viernes, noviembre 09, 2012

Cybersecurity in the Internet Governance Forum, Baku, 2012 - some session notes

Notes from cybersecurity related sessions in the Internet Governance Forum 2012 (Bakú, Azerbaijan)

These are (admittedly incomplete and potentially inaccurate) notes I took in some sessions related to cybersecurity in the Internet Governance Forum

Cybersecurity that achieves privacy and civil liberties.

Questions from audience, now panelists:
Robert Guerra. It is difficult to get intelligence agencies into a public conversation. Data retention needs special care. Religious speech now important; sometimes used to stifle speech, censor. In some cases governments use it as cover for stifling political speech.

Jimmy. You can send letters or use public phones without identifying yourself; these are essential rights in the offline world. On the Internet you can register but you don’t have to do everything you can do.
Speakers “in Egypt they torture criminals because police can’t do their job right. There is always a reason like this for retaining amazing amount of data. Surveillance out of precaution.”
Concerning religion: it is dangerous to bring the discourse of religious and human rights to online. Private companies are being blackmailed for this; example of Google and “inflammatory videos”, now having showed that they do have the ability to block.
Lots of issues rehashed. Research needed.

Workshop on Identity

EU, US creating official, governmental, national digital identity frameworks.
Bill Smith. Identity space is natural for governments. Models like Liberty Alliance, circle of trust. Learning from private sector like credit cards.
Emerging model with multiple, low-level-of-trust sources of authentication. Moving to adaptive, behavior based authentication.
India national identity system. Black market in peer authentication for identity. Biometric deployment In unprecedented scale. Problems appearing, like cataracts not letting iris measurement work. Lack of privacy framework and data protection law is causing protests, long run may lead to improvement.


Moderator Jonathan Charles, ex-BBC.

Session very sparsely attended.
Christopher Painter (US). US national strategy for cyberspace is a cybersecurity strategy.
The same rights (human rights) apply in cyberspace as elsewhere, including war regulations. Need to build a consensus globally.
Kristy Hughes. Huge concern about mass surveillance by data collection. Security and privacy go together online. Surveillance is not only a transgression of privacy but an unjustifiable threat to freedom of expression. The need for massive collection and retention of data has not been justified.
Security and free expression should not be opposed, therefore balanced. They are most often complementary. Regulating speech for incitement to violence should be exceptional, not a result of balance.

Carlton Samuels. (to question “what bothers you?”). In my part of the world access is important. The ability to participate is necessary. It is true that people will come to the Internet with hearts and minds laced with larceny. It is indeed for us to protect the public from such persons. Privacy is important. There will be times when these principles chafe.


Eleonora Rabinovitch. The three issues are intertwined. Will talk from perspective of human-rights organization in Latin America. Problematic legislation and decisions.
Problems too in legislation that criminalizes spreading false rooms. Use of free-trade agreements to approve changes in national legislation favoring intellectual-property protection which becomes a threat to the flow of information and free expression.
We have to be very cautious with new policies and legislation, even in good faith, to protect rights online.

Sherif Hashem (Egypt). We are seeing new attacks and viruses, possibly from state actors, moving forward. Very concerned that security and rights communities are not talking together enough. Need multistakeholder approach to whole set of problems. Need to be innovative. Apply known principles like proportionality.

Marietje Shcaake. Key priorities: people come first. Empower people, give them a free voice. Decisions in one country can have impact all over the world. Technologies can be used as weapons. No witch hunt of powerful corporations or of repressive countries; instead, find incentives, move away from zero-sum game.

Jonathan Zuck (for industry) stands up, shouts “give me liberty or give me death” “it felt good to say that, I’m not sure what it meant.” Then speaks against rhetoric.

Zaid Jamil. Need to act against cybercrime bringing people onto a single platform.
Christopher Painter (to question) If you have a security regime that stifles freedom you’re under the wrong approach.
Eleonora: puts Zuck in his place explaining to him the foundations of universal human rights principles.

Alejandro Pisanty, UNAM and ISOC, Mexico
The 7th meeting of the Internet Governance Forum held numerous discussions on the intertwined subjects of Security, Openness and Privacy. The subject was the theme of a Main Session and Workshops, and was also of interest in Dynamic Coalition, Open Forum, and other discussions.
The brunt of the attention was dedicated to the relationship between Security and Privacy, or more broadly this year, between Security and Rights among which privacy is present with its own weight, for its impact on other rights, and as a symbol or even shorthand for these.
As the 7th IGF included many more rights-related sessions than any previous year, statements about rights threatened by surveillance permeated a large part of the discussions. Continuing from previous years, the balance between opposing trends as well as views of cybersecurity serving instead of opposing privacy and liberties went on being the focus of many debates.
In some of these debates, clear-cut cases and figures for state-driven surveillance were shown. Some of these are staggering, especially in view of the accelerated application of analytics and correlation that allow the deanonymization of data captured as anonymous. In many cases shown in the Forum, the justification for the scale of data capture and retention cannot be readily found. The impact of surveillance as a chilling effect on the rights of free expression and free association was underlined as well.
Identity management, a key element of online security and privacy, was discussed. Among the most forward-looking contributions is the view of evolution from top-down, owned identity, authentication and authorization frameworks towards identity management based on multiple sources which only require a low level of trust in each.
Openness was not intensely discussed in this intertwining. However, it was the subject of many discussions in which libraries and librarians play an increasing role in the Internet Governance Forum, and of the Dynamic Coalition on Internet Core Values.
The communities concerned with rights and with security have not been communicating enough. A call is made for further multistakeholder dialog open to many diverse needs and points of view.

lunes, noviembre 05, 2012

Mis notas del IGF 2012 - sesión sobre "enhanced cooperation" / My notes from the "Enhanced Cooperation" session IGF 2012 in Baku, Azerbaijan

Raw notes taken in the first part of the meeting i.e. before the lunch break.


Enhanced cooperation sesión.

Notable: large presence of Brazilian group

Janis – precedent but gives NO explanation
Claudia Scelli – private sector appreciates multistakeholder, not static model to adapt to change.
Carlos Afonso – not here to discuss the linguistics, but to find HOW TO do this enhanced cooperation; problem since WSIS. ICANN has examples of efforts and ICANN itself is an example (difficult, imperfect, reinventing itself) of enhanced cooperation. Maybe we should create a WG like WGIG about enhanced cooperation. Example of WHOIS. Some people want too ready access without due process; this creates a multistakeholder process. Solutions seem impossible. Is it either “in their respective roles” or “on an equal basis”? Fadi Chehade calls for this in an ideal combination; only practice will tell us. Not being only a representative of our community or constituency but also a participant in the process. Calls for multi-equal-stakeholder basis.

Ambassador Fonseca Filho (Brazil) Dept. of Sci & Tech Affairs, BR Foreign Office. From the POV of the Brazilian govt. there is a gap in Internet Governance and believe that the IGF is not enough. Need a specific forum for all matters related to the Internet; all organizations including IGF do their job but it’s not enough; it does not perform the role needed to issue recommendations. The way they propose: establish a working group to collect views on how to implement the concept of enhanced cooperation; worked in CSTD and are frustrated that it didn’t happen there (further understanding ToR for such a group). The proposal is now being submitted to the General Assembly of the UN (this week, 2nd Committee). The appropriate thing would be for the GA to send it back to the CSTD. Extrapolating from WGIG. Think that the wisdom of the process that established the IGF gives hope that they can establish an organization. IGF is one track but need the enhanced cooperation in the context of the UN. The idea attracts fear from many.

Bill Woodcock. Packet ClearingHouse. From the perspective of the technical community, the cooperation process has been very successful. Two examples, exchange points (IXPs) and domain names. Number of IXPs has grown, mostly in developing countries, moving the means for decentralization thanks to outreach; not the tech community’s achievement on its own but also not something that govts can make happen by themselves. Tools for govts to regulate lightly and in an enlightened way. After each IGF new IXPs rise. OECD has helped get consistent statistics and make them public for use of policy makers. In the domain name system there has been a 10x growth in domain name servers worldwide, gone from zero to serious DNSSEC. We now have resilience and robustness which we didn’t have 5 years ago.

COMMENT BY AP. IG has been problem-solving in specific fields, and the BR proposal is too close to the illusion of a single universal global government.

We don’t mean to substitute for the processes that are working. We need a platform for discussion, not a new organization. Also need to discuss how to create multistakholder cooperation. There is no organization that allow governments to discuss and solve their problems, form the perspective of governments.

Carlos Afonso: agrees emphatically with the BR govt position.

Erika Mann: it is right to try to fix problems in government cooperation but a new tool is only an illusion. Need to bring operational understanding of what every party does. Then need to analyze the gaps and see how to fix them among/between mechanisms. Then there may be a third thing which is the missing part. What you need there are Chatham House meetings so govts can profit from the expertise of others.

Fonseca Filho. What Erika says is what he wants to hear. We need a platform. We are not prejudging and maybe we should resort to the existing institutions. But that is not the view of my govt now. And we think we need a platform. Both processes should go hand-in-hand. Need the group to make it work better. In Brazil we do practice multistakeholder governance and we have the endorsement from home. And we should further discuss.

Janis Karklins. This discussion is a perfect example of how compromise formultations at the end of negotiations lead to confusing processes afterwards. We are futher in our understanding of enhanced cooperation. It is “on an equal footing among governments” separate from “all stakeholders in their roles and responsibilities”. Enhanced cooperation is for public policy – but there are no “pure” policy issues, they are intertwined with technical issues, intellectual property, etc. Indeed there is no one place to discuss. We can try to create a platform but there is one essential caution: AVOID UNINFORMED DEBATE. Informed debate is essential; by creating a unique platform we need to bring all full expertise, since for example experts in cybersecurity are not experts in freedom of expression.


Moderator Bill Drake. Enhanced cooperation has been a subject of great controversy because of vague formulation and the intergovernmental process in CSTD has been stuck.
Echeberría: cooperation in the Latin American and Caribbean region includes LACNIC’s “mini-GAC”, formalization of regional IGF.
Tarek Kamel – ICANN more than 100 govts in GAC, review process is an example of govt cooperation. Collaboration with UNESCO for IDNs, esp. for ccTLDs. IGF also one great example, ICANN supports it strongly. Also took part in CSTD process of IGF improvement. Enhanced cooperation also in national models like Brazil, Egypt, India.
Fiona Alexander – Affirmation of Commitments opened and internationalized a role that the USG had uniquely. Total change, doesn’t expire. Four reviews already conducted successfully. Accountability and Transparency verified if ICANN was living up to its own commitments, by international community. IDNs have only been put in place only after WSIS, after IETF had the standards, UNESCO had the language tables, then GAC and ccNSO working together. Now 32 countries have IDN ccTLDs. Now also doing multistakeholder inside the US.
Bill Drake – USG still has asymmetric role but does great job of opening participation. Asks for comment on the special role of the USG.
Fiona Alexander – evolving gradually from historical roots. For IANA USG took public consultation on ToR and bidding process was directed by adopting criteria from international community, deference to international community and users of IANA.
Jeff Brueggeman – “do no harm”; Internet policy making compared to other global processes is doing very well. One of the main areas of progress has been bridging technical and policy decisions, as Janis Karklins emphasized. Losing that would be harmful and damaging. Hard to understand how one platform would work. Moving away from binary choices is needed now.
Parminder Jeet Singh – I have the unpleasant task of saying what is not going well. Agree on what we are talking about. Appears that he wants to refer to governments’ public policy role. Wants to see more discussion of other public policy issues than Critical Internet Resources (CIR.) Issues about public oversight (then goes on to speak about ICANN.) There is another set of areas. Is it too early to be addressing them? Or aren’t there any? CSTD Computer etc. committee does Internet policy and if nothing is to be done why is that committee working? Why is OECD making it? Why do they oppose other countries doing it? “I want enhanced cooperation to focus on that:” rich countries making policies for the rest.
Narine (Egypt) – wants to address concerns also from Arab and emerging economies. Ecosystem of IG and EC, big puzzle that has to be built in harmony. We can see camps in UN, ITU, WSIS platform. We need to converge and move forward. We’d like to see new measures like GAC not being only advisory; why don’t governments have a stronger roles.
Joy Liddicoat – APC NZ – we should also talk about governments responsibilities, like the recent resolution within the UN supporting free expression online. Double values and repression cause trouble. Some try to stop packets because of their contents and some have different faces in GAC and the way the act re human rights. We should see more enhanced cooperation for improvement in this area. Internet-related public policy that is not made in multistakeholder way is perceived as illegitimate (see SOPA, PIPA; trade agreements.) We are in a process of evolution; APC is positive about developments.
Tarek Kamel: not one constituency is managing ICANN. GAC has some special rules. Compares processes in Egypt, India; not a closed club. Other fora are invited to speak and participate in cybersecurity, child protection, etc. and all those have enhanced cooperation. The wider perspective is open to these different fora.
Echeberría: Parminder wrong in saying that no-one has said before that the focus must be broader than CIR. Examples of enhanced cooperation by LACNIC in non-CIR issues.
Brueggeman: countries should abide by global policies they agree to – internally, follow through.
Drake reads the discussion as a shift of understanding enhanced cooperation from oversight of ICANN to platform for broader issues.
Parminder: the issue does not go away. OECD, two problems: OECD makes intergovernmental policies and tells UN not to. Preconize global policies.
Fiona: rationale behind OECD. Motivation was colleagues in Brazil – they showed the Marco Civil, so the other countries started working on principles. OECD focus is on economics, and has other stakeholders. Perplexed by Parminder’s interpretation.
Numerous participations.

Bill Drake reads the CIRP proposal espoused by Parminder and shows how it aims to create oversight and arbitration powers.
AP COMMENT: AGAIN, ILLUSION OF SINGLE WORLD GOVERNMENT. I did read the IBSA and CIRP proposals and find them deeply flawed.
Kummer – the IGF is the forum. IBSA deeply flawed, OECD much closer to appropriate.
Heather Dryden, GAC Chair – will talk about GAC in afternoon session. GAC has arrived at sets of principles. Increased participation is needed.
Drake –
Liddicoat – support the IGF. Glad to see more places for engagement.
Brueggeman – on “call for existing organizations to report” – it has not been regular enough but it has been done. Find ways to improve on the existing, not only mapping but really make rigorous analysis and get out of deadlock.
Parminder – CIRP vs OECD. Something about poor incompetent guys. Now he believes that CIRP should not have the oversight role.
Nermine – enhanced cooperation working, responsibility to try to fix the gaps and integrate into the ecosystem.