Is ITU Really Threatening the Internet?
Prabir Purkayastha, Newsclick, November 8, 2012
We have already written about the forthcoming International Telecommunications Union's (ITU) conference – World Conference on International Telecommunications (WCIT) – that is being held after 14 years in Dubai.
A careful examination of the proposals would show that the hype of ITU taking over the internet is very much a creation of certain groups who have other interests. This does not mean that we do not need to protect the internet as a space for resistance for the people. Therefore we also need to work out what should be the scope of ITU and limit ITU to this scope only.
Unfortunately, the Government of India has made its submission on the proposals before the ITU without any public discussions. It has held private discussion with the industry – read big private players – but made no attempt to have any other consultation. Neither political parties nor civil society groups have been consulted. Considering that WCIT is proposing to revise the IT Regulations (ITR's) and is therefore involves treaty making, this kind of secrecy does not speak well of the Government and the Ministry of Communications.
One of the campaigns that is doing the rounds is that the Internet is independent of telecommunications, even though it runs on the global telecommunications network and it should be kept that way. A part of the problem appears to be that in the US (under Federal Communication Commission ) information services and telecommunication services are defined as separate services, leading to the belief amongst American academia, activists, experts that they are two different domains. Even Professor Milton Mueller (Syracuse University School of Information Studies, USA) , in his otherwise excellent summary of issues on the Dubai proposals (http://www.internetgovernance.org/2012/06/07/threat-analysis-of-wcit-part-2-telecommunications-vs-internet) argues that “telecommunications” and “information services” are separate. In American telecom world, telecom is artificially restricted to mean only voice while data communications is held to be information services. It is important to understand that the purpose of FCC designating kinds of services was a purely regulatory one – voice services were regulated while data services were not. What is happening here is not that ITU is expanding its remit to the internet but American concepts of what constitutes telecom and the internet are sought to be imposed on the world.
The fundamental issue is that data and voice communications are both a part of today's telecommunications and have always have been. The internet treats everything including voice as data and transmits it as data packets over the existing telecommunications infrastructure. If we see the ITU definition of telecommunications, it includes all forms of signal emission, transmission and reception. This means obviously that there are certain parts of Internet that are very much a part of the telecommunications. Even Mueller concedes as much when he states that layer 1 and 2 of the OSI standard model is very much a part of the telecommunication network.
The question is what are these layers 1 and 2. They are the physical layer (copper cable, fibre optic cable, wireless carrier) and the data link layer (the one that moves the packets of data) of the OSI model, which in the standard communications over the internet – the TCP/IP protocol -- has collapsed into one layer. However, even those opposing the intrusion of ITU in Internet issues will have to concede that the data packets that move according to the TCIP/IP protocol do so because that is what is implemented in the telecom networks. The issue of who frames the standards for the internet and decides its governance – ITU or other bodies – is different from whether the internet is independent of telecommunications.
What is also important to understand about the Internet and telecommunications is what the telecommunication networks do not do. Apart from moving the data packets between computers the telecommunications networks do not do anything else. The conversion of this data to meaningful information – processing it, converting it and understanding its meaning is the application and the content layers. ITU has never been involved in the content of the communications and that is why application and content are squarely out of ITU's remit. So when looking at the current proposals, it is clear that the issues that concern content needs to be kept out of ITU.
It is clear today that all forms of communications – from voice, videos, radios – are moving to the internet. If all voice, data and broadcasting of radio and video signals move to Internet, then all devices may in future connect using their IP addresses – phone numbers will have no meaning; calling up another person may be done by using his phone's IP address from my IP phone and not the number. IP to IP interconnection then become the norm for all communications.
To argue that ITU should have no role in IP to IP interconnection as it belongs to the internet means the absence of a global interconnectivity regime backed up by an international agreement. In other words, why bother to have an ITU at all. An American commentator on the internet, Larry Downs (http://www.forbes.com/sites/larrydownes/2012/10/01/u-n-agency-reassures-we-just-want-to-break-the-internet-not-take-it-over/3/) says this quite openly as below:
"The Internet revolution is quickly obsoleting old copper-based switched telephone networks. Once the shift to all-IP communications is complete, the ITU will have little left to justify its existence for another 150 years."
This is also the AT&T's FCC submissions recently, re-classify us as information services and wind up all the existing regulatory obligations of our telecommunication services.
Are we then seeing an attack on ITU not because it wants to grab the Internet but because players in Internet space including some telcos would like to take over all telecommunications by calling it information services/ Internet services and getting rid of all their current obligations such as obligation to interconnect, common carrier obligations, universal service obligations etc? Instead of ITU grabbing the internet as it is projected, are we seeing instead a campaign to wind-up the ITU?
Lest I am accused of being a conspiracy theorist, it is important to note that 15 leading American companies including AT&T, Microsoft, Google, Verizon, CISCO, etc., have hired Ambassador Gross's company a Weily Rein LLP to lead a global campaign on keeping ITU out of the internet. Ambassador Gross is a very well-known figure and a key player in earlier US administrations on such matters. He and his company are officially campaigning – along with the US Federal Government – of the threat of a UN takeover via the ITU of the internet and therefore to the world's freedom.
Much of the literature and material that is coming out today on this issues can be traced to this coalition. Unfortunately, much of the global media including the Indian ones, pick up all this either as “paid” news or because they are too lazy to do their home work.
The other issue on which there is a lot of controversy is on cyber security. This is contentious as it can impinge on individual rights. However, under all domestic laws, the governments already have these powers. And if people have any doubt that the US behaves any differently from the governments it condemns for violations of freedom on the internet, we have only to look at its powers under the Patriot Act. All US companies routinely give total access to the National Security Agency (NSA) to their data and systems. China has its Great Chinese Firewall. In India, we have sections in the IT Act such as 66A, which can be used against persons sending innocuous cartoons or tweeting against the rich and the powerful for offences that carry 3 years penalty, when the original “offence” – the cartoon of Mamata Bannerjeeor the tweet against Karti Chidambaram. – do not if computers are not used.
Some would argue that incorporating cyber security in ITU would legitimise such threats from nation states; it could be argued equally plausibly we can get better clauses in a global body than in national laws and rules. Witness all the Human Rights declarations at global levels which most nation states then do not implement.
Given that other bodies are looking at cyber security, and such measures can impinge on individual freedoms and privacy, these need not be brought under the ITR's. However, what is being proposed in ITU is pretty simplistic stuff. So why the furore? Is it because the US as the global champion of freedom is outraged on the proposals by some countries in the ITU that impinge on our individual freedoms; or is it because ITU is looking at what countries can do to each other's networks and is proposing some checks, even if relatively innocuous?
The US has in the past turned down all proposals from Russia and others for not militarising the internet, claiming this were attempts by Russia and China to negate the US lead in cyber warfare. For Russia and China (well as other states), ITU then becomes a platform to raise such issues. It was only then – in 2010 – that the US agreed to discussions on cyber warfare/security in the UN and such discussions are continuing now in other global fora. So the practical political method for making the US budge on cyber warfare/internet (either governance or on security) is to raise it in ITU. Whether it succeeds or not, it sure pushes the US then start a dialogue, even if in a different platform!
Lastly, how much of the vitriol on cyber security is due to ITU asking Kaspersky Labs to analyse the problems that Iran was having. and finding out the problem. Kaspersky traced it to Flame Virus, and its links with Duqu and Stuxnet viruses, both of which are now known to be US-Israeli joint creations. By the way, the Stuxnet infected a huge number of computers -- estimated to be more than 80,000 -- in India also, after it went "wild".
Is it therefore the possibility that countries under attack by the US and its allies could then go to ITU for help that makes the US see red? If ITU has no role on cyber security, then it cannot help any country to find out the nature of the attack against it. For small countries under attack, there is no other global body it can turn to if it requires technical help. Incidentally, the World Summit on Information Systems in 2005, Tunis had unanimously designated ITU as the sole UN agency on cyber security, so it is a little late in the day to argue that ITU should have nothing to do with cyber security.
I do believe that the gravest threat we have today to the Internet is militarising the internet and if we are not able to stop this threat, we will see fragmenting of the internet. India and other countries should jointly seek to move global compact in WCIT declaring the Internet to be a weapons free zone. This is not the same as incorporating some minor measures on cyber security in ITR's but should be an over-arching “no cyberwar pact” of the conference. The US use of cyber weapons against Iran was a huge mistake and all of us will pay a price for this, if we cannot get a global compact on this soon. The scary figure is the estimation that Flame virus would have taken only 100 million dollars to develop -- a big sum for an individual or an organisation but pocket change for a country. And believe you me, today all vital infrastructure in all countries are run by control systems that have "computers" embedded in them and therefore fair targets for such attacks -- just as the centrifuges in Natanz were.