The Internet Society (ISOC) is a non-profit organization dedicated to ensuring the open development, evolution, and use of the Internet for the benefit of all people throughout the world. Since 1992, ISOC has served as a global clearinghouse for technically sound, unbiased information about the Internet, as an educator, and as a focal point for a broad based community of interest engaged in Internet-related initiatives around the world. It provides the institutional home for the Internet Engineering Task Force (IETF), Internet Architecture Board (IAB), and the Internet Research Task Force (IRTF).
We appreciate being able to provide input into the work of the Council Working Group on International Internet-Related Public Policy Issues (CWG). However, we also feel that in the spirit of the WSIS Tunis Agenda, the ITU should open up the dialogue and invite all stakeholders to engage in the discussions.
We firmly agree with the Tunis Agenda that “the management of the Internet encompasses both technical and public policy issues and should involve all stakeholders and relevant intergovernmental and international organizations”. We therefore call on the ITU to take into account the outcome of WSIS in the organization of its work; adapt the proceedings of the CWG accordingly and take the next step to fully engage the entire multistakeholder community.
As a Sector Member of the ITU Telecommunication Standards and Telecommunication Development Sectors, the Internet Society respectfully submits this contribution to the CWG as part of its public consultation.
Issue 1: Consultation on effectively countering and combatting spam. The Council Working Group on International Internet-Related Public Policy Issues invites all stakeholders to provide input on international public policy issues related to effectively countering and combatting spam.
Unwanted traffic, including spam, continues to be a significant problem for Internet users, creating a burden for developing countries, networks, operators, ISPs and end users. High volumes of spam can cause significant impacts to regions with limited Internet access as well as raise concerns for all regions with the increasing malware infections that come from unwanted email. The challenges associated with spam may be magnified in developing countries where high volumes of unwanted incoming and outgoing mail can cause a severe drain on the limited and costly bandwidth that is available.
Successful spam mitigation depends on collective action by individual users, ISPs, network operators and policymakers. One element (though not the only element) of successful spam mitigation may be the development of legislative frameworks that enable reporting and appropriate policy responses. It is critical that any approach (policy, technical, commercial) to mitigate spam takes into account several factors:
• Public awareness and education on steps that individuals can take to alleviate unwanted email.
• Recognition and adoption of trusted network management operational best practices by national operators that enable the sharing of information within trusted communities at the national, regional and global levels.
• Encouragement of multistakeholder public/private partnerships to mitigate spam nationally and to work across boarders to address the proliferation of unwanted forms of bulk electronic communication.
• Development of mutual support within the trusted ISP/network operator community to address spam proliferation.
Cooperation and partnerships among all stakeholders in developing strategies, acquiring and using spam mitigation tools, and crafting anti-spam best practices and legislation are essential for success. For that reason, combating spam requires a multistakeholder approach. In particular, network operators and ISPs need to work together as community partners to both fight the proliferation of spam and to stand united against organized spam activities. The community aspect is particularly important as any ISP/network operator may be singled out for a network attack based on their efforts to mitigate spam. The production of spam is a business model of substantial economic and commercial value and any attempt to stop the illicit business of sending out spam, malware, botnets and phishing attacks could result in an attack on an operator. Ongoing dialogue, engagement and cooperation amongst ISPs/network operators is truly the basis for effective spam prevention and mitigation.
There are many examples of information that exist to help address spam. Below, we list some resources that may be useful to consider. We also note that there are several very important expert groups working in concert to develop network operational and technical tools along with best practices to mitigate spam. The Internet Engineering Task Force (IETF) has numerous RFCs and information documents that detail tools that networks, ISPs and end users can use to address spam. These can be located at http://www.ietf.org.
The following are some examples of some standards track documents that could be useful:
RFC 6430, Feedback report type value, RFC 5039 SIP and Spam, RFC 2505 Anti-spam recommendations, RFC 2635 Guidelines for mass unsolicited mailings and postings. The IETF is similarly developing mail authentication technologies, like DKIM (RFC 6376, RFC 5585, etc.), SPF (RFC 4408) and DMARC (www.dmarc.org). There are also numerous informational documents on best practices to mange spam and email filters that can be located on the web site noted above.
The Internet Society spam web site contains additional reference materials that may be of interest: http://www.internetsociety.org/spam
The ITU web site contains details on spam legislation http://www.itu.int/osg/spu/spam/law.html
The ITU-D Study Group 1, Question 22 on “Securing information and communications networks: best practices for developing a culture of cybersecurity”, which also includes spam. These best practice materials are located at http://www.itu.int/ITU-D/CDS/sg/rgqlist.asp?lg=1&sp=2010&rgq=D10-RGQ22.1.1&stg=1
The European Commission action to address the proliferation of spam in the EU can be found at http://europa.eu/legislation_summaries/information_society/internet/l24189a_en.htm
The OECD Anti-spam Toolkit addresses regulatory and policy issues, technical solutions, enforcement concerns, education awareness tools, suggestions for improved cross-border cooperation, industry driven initiatives, and outreach activities. The information on the tool kit can be found at http://www.oecd-ilibrary.org/science-and-technology/oecd-anti-spam-toolkit-of-recommended-policies-and-measures_9789264027176-en
Messaging Anti-Abuse Working Group (MAAWG) best practices to address spam management which is located at http://www.maawg.org/published-documents
The London Action Plan (LAP) comprised of government and public agencies from 27 countries responsible for enforcing laws concerning spam and international spam enforcement cooperation. There documents and best practices are located at http://londonactionplan.org
At the UN level, the Declaration of the World Summit on the Information Society and the associated Action Plan stress that spam should be dealt with at appropriate national and international levels. A summary of these discussions can be found at http://www.un-ngls.org/orf/wsis-spam-report.htm
We believe that open and inclusive dialogue based on the input from a variety of stakeholders is key for any successful dialogue on International Internet Public Policy Issues. We appreciate the opportunity to submit input as part of the open consultation process of the Council Working Group and reiterate our call for greater openness, inclusiveness and transparency of this activity within the ITU. It is only through open and inclusive discussion that robust and sustainable Internet policies can be developed.