WTSA-2020: Reflecting on a Contemporary ITU-T Role
Setting the stage
Every four years — as it has done for nearly a hundred years — the ITU-T as the world’s only global intergovernmental standards body for all telecommunication, invites its 196 sovereign state members to a meeting where they examine their work and set the stage for the next four years. There is no treaty prepared, but they do examine major developments and decide needed standardization work, priorities, and structure of the organization itself — including their leadership. The plenary meeting is called World Telecommunication Standardization Assembly (WTSA), and this time will be hosted 17-27 November at Hyderabad, India.
Although there all manner of standards bodies today treating parts of the telecom, internet, mobile, IoT spectrum, the ITU-T pursuant to longstanding public international law acceded to by the U.S. and 195 other sovereign nations, exists as the only global intergovernmental standards body for an array of essential purposes. Those purposes encompass the foundations for global electronic communication, and the ITU-T remains unique as a public-private standards body.
Because of this unique ITU-T stature as a treaty-based body tracing its origins back to 1850, the formal participation by the United States has necessitated the involvement and oversight of the State Department acting pursuant to powers provided in the U.S. Constitution. Even if the U.S. does not give treaty status to ITU-T actions and enactments, most other nations of the world do so. Whatever ITU-T vision a U.S. Administration chooses for itself is substantially constrained by both Constitutional obligation as well as the visions of other sovereign nations expressed in multilateral telecommunication treaty instruments and activities.
As it has for decades, the U.S. State Department is conducting a public comment process to solicit views about the U.S. and its ITU-T activities. Although the comments are supposed to be made public, it is not clear exactly where and when. Given the somewhat conflicting views of the current U.S. administration about leadership, and yet hostility toward multilateral cooperation, what comes next should be interesting. Unlike most other sectors, global telecommunication, by definition, compels multilateral cooperation.
Adding to the complexity is that over most of the past hundred years, the U.S. has played by far the most substantive leading role in shaping ITU treaty provisions and activities to meet widely varying U.S. long-range strategic economic and national security interests. The technologies evolve, the Administrations change, but the strategic interests remain largely the same.
Today — in an emerging world of virtualized infrastructure and services based on 5G specifications — the establishment of extraterritorial norms and practices through the ITU-T becomes much more important. As similar needs emerged for internetworking platforms in the 1980s under the Reagan Administration, the U.S. national security community, industry, and the State Department engaged significantly in ITU-T work. The additional complexity now being faced with vastly expanded work and engagement in global industry forums such as 3GPP, NFV, ETSI, OASIS, etc., does not diminish the unique importance of the ITU-T — a fact realized today by most leading nations in the ICT sector.
The U.S. public and private-sector agencies must expand their roles together, and develop new strategies based on significantly increased enhancement of knowledge and involvement in the constellation of technical standards venues that very much includes ITU-T. The State Department, as always, remains essential to facilitate that strategy. Not doing so, will have adverse effects on the economic and national security interests of the nation.
This article provides the author’s personal perspectives on this subject based on 45 years of extensive involvement in almost every ITU body and many activities while in the government and private sector on behalf of many companies and organizations, and as a prominent historian. They should not be inferred to represent the views of any entity with which he is associated.
The unique nature and increasingly important stature of the ITU-T requires enhanced public-private knowledge and strategic engagement in its activities
The ITU and its precursor bodies and instruments stem from the necessity – from the emergence of the first transborder electrical communication internets in 1850 and onward — to develop legal norms in public international law among sovereign nations together with technical standards for operations, services, and equipment among network operators. (Today’s ITU sector bodies have existed in various forms extending back to 1850. However, an integrated treaty-based organization with instruments designated as the ITU and based on the Interallied Commission Meetings at Paris between 1918 and 1921 – did not come into existence until 1932.) The provisions are based on the fundamental reality and shared agreement that every nation exercises sovereign jurisdiction over any and all electrical communication and media within its geospatial boundaries, coupled with a common desire to ensure national security, bring about global communication, facilitate the development of the technologies and infrastructure, and provide expanded global economic opportunities for its commercial enterprises. Over the ensuing decades, as new technologies and applications emerged, the needs have remained the same. The most disruptive of all technologies — radiocommunication — enhanced the value of ITU activities because of radio’s instantaneous extraterritorial reach and ability to implement cyberattacks.
The U.S. as a nation did not have representation in the ITU precursor activities until a lone person went to the 1890 Paris Conférence télégraphique international and watched. The non-participation existed because, unlike most other nations, the U.S. government itself did not own telecommunication facilities used for providing service to the public and had no need to participate in the intergovernmental meetings. The participation began scaling in 1903 when General A. W. Greeley and Commander F. M. Barber, as leaders of the U.S. communications national security community, represented the U.S. at the Berlin Preliminary Conference on Wireless Telegraphy.
Over the next 117 years, the level of U.S. engagement, strategy, and leadership in ITU bodies went through periods of dramatic highs and lows. The high points of ITU engagement occurred during the Administrations of Wilson, Hoover, Roosevelt, Johnson, and Reagan — when each devoted substantial resources to develop and lead strategically significant legal and institutional innovations through major evolutions in the ITU instruments and activities to advance U.S. economic and national security interests.
Over those 117 years, the State Department played three essential roles necessary to facilitate participation in ITU-T activities. First — because the activities occur in a treaty-based activity and often involved significant negotiations with the representatives of foreign governments — State was ultimately responsible for the representation of the country and the outcomes, even if private-sector experts were involved. This role also shielded private-sector participants from any antitrust or other legal culpabilities. Second — because of the frequently significantly divergent and often conflicting interests of the government agencies and private-sector actors in the ITU-T activity strategies and outcomes, State provided an essential role of consensus building and adjudication among the parties to move forward with common U.S. positions. During some Administrations, this role was substantially expanded to develop and expand ITU-T activities — especially relating to expanding economic interests and national security matters. Third — State provided an array of essential, highly-specialized support services for ITU-T venues, including diplomatic protocols, collaboration with secretariats and foreign offices, long-range institutional knowledge, determinations of public international law, and engagement of classified intelligence assets. Most other major nations engaged in the ITU-T have similar or even greater support capabilities, and this is not the kind of expertise commonly found in the private-sector — especially smaller entities involved in new innovations.
The bottom line is that the ITU-T is unlike any other standards development organization because of its intrinsic intergovernmental nature — where the results may have bindings to treaty provisions which have force-and-effect in many if not all jurisdictions throughout the world, and where the participants are understood to act on behalf of their administration. This feature of the ITU-T has essentially existed for the past 100 years, and it is plainly not going to change in the foreseeable future. Furthermore, other nations will — like the U.S. itself has frequently done through many periods of ITU-T history — train and support personal who are experts in maximizing the nation’s interests and effectiveness in ITU-T venues, and facilitate involvement of the best of its private-sector industry and academic institutions.
Lastly, and perhaps most significantly, the ITU-T is a multilateral venue for which there is no plausible multilateral or bilateral substitute. Only the Common Criteria Recognition Agreement approximates this global reach on a more limited scale relating to cybersecurity. The ITU-T’s long, successful history is a testament to this reality. A hundred years ago when the Harding Administration killed off the Wilson Administration’s grand ITU plans, the Hoover Administration a few years later reversed course to ensure both U.S. global security interests, as well as a significant stake in the rapidly emerging global internet radiocommunication marketplace. Indeed, the equivalent of today’s NSA Director, the legendary William Friedman, who had worked during WW-1 with France’s Father of Cryptology, François Cartier, prominently participated in the 1927 Washington Conference to provide a seminal report on cryptography in ITU international telecommunication services. Today — in a rapidly emerging world of virtualized infrastructure and services based on 5G specifications — the establishment of extraterritorial norms and practices through the ITU-T becomes significantly more important to economic growth and national security interests shared by all nations.
Failure to pursue an effective, knowledgeable ITU-T engagement strategy places important economic and national security interests at risk
Two decades ago, the Clinton-Gore Administration reversed the course of previous U.S. administrations and the national security community, and began withdrawing support for ITU telecommunication treaty instruments and engagement in related ITU-T activities to meet economic and political objectives in the late 1990s expressed as the “information superhighway” and the “Internet economy.” Domestically, substantial engagement of Federal regulatory and national security agencies was largely eliminated, even as concern was expressed that the national security implications of the strategy had significant adverse long-term consequences — which included the DARPA Director who had approved TCP/IP development. The strategy was grounded on a belief that U.S. industry dominance in one particular protocol (TCP/IP) and use of open end-to-end architectures — unfettered by any government oversight or regulation, including engagement in the ITU-T — would significantly benefit the nation’s economic and global strategic interests in the Internet Economy. This strategy may have worked in the short term to increase market share, revenue, and share prices of some private-sector companies. However, the price paid in exponentially increasing cybersecurity incidents and vulnerabilities, as well as mounting network crime and diminishment of information trust — all bring into question the sustainability and wisdom of the Clinton-Gore strategy, which seems to be still supported by some parties today who have a stake in maintaining it.
However, anyone nation’s strategy to embrace a particular network protocol and architecture does not bring about a dramatic change in a longstanding inter-governmental organization. It was two dramatic developments in telecommunication which accomplished the real changes — a transition in most countries away from a government agency based national provisioning model known as PTTs, and the emergence of GSM-based mobile networks as the common global electronic communications infrastructure of value. Those two changes shifted the principal venue of choice for international standards and operational norms from ITU-T to 3GPP, GSMA, ETSI, and an array of related new mobile venues. Even the market served by the ITU’s Telecom trade show, which operated in conjunction with the ITU-T and dominated the industry, largely transitioned away to the GSMA Mobile World Congress.
Over the past twenty years, the ITU-T sought to adapt to these major transitions. The most significant organizational changes included restructuring and rationalization of its work, significantly accelerating the standards development process, management accountability, and transitioning to free on-line availability of both ITU-T standards and “names and numbers” registry databases — including use of real-time identifier resolvers. It also engaged in extensive outreach and collaboration with other standards bodies that included the creation of the GSC (Global Standards Collaboration) organization. These transitions were facilitated by a series of experienced, knowledgeable, and visionary Directors of the TSB Secretariat from Germany, China, the UK, and South Korea.
On the substantive standards side, ITU-T shifted to its knitting — legacy telecommunication network communication protocols and services — combined with a focus on specific proven protocols and platforms for greater identity trust and cybersecurity, as well as engaging in areas that were not being addressed in other standards bodies. Outstanding cybersecurity examples included: continued evolution of the universally-used digital PKI certificate standard X.509, OID IoT identifiers, and ASN.1 syntax language in SG17; the introduction by ARPA networking legend Larry Roberts of a secure Internet Protocol in SG13 in 2006; and the many Identity Management and the cybersecurity information exchange (CYBEX) initiatives of NSA’s most experienced standards leader in SG17. Because the ITU-T is responsible for the specification and registration of telephone calling identifiers, it has also sought to enhance measures to mitigate international callerID and Web owner spoofing in SG2 and SG17 — which is only now being appreciated. In many areas, the latest best of breed standards from other bodies were also curated as useful ITU-T implementation guides through the CJK (China-Japan-Korea) group who have typically maintained comprehensive, well-regarded strategic oversights of developments in a broad array of standards organizations.
Today’s fundamentally different environment
The past two decades constituted a kind of ICT Old World. Today, we are collectively experiencing a transformational revolution through virtualized electronic communication infrastructures and services optimized based on 5G NFV and SDN for tailored content distribution on-demand or through AI — which is rapidly, exponentially unfolding. The emerging low-latency, content distribution networks use fundamentally different, new protocols, architectures, end-point addresses, and resolvers that can be scripted on-demand. The equipment component largely becomes a low-cost global commodity market pursued by a handful of companies who can meet the worldwide demand and implementation specifications; and where wholesale banning of equipment is a losing proposition. The appropriate course of action is compliance with new tailored security measures and Boite à outils 5G. That equipment is deployed both by end-users, fixed in their premises or vehicles, or roaming worldwide, and by the providers of resilient large regional data centers at strategic locations and network edges, cable headends or satellite hubs, connected by wholesale physical layer transport bandwidth and a plethora of local radio cells and satellite downlinks using expanded spectrum allocations. The most significant market, however, lies in the ability on a significant scale to locate and securely deliver tailored content and communication channels to as many constantly roaming and fixed customers and devices as possible at the lowest cost. Most markets are potentially transnational.
As part of this transformational revolution, the ecosystem of institutions for collaboration has also expanded and reshaped itself. All of the technical and operational changes give rise to complex combinations of requirements for trusted implementations that meet diverse legal, regulatory, competition, and national security requirements, including extraterritorial retained data and lawful interception requests, that are required by almost every nation. The challenges are certain to evolve over time, but several that are obvious at this point include: 1) effective, inclusive global arrangements for extraterritorial orchestrations of 5G architectures and services including access to forensics, 2) concentration of 5G orchestration, resolver and end-point intelligence services in the hands of a few commercial providers, and 3) end-to-end ephemeral encryption protocols by users which impede the ability of 5G providers to manage their networks and meet legal and security obligations. Providing solutions to these challenges will inure to the market success of those enterprises best suited to provide the virtualized network architectures and services on a global scale. The ITU-T has historically proven a useful venue for meeting these needs that were used extensively by the U.S. over many decades. It may prove useful again in the world of extraterritorial 5G virtualized architectures.
In the 5G virtualization ecosystem, wholesale banning of equipment based on national origin is highly counterproductive as an economic or national security strategy. It produces only a domestic political illusion of security and deflects from the kinds of steps necessary to actually reduce threat risks — which include independent certification and testing of all equipment to stringent specifications plus rigorous supply chain accountability, and then followed by the application of Critical Security Controls tailored for virtualization, constant patching of software, and continuous monitoring and remediation of security postures and threats. Wholesale banning induces retributions against U.S. suppliers of lucrative extraterritorial 5G orchestration, discovery, and content services. The practice also results in a toxic cooperative environment that significantly impedes U.S. public-private work in ITU-T. Notably, it was the U.S. itself – 25 years ago in the ITU and WTO — that orchestrated what was then a Reagan Administration strategy to eliminate banning of equipment and services based on national origin.
In 3GPP, where the preponderance of 5G virtualization work occurs among massive numbers of meetings and participating parties, the “R” and “T” sectors (known as RAN and SA) are far more integrated and constantly collaborate among their working groups and external organizations. Going forward in the ITU-T, this integration model that would involve the ITU-R may be worth emulating because the level of interaction between virtualized network architectures and virtualized radio access platforms is significant.
Part of this 5G virtualization revolution includes the disappearance of the TCP/IP “Internet” and its legacy institutions. In a fully 5G world, anyone can potentially run a script to instantly create a network architecture and services for any desired periods of time, anywhere in the world. Those architectures can be instantiated to use any kind of network protocol, and the most attractive configurations make use of Ethernet and the MEF 3.0 industry standards or LISP. There are many other network protocols more attractive for use than legacy TCP/IP (or IPv6). The new environment is regarded in the industry as transformational, and an exciting next-generation era of robust competition in network protocols is facilitated. The policy dimension is no less transformational — as the so-called “governance” organizations clustered around the nearly 50-year-old TCP/IP protocol lose relevance. What also loses relevance is the 25-year-old Clinton-Gore embrace of that protocol and its governance bodies, which have underpinned “U.S. international digital economy policy [and its] approach to international standards.”
The State Department’s ITU-T related role going forward should also expand to deal with several significant challenges within the U.S. government itself in facilitating a difficult transition from a legacy policy world, to a new one of integrated national security and international digital economy policy appropriate for 5G extraterritorial virtualized content delivery architectures and services through public-private multilateral cooperation, and moves away from counterproductive equipment banning to knowledgeable approaches that are actually effective. Each government agency typically focuses on its own needs, practices, and constituencies — which typically encompasses only a few of the standards bodies that are part of the new 5G virtualized network ecosystem. If State can expand its scope beyond the relative handful of treaty-based standards bodies, it can play a useful role in curing international myopia and segmentation that currently exists among Federal agencies, and effect holistic engagement with the entire 5G virtualization standards ecosystem. A key component is the need to expand the involvement of the NSA and FCC in the activities — as was once a key part of the U.S. ICT strategy. Also needed here is State dealing with NIST’s continued support for ISO as a viable international standards venue, when ISO impedes availability of standards which NIST helps develop, in order to sell them for enormous amounts of money — unlike most other international standards bodies, including ITU-T.
Lastly, State can facilitate and coordinate private-sector involvement in ITU-T (thereby providing private-sector antitrust immunity) and the array of other international 5G virtualization standards bodies — similar to most other major nations, and as the U.S. once very successfully did. Other nations emulated that public-private success. The U.S. largely abandoned it. What is actually at risk without significant U.S. participation is an existential question, as other nations will simply carry on the work of collaboration — reaching agreements and pursuing global opportunities. After all, many third world countries do not participate. What is lost is the stature of the nation, and the ability to influence important standards that affect national security and global opportunities of its enterprises. What is that worth?
The Bottom Line
The current U.S. Administration is faced with an ironic conundrum. Do they stick with the Clinton-Gore strategy of the 1990s that attempts to depreciate the ITU-T and effecting no U.S. leadership, or do they re-invent the Reagan multilateral strategy of extensive leadership and making the ITU-T part of a global strategy to lower national barriers and expand U.S. vendor market opportunities in the 5G virtualized world of the future? The former 1990s strategy today will diminish U.S. company opportunities — especially when coupled with equipment banning based on national origin — and force them to establish independent data centers and operations in each foreign market. Perhaps most importantly, the former strategy will lead to greater destabilization and impairment of global telecommunication-related security for everyone.