Re: WCIT outcome?

[John Day <jeanjour@comcast.net>]

At 1:05 PM -0500 12/31/12, Phillip Hallam-Baker wrote:
>On Mon, Dec 31, 2012 at 9:51 AM, John Day 
><<mailto:jeanjour@comcast.net>jeanjour@comcast.net> wrote:
>
>Phillip,
>
>>
>The reason that rule is useful is that just as it is ridiculous for 
>the US representative to the ITU to attempt to convey the positions 
>of Comcast and Google, it is no more practical for one person to 
>represent the position of Cisco or Microsoft.
>
>
>Then I take it from this comment that you believe that all forms of 
>representative government (and reaching agreements) are ridiculous?
>
>
>MPs and Congressmen are elected decision makers. ITU participants 
>can make decisions but they are not binding on anyone and only have 
>effect if people like me choose to implement them.

This was my point. The standards part of ITU is just like any other 
standards organization. But there are other things it does which are 
not like this, e.g. spectrum allocation.  There are other aspects 
with respect to tariffs that are binding on signatories.

>
>Representative democracy without the elections part has neither.

Neither of what?

>
>And it may have escaped your notice but pretty much every government 
>in the developed world tries to limit the scope of their authority 
>these days. They have discovered that they prefer to concentrate 
>their influence on a narrow scope and thus maximize it.

That also was my point, if you had read to the bottom.  In fact, I 
would suggest that the delegations of the developed world made a 
mistake assuming that the scope of the ITU was the same as it always 
had been.  By doing this, they gave up ground they didn't need to.

>
>
>
>Surely you don't believe that pure democracy will work?  That myth 
>had been dispelled 250 years ago.
>
>
>I lived in Switzerland for two years. They have a government that 
>passes a budget. How is yours doing?
>
>

I am sorry but I am not sure what Switzerland has to do with this 
discussion.  Last time I looked they had a republic (representative) 
form of government not a pure democracy.  No one every claimed it was 
efficient.

>
>The process of a representative form for creating agreements seems 
>to be (as flawed as it is) about the best we have come up with.
>
>
>ITU is not a democratic organization, nor does it aspire to be. So 
>it is not representative in the slightest. Reciting slogans does not 
>mean they are applicable

No one claimed it was.  In fact, quite the opposite.  I claimed it 
was organized as a republic form, which does what it is members vote 
on.  It turns out its members are countries.  (As I indicated below, 
I am not sure in the changed circumstances this is appropriate.) 
Actually one thing you seem to have missed, which I thought you would 
have jumped all over.  Generally, ITU meetings require unanimity to 
have a consensus.  This time they went with a simple majority.  I 
would have thought this would have created a fair amount of 
consternation.

>
>
>Wrt its application in standards outside the ITU it works the same 
>way.  When a voluntary standards organization organizes by country, 
>it is to give voice to the small companies as well as the Ciscos and 
>Microsofts.  The big guys can send 10s of people (which represents a 
>different problem) to meetings all over the world.  The little 
>companies can't afford that but they have an interest.  Providing 
>the means for them to agree on what their interest is and to make it 
>heard is equally important.
>
>It sounds like you are arguing for the hegemony of the robber barons 
>moved to the 21stC.
>
>
>I deal with the world as I find it. It is very difficult to change 
>the Internet without the support of a Microsoft or a Google or a 
>Cisco. There are a ten billion endpoints deployed. The real obstacle 
>is the hegemony of the installed base.

;-)  Why is that daunting?  ;-)  I hear that excuse often.  If we had 
had that attitude when we started this effort 40 years ago.  We would 
still be patching the PSTN.  There would be no Internet. Do you think 
the Internet was a success because we convinced IBM and AT&T it was a 
good idea?!!  I am sorry to see that the younger generation is so 
faint of heart.  Can't take a little challenge!

Actually, it isn't the ITU that is in the way.  It is the structure 
of the IETF that gives the big players such power.

>
>>Where the problem comes in is when you have a proposal that 
>>requires the active support and participation of stakeholders like 
>>VeriSign. When I told the IETF that DNSSEC would be deployed in 
>><http://dot.com>dot.com if and only if the opt-in proposal was 
>>accepted, I was stating the official position of a stakeholder 
>>whose participation was essential if DNSSEC was going to be 
>>deployed.
>>
>>
>>It was a really minor change but the reason it was blocked was one 
>>individual had the crazy idea that blocking deployment of DNSSEC 
>>would cause VeriSign to lose dotcom. He was not the only person 
>>with that idea but he was the only person in a position to wreck 
>>all progress in the IETF if he didn't get his way.
>>
>>For projects like IPv6 the standards development process needs to 
>>be better at identifying the necessary stakeholders and ensuring 
>>that enough essential requirements of enough stakeholders are met. 
>>Otherwise we end up with yet another Proposed Standard RFC that 
>>everyone ignores.
>>
>
>I would disagree slightly.  It is not task of the SDO to identify 
>the necessary stakeholders but to ensure all of the stakeholder are 
>represented at all levels.  The problems you describe above result 
>from breaking that rule.
>
>
>I think the idea that the stakeholders want to participate is a 
>mistaken one. VeriSign particpates in IETF. Some of the backbone 
>providers do. But many do not.

Self-fulfilling prophecy.  The structure of the IETF makes it 
difficult to impossible.  So why should they waste their time?

>
>So the frequent result is that IETF develops a widget and the 
>deployment showstoppers are only discovered during deployment.

That is just bad design.  I am not sure I would admit to that if I 
were you.  It doesn't look good.  Indicates that the IETF does not 
understand its constituency.

>
>It can get really lonely pointing out to a group of people with some 
>idea their are bursting to implement that they need to at least talk 
>to the application providers they need to adopt their idea.

Why?  The WCTU said, never marry drunkard to reform him.  They will 
find out soon enough.

>
>The question is what, if anything, is there left relating to 
>wireline communication that requires agreement among *governments*? 
>I can't think of much.
>
>
>They need to come to an agreement to ban cyber-sabotage like they 
>have banned chemical and biological weapons.

Do they?  Don't you think it is interesting that the countries crying 
loudest for this are the source of much of it and have sufficiently 
authoritarian regimes that they could shut down next week if they 
wanted?

It is far from clear to me that such an agreement would be worth the 
paper it was written on, unless it is possible to prove (which we 
can't in 99% of the cases) that it was a State that mounted the 
attack.

>
>Right now we have a group of US, Russian and Chinese military types 
>all looking to make their careers at the forefront of the new cyber 
>arms race. The military managed to piss away trillions of dollars in 
>wealth with their cold war, now they want to do the same in cyber. 
>The cold war was ultimately won because the youth of East Germany 
>simply walked away from the regime.

You really believe that?!  The cold war was won, because Gorbachev 
*chose* not to repeat the response to the Hungarian and Czech revolts 
of '56 and '68.  Tian An Men provides a good counter-example.  You 
need to read Lutwack's Coup d'Etat: A Practical Handbook.   Walking 
away isn't sufficient.

>
>Like chemical weapons, cyber weapons are far more bark than bite and 
>what bite there is can hit the attacker. Stuxnet and Flame were 
>crafted to attack Iran, the vectors were repurposed and targeted at 
>the US days after they were discovered. We also have the interesting 
>precedent that the UK has launched a cyber sabotage attack against a 
>nuclear facility declared as civil and under an IAEA inspection 
>regime.
>
>We can't stop everyone from developing cyber-sabotage capabilities 
>but we can push efforts that occur so far underground that they 
>can't poison attempts to deploy effective defenses. The US and 
>Chinese critical infrastructures may be separate at a physical level 
>but they are tightly coupled at a logical and economic level. Any 
>weapon that affects one is at least capable of bringing down the 
>other.

This was another point I made although not specifically on 
cyber-security. If you look closely at these kinds of attacks they 
have little or nothing to do with the functioning of the *Internet.* 
They have a lot more to do with what the Internet is used for.  (This 
is like saying the ITU has some sort of authority over what is said 
over the phone. Not something I think is a good idea, although 
apparently you do.)  Which tells us why the authoritarian regimes are 
so big on pushing it.  They see cyber-security treaties as a means to 
increase their control for domestic suppression and isolate their 
populations.  Support it if you want, but I certainly would think 
twice about it.

>
>That is the task that the ITU should be addressing.

Gawd! I hope not.

>  It might as well get started on it because one consequence of the 
>Dubai debacle is that the remaining ITU standards efforts have been 
>compromised.

The ITU standards efforts were unaffected and irrelevant to what 
happened in Dubai. which is too bad.  For 30+ years, I have described 
their standards efforts as targeted a market window 15 minutes in the 
future.  Even before you get to how badly flawed they are 
technically.  The ITU standards effort is just another ho-hum 
voluntary standards group like the IETF, or IEEE, or ASTM, or EIA, or 
ICAO, or even ISO.

Take care,
John Day