The security software businesses has reacted with suspicion to news that the International Telecommunications Union (ITU) is set to takeover the global standards process for authentication. Earlier this week, the ITU more or less unilaterally declared that it is the body best suited to drive global standards for e-commerce authentication, but executives at three security firms – Baltimore Technologies, Sonera SmartTrust and Trintech – were surprised at the announcement, which they said came after no consultation by the ITU.
The ITU’s interest in assuming a leading role in authentication standards first emerged last month when it hosted a meeting at its Geneva, Switzerland HQ. Attendees included leading names from the ITU’s traditional telco members, including British Telecommunications, France Telecom, Spain’s Telefonica, and MCI Worldcom. Notable by their absence were any companies with a real authentication software heritage, except for two local certification authorities, Swisskey and Wisekey.
The failure to make the consultation meeting even vaguely representative of the authentication business suggests that the ITU has yet to learn how to communicate with the non-telecoms community. This has already led it to being rebuffed by the internet community, and now it seems intent on gate-crashing another industry, trumpeting its global membership and telco roll-call as its credentials. I would be a little worried about that, said a spokesperson from Sonera SmartTrust, the PKI division of the Finnish telco. The ITU’s crowning of itself as authentication champion smacks of telecom hubris. At Geneva’s Telecom 99 in October, only two security vendors were represented.
The ITU initiative looks even more hollow against SmartTrust’s own venture, Raddicchio, which it set up to lobby for digital signature standards in mobile e-commerce. SmartTrust launched Radicchio in September with only three members, EDS and Gemplus being the other two (CI No 3,757). Only two months later, it has garnered the support of communications players Lucent, Ericsson and Vodafone AirTouch, as well as PKI vendors like Certicom and GTE CyberTrust. Mitsui, Marconi and Saraide, the mobile commerce division of Nortel, are other big names.
Even the respective schedules for the two groups reveal their differences. The ITU plans to meet in Geneva in July where its governing council, will decide whether it is in fact suited to this role. By contrast, Raddicchio’s agenda starts on January 11, when it will hold its first meeting in London.
