You are connected to event: CFI-RPC10 (speaking non English language) (speaking non English language) >> On legal issues to try to disclose that because there's this inherent trade of infrastructure that it somehow sinks into the background. We take it for granted. The same is true with technical infrastructure. With the cables that are underneath the surface, with the electrical cables going underneath the airment we don't see them anymore but they are somehow the precondition of our modern associate so what this tries to do is make those things visible and tangible and explorable again. (silence) >> Welcome, everybody to workshop ten. We'd like to start. If you can please take a seat. Welcome, everybody to Guadalajara, Mexico. >> Welcome, everybody. Let's see if I get the microphone right. So, to our visiting delegations and to our guests from the Internet Society and any other guesses we have here observing in person or online, I welcome you all. I thought I'd say a few words about why we're here and what we're doing for the next few hours. So, we're all familiar with that. The guests know this, but we'll repeat anyway. The U.S. Department of Commerce -- I would say just speak right into it. All right, I'll do it. I'm with -- my name is Joe Catuso. I'm an attorney adviser with the United States Department of Commerce commercial law development program. I'm here with my colleague, Emily skills, who's in the front, who's an international program specialist. And what our office does is help advanced commercial legal issues and matters throughout the world in various countries. Telecommunications and the internet are just one aspect of the work of CLDP which is generally funded by the US E. agency of International Development or the U.S. Department of State. We have been doing work separately on IT issues in both Afghanistan and Pakistan for the last couple of years. We have today representatives from both of those countries as part of our ongoing facilitatation of those countries. This is not a joint delegation. This is simply a matter of, we are able to support both countries and very pleased that both are here. We can do introductions separately. The room doesn't really provide for it at this moment but I'll tell you we're very pleased to have two officials here this morning from the Pakistan telecommunications authority including the chairman of the authority, Dr. Shaw. We have two representatives of the afghan government. One from the ministry of communications and IT, one from the Afghan Telecommunications Regulatory Committee. We have four Civil Society participants. Including Mr. Wafa with American University, Mr. Cobana with Tech Women Afghanistan. Mr. Shamin from Pakistan, Mr. Payab from Afghanistan from the regular story authority. We also have Ms. Judith Hellerstein and Mr. Jordan Solman with USAD. Our morning, for everybody's benefit will start with some time spent with representatives from the Internet Society have very kindly come forward to talk about issues. This is going to be informal. I should also mention this is a continuation of the two days we spent in Washington DC last week where we were able to meet with parties impost and non-government to talk about both internet and telecommunications issues. So we're picking up this morning, finishing up. We're just going to be finishing the morning here in this room. We're going to be visiting with ISOC now. We'll have a visit from the commissar with the Mexican ITS, the Institute for Telecommunications to talk about telecommunications sector. After that, we're expecting visitors to come by informally, not confirmed. So we will finish up with before lunchtime. Afterwards, our visiting participants will take advantage of the many Day zero programs that start at 12:00 and go for the rest of the day. That is the overview. So with that, we'll see how this works with the space we have here. I'd like to start by introducing Sally Wentworth from ISOC who will now introduce her colleagues and generally follow through. >> Very good, thank you, Joe. Good morning, every. My name is Sally Wenorth. I'm the Vice President of gobble policy at the Internet Society. This is great. We have a new chapter in Afghanistan and a long standing relationship in Pakistan so this is a really fabulous opportunity to meet with you in person and speak to you a little bit from an ISOC global perspective to help you in the work that you do locally in your countries so hopefully that's the kind of conversation we can have, and we can certainly take it in any number of directions based on your questions and areas of interest. Why don't I first start by just introducing quickly our Internet Society colleagues who are here just so you know the faces in the room. We have Joyce here, who works on -- Joyce, your formal title? Senior director of global engage. She knows everything there is to know about chapters and also has important work with our department around the world. Jane Coffin, who I think everyone knows. Jane -- I don't know everybody's title at the Internet Society. We're not really big on titles but Jane is instrumental on the ground in developmental activities worldwide. She's one of the foremost experts in the world and somebody I know that many of you have worked with. Noel is a policy expert in our Asia Pacific bureau covering a host of issues including security, access, trust, and a wide range of topics. Carl Ganberg is raising his hand now. There he is. Carl works in our Geneva office and covers a range of internet governorance policy issues in the US and otherwise. Just joining us is Raul, the policy of engagement. I think I'll start and then Raul, do you want to pick up you. This is sort of an informal discussion. Joe told us we're going to talk about what we do at the global level and sigh how it relates to regional and local activities. Internet Society I think many of you know is a global organization. We are a non-profit entity really dedicated to the growth of the internet. We advocate for the growth of internet worldwide. We think the internet is good for humanity. We think it has connected community and people in ways never before possible, created opportunity, and is a channel for the future. So our whole set of activities, whether they're technical or policy or development oriented are really focused around that unifying theme that the internet should be for everyone and it should be a medium of opportunity. The work that we do, as I said, is divided sort of into these areas. We do a lot of work on the technology front. We are -- the entity that develops many of the protocols that you use every day and don't think about, probably. We do a lot of work on the public policy, so things related to internet governance but the host of internet policy issues that are confronting us today at every level, whether they're related to access, affordability, opportunity, trust, security, privacy, all of these range of issues that are facing the future of the internet are issues where Internet Society is active and has positions and works on advocacy. And then on the aspec and then on the aspect of development, I think Raul can speak more about that, but fundamentally the internet, so we have to create the universe channels of connectivity and that relates to empowering people, training people, building capacities of individuals to build the internet, to innovate on the internet and grow it to the next thing it will become. So that's really the work that Raul works on and Jane and Joyce of what do we have to do to build the communities of excellence in all of your countries to build the internet of the future that you want. So, that's very high level overview of what we do. The way we do it is, really we aim to be bottom up. We aim to be community driven. So the chapters that you have in your country are our resource. Are our resource to you as policy makers to help you make the policy that makes sense in your country. They are the community of experts that can help build the internet in your countries. So, our chapters are really a link between quote, unquote ISOC global and the local community. So we are very pleased to have the chapter emerging in Afghanistan and ongoing in Pakistan. I'll just stop and give you a little in terms of my background because maybe it relates to some of you, especially on the policy making side. I used to be in government. My background, I started at the state department working on internet policy issues and then went to the White House to work on domestic internet policy issues. And one of the things that I found is that as a policy maker, you are called upon to be an expert in everything. Right? You have to make decisions about everything. And nobody is an expert about everything. And, you need the community around you to help you. You need to be able to reach experts on different topics to help you make the right policy decisions. So, I think it's important that governments look at the stakeholder community, the multistakeholder process, not as a, you know, formal thing, but as a community, a way of making decisions. A way of getting to the right answer. A way of bringing experts to the table to help you work through a consumer protection challenge. To help you work through, how do you make connectivity more affordable. How do you strengthen the capacity of your community? It's not a decision or a set of decisions you have to make on your own. You can lien on your Internet Society chapter. You can lean on the industry. You can lean on legal experts, academic experts around you to help you make the right decisions. That was something I did not fully appreciate until I came into government, but just how hard it is to make the whole wide range of decisions you have to make on a daily basis. And it's okay to reach out to the community and say, what is the right answer here? Advise us. Give us your input. Help us make the right decisions. And we hope that's what our Internet Society chapters can be in part to the community. It's not the only thing they do but I think it's an important role, especially since we have government officials here, we really hope you would look at the Internet Society community as a resource. So I will pause there and maybe turn it over to Raul, and Raul, maybe we talk a little bit about why we support the Internet Governance forum and local IGFs and that set of issues. >> Raul: Good morning, everybody. Thank you for this invitation, for this meeting. As Sally said before, for us in the Internet Society, the internet has never been -- connectivity has never been the ultimate objective of our work. We have work always in the understanding that the internet is a tool for improving the life of the people. And so, in that sense, as Sally also said, it is important that we look -- it's among all of the holders, the way, the best ways to the bill of the internet and to move forward in order to develop that internet. An internet of opportunities. An internet that really helps to improve the conditions of the people, at the same time improving also the potential of the country. And so, this is -- the IGF is an instrument that we created that we worked very much to create in 2005 in the summit, we have been committed strongly since the beginning. And then just for giving you a data that help to show this commitment, in this meeting, we -- the Internet Society directly or indirectly have supported the participation of about 200 people. This shows clearly our commitment plus all the efforts we have spent in the year in developing materials, working with groups or well meaning activities or some of them by ourselves, some of them in partner ship with other organizations like the one that Jane is leading today for community. This is where we contributed to bringing together all the people that is expert in that field, just as an example, while it's for community. So they meet here and make valuable contribution to the discussion. So, we bring people, but we bring contents, we bring expertise to the Internet Governance. But one of the -- it's very good. This meeting is very good. The IGF, all the process of the IGF is very important for bringing all the different stakeholders to have an open discussion and equal footing, but it's not enough because we come here every year. We send a lot of very interesting things. We learn about what is happening in all the world, but we have to come back to our countries the day after that and we want to do things, based on the things that we have learned in IGF. We want to bring some this knowledge to the practice. So we need also the regional and local levels, we need to adapt those ideas and have their own discussions closer to the policy making. Close to the policy making as a way to, as Sally said, the policy makers can lean on all the communities for the decisions they have to take. This is very important. It's a huge responsibility for the governments to take all the decisions and things that will benefit or compromise the future of the country in the next 50 years. So we have to take advantage of all the expertise that we have distributed in the society among different stakeholders. And this is why we also promote the creation of the implementation of national dialogues and regional dialogues and things that are important for the regions. Sometimes are the same topics that are the most popular topics in global, some other times are different topics because the local realty impose to discuss other things. And our chapter is an instrument in both areas. It's an instrument for working on development. For bringing, in particular in Pakistan we have done a lot of work and I am hopefully, we will continue doing a lot of work there and I have to say, I'm very glad to say that many of the things we have done in partnership with the government there and we have the regulator here that is a very good partner of us. We have organized the community meetings like INETSs or supporting the international governance, local school, and we have organized activities on accessibility, and also deployed connectivity in rural places, we are working together with the incumbent, the telecom of the country in bringing connectivity as part of our Wallis for Community project. In Afghanistan, as we haven't recently adopted chapter there. -- we have a recently adopted chapter there. We are very happy to have this chapter in Afghanistan and I anticipate we have the same opportunities to do similar kinds of work there. So this is why I say we have this dual role of the chapters in working on development of the country and at the same time also promoting more open dialogues on Internet Governance related things. But, there are also other activities that they have in capacity building and reaching a discussion and also bringing the local flavor to the region hall and global discussion is very important because we need this Internet Governance forum and other forum taking consideration of the diversity of the situations and characteristics of the world as a whole. Thank you. Sorry. Was a little long? >> Sally: No. Not at all. So that's a very quick overview. I wonder -- I know this room is a little more formal than maybe a round table would have provided, but can we open it up for any -- it would be wonderful for us to hear from maybe our chapter leaders about sort of your goal for chapters in either Afghanistan or Pakistan. Your objectives for the week and what you're hoping to get out of the week or any questions you might have about the Internet Society and your engagement with us. So those are at least three areas I'd love to hear from people on. If people are willing to take the microphone from me, we can have more interactive conversation. I have a taker over here. And if you could give your name and where you're from. >> Sure. Thank you so much for the very good presentation, the comments. My name is Omar. I'm one of the founding members of ISOC Afghanistan and I'm on the Board of Directors, and the first Vice President, advice chair is here, and the -- vice chair is here and the four board members. We started this together. It took us two years to get the formal approval of the Afghanistan chapter and then Chobana is Chair vice. We all work together to get global recognition for our local chapter. One of the biggest issues we face in Afghanistan, and that's been for the past this 30, 40 years, is that we have been in isolation due to the invasions, war, civil war in all of these. You know? But the past ten, 13 years were very good in terms of capacity building of Afghans and deep connection with the global community. If it's about business, internet issues, technology, public policy. So, we're very happy about that and learning a lot from going to meetings on international level. CLDP has been very supportive in the past few years. We had quite a few sessions together at the IGF 2015 and then IGF 2016. And they're trying their best to provide more support to the afghan government, the Civil Society and the private sector. However, Afghanistan is a very new chapter. It's been a couple of months we got our formal approval from the ISOC global. We have three major issues. Number one is the capacity of the local technology professionals as well as people who are in public policy. Technology and public policy, these are like two different issues, but we don't have many people who understand how to develop policy, how to formulate policy, and how to do like policy advice so this is going to be one of the areas who would need some capacity building. And this could be by engaging our chapter leaders and the members of the Internet Society, Afghanistan. And then the global connection, that's another issue. We would like to connect with the rest of the world. We want to have opportunities to attend workshops abroad. For example, the engineering task force you've talked about. That would be an ideal place for some of our technologists to get involved in. The other issue would be helping the local communities to get involved in our activities and also the global activities. A major challenge when it comes to the international meetings is everyone needs to go through applying for fellowships, you know? And that's very difficult for Afghans who are non-speaking to do a very good fellowship application. If they had to compete with people from India, for example, in Pakistan and so many other countries, they are not going to win. Because they are not good in writing English. They are not good in expressing themselves. But they're really good in working, you know? When it comes. If you give them a chance to attend these meetings and participate, with the passage of time, they're going to learn. Last year, I was at the IGF 2015 with the help of Joe and his team, but this year I was appointed as a member of the IGF MAG, the multi-stakeholder advisory group. So that's how we were exposed. That was a big step for an Afghan, you know? It was difficult. It was hard for us to be there. But when we got involved, we, you know, got to the top. And that's how I wanted for the rest of the Afghans to get involved in your, you know, communities, for example, the -- what is it? You have a Board of Directors and there is boar of Trustees, right? So Board of Trustees would be a place where Afghanistan would need representation but I know there are quite a few limited seats available so these are some of my questions and if you can elaborate more on that, on how we can get involved more and take advantage of the opportunities. >> So this doesn't just have to be the Sally and Raul show. Since we have other ISOC experts here, I'm going to turn over to Joyce. If that's okay, Joyce? Joyce is very familiar with our chapter opportunities and can talk a little bit more about those. I would just like to say from where I sit, it is so exciting to see the enthusiasm that you have, that Afghanistan has. You've worked for two years to get a chapter. That's commitment. That's endurance right there. And that you have this hunger and this desire to participate on the global stage is very important, and I think it can happen. So, I think from where I sit, it's a very good data point to know about the enthusiasm and the interest. And sometimes, that's the first step, right? But Joyce, you want to talk a little bit about the various programs. >> Joyce: Thank you, Omar for bringing up the issues. I formally want to say since it's face-to-face now, congratulations on the chapter and we are thrilled to have you as part of the family, as we said. And had the opportunity to see very actively involved in Bangkok during the chapter workshop we had there, so I think this was a very first opportunity for the chapter to get connected to the other regional chapters. I'm sure he brought home a hot of stories, a lot of takeaways from that session. So I think those opportunities are definitely there. As you all know, it is important for us to develop the chapters at local level and to ensure that we provide you with the necessary tools and resources to be successful at local level, but it's also very important for us to bridge that connection with the other, not only regional chapters as we did in Bangkok and bringing together all the chapters from the region to have discussions about the issues that are alive, not only in your local countries but in the region and how you can actually collaborate with each other to find solutions to that. And then the next step is obviously, the more ambitious piece is looking at the global connections with the chapters. I think what we see with the more mature -- I think our Pakistan chapter can confirm that as well. Once you get connected with other chapters, once you get involved with the regional calls we have. We have some community forums as well where you have the opportunity to discuss policy or technology issues with other chapters, with peers, we have one of our US chapters here in the room as well. So, this is already an opportunity. And I think as a chapter, you need to give yourself some time to grow and make those connections. We are obviously there to help and to do that. In terms of capacity building, Noel, do you want to talk about what is happening at the regional level in terms of activities and opportunities for capacity building or other activities in the region, specifically? >> Very briefly we have opportunity to participate in some of our chapter activities, so we do organize several activities for chapters. One of them is the chapter leaders meeting, which I think you have participated in, but there are also many opportunities for building capacity. We have, as you might know, we organized activitied with chapters as well so that is another opportunity. We have the Asia internet symposium. There are several organized every year. We aim to organize at least three. Sometimes it goes up to six. And these are on local issues. So we work with local chapters, not necessarily chapters in areas that we don't have chapters, for instance. We have worked with governments. We have worked with other stakeholders to make this happen, but there is a local host and this mostly, this tends to be the chapter. We work with a local host to set the agenda to determine what needs to be discussed, but ultimately, this is about talking and coming up with a particular set of issues that you think is relevant to your locality at the moment. We also have this year, we started a major conference call, the regional internet and development dialogue which I think you also participated in. This is also an opportunity for us to come together as a community and to just build general understanding, to deepen the interconnections that we have and just be a more -- how is it? To foster a more kind of -- a more solutions hitch driven environment. And -- solutions-driven environment. On the technical side, we also have several fellowships. One of them is the apricot fellowship that we try to sponsor every year. That is also an -- we open that up to chapters and we do encourage you to join and obviously, you know, I'm going to give you my card and if there's anything else that you -- that we could help you with, we'd be happy to. >> So Joyce and I have each one more thing and then we want more questions from the group. Go ahead. >> I just wanted to mention one program that is very concretely available to you already now, I mean, apart from the chapter support in terms of management and so on. But, we actually run a program called Beyond the Net with which you may be familiar. It's actually a granted program where chapters can apply for funding to run community projects. So, it's a program that has been run for the past ten years. We've funded over 200 projects over those two -- ten years. So the program is open for applications at any time, and they can actually, they can be connectivity- related to projects. They can be capacity building projects. Funding is available up to 30,000 U.S. dollars so it's definitely an opportunity for the chapter to, one, get involved at local level in terms of capacity building and obviously the team can support in providing some of the content, some of the briefings. We can put you in touch with other chapters who have done some successful projects already so you can learn from each other and not have to reinvent everything from zero. So, we will have a little -- if it arrives, eventually, we will have a little report. It's a Beyond the Net impacts report of 2015 where you will see some examples of the projects we have funded in 2015. Jane also knows a lot of those projects. She's involved in actually supporting some of them very actively. So, if you want to have a chat with one of us, I mean, feel free at any time just to -- even to brainstorm at any time. Not a problem. >> So, the last thing you had mentioned a desire to be linked to sort of ISOC global linked to the global community. Just an idea, and Judith, I hope this is okay, but, you know, one -- I hear from the DC chapter. I live in CD. So one of the things that they have said is the desire to have sort of joint meetings with other chapters. You know, one idea is to kind of, to find a buddy, so to speak. Another chapter that's maybe more developed that's been around a little bit longer, and do some joint conversations. Find, you know, they know how to navigate the Internet Society, although as staff, we're always here to help with you that. But they know how to do that. But they've also had success in certain activities, may have some ideas, but may also have resources in terms of policy or technology ideas that may be of interest that may be, you know, if in Afghanistan, there's a big push on a particular topic, another chapter in the network may have also worked on that topic and may have ideas and you may be able to do some joint activities just as an idea. So I know the DC chapter has been very keen to do things like that. I think other chapters are as well. If it's IPC6, I can tell you the Japanese chapter is light years ahead of everybody else and Colorado chapter is very interested in IPC6. So, there are groups you could tap depending on your areas of interest. So that's just a suggestion. >> Thank you very much. As you probably know, Syid, chairman of Pakistan No. we work very closely with ISOC in the country and even outside. Recently, just to continue with what Omar mentioned, recently from 26th to 29th November, we had the Pakistan school of Internet Governance and I think we had participants from, we recently organized activities with ISOC so if there's any paperwork or supports required, we can actually help with that. Because we are a government entity and the paperwork could be organized. If there are a requirement for our event friends to come to any events in Pakistan. In April this year, in connection with the first IXP that's now up and running, we just need to have the formal inauguration. Other than that, we had the INET last year immediately after the IGF, we had the INET which went very well. That was very successful. Another activity that you might also consider, Omar, doing, that you might want to consider is that we are working with ISOC and the local operators on activities related to persons with disabilities. So, ISOC had been helping us and creating the awareness regarding the persons with disabilities and what the ICTs can do for them. So, that is something that you might want to do in Ivanistan also. Of course, if any expedience or anything else is required from us, we would be happy to do that. Another than that, you would rightly mention if you look at the overall internet, this is our belief also, that internet can be a great source for humanity. It can provide so many services that especially countries like ours require, for example, in terms of health, education s, financial services, and I am glad to inform you that last year in the previous IGF I met a group from Pakistan here. They were actually establishing eclinics for the women in the villages. We are now working with them and I'm encouraging having their meetings arranged with the local operators, the local carriers, so that the broadband connectivity can be provided to them free of cost in remote areas. So that's something we're working on and the same content can be extended. So we can actually do a knowledge hearing with all the community. For this, also we had some workshops on IPV 6 arranged in Pakistan. In Pakistan, we are also working with the higher education commission. ISOC, Higher Education Commission, so awful us working together on Internet Governance. Now, specifically, for this IGF, again we would like to extend to know more about how the Internet Governance should take shape and most importantly how the SGDs, for example, can be achieved using the ICTs. So that's basically -- we do have our own ideas also, but simultaneously, we would like to know what the other countries, other groups, are doing to help achieve the sustainable development goals, especially using ICTs. So that's one of the objectives that we are here for, and during the last -- since last IGF until now, we have it actually taken a few ISOC courses online. Our staff, including myself, I have taken Internet Governance Forum forum online courses. I am, by the way, also a member. You have to become a member before you can take the course. So these are something that our government colleagues also have representation from telecom relating authority, the internet. What we need to do to get the benefit of the internet and services it can purchase, the government as an entity, no single entity, whether that's the government, ICANN, even the United Nations. All of us have to work together. I know there are topics of interest, for instance, cyber security. So that's an Internet of Things. And our needs are a little bit different in a developing country, for example, the Internet of Things for Korea or US would be driverless cars but for us it would be more important to have sensors that can tell about the quality of water in certain places, monitor the weather and so on. But of course the technology would be the same, the protocol, activity, and all these other activities if not the same would be similar. So we would hike to know and at the same time give also our ideas on how we can take full advantage of the internet. And by the way, in Pakistan, in the last two years and three months, the broadband penetration has jumped from -- it's mostly broadband but we are focusing on the specific ones. With that, actually, the SMEs are growing. That's another area, I think Shabana is there from Women in Technology. This is something that's really important and as government, there are initiatives being taken by Pakistani government where we are establishing women in centers and I can share the experiences wherever they are required. So, these are some of the things. I can continue on, but -- >> Sally: I think that's great. And this is what, I think, at Internet Society, we like to see ourselves as conveners as a platform where these kinds of connections can happen. So, if we can do that through the Internet Society and help channel between all of you, that would be ideal from our perspective. In terms of resources from a policy perspective, we've been publishing a series of -- we call them "policy briefs" on different topics. On a whole range of issues. They cover everything from human rights to privacy to internet of things to, we're just publishing one on over the top services, security. I don't know, Carl, help me out with the list. We try to publish about two or three per quarter. They are in English, French, and Spanish. If it's helpful and more helpful to you to get them translated in a local language, we are happy to work with you on that so they are available to your policy makers and your communities. The other thing we're always really looking for is to help -- these are written at a very high level for a global audience, but they need to be regionalized and localized. How does this play out in your country? What are the specific challenges as a developing country that you see that may not be reflected in a global perspective. So we put them out for comment. We are always seeking input on them but they're there for you as a resource. For government officials there's a program we run at the IETF, Internet Engineering Task Force where we bring policy makers and groups of about 15 to 20 to the IETF. The IETF is a very special place. It is very, very technical every time I think I know something about IPV6 I just go to a IETF working group and realize they know deep, deep things about IPC6 that I will never know. We try to show policy makers how the standard process works, what it looks like, what the IETF is because it is a mystery to many people. I felt it was a mystery when I was in government, so that's one of the reasons we run this program is a to do a taught orial. Then how the internet works from a technical perspective. Not deep, deep, deep technical and complicated but in general, how does the domain work. How does addressing work. What is encryption? Why does it work this way? How does routing work on the internet and why is it different than telecommunications? These are not government perspectives but intended to help policy makers understand enough about the technology to try to make good decisions or at least know how to reach out to. So that is something available to government officials. If that's something ever of interest, we'd be delighted. The IETF moves around the globe, meet three times a year, so there are opportunities there. And I firmly believe because I came from the government that is linkages between technologists and policy makers are crucial. The decisions governments make about the internet ultimately have to be implemented by technologists, right? They have to be able to write the code. They have to be able to build the devices. They have to be able to create the internet exchange points, do all of the various things at a technical level that people are asking for. So if governments are making decisions that can't actually be implemented at a technical layer, then we've been ships crossing in the night and we don't solve whatever problem it is we're trying to solve. And I think that's particularly important on cybersecurity. Because physical security is generally been in the realm of governments, right, for a very long time. Governments have armies and police and the things related to traditional security have traditionally been government. And yet we have the internet that has traditionally been in private hands run by private entities and users are building on it and running services out of their basements or whatever it is they're doing and everybody is interacting with this technology in all of these different ways. And now we have to secure it. We have to create levels security that are vastly different than what we have currently. And you're coming up on this clash a little bit between the traditional government role and physical security and a technology that has for 25 years been in private hands and we have to find a way to secure it. So government passing a law that says, it shall be secure, is not going to work. And waiting for the engineers to just figure it out is probably not also going to workment and this is one of the areas where the two communities absolutely must get together. There has to be interaction. Because, the solutions that the engineers provide have to meet the expectations of all of us, right, as consumers, as policy makers, as human rights activists. There's all sorts of considerations that have to go in. An industry still has to be able to function over this medium. There are all these things to take into consideration. I really think cybersecurity are the things that are going to test this whole multistakeholder model. That's where we all have to get together. There's a question in the back, and then tell me on time where we are. We'll take one more question and then wrap up. >> Hello, everyone. My name is Aziz. I represent Internet Society Afghanistan chapter. We have recently established a chapter and we've had a few small activities here and there but we are working on the progressing. I have my colleagues from the Internet Society Afghanistan chapter here too, and it's a pleasure to be here and I'm glad to know that Internet Society global are there to, you know, support us, and provide us all the resources and assistance in whatever way possible. Problems at the level of our country is a lot -- there are a lot of problems. Security being a major one. You know, culture differences and religion which sets boundaries in terms of, we cannot do certain things. You know, those problems are there. And our government being in a total different level which is much lower than the private sector. My government speaks a total different language and the private sector uses a different technology to the government which the government cannot afford most of the times. So, those problems we are working on. We have also planned on having different advisory committees through the ISOC channel, which we can sort of contribute and advise the administrative communications in IT and also the Afghanistan telecommunications regulatory authority. Our plans are to have the Afghanistan school of Internet Governance which we are planning to sort of start. So I was wondering how ISOC global can help, what sort of assistant can they provide, and obviously there has been a School of Internet Governance in India and Pakistan and a few other countries, Bangladesh, for example. So what can we learn from their best practices in terms of how to start the School of Internet Governance and what things to consider in order to be successful? And going back to ISOC, some of the chapters in ISOC has been, you know, working for ten years or more. For example, Hong Kong, Australia, so, we'd like to learn from their best practices, how did they start ten years ago and what sort of challenges did they have at the international level, at the local level, and how did they overcome those challenges? So those are the things we would like to sort of communicate with the chapters. So, what we really need is those cross- functional activities between our chapter and the other chapters like India, Pakistan, Hong Kong and things. And also School of Internet Governance. How can Pakistan help if we want to have our School of Internet Governance because they have already started and are already working. I heard there was a workshop last week. Yeah and how can we participate in that? And how can you guys help? How can ISOC global help in terms of having in ISOC and also the School of Internet Governance. Thank you. >> We don't actually have a formal internship program. We're always open for good people, though. So. ISOC ambassadors. So this week, we have, how many ISOC ambassadors? Twenty-some ambassadors. And ambassadors are programs that we run at a number of different meetings where, again, you can apply. And I should -- you made a comment about Afghanis couldn't make it through the process because of English or whatever. It is not an English writing competition. I really do want to assure you of that. It is -- we work in a global environment and not everybody has the same level of English. And I'm in Mexico this week and I have a terrible level of Spanish. We don't want to -- that's not the point of the ambassadorship so I do want to assure you of that. But maybe the place to start is to give you -- I think there are these lists of various engagement opportunities. We could make sure that you have those. I think you're quite spot on Internet Governance school. It strikes me that the linkage with Pakistan is probably the most relevant because they're doing this right now geographically. It makes sense, but from an ISOC global perspective, if there are questions, we're always happy to hear from you. >> I'll just wrap it here on a very practical advice is, you mentioned a name. Navid. So he's your person. So, we can definitely put you in touch with, you know, with the other countries that have the School of Internet. I think you have a buddy, already, actually, so I think this meeting was great. >> Great. Thank you. >> Sally: So I'm going to wrap there. Thank you for listening to us and thank you for being part of the Internet Society. I think that's the most important thing I could say is welcome to Internet Society, our Afghanistan chapter. Thank you to the Pakistan group and the chapter for being part of our community. We do see it as a community. So, you are welcome and we hope you speak up and contribute from where you sit. So, thank you very much. >> And thank you. Thank you all from ISOC (applause) I appreciate all of you coming. It's a show of force, which is correct. >> We hope you don't take it personally, but a number of us will get up and leave. >> My good friend Jane, we never put on the speak. We do have to go. So thank you again. So, I would like to move quickly into a short introduction before our next longer speaker. To my left is Ms. Marilyn Cade. She has had a long career working in couples and the anybody. -- telecommunications and the internet. I met her many years ago when she worked for a major company. She has been instrumental in the IGF and internet issues. Today we're hearing a lot from the non government side. It's a reflection of the multistakeholder nature of the agency. I'm sorry, I'm speaking over our guests. We have our speaker from the government of Mexico coming on soon. I've shorted Marilyn, but she can be very dynamic in five minutes so I'll let you continue introducing yourself and the information you brought. I will be right back. >> Marilyn: Do the microphones work? Sure. So, my name is Marilyn Cade and I see some old friends and some new friends here. So glad to have the opportunity to speak. I am going to speak quickly. I am here to ask you to do two things. And that's what the paper is about that I'm handing to you. I'm a MAG member, a member of the Multistakeholders Advisory committee and I service as the substance coordinator of the regional IGF. My job in the focal point, Anya Gecko at the secretariat is to support what the NRIs themselves want to do. There are many people who want to dictate the IGF. Some of them are from governments. Maybe sometimes from my own government. Internet government has become sexy and a hot topic and because of the linkage with the SDGs many governments who have just gun to get involved in Internet Governance had are now asking themselves, whoa whoa whoa. Maybe I need to run the national or regional IGF. Maybe I need to be the chair. Maybe I need to. The best, most successful, most sustainable model is when we fulfill the promise and commitment of the TUNIS agenda where all stakeholders act on an equal footing. This is a really tough thing within business and with governments to sell up the chain because we have to learn new models of interaction. So, the NRIs are holding a main session here on Tuesday, day 2, and the little flier has information about what the NRIs are doing and on the back, it has the information about the meetings that we are holding. The little -- this one right here. This little one right here. I hope that if you -- I look forward to talking with you in other settings about the growth of the national IGFs in both of your currentlies. I know that you're both really working in that direction and working to bring your other stakeholders together. In addition to the ingredients of having ISOC, you also have in your countries ICT associations. And we can help, I can help to draw them in if they're not already involved. Omar himself is actually a leader in WITSA and able to help also with reaching out. Now, let me talk for a minute. The NRIs are growing significantly. We can talk about public policy at a global level and we can talk about public policy at a regional level but we cannot implement public policy except at a national level. We have to take the ideas and the change home and make it work in our countries. And that's where the NRIs come in. So over the next ten years it's going to be a significant expansion of the number of NRIs and the work they do. They do not report into the IGF but they reflect into the IGF. The second little document you have is my invitation to you to be actively involved as speakers from the floor at the Town Hall at the first main session tomorrow, 10:00 to 1:00, which is the role of Internet Governance in the SDGs, the sustainable development goals. Some of you were here last year and you remember the standing microphones where everybody had to queue up and wait for a three minute speaking slots. We will do something like that. In a huge auditorium. We will have five setting the scene speakers and then that graphic, the UN graphic will be projected and then there are questions. You're going to be asked to speak for three minutes on your views on that or anything else you want to say, because you may have other things you want to say. But it is a Town Hall consultation about Internet Governance and impact on SDGs. The SDGs were, unlike the Millennium debt, they were developed but it was only representative stakeholders. It was not a bottom up process. And I'm not being critical. I'm saying, this is our opportunity to add in more information about those of us who are out there trying to figure out how to implement the SDGs and the importance of the SDGs. So I hope to see you in both and in particular I'm going to take names about who shows up at the main session since I'm the coordinator. Any quick questions before? And by the way, stop bit NRI booth if you can. It's in the Village. Love to see you there. There are different NRIs there. And here to do anything we can to help to augment the great work that you're already doing. So glad to see you all back. >> Thank you so much, Marilyn. Appreciate you coming by. Very efficient use of time. >> Can I just see a show of hands of who's going to commit to go to the microphone? More? More? >> Everybody. (inaudible) >> Thanks again. >> Would you open the door? We're going to invite our next people there. I'm sorry, we squeezed in Marilyn. That was a very important thing to do and I hadn't put her on the program before but the folks from the Internet Society had to leave by 11:00 and also our next speaker has somewhere else to be a little bit later, so they're also vying for that. I want to invite them in now. Can somebody open the door in the back and tell them we're ready for them? They're sitting over to the right. It's like inviting in the -- ah this way. Like a game show when you have the next door. Welcome, then. As I explained outside, its room is a little clumsy. Perhaps, though, you would like the official speaker chair. I would make an introduction. Thank you again for your patience in waiting as we finished up that last part. So, we're going to turn the I guess I should use this one or it makes no difference. We're going to turn the focus here. This is reflective of both the multistakeholder nature of the IGF and also the diverse background of the participants. We spent some time in Washington doing some preparatory work with our delegations on different issues but we do have representatives and we have Civil Society from Afghanistan so we're covering a lot of ground. This morning, we heard from the Internet Society about the activities of the Internet Society. We also just very briefly had an introduction by Marilyn Cade who's private sector for the internet. Now we're going to talk about more internet oriented things and more telecommunications oriented things. Part of what we do is providing internet to different governments including both Afghanistan and Pakistan. It seems to me that the countries especially Afghanistan face some similar issues with respect to investment, connectivity, -- development, connectivity, and part of that is how one encourages the development of the IT sector. What does it mean to connect to different people? What is the role of competition? If we have an international sector we can talk about a new policy in Afghanistan to encourage competition in the fiber optic component. Speaking specifically about Afghanistan, they have a stakeholder company that owns the infrastructure. Mexico has been through reforms that affect your competition. Reforms that affect your institution. It seems there's a similarity and perhaps the countries could learn from each other. So, that is an introduction of why we're here. I'd like to literally go to an introduction which I have do do from memory a little bit. I'm joined to my left here by Commissioner Maria Elena Florez. She's with the IFT, which I think in English is the -- for telecommunication, so would be FIT in energy she holds a bash lories in economics and an MH and PhD from the University of Paris. Thank goodness for Google. I hope that did it correctly. She's joined by Mr. Carlos and Mr. Victor. Lied, this is a chance for us -- like I said, this is a chance for us to meet together. With that, I'd like to turn over the room. I don't know how long you can stay but we are pretty good for time now. >> Maria: Hello. It's a pleasure to be here. I understand that the interest of meeting today is to hear about what we have done in Mexico for the last years since we had an important, very, very deep Constitutional reform. This Constitutional reform is about competition in telecommunications and both issues are deeply entwined and this conditional reform started to rethink about the institutional design. Before the reform, we had two different authorities. One for competition. One for telecommunications. The regulator for telecommunications had, for the few years before the reform, acquired also the mandate for broadcasting. But, it acquired the mandate, but the law didn't -- the law want reformed in a way to have a convergent view for both vectors. And -- sectors. And also before the Constitutional reform, the country made several efforts to bring more competition to the sector. It was very difficult to do so. For example, we tried for about 15 years to get to an asymmetric regulation for the dominant carrier but it was never done. It was difficult to do it with the ancient institutional reform because the procedure had to go through two different phases. One with the competition commission. The other with the telecommunications commission. Through all these procedures, the dominant carrier went through the Court. It was quite easy to get protection from the Court against these procedures. So, we didn't get through all this period, we didn't get to get in place a specific regulation to enhance competition. So in very broad terms, this was the situation when the Constitutional reform took place. This was a very important reform. It started by redefining the authorities. Instead of having a separated competition commission and telecommunications commission, it emerged in one and the same body. This same reform created a new competition commission, but only for sectors different from telecommunication and broadcasting. And gave powers to the new institute, to the Federal Telecommunications Institute as a new regulator for telecommunications, competition, and also for the authority in charge of these sectors. So, there are no overlaps between the two competitions authorities. We apply the same law but for different sectors. There are also very important definitions in this reform. The Institute was created as an autonomous body. So, it is not part of the executive branch of the government. It is a Constitutional autonomous body, so we have regulatory powers. We have to apply the telecommunications law, the commission law, which were created by the Congress. But we have some regulatory powers in those issues that are not covered by the law. So this is new as a regulatory body. This gives us more power as to react to such ape dynamic market, which is changing all the time, and so we may put in place regulations which are needed and which may not be contemplated in the laws. We have also a very broad mandate. We are in charge, as I told you of telecommunications and broadcasting that is all audio visual and Constitutions are related to our mandate. But in this aspect, there are also other authorities that have different powers related to content, audio/visual content. So we share different responsibilities. For example, with the ministry of the interior, which is in charge of the classification of content for television. The definition of the time periods to -- for these different kind of contents. And we are also responsible for, in combination with our authorities, to ensure that there is freedom of speech and the right of information. So, through all this broad mandate where we have technical powers, economic regulatory powers, we have also to make sure that these fundamental rights are respected through all the regulation and our different decision-making. This is broadly the objectives of the Constitutional reform. As part of the reform, there was only a very specific mandate for the Institute to come up with a series of decisions that had to be made in a period of a hundred and 80 days that was after the enactment of this reform in 2013. So, all these decisions have been made. One -- the most important, maybe, was to determine if there was a preponderate agent for broadcasting and preponderate agent for telecommunications. This is a new concept that was created in the Constitution. We still have this in our competition powers. We may define in they are dominant players according to competition law, but we also have this new concept from the reform, from the institution, and that is simpler. Very much simpler in its application. And, it says that any economic agent which has more than 50 percent share in the whole sector of telecommunications or in the whole sector of broadcasting is a preponderate agent. So, we have to define specific regulations to enhance competition. This concept of preponderance is aimed inclusively at in-- exclusively at enhancing competition. So, we made this decision. We found preponderate players in both sectors. In fact, we have very concentrated markets and sectors, so it was evident that we were facing preponderate agents in both places. But this concept was very helpful in bringing the power to define these asymmetric rules. After trying for so many years, I have told you, it's around 15 years of different efforts to bring about this asymmetric regulation. After the Constitutional reform, we got to put them in place in just a period of 180 days. So, this has been a very good departure for all these different efforts that we have been making to enhance competition. As I told you, the main objective of this reform has been to enhance competition in the markets, in the sectors, and to allow for a convergence in these sectors. We have also made some other decisions that came about from the asymmetric regulations but also others directly from the law, from the Constitutional reform. For example, the reform put in place must carry and must offer obligations for the broadcasting sector. That is it that pay television have to carry open air sign ons. All open air sign ons that are freely received by the people in each city or location. They have to be carried freely by television and also open air broadcasters cannot charge the pay systems for letting them carry their sign ons. This is also -- this has been an important regulation for broadcasting that is also aimed at enhancing competition. In the past, we had several competition problems because in Mexico, open television is still is very, very important for the audiences. In paid television, the channels, there are mostly watched by the people, are still open-air sign ons. So, for any paid television that wanted to grow, to have audiences, they have to have open air sign ons and before the reform it was very hard to do it and mostly because we have a vertical integration between open air television and paid television. In fact, a open television is also the most important carrier for paid television so we also had this specific competition program that couldn't be addressed before. And with these new rules from our reform, we are -- this is specific problem of access to a very relevant input result. We have also put in place several public offers for wholesale services that the preponderance have to give to other carriers. Mainly for telecom services but we also have one public offer for broadcasting services. For telecommunication services, the preponderate agents, which is American Mobile, have to offer wholesale services for bundling access. This was mandated specifically in the Constitution, this unbundling of the local network. Also, for virtual mobile operators, they are obligated to have a specific wholesale offer for these types of carriers, of mobile carriers. They have to give access also to their passive infrastructure, and this is also the case for the broadcasting sector. It also has public offer for passive infrastructure. These have -- these offers has -- have been bringing about new opportunities for other carriers that are smaller in the -- in their networks and it has helped to have their services more easily coming to new places to have new capabilities. The unbundling service is the newest one. It was in place since the last year. We had a technical group made of the carriers with the Institute to solve out technical issues, because this is a very complex services for unbundling. But this was a good exercise to have this technical group with the carriers, with competitive carriers as well as the preponderate to solve out all this these technical issues and then the Institute to solve questions that couldn't get an agreement. Just right now, we are in the first review of the general obligations for the preponderate agents. When we issued them in 2014, we considered to have a review every two years to see how the obligations are working and that's because we considered different factors. For one, to be able to correct things that weren't adequately defined at this first exercise. Also, to look at the compliance of the preponderate to be sure that there were mechanisms to enforce the obligations and if changes have to be made to the rules, to have this opportunity to review and to better the obligations. Now, we are in this, as we are in 2016, we have come to this first review of the obligations. We went through public consultation procedure and it finished. Right now, we are close to getting the final decisions that will come in between January or February. That's where we expect to close with a final resolution. And while it has been very useful to have this review because we have been gaining experience from the market, what has happened. What has happened, what has worked, what has not worked. We also benefited a lot of the public consultation with the carriers which are the direct users of the wholesale services so it was also very useful. In fact, since the Institute was created, we have been using public consultations for all our rule making. This -- well, there are many countries that have used public consultations for many years, but for Mexico, it has been a new exercise and we now have it as a rule, an obligation to go through public consultation and it is really very helpful for the authority to be able to go to the public and ask for their rule playing. And mainly because we have to rule on complex technical issues with new technologies that are coming to the market all the time. But also because in several themes, we have many different stakeholders and it's very useful to learn about their different points of view for specific issues. Well, as I told you, we have a very broad mandate. But, we have been very effective on competition issues because the main objective of the reform is to have better competition on the markets. But, there are also some other important issues, important mandates that are complimentary to competition which are very important. For example, we have to look for the protection of the users' rights and the audience's rights. We very recently issued a public rules for the defense of the audiences. And these are oriented to protect basic rights in relation to what the audiences watch in television. For example, that children should have access to content that is adapted for them. That people shouldn't see discriminating content, sexist content, that is reenforcing this discriminating ideas. And, we have to put in place mechanisms so we can effectively protect these rights. In the law, there is a contact that has gun to work. This is an -- begun to work. This is an obligation for every to have a defensor of the audiences. And this defensor receives complaints from the public. If the public has any content that is against his basic rights, then any person can complain before the defensor, and well, we have to watch that -- this activities of the defensor are effective. They are followed. The defensor has to come up with recommendations and the broadcasters have to follow. I don't know if we have -- if you think that we can make some questions, answers. >> I hope we can. And if you have the time, we'll make the best of the space. But I would like to suggest that -- first of all, thank you very much for that overview. Appreciate it. And I heard in what you said, as I expected, some similar themes that every country deals with. And I would invite our participants to ask questions or to even offer your experience along similar lines in your country. And I always put you all on the spot by encouraging you to speak and I won't do that too much unless you don't speak. So, do we have anyone who would like to ask a question or make an observation. Very good. I don't think mine -- now it's on. Sorry. >> This one? >> Thanks a lot for an overview about the Mexican Telecommunication regulation. How you are figuring out the dominant operator? Is it a task which is done on regular basis? And currently, who is the dominant operator in Mexico? >> I understand this -- how do we make sure that they are complying? >> No, how you figure out the dominant provider, which is having more than 50 percent of market share. >> Okay. Yes. Because, this is a definition that is very broad in all the sector. So, we have to figure that out. We calculate for the different services in the telecommunication sectors. For example, mobile, fixed, paid TV, some other smaller services. We only summed all the users in the sectors and compared it to the total. And since we have such concentrated markets, we found out that American mobile had more than 50 percent of all the users in all the services. >> And is it done on regular basis? For example, annually or quarterly or something? How the time period? >> We have not reviewed the definition of preponderance because in the law, we have a special provision for how to revise that decision. And we have to receive a specific -- how do you say -- application by the preponderate. And, in order to define that they are no longer subject to their obligations, they have to prove that they do not have any more than 50 percent share, but also that there is effective competition. So it is more difficult to get out of the obligations than to get in. To get in, we didn't have to make this effective competition analysis. Only the share of the sector. >> And you said the configuration on dominant operator as well? >> Yes, we apply also competition law and we have the dominance definition is in the law. But, it's according to usual competition criteria. We look at the -- well, we have to define relevant markets. We don't do it in all the sectors when we talk about dominance. We do go to competition law. So, we have to define relevant markets and then look at the share by entry, the existence of other competitors, its application of the competition criteria. There are more -- that are shared with other countries. No? >> I'm the chairman of the Pakistan Telecommunication Authority. I met one ever your commissioners in Bangkok, Adriana. My question is, you have this question to talk about content for broadcasting. So, you mentioned that there is a certain type of content that is not allowed in the broadcasting medium. Do we have something similar for the streaming or internet? Content regulations for the i internet? >> No, not for the moment but we have to make rule making on neutrality. It is a mandate of the law. But, we're still in the early process but we will have to come up with rules. In the law, we have some general criteria as to what to consider in this rule making. Very general, but for example, the law says that the user is always to have its choice protected. So one of the main objectives is to protect user's choice. But the law also says that the carriers that they have to be justified and not against competition. >> My name is Shamim. I'm from Pakistan Telecommunication Authority, director of communication in national appearance. One question is in most of the laws, the teleCom regulator have the providing in the law that the competition control or they have some -- they have to control competition. But when a competition commission arrives, is there an overriding effect to the telecommunication competition under the law or is it -- they would have limited access to control the competition or to look into the competition issues? Second, what is your control of your commission in the sectors? >> Can you repeat the second question, please? >> Like, you know, you pass a judgment or determination. Is it how you enforce it or what is the procedure to enforce that. Thank you. >> Thank you. All right, for the first question, yes, it's a little bit difficult to understand our new institutional design, but we area competition authority. A full competition No. that means that when we act as a competition authority, we apply directly the competitional law. So, we can investigate, for example, practices, cartels. We are in charge of authorizing mergers from the competition viewpoint but because we are also the telecommunications regulator, we try to do it efficiently. We have to authorize as the telecommunication regulator some mergers but from the telecom viewpoint but we also have to authorize asset competition authority. So we try to do it in the same procedure so as to not make the firms to duplicate their procedures with us. But we act differently. We apply both laws and we apply them as the competition commission would do. And if there is a complaint, if one of the carriers is making some anticompetitive conduct, they have to bring their complaints to us. They cannot bring them to the competition commission because they do not have powers over this sector. And we do the investigation. We complete all the procedures, and we may impose the sanctions of the competition law. And your other question is about enforcement. So, we have powers Dover fications, investigations, to go directly to the carriers to ask them to produce documents but we can also make direct measures. For example, if we're looking at quality, we directly measure quality in camp. We have also to make sure that people are using inspection with proper license. So we go to locations and measure and locate if there are illegal use of frequencies, and we have those powers. What I didn't mention, and it is very, very important, is as part of the Constitutional reform, now we have specialized courts for telecommunications and competition. That is a very important change because we're looking to have more specialized people in the regulatory part, but it's also very important that is judges are specialized. So now we have specialized courts. And another change that was very important also is that the decisions made, our decisions, cannot be suspended until the final decisions of the courts are reached so it has really changed the way that the companies go through the judicial procedure because before, it was very easy to stop any decision by the regulator or by the competition commission. And now, they not do it until the final decision by the courts is reached. >> Who are the judges -- the courts telecommunication codes. Who are the judges? Are they from the telecom sector or they are appointed by the -- they are the regular judges appointed by the government? >> They are regular judges. They wear -- were assigned looking at their past experience. But, because there were no specialized courts before they had to come from the administrative part of the courts, that what we're looking at is that they will acquire in working only with these kind of cases, they will be acquiring this experience. >> Sorry for cross-posting. One second. I am from Afghanistan Telecom Regulatory Authority. I had the question about Arbitrage, international transit of vice from one country to another country to Mexican carriers. And also another question about the licensing. Is it technology neutral or is it technology specific licensing? >> It is neutral. We have it, in fact, in the law, we have a principle of technology called neutrality so we exercise the licenses in the widest form possible. The licenses we have been issues are for national services and for any services that can be produced with a network. And broadcast and telecast. We're not differentiating from broadcast and telecoms. In the general license, we call it the (speaking non English language) It's like the only license and it is very broad but we have also licenses for spectrum and in spectrum, we have to follow the authorized use for the spectrum. But only up to that limit that it has to be used, a spectrum use that we have in our national spectrum chart. We give this representation in the broadest sense. >> And how about the Abitrage? The international voice transit. >> We have rules for international traffic, so if there's traffic coming in the country, this is traffic that has to go to an end user in Mexico and has to pay the interconnection charges for termination. >> So, does it mean, for example, if country A wants to call country C, it goes through Mexico, is it allowed? >> We have, in our rules originating and terminating charges. But we don't have a service, that is called, for example, international transit. You have to end the communication in the country. >> And is it illegal if some carrier or operator do so, for example, run one country's voice over Mexico to another international country? >> Carriers can give, in a broad sense, transport services. Those are permitted. But, they have to follow these rules for terminating transit or originating transit. Because, for example, we are -- because of convergence and services and that we're going to IP services it's difficult to distinguish between voice and data. And it's possible to have a transport of data, but that will not follow through a voice service definition. In voice services, you have to follow originating or terminating charges. >> So, I mean, is there any specific regulation for that or rules, or it is just by general concept? >> No, we have specific rules. We have specific rules, some that have been in place even before the reform. Those rules have also been updated but we have also some different rules and technical plans that have to be followed. There are some rules that have to follow voice services. >> I hope I am not taking time of others. Lots of questions. Only I will have the question about the unlicensed band coming to the sector. Do the carriers allowed to use the unlicensed band to off load their services, for example, their Wi-Fi services, to off load 3G or LT services? >> Yes, of course. We have classification of spectrum that is free to use that is unlicensed. We have some bands that are, for the moment, that are defined, but there are also new bands coming. In fact, we have, right now, a public consultation for a new band for license use. >> I always ask this question with my colleagues from Afghanistan. This is a commercial use of the free Wi-Fi bands. But, do you distinguish commercial use from non-commercial use in terms of charges or anything like that? >> Oh, yes, of course. We have also this other use. Social. The social use and public use, and in these cases, we give licenses without fees. That is very important because they are not intended for commercial use. And this has been also very interesting for different needs. For the public use, because well, there are many public organizations that need services, their own services, for example, and mainly for security reasons. So, we give -- we license the spectrum for these public uses directly. Obviously, without having to compete with others. And because all, for commercial use, we have to auction all spectrum. But, this is different. With public and social uses, we do not have to auction. We can assign it directly. And social uses are for groups and organizations that do not have a commercial objective. But, want to bring services mainly for people, for locations that have no ways of paying services. That it would be for telecommunication. We have assigned some licenses, social licenses, for the social telecommunications. But also for social broadcasting. So, and for i for indigenous people. This is a specific kind of license that, they go through a procedure that is more easy for indigenous people, and we have assigned, also, some licenses mainly for broadcasting. >> So, is that, for commercial use, the unlicensed bandwidths with no fee? >> Yes. No, no fee at all. >> You may continue with more questions. I think. I don't know if you're under a time schedule? It's 12:00 now. >> I have some more questions. >> Okay. >> But you don't have to. >> Well, you could have personal time. >> Okay. To quality of service, you mention to how you measure the quality of service. Is it done randomly or the operators just report from the operation Septemberers how it is done and for what interval of time? >> We do both. They have to report, the self-reporting but we also go and measure. In fact, we have to sanction some of the carriers some months ago because they were not complying with quality of service obligations. In fact, quality services have been in place for a while. But now wire working on some new regulation for mobile services and fixed services. We have public implementation for these new rules for services and we are now in the face after the consultation. >> Which methodology you're using, is it then to drive test or through OMC raw data analysis. >> What we have been applying is rather simple. We want to move to something more updated, but woe measure inside for -- we measure inside for -- we have to make for different days of the week and different places of their network to come for result that is solid. But, it is random. We have to do it randomly. We do not have specific problem that the carriers know where we are going to do our measures. It is, we make our definitions and we do not publish them. So, these measures will get us through, as thorough as they can be. >> So the measurements are basically subjective measures or objective? >> Objective. Yes, they have to like comply with some ranges of quality of service. >> I hate to shut this down. I think this is indicative. It's very good that Mr. Nasimi is with the telecom regulator in Afghanistan and it demonstrates the interest in learning about how other countries, especially Mexico take on the same issues. As I mentioned, we've talked before about thinking about doing a long seminar. We have now done a seminar in 15 minutes and you've answered all the questions, right? So, if there are no more questions for now, I want to thank you for coming. Thank you for that excellent presentation. What I propose right now is that unlike when we had speakers coming in in a hurry, that we give you a hello, good-bye, because you weren't able to meet people personally. We'll escort you out. And then I'll ask the group not to leave. We'll have some closing thoughts. That will be another 15 minutes after that. So, this is not a break, but a thank you for coming, good-bye. (silence) >> Let's get started. >> Can you give us please two minutes? >> Okay. I didn't know. >> So you're good. Okay. Welcome back everybody. Thank you for being here. I'm very happy that our speaker, Mr. Chris Painter is able to join us as part of our program. I had indicated this an our agenda, and I'm so pleased that it came through. So, this will be our final speaker of the day. As we've said in other sessions, as I just said to Mr. Painter, our group is diverse in the sense that you come from two countries. I've said this in other sessions. You've come from different backgrounds. Some of you represent your governments, as in fact our Pakistan representatives. Chris, I think you know Dr. Shaw, director Shamin from Pakistan. From Afghanistan, we have Mr. Nishimi who's are the regulator. In the back, we have Mr. Payab, with the ministry. Mr. Wasaf, formerly in the ministry, now in private sector. Ms. Shabana, with the tech administration. We don't know what happens to Aziz but he's in the in the room, right? We have another Civil Society person from American University in Afghanistan. My colleague, Emily Skills is here. We also had a USA representative the here. So we've covered different ground today. We had a visit from ISOC. We just had a visitor from the Mexican administration. In Washington, we had two days of meetings all over the also, we meet with Facebook and Microsoft, or at least some did. Different type of meeting. All geared toward different interest, different backgrounds. How to make the most out of being at the IGF, how to understand the different issues being addressed here. How the different expertise is here. You represent a lot with respect to your cyber responsibilities. A more formal introduction of you. Mr. Christopher Painter is the coordinator for all cyber issues at the U.S. department of state. He's been at the Vanguard of cyber issues for over 25 years and what he does is coordinates and leads the U.S. diplomatic issues. He implements from cyber space. These are a lot of issues. You see I'm reading off of the internet. I hope you don't mind but I've been very fortunate to have worked with you the last couple of IGFs. Your more than staff member, Lisel Fronz in the back who coordinates the IGF activities so it's a big honor that you're here and you've come again to talk to our delegates. I thank you and turn to you. >> Thank you and am happy to do so and it's been nice to do in the past. This has been a very interesting issue. I've been doing this in many capacities. I as way prosecutor doing cyber crimes in the 90s. I've done a lot of policy at the White House when the Obama administration came in and now I'm running this office at the state department, seeing different aspects. I'll start talking about what I do then talk about some of the different challenges but also I want to make this more interactive and have questions and answers because I think that's better to address some of the issues people have had in the past. What my office does, set up about five and a half years ago now. It was the first office ordinary where a foreign -- anywhere where a foreign ministry was looking at all the sweep of cyber issues. So everything from, on the hard side, the cybersecurity issues, the international security issues, cyber crime issues. To issues like internet governance and internet freedom, working with people across our government and across our department to try to do two things. One, raise the level of engagement, make them a real policy issue. Two, make sure we're speaking in the same voice. Not a shock, probably, you'd get different answers or takes on thicks but if we had a more unified strategy going forward, we can be better at achieving the things we're trying to achieve which is an open, interopperrable, but secure at the same time internet and communications infrastructure so you can have all of those together. That's not always easy because there are a lot of competing concerns, competing issues around security and privacy and freedom of expression, but they really don't when you analyze them closely compete as much as people they they do. They can go hand in glove, than that's one of the things we try to do. We launch an international for cyber space back in 2011 that looked at all these different issues. Everything from the security issues, to the human rights issues, to the security and economic issues and we try to put them under one over arching theme. Not only for our own governments but for all of them. Not just governments making decisions. Somewhat of a sliding scale that there is a multistakeholder approach where it's government, civil associate, the private sector, ac deem yew. Indeed, when we were doing Civil Society at the White House, we shared it with all those groups. In the Obama administration, we share it had with all those groups and now routinely in my job at state department, we talk to these groups in the U.S. and around the world. Indeed, some of the sessions we're going to have later on during this IGF is a meeting of the private sector stakeholders, a meeting of the Civil Society stakeholders, and obviously dialogues with a number of countries too. I think that's a very helpful way to look at this basket of issues. It's important that this has been elevated to meet a policy issue for a couple of reasons. I think for a long time that I'd seen this, people looked at this as more of a technical issue so there are more important aspectses of it. Regulatory aspects, technical aspects, and it's important for the ICT ministries and the regulatory bodies to be involved. But, it's not just that. If you're looking at issues around security or human rights, there are other parts on the government side. It's not solely a technical issue. It really is a core issue of national security, economics issue, human rights policy, and it's important for all those players to be think about this and having discussions because that means your policy in the end will be better. Security, cybersecurity, for instance, is not an end in itself. It is a enabler to allow you to have better economic use of the internet and just better economic growth generally and social growth. So, you have to look at all these things together, and we've done that. The things we've been trying to promote certainly working very closely in forums like the IGF promote the fully stake elder way of looking at -- multistakeholder way of looking at internet freedom issues, working with the freedom online and other coalition. Working on security issues. Getting more countries to sign on to the cyber crime convention, the Budapest convention, getting more countries to deal with cyber crime. Working on cybersecurity issues, cybersecurity strategies that are not just anyway owe strategies but whole of government strategies that are developed that has all the different parts of a government and the other stakeholders in society as part of it. I think now there are over 35 countries that have national strategies around the world and more on the way, which is important. We've been doing capacity building on cybersecurity, doing different strategies and others. We have been championing a cyber stability framework on that hard side, trying to avoid cyber fair, so how do you do that? -- warfare. So how do you do that? Having international law to cyber space. Making sure there are mechanisms in place, confidence building measures so countries can talk to each other. Having channels of communication is one type. To make sure there's not misunderstandings because of areas of misattribution. Also worked to meet between cybersecurity and we've used dip oolitic tools to respond to other implements. We have an incident a few years ago where a lot of our banks were hit with bots located all over the world, concentration can change from day-to-day. They're hard to deal with. There might be some technical things you do but they're not that easy to do. What we did was in addition to our UScert reaching out to their counterparts around the world and our law enforcement reaching out, we also used diplomatic means. We said, can you use these and mitigate the threat and you if ask us, we'll try to do the same for you. We'll try to build this collective response issue. But again, all of that has to be looked at together and I think we've done a good job in main streaming this issue with not just a technical issue but a major policy issue within the US and increasingly around the world. I remember when I first started doing this, going to a minister or cabinet secretary in our system and telling them about any of these issues, usually their eyes would go blank and they would not want to deal with it because they thought it was a technical issue. Now, I go to meetings in the White House that are cabinet level meetings, or deputy cabinet level meetings where they talk about these issues quite intelligently because they understand all the implications. It's not just a cyber issue. It's a larger issue. So task I think, really means this is matsuring as an issue. It's an important issue not just for developed countries but for developing corns because if those countries develop the right practices while they're developing connectivity, then they will be in a better place, frankly, than we were because we tried to bottle a lot of those policy -- bolt a lot of those policies on after the fact where these countries as they get connectivity have the opportunity to do that and make policy in a they'll be enduring and the beauty of making policy by bringing in the private sector and Civil Society is that when you have that policy, those sectors embrace that policy and are supportive of it rather than criticizing. So, there's a lot we've been able to do. There's still a hell of a lot more to do in this area. The challenges are getting greater. You read every day on the news about some major incident of almost any kind of. People are getting worried about these issues so I think we need to be able to address this. But, at the same time, make sure we're looking at the positive nature of the internet and what it brings while looking at the security and really melding those together. So that's really been our job. Now I'd say since my office was created, Lisel joined the office about a year after it started. We start with four people. We have about 20 now, which is, you know, good obviously. But they're all overworked. We were the first office mentioned anywhere in the world that had this, any country. There are no over 20, almost -- now over 20, almost 25 countries who have a counterpart to me and their countries who we've been dealing with on these range of issues. And that's very important. And countries are taking it much more seriously. Again, always understandable when countries have lots of different priorities they have to deal with. This is maybe not always their priority but I think if it becomes a priority for your executive, the leaders of the countries and administrators, the really helps us overall. It's something we've been pushing pretty aggressively. So I'm going to stop there just because I want to encourage questions and make this a little more interactive than just me speaking at you, if that makes sense. This is like one of the longest microphones I've ever seen, I feel like. But, please. >> This is one of the rooms that is least conducive to conversation, but we'll try. So let's try to have a conversation. Is there anything else you'd like to know or anything that -- and I know, I guess most of you aren't that involved with cybersecurity, although Mr. Wafa always has been. He's always with my cybersecurity contact. He's ready to speak, I think. >> I should say, this is not just about cybersecurity. I covered that. As I said, we cover issues around human governance, internet freedom and human rights online. But the important message I'm trying to leave with you is that you can't have people over here doing cybersecurity and p.m. over here doing internet governance and people over here doing human rights and people over here doing economics because if you do that, you're kind of doomed to fail. I'll tell you a little story that when I first went to the White House in the beginning of the Obama administration to join the national security counsel. I thought once you're in the White House, everything is organized and there's no conflicts and everyone has the same view. No. It's very similar to the interagency process and what I saw -- and this has changed dramatically over the last eight years, is the people who did the economic side of the internet policy and the people who did cybersecurity didn't really talk to each other much. In fact, they had whole different ways of speaking about it. Internet policy. Cyber space. You know, there were whole different ways of even talking about the issue. And there was I think some distrust. The economic people were saying, those security people are trying to slow us down. And the security people are saying the economic people, who wanted to innovate, which was really important, were crazy because they weren't talking about security and thinking about things like smart grid and issues like that. What I've seen over last eight years is those communities coming closer together and understanding the values of each other and that's an important discussion to have in your country is to have the difference components dealing with different issues talking to each other so that's my one thing I try to preach. So anyway, please. >> Thank you, Mr. Painter for the briefing. Indeed, cybersecurity is a 24/7 job. As a former employee to the Ministry of Communication and IT where I started also security stuff, establish a team of to work on solving Vegas cyber crimes. I still have some concerns with leaving the government. You mentioned about the capacity building program. Do you have this for governments like, is there any chance we can communicate this to the communication and IT and send a couple of people for engineering level courses or education. There's a big gap between the technical guides and loom. I'm sure Mr. Ga -- and the law enforcement. I'm sure Mr. Gatul remembers the workshop we held in Istanbul with law enforcement and technical guys. Still, the understanding level of the law enforcement was tough. And they were not trying to understand, or it was very complicated for them. They were taking the issue to a very different level. I would like to know if there is any program for that so we can come coordinate this thing with the ministry. Since I am still involved in cyber related activities, the most recent activities is with MCIT. The time from ISOC, Afghanistan. I'm working with them to find a solution for child online protection. In Afghanistan. Thank you. >> It's a very good question and I'd say we've tried to do capacity works. A lot of what we've tried to do at my office because of limited funding and even more limited personnel to do it is to do regional programs more in terms of cybersecurity policy and also cyber crime policy. We've done a lot in Africa so far, but we're looking to do more, but it's been regional ones because we can't -- we just don't have the resource to go country by country of the however, there are, depending on what you're looking at, sometimes parts of the US government including FBI who does specific training on specific things, forensics and other issues with specific countries, so that's possible. There's something called the global forum for cyber expertise that we're a member of which is during their big cyber space conference with governments around the world doing capacity building. So you're right, there's a current need to do more capacity building. This was recognized just recently in this commission report that came out of a commission set up to looking at our sign err security issues around the world and we recognize that's important not just for countries but for all of us since we're all part of the same network. But, I am happy to follow up and try to point you to some resources but as far as us individually being able to do it, sometimes we can do it in a very narrow sense but it's just very difficult to do country by country. Rather than talk about best practices and things that are available but sometimes there's individual training available, also things like, Lisel, the USTTI program. Which, although it's largely focused on regulatory policy and others, it ask z have programs on security now. Those can bring people back to DC on that. There are folks interested in that in what they call industrial control systems that are our Department of Homeland security has tried to make space available, so there are some possibilities but I'd be happy to follow up. >> When it comes to the cybersecurity issues on a government level, so it's not a one-man job or one entity's job, but unfortunately, I would say that it's happening back in my country through one single entity, which is not a good practice. So, what would you recommend because we cannot adapt the structures for sure, but what would you suggest for developing countries? What would be the best combination of different entities in order to fight this cyber war, I would say. >> So, I don't think there's any one silver bullet. There's no one perfect answer to this. A lot depends on your government, how your country is organized, what the institutions are, what their responsibilities are. What I have emphasized is in some countries they have one entity that tries to do everything. In 1m countries, they recognize that the ability rests in several. I'll tell you, like in the US, for instance. The State Department has a role. Homeland security, the department of Justice, the Department of Commerce. So, what we've decided is rather than trying to create some new group and put everything on that, the most important thing is to have coordination between all those different entities, to leverage capabilities that are there. So, again, you have to map your own government and say, well, where is the expertise, and where is the ability? I've found, although, again, this can differ from country to country, having a coordinating function for us in the White House has been helpful because when you have it in one agency, there's always jail shy between agencies and they don't -- jealousy. Between agencies and they don't always cooperate. It's not perfect, but I think we've been able to get those agencies to contribute their capabilities whether it be Department of Defense, DHS, DOJ, Commerce, or even other organizations including Energy and others. There's a lot of best practices out there. And this is why a national strategy is really important because if we put a national strategy together, you can figure out who does what and assign roles and responsibilities so people know what the playing field is rather than fighting about it and I think that's helpful. But it really depends on how things are distributed on the ground, but that coordination is the most important part of it. >> Thank you very much for the information. One important aspect of cybersecurity are the certs. So, in the US, what's the structure of the Cert? Does each area have a separate one, and financial institutions have a separate cert? And who is taking lead in the certs? So where is actually the cert located? >> So, the answer is yes. (laughter). There is a centralized government CERD. It's U.S. CERD in the Department of Homeland Security. It deals with threats to the government, also if the conduit between the government and private sectors, sharing information from the government and trying to gather information from the private sector. There are numerous state CERDs, numerous CERDs for different sectors. Also different countries. If you ever go to a form of incident response in cybersecurity meetings, they bring all these certs, company Certs, regional Certs. I think that's helpful because they have different roles. The other thing beyond Certs is we have sector to sector sharing, they used to be ISACs but now they're called ISHALS. That's been very effective because we let the private sector organize that and that's been among the government so they're more willing to share among themselves so it's not a cert but a way of sharing information that could come from a cert so I think it's really important, and we've argued this around the world, that every government have a government-level cert to at least deal with their government but also reaching out to the private sector and I think that's a building component that you need to have. >> Thank you very much. I also second Mr. Wafa from Afghanistan that there's a big capacity gap. So, what we can do that with the help of CLDP from your agency, we can have a good four or five days workshop in Pakistan. That's possible that where we can have regional countries. Second is that there is, from the regions, especially Pakistan point of view, that the cyber crime is a big problem. Like, most of the countries must be compliant with the year slot. But most of the cases in law enforcement, they don't -- we don't have allied solutions from them. So, what is the policy in this regard from the US government? >> So, again, capacity building, we very much think it's an important area. It's just leveraging the right resources and doing it. We've also tried to do webinars and other things, but we can discuss that morement I agree. I think law enforcement is facing a lot of challenges, forensic challenges, training challenges. We think there's a couple core things and it be done. One is we think countries should join this Budapest convention because it allows better substantive law but also better sharing of evidence. That's a three-legged stool. One is having the laws in place, one is abilities to share with other entities around the world and the third is having law enforcement that knows what they're doing. So you have to have all throve those together so I think that's a challenge, I agree. Governments are not prioritizing that because all forms of crime are becoming cyber crime. Either it's an actual cyber crime or the evidence is on the internet so again, I'm happy to think more creatively about how we can reach out, whatever our budget will be next year and talk more about that. >> Do we have any questions? >> I think I have time for one more. >> I saw some interest, or no. I'm not trying to pull it out. I just thought I saw some. >> I would just ask a question. I don't know how it sounds. When we are forming coalitions against different terrorists or the wars or whatever, do you think that there will be a need for coalition of governments to fight against the cyber war? Because some countries are advancing, but some are lagging behind, so how we can fight it together? >> And it's a good question. What we've been focusing on is is trying to make this a more stable environment overall, so that's the idea of saying international law applies in cyber space just like the physical war. If you actually had a cyber war -- and we haven't had one yet. People talk about it a lot, but we haven't had one. There's been cyber components to shooting wars but not a separate cyber war. I'm not sure there will will be. But things like apportionallity apply just like they do in the physical world. The idea of channels of communication so things don't get out of hand, A, and the idea of promoting norms of responsible behavior. These are things we've been working on a lot. Things like, country should not attack the critical infrastructure of a country absent war time. War time are different rules, but otherwise, don't do that. The more countries we can get to say, that's a good idea, that makes the entire ecosystem safer. The worry is you could have bad actors. Now, most country actors, unless countries like north Korea, for instance, have enough inner connections that they don't want to risk having a cyber conflict but you need to have some rules in place and that's what we've been working on, trying to make that safer. Of course, that's been happening in something called the group of government experts in the UN. It got affirmed in the first committee last we're. I think we need to continue that work and broaden that conversation so it's not just a small group of countries but all countries who are thinking about those issues. I think I'm out of time. >> Great. This has been wonderful. Thank you so much for coming. >> Sure. Happy to do it. Thank you guys. Good seeing you. See you again next week (applause) (silence) >> Issued we had, especially for the Afghans. So, thank you. >> Yeah, the trick is to get as many people involved as possible. I want to talk about something else, if I may. We still have time? All right, thank you all. Just some closing things. We've discussed this before. There's nothing new here, although it's in a public forum. Jut about the rest of the day and the rest of the week. As you know, this is our last time together in terms of CLDP and you all as visitors until really we get together Friday afternoon for lunch and our closing sessions for those of you who are still here. We've talk before about how we're -- what we want to get out of the IGF. So, in the bigger picture, we've talked about, do you have a plan for the week? Do you have a plan for what you do? I haven't really helped very much with those plans, but I will come to each of you, little bit in terms of your organization but individually on what you hope to do and on Friday, I'll ask you what you accomplished, basically. And what you'll take away from this. What you plan to do in the future as a result of being here at the IGFs. For those of you in Washington, you remember our senior counsel, Mr. Joe Young said for CLDP support of the activities in the two countries, how can we think about what we might be able to do in the next 12 months following this. So this time together is really setting up accomplishments and results. For today, there are a lot of Day 0 elaborates including, I'm sorry, we won't be able to go to the new person's event which started at r at 12 but I looked at the he schedule and I think you'll find those interesting. For today, it is good that you're not all new. I think we have at least -- we have three in the room who have been here with CLDP before, and you're the veterans. It's not all new to you. You have a sense of this and you're not going to be as lost because you have friends here to help. As with other CLDPs on IGFs. We have Judith, Emily is here, I'm here. We don't know the areas, the discussions as well. Judith does, this is why Judith is here to note the issues. We're all here to figure out what would be a valuable use of your time. You don't have to come to us. We're not here as department of Commerce to testimony you where to go or what to get into. Fortunately, with our colleagues, we're here to facilitate. The three of us will be around all week. We'll be helping to say where to go including what time you want to go home. We'll take a survey this afternoon seeing what time we call our bus for. Those who don't want to leave when the bus leches, there's the regular shuttle. >> And we'll find out, you'll be at the bus. >> And we'll figure out where that bus is going to be. So like I said, we've talked about this before. We're going to have a busy week, a fun week, a productive week. Any questions about what we're going to do other than lunch, which is the next issue? >> We reserved the room for the whole day in the thought this if we didn't have the preWashington seminar, we would need more time for discussions later in the afternoon. But we don't need that now, and so that's why we didn't release the room. >> That's correct. The IGF reflects the requests I made for the room, and it was a matter of being in Washington, which we didn't first plan when we reserved the room, and the fact that there's so many other things day zero. The fact that we're breaking now is consistent with the printed agenda that we distributed by email and in Washington, so I think I'm consistent. I didn't diverge from that. I did notify the secretary that we would not need this room after lunch and I just did that late, so it's still on the document and online. I think we're all in the Whats APP group. Unless you all are prepared to tell us now when you want to go home. >> And there is a reception at a different place. >> So I'm presuming we go back to the hotel. We won't have a bus to the U.S. reception but we will help with Ubers and taxis. I hope you all can tabbed. >> Grand Fiesta? >> Where is that? >> It's pretty close. But also, if you stay here, the Grand Fiesta is on the shalt bus route. So, if for some reason, the bus is gone and you're still in the session, just find the IGF shuttle that goes to the Grand Fiesta Americana and hop on that bus. >> And what time is this reception? >> We're not going to leave anyone behind so if you guys do plan on going directly to the session, please let us know because otherwise we're going to just be sitting and waiting. >> Because we will leave people behind. Not on purpose. If you want to stay behind, please let us know so we know where you are. >> The session is at 7:00. >> Right. So that's why if you're here until 6:00 and you told us, I'm staying for a session until 6:00 p.m., we'll know and you can take the hotel shuttle to that hotel. >> So, should we say 5:30 as a pick-up unless we hear otherwise and we'll send out a notice where this bus is going to be? >> Is that okay? We need to tell the driver what time. So 5:30, I think that gives us enough time to go back to the hotel if people want to change or anything. >> I have to tell them. That's why. >> 5:15? I hear more like 5:15? >> Is 5:15 better for people? >> It gives us more time at the hotel. All right. So now lunch? >> And the thing is with lunch is that it's not provided, so we have to buy meal tickets every day. If you go by the gift shop, you can just get their meal ticket. Everyone has their money on them, right? No one forgot money? >> I'm sorry, CLDP would have been happy to cater lunch as we have in previous IGFs but the IGF has prohibited us from bringing food in, at least last year they did. No food. And sometimes the food is free so last year it worked out. This year, we just buy the tickets. We're good? So, you're free on your own. I think there will be a rush to the ticket window. Thank you very much. Thank you to the IGF staff. Really appreciate it. Any remote questions? Have a good day. (Session was concluded at 1:00 p.m. CST) ******** This text is being provided in a rough draft format. Communication Access Realtime Translation (CART) is provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. ******** INTERNET GOVERNANCE FORUM 2016 ENABLING INCLUSIVE AND SUSTAINABLE GROWTH JALISCO, MEXICO 5 DECEMBER 2016 WORKSHOP ROOM TEN BPF ON CYBERSECURITY -- CREATING SPACES FOR MULTISTAKEHOLDER DIALOGUE IN CYBERSECURITY PROCESSES Services Provided By: Caption First, Inc. P.O. Box 3066 Monument, CO 80132 1 877 825 5234 +001 719 481 9835 www.captionfirst.com ******** This text is being provided in a rough draft format. Communication Access Realtime Translation (CART) is provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. ******** INTERNET GOVERNANCE FORUM 2016 ENABLING INCLUSIVE AND SUSTAINABLE GROWTH JALISCO, MEXICO 5 DECEMBER 2016 WORKSHOP ROOM TEN BPF ON CYBERSECURITY -- CREATING SPACES FOR MULTISTAKEHOLDER DIALOGUE IN CYBERSECURITY PROCESSES 4:30 P.M. CST >> Hello? Hello? Is that working some yep. Can you pick it up in the back? Is that okay? >> Working. Okay, good. >> Okay. Ladies and gentlemen, sorry that this has been a little bit of a logistical nightmare. I do apologize. We're a bit crowded together here, but we're going to get underway because we lost a bit of time. My name is Matthew Shears with the center for democracy and technology and I have the pleasure of moderating this excellent panel. As you've seen from the panel description, the purpose of this panel is really to understand how we can create spaces for multistakeholder dialogue on cybersecurity issues. Now, obviously, this is a challenging issues. It's one of those spaces that typically is very sensitive from a national security perspective, so what we want to do here is learn from the spaces that we've engaged in, the opportunities for that engagement, and really draw out some key learnings from it. And I'm really hoping there are members from the best practice on cybersecurity here who can share their experiences from the floor. And also, anybody else. So I really want to make this an interactive session so we're going to go through the panel, so please hold your questions and also your experiences. I want you to get a mic. We can share and we'll take questions at the end of the panels and then we'll open it up to discussions. So we've got a couple of people taking noughtses so what's really important is that you -- notes so what's really important is that you tell us what your concrete learnings are from participating in cybersecurity spaces. How easy has it been as different stakeholders? How do we open doors to participate in cybersecurity spaces and what do we need to do going forward? Because those comments and learnings you will provide us with will then be relayed in the Thursday morning best practice for cybersecurity. Thursday morning, right? Brian? >> Yes. >> MATTHEW SHEARS: Yes, Thursday morning. So please don't hesitate. Jump up, give us your thoughts and most importantly your experiences. So, I'm not going to talk anymore but I'll come back with a couple of issues. I'm going to let Tatiana lead this off, Tatiana Tropina from the Max Planck institute. Then we're going to be go to Carmen Gonsalves, then bell Contreras with CSPM. Then Sowmya Karun with CCG, and then Gbenga Sesan, from Paradigm Initiative Nigeria and then end with Walid Al-Saqaf. Go ahead, Tatiana. >> TATIANA TROPINA: Thank you so much. Sorry for crowded room. We are creating spaces for dialogue here. Just a couple of points. I believe I have three or four minutes. What I learned personally from being in cybersecurity for almost 15 years now in kind of different countries and different spaces. Well, first of all, I believe that when we are talking about cybersecurity and multistakeholder dialogue, we are sometimes confusing different cybersecurity demands because dependent on which demand we are, the participation channels and stakeholders would be different. We can talk about participation in creating frameworks for cyber crime and for digital investigations and it would be completely different from national security issues and those would be different from critical information infrastructure protection. So we have to understand first before we heading somewhere to participate, before we are heading somewhere to create any spaces, we actually have to understand where we want to create the space. Which domain this is, and how we can contribute. I think there is a lot of criticism about fragmentation of efforts in this area, but I think this is very natural that these efforts are getting fragment different issues where domains and stakeholders are unique and they do not overlap so we have to understand the spaces first before we aim for any multistakeholder dialogue. Another thing is that there are two levels, national and international level. And if we think about stakeholders we will see some very unique domains and very unique processes. For example, let me go a bit historical. Before we created all the notion about multistakeholder cybersecurity, there was a big notion about public private collaboration in cyber crime, in cybersecurity which meant something different. You can organize public private corporation, for example, in digital investigations, but it's hard to talk about multistakeholder when you talk about operational things because there are unique mandates of the government. There are unique mandates of the law enforcement agencies. So, for many of the processes, we can talk only about multistakeholder policy making, or in the best case, multistakeholder law making. And, I'm sorry for getting complicated, but there are two levels. National and international. And it's not a secret that there are many closed spaces like global group of experts like some international agreements and frankly speaking, I do think there's a need for multistakeholder dialogue here, but I don't think that these venues will get open very soon so I believe we have o aim for spaces on the national level or on the regional level on your own country like on the level of council, African, Europe, you name it and from there, one can broadcast the ideas. If the venue is closed, there is still a possibility to have a dialogue with the national government and then the national government representatives can broadcast this idea, for example, about human rights, about safe guards. They saw that sometimes it really works well when the government has good dialogue with industry, with Civil Society. Then further about multistakeholder. I believe that we do already have very good enrollment of technical community, private sector, and academia into cybersecurity matters. It is different because it is sometimes seen as antagonizing. I will talk about opening these doors a bit later, just a couple of examples from my personal proxies. I work for the academic institution and I do believe that if you have a knowledge and willingness to contribute, you can contribute into different processes from international organizations to different working groups. For example, I'm a member on Freedom Online Coalition working internet where we have different representatives of different governments and civil society and we came up with different recommendations on how to make cybersecurity policy making a more human-rights oriented. The idea behind these recommendations is that talking about security balance is very wrong because any framework should be human rights oriented by design because security of the persons is very important and we have these recommendations supported by both governments and Civil Society organizations. And now I'm wrapping up my intervention about opening the doors from my personal perspective. You have to understand like to create -- creation of multistakeholder spaces can go top down so the different organizations, working groups, international organizations, governments can open the doors. These can go top down, but it can go bottom up. So, if you are, for example, Civil Society and you're struggling with a question, academia, how can I contribute? Think about different domains. Set up clear goals. Think where you really can contribute and then many even closed doors will be opened. Like, my institute worked on the national level like on legislation reforms. I think we have quite a good collaboration with council of Europe, for example. So, the doors are open if we are ready to offer our knowledge and if we are ready not to go into confrontation but to listen to other parties. To meet somewhere in the middle, not compromising our values but the problem of law enforcement, of legislators, because it is a hard job. It is easier to talk about good frameworks and human rights. But try to work with different law officers and try to understand the frustration. So just being open to this dialogue, not only being open to your ideas but listen to others and come to some kind of compromise, something that will have value for all the parties of these multistakeholder things. >> MATTHEW SHEARS: Thanks, Tatiana. That's a wonderful opening. Just a little bit of publicity, if anyone is interested in the Freedom Online Coalition Working Group 1 that Tatiana referred to, they can go to freeandsecure. If we can free up the presentation. Carmen, whenever you're ready? >> CARMEN GONSALVES: Yep. Thank you very much, Matthew. Hello, good afternoon everybody and thank you that you invited me here to check in this framework about the global forum on cyber expertise, the GSET. The Netherlands as a starting point, I work for Netherlands government, by the way, ministry of foreign affairs. The Dutch government strongly believes that striving for a truly resilient cyber domain requires global engagement and better ways to work together. That's why, indeed, we are, as a country, proud to be one of the founders of the global forum of cyber expertise, and I'm also very happy that I have the privilege to be the co- chair of the GFCE at the moment. The GFCE was launched at the 2015 global conference on cyber space, and its aim was and is to create a pragmatic action-oriented and flexible multistakeholder platform to obtain best practices and cyber expertise, identify best policies, and multiple these. >> MATTHEW SHEARS: Hang on one second. Carmen, if you can just say -- we can't actually, I don't think we can do it from there. >> CARMEN GONSALVES: Where is it? Can I do it myself? >> MATTHEW SHEARS: Yep. Okay. Good. Thanks. >> CARMEN GONSALVES: Yes. Thank you. That's where we are. More or less. So, the idea behind the GFCE is that all though much progress has been made on addressing cyber issues, we can all benefit from sharing our experiences and strategies to take full advantage of the rapidly changing cyber environment. The ultimate aim is that by doing so, we can broaden the companies which embrace the vision of the internet which is free, open, and secure. That's what it's all about to create this critical mass of countries that share this vision of a free, open and secure internet. The GFCE currently counts 55 members from governments, international, intergovernmental, international organizations and private companies from all over the world. Closely involving and working with Civil Society, technical community, and academia. The GFCE has an advisory board consisting of Civil Society, tech, and academia which provides advice to the GFCE. Yes, sorry. I have to do that myself. Be self-organizing. So, this is only the second year we're in GFCE. GFCE is very young. You have to take that into account. It's into development, still. So at the beginning of this year, 2016, we conducted a survey among our members to find out how they are viewing where we're heading and how they see the strengths and weaknesses and the added value of the GFCE and what came out of that survey is that most members consider value of GFCE for three issues. The first important notion is that they consider GFCE a repository of knowledge and a place to exchange ideas on good practices with practical products like training manualing and exchange of information also through our website. A place to share knowledge about where projects are occurring, and planned which enables coordination. So coordination aspect is also an important one in order to have an idea of what is going on all over the world where capacity building is concerned in order to know what's lacking and what could be done on top of that. And thirdly, members joined in thinking and feeling that this is an important clearing house that helps match members looking for sharing ideas and good practices with members that are aiming for implementing projects or host projects in their respective countries, also supply in demand of knowledge. Capacity building is at the hart of GFCE. Through closer collaboration among stakeholders we think we can optimize assets and combine specific expertise. So we organize initiatives, created a partnership formula between intergovernment organizations and companies involving Civil Society, and tech and academia. So it's definitely multistakeholder in essence, all about exchanging good practices in a sustainable manner. It is about creating seed projects that will result into other off shoots. At the moment, there are 12 ongoing capacity building initiatives, mostly in the field of cybersecurity and cyber crime. I'm going to give two examples. Thanks. Of ongoing and past initiatives. First of all, there's the very successful initiative, global awareness campaign initiated by the U.S. and Canada. That's an initiative aiming at private educators and individual citizens regarding their own responsibility for creating safe cyber space. So it's an awareness campaign, as such. It's an initiative to create awareness campaign based on the point of departure that it's not the sole responsibility of governments to design and implement such a thing. You have to do that jointly with all stakeholders on board, so jointly organize awareness campaigns. The message of the campaign is therefore created by a coalition of private companies, non-profits, and government organizations. And furthermore, there is an interesting initiative that's called progressing cybersecurity in Senegal and west Africa. As part of this initiative, the global security capacity center in 2016 conducted a cybersecurity maturity review of capacities in Senegal supported by a ministry of post and telecommunications in Senegal. For that, the most important Senegalise stakeholders, government, academia, law enforcement, and private sector NGOs and on the basis of this endeavor, and evaluation, the Senegalese government will have better tools to prioritize areas of capacity in which Senegal should invest strategically. Another third initiative is one I would like to briefly mention that recently had a very, very interesting expert meeting in Bucharest. It's an initiative on coordinated vulnerability disclosure initiated by Hungary and the Netherlands. The idea is that this will result in a handbook of best practices in order to promote and safe guard and find a good way to enable ethical hackers to work. So we're now moving into second year of the existence of the GFCE and now we have to look at the future, what are we going to do? We are definitely going to capture the good practices that we have been developing over the past year and we also want to take them forward, and furthermore, we want to design a future agenda for global capacity building. That's what we are, at the moment, aiming for. In the year 2017, we'll have several important milestones in this respect. There's going to be a GFCE meeting in March in Brussels where we will look at these future plans and we will hope to make a real step towards a long term strategy during the next global conference on cyber space that is -- and I'm going to disclose something that's not official, so keep it in this room, but it's really 99.9 percent sure it's going to take place in India, hopefully next November. And India is also hopefully going to become our co-chair in the GFCE. Thank you. >> On the internet? >> CARMEN GONSALVES: Well it can be on the internet? >> India is going to host the next GFCE? >> CARMEN GONSALVES: It's not officially launched but we are really very near so I think we can do it. >> MATTHEW SHEARS: Breaking news. You heard it here, although you can't tell anyone. Belisario, over to you. >> BELISARIO CONTRERAS: Thank you very much. I think Carmen spent a lot of time talking about the GFCE, actually. We're very pleased to be part of the GFCE. We invite you to go to the website. I have several initiatives with several partners. Actually, I want to take a couple of seconds to thank several partners like the government of Canada, the United States, Estonia, Spain, Senegal, Columbia, Dominican Republic. All these countries are financial contributors to this program and they are the ones who make it possible, so we are very thankful, especially with the government of Canada who actually put forward our initiatives ten or 12 years ago. We want to focus a little bit of what we do. In three different areas. One is minister of justice in the organization of Americas. One is focused on the infrastructure of internet, and other one is intergovernment service, which is where I am located, which is where the service is. It's not that we do all antiterrorist issues. That was the place where they said, let's put them there. Okay? We have been actually, member states have developed several declarations. Have gave us mandates to work on different issues. It's just like working on fostering our developing national for Certs, whatever you want to call it. Working on research and expertise, so we have -- one of the things we have to do is publish a series of reports actually with coloration of the private sector and academia. This year we have a major support with other contributors, Microsoft, different contributors to that report. Trainings and workshops, we have more than two or 3,000 people because they are not just government officials. They received some per year. Crisis management exercises. Something that we are doing in collaboration government of Spain is organize an exercise every summer and this year for the first time, organize the first bilingual security where we have that operation there. Awareness, this is something that we're working with the internet campaign initiative. There are organizations there working on the alliance. EHS in the United States, Canada, and different governments that are actually adopting this. In all these, our member states have official recognized that in order to face cybersecurity issues or cyber issues in general, they need to work with private and Civil Society actors. So what we have tried to do in all these different initiatives is try to make sure the different actors, all these actors are engaging in all those initiatives. For example, when the national policy development processes, we try to reinforce that to our governments that these actors need to be involved from moment zero to make sure that the processes is totally strong from the beginning until the end. When we are working on reports, research, we RIADIS actually that the private sector -- recognize actually that the private sector and academia are the ones who have the most information but it's very important as well to get information from law enforcement initial response agencies or institutions so we try, actually to promote those relationships. In terms of training and workshops, we are able to do sometimes all these things based on collaboration. Otherwise, it would be super expensive and impossible to do things so that's something very important to highlight. We work with a variety of partners from different sectors and this is something that we are very, very proud. Again, exercises, workshops, all these things we are trying do that engagement. I'm sure that we're going to have time for, or I hope we have time to engage more discussion. We wanted to share these and try to open with the discussion. >> MATTHEW SHEARS: Wonderful. Thanks, Belisario. I'll be coming back with a couple more questions to you, specifically, on some of those. Now we're going to turn to Sowmya, if you can work us through Civil Society experience in India. Thanks, very much. >> SAMANTHA BRADSHAW: Hi, everybody. Good afternoon. -- >> Sowmya: Hi, everybody. Good afternoon. I'm a project manager with the cybersecurity team. A relatively young team, and we seek to provide unbiased research inputs into cybersecurity law and policy making. And before I sort of take you over, I will also be presenting the findings of a paper by my colleague commissioned by GPD, but before I run you through those findings I'd like to given you some context as to how cybersecurity policy and legislative processes function in India. To be fair, p cybersecurity policy making, the process itself, the is very limited in India. There have been very limited policy, however, over the past couple of years we see there has been increased governmental attention. We know that the IT act which is a primary technology legislation is being considered with amendment. Several draft policies are being brought out and put out for public comments which is some form of multistakeholder engagement, so to speak, which is honestly the most limited form. This has also been followinged by the channeling of budgeted resources which means huge budget reallocations with respect to cybersecurity, we have the office of the cybersecurity coordinator which was created for the first time last year, the national cyber coordination center and even a huge research fund dedicated to be for multistakeholder engagement including with industrial, academia, technical community, all of that. What we have discovered there's been a draft on critical infrastructure, what we have seen is that in India, at least, often these policies are ad hoc, mostly reactive and rather uncoordinated and perhaps a function of that not entirely open to active participation or inputs from multiple stakeholders, particularly my organizations, which is academia. So, theoretically, of course, whether it's the legislative working groups or a lot of other mandates that these processes function under, theoretically, they're supposed to engage with several stakeholders including industrial, Civil Society, organizations, the technical community, academia, but what unfortunately happens is that whether they actually take place, whether this multistakeholder consultation actually takes place and to what extent they're engaged with is not very clear, perhaps because these questions often relate to security and other information classified and information is therefore not available in the public domain. What we do know is they're not always inclusive and representative. I think this was perhaps demonstrated best by the Indian government which released a draft encryption policy last year only to have it withdrawn within 24 hours following huge public outrage because it had a lot of problematic provisions of since then, the policy has been that the encryption is back at the multistakeholder level and that it's going to have a lot of actors and things like that. But what we do see in practice is that this is often not limited to industrial bodies and the participation by actors like Civil Society or academia is often very limited. Like I said, this is possibly because it relates to national security and therefore it remains shrou ded in secrecy and also these are often divided among a number of government departments. For instance, cybersecurity would be looked at by ministry of home affairs. Focus inputs by actors by ourselves is often lacking. Of course, the future is not entirely bleak. For instance, the public outrage that followed the release of the encryption policy I think has alerted the government to the need to seek inputs and facilitate such participation by Civil Society organizations and by academia. The fact that we have this research fund that is being allocated with a huge budgetary outreach. We hope this will be a constructive form for various stakeholders to engage with us. It's also hartening to hear from the first speaker that with if we engage with them, they are going to be welcome to our inputs so the various mean engagement that we have identified as an academic research consultation is obviously participation providing formal inputs, making ourselves valuable, really, by offering the necessity expertise -- necessary expertise and filling that vacuum in independent, inbiased, neutral writing. Participation in advisory committees, facilitating discussion, and creating awareness in the public about these important issues by conducting conferences, symposiums, panels, et cetera. So this is what we're pressing to do. And most importantly at the moment given the situation, given the multistakeholder engagement I think our primary form is to create this space for engagement and fill that vacuum, fill that guide through specific proactive engagement with stakeholders. So, yeah. And I think it's good to note that the GFCE meeting is going to be in India in November so I think that will be a fantastic beginning. >> MATTHEW SHEARS: Gbenga, come tell us about your experience in Nigeria. >> GBENGA SESAN: So let me start with 3:00 a.m. today local time. That was 10:00 a.m. in Nigeria. I had to stay up to watch something that is quite historic as far as this kind of conversation is concerned. Many years ago, we drafted a bill. And I'm saying Civil Society drafted a bill that had content on security, on government, and on Civil Society. That bill went through first reading, second reading, and today the public hearing was held. But it wasn't always like that. Let me rewind a few years to 2013, three years ago. Three years ago, it was April when I got a call from the National Security Advisers office to visit them. Now, many of my colleagues were worried. If you get a call from the NSA, you have to start asking yourself, okay, what have I done? And things like that. But I wasn't worried. I wasn't worried because we always wanted to have a situation. We always talk about digital rights but one of the key problems we had was you talk to yourself in a silo. You talk to yourself in this echo chamber, Civil Society talking to Civil Society about rights. It doesn't make any difference because the people you need to talk to outside the room include security agents, include governments, include people whose duty it primarily is to protect citizens and in many cases, in doing that, they step beyond boundaries and infringe on rights. So I came out of the meeting and I realized that, maybe not for the first time, but I realized that these conversations can actually happen. Multistakeholderism isn't just something be talk about, it can happen, but many times it doesn't happen because everyone is talking to the people they're comfortable with. And I think that one of the key things we need to learn about this is that open conversations actually help. Because for the first time -- what I did on that day was to run a scenario of terrorism in Nigeria. And many who were there from Civil Society, I think some of us were understanding the thinking for the first time of a security agency. And it was good. I mean, this is what empathy is about. Putting yourself in your opposite's shoes and being able to understand, why on earth would you pick someone up in front of a church because he looks like a Muslim and he disappears for three weeks and nobody finds him. The reason for that is because in their own thinking, the way to prevent the attack was to make this guy disappear. And then the conversation started. That was the first lesson. If you're open enough, you can have a conversation. I think our second lesson in this whole journey is the fact that there will be, it's the whole 9 yards. The whole storming before, things like that. One of those times, we started inviting security agencies and other government agencies to our meetings with all this annual freedom forum where we used to talk to ourselves, a Civil Society about digital rights. But then we opened it up in 2015 and said, you know what, guys come in and talk to us about this. We're talking about rights, protecting citizens human rights online and things like that, but share your own perspective. We had someone from one of the agencies -- the name of the agency, I won't mention. This guy came so the stage, took the mic, and said everything we wanted to hear. We asked him questions. So, what do you do about citizens when you suspect that something is going wrong, and owe gave us the perfect -- he gave us the perfect Civil Society answer. We consider their rights. We consider what the Constitution says. We consider costs and things like that. And of course, everyone knew that this guy was lying but guess what? This was the first time they honored that invitation, and I think it was an important step. That conversation continued. Two times, when they request for information. I remember one time when conversations were talking, and we had a number of people who were bloggers who were picked up because somebody somewhere thought that when you write an article about my boss that I don't like, that is cyber stalking, of course it's not cyber stalking. You work for a security agency and you have a right to piss someone off, so you can do that. We decided we were going to add value, so there were aspects of the conversation that were difficult. One of the problems we had was there that there was a climate affair. Now, when there's a climate affair, many times since he's suspended when you're having a conversation about rights and someone says, but are you supporting terrorists? Now, that kind of shuts down a conversation. But the beauty of ongoing conversation is, we're all looking for the same thing here. Literally. I'm looking for a better society. I'm not asking you not to do your job, but I'm saying that in solving the problem of security, don't create another problem of rights violation. And I think that was one place where we began to have better conversations. And so, fast forward to the public hearing that held today. One of the reasons why we were excited about this public hearing was not because this was a bill we were interested in. One of the key reasons is because when we kept saying, we don't like this. We don't want this. We don't want that. We decided, at some point, that this isn't the only thing we're going to say. We can't always say, we don't like this. We don't like that. The question is, what do we like? And I think it's important in conversation many times to say, yes, there are things I don't agree with, but what will you agree with if you were in my shoes, what would you want to do? So we drafted -- I mean, it was initially a charter who advised that we couldn't have a charter. So we called it a declaration. And then one of the legislators we spoke with suggested that, well, if you could tone this -- turn this one particular declaration into a full legislative proposal, a bill, then I could present it on the floor of the House and it could, eventually, if it's successful, become a lieu. And that's what we -- become a law. And that's what we did. I think -- this is the last thing I will say -- I think one of the other lessons we need to learn is that in creating a space for collaboration where, you know, different stakeholders work, we must be willing -- and I speak maybe more to Civil Society now, we must be willing to do the hard work that we can't even take credit for. When that bill has passed, I can't claim credit for that bill. My organization can't. It's the sponsor of that bill, in fact, he's already won one award because he sponsored the bill. And when he won the award, someone sent me an email in the office that said, hey, we drafted this bill, but he's winning the award. I think it's a major lesson to learn that we need to get the work done, allow someone else to take the credit because there is this overall good that we're looking at and it's a much bigger picture. This is an experience in Nigeria. Like I said, it wasn't always like this, but these are some of the lessons we have learned over time. >> MATTHEW SHEARS: Wonderful. So, those are the kind of lessons that we're hoping to tease out today, so for those of you that want to speak about yourself experiences, bear this in mind. That's something to bring to the floor here. Before I go to Walid because he's going to talk about what Gbenga was talking about. I just want to know, is everybody okay with the temperature in this room or would they like more air-conditioning? More air-conditioning? It's on max? Can we lower the temperature? Further. More. Twenty. Yeah. Yes. If you can get a bit closer to the mics, that will help. Thanks. Okay. Walid. >> WALID AL-SAQAF: I guess it's Gbenga who warmed up the atmosphere. Well, my name is Walid. I actually come from an interesting background. I came as an activist and moved to become a Board member in ISOC, an interesting combination. But I'll have two segments of my talk. One is with the hat of ISOC as a Board member and the other is in my capacity, my other hat, which I'll explain. First, in terms of ISOC, all of you know ISOC, obviously, which is aiming at promoting the open development and as you know, so that the internet becomes secure, open, and reliable for all people. But then the approach that's been taken was derived basically from the principle of the internet itself. The internet was never born by, let's say, with a mind-set of being controlled by one entity. It was decentralized in its nature. It meant that people had to work together in order for it to succeed. Engineers, governments, everyone, infrastructure providers, et cetera. So the notion of security and cybersecurity comes very deeply ingrained in the actual meaning of the internet and it meant that ISOC will have to adopt a framework that develops on this, which is in our terms, called collaborative security. It means that everyone is responsible in some way or the other for the responsibility of part of the network. And so, it meant that both governments, individuals, technical community, private sector, Civil Society, all of them are involved in one way or the other. Additionally, recently, we've developed as ISOC the trust framework. The trust framework is one way of taking this and problemizing it so it can become more by the elements. It's basically four different components. The first is user trust. With user trust it means that everyone using the internet, not only end users as individuals but also government entities, private sector, et cetera, every who is involved is a user. Whether you're a minister, the CEO of a company, you all eventually are users. The second part is technology trust and that means the building blocks of the internet and the technologies and applications that build on the internet and applications and services, so these have a responsibility and they need to be involved in the process. The third is the networks themselves, the trusted networks. These include all the entities that have a distributor ownership, cable networks, routers, et cetera, those need to understand how to best utilize security in their respective roles. And finally, the trustworthy echo system, and here is about the governance of internet as a whole. And that is how the internet is governed and how it deals with internet issues at large. So, these are comprehensive and there's documentation online. I won't bore you with the details. What this means is that government as well as others are involved. So ISOC had real, good, successful examples in which this operator worked in some way. For example, in 2013, the OECD revised guidelines on the privacy and transborder flow of personal data. Thanks to the personal advisory at the time, they pushed for this change to happen and with expertise from ISOC that was contributing directly to this, it was possible to convince and persuade governments to change. It's not impossible. Just that you need to provide them the real background information and expertise and technical community has a very important role to play. Additionally, ISOC is also working on new technologies, developing an idea. For example, recently, I'm breaking the news to you, ISOC has actually chartered the ISOC blockchain special interest group, and this is good news because it means that we're opening our Horizons to new ideas. The decentralized nature of the internet requires thinking differently. Cybersecurity is the a the core of why blockchain technologies ought to be studied and explored. This is attracting people from Civil Societies, from businesses, et cetera, and governments are already jumping in. They understand that there is something of value to them. So ISOC is doing this but then let us come to the other aspect of ISOC, which is the local leave. Yes, we talked about the global level but then we have a very p important aspect which is chapters. ISOC has a hundred chapters and active members in this conference itself and the forum, there are many. Part of what they do is translate what is going on in the global level to the local level and they connect the context needs of the society. I'll give you a very typical, one example of my original country, Yemen, and I'd like to thank Tatiana, actually. She has a hand band for One Connected World. And in fact, this project is highlighting recently one of the ISOC funded Beyond the Net projects in Yemen which, they actually provide training for schools to establish their own cybersecurity guidelines within the school environment in the level of children and teachers and all sorts of, I mean, the sectors within the educational system. It starts small with a few schools, but it can expand. Additionally, there was a very remarkable story in 2013 where the ISOC chapter in Yemen helped invite ripe NCC as well as ICANN to Yemen for the first time and they actually sat down with governments and private sector and Civil Society and lawyers and technical community to come up with ideas of resolving the crisis in the IP sector, which was -- and that caused a lot of security problems. The government was unwilling to open up the door for more IP addresses to be bought by the private sector. But then, again, ISOC chapter came in and persuaded the government through dialogue. As Gbenga mentioned, it's important that you mention to them what they have at stake. So it succeeded. So these are examples both from the global level as well as local level. Finally, let me take off my ISOC hat and put on my actual hat, which is a hacker hat. I was a hacker. I used it do software to circum vent censorship by governments. I realized today that government can benefit from hackers. In fact, one of the most successful projects was called hack the Pentagon. Basically prizes given by government to hackers to help them identify vulnerabilities in government websites, very critical infrastructures in the government. Within 13 minutes, the first very well initial was detected and then 200 reports came afterwards and then 110 hackers joined. They gave about $75,000 in terms of bounties, but actually hackers went on for free. Said, I just want to hack the Pentagon and identify problems with government websites. This is what the government needs to learn. There are successful examples, we've seen this happen, and I hope they learn from them. Thank you. >> MATTHEW SHEARS: Thanks, Walid. Fantastic. So, are there any immediate questions for the panelists? Because then I want to ask if there are any members of the BPF -- we had members of the BPF on the panel but I would like to see if there are members of the BPF who want to share their experiences successful or not in opening up cybersecurity. First, are there any immediate questions for the panel? Do we have another mic, by any chance or are we going to have to share? >> Thank you very much. I'm a member of the BPF. To start with, I would like to recognize Gbenga Sesan as being a very powerful force to reckon with. When it comes to organizing support for the concerns about security initiative. I want to touch on the needs to embrace multistakeholder and how to build trust into it. Because I had an experience. I had this privilege of being part of the team that developed a national cybersecurity strategy and we were engaged by the National Security offices. Initially, they expected us to cut the document and submit it and, but we came up with the position that, see, the cybersecurity strategy is not something you can do like the usual policy and strategy. You need to engage the stakeholders. So what we did is this. First and foremost, we're trying to understand the different terrain. You have the private sector terrain, the Civil Society terrain, and the government terrain. First and foremost, we did interagency to bring out the ministry, department an agencies together to trust themselves. A big institution. Then we took it from there. We actually went to the domain of the private sector like from Legos where they were able to organize the support of the stakeholders and they also experienced the -- then the Civil Society. That is where we have a little bit of issues. I'm quite surprised at what he has been taking. I wish that most of the society is taking the position and approach that they have been doing because the problem with Civil Society, you know, for me, from what we are perceiving and the perception of the government, this seems to be more aggressive. And looking at a society as -- government is looking at a society as it wants to take control or influence what has been the statutory responsibility. But like you said, the need to at least invite. I think the civil society themselves need to be more transparent and be open to discussion and dialogue. That's number one. Then number two, I think it is essential to understand that government is still struggling with the understanding of orderment the language that the government has understood is stakeholder. Last week, we had a meeting on the need to have the implementation from a strategy to the commitment action on setting up the critical information infrastructure. Now, they invited stakeholders but not multistakeholders. They invited people like them. Said, hey, you're going to have your problem here. You cannot talk about or develop a tool on critical information infrastructure without the organizers of the infrastructure. Where are they? They are not here. So, what I'm saying is that maybe the Civil Society can help in the area of intervention. At least, it can help to build a capacity of the government themselves to understand that the approach for the governors when it comes to security is not necessarily stakeholder, is multistakeholder. What we have done, because I also have a little background in Civil Society. What we have done, fortunately, because we are -- we understand the Civil Society, we have been able to integrate something into the policy of the -- I'm talking about national policy and cybersecurity, as part of the general principle. Three principles that must be implemented or that must be engaged if we are to implement cybersecurity. Number one, corporation. Number two, public/private partnership, and number three, multistakeholders. Now, there's a need to convey that to the government. Government is still struggling. They are seeing you coming into share the power with them. Let me use open government partnership. I happen to be one of the committee members. See, government is not that willing -- maybe I should be talking from African perspective. Government is dismissing, you know, see, it is my power, my responsibility. Why are you coming to share the power with me? So the governments need to be taught. Need to be, you know, a whole lost of work needs -- lot of work needs to be done by the Civil Society. Thank you. >> MATTHEW SHEARS: Thanks, very much. I think you're reinforcing a message we've heard pretty much across the panel. Anyone else from the BPF wants to jump in and speak of their experiences? If not, questions for the panelists? Come on. Don't be shy. This is -- >> I haven't followed very much the best practices and the document itself. I'm very interested to read it. I think it has been a good work, but I just want to share perhaps a small advertisement and perhapsing it something similar of what has been said here because in cybersecurity matters, the question of participation of different stakeholders is still a bit sort of work in progress in a way. And I had the chance to attend the GCCS and my boss, Paul, is part of the advisory board of the GFCE. And our members work for APNIC, the regional internet registry, in a recent survey have said the most important challenge for them is in the realm of security. So, we noticed when we started to have an immersion into these issues, I mean, the UN group of government experts and different processes that have been working on, for example, cyber norms in the last ten or so years, in closed doors with very few participation from different stakeholder groups. So, I realized, well, probably there is a bit or a lot to learn from internet discussions and different governments that have included cybersecurity but not a lot. And perhaps in the cybersecurity realm, mostly being dealt by international lawyers or based with international relations professionals. This requires a little bit more of a multidisciplinary approach. I'm not suggesting a multistakeholder approach all the way in one shot, but at least a multidisciplinary approach. So, this inspired a workshop proposal. It will happen this Thursday at 1:00 p.m. It's workshop 132 called cyber norms meet internet government. The idea is to provide here at IGF a welcoming space for the international lawyers, for the international relations people that are around here to try to see various opportunity for cross-pollennation between internet governance debate and the cybersecurity debates. So it's at 4:30, workshop 132 Thursday. >> MATTHEW SHEARS: I should medication that there are a series of cybersecurity workshops that all feed into this. Brian. >> Yes, there are. I'll be quick. Thanks, everyone. I'm Brian. I provided some Secretariat support for the best practice forum. Just so you know, the draft output document is available for public comment. Still, this week, on the IGF website. Please have a look there and feel free to make comments. We'd really love that. And our session, Matthew mentioned it earlier, is on Thursday from 9:00 to 10:30 in workshop room 9, and we'll be building upon this discussion. We have some good speakers and we're really looking forward to staying this work forward beyond this week. So thank you very much. >> MATTHEW SHEARS: Thanks, Brian. Yes. >> Before -- I know that we have representatives from governments. Members who have been in law enforcement, so don't hesitate to jump in here as well. Thanks. Oh, and please introduce yourself. >> Hi, my name is Isabel. I'm from Germany. I'm a researcher on cybersecurity there and also a member of the steering committee of the IGF Germany. Thats with very interesting. I would like to ask a bit more about the capacity building initiatives that you mentioned. They were -- so, I'm just wondering how exactly they work and how that looks because you also mentioned that many of them, you know, you need to prioritize and you have limited resources. Belisario, you mentioned that these projects are quite expensive, so you need to partner with companies for that, too. And so I would just like to have a little bit more practical insight in how that works and also, how do you prioritize projects and which ones. For example, now we heard about these two projects with Senegal and the vulnerability project but how do you choose them and make sure that there's also kind of an equal, or those projects are promoted that really need promotion? Thanks. >> BELISARIO CONTRERAS: This is something that more and more of our donors are asking about. First of all, we need to recognize that metrics on cybersecurity is very difficult. There is a lot of qualitative information, qualitative metrics, but we're actually trying to get quantitative information. About how we prioritize, basically, we're trying to, actually, we're trying to identify those countries that have commitment, which is something key in the Latin American region because resources are very, very limited. And as resources are very limited, we need to partner with other international organizations, private sector, academia, and Civil Society actors. For example, in terms of trainings, which is something that perhaps could be really expensive, training on cyber, I don't need to say how much expensive it is. The risk is actually that many people could leave their job placement. We tried to work with other partners like interpole, actually, with ITU. This year, we had Rodrigo with the government of Spain. This year, they host for free summer for two or 300 people. Of course, again, the donations that provide the foundation. Companies like Microsoft, Semantech, Kapersky, all of these provide to deliver these things. We were with academic institutions like Oxford and other Universities notice regions that actually, when we go to a country, we were with them. For example, where starting a project actually that is financed by city formation which is actually creating a digital pattern on cybersecurity, which is actually focused on people with not too many economy resources. So, it's -- our budget is very limited at the OAS. All of the organizations are in a financial crisis. UN, all in financial crisis, so our budget is actually based on project-based, and we need to deliver and show results. So again, our budget is very, very limited when compared with other peers and we need to maximize our resources and the only way for us, as we've proven, is through collaboration. We're always willing and open to work with, for the Civil Society, academia, technical community and Civil Society association, so we're willing to work with all these organizations. Private sector and other governments, more than willing to do. And there are a lot of successful stories. So I can talk more on this if something. >> CARMEN GONSALVES: Thank you, Belisario. I could add to all the very relevant things Belisario said is that from the GFCE point of view or practice, you asked about, how do you know that you don't duplicate or that you cater for all the needs. In the GSCE, we just try to match supply and demand. It's important to recognize that initiatives taken under the umbrella of the GFCE are by definition open to all GFCE members so that's also a way to ensure that what you do with one country or a couple of countries is always open in the events that we organize in the framework of those organizations are open for all members. So then, you avoid that you limit the spread of information. Furthermore, I wanted to add something previous speaker who has left the room raised about the need for a multistakeholder dialogue in the area of cyber and international peace and security, so cyber norms, CVMs, et cetera. I just wanted to raise here or to inform you that the Netherlands with other partners is working on the launch of a global commission on the stability of cyber space, built on the same format as the commission of international governance but really going to focus on cyber and international norms for peace and security because we think that indeed stakeholders, other stakeholders, others than governments also should be able to discuss these measures and to help in generating ideas that could feed into the global normative process. Thank you. >> MATTHEW SHEARS: Thanks, Carmen. Okay. We've got some questions. If you could pass this back to Michael. Michael, if you could introduce yourself and then I'll go to the gentleman here. >> Good afternoon. My name is Michael Woma. I'm with the Foreign Ministry of Canada and full disclosure, I'm also the Canadian expert to the UN group of governmental experts on cybersecurity. I'd just like to respond and comment on a couple of things that have been raised here. Both at the domestic and international level. As this is a discussion about best practices, I'm a little reluctant to offer advice, but I can suggest from a government perspective what has worked well in talking to governments and perhaps what has not worked so well in talking to governments. And if there are any other government representatives, I can talk a little bit about what Canada's experience has been with this and our rationale in doing some of the things that we've been doing. So, first off, I think Tatiana mentioned the differentiation between the international and the national. I think that's very important, and I'm going to return to that. But she also spoke about trying to walk a mile in the shoes of the other person. And that was actually a comment raised by a number of people there. I think that's extremely important that when you're going to be trying to engage as Civil Society or private sector or academia with government, that you take an open and understanding approach and try to recognize the interest of your partner in government. Certainly in democracies, the bureaucracies of politicians intend to do good so setting yourself up in an adversarial relationship isn't necessarily a way to achieve that dialogue that Gbenga was referring to and the success that he had with that. Speaking of in terms of offering some advice to other government representatives, Canada is right now in the process of undergoing three different reviews that touch upon cybersecurity. We're doing a national defense review. We're doing a cybersecurity review and we are doing a national security review, all of which have elements of cyber in them. And the government has committed to doing this in a very open and transparent manner calling upon all stakeholders to contribute ideas and comment on proposals of the government and it has been very effective both in soliciting very good ideas but I think also in demonstrating, as I say, the intentions and understanding of the government in this respect. As Carl Bilt suggested separately, this also has good context in had a we call social license. If the government operates without consulting sit ry, then its actions are not going to be well understood. The process itself aids a discussion so that when a conclusion is reached everyone feels that they have an tenant to be a part of that and therefore tends to be more supportive of the outcomes that result, so my advice to government colleagues would be, this can be a very painful process but it is an essential process if you're to have success at the end of the day. Now, just to turn to the international very briefly. So in the international -- oh, one last point on that last. I would point out that of course this kind of discussion goes far beyond internet issues or cyber issues. We're starting to talk in the Canadian context about what we call participatory democracy. All elements of imposts inside or outside the realm are open to the multistakeholder approach. I don't know if anyone here was at the discussion earlier today on ICANN and the transition where Larry Strickling spoke very elegantly about the idea of trying to push the a multistakeholder into the domain of public policy. I think that's something without calling it that under this rubric of participatory democracy and I would encourage people to look the a it more broadly and not just limit it to the cyber realm. Now, just moving to the international. Democracies are dabbling with participatory democracy but of course all the governments in the world are not democracies. When we reach the international dimension, we are constrained by a system that has been established based on state sovreigncy. Now, for better or worse, this is the situation we find ourselves in. Now the democracies that participate in this system are looking to change this this to look for a more consultative approach, looking to ensure more voices are heard, but we are not the only players on the scene. So I would encourage everyone to recognize the limitations that we, as governments, suffer under when operating internationally and what I would recommend to you, though, is to take every opportunity to engage engage where these opportunities arise. For example, on cyber crime issues, the Budapest, the Council of Europe are opportunities to participate. Engage in these processes. The OSCE on site is also soliciting input. You need to take advantage of these to make sure your voices are heard. In order to do that, I would strongly encourage Civil Society to organize themselves in order to take advantage of these opportunities and to share best practices among themselves and how they deal with their own governments. Because at the international level, as I say, in the situation that prevailed today, you are going to need to each individually intervene with your own national governments in order to ensure that they translate your voice to the international level in those situations where you aren't able to make your voices heard yourselves. Thanks. >> MATTHEW SHEARS: Thanks. Can you pass the mic over to the gentleman over here who wished to ask a question? If you can just introduce yourself. Okay. If you can pass it back to the lady on the left. (laughter) This is like a game. >> Hello. My name is Karen Wise. I'm from the mentioned Global Cybersecurity Capacity Center at the University of Oxford. We are a research institution to look at what works in cybersecurity capacity building. What works but doesn't work, what are good practices and one of our key outputs is the maturity model where we collaborating with the UIS, the GCE to look at countries in their capacity and different dimensions to see where we actually have to build capacity. Also, to give donors and policy makers and organizations something in the hand where they can decide where we have to start. That's one way. We are also having a cybersecurity capacity portal. Actually, also to help all the stakeholders to have access to the knowledge, access to good practice, avoid duplication, share the knowledge, and I invite everyone to look at it and invite everyone also to contribute and to send good practice. What the portal also includes is what other initiatives worldwide, local and global initiatives we are doing together with the GFCE. If you want to know, who are the players, where are they acting, what are they doing, it's a very good resource. And, I think that's all, like this is our efforts actually to give something to the world to enhance all stakeholders capacity also to find out where they have to look and where they get the information from. >> MATTHEW SHEARS: Thanks very much. >> I just wanted to add something. We prepare this portal, which is cybersecurity that come, in Spanish, is (speaking non English language) Again, security observe. I see an article on for that report. We invite you to check all those indicators on how the is and to confirm something Michael was mentioning about Civil Society and private sector, I will say as well in our experience between governments, Civil Society, community, private sector, is importance of finding middle ground. Not everyone is going to -- again, not everything is going to be perfect for all actors for all the stakeholders. There is not going to be a perfect initiative so it's very important that as all our colleagues were saying here, we get into middle ground. That way, we are humble and we acknowledge that we need to actually give up something to get to the final goal. >> WALID AL-SAQAF: I'd like to come back to the point of why cybersecurity is important. Because the internet itself is built that way. It was not possible that a single entity would control it so maybe one approach is to help bring awareness to officials, to government policy makers, to the people who are involved in processes to have them aware of how the internet works the principles, the basic underlying nature and structure of the internet and why they don't have an off and on switch, for example. And why censorship doesn't work. I've been involved in censorship p intervention for many years and they keep on getting surprised why people access the website. I thought we told the guy to shut it down. So this is a deficiency that we need to focus on. >> Can you hear me well? I would like to come back to the comment from the government of Canada because I really appreciate your comment about existence of these intergovernmental model which is based on the all systems test and interstate bilateral and multilateral negotiations. I've been thinking about this for the past few years, and I came to the conclusion that we just have to accept this. We have to accept that some of the models in cybersecurity will not be multistakeholder in the short, medium, and long term. And multiple multistakeholder model and intergovernment model which are based on multilateral organizations, multilateral governments will exist. We have to accept that while they're not multistakeholder and not inclusive, we still have to find a way to channel our opinions. Just acceptance that this is the process. As you said, there would be no perfect forum. There would be no perfect solution. We have to think process-wise, not silver bullet wise. >> MATTHEW SHEARS: Thank you, Tatiana. Any other questions? Anybody? Yes. Here we go. All the way in the back. >> I'm from Council of Europe and we recently had a very interesting experience. There was a particular one recently. Every one or two years I'm organizing a so-called octopus conference where we can have a maximum of two or 300 people because the room is full. Academia, law enforcement, Tatiana, Belisario. >> TATIANA TROPINA: Last time I registered, too, the room was full. >> We still let you in. Anyway, experience was preceded by the cyber crime convention which is in the governmental, it's part of the Budapest government only two days and then three days the octopus conference and we just cast in the cyber crime conference a very difficult issue mainly about government society data in the Clouds and what are the conditions, restrictions, and at some point, we came to a stale mate. We said, okay, we have to continue discussions later. But then, two and a half days, Octopus conference, the same issue we discuss in a multistakeholder environment and I think there we came to a break through because we had in a way, Civil Society, private sector entities, data protection community confirming some of the points that many of the governments had made, but that other governments could not agree to. And I think that helped so it's an at nation. The discussion -- alternation. The discussions will continue, but we have to have everyone in order to advance. It's not a silver bullet. It's iterative, a process. Sometimes we need to coordinate better. Last night, Belisario and I created a platform with two bottles of wine and many other things so we should explore all the opportunities we come across. Thank you. >> MATTHEW SHEARS: Wonderful. If you could pass the mic to the gentleman over there. >> Thank you. Martin with the Form of Incident Response and Security Teams. Within the technical community, within engineers, we have the saying that code speaks. I had to think of that when I was listening to Tatiana at the very beginning because she mentioned something about doors actually opening the moment that you have conversations that go deeper than just being antagonizing and being aggressive to the other's point of view. I've seen that happen in our community quite a bit where we have governments that typically don't like to cooperate and then they sit together, they realize they have a common problem and they actually find a way to work together. So today, we see that some of the tools that were developed by members of the first community are being used by different governments that otherwise don't really have a lot of relationships in common within the technical community. Or we see that they're being used by both technical community as well as private sector, for instance. So, I think that's a very powerful message that those doors can be opened. And I actually had a question for the panel. I think we heard one great example from Nigeria where doors actually did open when those conversations started to happen, and I'm kind of wondering if we as a community can work together to put some of those examples on paper and actually make them available to others so they can see, okay, this is a place where it actually did work. So I want to thank Tatiana for bringing that up at the beginning because I thought it was a very compelling message. >> MATTHEW SHEARS: Thank you, because that is exactly what we're hoping to tee off with this discussion. So yes, absolutely. Tatiana, do you want to respond to that? >> MATTHEW SHEARS: Yes, I think this is a very good idea because sometimes I feel like we are reinventing the wheel in different parts of the community or in different countries where we have already solutions that can be used, leveraged, discussed, we are opening the doors. So good idea. Thanks. >> MATTHEW SHEARS: Is there anybody on the panel who wants to talk about a door-opening event or experience? No? Okay. >> I think -- >> MATTHEW SHEARS: Oh, sorry. >> No, I will say like in the Latin American region, we see many opening doors. Many. (Belisario speaking). Many opportunities. And I really like your suggestion, and actually, we should move forward, move on, and I think there are multiple regular things in the stable and in this BPF. Actually, we should try to put that together on a paper and try to capture all those best practices where the doors open and try to show the world. I think that's a great idea, and it could be actually a great outcome of this session. I'm modeling that to contribute. >> NIELS TEN OEVER: Just on that, we have two informal rapporteurs, we're taking notes. I don't think we'll have time to pull those together, but I will certainly be speaking on them on Thursday, the things that have been brought up today. Marcus? >> Thank you. I was just going to pick up on Martin. He forgot to say he would be moderating the best practice forum and we're very happy to have him as a moderator. I'm the coordinator of the best practice forum and I enjoyed this discussion. I especially liked Tatiana's comment on the fact that there are multiple venues and the governments from the Council of Europe do need a space where they can discuss among themselves, but it is important that they interact with other stakeholders. This was very much the starting point when we discussed, what is the comparative advantage of the IGF and this is precisely the comparative advantage. It brings the stakeholders together. Yes, we know there's the global group of experts discussing among themselves, but they need to interact with other stakeholders to move forward. And here, I think, can be a very good role for the IGF and this is essentially what we're trying to do with this best practice forum. And this meeting here has been an excellent feed into the best practice forum. Then we can reflect that also in the outcome document. This clearly was not conceived as a one shot exercise but as a multiyear exercise. The issue will not go away after one meeting, but it needs a sustained and sustainable effort. Thank you for that, and I hope we see you all on Thursday. >> MATTHEW SHEARS: If you can just bear with us because we started late, maybe just five more minutes and then we'll wrap up. I know we're running over time. >> Yeah, go ahead. >> So, I think it's important to say this. (Gbenga speaking). Multistakeholder isn't about holding hands and singing Kumbaya all the time. (laughter) I think it's important to say that because I get that feeling. I think when your friend is a real friend, they tell you the truth even when it hurts. It's important also to say this. As much as we seek cooperation, we're not looking for compromise. There are values we hold as fundamental and dear about digital rights. First, when is the eighth? Sorry, I'm mixing up days and dates. But on December 8th, right here we will launch a report on digital rights in Africa and we're calling out the Nigerian government and 29 other governments on practices we disagree with. So I think it's important to say that yes, we will cooperate. We will work together but we won't compromise on specific values, digital rights that must be respected. I think, I just got a feeling that it's beginning to sound like Kumbaya, it ends and all is well. Otherwise, we're going to pretend, move from the extreme of not talking to each other to deceiving each other. There will be clashes. There will be moments we don't agree. We will work together, but when you step beyond the red line, we will speak. >> MATTHEW SHEARS: Any other comments from the floor? Okay. I'm going to take two minutes, if I can balance my laptop on my -- so. I'm the co-chair of the Freedom Online Coalition Working Group. A number of the members are in the room here. I asked the Working Group members to jot down in a document what they felt the learnings were for them in terms of the workings in the Working Group. Because we spent two years together. We developed this set of recommendations on human rights and cybersecurity. And I urge you to go look at them. They've been supported by the freedom online coalition. By the Canadian government, US government, Dutch government, and by a whole host of society organizations and businesses, to take a look at those. So why did it work? It's reinforcing some of the things said here. Key criteria, focus attention and work in areas where overlapping goals exist, right? Recognize and get clarity on constraints. Be clear and open with regards to the motivations that you have. Be constructive. Build on existing agreed positions or supported text. These are the kind of things that we found worked very well. Yes, we absolutely did disagree on key factors when we were doing these recommendations and our ability to agree on things were parameterred by those disagreements but we found a way forward and common space and what we have was a constructive and incredibly useful product. So it can work, but Gbenga's point, yes, of course, we still have position and we can stand ground on those positions but we can find common ground as well. I'm going to turn to the panel. Does anybody want to make any last comments before we wrap this up? Again, I apologize for the room. Thank you so much for bearing with us. Round of applause for the panelists and for yourselves (applause) And hope to see you at the rest of the cybersecurity workshops and on Thursday. Thanks very much. (Session was concluded at 6:04 p.m. CST) ******** This text is being provided in a rough draft format. Communication Access Realtime Translation (CART) is provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. ******** Copyright © 2016 Show/Hide Header