988, wire-line telephony was highly regulated with attendant lack of choice, high prices, and limited services. Since 1988, the last time the ITRs were revised (permitting less regulated markets and competition), telephony has dramatically changed and consumers have benefited. However, some miss the halcyon days of regulation with higher revenue, larger profits, and guaranteed markets. Returning to that well-understood business model and its minimal risk is desirable and advantageous, for the regulated.
However, returning to tightly regulated markets is proving difficult, especially now that consumers have experienced the benefits of competitive markets. While difficult, it has not proved impossible as evidenced by Ethiopia's recent decision to criminalize Skype with heavy penalties for failure to comply. It is in this environment, that we hear calls for "light-touch regulation", principles, convergence, and enhanced cooperation with the presumption that in the light-touch utopia, all will get along, all will be well, and this will be "the best of all possible worlds".
Supposedly as an alternative to regulation, the European Telecommunications Network Operators Association (ETNO) has proposed that the ITRs be modified to require Operating Agencies to enter into negotiations to ensure that other Operating Agencies obtain a fair price for use of their infrastructure. I'm all for fairness, as long as it is applied equitably. If adopted, it is unlikely that the ETNO proposal could be applied with equity given the proposed language and the dynamic nature of the Internet.
ETNO believes that Over The Top (OTT) providers are responsible for increased network utilization and the consequent requirement that Operating Agencies (telcos) upgrade their infrastructure. There is an element of truth in this argument in that like all traffic on the Internet, OTT traffic consumes throughput, but it fails to look at the other side of the connection, subscribers.
Subscribers typically pay a fee in advance for service (throughput) expecting that when the service is requested it will be provided. Their request to the Operating Agency (telco) comes in the form of a request to an OTT (or other) provider for content they desire. Delivery of that content consumes some portion of the throughput that the subscriber had contracted for and there is a reasonable expectation that it be available.
In a perfect world, all subscribers would receive their full allocation of throughput whenever requested. But worlds are rarely perfect and backbone infrastructure is rarely engineered to satisfy simultaneous network-wide requests for full throughput. This is a common, accepted practice and can result in congestion at times of heavy utilization.
Network engineers attempt to minimize congestion (keeping customers satisfied) and when it appears to be problematic, they look to upgrade their infrastructure. So in this imperfect world, backbone infrastructure isn't engineered to "carry the full load" and the risk models employed by ETNO's members didn't anticipate the demand for their services. Consequently they are oversubscribed (presumably).
Rather than look within their system and the elements they control for solving their problem, ETNO's members are seeking to change the inputs to their system, basically making this someone else's problem. Unfortunately, that someone else is the Internet and the fundamental assumptions on which it has thrived. Problems likely to emerge if the ETNO proposal is adopted range from economic denial of service attacks, reduced interconnection to developing countries, and the specter of innumerable contract negotiations given that in the Internet, every node can be reasonably seen as an Operating Agency (by the ITU definition).
Settlements are important, but they are becoming an anachronism in the modern world. Bringing them forward into the digital network age will create problems and threaten the continued rapid expansion and increased use of the Internet. There is no reason to burden a 21st century Internet with 19th century economic or business models. We can and must do better.
Worldwide, cybersecurity is a topic of current interest with discussions ranging from SPAM to nation-state sponsored attacks. Network and system security require attention and diligence, in their specification, implementation, and potential regulation. This is especially true with proposals that introduce cybersecurity language into a treaty instrument like the ITRs.
Several cybersecurity proposals have been submitted that on their face appear to be reasonable proposals to facilitate international cooperation on cyber-issues. However, when read from a slightly different perspective, it becomes quite clear that these proposals could in fact facilitate restrictions on the free flow of information within sovereign states and for states to request assistance to restrict information flows through their borders.
Cybersecurity is a broad area that can be divided into four categories, cybercrime, cyberwarfare, cyberterrorism, and cyberespionage. Each of these requires expert analysis, discussion, negotiation, and drafting and they deserve attention in their own right, e.g. cybercrime and the Budapest Convention on Cybercrime. Conflating them under the term cybersecurity within a telecommunications treaty does each of them an injustice and raises the potential for (un)intended consequences.
For example, in the name of national security, a cybersecurity clause in the ITRs could be used as a mechanism to limit free speech, deny service access, or otherwise impinge on rights guaranteed in the Universal Declaration of Human Rights. Surely this is unintended but is inevitable when attempts are made to regulate warfare, espionage, terrorism, or crime in a treaty designed for other purposes, e.g. telecommunications, by experts in other areas.
Regulation will do little to limit warfare, terrorism, or espionage in the networked, digital age and efforts to address them in the ITRs likely will have significant unintended consequences. It would be better to engage in "international cooperation, information sharing, openness and transparency" as suggested by Estonia's President in a recent speech on Cyber-security and liberal democracies. Comprehensively addressing these issues requires careful consideration, diligence, and reliance on fundamental principles.
We should use the Budapest Convention as a model and bring together experts in other cyber areas to address the significant issues of our day (and the future). While not perfect, the Convention has demonstrated that it is possible to address a complex cyber issue for the benefit of the international community. Let's repeat that lesson with other issues but avoid the temptation of the quick fix of the ITR cybersecurity proposals. Our security won't be improved but our collective freedom will be lessened as may our ability to innovate on the Internet; an unfair tradeoff if ever there was one.
While the Secretary General claims that WCIT 2012 is not about Internet Governance, several Member States seem to disagree. Various proposals have been made to modify the ITRs to specifically include names, numbers, and addresses with an eye towards mitigating abuse. Inclusion of the term "name" should give pause and be taken as a specific reference to a domain name, an Internet resource.
In the ITU-T Recommendation E.101, "Definitions of terms used for identifiers", the only defined name is a Domain Name . Presumably the "name" suggested in the proposed ITR modification is an E.101 reference and consequently means Domain Name. If adopted this proposed change would be a clear statement by the signatories that the ITU should have a role in governing the Domain Names System.
The Domain Name System is today managed by ICANN with ICANN frequently listed as one of the entities responsible for Internet Governance. If the ITU assumes some (or all) responsibility for some portion of Domain Name policy, it has by definition moved into the realm of Internet Governance, in direct contravention of the statements made by its Secretary General.
While it is comforting to hear that WCIT 2012 is not about Internet Governance, certain proposals by Member States are in fact related to the Internet itself or its governance. Therefor, a discussion of Internet Governance will be unavoidable in Dubai unless these proposals are withdrawn or are deemed to be out of scope through some unknown ITU procedural mechanism.
The Internet and Internet Governance will almost certainly be topics of discussion at WCIT 2012 in Dubai. Perusing the ITU documents developed in preparation for the Conference should make that clear. If that is unconvincing, read the Secretary General's Draft Report for the May 2013 World Telecommunications Policy Forum (WTPF) to know that the ITU, and Member States plan on a perhaps decisive discussion on the Internet and Internet Governance.
It would appear we have a choice, and in fact we do as the President of Estonia has expressed, "We must choose between two paths — either we can change the nature of the Internet by placing a Westphalian regulatory structure on Internet governance, or we can change the world." Our choice is to return to 19th century principles and policies or to recognize that we have entered the 21st century, have established principles, and now have a responsibility to align our policies and processes with them.
We can learn from history but we should not repeat it when better options are available to us as they now are.
By Bill Smith, Sr. Policy Advisor, Technology Evangelist at PayPal. (Disclaimer: While I am a PayPal (eBay) employee, the opinions expressed here are my own.)
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines
Neustar DDoS Protection
Neustar DNS Services