You are connected to event: CFI-RPC3 Previous Next Internet Governance Forum 2016 Enabling Inclusive and Sustainable Growth Jalisco, Mexico 6 December 2016 Workshop 26 Cybersecurity -- Initiatives in and by the Global South 9:00 a.m. Services provided by: Caption First, Inc. P.O. Box 3066 Monument, CO 80132 800-825-5234 www.captionfirst.com *** This text is being provided in a realtime format. Communication Access Realtime Translation (CART) or captioning are provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. *** Internet Governance Forum 2016 Enabling Inclusive and Sustainable Growth Jalisco, Mexico 6 December 2016 Workshop 26 Cybersecurity -- Initiatives in and by the Global South 9:00 a.m. CST Internet Governance Forum 2016 Enabling Inclusive and Sustainable cope growth Jalisco, Mexico 6 December 2016 Workshop 26 Cybersecurity -- initiatives in and by the Global South 9:00 a.m. CST Internet Governance Forum 2016 Enabling Inclusive and Sustainable Growth Jalisco, Mexico 6 December 2016 Cybersecurity-Initiatives in and by the Global South 9:00a.m. Internet Governance Forum 2016 Enabling Inclusive and Sustainable Growth Jalisco, Mexico 6 December 2016 cybersecurity-Initiatives in and by the Global South 9:00 a.m. I Internet Governance Forum 2016 Enabling Inclusive and Sustainable Growth Jalisco, Mexico 6 December 2016 Cybersecurity-Initiatives in and by the Global South 9:00 a.m. (silence) >> Testing mic. Check. Check 1, check 2. Testing mic. Check 1, check 2, check 3. Check, check, check. Testing line. Testing line. Check 1, check 2. Check microphone. Okay. Check, check, check, 1, 2, 3, 1, 2, 3. Check 1, check 2, check 3. 1, 1, 1, check 2, check 1. Internet Governance Forum 2016 Enabling Inclusive and Sustainable Growth Jalisco, Mexico 6 December 2016 Workshop 26 Cybersecurity -- Initiatives in and by the Global South 9:00 a.m. >> Check. Testing mic. Check, check, 1, 2, 1, 2, 1, 2, 3. Check. 1, 2. Check. Check, 1, 2, 3. 1, 2, 3, check, check, testing mic. 1, 2, 3, check, check, 1, 2, 3, check. Internet Governance Forum 2016 6 December 2016 Workshop 26 Cybersecurity >> MODERATOR: Good morning, everybody. This is the morning workshop session cybersecurity initiatives in and by the Global South. Welcome to this session. My name is Carlos Martinez, the chief tech nal officer for Lacnet, Latin American Internet -- it's a pleasure for me to be here. It's my first IGF, I'm very proud of this because we have today, and I'm very confident we'll have a wonderful session. Let me tell you about the format of this session, that has some peculiarities that you should be aware of. We're going to start with a opening panel. My panelist, I will introduce them in a minute. Then we'll introduce you to three projects from the Global South that have been funded by a initiative called seed alliance which is an initiative for developing and financing projects in the Global South. It has been the finals different different projects and during the life cycle several projects were selected that had to do with cybersecurity and they're really relevant to this session. So after, then we have our panel, then we have the presentations from the projects. And then there is a breakout session. We are supposed to break out in groups, and we are supposed to debate in the groups along three different topics, which I will introduce them to you right now. One is surveillance versus security. The second is cybersecurity in relation to trade and innovation. And the third one is cybersecurity for Internet infrastructure. Don't worry if you don't, if they slip out of your mind. We'll have time to actually go over them again. What do we believe this is important? Cybersecurity is in everybody's mind, right. It's difficult to see any presentation or any paper or anything about the Internet without the mention of cybersecurity. Cybersecurity has been one of the hottest topics in the Internet for a long time. The threats are violent, the threats are many, and there is wild consensus among us, who work on the Internet, that having a safe and secure Internet is a prerequisite for the Internet to become the development tool we want it to be. So, I hope this workshop will help us discuss all of these things. So without further ado, I'm going to introduce you to our first panelist, sitting right next to me is Mr. Olaf Kolkman from the Internet society. The chief Internet technology officer, am I right? Okay. From the Internet Society, and he's been working in the Internet for a long, long time and has done, in my opinion, very interesting work in cybersecurity, which I'm pretty sure he will talk about. Right beside Olaf, we have Cristine Hoepers from Brazil, I've known Cristine for years and years, and I credit her for introducing me to cybersecurity. And then next sitting next to Cristine, we have Jean-Robert Hountomey, did I say that more or less, right? Okay. Comes from Africa serve, which is a wonderful initiative which I think we have a lot to learn from. So Olaf, the floor is yours. >> OLAF KOLKMAN: Thank you. So cybersecurity, as Carlos just said, it's a very wide topic. And there is always the risk of boiling the ocean with these very wide topics in trying to address everything and anything that relates to these things. Since the topic is about cybersecurity in the Global South, I want to talk a little bit about an experience that I had last week. But first, I want to put a little bit of it in context. The context that I want to put my approach and my views in, and the description that I'm going to give, is that of collaborative security. Collaborative security is a concept or an approach that we launched in the Internet society about a year ago, describing some of the properties of cybersecurity approach toward Internet security that takes into account what the Internet actually is. I'm not talking about the Internet as a package switch network, but the Internet as the platform for bringing opportunities. That platform has a number of properties. We call those properties, the invariant in our own lingo, but the basically says that the Internet is global reach, that you can innovate on the Internet, and that you don't have to ask anybody for permission to innovate. It says that there is an expectation of coherency and integrity. It talks about fundamental properties of the Internet and values and preserving those, and taking a risk-based approach when you do cybersecurity. Now, that's all big and vague words. But in the implementation, one of the things that is incredibly important into taking account those values and properties, is that security can only be done in collaboration at the scales where action can be taken. So, there is an aspect of subsidiarity in taking a cybersecurity approach. You find goals and take action at the smallest possible level with the stakeholders that are involved in these processes. The reason for that is that there is no security on the Internet. The Internet is not a definition of centralized. It's a network of networks to which people attach and bring platforms and services, and users connect and get. So, there is no central place in which you can manage all of this. It's collaboration andsubsidiarity that is important. So last week, I was in Nirobi where we were having a workshop around Internet security that was done in the context of translating made by the African union which is called the Malabo convention done in 2016, the African convention on cybersecurity and personal data protection. This is a high-level effort to set the parameters for a regional cybersecurity approach., but it's important that these approach, these high-level approaches get translated into actions on the ground. And what we try to do in Nirobi with a number of expert, talk about what are the several recommendations at that we can make in order to get to the next level of implementation of these. One of the important aspects of that is that we chatted a little bit about what are the specific challenges for the -- for African cybersecurity? First, it's the realization that we're talking about the global Internet, a global network. And cyber threats are, essentially, similar everywhere around the globe. They're not very different in Africa. But Africa has its specific set of problems. Around the continent, Africa is a big place with many countries. But bandwidth is an issue. The cost of bandwidth is an issue. Power is an issue. Regular blackouts and so on and so forth. Training and man power, capacity is an issue. And then there are, you know, man-made issues like fraud and sabotage, theft of fiber or fuel shortage or things like that. In general, you see somewhat older infrastructure. That is an issue, too. Older infrastructure at the consumer or user sides or in the networks, means that perhaps the latest security patches are not available. With older Android phone, older mobile platforms, it might be that the newest Android versions cannot be installed, so that gives a whole other dynamic then to dynamic in the western world. Somewhat of a lack of information sharing. There are some regional platforms that work, APNIC, the operators forums and appearing forum, but the institutional building still needs to be enhanced. Then there is a lack of enforcement and regimes across boarder collaboration. That is also not something that is very specific to Africa, but the level of development there is difficult. I'm looking at the clock a little bit. I'm okay. Good. So what we try to do, following that subsidiarity principle and looking specifically at what we need to do at the Internet infrastructure level, we looked at what kind of recommendations we can give at the regional level, the national level, at the organizational level. And specifically, also at the ISPN operator level. And these are, perhaps, not the most actionable recommendation, but it's preparing for action, I would say because that's something you have to take, in the back of your head, when you do these type of things, they have to lead to action. Without action, there is no security whosoever. So at the regional level, we came to a -- and this paper will be published in the next half year, within half a year, I would say. An African-wide cybersecurity and collaboration and coordination committee, really trying to get people together and exchange information. Information exchange is incredibly important when it comes to cybersecurity. Being aware of the threats that are out there, and being aware at the controls and so on and so forth that you have to implement to, at least, notice the threats and counter them, is incredibly important. Capacity-building and knowledge-sharing on the pan African level is another recommendation. Make sure that there are universities that have programs that are online tools that help people build the capacity that is needed to deal with these issues. On the national level, it's important that the country -- that within the countries the critical infrastructure is identified and protected, that information exchange, again, is facilitated at the national level. Bring the law enforcement and the local operator community together so that, at least, they have knowledge of what is going on in their community. Promote and -- promote the ISPs, Internet exchange points because they bring a certain aren't of resiliency but also facilitate collaboration because people come together at these exchange point, and collaboration, again, helps facilitate information exchange. And for information exchange, you need to trust, and collaboration is the key to that, knowing each other. Finally, public institutions. Public institutions can lead by example. For instance, by implementing a set of security practices. If a TLD is a public institution, for instance, are deploying the NX -- would be an example there. At the ISP we recommend the implementation of baseline security. Here I'm going to make a shameless plug for an initiative that we're deeply involved in, which is the Manners initiative. The mutual agree norms for routeing security. A set of very simple baseline practices and actions to be taken by ISPs and basically, signing up that they are willing to do that. This is a form of self-regulation. MANRS.org is the place where you can look at that information. And again, collaboration between the ISPs and so on and so forth. At an institutional level, and this is not typically an African recommendation, I would say, at any institutional level, at an organization, make sure that cybersecurity becomes part of your genome, that it becomes part of your thinking, as well as, the operational level and the executive level. Awareness about cybersecurity is something that is feeded at that level. It needs to be discussed at the boardroom because an without an awareness you might be caught blindsided and that would impact your business. So those are, at several layers, several layers of ofsubsidiarity which is important, what is important in this context is that the African security is being done by the Africans. The Kenyon security is done by the Kenyons. And with that, I'm going to hand it over. Thank you. >> CRISTINE HOEPERS: Thank you. One of the things while Olaf was talking, most of the best practice in security are out there for a long time. And from our experience in Brazil, the major challenge to implement all of those best practices is people. And, training people is a challenge. Having people with the understanding and with the technical skills and with the political will and with the resources to do that. So one of the things that we see for these many years that we are working in Brazil and in Latin America, especially with the whole community, that is very strong, is when you reach to someone telling them that they have a problem, you know, you need to implement the Manrs best practice routeing, or you need to implement or reach to them to say you have 1,000 mans affected by a botnet, most of them don't know what to do and how to do it. They don't understand the problem. So it's not only a shared problem, and it is a collaborative problem because only the owner of the network, only the ISP itself, the government organization, itself, is capability of implementing the security. There is no one that can come from outside and just magically secure everything. But there is still a mindset in some of these people that, you know, oh, someone will do the security for me. So if I would say, one of the challenges is really to p make people realize that it is a c collaborative effort that is everyone's role to participate in security. But then we also need to teach them. And even if we go for end-user awareness, and you were talking about the whole Android phones with old versions and updates and everything. So, it's not only a challenge that people don't have money to be buying the latest gadget all the time and there are constraints being put by the vendors that don't allow the updates, so there is a whole ecosystem that is complex. But in Latin America, and I think Africa is the same, we have a lot of people that didn't have the time to learn the technology and then face the security problems. They are getting the first technology already loaded with problems, with security problem, with fraud, with malware, with everything, so it is even harder to teach and to raise awareness because usually we're talking about the technology and people, they are they are oblivious, these are several of the challenges and when we talk with other security teams in the region, is really how to get the message through. It's not only to the end user. Sometimes we get to a network that is severely compromised, and they didn't have a clue, but not because they didn't want to do it but because they didn't have the knowledge. So I think one of the things we're doing a lot in Brazil and Latin America is to provide training. In Brazil, Nic, the TOD, we are doing a lot of free trainings in best practices for ISPs and systems. There is a lot of push to using Nsac, to try to create a infrastructure that is more secure. Latnet is doing a lot of that in all of their conferences and do special training areas in security, but sometimes we are teaching security and we see that there is a lot of networking that is missing, there is a lot of basic concepts. And even yesterday, OECD was giving a statistic that half of Latin America is not connected, but then we are moving to have the other half connected. We are going to have more vulnerable networks. We need more workforce to put those networks forth, and these are all challenges that we need to take care. And then, sometimes when people think about security, and I think one of the topics here that is cybersecurity versus surveillance, that some people they get desperate because the problems are big, and they start to implement control mechanisms and they think that controlling somewhat the Internet would make things more secure. But they are not. Most of the time, they make the network even less secure, and it's a bigger challenge, but it's really to understand, I think, what all I have said that the network is distributedded, that there is no central control, no central security, and this is, I think, a c challenge that we need to address. But a lot of good initiatives are out there. There are a lot of people, from our experience, that the first time they are faced with a security issue, is when they wake up, is when they go after the information. So one of the key points is to have people ready and willing to help them, and then collaboration is key. And in the region, we focus a lot into bottom-up collaboration to have the people come together, and then decide what's the best way to collaboration. Information-sharing requires trust. There is no way you can sign a MOU or do a large just say share information. People will be suspicious. But when you gain trust, knowing the people, it's amazing how many information-sharing happens and how many knowledge-sharing happens too. I think that is very important. These were my opening remarks. Thank you. >> MODERATOR: Thank you, Cristine. Your turn Jean-Robert. >> JEAN-ROBERT HOUNTOMEY: Yes. So I would like to add a little bit on what Cristine and Olaf just said. By how about how we were able in the African continent to deal with the issue of collaboration and trust. So originally, all the different stakeholders were speaking a different language, and we had to reposition the debate in terms of economic incentive, in terms of economic loss for the initial state. And as the technical community was suffering in putting together resources to build a network and the reverse, facing those challenge, and also with their African leaders pushing forward the ICD agenda. We were able to find a common ground, talking about economic terms to work together. So what that has bring us, the impact for that is that we move from a state before that kind of dialogue, where they were, for example, only three security incident response teams on the continent, to no national security strategy. Very few crisis management practices, and also very few initiatives of collaborating together to a, kind of, interesting result that we are seeing. It's still going. It's progressed. It's still going. So now we have about eight published national cybersecurity strategy. About 20 teams with 10 members on the response community. 11 teams at an early stage of their capacity-building. 1SSS per year between all the different stakeholders, and 2 SSS per years between the African stakeholders and their counterparts at the b international level. It has also helped the technical community to get more organized and to create a different organization, and to empower those organizations to look at their own issue, for example, a mission about ethnog which is the operator growth. Task force with an issue of network operation like routeing, vendor issue, treatment, and application user related issues, and to bring on the table those issues. Afrin which was the original Internet registry, IP addresses, ISN numbers. Registry registrar, also being asked to look at a different issue. The research and education network, together to look at the issue they research on education that will face in cyberspace and that issue, and bring all those issues on the table. And then those organization founded, and from the organization that I will present, which is Africa Cert to operationalize what has been found and to bring a set of solutions so that together we can look at how which can prioritize the most urgent risk-based approach and find the different kind of solutions that we can do. So what we have done at the Africa level is that we have reminded to reach out to the otion institutions, like law enforcement community, ITU, the African policy makers to see how together we can sit down at the same table and discuss the challenge we face, and find a solution. Also, one of the interesting aspects of that, kind of, collaborative and trust element that we have been building is that we meet several times at the regional level and also one time at the continental level to discuss on the solution and on the progress that every organization and together we are making, and also to plan for the next phase. So that being said, the future looks promising. We've all raising activities and the African leaders getting involved with the support of ISOG, engaging the policymakers and encouraging together with the technical community and also the society and government and encouraging them to come out with the right policy that the operational level to fund those different initiatives. So, the outcome we have started even if all of those work is still in progress. We have started seeing some interesting steps. The National Cybersecurity Agenda has now been moved at a operational level with specific measurable and attainable goals and also an implementation plan with resources required. It has been advocating for the formation of effective incident response team, and promoting also the foundation of sound policy and strategy, effective legal and regulatory framework, and also stressing the need to build more cyberskills and also a global cybersecurity culture within the African continent. And it has done something very interesting. It has made me advocate for African government, which is rare. Thank you. >> MODERATOR: Thank you, very much. Thank you for the panel. For my plug, I think we have time for one or two questions. Do we have some remote participation? Okay. >> (Speaking off mic). >> Thank you. We have a question from Fernando from Coasta Rica. In many organizations only when something happens to threat information security, they take actions in that area. What could be done to change this kind of management? >> I'm pondering on this question because it's sort of human nature. In Dutch, we have a saying that you will, you will fill the hole after the cow has drowned. Idioms don't translate well, I recognize. There are lots of cows idioms in Dutch. Anyway, I think that's sort of human nature. That people first have to realize that there is a dependency that they didn't really realize. Most companies, now days, started off as traditional -- traditional organization, traditional companies that were not connected to the net. They were selling bread or coffee or they were selling digging machines or cars. And suddenly, you find that as a retailor you're online. Suddenly you find that being online comes with dependencies that you've never thought about before. A recent example, I think the target personal data breach where a target was hacked, made people realize that, you know, you have a vendor. You are a dependent on a service company, and if somebody in that service k company does something bad, it has an impact on you as a company. I think we should share these type of stories. Information-sharing is one of the most important pieces in making sure that people understand that they too can be impacted. And then making sure that it is being discussed at, as I said before, within organizations at the board level. That there is a realization that these -- that as a company you rely on for your continuity on security of your ICT infrastructure. That's a long-winded way of saying, sharing of things that happened to you may help others to take decisions, and may make overall infrastructure and space around you more secure. I think that's sort of the summary. >> MODERATOR: We have a microphone for the audience. We have one person. And I have to close the mic line there. Yeah. >> Thank you sphroach a really, really informative talk. Yeah. So I've got two questions, one for Cristine and one for -- >> MODERATOR: I'm sorry, could you introduce yourself. >> Lucy, I wanted to know if could comment on the frameworks you're using in your reejers and how cybersecurity strategies are creating with cyberlaws or not. And you mentioned the surveillance is a tendency to try and control behavior. I wonder if you could say a little more about that. And Jean robtd you talked about the African convention on cyber crime and I wonder if you could comment on why only one African member has ratified it and what you see going forward with that convention. Thank you. >> May I ask a question back. Because you're asking this, perhaps, with a perspective and experience. Could you share that for a poament? >> Not particularly. It's just something I'm exploring at the moment, and it's just some of your comments just really kind of peaked my interest. It's just something I'm looking into, so I don't have anything really in particular to answer that comment. >> CRISTINE HOEPERS: I would talk a little bit just, like you talked about legal frameworks and security. So the security issues they want -- they don't wait for you to have legal frameworks or for you to have national strategies. One of the things that we see is that, usually when people are discussing the strategies or legal framework, they're usually looking at one specific problem and one specific point, or some specific problem they want to solve. It usually misses a lot into understanding the intended or unintended consequences of what you were proposing, so there is a lot of discussions -- a lot of people that want more data retention, a lot of people that want less data retention, some people that think no data retention at all is possible. And then I think it goes for all stakeholders to first understand how the network works. And this is a challenge I can speak more into what we are going through in Brazil that sometimes people are discussing, and they have -- they don't have an understanding of what actually is needed, what actually you can have from a specific technology or from a specific requirement. And what I said about security and control, is that specifically we see a lot of control mechanisms, like I have to collect all the data. I need to see everything that's happening in a point. That doesn't make any system more secure. It doesn't make you have more data about what's going on in there, but that actually does not increase the security of the system at all. So but, of course, every time that someone needs to push a policy, they say oh, this is for cybersecurity or this is for the security of the world. But one of the things, especially people in this Forum need to do is really try to speak up and say okay, what exactly are we talking about? Are we talking about cybersecurity? Are we talking about having more data for investigations? Are we talking about having something else? So, there are some mechanisms that are needed that they could be used for control, so also we can't have a point where you won't have any data because otherwise you won't be able to secure that also. It's very complex. But I think that people really need to go out, ask for people for opinions, and discuss more of that. So in Brazil, there is a lot of bills in the Congress. We have more than 100 of them talking about Internet, and they come from all sides. So, there is a huge debate. We need to be paying attention. Not necessarily because people say something is good it will be, but I think it's just a way of sharing information and sharing knowledge and sharing case studies. So for the first question, for me that would be the suggestion, to really learn from other people's mistakes. And now days, we have a lot of mistakes public out there, and we should be looking for what went wrong and what went well because sometimes people recover very well from that. >> MODERATOR: One more question. >> So I would like to add a little bit of what Cristine just said. So one of the challenges coming from the technical community, one of the challenges that we face is with different countries being at a different level in the maturity curve. It was difficult to understand each other, so at some point, we need that to have a common understanding for certain things in order to be able to talk to each other. In relation with the previous question, for example gives you an example, a few of the different incidents that happened recently against different network in Africa, we have seen that through different information that we have. But, we don't, for example, have a common understanding of what responsibility disclosure means. And sometimes you end up reporting issues to someone and have, as a response back, a lawyer contacting you and threatening you to put you into court. Those are those kind of issues that the convention, and again, it needs to have more work around it, are but those are the issues that we need policymakers to come up with a, kind of, common understanding on how we discuss those issues that we are facing and how we work together on those type of challenge. Thank you. >> MODERATOR: Again. Excuse me for not realizing that it was your turn. So we have one more question. Could you keep it as short as possible. >> Louise Bennet the chart erd institute for IT, one area that I was surprised not to hear you speak about was Internet enabled mobile financial transactions, which seem to have taken off, particularly, in Africa much more -- much earlier than the UK. And I haven't heard much about their being security problems on those, for instance, in Kenya. However, in the UK where we've only just started doing a lot of Internet-enabled mobile transaction, there are already really serious cybersecurity problems. So I wondered if there were things that we could learn about how you've approached that? Thank you. >> JEAN-ROBERT HOUNTOMEY: So first of all, you are right. If I was a hacker and if I have to target infrastructure in Kenya, for example, I won't look at network provider. I will target the mobile operator because that's where, for me, I'm not the hacker, but -- (Laughing). That's where a real value is. But Olaf mentioned about some action done with the different operators and some recommendation that are coming up, and it's in provision of that. Most of the -- most, yes. So the future of ICT in Africa is through the mobile network. So there are a lot of application, a lot of services that are being pushed through the mobile means. And we have been looking at that, at the operator and developer and also the application provider and the vendor level to come up with some recommendations that can help take some steps further in order to prevent those kind of issues. Thank you. >> OLAF KOLKMAN: Yeah. And just, good to see you here Louise. The thing that I think we touch -- we touched upon it in the hallway conversation a little bit around mobile payments. The thing is, if it comes to cybersecurity, and if it comes to talking about it, where do you put the parameter of what your focus of the day is? And in the discussions we had last week, that was just not a focus. That said, obviously, if you do the risk-based analysis, that is where the most value, at this moment, in the cyber economy of Africa is. In the other places of the cyber economy, there is not much value yet. So I think that one of the -- obviously, that there needs to be a lot of attention on the value and the vulnerabilities of mobile pay, but there is also the opportunities to start with a building value in the other parts of the Internet now together with building the capacity. So work more from in building capacity and security at the same time, which is always better than patching after the fact. So I think the two things need to go together. >> MODERATOR: Thank you very much. This was a very, very, very interesting segment. Now is the time, as I described when we opened the session, we are going to move to the second segment. This is where we have the presentation from the Seed approximate alliance, these were three projects financed by the Seed alliance, they decided to come together and form an alliance and from the alliance they formed funding for the technology projects. The three projects that we have here are related to cybersecurity, and the first one at that we are going to present is from Tonga by Andrew Toimoana who is working on developing for Tonga. The second is Marcelo Palma Salas on security. And finally Erika vagua fromming to about VGB security. So Andrew? >> ANDREW TOIMOANA: Thank you, and good morning. It has been introduced, my name is Andrew Toimoana and I'm from the -- I would like to thank you this alliance for the opportunity given to me to present today. Basically, after listening to the previous presentation, you might be thinking, what is important? Why is it so unique for Tonga for setting up this as a project. And I would like to introduce this to you, and probably you can see why is it important for us. I'm not sure if everybody know where Tonga is, I get that a lot when I travel and I introduce myself from Tonga, and everybody says, oh, where is Tonga? So I'm going to introduce Tonga to you as well. Tonga, it's a very small Pacific island, and initially for setting up the cert, as we went through the process, we didn't know that what we were trying to do will be the first in the South Pacific. And we had some challenge, and with the assistance of APNIC, we had come out with some solutions. As you can see, Tonga, make double for 177 islands and about 52 islands inhabited. The total population is about a little over 100,000 people in there. And the total land area is 750 square kilometers. Tonga wanted to move forward with technology, so they introduce the fiber optics was launched in August 2013. This is one of the tools that support economic and social developments of Tonga, as it's been defined by the government. Also, it brings enormous benefits and opportunities for the people. This can be very dangerous if you cannot monitor and use it for the right purpose, as you know, from the previous presentations. What the government did in December 2013, they approved a task force. The task force will only report to the cabinet, and one of the mandates for the cyber challenge task force is under terms of reference, was technical system with entitled to sets up a Tonga computer emergency response which is to cert. Basically, starting to prepare for launching the Tonga cert. We became affiliated with some organizations. We affiliated with the Council of F, this is by engaging in a class of project, which is training our legal offices and our prosecutors to understand more about the issues of cybersecurity. And also, we had some visit to Srilangacert and Malisa cert they contributed a lot to the Tonga cert. And also, we have appointed APNIC to be the Tonga cert technical adviser, which is providing some technical training and technical advice for the Tonga cert. And with the assistance of the APNIC, Tonga cert was officially launched in July 2015, which is last July, and the cert is organized under the ministry of matec the ministry of communication is under. And we have come up with different phases where we can set up the Tonga cert. The first one is setting up the Tonga cert, we have Phase 1 and Phase 2 going on in parallel, and also developing the procedures and policies also going to know at the same time. So we have four different phases for launching the -- for developing the Tonga cert. As we proceed with our process of setting up the cert and as APNIC introduce us to ISIF, we were lucky to be the recipient of the small client fund. The fund is used to develop the Phase 1 and Phase 2, as I was showing you earlier, and also government and other partners are contributing with providing manpower resources, office facility, and other. This is the organization for the Tonga cert, as you can see we have a board that mappings the cert, and we have the operation specialists depending on APNIC. And in the agency liaison offices, this is very important for us because we engage our ISP, and we assign, we have assigned the MOU with three ISPs in Tonga and they assign two liaison officers from each to be a part of our team. And so, it's important that when a incident happen, we have to liase with them and also go through the process to move the process faster. And I believe, that's the end of my presentation and you're welcome to make any comment or questions. >> MODERATOR: Thank you, very much, Andrew. I would like to invite Marcelo Palma to the stage who is going to present to us on security. >> MARCELO PALMA SALAS: Okay. Okay. Good morning. Thank you for this. In the case, I presented Turbot, this is protection to the where manages traffic. This project, we have to support to free Internet with the thank you to them and the pronl that supported the pronl. The security laboratory, in Brazil. Okay. Please, do you know the -- no. Okay. Let's go. It's a relay network that enables anonymous application between different application and users. It works over the TCP and protect your identity on the Internet. The principle problem is it try to protects your information against corporate and government targets, not surveillance. Despite being used mainly by actively your and other peoples, there are more time compliance with other network, this is a big problem. But how it does work, how does it work. In order to introduce the concept of the layers. For example, many works with operating server, using three relays. The first, middle, and exit. This is applied the security through it. Each router knows only the acceptedder and the receiver that works. For example, we have here we're trying to connect to other server and we use three relay to connect that support to the communication. The problem is, for example, that behind any service there are a lot of malicious traffic. I took botnet, malware, traffic, et cetera. There are a lot of different kind. For example, 84% of the surveyed are up or less down five. And the other problem is 100 new relay service come online every day. For example, we have that the 50% of this service are drugs, market, route, and other kinds. In our project, we prosed in three phases. First, collect the malicious traffic, analyze and classify, and following and blocking. This includes setting up a network and rerouteing the big -- of the big traffic, obviously. And they will assist and formalize that tracking and blocking against malicious traffic. This is very difficult because the information of the traffic is all encrypted. And applied to recognize to block the malicious traffic. We use different tools like Traffic Analyze, ID, antivirus traffic system, other products for traffic. Other products like (?), it's a new area in the intelligence, and using meta analyzing. Our architecture work in the final relay name in exit. It analyze the traffic used in the tools stated, much like this, and collect this information. For example, in our case that we can collect the malware, we try to analyze with bot and other kinds of tools. Okay. And obviously, the traffic is entered to the router of the relay. Okay. This is the project and this is, for example, the traffic of it in South America. Thank you. >> MODERATOR: Thank you, very much, Marcelo. Yeah. This is great. (Applause). And I would like to invite our third grantee, Erika, to the stage. A comment, Erika will present in Spanish and I trust that we have quite a Spanish speaking audience here, but I would provide a summary of the project in English after she finishes. >> ERIKA VEGA: Morning. I offer my apologies because I don't speak English. I will make my presentation in Spanish. (speaking Spanish). (Applause). >> MODERATOR: Just a brief summary of the project. In English. The network in Columbia, it's a huge network, actually. It spans the whole country. They have a problem that they want to update the routes that are present in the network. Following some of the discussions on the ETF and actually some of us were here and somewhat guilty of that, if you will, there is a technology called the RPKI of the resource public infrastructure that can be used and applied to validate routes. And that is willing to actually commit a lot of effort, with the support of the Seed Alliance in order to probably one of the largest deployment of the RPKI that the world has seen so far. That is an amazing project in itself. So thank you very much, Erika. >> ERIKA VEGA: Thank you. >> MODERATOR: So, we should move now to the third segment of this session. We were supposed to break out in groups and have a debates, closed debates, but the thing is we only have around 20 minutes left, and we sort of believe that it's too short for that kind of dynamic. So we are doing something else instead, which I believe you will actually prefer. We are actually opening the floor for your questions. I see some hands up already. Remember, that the questions can be for either of the panelists or also for the others as well. You can make questions in general or make directed questions. So the audience, the floor is yours. You want to say something? >> In the meantime, I just want to give a thumb's up to the work that Erika just presented. I alluded to it before, that at the ISP level, there are specific actions that people can take in order to make the routeing system more resilient. The routeing system is the system that connects the network of networks to make sure that the global connectivity is there. Now, the security of that system is notoriously bad. And what Erika just demonstrated is that there is an ISP in Columbia that, the Academic Network ISP that has taken an action to validate what is going on on the routeing infrastructure. And that is exactly one of these things that we call for in the MANRS manifesto that I was talking about earlier, is exactly that type of action that will make the Internet more secure, which is taking it at the level of the ISP and enhances the overall Internet infrastructure, so I wanted to add that short of applause. Over to the questions. >> MODERATOR: So we have a mic on the floor, so who wants to go first? You have a second? Second row. >> AUDIENCE MEMBER: Hi. Good morning. Fernando from American University, I would like to ask a question to the panel regarding this idea of the Global South. If we think in terms of the Global South and cybersecurity and infrastructure vulnerability, is there something specific that we should discuss here regarding the dependence between the cyber south on the infrastructure of the north. I'm thinking specifically on ISPs, and Africa and Europe, Latin America and the U.S., is there something specific that we should discuss here in regard to risks of surveillance that is not necessarily on your territory, but you are dependent on jurisdiction and other issues regarding this other space. Thank you. >> OLAF KOLKMAN: Yeah. I think I touched upon that during the presentation that I gave. There are a few things that are, indeed, specific to the Global South. And I would say dependency on traffic going, even o of off-continent, is not only going off, but a security issue in the context of a pervasive monitoring and surveillance. So yes, ISPs play a major role in keeping your traffic local. And keeping your traffic local has the benefit of A, you don't have to pay for your transit, so you keep the dollars in your pocket. And B, making sure that traffic that doesn't necessarily have to leave your parameter, doesn't leave your parameters, and therefore cannot be looked a the by third parties. I think that it is important that ISPs are at the beginning of a process that will keep your traffic in your country. Because if you have an ISP t, that doesn't necessarily mean that the services that you're connecting to are connected to that I sSP. The Cloud is everywhere, and if you connect to specific server, Amazon or Netflix or what have you, you might not find your traffic being confined to your locality. It might actually go out far away. So I think ISPs are the first step in getting content more locally, but local content is an important piece of that. It's an important piece of keeping data global. And there is a pervasive monitoring angle to that, so yes, there is a sense -- a trust issue, I would say. Maybe not what we would traditionally call cybersecurity, but a trust issue. I hope that answers your question. >> MODERATOR: Questions? >> AUDIENCE MEMBER: So, for Tonga, c ert I would be interested to know how you stand your capacity in terms of tooling. For example, what we have been doing in African continent is to focus on Open Source tools in order to put the final resources on building the human skills. So that was one thing. The second thing is that we have been doing, also, an initiative of helping each other. Like a team being and knowing tools and being at a certain maturity level with those tools and being able to have teams around them to assist with capacity. So I would be interested to know your experience in terms of toolings and what you have been using. Thank you. >> Thank you for the questions. I think this is a very important question. Especially for us in the Pacific, where funding is very limited. As you know, we go with the standard applications requires license and stuff. So what we have found out in the government, and it is true probably in all the Pacific island, there is a lot of Open Source engagement in the Pacific. And as we visit the other countries, like Shrilanka, they're also engaged heavily on using Open Source. So in Tonga, we also are using Open Source, but we also have a open standard approach for the government where also the other software, like Microsoft and stuff like that, that we also engage on. But we want to make sure that they, that they get the licensing and everything sorted before they put it on. In response to the capacity, we are engaging on some, and we have put up a training once a month with all of our ministries, technicians where we come in and share knowledge. And also, they share any new things that they have come across, even some challenges that they are facing. It's one important thing is that we engage the IS Ps technician, as we have stressed here today how important they are in making sure that the routeing is all secured. We have learned a lot from them because they -- most of our traffic are going through their infrastructure, and but they have been there in sharing with us, it's really important for us. Also, one thing that we also worked together with is the police, the Tonga Police or law enforcement. Their capacity requires forensics side, it's not yet up there, so we are trying our best to learn ourself how to do it right, and also assist them in different ways. And that's how we create a platform where we can share knowledge. We also hold forums weekly -- I mean, monthly, and it's becoming an important forum for us. >> MODERATOR: Any questions from the room ?? I do have a question. Oh, sure. Of course. >> OLAF KOLKMAN: I have a question to the room. I find this a little awkward, we're sitting on the stabling and treat the as Oracles while we just share a perspective. I actually wonder, if there are people in the room who say, yeah, the perspectives that you bring subsidiarity, collaboration, and so on and so forth, it's all good and nice, but I've tried this and I stumbled. I actually wonder if there are people in the room who have experiences that are, you know, that can be shared from which we can learn, from which we, as an audience together can learn. Does anybody want to volunteer something? In the back I see a hand. >> AUDIENCE MEMBER: Hi. Thank you. My name is ver ona, the second director in In Hope. It's an international association of Internet hotlines where citizens can report child sexual abuse material found on the Internet. So, as you can imagine we are confronted as we are a network, currently present in 46 countries in all couldn't continents and we're confronted with the issue when a content is assessed or one of the hotlines gets the content, what is considered as illegal? What is considered as child pornography? We prefer to use child abuse sexual material, because it's not a child being willingly and posing for pictures or for videos, of course. But notice of the legislation around the world these days talk about child pornography these days. So we have been discussing this issue for 16 years already, and what we do is we -- when one of our members hotlines finds content that they assess as illegal, according to their jurisdiction, then they trace that content. They trace the content, find out where the content is hosted, and then they pass on their report to the other hotline where that content is hosted, so that that hotline in that country can deal both with law enforcement, with the police for a investigation, and with the ISP, so that the content can be taken down very quickly to avoid victimization, but making sure that there is the right protocol in place between the industry and the police so that taking down that content doesn't affect potential on-going investigations, which would actually make the matter worse and would not help the victim or a child being rescued on time. I think we haven't found a better solution for this problem. We still have the issue of what is the definition of child pornography in the different jurisdictions we work with. But we've managed to work with partners around the world, with industry, with big -- with companies such as Facebook, Google, with Microsoft, we are working with Europe in Europe, with Intorpol on a global level, and contributing also with technology and with the hashes that we actually, that our platform creates with Intorpol, so we've contributed global efforts to fighting this. So I think this is a very concrete example of one way in which we can cooperate, like social, justice, ministries of justice, I thsm C ministry, ISP, I wouldn't say we're successful but managed a way to deal with a issue that I think could get better. But these models could be available for other issues of cyber crime. And I also would like to mained a point that when it comes to cyber crime, people usually either think about identity theft or fraud or financial fraud, but let's not forget, victims are also children, they're also people, and these are issues. There are way, new kinds of ways that new kinds of crime are facilitated through new technology, and we should also put them in the front of discussion. Thank you. >> OLAF KOLKMAN: I think, I think this is a very clear and urgent example, actually, of an issue that is notoriously hard to fight and very important to fight. And I hear a few aspects around that subsidiarity that I was talking about. First, it is subsidiary in it's topic, child abuse is a serious topic, and organizing around the topic makes you effective and create a network of trust between the partner organizations, and but also at the local level, you know how to speak to the persons and the institutions that are involved and make it more effective. Another thing that I heard, and I with we hardly ever really speak about, is that security, obviously, is not something that you fix once. It is something that i constantly ongoing. You feed to be sharp. And specifically, with a nasty subject like child abuse, there is a constant arm's race. So vigilant -- being vigilant about security or that specific security topic, but also more in general, is something that is very important. Security is not a matter of putting a bunch of controls in place but is a mindset of following developments and making sure you continue to be on top. I think I've heard that all in your excellent example. Thank you. I think you want to respond back. I see you -- >> MODERATOR: We have a remote question? >> MODERATOR: Heather, can you hear me? So we have a question from Trever fips. This question is, how should a small island state with limited resources start the process of developing a cert? Our population is about 40,000. That's his question. >> MODERATOR: For Andrew, I guess. The mic? >> ANDREW TOIMOANA: I think this question is related to us, especially we are one of those small island states. It is true that trying to organize for a cert is not an easy task, as you know it requires resources and the capacity to build a cert. And as I presented earlier, what we have done, we do a lot of collaboration and partnership. And first, we have to identify a technical champion to start with. And that's when we engage APNIC and also we identify those who have a lot of engagement with technology, that's where we identify the ISPs, and we also identify people within the organization where they can be pulled out and start up the cer, t. One thing that is unique that we have done in Tonga especially is that we share resources. One of the things -- one of the ISP is providing office space for the cert, and also they provide some of the equipment to start up the cert. It's part of our initial relationship with them, and we have signed a MOU with them also about engaging this stuff, especially the engagement officers in some of the cases that come across the cert. And to me, if we are to interest this in a smaller nation like Tonga and it might be true to all the small island states, cooperation and networking and also partnership with organizations that can assist and help you establish, it's a key factor for establishing a cert. Obviously, we can't do it on our own without the assistance from these organizations. Thank you. >> MODERATOR: Thank you very much, Andrew. Thank you very much for the audience. This was a very enlightening session. Thank you for the panelists, and we ask for a round of applause for all of us, actually. (Applause). Thank you very much. (session completed at 10:33 a.m.) Services provided by: Caption First, Inc. P.O. Box 3066 Monument, CO 80132 800-825-5234 www.captionfirst.com *** This text is being provided in a realtime format. Communication Access Realtime Translation (CART) or captioning are provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. *** Internet Governance Forum 2016 Enabling Inclusive and Sustainable Growth Jalisco, Mexico 6 December 2016 OF40 >> Check. >> 1, 1, check, 1, uno, check. 1, 1, check. 1, check Internet Governance Forum 2016 Enabling Inclusive and Sustainable Growth Jalisco, Mexico 6 December 2016 OF40 >> 1, 2, 3, 1, 2, 3. 1, 2, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 2, 1, 2, 1, 2, 3, 1, 1, 1, 1 (microphone check.) 1, 1, 1, 1, 1, 2, 1, 2, 1, 2, 1, 2, 3, 1, 1, 1 Internet Governance Forum 2016 Enabling Inclusive and Sustainable Growth Jalisco, Mexico 6 December 2016 OF40 Mexico - (speaking Spanish) >> (speaking Spanish) >> (speaking Spanish) (Applause) (speaking Spanish) >> (speaking Spanish) >> (speaking Spanish) (Applause) (silence) (video playing off mic) (Applause) >> (speaking Spanish) (Applause) >> (speaking Spanish) (Applause) (session completed at 11:50 a.m.) Services provided by: Caption First, Inc. P.O. Box 3066 Monument, CO 80132 800-825-5234 www.captionfirst.com *** This text is being provided in a realtime format. Communication Access Realtime Translation (CART) or captioning are provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. *** interInternet Governance Forum 2016 Enabling Inclusive and Sustainable Growth Jalisco, Mexico 6 December, 2016 Workshop 27 WePROTECT 12:00 p.m. Internet Governance Forum 2016. Enabling Inclusive and Sustainable Growth. Jalisco, Mexico. 6 December, 2016. Workshop 27. WePROTECT. 12:00 p.m. (silence). >> Okay. Good afternoon. Thank you for joining us. I'm Ernie Allen. I'm going to chair this session. Those of you who may be in the wrong room, this is the session, WePROTECT, Combating online child abuse with MSM. Let me add before we begin, the IGF organizers have made it clear, that our goal today is to be brief in our comments so that we can hear from you. We want this to be interactive, we want your questions, ideas, your involvement. So let me introduce why we're here and give you a sense of what WePROTECT is. Clearly, the Internet has changed the world, overwhelmingly in positive ways. But there is also a dark side. It has also led to the explosion in the sexual exploitation of children online. Prior to the Internet, someone with sexual interest in children felt isolated, alone, aberent. Today, he's part of a global community. He can interact with people of like interest around the planet, they exchange images, they exchange fantasies, technique, even real children, and they do it all with virtual anonymity. In December 2014, the then British Prime Minister David Cameron convened the first, WePROTECT Global Summit. The Prime Minister called online child exploitation, quote, a major international crime of our age occurring on an almost industrial scale. He called upon all of us to act together, saying this is a global crime, it needs global action. He launched WePROTECT, a global campaign to identify and res view vim, remove child sexual material from the Internet, strengthen cooperation around the world to track down perpetrators, and build global capacity to address this issue online. The UK also committed 50 million pounds to a new global fund to attack the problem. Today those funds are being used to target this problem in 17 countries and provide the foundation for the new global fund to end violence against children. And you're going to hear more shortly about the impact those funds are having already. The UK created a WePROTECT International Advisory Board. I was honored to be asked to Chair that board. Joined by leaders of technology companies, civil society, law enforcement, and international organizations. The new British Prime Minister, Teresa Mae is continuing the UK's unprecedent leadership in this area, and I'm pleased to report that WePROTECT is working and that it's growing. This year, as many of you might be aware, WePROTECT merged with the global alliance against child sexual abuse online, which had been created by the United States and the European Union. The goal was to create one strong unified voice on this problem worldwide. And today, 70 countries have committed to this initiative, plus 20 technology companies, plus 17 major international organizations. The WePROTECT Global Alliance is unique, in that it is taking a multistakeholder approach to this problem, and it is the central element in the implementation of sustainable development goal, 16.2, to end violence against children. At our second WePROTECT Summit, seld in October 2015. Abudobi, we are adopting and promoting a national response. We have about 30 copies of that for any of you, after this session, who would be interested in it. But the strategy behind the model national response is so to support countries in developing a comprehensive, multistakeholder approach to ending online child sexual exploitation. The vision is not that everyone will go back to their countries and implement the Model National Response. It is more a guide. It is a result of many years of expertise and practice. It is an intent to give every country a framework to assess what it is doing in addressing the issue of online child sexual exploitation, to identify gaps and needs, and to prioritize national efforts that will make dramatic change in this problem. The overall goals of the WePROTECT Global Alliance include creating the highest possible level of commitment in every country, improving the response to child sexual exploitation, ensuring effective, successful investigations, convictions, and offender management, providing the best possible services and support for child victims, prevent child sexual exploitation in the first place, engage industry in developing solutions, and raise awareness among the public, professional, and policymakers. WePROTECT has only just begun. Here we're today to inform you, but more importantly, to ask for your help, your ideas, your advocacy, and your involvement. We want to hear from you. We want you to be apart of the WePROTECT Global Alliance, part of the solution to this problem. We want to grow it far beyond 70 countries, 20 companies, 17 international organizations. We've asked the members of our panel to speak to you briefly about the threat, the challenges, and how each sector can have the greatest impact. We'll hear from industry, from civil society, and I'm hopeful that we will hear from law enforcement. Our law enforcement representative has not yet arrived. But let's begin with industry. Jacqueline Beauchere is a member of the WePROTECT Board and is leading the effort to make our message and move worldwide. Previously she was a journalist and editor, she was a practicing attorney in New York and Washington, and for the past 15 years she's served as the Chief Online Safety Officer for Microsoft. I'm pleased to present a colleague on the WePROTECT Board, Jacqueline Beauchere. >> JACQUELINE BEAUCHERE: Thank you, Ernie, and thank you to the organizers at IGF to give us this opportunity to speak about WePROTECT and to discuss this important topic at this year's IGF. Just a brief bit of industry scene-setting, if I may. Much like this vile material knows no boundaries and no country is immune from child sexual abuse material, no online service is immune either. Technology companies in the United States, we are legally obligated to report child sexual abuse material to the U.S. national Center for missing and Exploiting children or NECMEC when we're made aware of this material on our services. To give you an idea of the extent of the problem, in 2015, last year, NECMEC received a record 4.4 million cyber tipline reports of child sexual exploitation material globally, and this far exceeded the 1.1 million reports that it received in 2014. If you took the prior 17 years that NECMEC had been in existence, that number of reports only numbered 2 million. This year, to give you an idea as of September 2016, NECMEC has already received an overwhelming 7 million reports to its cyber tipline. Technology companies prohibit child sexual abuse imagery and other illegal and inappropriate content on our services. We make available tools to report this c Connecticut tent tell us and have policies and procedures in place for removing illegal content and reporting violaters to authorities. In addition, the technology sector can and does create innovative solutions to help curtail the spread of child exploitation and abuse, as Ernie mentioned. One example, of course, would be the creation of Microsoft's photo DNA hash matching technology back in 2009, this helps the industry to identify and remove these known images of child sexual exploitation and abuse. Today, photo DNA is used by more than 70 companies and organizations around the world. In addition, there have been several improvements made by major search providers since the WePROTECT initiative took hold back in 2013. We now make it next to impossible to use the open web to look for child sexual abuse imagery online. Industry has committed, through the WePROTECT Global Alliance to share best practices in content moderation to create and use image detection tools, technique, and other innovations, as well as committed to sharing best practices around policy and awareness-raising efforts. As Ernie mentioned, we are part of the national model response. And as part of that, industry must have the power and the willingness to block and remove child sexual abuse imagery from its online services and to proactively address child sexual abuse imagery at the local level. Industries should also be proactively reporting online sexual abuse imagery to authorities. Industries pillar within the model national response is closely aligned to many of the other, but the association with the underlying legal regime that is especially key. Thank you, and I look forward to the remainder of the dialogue. >> ERNIE ALLEN: Thank you, Jacqueline. Now, let's hear from civil society. First frrks a national NGO and then from a global NGO. Diago is the founder and CEO of safer net Brazil and working to protect online human rights in Brazil. Saferinternet Brazil has connected national education campaign, promoting digital citizenship, e-safety awareness, and much more. And Diago is also a board member of the Internet steering committee, CGI. For his extraordinary work, he was the recipient of the Brazilian National Human Rights Prize, so I'm honored to produce, Diago. >> Thank you very much. I'm very glad with the invitation to join you in this discussion. I'm sure that it is a definitely a game change in against this worldwide. Especially, because the WePROTECT is focused on developing countries, and I, as a former Hope Foundation President, a remember a map that we have, e-hope, which is e-hope is the worldwide umbrella, worldwide organization that works as umbrella for Internet hotlines and integrates the works of hotlines in 51 different countries. And we look at that map, saw that almost 09% of the hotlines exist in the developing world. And there is a lack, there is a gap, not sure for hotline, but also helpline. Focus on developing country, when we look at Africa, South America, Caribbean, Asia Pacific, there is a lack of hotlines and programs focused on protection of the child. And WePROTECT is the first one with that. And that's one of the reasons why WePROTECT is there for the game change. And also, because the framework that WePROTECT propose to national countries to deal with this child, it's really comprehensive and respectable and basic pillar of the Internet governance process that is the multistakeholder involvement and the multistakeholder participation of all actors. In Brazil, we have 11 years working and responsible for national hotline, the helpline, and other. On the helpline site, over the last 10 years, we received more than 200,000 calls from victims across the country asking for help and support for issues of revenge, cyberbullying, harassment, hated crime, and rights violations. And these figures it should be addressed in a multistakeholder way. And we WePROTECT can reinforce those institutes, puts together in industry, international organizations like Unisef, who is also doing fantastic work in Brazil, and I'm very happy to see two very proactive federal prosecutors, and they are leading the law enforcement efforts in Brazil over the last 10 years. They are visiting StPalo, they are based at the prosecutor office in San Palo and we're working together with them in their awareness program and developing a lot of activities across the country involving school educators and teenagers. And all of that, it's some evidence that this program, it was designed to make change, and it will be a game change, especially in developing countries in the fight against it and also the awareness and national legislations regarding those topics. This is my few word, and I will say thank you so much for this opportunity to share this ideas with you, and especially an honor to have you. Thank you. >> Thank you Tiago. We are hopeful that Colonel Freddy Bautista. Obviously, he's been delayed, if he does not arrive, we may actually ask the San Pala prosecutors to talk about the extent of the problem and how you view it. Let me now move to our second representative from civil society, Susie Hargraves, chief executive officer and central of this battle worldwide. Adviser to many, including the American telecommunication union, UK governments forum and many others. And I'm particularly pleased to have the opportunity to tell you that in 2016, Queen Elizabeth presented Suzie the order of the British Empire in leadership of our time in child safety. I'm honored to present another colleague on the WePROTECT board, Suzie Hargraves. >> Thank you very much, Ernie. Thank you very much everyone, I'm delighted to be here. I'm the CEO of the Internet Watch Foundation one of the largest hotlines in the world. And importantly, in terms of this fashion, I'm a member of the international advisory board of WePROTECT and absolutely committed to the aims and objectives and mission of WePROTECT. So I represent civil society. The IWF is an NGO. We're self-regulated body funded by around 130 Internet industry members. They include some of the biggest companies in the world, Google, Facebook, Microsoft, Amazon, Apple. And we also work very, very closely with law enforce am and government, but we're independent of them. That means we can work very closely with technology companies and do what we can to use technology to achieve our mission, which is the removal and eradication of online child sexual abuse. I was asked to tell you a bit about our perception of the threat, and I'm afraid there isn't a person in the world that can tell you how many images there are of child sexual abuse. What we do know, is there are many, many, many images, and many, many millions of duplications of images. And also, every day we see new images, so it's a constant fight and it's a constant -- you need to constantly remain vigilant and do what you can to remove those images. What I can tell you is what we did last year, which is in 2015, the IWF removed 68,000 web pages, individual URLs, and each URL could have 1 or 1,000 images or videos on it. Of those, about 70% what category A and B in the UK, that is we classify child sexual abuse, ABC, and that's rape and sexual torture. 80% of the victims were girls. And 69% were children aged under 10, and 3% of those URL, that's 1, 250URLs with children age 2 or under. That means our analysts are taking down images of videos for a day of children aged under 2. So why are we members of WePROTECT? Well, we're very, very happy and very pleased that in the UK we've been able to develop a very hostile territory for hosting child sexual abuse. We adopted a multistakeholder approach. Everybody works together, civil society, law enforcement, the government, the industry, and we have a zero tolerance approach to remove it. When we started 20 years ago, 18% of known child sexual abuse content was hosted in the UK. Since 2004, that's been less than 0.5%. Last year was 0.2%. So we're very pleased that we can remove content that was in the UK in under two hours. But that's not the same in the rest of the world over, so it doesn't matter how good or quick we are at removing content in the UK. We can't do it alone. We have to work with other hotline, we have to work with other partners around the world to do everything we can to build a global multistakeholder approach, and that's what WePROTECT represents. I was also asked to tell you about the recommendations of the Model National Response and what civil society says and all of us say that each country should do to try and tackle this problem. The good news is there is lots of help and support to help you get there. But in terms of removing and ear e ear rad Kateing child sexual abuse, each one has to have it's reporting mechanism to report child sexual abuse. It may be that you need your own hotline, and if you do, you can get loads of support and help from the hope Foundation to set up your own hotline. Or do what 16 countries have done with the IWF which is establish a reporting portal to take reports in your country and they can come through to us and then we can do our work to get that content removed. You also need to do awareness raising with your partners. And again, the role of civil society is hugely important in this. Run an education program, because it's to the just about taking down the images, it's about online education and getting people safe and looking at them and making sure that they understand the risks and build their digital resilience. And finally, you need to develop support systems. In the UK alone, the police publicly now say at least 100,000 people at any one time are looking at child sexual abuse. That's not unique to the UK. That is in any country, regardless of where it is hosted, people will be looking at this. We need to approach and attack the behavior as well. We need to put mechanisms in place to have places for people to go if they're worried about their online behavior. Finally, I just want to reiterate the importance of the multistakeholder approach. The importance of civil society working together, so that means working with Unisef and working with all of our civil society partners around the world, as well with industry, law enforcement, and government. I just went to a session, which was spoken about harm on the Internet. He said there are three ways of tackling it, one is to use technical means to inhibit, second is to attack the harm and do something about it, and the third is moral persuasion. And actually, that's true. It's not just an online solution, we need to work together, and that's what the Model National represents. Thank you. >> ERNIE ALLEN: Thank you, Suzie. Let me reiterate, we brought copies of the Model National Response. We have about 30 of them. Any of you who would like a copy can pick it up at the end of the session. If we run out, leave us your business cards, and we'll get you a copy. Let me reiterate, I know it looks a little daunting, very specific. It is intended as a guide, as a tool that you can use in your country to assess what you're doing, where the gaps are. The expectation is for the that you're going to go back and do all of this, but that you'll take this multistakeholder approach. So now, for the final presentation before we open it to you, I want to ask Clara Summerin the child specialist for exploitation and violence for Unisef to provide us with an update on the progress of the UN global fund to end violence against children and the funds that have spent to date on the initial initiative. The initial funding came from the UK, and hopefully will now be supplemented as a part of this new global fund by contributions from many other governments and many other individual it's so that we can have the kind of lasting impact on this problem that we all anticipate. Clara came to Unisef headquarters in 2009 following her work in Panama. Prior to joining Unisef, Clara a sweet itch national worked at save the children Sweden. So I'm pleased to introduce, Clara. >> Thank you so much, Ernie, and inviting Unisef to be on this panel, and I should also way we're also a member of the WePROTECT Board, and I'm delighted to share some of the results that we have been able to make together, collectively, last year through these global program that Unisef implemented together with partners in 17 countries across 6 regions, and activities at a global level, with generous support of the UK government and under the WePROTECT Global Alliance to end online child sexual exploitation. The aim of this program is really to carry forward the vision of the WePROTECT summits held in London and Abudabi and really to translate the commitments of government, into the industry and in international and national organizations signing up to these statements of actions into concrete action on the ground. And this is some of these achievements we want to share with you, because what we have seen through this program that was a 10-month program, is that we have an extraordinary amount of action. We have been able to accelerate government, civil society, and industry action in these country, and I should also note that action is still going on. It was a short startup program, but all the engagement continues, and this is really very, very wonderful to see. And I should also mention in addition, of course, with the WePROTECT Board, we've worked with member of the partners here today at the country level, we have worked with governments from different ministries, many of the ministries of telecommunication, ministries of justice, interior, social welfare, education, private sector, the whole part and civil society. So it is a true example of a multistakeholder engagement. So what did we achieve in this short amount of time? Of the 17 countries, so the program was implemented in 0 70 countries, 5 in Latin America. Brazil, dominican republican, he will vaf tier and pair qie. Four countries, and worked in two countries in middleeast and northern Africa, Nigeria and Jordan. We worked in three countries in the Eastern European context, Albania, Serbia, and Montenegra, Philippines and Vietnam. It's an interesting program, of course, regional. Of these 17 countries, in a short period of time, in 10 countries we managed to support and establish a national-level coordination mechanisms on child online protection issues with a specific focus on online child sexual exploitation. So who are these multistakeholder mechanic nism? It's task force, working groups at different levels of government, and it really involves governments from justice, ministries of interior, telecommunication and social welfare. I think that is unique because this is the first time that we see that different ministries come together, join forces to take action to address online child sexual exploitation. And they have done so very much together with the private sector at country level, and I think this is also something that we would want to stress that this is unique, we see the government coming together with the private sector, and also with the civil society, and very much so with the hotlines. And we work closely, for example, with IWF in setting up a online portal there which is currently being set up. In a very short period of time, we've also seen tremendous efforts to reform legislation to criminalize all forms of sexual exploitation and abuse, and in particular, online child sexual exploitation. We have seen that this is either legislation that has been passed or is ready to be passed, has been drafted in 10 of these countries. We have also seen that there is a tremendous interest from the countries to develop national policies on child online protection or policies on online child sexual exploitation. Of those 17 country, 8 countries are in the process of developing national policies, and I think this is tremendously exciting, and something that I think we, from the WePROTECT Board and the partners in the WePROTECT, we certainly are all coming together and supporting the countries in developing and implementing these policies. And of course, very important aspect of the work has been to support the justice sector, to support capacity-building of law enforcement, prosecutors, and judges. For example, we have established, in 9 of these 17 country, we have established a specialized law enforcement agencies or police units within the police or within the prosecutor's offices, specifically looking at online child sexual exploitation. And of course, along with this establishment of these police units, we have also facilitated training together with Interpol but also with members of the virtual global task force. And finally, we have, of course, hand-in-hand, it's not enough to also only work with the law enforcement. We need to work with the child protection system in the countries. And in 9 of the countries, we have either supported or established reporting mechanisms, so wech so through child helplines. And we worked very closely with child helpline international on this program and also child helplines in the country. But we have also established online portals and online mechanisms because children in many countries also want to reach out online. This is very exciting news. Then I just wanted to mention, in terms of the reach, through this program we have already reached an estimated 30 million people in the 17 countries through awareness-raising programs, which includes campaigns. And we did a global campaign called, reply for all that we are happeny to share with you later on, it's available on the Unisef website. We have reached over 60,000 parents, children, and teachers in their countries through targeted awareness-raising efforts. We have also reached over 1,000 industry representatives and government representatives and working with the private sector to try and foster that multisector collaboration at country level. And through the capacity-building of law enforcement and child protection system, we have reached over 3,000 law enforcement officers, prosecutor, judge, and child protection workers. As mentioned also, we have worked very much together with partners at global level, and I just want to mention some of them. Of course, IWF, but also Child Helpline International. GSMA with the private sector, we have also worked with the Family Online, child safety institute to update the global resource information directory where you can go and find information about child online protection initiatives in, basically, all the countries in the world. So we are very, very tremendously grateful to the WePROTECT Board and the UK government to be able to implement this program, and we really look forward to accelerate the action in the countries together with all of you, everyone here in the room, and together with the board. And Unisef really stands committed to continue to w with the WePROTECT Global Alliance, and as Ernie said, accelerate actions to accelerate child exploitation in order to make the target 16.2 a reality for all d children. Thank you. >> Thank you, Clara and with multiple mentions of Child Helpline, the director Sheila is with us today. You're doing an incredible amount of work in this area. That's an overview of WePROTECT, the impact it's having, the beginning of this effort as part of the global to end violence against children. Now we want to open the floor to you, what are your comments, suggestions, ideas? Anybody? Yes, sir. We have microphones. I'm sorry. Yeah. Please, introduce yourself. >> AUDIENCE MEMBER: Thank you for giving me the floor. My name is Uta from the German center for child protection on the Internet, and I wanted to congratulation WePROTECT to the wonderful work you are doing and, but also I wanted to try to expand your focus a little bit further. We have set up a network, no gray areas on the Internet, two years ago with the support of the federal family ministry in Germany, and it's now expanded to 35 organizations worldwide. And what we call No Gray Areas, gray areas on the Internet are these images that might be illegal in one country but are not illegal in all countries. And to what Suzie has been saying, we aren't talking about the worst of the worst, but it all starts with images that are not the worst of the worst. We're talking about erotic posing images of children, but also images just showing innocent, everyday images that are put into a sexualized context so that people make comments how they would like to sexually abuse the children shown in the images. My focus would be to try to convince you that it's possible to discover and differentiate these images and try to combat the gray areas on the Internet as well. I brought it with me, it's called No Gray Images and it shows how it's possible to differentiate the image, not to make innocent images illegal, but to make them illegal if they are put into a sexualized context. Thank you so much for giving me the floor. Thank you. >> Thank you. If you could leave that, I'll make sure we take a look at that. And let me also say, German law enforcement in particular, has been very effective. The BKA has been a global leader on this, so thank you for all you're doing. Any comments from anybody else? Others? >> Thank you, Ernie, I'm here representing the federal prosecution -- no. I'm joking. I'm a federal prosecutor in Brazil, and I'd like to share with you a little bit of our work against child abuse in Brazil. I've been working against child abuse, child pornography, more specifically, for more than 10 years. And, we have a group and we have a national group in the federal prosecution of Brazil, and also in San Palo. We are specialized in combating cyber crimes focused on hate crimes and child pornography. Which we learned all these years, that partnership, it's the best way to combat these crimes. And the best combat, I believe, it's still the prevention. What we started to do in Brazil, and some people could ask, oh, but is this work a job of a federal prosecution in the criminal area? Yes, it is. In our opinion, it is, because we must protect the vulnerable. And in my opinion, there is no one more vulnerable than our children who goes to the Internet. So what we did since some years ago. Since 2007, 2008, we started to go to some school, prosecutors with the partnership with Safe Internet with my good friend is here, and we went with psychologists to talk with the teachers, to talk with the parents, how they could be cautious against these damages, against these worries we have in the Internet. They don't have experience, so we try to them to give experience to them. It was such a success, the program, that we couldn't do it anymore. Not because we didn't want, but because we didn't have people enough to do it. We do other things during our work, so there was a project that started. One of the coordinators, started two years ago, right, Nate? Started two years ago with the partnership with Safernet and in Brazil, that I'm very proud to share with you. Instead of going to the school, we brought the teachers, the educators, the social workers to us. We gave speeches all around Brazil with a prosecutor and with a workshop given from safernet, and he talks to the educators and talks to them to give them material and how to make games with the school, how to talk with teenagers and how to talk with children. I'm very proud so say this this work is going on, and we work with safe with some videos that we show. And I'm very proud to say that this year we are going to continue the program with public schools and bring this people. So in all of our experience, if I could say to you, that the prosecutors that are here and the people that are here, please work on education and prevention. I want to congratulate the WePROTECT for all the of the framework. This is our experience. Focus on prevention, focus on in school. Not just on children and teenagers but parents and professors. Thank you. >> Thank you. Jim, I think you received a question? >> Yes. Actually, we have two questions. The first is from Heather. The question for Jacqueline. There are many coalitions to tackle online crime, for example, the Technology Coalition. How does WePROTECT work in harmony with the other initiatives? >> Thank you, Jim, and thank you to Heather for that question. >> JACQUELINE BEAUCHERE: What I find particularly unique about WePROTECT, is that it is, in fact, this multistakeholder body that can bring all of these perspectives and all of these views together. But individually, each sector can also work on its own. And I think what Heather is referencing is the Technology Coalition, a newer nonprofit, we recently received the nonprofit status. It's made up of Microsoft, Google, Facebook, Twitter, Snapchat, Dropbox, a number of U.S. companies focused on the space, and we come together a as technology companies to look at the technical aspects of this problem and what we can do specifically from a technology perspective, and then work closely with WePROTECT bringing our technology platform to this forum where we can all discuss at that level and integrate with the other aspects of WePROTECT. So, again, what I find particularly unique is, is that we can work together as a industry in our s sector, and then the multistakeholder as well where we can get the broader perspective. >> Jim, you had a second. >> Second question coming in on line from micle a. I applaud WePROTECT attention to remediating sexual exploitation when it is found online. Via the various reporting tools noted by the panel, however in the opening comments there was a referential to prevention. While previous attempts of creating a safe space for children in the ENS, kids.us were largely unsuccessful. Will be deciding the registry operator of dot kids top level domain in the near foreseeable future. ICANN's government advisory committee has identified this is a sensitive string requiring special consideration. Does the panel have any opinion on whether there should be preregistration verification mechanisms to minimize potential exploitation, or would post-registration reporting tools be sufficient, similar to existing Legacy TLDs given the unique characteristics of Dot Kids. A brief one for you. >> Yeah. A brief one. Let me just make a quick comment, and then I think Tiago on the prevention side and others may want to comment as well. Two leading authorities on this space are in the room, John Car of the united kingdom and Mary, the columnist, journalist, tech wizard. We were just talking about earlier today about an initiative underway in the UK. In fact, the House of Commons has passed legislation to require age verification to access to certain -- to access certain kinds of sites. The focus in the UK is pornography, but also for online gambling sites, being done for dating site, for alcohol sites. So one of the key challenges is, can we develop a mechanism that appropriately protects the privacy of users, that in the case of pornography, that focuses solely on child protection and not on the content, so it does not deny access to any adult to any content. And the answer to that, in my judgment, I've been working on it in the United States. The UK, again, is far out in front. Though, countries like Finland and Iceland have already done this in other ways. Can we develop a technology approach that enables sites to verify the age of users? Prime Minister Cameron launched this in a speech in 2013, and the example he used is that a 13-year-old in the United Kingdom can't walk into a video store and purchase an X-rated DVD. But the same child can access the same content on the Internet. So, one of the challenges, I think, implied by that question is, how do we bring an appropriate level of protection to the cyberworld that exists in the physical world? And I don't suggest that that will be easy, but I think there are mechanisms -- I think we have to consider it in a way that is appropriately prospective of individual privacy rights. And I think, once again, the UK is an example that it can be done. Any other comments on that? >> (suzie) obviously, I'm from the UK, and the age verification issue is a huge one at the moment. I wanted to just reclarify the difference between allowing access by minors to harmful don't and illegal content. And, the issue of child sexual abuse is complicated enough, in that, the content we're dealing with ranges from, you know, babies being abused through to 16 and 17-year-olds taking pictures of themselves, and they still come within the frame of child sexual abuse content, legally. So I think it's really important to, sort of, separate out the different issues in relation to attacking and approaching illegal content for everybody and then looking at ways to make the Internet safer and deal with harmful content for minors. Thank you. >> I'd like to comment on that. I think that a big challenge, it's to find the correct balance between protection and privacy. I remember one picture that was in the New York Times and 92, 91, it's a very famous picture where a dog was in front of a computer. And users say, wow, on the Internet nobody knows who is a dog. And since that time, nobody knows who is a dog or not on the Internet. And the protection of the users privacy is a core issue, and I think we should consider, when discussing this approach of age verification, we should consider the chilling effect that some users can make on privacy issues and other, so all of those aspects, that it's really important for the Internet, for through the Internet that we consider the discussions. I can share a experience that we had in the Brazilian steering committee. I wanted to be the chair, it's a that we have, it's the Brazilian steering committee, and we discussed the policy issues regarding implementation of the democracy view of the Internet, the civil rights framework for Internet in Brazil. And one of the topics it's the topic of anonymity. The Brazilian institutions prohibits anonymity, but anonymity, it's also important, for example, to report a crime to the police for a cyber tip line, for all the respects of civil rights, and we should find this correct balance. It's not an easy task. It's really hard. There is a long discussion about that without consensus, but we should consider different perspectives and try to identify the extent of some measures that is really important for the free and open Internet such as neutrality and privacy. >> And let me add. I think Suzie's clarification was a really good one. When Prime Minister Cameron made his original speech in 2013, he identified two parts of the problem. One, he called criminal. The second, he called cultural. The response to the criminal part of the problem is WePROTECT. The response to the cultural part of the problem is his effort with filters, with age verification. Our view is, child sexual abuse images have nothing to do with free speech. They're crime scene photo, they're inherently illegal. No one is suggesting that all content would be open to any user or whatever, even if they pass a age verification test. So that criminal, cultural line, I think, is an important one to make. Suzie, I'm glad you made that point. Other comments? Yes, ma'am? >> AUDIENCE MEMBER: Thank you, very much. I am from Nigeria, and I'm happy that somebody said that. My friend, Suzie, I have worked with her in the commonwealth. I wanted to see, when I heard about WePROTECT, I was thinking beyond just the child and looking at other people, the citizens, every other person that uses the Internet. So is WePROTECT only for children? And apart from that, it seems to me that only the sexual abuse aspect of protecting the children that WePROTECT is looking at. But we have more than that in your own environment. We have recruiting children for terrorism online, we have hate speech, all sorts of things happening online. My government is getting jittery over it and asking, you know, even there was a deal by one of the legislators to regulate the social media. But for the outcry of the whole public and civil society, so it was like stepped down. So is WePROTECT only looking at children first? And again, is it only sexual abuse? We have more than sex abuse when it comes to children protection. What are the area or other areas that should be taken into considerations with this. And again, has the membership, is it just fill out a form online and become a member of the WePROTECT? Thank you. >> If I may respond to that. I was speaking on behalf of myself as a member of industry, Microsoft as a member of industry, in the WePROTECT global Alliance. There is many different aspects as chief safety officers at Microsoft. We deal with, on a daily bay circumstances I deal with on a daily basis, what I call the parade of horribles across the web. It is hate speech, and terrorist content, and online bullying, and child sexual abuse material, and extorsion, and online and revenge porn. So I would like to preview for you if, say, something Microsoft will launch for safer Internet day of 2017. We're putting out what we think to think of as a campaign for digital civility. So we're going to have some baseline research in 14 countries that we've conducted, and I apologize, Nigeria is notes one of them, but Mexico is one of them. What we did, is we've asked teens, ages 13 to 17 in the 14 country, as well as adults, ages 18 to 74, about 17 different online risks and the interactions that they've had online and how they've associated with those risks. We've written two blogs already about some preliminary data in that research, and we released the first blog in the back-to-school timeframe and repersued some of the teen data. Basically, what teens are saying is that they're concerned about life online. They're concerned, particularly, about their personal safety. And they only fear that the risks are going to increase in the future. And when it came to hate speech and cyberbullying and online bullying and being treated meanly online, the youth were outpacing the adults. The second blog we did was in the early November, on November the 10th we released this post and looked a little bit about some of the preliminary data, primarily about adults. We timed this one to post U.S. presidential election, and we also timed this to November 13th, if you weren't aware, is World Kindness Day. What the data showed in that blog, some of the preliminary results, is 65% of all the people surveyed, both the youth and adult, said that they had encountered at least one of these online risks. And there were offline consequences to those online risks. There was sleeplessness. There was increased stress. There was a need to want to disengage from the online world, but there was one bit of hope, particularly, for adults about, almost one-third, about 30% of them, said that it made them think a little bit more critically before they criticized someone online. They wanted to be more constructive in their criticism when they were talking with people online after they had this negative online interaction. So, that's a look at the data. There is also going to be other assets that we're going to follow with on Safer Internet Day itself. What we're trying to create, is not saying we have all the answer, but hoping for a platform or leaping off point, kind of a intring springboard to embrace as a global Internet community, the idea of increasing digital civility and really creating that web that we want going forward. Thank you. >> Clara? >> Yeah. Thank you. I think this is a very good question. Is WePROTECT only about online child sexual exploitation. From a Unisef point of view, what we could see last year, when we implemented this program is that this has been a fantastic entry point. Countries have started to address it, but it doesn't mean that they have stopped there. They have gone on in addressing cyberbullying, and other forms of online violence. I think, even though WePROTECT focuses on online child sexual exploitation, it is an entry-point, depending on country context, being able to address other forms of online protection issues, but also other forms of violence, exploitation and abuse that children face in the physical world. And I think that also related to what Jacqueline was saying, that we know that this online violence also can have definitely offline consequences, so from a Unisef point of view, we have seen that there is a great connection between the gruming of children online, for sexual exploitation that happens in the real world, right. So then definitely there is a very strong connection, and it's a good entry point. >> Let me just elaborate. I think probably the most direct and honest answer to your question is that it was the intention of Prime Minister Cameron and Prime Minister Mae, to focus more narrowly on this issue because you can't solve all of the world's problems. This is one that may be naive and delusional, but I am firmly convinced that this is a problem we can eliminate in our lifetimes, simply through the kind of multistakeholder approach we're talking about. Because of Microsoft's Photo DNA, content that resided on servers of multiple companies is now gone because of tools like Google's commitment to eliminate search results that produce child sexual abuse images. The ability to search for content and have it pop up is disappearing. So the notion was, here is an area that is well-defined, and if we address in a comprehensive way, we can have major impact. But, it doesn't mean that this initiative shouldn't be collaborating with others, shouldn't be taking what we learn and what we develop and what we apply and apply it to a wide range of challenges. For example, one of the other SDGs is 8.7 on eliminating forced labor and modern slavery. We're working with the international labor organization and new alliance 8.7 because much of -- at least part of their problem involves the use of the Internet for human trafficking, for child labor, for -- and much of which involves sexual abuse and exploitation. And then the final point I want to make is, on 16.2, the new UN initiative that Clara is playing such a central role in, the Global partnership to end violence against children and global fund to prevent violence against children is introducing one of three priorities. One of which is online. One of them involves children victimized in war situations. Others involve children victimized in normal life situations. So, the goal is to end all violence against children. The focus of WePROTECT is more narrow, and our concept was more strategic. Let's see if we can bring together multiple players in a coordinated way, develop resources, target those resources. The comments by our prosecutors from Brazil reinforced, in my mind, I'm sorry that Colonel Bautista couldn't be here, but he's a great real life example. In it 008 he was asked by the Columbian police for the first time, to address the issue of developing digital tools to investigate online crime. Columbian national police is now a global model. For the first time, as a result of WePROTECT and the work that Clara talked about, there are new law e enforcement specialized investigative units in countries like El Salvador and Dominion Republic and Jordan. In some of those country, the response when we first engaged them was, this isn't a problem in our country. What we're hearing all over the world is the only way to not find this problem in any country is simply not to look for it. So the good news is because of the leadership of the UK and Unisef and all the people on this panel, countries around the world have begun to look and they're discovering that it is a problem. What we're trying to do is develop tools that they can use to actually solve them. Sorry to make a speech. Yes? >> AUDIENCE MEMBER: Hi. My name is Kiki from Indonesia, and I do really appreciate it about this workshop. Actually, we have a lot of issues in Indonesia about child online, and now we are trying to make a roadmap about child online protection. And throughout, it is still an on-going process, and then we using the multistakeholder approach and one of our stakeholders is Unisef Indonesia, and in Indonesia, we have one of the reason why we want to build a roadmap because we have a lot of program. We have a lot of -- we have a lot of some regulation to protect the children while they're online, so that is the reason. We just want to collaborate the program and also -- going through the program and implementation the program by our stakeholder and not only the government, but with our stakeholder. So, and after the presentation by the panelists from WePROTECT, we just trying to learn more and implementation about the program. And maybe Indonesia, especially our Minister of Communication and Technology, I hope we can cooperate to end the exploitation of children online. Thank you. >> Thank you. And let me say, Indonesia was an early member of the virtual Global Task Force which is a network of law enforcement agencies. Indonesia recognized early that this is a problem that law enforcement in one country can't solve alone because of the nature of this problem crosses national boarders. So we're very pleased that you're here, and hope Indonesia will become far more engaged in addressing this. Yeah. >> AUDIENCE MEMBER: Thank you. I just really appreciated this conversation about how one addresses a multistakeholder challenge, and coming from the legal and the technological and the kind of top down governmental approach, but also I think thinking about the cultural issues that have also come up and what you call kind of the gray areas. And one of the things that I just wanted to say, WePROTECT is also funded, is the research project Global Kids Online. I have some reports here if anyone would like to followup. We've been trying to do what research can do well, which is to put the child -- the children who are at risk, in the wider context of their community, the roles and possibilities for their parents, teachers, and friends, so that we see how it is that certain children, under certain circumstances, do come into the risk of serious harm, and to understand what all the other stakeholders might kind of do in a kind of holistic sense, and seeing how that works in different countries and different cultures gives us a sense of, I think, where there are ways to kind of press in terms of teachers, parent, and indeed educating childrens, so the research kind of gives us ideas of kind of priorities there. Anyone who wants to hear more about this, come and ask. Thank you very much for the fantastic work that you're all doing. >> Any comments? And let me say for any of you who could get a copy of that report. It is very hopeful. Really encouraging and demonstrates that real action is taking place on the ground and changes are being made. >> (Suzie) -- one of the things I wanted to say about WePROTECT and the multistakeholder approach is that the funding is fantastic and absolutely a game changer for those of us who have been working in this field, to have that amount of money available to attack the problem is really important. But almost more important is people just working together. And the existing resources being shared in terms of skills, resources, advice, support, and many people involved in this project don't get any money from WePROTECT, but we're still committed to it because it's about tackling and finding a solution to the problem, which as I said before, you just can't do it in one country alone. So even if, even if you've got a need, the support is there, even if it's not funding support. It might be support from law enforcement, from the hotline association, from a range of partners. It's not necessarily just about the money, but about helping you deliver on the commitment to make a difference. Thank you. >> We have -- all right. Let's do that and then we'll come to an online question. Yes, sir? >> AUDIENCE MEMBER: Hello. Hi. My name is Mohammad, uf a NGO in UA. It is a UA national con sort numb for 25 national entities including ministry of and other national and government and nongovernment entities. So we are conducting a workshop tomorrow of collaboration toward and beyond child online protection. We'll be talking more on, other than the child abuse materials, probably the child development and education programs. I have a question in terms of the WePROTECT. What is the technical measures has been talked about live-streams of child abuse. I'm from India, originally, we have 460 million Internet user, and now maybe Suzie can give some insight into that because the live-streaming is becoming quite -- it's becoming normal now these days. So what is the -- what is the WePROTECT mission taking care of technical measures in terms of live streaming. Thank you very much and inviting everyone tomorrow at 10:45. Thank you. >> Let me start. The challenge of live streaming is enormous, and frankly, it's one of the reasons why one of the target countries for our initial round of projects was the Philippines where this was a particular issue. There have been major cases made by Swedish police, by UK police, by U.S. police and so much of that is rooted in poverty, that parents are simply providing the children for money. So it is a massive problem. It is a key element of what we're trying to address, and a lot of that, frankly, is going to be addressed through aggressive enforcement. Law enforcement didn't recognize when it began to happen, what a serious problem it was. But there are people now spending time in correctional facilites all over the world who have engaged with that. We had to address not only through law enforcement, but engagement of civil society on the ground, and real progress is being made in the Philippines, but we need to do it in more countries. Clara. >> Maybe just to mention, it's true what Ernie is saying, Philippines was supported through one of the first rounds of WePROTECT. They have been working a lot with law enforcement. We have also done -- thank you Sonia for mentioning the global kids -- I should have mentioned, it's a fantastic piece of work facilitated through WePROTECT. Philippines is one of the countries now carrying out the study. I think that will be particularly important to also understand why is the live streaming happening. As you say, we also are not only working with law enforcement, but also looking at the prevention angle. Why are these children put into these situations and what are the family dynamics triggering that? And then I just wanted to say, to the lady from Indonesia, that it's fantastic that you have such a commitment to child online protection issues, and we certainly stand ready to work with you in Indonesia, and we already do, and I believe also the partnership that Ernie was mentioning, the global partnership to end violence against children, I believe Indonesia is one of the pathfinder countries. >> Yeah. >> So you will definitely have an opportunity to work with all of us, I think, on these issues. >> I know you're asking specifically about technical issues with respect to live streaming. I would just sort of take you through the progression. As you know, Microsoft developed Photo DNA which we've heard a little bit about today. That specifically applies to still images. Through the technology coalition and some other efforts of other company, we're making some progress around video, in applying Photo DNA and other techniques to video. The next step, of course, is live streaming. When we're talking about live streaming, we're talking about, basically, a private conversation between two people. So as Tiago was talking earlier about the balance, we have to balance privacy issues. Now, of course, we know there would really be no legal basis for having this kind of conversation, but it's difficult for a technology company to identify that this is happening because of privacy concerns and privacy issues. This is where we need to work with governments, and governments need to work with law enforcement and really apply that multistakeholder approach to this issue. It's not just a technology play because technology, we are bound by other constraints and we cannot go and dip into conversations. We know this is happening, as Ernie says, it's a huge problem, but we have to work together to some to some reasonable solution. >> ERNIE ALLEN: And let me add to that. There is no better example of the importance of a multistakeholder, multifaceted approach. One case in point, two years ago, a man in Sweden was convicted of the rape of a child when he wasn't even in the same country as the child when the child was sexually assaulted. A Swedish court held him responsible for the rape of a child when he hired men in the Philippines to obtain children as young as 5 who were then sexually assaulted by a live streaming video while he directed the action from the privacy of his home in Sweden. Now, most of the countries in the world k couldn't have done that. So, we need better law. We need better law enforcement. We need better technology. We need better social services and support for families and children, you know, on the ground. So, I think your question really captured the complexity and the difficulty of the problem we're trying to address. Larry? >> Part of the prevention issue is getting people not to engage in these crimes against children, and obviously, law enforcement is a very important part of that. But what about working with people before they become abusers? Trying to educate young people, trying to somehow intervene in this process early in the game when, perhaps, we have some evidence that a person is likely, I realize thoughts are not against the law, so you can't do that kind of thing. But how or what kinds of efforts can be made to get people, simply, not to go down that very dark road of being an abuser? >> ERNIE ALLEN: Let me just respond briefly, then I'll let the other panelists respond. Jutta was here from Germany, they initiated a project funded initially by Volkswagen. The concept is that people who are sexually attracted to children are often reluctant to reach out for help because of the concern about stigma and having, you know, their lives ruined. Dunkelfeld provided a vehicle for which people could reach out anonymously, receive help from a therapist, and the whole concept was intervening before they offend. Now, that's difficult for a lot of countries to do because we certainly know, politically, that there are risks in saying that we're going to take care of, you know, would be child abusers. But the reality is, you're exactly right. Unless we do something like that, all we're doing is responding after the fact. So I think there is a growth in that. There is work in the UK in that area through organizations like Stop It Now that are trying to intervene sooner in this issue, and I think we have to come to grips that we're not going to be able to arrest and prosecute our way out of this problem, unless we do a meaningful effort to intervene earlier, and that's primary intervention. Intervention before there is a victim, not just catching somebody after the fact. Suzie. >> Very quickly. We've done quite a lot of research, and a young men age 16 to 24 the most likely to stumble upon child sexual abuse and the least likely to report it, so we've done a number of campaigns, and we're about to do a, sort of a specific campaign with the UK home office to actually target that -- target that age group so that just to make sure they don't go there in the first place, because we want to stop people developing the behavior in the first place. And also, Stop It Now have done an amazing campaign, the people already looking at that content, so you're absolutely right, Larry, you've got to stop people before. >> JACQUELINE BEAUCHERE: I want to add one point, from a research perspective, I was a little concerned with this kind of campaign or this kind of push, we could potentially inadvertently be inspiring sort of casual users to find out what exactly are people talking about when they talk about this kind of material? Search engines are now offering ads and promotional material, so even if you look up a potentially inappropriate phrase that could potentially be linked to child sexual abuse material in some way, we offer a little ad to Stop It Now to be able to see if people need help or if they're actually embarking on that casual abuse or casual inquery frame of mind. >> ERNIE ALLEN: I think we have an online question. >> MODERATOR: Yes, it's from -- excuse the mispronunciation, Roci. As civil society, what can we do when we detect images on websites where there is abuse clearly seen of children? And this is my suggestion, is to make a campaign where society will unite and denounce the types of action, but with information close by as what we can do and where to denounce it. >> Report it. Report it. I mean, we do need to do more around the world to raise the awareness that you can report it. So if you type into Google or Bing or anything where to report child sexual abuse or child pornography, it will give you the helplines and hotlines to report it to, so that's what you should do. It's your responsibility to report it. What we need to do, my view, is that we need to do so much more to educate people about -- this is less about the gray areas that were talking about, but basically if you see a image of a 10-year-old being abused, you really don't need someone to tell you it's wrong. We need to do more on a moral persuasion route to say that this is actually unacceptable behavior, and actually, you know, that's not acceptable and if you see it, it's not fun, it's not great, and not cool to share with your friends, report it. That's why we have anonymous reporting. 80% of all of our reports from the public are anonymous. >> ERNIE ALLEN: Yes, ma'am? >> Thank you very much. Veronica, and we are also part of the advisory b board of WePROTECT and are really appreciative of the multistakeholder approach. But there are also a number of challengeses in the area. I would like to address the panel with a number of questions. One is, how can we ensure that WePROTECT remains sustainable, both in terms of engaging governments to take part of the initiative, but also in terms of sponsors, and having actually funds available? Second, given the limited amount of resource, because as Suzie said, okay, the funding is important, but it's certainly not enough to cover the f needs in this area worldwide. How are the funds being prioritized and how will they continue to be prioritized in the future. And a final question is, how do we measure progress? And how is WePROTECT committed to evaluating progress in the area? Because I think, when developing the multinational response and developing capacities in the different areas, we see a different reality. And Sonia said, the cultures are very different, but also countries are dealing with very different realities. So, I think it's timely to take a more qualitative approach to measure progress because a progress that one country can make cannot be necessarily comparable to the progress another country makes. But it's also important to guide those countries to help them make decisions according to where they need to prioritize their efforts. Thank you. >> ERNIE ALLEN: Let me start, and then Clara, you may have some comments on this. Sustainability is our largest challenge. And one of the things I would say to all of you, I used to say this when this was a David Cameron initiative and I say it when it's a Teresa Mae initiative, and that is, to the best of my knowledge, one head of state, one head of government on the planet is talking about this issue. WePROTECT happened because the Prime Minister of the yiet United kingdom said this is serious and a problem and we're going to do something about it. One of our biggest challenges in terms of sustainability, in terms of impact, is raising the level of concern about this, of awareness up the policy level, which is why we will let all of you know about the WePROTECT 2017 Summit. A site has not yet been chosen and dates have not yet been chosen. The goal is to get not just all of us, but the highest level decision-makers we can get there. Challenge number one is simply for world leaders to recognize and to agree that this is a serious problem. And then they'll respond to it. The other point I would make is, there is now a mechanism in place, created as a result of SDG 16.2, it's called the global partnership and global fund to end violence against children. Part of the challenge will be to raise a lot more money, so when you go home, tell the leaders of your country, you don't have to put up the equivalent of 50 million pounds. But lots of countries need to be contributing to this. One of the biggest challenges we faced, I talked to a Foreign Minister in Abudobi who looked at the Model National Response, and said, we'll do that but you need to pay for it. Well, we're never going to have enough resources to pay for this in every country on the planet. The goal is to use the money as generated as seed money to demonstrate effectiveness, to demonstrate what works and what doesn't, to demonstrate ways that you can replicate. So we got to raise a lot more money, raise the level of concern among policymakers. In terms of measurement, I think one of the exciting things about what Clara reported to you, is Unisef is doing that. We are measuring and evaluating the impact. We've only done it in 17 countries so far. But you heard, we're not spending money in Britain and the United States and Canada. You know, we're spending money in the developing world to develop these -- this capacity. To develop this resource and then measure the effectiveness. So I think your points are right on, and those are concerns we're thinking about. Any ideas you have, any ways or suggestions you have, let us know. Clara? >> Yeah. Thank you.S I want to pick up on the point what Ernie was saying about the SDG, it's true, through the SDG and agenda 2030, all countries in the world have committed to address violence, exploitation and abuse. That includes online child exploitation and abuse. I think it's a very powerful message. I think we all know, at least in the Unisef, it's quite clear to us that the funding climate has changed dramatically these past couple of years. We see migration courses, for example, in the European context, and some of those country, including my own country, I'm Swedish, I think the Swedish government last year diverted some of their overseas development budget to deal with their home, you know, the problem of migration in the country. So I think, also, when it comes to funding, we also they'd to be creative and find other ways of funding. And also, as Ernie was saying, it's about political will. And we know that in many countries, there is actually resources, and we need to leverage those resources as well. In terms of the monitoring innovation, I completely agree with you. I don't think we can assess the countries on the same scale. I think we need to look at where the countries started and where they're getting to. What I didn't have time to mention was that through the WePROTECT program last year, we did undertake an evidence review on what are the effective policies and programs to address online child sexual exploitation and also empowering children. And we're right now finalizing guidance for governmenting on developing national policies, and it's true, through this work, we have seen that it's a clear need for all of us to develop and monitoring an elevation framework, and I think that's also something that the WePROTECT Board has discussed in relation to the Model National Response and look at how can we help the countries during these assessments. So I think, at least, from Unisef, we look forward to your ideas and look forward to working with you on that. And I do think, that in terms of sustainability also, I think actually, there is a lot of action going on on the ground, not only in the 17 countries that we supported, but also in other countries where all of us are working. And I think we need to continue supporting those efforts. And as soon as we have the infrastructure and legislation in place, I do think that there are better opportunities that our initiatives will become sustainable. >> ERNIE ALLEN: Yes, sir? >> Hi. This is Mohid from Internet Society UA Chapter. First of all, I would like to thank you all for your interventions and telling us about what we protect and what your organization is doing in this important space. But I would like to also draw your attention toward financial correlation. Earlier there was a lot of stress about financial correlations, MasterCard and visa, and people are the money. Then there was a whole sense of dynamics of this economy switch was working. So, how does it change with the virtual currencies like coin coming into pictures and people are becoming more and more anonymous when it comes to, probably, paying for this object objectionable content. Has that been thought about? How are they going to address these challenges? >> ERNIE ALLEN: Yes. It's a dramatic challenge. One of the things we've seen is that this is a problem, that in many ways, has moved from commercial to noncommercial with the invent of the Internet, it was no longer all driven by purchase or subscription. These were images traded among people of like interest. But the invent of virtual currency, digital currencies, the invent of the dark web, the ability to, you know, engage and share information with people anonymously, creates a whole new component. A university in the UK did research on the dark web and found that only 2% were pediphilia sites but accounted for 80% of the dark web content. So there is no question that there is a migration of users into areas where they're less likely to be identified or victimized. So the challenge that you state is a real one. We have to be aware of that. This problem is going to continue to migrate, continue to change. We have to catch up technologically, and try to the greatest extent possible, to stay ahead of the curve. Anybody else? I think I have abused our time a little bit. We got a little wound up here, but I wanted to thank all of you for being here. I particularly want to thank Jim Pendergast sitting down here of the Galway SG Group, the organizer, put the plan together, brought the people together, he did a magnificent job. Jim, thank you. And a reminder for any of you who would like a copy of the Model National Response, it will be here on the table. There are 30 of them. So if you're not in the first 30, just give me a business card and we'll send you one. Thank you for being here, and thanks for the panelists for your extraordinary information. (Applause). (session completed at 1:35 p.m.) *** Copyright © 2016