[French] [Spanish] [German] [Portuguese] [Italian]


C5. Building confidence and security in the use of ICTs



The recommendation of the Geneva action plan concerning this action line are :
C5. Building confidence and security in the use of ICTs

12. Confidence and security are among the main pillars of the Information Society.
a) Promote cooperation among the governments at the United Nations and with all stakeholders at other appropriate fora to enhance user confidence, build trust, and protect both data and network integrity; consider existing and potential threats to ICTs; and address other information security and network security issues.
b) Governments, in cooperation with the private sector, should prevent, detect and respond to cyber-crime and misuse of ICTs by: developing guidelines that take into account ongoing efforts in these areas; considering legislation that allows for effective investigation and prosecution of misuse; promoting effective mutual assistance efforts; strengthening institutional support at the international level for preventing, detecting and recovering from such incidents; and encouraging education and raising awareness.
c) Governments, and other stakeholders, should actively promote user education and awareness about online privacy and the means of protecting privacy.
d) Take appropriatei action on spam at national and international levels.
e) Encourage the domestic assessment of national law with a view to overcoming any obstacles to the effective use of electronic documents and transactions including electronic means of authentication.
f) Further strengthen the trust and security framework with complementary and mutually reinforcing initiatives in the fields of security in the use of ICTs, with initiatives or guidelines with respect to rights to privacy, data and consumer protection.
g) Share good practices in the field of information security and network security and encourage their use by all parties concerned.
h) Invite interested countries to set up focal points for real-time incident handling and response, and develop a cooperative network between these focal points for sharing information and technologies on incident response.
i) Encourage further idevelopment of secure and reliable applications to facilitate online transactions.
j) Encourage interested countries to contribute actively to the ongoing United Nations activities to build confidence and security in the use of ICTs.

References and Contributions :

Audio excerpts below from the ITU audio archive ( very unfortunately in the proprietary Real Player format, which should not be considered as a very appropriate choice for ITU ... ). This particular stream was no easy to rip, and we had no time to waste, therefore we indicate the specific excerpts by time stamps on the stream. Sorry for the inconvenience. Any help whould be appreciated to rip thoses excerpts and make them more easily available in ogg format.

Procedural issues :
During the 2nd WSIS Action Line C5 Facilitation Meeting , ITU proposed draft terms of reference ToR that are quite different from those from UNESCO. There is only one team, instead of the definition of sub-themes and then designation of moderators of open-ended teams for those sub-themes. As said orally, the "team" should have implemented the recommendations coming from the four working groups ( speed sessions of the first and second days ). The draft ToR was objected by Switzerland, Tunisia and latter on by the United States, followed by India. Therefore the ToR were not adopted, effectively paralyzing the implementation of C5 action line until next year. Obviously, this meeting was not a success for ITU, although its duration was the largest among all action lines meetings, and despite the fact this meeting was one of the best prepared and attended of the WSIS cluster of events. The problem is that the unique C5 "team" positionned itself ipso facto as a process in competition with existing processes, and the ITU was not perceived as a worldwide inclusive multi-stakeholder facilitator. It is our analysis that if the ITU had proposed the same ToR as UNESCO, which are proposing a more distributed structure that could accomodate existing as well as new processes, then the C5 meeting outcome would have been more practical. For example, a theme and a moderator could have correspond to an existing initiative,

Content issues :
1/ It is uncertain if the relationship between Cybersecurity and Ethics has not been really investigated in the discussions so far. This would imply insuring that

  • cybersecurity measures and effectiveness are not compromised by corporate interests, and that a fair competition between providers of security solutions does exist.
  • freedom of software users and developers is preserved. Cybersecurity measures should not prevent the development of Free Software.
  • last but no least that Human Rights issues are not forgotten. Cybersecurity enforcement should not come at the cost of endangering Human Rights. It is a very sensitive issue that must be approached in a very balanced way.

2/ The fundamental problem, and strategic choice betwee, security through obscurity vs "security through transparency" ( ie using Open Source or Free Software ) has never been debated during the WSIS. The issue of software models has been debated in a general context, leaving users free to choose the model "that best fit their needs". Precisely, in matter of cybersecurity, the question of the determination of the model that best fit the needs of users ( governments, people, companies ) is a question that has been left unexplored ( this has nothing to do with the economical question of gratis vs commercial which was hotly debated in the context of the digital divide ). Many users are justified to feel insecure when their internet traffic is passing through closed "black boxes" ( routers, proxies, mirrors, etc... ) because they are not able to verify by themselves ( or relying on trusted independant people ) if those network equipments are not compromised and secure.

A very exploratatory proposition for sub-themes
Sub-Theme Lead moderator, co-moderators Contacts
A/ International Public Law Framework Council of Europe ( Convention on Cybercrime ) tba
B/ Watch, Warning and Incident Response Community Emergency Response Team (CERT) tba
C/ Spam and Related Threats StopSpamAlliance tba
D/ National e-Strategies and National Law Enforcement tba tba
E/ Research of Innovative Solutions in a Global Cybersecurity Environment tba tba
F/ Best Practises and Network Policies tba tba
G/ Cybersecurity Ethics ( Fair competition, Freedom of Software Users and Developers, Human Rights ) tba tba

Relationships with the Internet Governance Forum Process

There is no dynamic coalition on CyberSecurity, just one on a specific aspect : StopSpamAlliance. However, concerning CyberSecurity, There are quite a few interesting workshops among those that have been proposed for the IGF in RIO. Security is a recognized category. but unfortunately many of the proposals are related more to content filtering ( access ) than to security.


Misc. Links