The International Telecommunication Union (ITU) says the success of information and communication technologies (ICTs) in driving sustainable development will be crucial to achieve ICT security, privacy and trust.
The issue came under spotlight at the ITU’s Global Standards Symposium (GSS-16) held recently in Tunisia.
The event which brought together government ministers, industry executives and the international standardization community discussed issues on how standards efforts could best integrate the consideration of security, privacy and trust.
According to the final report of the symposium, ICTs have enabled billions of people to exchange digital information on a global scale, and the use of these technologies, which rely heavily on technical standards, has brought about a host of challenges with respect to the privacy and security of communications, and ultimately end-user confidence in ICTs.
The report highlights that the United Nations, through the World Summit on the Information Society, conferred on ITU the responsibility to act as the facilitator, by working among ITU Member States and other stakeholders towards “strengthening the trust and security framework with complementary and mutually reinforcing initiatives in the fields of security in the use of ICTs, with initiatives or guidelines with respect to rights to privacy, data and consumer protection”.
It notes that while a number of legally binding international conventions contain issues on right to privacy, “these legal instruments have been developed and adopted on a regional rather than global basis.”
The GSS-16 stresses that almost all areas of life now rely on ICT infrastructure and services, and would therefore be affected if trustworthiness cannot be maintained. It also says privacy and data protection constitute core values of individuals and societies, and that the Universal Declaration of Human Rights enshrines privacy as a fundamental right.
Commenting on the report, Houlin Zhao, ITU Secretary-General said: “Information and communication technologies are central to visions of our future as a society, and here we see the importance of the theme of this 3rd Global Standards Symposium. A trusted digital environment will give users, business and government the confidence to use new technologies to their full potential.”
Also commenting, Chaesub Lee, Director of the ITU Telecommunication Standardization Sector said: “Our increasing capabilities in data collection and analysis have opened up new frontiers in sustainable development. Standardization should support the emergence of a shared, integrated data ecosystem, helping us to use data-driven insight to tackle the greatest challenges of the 21st century.”
The Symposium thus recognizes that the trend in data breaches and security incidents is alarming and having an adverse impact on people’s trust in the use of ICT. It thus suggests the following regulatory principles for ITU member states:
- Leverage international frameworks that contain basic principles of security, privacy and trust, and establish mechanisms of implementing these principles.
- Promote adherence to privacy-by-design principles, privacy impact assessment and the development of privacy enhancing technologies (PETs), technologies that, when integrated in ICT infrastructure and services, minimize the processing of personally identifiable information.
- Establish means for the sharing of information between the public and private sectorson threats to ICT infrastructure and services, best practices and mitigation strategies.
- Mobilize the international community and establish partnerships to develop national capabilities to protect from cyber-attacks, increasing countries’ capacity to detect security incidents and effect coordinated responses to such incidents.
- Create a balance between the need to protect the privacy of individuals and encourage the innovative use of data to drive the digital economy. When designed into new technologies and services, good privacy and security practices become attractive selling points to customers and make a contribution to the improvement of the whole network.
- Contribute to international standards to address global issues, recognizing that cyber-attacks do not respect national borders and that breaches of privacy and security undermine trust in ICT, and that security frameworks standardized at the international level are necessary to provide the assurance that a service’s security attributes can be trusted and that a user’s security and privacy needs are protected across borders.
- Promote the development of standards for the ‘de-identification’ of personal data and data portability, standards able to contribute to greater consumer protection and greater choice with respect to consumers’ ability to subscribe to and unsubscribe from ICT services.
The GSS-16 also made recommendations on how standard organizations can ensure that end-users’ expectations of security, privacy and trust are met. Calling for standardization to address challenges to security, privacy and trust, it stresses the following:
- Support a privacy-by-design mindset, paying due regard to privacy considerations throughout the standards-development process. Privacy-by-design can be promoted by standards that incorporate privacy and data protection features, and standards can also be effective in ensuring interoperability between privacy features.
- Understand the role of open-source software in addressing challenges to security, privacy and trust challenges. Open-source software and standards make complementary contributions to the growth and innovation of the ICT industry. Software has grown in complexity, and while open-source and standardization communities are collaborating in many areas, more effort should be made to facilitate the exchange of work between these communities and thereby ensure high-quality, high-security software implementations.
- Strengthen collaboration among standards bodies in the development of international frameworks for security, privacy and trust, recognizing their mandates and strengths and leveraging existing work. Standards bodies should adhere to due process, broad consensus, transparency, balance and openness in standards development; commitment to technical merit, interoperability, competition, innovation and benefit to all; availability of standards to all; and the voluntary adoption of standards. Standards bodies should also collaborate in their efforts to address the disparity between developing and developed countries in their ability to access and implement standards and frameworks addressing security, privacy and trust in ICT infrastructure and services, and participate in their development on an equal footing.