ITU getting serious about botnets [LWN.net]

ITU getting serious about botnets

Posted Nov 30, 2007 1:17 UTC (Fri) by jschrod (subscriber, #1646)
In reply to: ITU getting serious about botnets by brouhaha
Parent article: ITU getting serious about botnets

Your strawman doesn't help.

First, you did not made the point that this is not a topic for a governmental organization. You merely stated that the UN is not the right place for anything (your emphasis, not mine). And IMNSHO that is a pure political statement about the UN itself and not about the relevance or the appropriateness of the ITU for this specific issue.

Second, as the article noted, an essential part of the ITU work is about legal advice, how one can introduce or structure laws to help fight botnets. And changing laws is very clearly the realm of governments, they are the only ones who can do it. Thus advice about a coordinated legal approach against a supranational threat to our IT security belongs into the realm of inter-governmental political organizations like the UN and its subsidiary organizations.

This is not merely about technical counter-measurements which seems to be the only thing that you might think about. (You're mentioning the IETF as a better organization indicates this.) In two of three tiers of the toolkit, this is about non-technical approachs that tries to take on a larger picture of the botnet problem, beyond the technical aspects. You ignore these two tiers to be able to propagate your opinion that the UN is not good for »anything«, and to express that with emphasis. And you really want that I take your comment as a serious contribution?

All in all, your f'up answers are yet another data point why I would like to get a KILL file feature in LWN's comment facility. *PLONK*, as I would like to be able to say.

(Log in to post comments)

ITU getting serious about botnets

Posted Nov 30, 2007 8:17 UTC (Fri) by nix (subscriber, #2304) [Link]

So the EU Commission (the source of the majority of the more 
boring-yet-necessary new laws in most of Europe, even eurosceptic parts 
like the UK) is not a governmental organization? Fascinating.

Your extreme US-centricism is plainly obvious from your claim that 
legislators are universes complete unto themselves that receive advice 
from no other governmental bodies. I'd be very scared of legislators that 
worked that way: who else are they ignoring? (It's odd: to a first 
approximation, the only people you can find against the UN as a whole are 
a bunch of nasty dictatorships and... parts of the US, the country which 
*founded* it.)

The UN and the EU had the same design intent: to eliminate war on 
different scales (worldwide large-scale versus European), to try to stop 
any repetition of WWII. Both are doing lots of different things these days 
as well, but branching out from `stop large-scale wars' to `stop 
large-scale supranational threats' doesn't seem like all *that* much 
mission creep to me. This sort of thing is what these organizations are 
*for*, and being legal bodies they will use legal weapons to do it.

(Yes, they suck at it and they're inefficient. Point me at any human 
organization that isn't. They might get something done, anyway. The EU 
should get involved, though, because unlike the UN it actually *can* get 
its constituent governments to pass laws.)

ITU getting serious about botnets

Posted Nov 30, 2007 17:02 UTC (Fri) by brouhaha (subscriber, #1698) [Link]

So the EU Commission (the source of the majority of the more boring-yet-necessary new laws in most of Europe, even eurosceptic parts like the UK) is not a governmental organization? Fascinating.

I don't see how you derived that from what I said.

Your extreme US-centricism is plainly obvious from your claim that legislators are universes complete unto themselves that receive advice from no other governmental bodies.

What I said was that the vast majority of advice on changing laws doesn't come from supranational governments or organizations. In the US, most of the input into new laws or amendments at the federal level comes from other parts of the US government (e.g., the executive branch), states, and corporations.

Do EU countries really work that much differently? I thought only a small portion of the laws of individual EU countries was forced upon them by the EU. Or, if you don't like the phrase "forced upon", I could say "given to".

ITU getting serious about botnets

Posted Nov 30, 2007 23:03 UTC (Fri) by nix (subscriber, #2304) [Link]

The figure for UK laws which consist of implementation of EU directives is 
around 50%, IIRC, and rising.

ITU getting serious about botnets

Posted Dec 7, 2007 3:51 UTC (Fri) by okeydoke (guest, #46751) [Link]

Hi. I wrote the botnet mitigation toolkit.  You might want to read it leaving normal
assumptions about ITU standards processes out of this .. this is an ITU-D effort (read:
development and "capacity building").

There are lots of people from the network operator community (NANOG / IETF / IAB regulars, as
well as large ISPs) who have agreed to help out in the technical part - in fact, the toolkit
cites several RFCs, as well as data from an IAB workshop.

In this context, what you have is a UN agency that is putting money and resources into a
project that tries to get several different groups that are already working on botnet related
issues (from a technical, as well as from policy and social work perspectives) to coordinate,
work together etc. And it also tries to field test a whole lot of concepts and best practices
that were mostly developed in US and canadian ISPs, in what may well be a rather different
operating environment. [Yes, most of it wont change but there will be a few things that need
to change, and work differently..]

regards
srs