Incyder news

 

19 December 2012


Subscribe

Updating International Telecommunication Regulations at WCIT 2012: Relevant for Cyber Security?

Since their adoption in 1988, the International Telecommunication Regulations (ITRs)1 were revised for the first time in December 2012 at the World Conference on International Communications (WCIT) organised in Dubai by the International Telecommunication Union (ITU), a UN agency focused on information and communication technologies (ICTs). Two weeks of intense negotiations resulted in the adoption of a Treaty that was argued by many to aim for stricter control over the internet.

The WCIT meeting in December 2012 underlined the disagreement between the Member States on how, or to what extent, could ITRs play a role in governing the internet or in other issues related to the internet. The goal of the meeting was to review the Treaty on ITRs that was originally adopted at the 1988 Melbourne World Administrative Telegraph and Telephone Conference (WATTC-88) with the aim of defining several aspects of telecommunication services in the context of the wider liberalisation process in international telecommunications. Since the Treaty was signed before the extensive adoption of the internet and the emergence of various cyber threats, it was decided that it should be updated in order to respond to the current needs of the Member States.

One of the central debates occurring during the conference focused on, in very broad terms, who should have the control over the internet.2 The topic proved to be of a highly political nature that required a ‘delicate balance’ between the various interests at stake,3 not only the different opinions of governments but also other interest groups such as Non-Governmental Organisations (NGOs) and the private sector. Similar debates on Internet Governance have been ongoing for years and groups of like-minded countries have expressed their opinions on numerous occasions.

The preparation process for WCIT 2012, which was originally planned to take place behind closed doors (but was forced to become more transparent by such activist movements as WCITLeaks4), revealed opposing viewpoints. For example, some countries, including Russia and China, put forward proposals5 to regulate aspects of the internet such as ‘crime’ and ‘security’.6 Given that these topics are currently unregulated at the global level due to legal, technical and political reasons – and are not even unilaterally defined – it is not surprising that the WCIT did not offer a breakthrough in this regard.

Article 5B

Unsolicited bulk electronic communications

Member States should endeavour to take necessary measures to prevent the propagation of unsolicited bulk electronic communications and minimize its impact on international telecommunication services. Member States are encouraged to cooperate in that sense.

There was also a certain confusion related to the wording and content of the ITRs. Several countries did not agree to the references to spam (Article 5B), expressing concerns that such a provision could open the door to limitations on content.7 Furthermore, the Iranian proposal to ‘… recognise the right of access of Member States to international telecommunication services’ that was later added to the Preamble of the Treaty was interpreted as an attempt to extend the Treaty's regulations to cover Internet Governance and content.8 Some experts worry that ‘this right could be used to force internet applications, content and service providers to provide services to particular organisations and in territories even if they don’t want to.’9 However, Article 1 (1.1, a) of the Treaty states clearly that ’These Regulations do not address the content-related aspects of telecommunications’ and the Preamble underlined the Member States’ commitment and obligation to existing human rights treaties.10 

Article 5A

Security and robustness of networks

Member States shall individually and collectively endeavour to ensure the security and robustness of international telecommunication networks in order to achieve effective use thereof and avoidance of technical harm thereto, as well as the harmonious development of international telecommunication. 

Other countries have been dissatisfied with Treaty provisions touching upon cyber security and Internet Governance. In fact, the revised Treaty does not include a single direct reference to the internet, even though Article 5A (‘Security and robustness of networks’) and Article 5B (‘Unsolicited bulk electronic communications’) may indirectly be linked to the possible reasoning for censorship and surveillance. Thus, there are concerns about the vague language used in these Articles and the ways that States may interpret the scope of these provisions.11 

Political unease was also strongly communicated in connection to a non-binding resolution explicitly addressing ITU involvement in internet policy. As an annex to the Treaty, the resolution titled ‘To foster an enabling environment for the greater growth of the internet’12 instructs the Secretary-General to ‘continue to take the necessary steps for ITU to play an active and constructive role in the development of broadband and the multi-stakeholder model of the internet as expressed in §35 of the Tunis Agenda’ and to ‘support the participation of Member States and all other stakeholders, as applicable, in the activities of ITU in this regard.’ Despite the same resolution stating that ‘all governments should have an equal role and responsibility for international Internet Governance’, several delegations were not in favour of adopting the resolution, both content and procedure-wise.13

The opposing views were clearly reflected in the results of the voting: the Treaty was finally adopted with 89 Member States in favour, whereas 55 Member States (including USA, France and Germany) did not sign the revised Treaty. A common legal procedure provides a timeframe in which to ratify the Treaty (until 2015) but, even after ratification, harmonised integration into national law is hard to achieve due to the different legal frameworks in the Member States.14

ITU