Interstate agreement between the Austro-Hungarian Monarchy, Prussia, Bavaria and Saxony, 25 July 1850.
Original / EnglishOn 30 September 1850 at Dresden, the first international treaty was issued among the first sovereign nations to internet their national electronic communication networks. It was known as the Dresden Convention, and culminated several weeks hammering out basic requirements and techniques to implement an internet spanning the Austro-German European continent at the time, and established a continuing “Union” of signatories to evolve the provisions of the treaty.

The Dresden Convention was a remarkable achievement that necessarily included basic elements of cyber security that persist today. The endurance of the treaty provisions and the collaborative process for cyber security were underscored over the decades by applying the provisions to each new communications technology and an expanding array of nation states that emerged. The network security provisions included those relating to sovereignty over national communication networks and service provisioning, protecting network infrastructure against harm, and sovereign rights to inspect and stop communication harmful to national security.

Over the generations, the technologies included telephone networks, undersea cables, radiocommunication, radio sensing, broadcasting, out-of-band signalling, television and cable video, satellite communication, data communication, public mobile, and datagram internets, ICTs, cloud data centres and network-service virtualisation. In the 1930s, the treaty signatories would give themselves the name International Telecommunication Union.

Today, literally every nation on earth has accepted today’s ITU cyber security treaty provisions that originated in 1850. Indeed, despite multiple attempts to develop new global cyber security instruments, few have been successful, and none have been as enduring or ubiquitous as the ITU provisions.

Worth special note is the adjunct ITU cyber security treaty instrument that emerged at the 1988 Melbourne Convention known as the International Telecommunication Regulations. The emergence of multiple datagram-based internets at that time for research and intergovernmental use such as the OSI Datagram and DARPA TCP/IP platforms, resulted in the ITU convening a conference to legalize transnational public internets for commercial offerings. The late Secretary-General Richard Butler convened most of the world’s nations in his home town, and after five contentious weeks and two conference chairs, a treaty instrument was produced that legalized international public internets for the first time. Butler himself took considerable pride in writing and personally negotiating the internet key treaty provision known as Article 9.

From a cyber security law development standpoint, what was especially significant was unleashing of the Morris Worm on the DARPA Internet weeks before the Melbourne conference—which played out in the International Herald Tribune daily. The concern was exacerbated by an enterprising New York Times reporter discovering that Morris’ father was a noted U.S. national security official. The infamous malware incident resulted in many delegations—especially the cyber security experts on the USSR delegation—insisting Butler include multiple new cyber security provisions before they would agree to any treaty legalizing public internets and services. The provisions were added and based on innovative adaption of a continuum of cyber security treaty provisions that had existed over the decades. After the treaty was signed by most of the world’s nations, ITU senior officials led efforts at nation levels to amend their national laws to enable international public internet implementations.

Unfortunately, most of the security provisions of the 1988 Convention related to public global internets were never implemented. The failures to act occurred even as cyber security challenges surrounding the DARPA TCP/IP internet going public grew exponentially.

Today the quest continues among Nation States to develop new cyber security treaty instruments dealing with the same basic requirements faced 167 years ago in a far more complex and globally interconnected environment—with little success and notable failures. Unfortunately, lack of knowledge about public international cyber security law today, seems endemic and appalling—even within the ITU’s own ongoing expert groups. Perhaps it is time to return to the basics and develop cyber security solutions derived from Art. 9 of the 1988 Melbourne Convention and the continuum of global network security law that has persisted since Dresden. At a treaty level, the basic network security requirements are unchanged: sovereignty over national communication networks and service provisioning including the ability to inspect and stop communication harmful to national security, and protecting those networks and services against harm.

Disclaimer: The author was Secretary-General Butler’s counsellor in 1987-89, responsible for the Melbourne Conference secretariat, and ITU Chief of Telecommunications Regulations and Relations between Members until 1992.

Correcton: October 11, 2017 – An earlier version of the title misstated the years since 1850. It was 167, not 117.