[Privsec] Cybersecurity conference in June

[Robert Guerra]

At 5:26 PM +0200 4/19/05, Ralf Bendrath wrote:
>
>Robert Guerra schrieb:
>>As you can see (way below) i've been exchanging a few emails with 
>>Richard Shaw at the ITU who's the person organizing the 
>>Cybersecurity conference this may.
>Very good news, Robert. Thanks for this!!!

you know me,  a pleasure..

>>There is interest to participate and form part of the planning group -
>>  this is good. In terms of next steps ,  i'd like to ask the chairs and
>>  WG for instructions as to how to proceed next.
>I hope the whole group has an interst in following up on this, not just
>the chairs. ;-)

my comment was one for instructions as to how to proceed. Yes, indeed 
the group as a whole should develop a plan.e


>>I.  It seems an offer has been extended for a member of civil 
>>society to form part of the conference planning/coordinating 
>>committee.
>>recommendation: WE Need to  come up with a name and an alternate for this
>Any volunteers?
>Would be good if this person can also go to the meeting in Geneva
>his/herself. I probably can't be there due to other duties in my
>university job.
>What is more important: The person we send there has to make sure this
>whole group is informed and involved all the time. So it should be a
>liaison function, not a representation function.

I'm not sure what the funding situation might be. I am assuming that 
the ITU would be covering the cost of speakers, however for the CS 
coordinator on the planning committee - not sure. something worth 
asking.


>>II. As we've known all along, they are open to have civil society 
>>speakers there. We are being asked to propose specific names for 
>>one or
>>  more of the broad themes of the meeting.
>I'd like to be able to also add topics to the meeting, like "privacy
>aspects of cybersecurity measures" and so on.


The topics are the ones posted - they are the ITU's. if they are 
asking for people for specific topics - well, we can suggest a nam 
eor two. if they talk about that or something wider, well ...



>>recommendation: a. we  need to come up with 2-3 names for each of the
>>themes (listed below) ASAP
>Can we try to have preliminary a list of speakers suggestions until the
>end of this week?

that would be ideal.


>>b. check to see who's available (so far Bruce and Gus have 
>>confirmed they are are free)
>That should be done by the end of next week then.
>
>>c. submit the names to Richard Shaw.
>I can send an official mail as coordinator of the PSWG to Robert Shaw now,
>in which I express our interest, and inform him about our 
>procedures. But it would be good to have a liaison person ready for 
>this contact. Again: Any volunteers?


please do email him ASAP. let him know what our timeline is - ie, 
that we might be able to come up with a list of names by the end of 
this week.

As for liason - i'll say i'm interested. Though would need to know 
what the exact time commitment is. Are there other's interest too?

>Robert, did you hear anything about travel funding?

didn't hear anything specific - though i would assume so. let's not 
leave it to chance and ask specifically.


>On the themes:
>
>>1. information sharing of national approaches

Bruce is on some  US cybersecurity advisory body. Perhaps he could fit here?

>>2. good practices and guidelines;
>This could be someone from the CERTs or from FIRST, I guess. Any names?
>
>>3. developing watch, warning and incident response capabilities;
>David Crochemore / FIRST.
>
>>4. harmonizing national legal approaches and international legal 
>>coordination;
>Gus? This is really something for people from the recently founded "policy
>laundering" project. :-)


agree.

>>5. technical standards;
>Anybody familiar with ISO or other standards on security?
>Or: We could send somebody who is questioning the technical / standards
>approach.  I know EPIC did some work on P3P and other "privacy" standards,
>and also we know the critique of TCPA and the likes, but what about other
>security standards? Do they talk about TCPA or professional educational
>standards like CISSP?

Bruce might know this, as well as people from the Anonymity project. 
If i'm not mistaken Stephanie Perrin has been following standards 
bodies for a while.




>>6. privacy, data and consumer protection; a. b. c. Interest expressed:
>Ok, here we go. Can we get a high-level speaker from PI or EPIC here?
>Simon Davies or Marc Rotenberg as the bosses? Your thoughts?

there are a few canadians too - Pippa Lawson formerly of PIAC (public 
interest advocacy group), and now with The Canadian Internet Policy 
and Public Interest Clinic ( CIPPIC)  comes to mind.

CIPPIC - http://www.cippic.ca/
Pippa Lawson - http://www.commonlaw.uottawa.ca/faculty/prof/plawson/desce.htm



>>7. providing assistance to developing economies.
>Here, our new Kuwaiti members could maybe talk about their experiences and
>needs. Qusai and Abdullateef, what do you think?
>
>Another approach would be to add a grassroots dimension here and let
>Robert present Privaterra's work on the ground in developing countries.

Thanks for mentioning Privaterra. I do see this as a good fit for me 
- at least for this section. There are issues for developing 
countries as well as those in transition.

Historically ISOC has done a lot of work in this area, and might be 
of interest to enagement. APC is also active in this space.


>Also: Deborah Hurley has told me that the Tunisian cyber security agency
>is interested in foreign assistance to set up a CERT. Are there any best
>practices we are aware of? Or general criteria we as civil society would
>have here? (I think of Human Rights aspects now. Rikke?)

I've heard time and time again this need of the Tunisian agency - we 
should take care in dealing with them. Do they just want experts to 
advise them on how to setup a rights friendly CERT, or just a 
traditional cert. If it's advisors they want - i would assume they 
would have the ability to pay as well?

Do we know anything about what type of assistance, role the Tunisians want?


>What about Bruce Schneier? We should suggest him for an opening 
>keynote speech, shouldn't we?

Bruce seems very interested and liekly would like to be more engaged 
that - just giving a keynote. Let's hear from him


>Please send your ideas ASAP!

ok.

-- 
###
Robert Guerra <rguerra at privaterra.org>
Privaterra - <http://www.privaterra.org>