ITU Workshop on “Countering and Combating Spam” (Durban, South Africa, 8 July 2013) Outcome of WTSA-12 on spam Xiaoya Yang, Head, WTSA Programmes Division ITU-TSB xiaoya.yang@itu.int Durban, South Africa, 8 July 2013 Overview ITU mandate on countering and combating spam WTSA-12 Resolution 52 What’s addressed by Res. 52? What’s new from Dubai 2012? Conclusions Durban, South Africa, 8 July 2013 2 Relevant ITU mandate World Telecommunication Standardization Assembly Resolution 52 ‘Countering and combating spam’ WTSA-04 (Florianópolis, 2004), WTSA-08 (Johannesburg, 2008) and WTSA-12 (Dubai, 2012) World Telecommunication Development Conference Resolution 45 ‘mechanisms for enhancing cooperation on cybersecurity, including countering and combating spam’ WTDC-06 (Doha, 2006), WTDC-10 (Hyderabad, 2010) Noting c) that the enormous increase in spam is a significant and growing problem for users, networks and the Internet as a whole, and that the issue of cybersecurity should be addressed at appropriate national, regional and international levels, with the aim of combating spam, in particular criminal spam; instructs the Secretary-General and the Directors of the Bureaux to work toward a MoU among interested Member States to strengthen cybersecurity and combat cyberthreats… invites Member States and Sector Members to recognize cybersecurity, including countering and combating spam, as a high-priority item and to take appropriate action and contribute… Durban, South Africa, 8 July 2013 3 Relevant ITU mandate ITU Plenipotentiary Conference (Guadalajara, 2010) Resolution 130 ‘Strengthening the role of ITU in building confidence and security in the use of ICTs’ noting C) that although there are no universally agreed upon definitions of spam and other terms in this sphere, spam was characterized by ITU-T Study Group 2, at its June 2006 session, as a term commonly used to describe unsolicited electronic bulk communications over e-mail or mobile messaging (SMS, MMS), usually with the objective of marketing commercial products or services; instructs the Secretary-General and the Directors of the Bureaux to work toward a MoU among interested Member States to strengthen cybersecurity and combat cyberthreats… Durban, South Africa, 8 July 2013 4 Relevant ITU mandate ITU Plenipotentiary Conference (Guadalajara, 2010) Resolution 174 ‘ITU’s role with regard to international public policy issues relating to the risk of illicit use of ICTs’ Reference to WTSA Resolution 52 ‘Countering and combating spam’ and WTDC Resolution 45 ‘Mechanisms for enhancing cooperation on cybersecurity, including countering and combating spam’ Instructs Secretary-General to maintain the role of ITU to cooperate within its mandate with other UN bodies in combating the illicit use of ICTs To collect best practices of actions taken by Member States to prevent the illicit use of ICTs and to provide assistance to interested Member States To report to Council and PP-14 Invites Member states and relevant ICT stakeholders to pursue their dialogue at the regional and national levels in order to find mutually acceptable solutions. Durban, South Africa, 8 July 2013 5 WTSA-12 Resolution 52 Countering and combating spam In existence since 2004 (Florianopolis) Several amendments proposed to WSTA-12 on Res. 52 by Canada, Brazil and Arab States. Durban, South Africa, 8 July 2013 6 WTSA-12 Resolution 52 Countering and combating spam Recognizes that a comprehensive approach to combating spam is advocated, namely: i) strong legislation ii) the development of technical measures iii) the establishment of industry partnerships to accelerate the studies iv) education v) international cooperation Durban, South Africa, 8 July 2013 7 WTSA-12 Resolution 52 Considers a) that exchanging e-mails and other telecommunications over the Internet has become one of the main means of communication between people around the world; b) that there are currently a variety of definitions for the term “spam”; c) that spam has become a widespread problem causing potential loss of revenue to Internet service providers, telecommunication operators, mobile telecommunication operators and business users Durban, South Africa, 8 July 2013 8 WTSA-12 Resolution 52 d) that countering spam by technical means burdens affected entities, including network operators, and service providers as well as users who unwillingly receive such spam, with significant investments in networks, facilities, terminal equipment and applications; e) that spam creates problems of information and telecommunication network security, and is increasingly being used as a vehicle for phishing and spreading viruses, worms, spyware and other forms of malware, etc.; f) that spamming is used for criminal, fraudulent or deceptive activities; Durban, South Africa, 8 July 2013 9 WTSA-12 Resolution 52 g) that spam is a global problem that requires international cooperation in order to find solutions; h) that addressing the issue of spam is a matter of urgency; i) that many countries, in particular developing countries, need help when it comes to countering spam; j) that relevant ITU-T Recommendations and relevant information from other international bodies are available which could provide guidance for future development in this area, particularly with regard to lessons learned; Durban, South Africa, 8 July 2013 10 WTSA-12 Resolution 52 Key amendments k) that technical measures to counter spam represent one of those approaches mentioned in recognizing further above, Notes the important technical work carried out to date in SG17 and in particular Recs. ITU-T, X.1240, X.1241, X.1242, X.1243, X.1244, and X.1245 Durban, South Africa, 8 July 2013 11 WTSA-12 Resolution 52 resolves to instruct the relevant study groups to continue to support ongoing work, in particular in SG17, related to countering spam (e.g., e-mail) and to accelerate its work on spam in order to address existing and future threats within the remit and expertise of ITU T, as appropriate; to continue collaboration with the relevant organizations (e.g., the IETF), in order to continue developing, as a matter of urgency, technical Recommendations with a view to exchanging best practices and disseminating information through joint workshops, training sessions, etc., Durban, South Africa, 8 July 2013 12 WTSA-12 Resolution 52 Key amendments Instruct TSB Director to initiate a study – including sending a questionnaire to the ITU Membership –indicating the volume, types (e.g., email spam, SMS spam, spam in IP-based multimedia applications) and features (e.g., different major routes and sources) of spam traffic, to help Member States and relevant operating agencies to identify such routes and sources and volumes, and in estimating the amount of investment in facilities and other technical means to counter and combat such spam, taking into account work that has already been carried out; Durban, South Africa, 8 July 2013 13 WTSA-12 Resolution 52 Key amendments further invites Member States to take appropriate steps to ensure that appropriate and effective measures are taken within their national and legal frameworks to combat spam and its propagation. Durban, South Africa, 8 July 2013 14 TSB Action Plan on WTSA-12 Res. 52 ITU-T SGs, particular SG17, to accelerate their work on spam. ITU-T SGs to collaborate with other relevant organizations to develop Recommendations with a view to exchanging best practices; SG17, through Question 5/17 ”Countering spam by technical means”, has approved 5 Recommendations and 7 Supplements. Two additional texts are under development. participate in workshops, training sessions, etc. The ITU spam workshop is a tool to implement Res. 52. SG17 is studying the questionnaire/study on spam. Durban, South Africa, 8 July 2013 15