Page 5 of 11
Security is an increasingly important concept covering a range of diverse areas with different political and social consequences. Security, dependability and trust are critical factors in stimulating the take-up of new ICT services. From the computer owned by the individual user which must be protected from hackers, to phishing scams, through to the use of ICTs for border control, the breadth of security threats is enormous. Tarimo (2006) characterizes approaches to ICT security as increasingly focused on the concepts of availability, confidentiality and integrity:
What makes security so challenging is that these concepts are often in tension with each other. For example, the desire to make information always available entails the potential for compromise at the level of confidentiality. The existence of a potential threat does not always mean that it can be eliminated. As Tarimo (2006, p. 46) notes, 'The way one defines ICT security will influence how one models the same and ultimately the design of the corresponding solution—approach and model. Many security designs are poor because they are based on unrealistic threat models.' Highlighting unlikely but easily fixable security issues is certainly more lucrative for security solution-providers than attending to more likely and difficult-to-solve security problems.
ISO/IEC 17799, the Code of Practice for Information Security Management, is an internationally recognized standard that provides a framework for security in the private and public sectors covering small to medium enterprises as well as large corporations. The 2005 version of the standard (International Organization for Standardization 2005) contains the following 12 main sections which constitute a useful outline of the issues that need to be considered in the area of information security:
The questions of peering and neutrality are currently addressed in forums associated with Internet Governance. The topic of Internet Governance, discussed by Adam Peake in the 2005–2006 edition of DirAP, has lost some of its momentum after the World Summit on the Information Society (WSIS) failed to come to any agreement on the issues in 2005. WSIS has developed the Internet Governance Forum (IGF) to discuss the ongoing coordination of the Internet, but it has no authority to implement changes in the Internet's governance bodies. There can be broad or narrow definitions of Internet Governance. Increasingly, many actors favour a broader definition comprising the traditions, institutions and processes that determine how power is exercised, how stakeholders are given a voice and how decisions are made with respect to the Internet. The UN Working Group on Internet Governance (WGIG) differentiated clusters of issues related to Internet Governance that can be summarized as (a) access issues; (b) issues related to use of the Internet; and (c) issues around coordination of Internet resources.
One of the common myths about the Internet is that it is not governed (Ang 2005). Technically, the Internet is coordinated rather than governed and it is true that there is no single place where the Internet and a coordinating agency can be identified. But in reality, there are a number of different areas where self or state regulation is in place and these are areas where the analysis of governance is useful.
An Internet Governance issue which does seem to be ongoing is that of Internationalized Domain Names or IDNs, and it has particular relevance to the Asia Pacific region (Butt 2006b). As the number of non-English speakers on the Internet grows exponentially, the Domain Name System (DNS) overseen by the Internet Corporation for Assigned Names and Numbers (ICANN), which works on a subset of Roman script, has proven to be incapable of effectively providing Internet navigation services in other languages and scripts. ICANN recently announced a new focus on the issue and it is deploying testbeds for new IDN systems. For Asia Pacific, however, many feel that this is too little, too late, and alternate systems are needed to allow people to use their own languages online. IDN testbeds were established by the Asia Pacific Network Group in 1998. There are also a number of IDNs already established by particular ISPs.1 Organizations such as the Multilingual Internet Names Consortium (MINC) are attempting to develop a coordination framework to ensure that fragmentation of the Internet does not occur through 'leakage' of these IDNs into different zones.
The debate on IDNs remains polarized: there are those supporting universality, standardization, stability and control, on the one hand; versus those advocating for multiplicity, diversity, loose coordination and accountability to local language groups, on the other. From the perspective of bodies such as ICANN and the IETF, a single system for IDNs should be established which can serve the interests of all stakeholders and multiple systems should be avoided. However, this 'universal' approach to IDNs raises much more complex technical, political and economic issues than developing a viable system for a particular language group. This complexity partially accounts for the slow progress on IDN development within the ICANN system. The major challenge will be to create viable mechanisms for mediating between these philosophies. While all agree that the goal is to ensure that the Internet remains a single, interoperable public facility, many increasingly believe that the right of all people to communicate in their own language must be maintained and expanded within this new medium.