LISTSERV - NCSG-DISCUSS Archives

NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

	LISTSERV Archives
	NCSG-DISCUSS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Forum View Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: Security, Stability and Resiliency Framework for FY14
From:	Edward Morris <[log in to unmask]>
Reply To:	Edward Morris <[log in to unmask]>
Date:	Mon, 22 Apr 2013 17:40:42 +0100
Content-Type:	multipart/alternative
Parts/Attachments:	text/plain (6 kB) , text/html (8 kB)
Thanks for your work David.

Regardless of ICANN's public statements or strategic plans, I am not sure
ICANN can be in accordance with customary International Humanitarian  Law
with the statement "ICANN does not have a role in the use of the Internet
related to cyber-espionage and cyber-war" (page 7). I am equally not sure
ICANN is not in accordance with customary International Humanitarian Law
with that statement and I remain  open to arguments as to whether ICANN
should be involved in these issues or could be commanded by IG treaty or
agreement to exercise responsibilities thereof.

These are not simple issues. ICANN is a unique organisation that does not
neatly fit into any typical, comfortable structure. IHL, of course, is
state centric in terms of responsibility but ICANN on one, fairly
superficial level,  is almost supreme being like in it's coordination of
the Internet. Cyber-espoinage, no problem, ICANN is not involved. However,
imagine a situation where there are massive cyber attacks on civilian
infrastructures in third countries by state actors that ICANN could
operationally prevent. Mass civilian death, mass civilian injury, mass
destruction of property and infrastructure. Mass death of noncommercial
users, mass injury of noncommercial users, mass loss of property of
noncommercial users.  Do we truly represent these people with a position of
"not our problem?"

ICANN is a non state actor but it's operational coordination abilities
allow those who want, and they exist, to inpune state responsibility to it
through a number of intellectual gymnastics involving the definition of
territory and control. I doubt I'll ever buy into those arguments and I
don't think they'll ever be majority opinion. I could be wrong. I am
concerned, though, with rules 139 (Respect for IHL), 149 (Responsibility
for Violations of IHL) and 161 (International Cooperation in Criminal
Proceedings) of the ICRC's Study on Customary International Law. As of
today  ICANN as a non state actor does not have any responsibility under
these rules, but as more people examine the nature of ICANN, the ever
changing role of the GAC, the uniqueness of ICANN as it is constructed, I
can conceive of a consensus being developed in the IHL community that
extends responsibility under these rules to ICANN as a unique non state
actor. It won't happen tomorrow, it won't happen next year, but it may
happen, and I don't want to get myself locked into a position today that
prevents me from having options several years down the road.

For those who haven't read it the Tallinn Manual
http://www.ccdcoe.org/249.html  is an exceptional first effort at porting
IHL into the cyber arena. Mike Schmitt did an exceptional job at
coordinating input from some pretty diverse people in creating the
guidance, and from my perspective they did a near perfect job for what it
is. ICANN is not mentioned in the Manual. However at cocktail discussions
in Estonia last year with some of those involved in the project, there was
an interest in thinking about ICANN and where it fit into all of this, post
Manual production.  Interest varied, many did not understand how ICANN was
constituted ( at CyCon's public sessions it was described, variably, as an
NGO, an IGO, but never as a unique MS organisation), but as much as  ICANN
would like everyone to forget about it in this context it simply is not
going to happen. The salience of cyberwar as an  issue, for reasons often
having to do more with private economic interests than security, is going
nowhere but up and there will be some response on an international level
that  will impact or involve ICANN, desired or not.

As we exist in 2013  I'm happy to sign off on David's statement. I do so,
though, reserving the right to change my view as events and thoughts
develop and change regarding cyberwar activities. That ICANN should not be
involved in content, obvious. That we do not want to extend it's competence
to cybercrime and cyberespionage, of course. Certain forms of cyberwar,
though, are different in that in some areas it isn't something an entity
can or should be able to opt out of. I'm just not personally sure today
where ICANN does or should fit into all of this. It would be a lot easier
if we had competing private Internets but until we do I have questions in
this area  and reserve the right to come back in a few years time with
views that are different than what I can accept today. These are
complicated issues and I'm not sure best handled with a  bumper sticker
like perspective. Then again...




On Mon, Apr 22, 2013 at 3:36 PM, Brenden Kuerbis <
[log in to unmask]> wrote:

> +1, thanks David. Minor typo in last para, "explicit acknowledge[ment]..."
>
> ---------------------------------------
> Brenden Kuerbis
> Internet Governance Project
> http://internetgovernance.org
>
>
> On Mon, Apr 22, 2013 at 8:21 AM, David Cake <[log in to unmask]>wrote:
>
>>  This document has been out for public comment.
>> http://www.icann.org/en/news/announcements/announcement-06mar13-en.htm
>>
>> I've missed the deadline on public comment for this by a day or two, but
>> I'd still like to see if we can make a small comment on it if we can.
>> Here is my draft comment - if NCSG could approve it (quickly), that would
>> be great, otherwise I'll just put it in as a personal comment.
>>  Any additions or disagreement?
>>
>> Regards
>> David
>>
>> ----------
>>
>> The regular update of the Security, Stability and Resiliency Framework is
>> a very important part of ICANNs SSR function, as attested by its inclusion
>> in the Affirmation of Commitments.
>>
>> NCSG notes the significant effort involved in preparing the FY13
>> Security, Stability and Resiliency Plan, and the progress towards
>> implementing the recommendations of the Security, Stability and Resiliency
>> Review Team Report.  While work so far has seen the completion of only some
>> recommendations, we note planning and progress has been made for all the
>> recommendations, and we appreciate the commitment to full implementation.
>>
>> NCSG supports the definition of ICANNs SSR role and remit. In particular,
>> NCSG values the acknowledgement of areas that lie outside ICANNs remit, and
>> NCSG strongly agrees that ICANNs role does not include law enforcement or
>> determining what constitutes illicit conduct.
>>
>> NCSG welcomes the explicit acknowledge of the necessity of a continued
>> multistakeholder approach to security, and notes the inclusion of civil
>> society within all discussions of the Internet and security ecosystem, and
>> particularly welcomes the inclusion of engagement with civil society on
>> privacy and free expression issues as a commitment for FY14. ****
>>
>>
>> ****
>>
>> ****
>>
>
>
ATOM RSS1 RSS2
LISTSERV.SYR.EDU