Committed to connecting the world

ICTs for a Sustainable World #ICT4SDG

GSS Conclusions

GSS Banner

Conclusions of the 3rd Global Standards Symposium

The 3rd Global Standards Symposium, Hammamet, Tunisia, 24 October 2016, brought together thought leaders in the standardization sphere to discuss how standards efforts could best integrate the consideration of security, privacy and trust.  

1. Introduction

Global Standards Symposiums (GSS) are high-level standardization policy debates that explore the evolving dynamics of information and communication technology (ICT) and associated implications for technical standardization. GSS is held at the outset of ITU's quadrennial World Telecommunication Standardization Assembly (WTSA). Previous editions were held in Johannesburg in 2008, and Dubai in 2012.

The theme of GSS-12 – Standardization at the intersection of the ICT sector with other sectors such as health care, utilities, and transport – proved very timely, and the conclusions of the symposium offered valuable guidance to the ITU standardization work carried out from 2013 to 2016. GSS-12 touched on security, privacy and trust in ICT infrastructure and services when discussing topics such as the wireless transmission of medical data, the storage of data on the movements of connected vehicles, and the collection of consumer data by online retailers. In such environments, standardized frameworks are necessary to provide the assurance that a service possesses trusted security attributes, and that users' security and privacy needs are protected. 

The 3rd Global Standards Symposium (GSS-16) discussed how interested stakeholders could work in collaboration to develop international frameworks for security, privacy and trust. The symposium brought together leading experts in the fields of security, privacy and trust, representing governments, regulators, standards bodies and industry. Participants exchanged views on what they perceive to be the key elements of such frameworks, as well as which of these elements should be assigned priority in related ITU standardization work to be undertaken from 2017 to 2020.

Welcome remarks were delivered by H.E. Mohamed Anouar Maarouf, Minister of Communication Technologies and Digital Economy, Republic of Tunisia. Opening remarks were given by ITU Secretary-General Houlin Zhao, and the Director of the ITU Telecommunication Standardization Bureau Chaesub Lee. The symposium was chaired by Mongi Marzoug, former Minister of ICT, Tunisia.

The opening session of GSS-16 was followed by three sessions approaching the symposium's theme from the perspectives of regulation and policy, industry, and standardization. Followed by an examination of the theme of GSS-16 in the context of the United Nations (UN) system in Section 2 of this report, Section 3 summarizes the key findings and recommendations of each of the Symposium's sessions. A detailed summary of all the discussions of GSS-16 is included in Appendix I.

The final programme, speaker biographies and presentations are available at:
http://itu.int/en/ITU-T/wtsa16/gss/.

In accordance with Resolution 122 (Rev. Guadelajara, 2010) and ITU Council Resolution 1272 (MOD), the conclusions of GSS-16 detailed by this report are transmitted for consideration by WTSA-16.

2. Security, privacy and trust in ICTs – the UN context

ICTs have enabled billions of people to exchange digital information on a global scale. The use of these technologies, which rely heavily on technical standards, has brought about a host of challenges with respect to the privacy and security of communications, and ultimately end-user confidence in ICTs.

ITU engages with this challenge both as a standards-developing organization that aims to develop privacy-friendly voluntary international ICT standards and as an intergovernmental organization mandated to build confidence and security in the use of ICTs. The World Summit on the Information Society conferred on ITU the responsibility to act as the facilitator of Action Line C.5, working among ITU Member States and other stakeholders towards "strengthen[ing] the trust and security framework with complementary and mutually reinforcing initiatives in the fields of security in the use of ICTs, with initiatives or guidelines with respect to rights to privacy, data and consumer protection".

The normative international basis for the protection of privacy is provided primarily by human rights treaties such as the UN Universal Declaration of Human Rights of 1948 and the UN International Covenant on Civil and Political Rights of 1966, both of which contain provisions on the right to privacy/private life (arts. 12 and 17, respectively). These conventions, however, do not refer explicitly to the digital processing of personal information, a concept which, in the context of the UN system, has been addressed only in the form of a non-binding guidance document, namely the 1990 UN Guidelines concerning Computerized Personal Data Files.

While a number of legally binding international conventions do contain a right to privacy – such as the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the European Convention of Human Rights and Fundamental Freedoms and the American Convention of Human Rights – these legal instruments have been developed and adopted on a regional rather than global basis. Many of these regional agreements are based on the same fundamental privacy principles, such as the concept of informed consent of the individual and the adequacy of the security measures put in place prior to processing personal information.

A variety of stakeholders have called for increased attention to be paid to the need for a common global understanding on the processing of personal information. For example, the International Conference of Data Protection and Privacy Commissioners has appealed to a) the United Nations, to prepare a legally binding "universal convention for the protection of individuals with regard to the processing of personal data"; b) international organizations, "to commit themselves to complying with principles which are compatible with the principal international instruments dealing with data protection and privacy"; and c) hardware and software manufacturers, "to develop products and systems integrating privacy enhancing technologies".

The UN General Assembly heeded this call during its 68th Session (2013) by adopting a Resolution titled "The right to privacy in the digital age", calling on all UN Member States to "respect and protect the right to privacy, including in the context of digital communication". Following this Resolution, the UN Human Rights Council appointed a Special Rapporteur with a mandate to, inter alia, report on alleged violations of the right to privacy, including in connection with the challenges arising from new technologies.

3. Main conclusions of GSS-16

3.1 Regulatory principles for security, privacy and trust

Recalling that privacy and data protection constitute core values of individuals and societies, and that the Universal Declaration of Human Rights enshrine privacy as a fundamental right;

Noting that almost all areas of life now rely on ICT infrastructure and services, and would therefore be affected if trustworthiness cannot be maintained; and,

Recognizing the alarming trend in data breaches and security incidents, having an adverse impact on people's trust,

GSS stressed:

3.2 How industry meets end-users' expectations of security, privacy and trust

Reaffirming the enormous potential of information and communication technologies and digitization to improve our lives and society;

Recognizing that security breaches, privacy violations and lack of trust in ICT infrastructure and services can pose serious threats to a company's business and reputation; and,

Calling for implementable international standards,

GSS stressed:

3.3 Standards bodies' approach to security, privacy and trust

Recognizing the crucial role played by standards in ensuring security, protecting privacy and establishing trust in ICT infrastructure and services;

Highlighting that security, privacy and trust are established areas of work in many international standards bodies that address ICT and other technology areas; and

Calling for standardization to address challenges to security, privacy and trust,

GSS stressed: Download GSS Conclusions
[ EN | AR | ZH | ES | FR | RU ]