Review of the OECD Security Guidelines: is the OECD Capable of Addressing Civil Society Concerns?

December 20, 2013

By Roger Clarke, Principal of Xamax Consultancy Pty Ltd, CSISAC member

The OECD is revisiting the Security Guidelines[1] that it first published over a decade ago. The Security Expert Group that is helping with the review of the Guidelines includes public interest advocates, coordinated through the Civil Society Information Society Advisory Council (CSISAC). Advocates have access to documents in advance, and at least some voice. On the other hand, physical participation in meetings is hampered by a lack of budget for the time and travel costs of the professionals who represent the interests of civil society.

To understand the OECD’s current security work, it is important to appreciate that many different scope definitions exist.  As explained in [2], security discussions can be carried on at the level of data, of an IT artefact, or of an organisation;  or they can take much broader views, including those of people affected by an IT artefact, industry sectors and segments (as occurs in discussions of critical information infrastructure), a local or national or regional economy, or a society – or indeed they can reflect the needs of the biosphere (thereby encompassing carbon markets and global warming).

The OECD’s 2002 Security Guidelines addressed only the lowest level of those alternative scope definitions. The revision is intended to have broader scope “by realigning their perspective and language with the high-level economic and social objectives pursued by governments, businesses and individuals in the development of cybersecurity policies”. But is the OECD moving far enough? Will its new approach have sufficient scope to serve the world’s needs for the next decade?

A meaningful dialogue cannot be achieved if each stakeholder clings to their own perspective, and insists on their security being paramount and everyone else’s security being secondary or even illegitimate. A particular concern during discussions has been the failure of the corporate and government participants to recognise the significance of the perspective of external users and usees. That stakeholder group lacks either institutional or market power, and its interests have suffered greatly during the period of national security extremism that has followed 9/11.

If the OECD’s revision of its Security Guidelines is to satisfy social as well as economic needs, it must:

  • reflect the many alternative scope definitions applicable to security discussions
  • recognise the complete set of stakeholders
  • recognise the legitimacy of each of their perspectives
  • ensure that each stakeholder group is empowered

Further, the process, and the product, need to respect the meta-principles of evaluation, consultation, transparency, justification, proportionality, mitigation, controls, and audit[3]. Current negotiations around the world variously fail all eight meta-principles (e.g. the Trans-Pacific Partnership process),  fall badly short on most of them (e.g. the Internet Governance processes within the International Telecommunication Union), and address all or at least most of them quite well (e.g. the Internet Governance Forum).

Where will the new OECD Security Guidelines lie on that scale? Will the OECD seek to sustain the dominance of governments and corporations over policy agendas, or will it point towards a better future in which the eight meta-principles are applied, and security’s many scope-definitions and stakeholder perspectives are reflected?

[1] OECD (2002) ‘OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security’ Organisation for Economic Co-operation and Development, at


[2] Clarke R. (2013) ‘Whose Security? The Politics of Alternative Scope Definitions’ Xamax Consultancy Pty Ltd, 2013, at

[3] APF (2013) ‘Meta-Principles for Privacy Protection’ Australian Privacy Foundation, April 2013, at



Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in Cyberspace Law & Policy at the University of N.S.W., and a Visiting Professor in the Research School of Computer Science at the Australian National University.  He is Secretary of the Internet Society of Australia (ISOC-AU), and Chair of the Australian Privacy Foundation (APF).


ITAC Member Spotlight: InternetNZ

December 20, 2013

By Jordan Carter Chief Executive of InternetNZ

InternetNZ[1] is a membership based non-profit organisation with a number of roles: it manages the .nz ccTLD, it advocates for an open and uncapturable Internet in New Zealand and around the world; it provides a platform for debate where New Zealanders can help shape the Internet’s development, and it provides community funding through grants and partnerships with others.

Established in 1995, the organisation has several hundred members. The .nz ccTLD is managed through two subsidiary organisations: the Domain Name Commission (the regulator and policy agency), and NZ Registry Services (the registry and DNS operator).

A major focus for InternetNZ is policy and advocacy work. The work we do contributes to public policymaking and Internet Governance matters in New Zealand and through global forums such as ICANN and the IGF.

Our policy perspectives are founded on a desire to protect and promote the open Internet, and ensure it is not captured by any particular sector or economic interest. Policy principles[2], which were developed with reference to the OECD’s Principles for Internet Policy-Making, guide all our work. The transparency this provides is welcomed by our partners and those interested in our work.

Policy matters discussed in recent years include analysis of the economic benefits of the Internet; advocacy for transparency and intelligent IP law in ACTA and the Trans-Pacific Partnership; pro-consumer regulation of telecommunications infrastructure; support of IPv6 rollout in New Zealand.

In developing its views, InternetNZ includes major Internet stakeholders, and often brings together a wide range of interests to debate and develop positions on topical matters. We do this with our members, and more broadly through NetHui, New Zealand’s national Internet Governance Forum. InternetNZ organises the event and substantially funds it. Along with other subject specific workshops and events, this provides a way for the public to help shape the Internet’s development.

Through community funding initiatives – grants for Internet projects and research, and strategic partnerships for like-minded organisations (for example, the NZ Network Operators Group, or NetSafe), we support the development of the local Internet ecosystem.

By participating in ITAC, InternetNZ aims to contribute its wide range of perspectives and expertise in the work of the  Committee for Information, Computer and Communications Policy (ICCP), and contribute to the work of the OECD on Internet issues.

[2] Available at



Jordan Carter was appointed as Chief Executive of InternetNZ in August 2013. His background as an Internet policy expert was developed at InternetNZ in previous roles (most recently as Policy Director 2009-2011), and as a private consultant in Wellington New Zealand up until 2013. His main specialist expertise is in telecommunications regulation, while his focus at InternetNZ is understanding and sharing the gains the Internet can offer to the country’s and the world’s economic, social and cultural life.

The Internet Governance Forum 2013

December 16, 2013

As part of an OECD discussion on international developments in Internet policy making, Markus Kummer, Vice-President Public Policy, Internet Society, provided a presentation on key takeaways from the 2013 Internet Governance Forum.

The presentation can be found here:

IGF 2013 session: An open Internet platform for economic growth and innovation

November 12, 2013

The Internet Technical Advisory Committee (ITAC) and the OECD organised a joint session at the 8th Internet Governance Forum (October 2013, Bali, Indonesia), entitled “an open Internet platform for economic growth and innovation”.

The workshop addressed the key question of how an open Internet can be preserved and designed to maximise the benefits for all stakeholder groups while limiting the risks.

It was discussed from the perspective of the OECD Recommendation on Principles for Internet Policy Making ( More particularly, the panel focused on the following three principles of the OECD Recommendation:
1. Promote and protect the global free flow of information;
2. Promote the open, distributed and interconnected nature of the Internet;
3. Encourage multi-stakeholder co-operation in policy development processes.

Panelists from government, business, civil society and the technical community discussed how they perceive openness and its value for further economic and social development, addressing both the benefits and the possible shortfalls of openness, including the importance of the Internet policy framework provided in the OECD Recommendation. The discussion also touched on the importance of open standards and open collaboration as enablers for the free flow of information on the Internet.

Further takeaways from this workshop can be found in the session report on the IGF website (workshop n° 209):

Internet Technical Advisory Committee Applauds Revised OECD Privacy Guidelines

September 10, 2013

Screen Shot 2013-09-10 at 4.58.00 PM

Internet Technical Advisory Committee Applauds Revised OECD Privacy Guidelines
Guidelines serve as internationally-recognized foundation for privacy regulation


[Paris – 10 September 2013] — Yesterday, the Organisation for Economic Co-operation and Development (OECD) formally launched the adoption of the revised Guidelines on the Protection of Privacy and Transborder Flows of Personal Data [].  The Internet Technical Advisory Committee (ITAC) to the OECD congratulates the OECD on this announcement, which marks the next evolution of a document that has been an internationally-recognised foundation for privacy regulation for more than 30 years. (more…)

ITAC presentations at OECD WPIE and CISP meetings (June 2013, Paris)

June 21, 2013

During the OECD CISP and WPIE meeting in June 2013, several ITAC members had the opportunity to share their perspectives on key issues such as interconnection and traffic exchange, as well as Open Web Standards in the context of emerging mobile App ecosystems:

Internet Traffic Exchange:
During the CISP meeting, Ms. Jane Coffin, Director Development Strategy at the Internet Society, made a presentation on key Internet interconnection and traffic exchange challenges and opportunities. She provided concrete examples of work undertook by the Internet Society in Africa and other regions (e.g. Internet Exchange Points) to fill infrastructure and training gaps and increase connectivity at the local level.

-> Jane’s presentation:

Open Web Standards:
The WPIE has recently been working on key policies issues related to the “App economy”. In light of these developments, Mr. Robin Berjon, W3C team & editor of the HTML5 specification, made a presentation on the importance of Open Web Standards such as HTML5.
Among other aspects, the presentation emphasised the benefits of HTML5 for app development (e.g. interoperability, innovation), stressed the fact that that web technologies are already present in the app economy (e.g. Facebook, Gmail), and also provided the example of Firefox OS as a mobile operating system already running web technologies.

-> Robin’s presentation:

ITAC Resources

June 6, 2013

* 2008 Seoul Declaration for the Future of the Internet Economy
* 2011 OECD Policy Making Principles
* OECD: Internet Economy
* OECD Internet Economy Outlook
* ITAC Charter


ITAC Newsletter n° 1, May 2013

May 29, 2013

Full .Pdf Version of Newsletter:ITAC Newsletter

Table of Contents

1. Editorial By Constance Bommelaer, Senior Director, Global Policy Partnerships, and Nicolas Seidler, Policy Advisor, Internet Society

2. The OpenStand Paradigm and Its Importance for the Internet Economy By Karen McCabe, Senior Director, Strategic Marketing, IEEE Standards Association

3. Internet Policy Making –OECD’s Principles, Its Multi-stakeholder Approach and the Way Forward By Verena Weber OECD Economist/Policy Analyst

4. Sharing Perspectives in the Realm of Cryptography By Christine Runnegar, Director, Public Policy, and Robin Wilton, Technical Outreach Director for Identity and Privacy, Internet Society

5. ITAC Member Spotlight: RIPE NCC By Chris Buckridge, External Relations Officer for the RIPE NCC

6. Internet Exchange Points By Kurt Erik Lindqvist, CEO of Netnod

7. The Economic Benefits of IPv6 Implementation By Mat Ford, Technology Program Manager, Internet Society



May 28, 2013

By Constance Bommelaer, Senior Director, Global Policy Partnerships, and Nicolas Seidler, Policy Advisor, Internet Society

Screen Shot 2013-05-22 at 9.15.49 PM

It is with great pleasure that we inaugurate the first newsletter from the Internet Technical Advisory Committee (ITAC) to the OECD.

ITAC was created in January 2009, following the 2008 OECD Ministerial in Seoul. Its main purpose is to provide Internet technical expertise to the work of the OECD Information, Computer and Communication Policy Committee (ICCP) and its working parties. The civil society advisory group (CSISAC) was also created at the same time, in addition to the existing business and trade unions stakeholders groups (BIAC and TUAC).

Ever since the first World Summit on the Information Society (WSIS) in Geneva in 2003, tremendous evolutions have taken place in the field of Internet Policy development, with the emergence of more cooperative and inclusive models of policy-shaping in a variety of fora and regions.  Five years later, in june 2008, the positive input of the technical community in the OECD Ministerial was acknowledged by OECD ministers in the Seoul Declaration for the Future of the Internet Economy. This declaration invited OECD Member States to reinforce co-operative relationships and mutually beneficial collaboration with the Internet community. This was reflected in the Closing remarks by Angel Gurría, Secretary-General of the OECD:

“A more decentralized networked approach to policy formulation for the Internet economy also includes the active participation of stakeholders. Such active participation needs to be the norm. We appreciate the participation of stakeholders in this ministerial meeting. But I think we need to go further.  I would recommend that we begin the process of formalizing the participation of civil society and the technical community in the work of the OECD on the Internet economy.”

The Internet Technical Advisory Committee (ITAC) was officially recognized by the OECD Council on 15 January 2009. This concrete commitment to the multistakeholder model of cooperation was re-emphasised in the 2011 OECD Communiqué on Principles for Internet Policy-Making, recognising that better Internet policies are developed through multi-stakeholder processes, including business, civil society, the Internet technical community and academic institutions.

Over the past five years, ITAC has progressively grown into a well-identified group, sharing the view that universal growth and social progress can only be achieved on the basis of an open and global Internet ecosystem.  Indeed, the Open Internet is an extraordinary platform for existing and new business opportunities – enabling commerce to flow between all parties in dynamic ways, opening new territories, encouraging competition, expanding market presence, and fostering new business models.

The twenty-seven organisations part of the Internet Technical Advisory Committee have contributed to shape technologically-sound OECD policies and research in critical areas such as IPv6 implementation, open Internet standards, interconnection, security or privacy. Inclusive policy development processes have proved valuable both for governments and participating stakeholders.

With this bi-annual newsletter, we hope to share concrete illustrations and practices of the evolving multistakeholder model of policy development and create opportunities for new partnerships. The Internet Society, which is currently coordinating ITAC, is committed to working with all communities to ensure the Internet continues to grow and evolve as a platform for innovation, economic development, and social progress for people around the world.


The OpenStand Paradigm and Its Importance for the Internet Economy

May 28, 2013

By Karen McCabe, Senior Director, Strategic Marketing, IEEE Standards Association


The Internet is no less than an economic and social phenomenon that has touched billions of lives worldwide. Over the last three decades, the Internet has flourished organically—its market-driven growth overrunning industry, technological and geopolitical borders and infusing gross domestic products (GDPs) globally.

Undergirding the Internet’s ongoing growth has been an array of ever-evolving and foundational technical standards. IEEE standards for physical connectivity, Internet Engineering Task Force (IETF) standards for end-to-end global Internet interoperability and World Wide Web Consortium (W3C) standards for the World Wide Web, among others, collectively allow the Internet to function the same from market to market around the globe—and, consequently, facilitate its market-driven growth. These foundational Internet standards were developed via bottom-up collaborative processes that are characterized by direct, open participation by diverse industry innovators with varied needs from around the globe, and they have been adopted voluntarily. And the standards’ impact is evidenced in the invention of a wholly new culture of border-crossing e-commerce, information sharing and community operations.

It is this market-driven model of standards development and adoption on which the OpenStand paradigm (, announced in 2012, is based.

As Organisation for Economic Co-operation and Development (OECD) member states elaborate policies oriented at developing economic growth and social progress, a closer look at OpenStand is in order.

The OpenStand principles are intended to harness grassroots inspiration, creativity and expertise globally in standards development for any technology space. The principles demand:

  • cooperation among standards organizations;
  • adherence to due process, broad consensus, transparency, balance and openness in standards development;
  • commitment to technical merit, interoperability, competition, innovation and benefit to humanity;
  • availability of standards to all, and
  • voluntary adoption.

As seen with the Internet and in other technology areas such as electronic design automation, medical-device communications and the emerging smart grid, the OpenStand approach is proven in its ability to advance cutting-edge technology and empower rapid market implementation of high-value, high-demand products and new services with societal benefits. The market-driven OpenStand paradigm fosters global markets, job creation and economic opportunity and yields better products at more competitive prices.

The world is a better place because of the Internet, and its innovation is incessant. As OECD member states consider policy evolution, it’s important to note that a major reason for the Internet’s unmitigated success is a market-driven model of standards development and adoption that the OpenStand paradigm seeks to encapsulate and make easily adaptable to other technology areas.

How, specifically, is the OpenStand paradigm applied in the real world of standards development? For more on how IEEE Standards Association (IEEE-SA) activities in varied technology areas embrace the market-driven principles encapsulated in OpenStand, please visit