Home / Blogs

Celebrating 167 Years of Public International Law for Cyber Security

Anthony Rutkowski

Interstate agreement between the Austro-Hungarian Monarchy, Prussia, Bavaria and Saxony, 25 July 1850.
Original / English
On 30 September 1850 at Dresden, the first international treaty was issued among the first sovereign nations to internet their national electronic communication networks. It was known as the Dresden Convention, and culminated several weeks hammering out basic requirements and techniques to implement an internet spanning the Austro-German European continent at the time, and established a continuing "Union" of signatories to evolve the provisions of the treaty.

The Dresden Convention was a remarkable achievement that necessarily included basic elements of cyber security that persist today. The endurance of the treaty provisions and the collaborative process for cyber security were underscored over the decades by applying the provisions to each new communications technology and an expanding array of nation states that emerged. The network security provisions included those relating to sovereignty over national communication networks and service provisioning, protecting network infrastructure against harm, and sovereign rights to inspect and stop communication harmful to national security.

Over the generations, the technologies included telephone networks, undersea cables, radiocommunication, radio sensing, broadcasting, out-of-band signalling, television and cable video, satellite communication, data communication, public mobile, and datagram internets, ICTs, cloud data centres and network-service virtualisation. In the 1930s, the treaty signatories would give themselves the name International Telecommunication Union.

Today, literally every nation on earth has accepted today's ITU cyber security treaty provisions that originated in 1850. Indeed, despite multiple attempts to develop new global cyber security instruments, few have been successful, and none have been as enduring or ubiquitous as the ITU provisions.

Worth special note is the adjunct ITU cyber security treaty instrument that emerged at the 1988 Melbourne Convention known as the International Telecommunication Regulations. The emergence of multiple datagram-based internets at that time for research and intergovernmental use such as the OSI Datagram and DARPA TCP/IP platforms, resulted in the ITU convening a conference to legalize transnational public internets for commercial offerings. The late Secretary-General Richard Butler convened most of the world's nations in his home town, and after five contentious weeks and two conference chairs, a treaty instrument was produced that legalized international public internets for the first time. Butler himself took considerable pride in writing and personally negotiating the internet key treaty provision known as Article 9.

From a cyber security law development standpoint, what was especially significant was unleashing of the Morris Worm on the DARPA Internet weeks before the Melbourne conference — which played out in the International Herald Tribune daily. The concern was exacerbated by an enterprising New York Times reporter discovering that Morris' father was a noted U.S. national security official. The infamous malware incident resulted in many delegations — especially the cyber security experts on the USSR delegation — insisting Butler include multiple new cyber security provisions before they would agree to any treaty legalizing public internets and services. The provisions were added and based on innovative adaption of a continuum of cyber security treaty provisions that had existed over the decades. After the treaty was signed by most of the world's nations, ITU senior officials led efforts at nation levels to amend their national laws to enable international public internet implementations.

Unfortunately, most of the security provisions of the 1988 Convention related to public global internets were never implemented. The failures to act occurred even as cyber security challenges surrounding the DARPA TCP/IP internet going public grew exponentially.

Today the quest continues among Nation States to develop new cyber security treaty instruments dealing with the same basic requirements faced 167 years ago in a far more complex and globally interconnected environment — with little success and notable failures. Unfortunately, lack of knowledge about public international cyber security law today, seems endemic and appalling — even within the ITU's own ongoing expert groups. Perhaps it is time to return to the basics and develop cyber security solutions derived from Art. 9 of the 1988 Melbourne Convention and the continuum of global network security law that has persisted since Dresden. At a treaty level, the basic network security requirements are unchanged: sovereignty over national communication networks and service provisioning including the ability to inspect and stop communication harmful to national security, and protecting those networks and services against harm.

Disclaimer: The author was Secretary-General Butler's counsellor in 1987-89, responsible for the Melbourne Conference secretariat, and ITU Chief of Telecommunications Regulations and Relations between Members until 1992.

Correcton: October 11, 2017 – An earlier version of the title misstated the years since 1850. It was 167, not 117.

By Anthony Rutkowski, Principal, Netmagic Associates LLC

Related topics: Cybersecurity, Internet Governance, Law


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


Why 117 years? Roland Turner  –  Oct 11, 2017 4:02 AM PDT

Why 117 years? 1850 was 167 years ago, was it not?

Indeed it was Anthony Rutkowski  –  Oct 11, 2017 5:05 AM PDT

Chalk it up to jetlag and/or decaying neurons.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper


Sponsored by Verisign

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

Discover ACCELR/8, a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks