The issue of cybersecurity perfectly illustrates why the International Telecommunication Union (ITU) should not be given expanded regulatory authority to include matters of Internet governance. The UN body is meeting this December as Member States renegotiate its core telecommunications treaty, and CDT and others have been warning of the risks to online freedom and innovation. In a paper issued today, we examine in detail some of the proposals pending before the ITU relating to cybercrime and cybersecurity.
On the one hand, cybersecurity is undeniably a critical issue for the future of telecommunications and indeed for global commerce, development, and human rights. On the other hand, it is ill-suited to the kind of centralized, government-dominated policymaking that the ITU represents.
Cybersecurity requires agility: Given the pace of technological change, governmental bodies are not likely to be the source of effective technical solutions. Instead, those solutions will emerge from multi-stakeholder efforts, involving ICT companies, technologists, academics, and civil society advocates, as well as governments.
Moreover, the cybersecurity issue inevitably leads straight into questions of human rights and governmental power: surveillance, privacy, and free expression. None of these are issues the ITU has any expertise in or any ability to assess and balance. Rather than adopting vague wording that could be used by governments as justification for repressive measures, the ITU should endorse existing standards initiatives such as those underway at the IETF and continue to serve as one forum among many for the development of consensus based, private sector-led efforts.