Marking the 30th Anniversary of the Internet and Cybersecurity Treaty – CircleID

admin on June 24, 2020 Leave a Comment

Richard E. Butler and the author in the secretariat workroom of the Old Melbourne City Hall writing the cybersecurity treaty provisions, December 1988. Photo courtesy of the author's legal assistant, Laina Raveendran-Greene.

Next week, July 1, 2020 marks the 30th anniversary of one of the most significant treaty instruments in modern times. On 1 July 1990, the Melbourne Treaty came into force as the first and only global treaty that enabled worldwide internets and mobile networks to exist, together with the cybersecurity provisions designed to protect those infrastructures. The achievement remains as an enduring tribute to Richard Edmund Butler of Australia who was one of the most influential, and best-loved Secretaries-General of the ITU.

Dick Butler as he was known by everyone had an almost encyclopedic familiarity with public international telecommunications law, technology, and the long arc of history. He was also universally admired as a dedicated international civil servant which, combined with his friendly Aussie persistence and considerable height, made him the ideal, formidable man for the task.

After he was elected Secretary-General in 1982, Dick decided that he would begin pulling together a team of trusted colleagues to embark on the preparation of a new treaty instrument for enabling global internets and mobile networks. At that time, it was unlawful for international leased circuits to be used for creating internets for data or mobile services available to the public. At the time, all internets were, by definition, private networks and only implemented within enterprises or governments. Like all the many internets, the DARPA Internet only existed internationally as a government network.

As my job in the FCC and across multiple Federal agencies significantly involved the ITU, Dick and I traded ideas about the conference for several years. As his team of compatriots floated concepts in published articles and at conferences, they were merged into the planning process. The model ultimately pursued was that for radio internets developed by the U.S. 60 years earlier by Herbert Hoover and William F. Friedman. At the FCC, I also reported to the former Director of DARPA who had previously authorized and oversaw internet development there, as well as headed up U.S. intelligence community advisory and coordination activities. Deciding the associated internet policies, regulations, and shaping international law were key components of the FCC work during those renaissance years, and supported by CIA and NSA experts. The significantly increased interest in the mid-80s in global internet and mobile networks resulted in Dick picking his hometown of Melbourne and Nov-Dec 1988 for the treaty conference.

In late 1987, things were sufficiently far along that Dick asked me to move from Boston to Geneva to join him as his counselor and Chief of Telecommunication Regulations to further develop the treaty provisions and help negotiate them at the Melbourne treaty conference the next year. In Boston, my job involved collaborating with multiple internet related entities that included the prime contractor for NSA's key cybersecurity platform SDNS (Secure Data Network System).

Standing with Peter Stephen Wilenski (right) who Dick asked to take over as Conference chair on the second day to help save it from disaster along with the changes described. Peter was a really unusual and incredibly talented Australian civil servant like Dick, who escaped from Poland to Australia in 1943. He died rather young in 1994. Photo courtesy of the author's legal assistant, Laina Raveendran-Greene.

As 1988 got underway, things became even more complicated and hectic when GATT (now the WTO) located near the ITU decided it also would develop treaty provisions entwined with the envisioned ITU internet treaty. One of the fortunate assets to assist the effort literally came walking in the door in the form of an energetic young lawyer from Singapore named Laina Raveendran who was doing graduate studies in Geneva and focused on harmonizing the two treaty developments in play. We hired her.

During 1988, all manner of legal and technical research, including historical precedents going back to 1850, was done to ensure the success of the first treaty for global internets and mobile networks. Countless hours were spent attending external meetings, presenting papers and writing articles worldwide. Dick spent day and night traveling and talking by phone to get senior officials from every country in the world, as well as the major industry user organizations, to agree on the provisions that were continually refined and redistributed every week using what the first network-based information system supporting a treaty conference was.

As the representatives from 133 nations were getting ready to head off to Melbourne in November 1988 to ink the first internet treaty, everything appeared good to go. The stated objective in the ITU press release was at hand an enduring treaty to "provide the basic foundation of norms and administrative mechanisms required not only for implementing the 'Networks of the 90's' and beyond but also for assuring the continued availability of traditional existing telecommunications services among the public throughout the world."

However, one of the worst possible events occurred in early November that spelled disaster. A Cornell University graduate student named Robert Tappen Morris created a worm that took down the entire DARPA internet infrastructure. To make this disaster even worse, the legendary New York Times investigative technology journalist John Gregory Markoff took an interest in the incident, and his articles were carried throughout the world almost every day by the International Herald Tribune. It didn't take John long to discover that the identity of Morris' equally legendary but publicly unknown father was NSA's Chief Scientist.

Shortly after Dick's team arrived in Melbourne, the delegates from the USSR several of whom were very knowledgeable KGB and GRU engineers - made it plain they were prepared to call for an end of the conference as a result of the Morris incident. Over several long days, Dick's team developed key provisions for what is the first and to this day the only, global cybersecurity treaty.

It was clever. The same NSA group that Morris' father led at NSA, had the previous year made public the solutions necessary for internet security the SDNS initiative. Furthermore, these solutions were being brought into the CCITT (now ITU-T). The quid pro quo for allowing global public internets to come into existence was adherence to the SDNS provisions being moved into ITU international standards. Dick approached the USSR delegation, who agreed, and it saved the treaty. The photo here is a historical one Dick and I writing the cybersecurity provisions into the draft treaty text.

The conference was extended for several days. All 131 nations signed the treaty at Melbourne, and almost every country in the world subsequently ratified it. It remains an unparalleled achievement.

Dick decided to leave on a high note. He penned an article marking what had been achieved that was published in the Telecommunication Journal in 1989 with its last paragraph noting:

"The CCITT [now ITU-T] Plenary Assembly has helped to provide a concrete technological and operational foundation for the orderly development of the network while the World Administrative Telegraph and Telephone Conference (WATTC88) provided a regulatory framework appropriate for the diverse technological, operational and national policy environments which are so rapidly evolving today."

With the treaty initiative accomplished and yearning to return to his native Australia with his beloved wife Pat after spending decades in Geneva, he announced shortly after the Melbourne conference he would be stepping down as Secretary-General and privately championed Pekka Tarjanne from Finland as his successor. Dick waved good-bye to his team at the ITU in December 1989. He passed away at 86 in 2012 but in the years between helped leverage his incredible knowledge and negotiating skills to bring about many new satellites and high-altitude radio systems for the poor and underserved areas of the world.

Conference Secretariat team, December 1988. Photo courtesy of the author's legal assistant, Laina Raveendran-Greene.

On 1 July 1990 30 years ago the Melbourne Treaty came into force. As my position at the ITU also included being the Chief of International Telecommunication Regulations, under the new Secretary-General who carried on Dick's mission, I issued advisories to signatory nations to implement the internet and cybersecurity treaty provisions. Private leased lines began to be made available pursuant to the treaty, and new dynamic network globalization ensued. NSA's SDNS cybersecurity platform moved into CCITT standards and was implemented in demonstration networks.

Unfortunately, the ground-breaking, historic Melbourne internet and cybersecurity treaty did not fare well in the following years. The Clinton-Gore Administration subsequently decided it would simply ignore the treaty provisions, and halted the NSA SDNS initiative and implementations, along with all government domestic oversight and regulations of internets. Everything was left to the "Information Superhighway" and constant anarchy of an unfettered marketplace. It indeed brought about almost 30 years of cyber chaos to produce what exists today.

Subsequent U.S. Administrations and lobbyists took up the Clinton-Gore gambit of disparaging and ignoring the Melbourne Treaty conveniently sweeping it under the carpet of ignorance, jingoism, and xenophobia that pervades Washington. However, Russia and many other countries have not forgotten what happened. They occasionally exploit the resulting international legal vacuum to remind the U.S. But then, combined with the international disgraces of the current U.S. Administration, trust in the U.S. honoring its international agreements has evaporated anyway. International stature, integrity and trust - once destroyed are not easily acquired again. Reconstruction after the Trump Plague will be difficult.

The Melbourne Treaty's enduring value proposition is increasingly underscored by the emergence of extraterritorial network architectures and services in a 5G world and the occasional pleas of transnational corporate general counsels for a multilateral treaty instrument. The answer is as Dick would say in his emails until his passing - go see U.S. Treaty Document 102-13. The supreme irony is that the model for the Melbourne Treaty was that devised by the U.S. itself a hundred years ago.

Perhaps on the 1 July 2020, some reflection might occur on what was a finer hour in public international law led by a humble visionary man from Australia with enormous integrity and facilitated by the U.S. national security community.

See more here:
Marking the 30th Anniversary of the Internet and Cybersecurity Treaty - CircleID

Related Posts
Posted in Internet Security

Comments are closed.