Home / Blogs

WCIT Prep Dénoument?

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
Bill Smith

I'm sitting in the Popov Room of the ITU Tower in Geneva, the room is quiet, the atmosphere placid, chairs are empty. The final meeting of the CWG WCIT prep WG has just concluded its work and the chair will be reporting to the Council the results of our work. I find myself strangely calm and looking forward to my next week, to be spent in Prague.

The bulk of the work of this WG can be found in TD-62 and TD-64, unofficial copies of which can be found here. Should you choose to read through the documents, and they are lengthy at approximately 375 pages, you might think that a number of the proposals were directed at the Internet. Inclusion of terms like Internet Protocol, SPAM, cybersecurity, naming, and addressing is evidence of this fact. What you might not know is that the ITU Secretary General has indicated quite the opposite stating "that Internet issues will be discussed at the World Policy Forum in 2013" not at the WCIT.

Discussions in the CWG WCIT prep WG related to the Internet fall loosely into three categories, Economics, Cybersecurity, and Governance. Below I'll do my best to discuss proposals in these areas and how they might impact the Internet.


It has been suggested that "the most important battleground in the WCIT is ... the flows of funds among carriers ...". Settlements, the term that describes that flow between traditional telephony operators, is an important issue, and how Member States choose to address it could significantly alter the economics and dynamics of the Internet for years to come.

Prior to 1988, wire-line telephony was highly regulated with attendant lack of choice, high prices, and limited services. Since 1988, the last time the ITRs were revised (permitting less regulated markets and competition), telephony has dramatically changed and consumers have benefited. However, some miss the halcyon days of regulation with higher revenue, larger profits, and guaranteed markets. Returning to that well-understood business model and its minimal risk is desirable and advantageous, for the regulated.

However, returning to tightly regulated markets is proving difficult, especially now that consumers have experienced the benefits of competitive markets. While difficult, it has not proved impossible as evidenced by Ethiopia's recent decision to criminalize Skype with heavy penalties for failure to comply. It is in this environment, that we hear calls for "light-touch regulation", principles, convergence, and enhanced cooperation with the presumption that in the light-touch utopia, all will get along, all will be well, and this will be "the best of all possible worlds".

Supposedly as an alternative to regulation, the European Telecommunications Network Operators Association (ETNO) has proposed that the ITRs be modified to require Operating Agencies to enter into negotiations to ensure that other Operating Agencies obtain a fair price for use of their infrastructure. I'm all for fairness, as long as it is applied equitably. If adopted, it is unlikely that the ETNO proposal could be applied with equity given the proposed language and the dynamic nature of the Internet.

ETNO believes that Over The Top (OTT) providers are responsible for increased network utilization and the consequent requirement that Operating Agencies (telcos) upgrade their infrastructure. There is an element of truth in this argument in that like all traffic on the Internet, OTT traffic consumes throughput, but it fails to look at the other side of the connection, subscribers.

Subscribers typically pay a fee in advance for service (throughput) expecting that when the service is requested it will be provided. Their request to the Operating Agency (telco) comes in the form of a request to an OTT (or other) provider for content they desire. Delivery of that content consumes some portion of the throughput that the subscriber had contracted for and there is a reasonable expectation that it be available.

In a perfect world, all subscribers would receive their full allocation of throughput whenever requested. But worlds are rarely perfect and backbone infrastructure is rarely engineered to satisfy simultaneous network-wide requests for full throughput. This is a common, accepted practice and can result in congestion at times of heavy utilization.

Network engineers attempt to minimize congestion (keeping customers satisfied) and when it appears to be problematic, they look to upgrade their infrastructure. So in this imperfect world, backbone infrastructure isn't engineered to "carry the full load" and the risk models employed by ETNO's members didn't anticipate the demand for their services. Consequently they are oversubscribed (presumably).

Rather than look within their system and the elements they control for solving their problem, ETNO's members are seeking to change the inputs to their system, basically making this someone else's problem. Unfortunately, that someone else is the Internet and the fundamental assumptions on which it has thrived. Problems likely to emerge if the ETNO proposal is adopted range from economic denial of service attacks, reduced interconnection to developing countries, and the specter of innumerable contract negotiations given that in the Internet, every node can be reasonably seen as an Operating Agency (by the ITU definition).

Settlements are important, but they are becoming an anachronism in the modern world. Bringing them forward into the digital network age will create problems and threaten the continued rapid expansion and increased use of the Internet. There is no reason to burden a 21st century Internet with 19th century economic or business models. We can and must do better.


Worldwide, cybersecurity is a topic of current interest with discussions ranging from SPAM to nation-state sponsored attacks. Network and system security require attention and diligence, in their specification, implementation, and potential regulation. This is especially true with proposals that introduce cybersecurity language into a treaty instrument like the ITRs.

Several cybersecurity proposals have been submitted that on their face appear to be reasonable proposals to facilitate international cooperation on cyber-issues. However, when read from a slightly different perspective, it becomes quite clear that these proposals could in fact facilitate restrictions on the free flow of information within sovereign states and for states to request assistance to restrict information flows through their borders.

Cybersecurity is a broad area that can be divided into four categories, cybercrime, cyberwarfare, cyberterrorism, and cyberespionage. Each of these requires expert analysis, discussion, negotiation, and drafting and they deserve attention in their own right, e.g. cybercrime and the Budapest Convention on Cybercrime. Conflating them under the term cybersecurity within a telecommunications treaty does each of them an injustice and raises the potential for (un)intended consequences.

For example, in the name of national security, a cybersecurity clause in the ITRs could be used as a mechanism to limit free speech, deny service access, or otherwise impinge on rights guaranteed in the Universal Declaration of Human Rights. Surely this is unintended but is inevitable when attempts are made to regulate warfare, espionage, terrorism, or crime in a treaty designed for other purposes, e.g. telecommunications, by experts in other areas.

Regulation will do little to limit warfare, terrorism, or espionage in the networked, digital age and efforts to address them in the ITRs likely will have significant unintended consequences. It would be better to engage in "international cooperation, information sharing, openness and transparency" as suggested by Estonia's President in a recent speech on Cyber-security and liberal democracies. Comprehensively addressing these issues requires careful consideration, diligence, and reliance on fundamental principles.

We should use the Budapest Convention as a model and bring together experts in other cyber areas to address the significant issues of our day (and the future). While not perfect, the Convention has demonstrated that it is possible to address a complex cyber issue for the benefit of the international community. Let's repeat that lesson with other issues but avoid the temptation of the quick fix of the ITR cybersecurity proposals. Our security won't be improved but our collective freedom will be lessened as may our ability to innovate on the Internet; an unfair tradeoff if ever there was one.


While the Secretary General claims that WCIT 2012 is not about Internet Governance, several Member States seem to disagree. Various proposals have been made to modify the ITRs to specifically include names, numbers, and addresses with an eye towards mitigating abuse. Inclusion of the term "name" should give pause and be taken as a specific reference to a domain name, an Internet resource.

In the ITU-T Recommendation E.101, "Definitions of terms used for identifiers", the only defined name is a Domain Name . Presumably the "name" suggested in the proposed ITR modification is an E.101 reference and consequently means Domain Name. If adopted this proposed change would be a clear statement by the signatories that the ITU should have a role in governing the Domain Names System.

The Domain Name System is today managed by ICANN with ICANN frequently listed as one of the entities responsible for Internet Governance. If the ITU assumes some (or all) responsibility for some portion of Domain Name policy, it has by definition moved into the realm of Internet Governance, in direct contravention of the statements made by its Secretary General.

While it is comforting to hear that WCIT 2012 is not about Internet Governance, certain proposals by Member States are in fact related to the Internet itself or its governance. Therefor, a discussion of Internet Governance will be unavoidable in Dubai unless these proposals are withdrawn or are deemed to be out of scope through some unknown ITU procedural mechanism.


The Internet and Internet Governance will almost certainly be topics of discussion at WCIT 2012 in Dubai. Perusing the ITU documents developed in preparation for the Conference should make that clear. If that is unconvincing, read the Secretary General's Draft Report for the May 2013 World Telecommunications Policy Forum (WTPF) to know that the ITU, and Member States plan on a perhaps decisive discussion on the Internet and Internet Governance.

It would appear we have a choice, and in fact we do as the President of Estonia has expressed, "We must choose between two paths — either we can change the nature of the Internet by placing a Westphalian regulatory structure on Internet governance, or we can change the world." Our choice is to return to 19th century principles and policies or to recognize that we have entered the 21st century, have established principles, and now have a responsibility to align our policies and processes with them.

We can learn from history but we should not repeat it when better options are available to us as they now are.

By Bill Smith, Sr. Policy Advisor, Technology Evangelist at PayPal. (Disclaimer: While I am a PayPal employee, the opinions expressed here are my own.)

Related topics: Cybercrime, DNS, ICANN, Internet Governance, Policy & Regulation, Security



To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Sponsored Topics

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Leading Internet Associations Strengthen Cooperation

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

Afilias Chairman Jonathan Robinson Wins ICANN's 2016 Leadership Award at ICANN 57

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Facilitating a Trusted Web Space for Financial Service Professionals