viernes, noviembre 09, 2012

Cybersecurity in the Internet Governance Forum, Baku, 2012 - some session notes

Notes from cybersecurity related sessions in the Internet Governance Forum 2012 (Bakú, Azerbaijan)

These are (admittedly incomplete and potentially inaccurate) notes I took in some sessions related to cybersecurity in the Internet Governance Forum

Cybersecurity that achieves privacy and civil liberties.

Questions from audience, now panelists:
Robert Guerra. It is difficult to get intelligence agencies into a public conversation. Data retention needs special care. Religious speech now important; sometimes used to stifle speech, censor. In some cases governments use it as cover for stifling political speech.

Jimmy. You can send letters or use public phones without identifying yourself; these are essential rights in the offline world. On the Internet you can register but you don’t have to do everything you can do.
Speakers “in Egypt they torture criminals because police can’t do their job right. There is always a reason like this for retaining amazing amount of data. Surveillance out of precaution.”
Concerning religion: it is dangerous to bring the discourse of religious and human rights to online. Private companies are being blackmailed for this; example of Google and “inflammatory videos”, now having showed that they do have the ability to block.
Lots of issues rehashed. Research needed.

Workshop on Identity

EU, US creating official, governmental, national digital identity frameworks.
Bill Smith. Identity space is natural for governments. Models like Liberty Alliance, circle of trust. Learning from private sector like credit cards.
Emerging model with multiple, low-level-of-trust sources of authentication. Moving to adaptive, behavior based authentication.
India national identity system. Black market in peer authentication for identity. Biometric deployment In unprecedented scale. Problems appearing, like cataracts not letting iris measurement work. Lack of privacy framework and data protection law is causing protests, long run may lead to improvement.


Moderator Jonathan Charles, ex-BBC.

Session very sparsely attended.
Christopher Painter (US). US national strategy for cyberspace is a cybersecurity strategy.
The same rights (human rights) apply in cyberspace as elsewhere, including war regulations. Need to build a consensus globally.
Kristy Hughes. Huge concern about mass surveillance by data collection. Security and privacy go together online. Surveillance is not only a transgression of privacy but an unjustifiable threat to freedom of expression. The need for massive collection and retention of data has not been justified.
Security and free expression should not be opposed, therefore balanced. They are most often complementary. Regulating speech for incitement to violence should be exceptional, not a result of balance.

Carlton Samuels. (to question “what bothers you?”). In my part of the world access is important. The ability to participate is necessary. It is true that people will come to the Internet with hearts and minds laced with larceny. It is indeed for us to protect the public from such persons. Privacy is important. There will be times when these principles chafe.


Eleonora Rabinovitch. The three issues are intertwined. Will talk from perspective of human-rights organization in Latin America. Problematic legislation and decisions.
Problems too in legislation that criminalizes spreading false rooms. Use of free-trade agreements to approve changes in national legislation favoring intellectual-property protection which becomes a threat to the flow of information and free expression.
We have to be very cautious with new policies and legislation, even in good faith, to protect rights online.

Sherif Hashem (Egypt). We are seeing new attacks and viruses, possibly from state actors, moving forward. Very concerned that security and rights communities are not talking together enough. Need multistakeholder approach to whole set of problems. Need to be innovative. Apply known principles like proportionality.

Marietje Shcaake. Key priorities: people come first. Empower people, give them a free voice. Decisions in one country can have impact all over the world. Technologies can be used as weapons. No witch hunt of powerful corporations or of repressive countries; instead, find incentives, move away from zero-sum game.

Jonathan Zuck (for industry) stands up, shouts “give me liberty or give me death” “it felt good to say that, I’m not sure what it meant.” Then speaks against rhetoric.

Zaid Jamil. Need to act against cybercrime bringing people onto a single platform.
Christopher Painter (to question) If you have a security regime that stifles freedom you’re under the wrong approach.
Eleonora: puts Zuck in his place explaining to him the foundations of universal human rights principles.

Alejandro Pisanty, UNAM and ISOC, Mexico
The 7th meeting of the Internet Governance Forum held numerous discussions on the intertwined subjects of Security, Openness and Privacy. The subject was the theme of a Main Session and Workshops, and was also of interest in Dynamic Coalition, Open Forum, and other discussions.
The brunt of the attention was dedicated to the relationship between Security and Privacy, or more broadly this year, between Security and Rights among which privacy is present with its own weight, for its impact on other rights, and as a symbol or even shorthand for these.
As the 7th IGF included many more rights-related sessions than any previous year, statements about rights threatened by surveillance permeated a large part of the discussions. Continuing from previous years, the balance between opposing trends as well as views of cybersecurity serving instead of opposing privacy and liberties went on being the focus of many debates.
In some of these debates, clear-cut cases and figures for state-driven surveillance were shown. Some of these are staggering, especially in view of the accelerated application of analytics and correlation that allow the deanonymization of data captured as anonymous. In many cases shown in the Forum, the justification for the scale of data capture and retention cannot be readily found. The impact of surveillance as a chilling effect on the rights of free expression and free association was underlined as well.
Identity management, a key element of online security and privacy, was discussed. Among the most forward-looking contributions is the view of evolution from top-down, owned identity, authentication and authorization frameworks towards identity management based on multiple sources which only require a low level of trust in each.
Openness was not intensely discussed in this intertwining. However, it was the subject of many discussions in which libraries and librarians play an increasing role in the Internet Governance Forum, and of the Dynamic Coalition on Internet Core Values.
The communities concerned with rights and with security have not been communicating enough. A call is made for further multistakeholder dialog open to many diverse needs and points of view.

No hay comentarios.:

Publicar un comentario