You are connected to event: CFI-RPC5 2016 INTERNET GOVERNANCE FORUM JALISCO, MEXICO ROOM 5. 7 DECEMBER 2016. WS143: How to acknowledge cyber evidence reform/new parallel law. (the meeting will begin shortly. Captioning on the screen). Workshop 5. 9:10:30.30: How to acknowledge cyber evidence: Reform/new paralle >> We'd like to ask if yes the audio is working fine. Just a test. We have five more minutes of preparations then we're launching. Sorry for the delay. >> Welcome, everybody. Just a little bit before we start. Please wait your turn if you have your turn if you have a question until the microphone gets to you. If you have a table microphone, please talk loud to it. Thank you. We go on screaming in 30 seconds. >> JAHANGIR HOSSAIN: Hello and welcome, everybody. Thank you for making it to our workshop entitled "how to acknowledge cyber evidence: Reform/new parallel law." What I'd like to first start with is a brief introduction of the session. >> KHAN MUHAMMAD FUAD BIN ENAYET: But before we do that, let me send you greetings from the session organizers who are unfortunately unable to be here. And Jahangir Hossain weren't able to make it. However, the session is being organised as you see it. And we have a set of distinguished speakers as well as locally here as well as remotely. Let us start with the workshop itself and what it an east supposed to do. >> DR. WALID AL-SAQAF: I'm wal idea. >> DR. WALID AL-SAQAF: And the moderator of the session. I am purely as an individual. I'm an ISOC board member but I'm here to help facilitate and moderate the session. So the workshop itself has several topics and questions to raise. The first question is how to address and acknowledge the cyber evidence where virtual and real life activities should be treated equally with logical consequences or sequences of happenings and identity confirmation. And so that means that how to deal with virtual and real when it comes to evidence. The second you is whether the modernization and/or amendment of classical criminal procedure, evidence law, et cetera, are good enough to manage the Human Rights and criminal activities in Internet domain. That is to say the coexistence of real and virtual domain. The third point is whether the law enforcement activities, for example, surveillance, intelligence, policing, defense, et cetera, are going to require separate legal and administrative frameworks. That is to say, drafted from scratch to separate the real and virtual domain for the sustainable ecosystem. And the fourth point is the short-term and long-term governance model for the Internet, legislature and Internet ecosystem. We hope we come up with a number of outcomes and recommendations from the workshop based on the following. The first is the points/remarks raised by each of the participants and then we'd like to have recommendations given by the rapporteurs. We'd like to also note the importance of the having counter logic and answers being critical. And then given by the rap tours. And then finally, we'd like to have a conclusion that I will be drawing as the moderator. We have a distinguished set of speakers, some of them were not able to make it. But let me start by introducing our first speaker. He is Sumon Ahmed Sabir, the chief technology officer of fiber at home. He also has a couple of other hats. He's also the Chair of BD Nog. And he is also the vice or policy co-Chair of APNIC. So I'd like to bring the question to him in a straightforward way and ask: What is your position of whether there should be cyber laws, parallel laws compared to what we already have like penal codes and traditional laws in the various sovereign countries? And why do you think that is the case? Thank you. >> SUMON AHMED SABIR: Thank you very much, wal idea. I'm from technical background. You heard from Walid. But we're talking about law. I worked with technology and Internet and we feel/felt that we Ned to talk about it,. >> MS. TAYO AKINYEMI: Tully, the way things are moving forward. -- actually. Since Internet became popular in 199 0Zs. We started we saw starting from -- and today we can see different kind of online criminal activities including ransomware, even handicapping your own data and asking money for that. Very different kind of crime happening online. And the kind -- and what I've seen I think from 2000 or something within different countries starting to make parallel laws for handling Cybercrime. First law was made in 200 April it amended three times and last event is now going on because it does not fit in with the newer kind of challenges you are facing over Internet. So from where the question comes that should we go for new and newer laws for new kinds of crimes? Or we can really change something with how we handling the evidences. To my point of view, that any cumulative activities -- criminal activities, whether it is in cyber world or real world. So a criminal should be prosecuted based on the merit of the crime, not on it is done in the cyber world or in the real world. Rather, we should focus on the evidence and the merit of the crime done by the criminals. So, I'm not in favor of creating new laws all the time; rather, I'd like to focus on how we can really focus on that evidences, actually. And creating laws, creating some new problems, as well. Like I can give an example. I'm talking about my country, that like for if you threat somebody online, then it is proven that in cyber law, it says it can go up to 70 years of prison with 10 million -- penalty. But if you do same thing in another world, the law is not that actually. So actually you have been treated differently doing crime in cyber law. Facebook is of more challenging than posting something in a newspaper or talking something in a television. So this kind of discrepancy also we are watching for creating different laws for handling cyber crimes. And also we found that in some countries, that the cyber law is being used for kind of operation to the opposition or some kind of thing. So it has new kind of laws. Even in our country, the cyber, if somebody file a case against you using cyber law, it is not available. So anyway, you have to be at least two to three months to get bail for high court even though you did nothing. So these are the consequences, actually, that we are seeing for having different cyber laws. Rather, what I like to focus, that every kind of criminal activity has some kind of evidences. In civil crime there's civil evidence. Rather we need to review this kind of evidence should be recognizable by the court. So we need to change the legal system in such a way that it recognizes cyber evidences. Earlier days in many other countries, we observed that a videotape or an audiotape is not recognized as evidence because it is not in paper or some other kind of not physical evidence. So this changed. So we now treat those as evidence in many countries. So we need to focus on that area. We need to focus on our legal system. We need to focus on law enforcement. They should be able to handle the cyber evidence. They should be able to secure the cyber evidence and produce to the court. And the court, judiciary should be aware of how this crime has happened and acknowledge the evidence and based on the merit of that crime, the criminal should be prosecuted. So this is how we can -- creating new para leal laws, rather we if Ed to acknowledge several evidenced. I can go in different evidences. Not only criminal activities. Foaks signing a contract. In many countries, contract means it has to be on hard paper or signed. But now they're talking about digital signature. We are doing contracts in digital world by clicking in capture or some type of digital signature. And those can be treated as a legal contract. So from that, we need to have a new cyber law for contracts; rather, we can add this type of digital contract as to be recognized. Purely valid if it is a contract. So this is the area that I initially try to focus. Another new area actually we are focusing and that is that Cybercrime actually is cross-border thing. It's not limited to a particular nation. So even if you do have parallel law, it is a different country. And if a crime happened from different country, the law has nothing to do at all. Rather, in that case, we need more collaboration. A lot of people are working on that how we can handle this cross-border Cybercrime. And we can address this kind of issues. So this is not about creating new cyber laws. So again I think I like to support the notion that we made several evidence reform, not new parallel law. Thank you very much. >> DR. WALID AL-SAQAF: Thank you. I'd like to summarize quickly the points that have been raised were. The idea that there should be a law for every medium is invalid or let's say not practical. That's what I hear because a crime is a crime, whether it's committed electronically or in the real world. And maybe the reference to the need yum can actually bring us to the question of whether, for example, there could be a law for telephone crimes. For example, you have harassment. There is no such law because that is evidence. You have video, let's say an audio record, then you use that in the court of law. And then it leads to a conviction. It doesn't mean that you need to have a law for this form of communication. So it is the evidence itself and the way you collect that matters, it's not where and how let's say the crime takes place if that is what I understood correctly. No need for new laws for every different form of communication. So now that we have this particular viewpoint from the technical and business perspective, and you expected this. Let me turn to the government. Do governments do believe that the cyber laws or necessary or not? And I'm really privileged to have here Mr. Andrew from the government of Congo. He serves as director for information technology at the ministry of MEIDECC. And I'd like to give him the floor now to explain or give his perspective on this matter. >> Andrew: Thank you very much. As I have been introduced my name is Andrew do I man an. I am basically responsible for the ICD and the domination of srt and I'm very grateful to be here and be part of this panel discussion. In regards to the question, the government do recognize the cybersecurity law. We have been engaged in many activities in addressing different ways to improve our computer law. Just a little background from where I'm at. Most of you don't know where Doma is. It is a small island nation in the south Pacific. Very close to Fiji and New Zealand. And in 2013, we had our fiberoptics landed in Toma. And that changed the whole playground for Internet activities in TO ma. And the government have addressed the issue of safety in using using the cyber activities by creating a taskforce, a cyber taskforce. And this cyber taskforce had three working groups, which includes cybersecurity, cyber Cybercrime and cyber safety. And because of this initiative, Toma have participating on the cultural activities in regards to the (something) convention. And as of last month I think November, we have put up our interest to be an a full member of this Convention which is the I believe the 51st state to be a member of the Budapest convention. In regards to carrying a lower form for cybersecurity, we recognize the importance of this. As we all know nowadays there are different days that are integrated or related to any cyber crimes. One of the important things is when you get the evidence, there are certain ways of getting those evidence and preserving it and if you are not doing it right, then it can be argument in the court of law. And there is not a valid evidence to be presented. And because of that, there are clauses in the laws that need to be in Doma, our latest act was created in 2003, way before the fiberoptics landed in Doma. So there is a new cyber law 2016, it's still appealed right now. But we are looking at amending that 2003 law to be 2016 act, which raises a lot of issues that it didn't cover in the 2003. And we are looking forward for making this law as a baseline for prosecutors. One thing that we have learned from the Council of Europe and trying to get ready for the Budapest Convention is the -- of our charges to understand the different evidence in Cybercrime. So there has been some trainings that's been done with the assistance of Budapest or Council of Europe, basically focusing on upgrading the prosecutors' knowledge and also the charges. So when issues or evidence are presented in a court of law, they would understand better how these evidences have been apprehended and how it has been contacted these crimes. And one thing that we have also noticed, that with Cybercrime, you don't have to be residence in the country to commit the crime. So you could be anywhere. You could be in America. You could be in Brazil or Africa and commit a crime to Doma. So there are different aspects in regards to the law. There needs to be addressed. When you find some new evidence that there's been a crime committed in your country. So those issues, that's why we are trying to assist, that's why we're interested in the Budapest Convention because of these international laws that we need to address because it's very important to us because ever since that we connected to the fiberoptics, we enable our citizens and also other citizens from the rest of the world to play in the activities in our countries in regards to the cyber. And I think we have come so far to create this cyber law in Doma, and I think in my opinion that it is a good thing that we need to evolve, we need to upgrade our laws to match what has been introduced to the country. As you know, technology evolves really quickly. And we need to move forward together with technology. We need to understand how this technology can become a problem to our citizens. One thing that we also is that the law also point out is how to preserve the data that has some evidence. There are right now there's no law that you can preserve any data, but on a in you law there is a provision that you can preserve the data or you can seize the data from the -- for those who are committing the crime, and with the relationship to other laws, we also need to pine in to some kind of agreement of mutual assistance, agreement or bilateral so that we can also request for evidence from foreign countries. It's very important that those evidence can also be recognized in our jurisdictions, as well. And I believe that that's enough for me for now. And maybe later on we can elaborate some more. >> DR. WALID AL-SAQAF: Thank you, Mr. Andrew. I'd like to summarize basically what I heard so far. Basically that cyber criminal activities have a lot of commonalities. And the way you provide for, let's say, collect evidence and gather it and make it, say, bulletproof in the court of law is that you have to follow certain procedures, certain regulations. And this has to be enforced by cyber laws so that it can be considered by the court. So that is perhaps the gist of what you are referring to. The other point you noted was the fact that cyber laws can be committed cross- border, the transnational. And that reflects on the -- that's because of the way technology operates. And then you referred to the cyber law in the context of more broader than sovereign cyber laws is that you have agreements and cooperations between srts, among srts around the world and governments coming together and seeing what Bess at proches to tackle cyber law in a more global aspect. If that's what I understood. So now you can see actually you have a split of opinions, which is healthy for a debate. And the motion that was provided by sum on was against cyber law altogether and keeping it within the traditional laws that we already have in place. The second opinion is that we have to establish cyber law and we have to work on and adapt them and improve them as we can as technology improves. Now we have a bit of a test of the remote participation to see if we can get the other speakers who have opted to speak connected. So if Mr. Bab you ram Aryal can perhaps let us know if he can begin to speak directly to the microphone, we can open up if he's muted. And he is actually the President for digital equality and very outspoken person with the ICT community in Nepal in Katmandu. And he's been very active in areas surrounding access to technology and access to the Internet. He is also very active within the Internet Society through the Nepal chapter. Do we have success in having him connected? If you can hear us, if you can speak? >> BABU RAM ARYAL: Can you hear me? >> DR. WALID AL-SAQAF: Yes. Can we raise the volume a little bit? >> BABU RAM ARYAL: Can you hear me? >> DR. WALID AL-SAQAF: Yes, we can. Welcome, Babu, the floor is yours. >> BABU RAM ARYAL: Thank you very much, wal idea, and all the colleagues. At the beginning I missed a little bit but I'm following the discussion. Directly on the subject matter, Cybercrime is not a different crime. It is an extension of traditional crime measure. So while drafting or while making new legislation, we need to consider our previous or traditional evidence laws. So there are some [Inaudible] of new kind of [Inaudible] when some technological differences makes some sense of the justice. For example, some telecommunication acts are also there and Cybercrime acts are also there. And some mediums like SMS and telecom service like mobile are also there. They are traditionally governed under the telecommunications act. Now with the development of this Internet platform, the importance of evidence and chain of custody also has become a very different thing. So we need a little bit a new thing or new evidence, law in place. But since we have been discussing about the amendment in government -- Cybercrime laws, we have been observing many changes in the technology. But what we have made a consensus is that if we make any law specific to any technology, then technology may change in frequent manner. But changing law is very difficult. So while drafting any legislation, we need to go into the principle rather than about the mediums. So there are a little bit different mediums, but we need to focus on the principle rather than the technology alone. >> DR. WALID AL-SAQAF: Thank you, Babu, for your reflections on this important matter. What I understand is that you're not totally against cyber law nch it's just that you are very much aware of the difficulty in keeping it up-to-date with the various forms of technologies. And you have some sort of skepticism not to the extent of abandoning it but being very careful in ensuring that the laws do reflect the way that technology is deployed and used. If that is what you have reflected, then we have a good balance of opinions. One for cyber laws by Andrew, the other by Sumon against cyber law. And the third is nor in between, that there should be but there have to be a lot of measures and guarantees that evidence is there. So let me now allow the audience to chime in with their comments and opinions and feedback on this important topic. If you'd like to introduce yourself and begin to speak within a minute or two, please. >> Hi, I'm andy Smith, I'm here with the British computer society. I've been working with the Internet Society for about 30 years. I think laws should be written in such a way that they don't need to keep being changed and updated. And that is one of the really big problems with cyber law. And you've been talking about cyber law rather twhan digital evidence. Now in the UK, we've got a couple of British standards. We've got BSI 008 which is about collection of digital evidence. We now have British standard 10,08 which is a standard around collection and presentation of evidence -- 10,008. I think you should be concentrating on generating international standards around collection and preservation of evidence and actually get people to understand how to do it properly, especially when it comes to having immutable evidence, evidence that is hard to challenge in court. Because one of the biggest problems you see with criminal cases is the evidence can be challenged and people can basically show it's not pen collected properly or the time stamps are wrong or someone could have changed the audit logs. So it's really important that organizations, Internet Service Providers put the time and effort in to make sure that the information that's collected is of evidencetial quality. And you can also trace every action to an accountable individual if it is necessary to do so. That will also stop a lot of people ending up in court when they actually had nothing to do with it. So I think there is really a need to concentrate on standards, especially international standards, and move away from trying to put everything into law when technology and the whole Internet changes so quickly. >> DR. WALID AL-SAQAF: Thank you for your important comment. It may add to the notion that cyber law is not necessary perhaps if that is -- you're not absolutist in that but you do not favor it. >> We've had cyber law. I mean, we've had it since 1991. And the laws keep getting updated and bits keep getting added. But technology's changing way too fast for policymakers and legislators to keep up. So you're always going to -- if you try and put too much in the law and too much detail, you are going to end up with ways around it and you're basically going to give the defendant loopholes to I don't. It's of better -- to use. It's much better to concentrate on having good strong laws. And I do agree that the laws should be equal whether it's in the physical world, real world, or cyber world. And then concentrate on getting actually the evidence to prosecute properly. >> DR. WALID AL-SAQAF: Thank you very much. We have another comment from the audience here. >> Thank you, Alexander Siegel from Council of Europe and I particularly thank the representative from Domais for his presentation. When you talk about law, we have to substantiate between the part, what did you fine as what conduct you define as crime and the procedural law. And I have a question to the first speaker. How would you address a denial of service attack through traditional law? Keeping in mind 16 years after the "I love you" bug attack from the Philippines where the spreading of that bug, of the virus was not a crime in the Philippines. And the student who caused hundreds of millions of dollars of damage around the world went free because it was not a crime. So keep that in mind. The procedural law is another story. Keep in mind again that when government searches computers, collects evidence, this is a strong interference with the rights of individuals. And this interference is only possible if it is clearly defined and prescribed by law. Again, you have to go back to the law and define it very clearly. It's a fundamental principle of the Rule of law. We have here again the dilemma that traditional law is difficult to apply by analogy. You may have traditional law for searching of a house. You give it to the judge to search the house, all the safeguards that are there. Searching a computer system is is a completely different story. And in particular as the representative of Tonga said then you come to the conclusion of evidence, yeah you may enter in this computer but the evidence may be another jurisdiction. You have to regulate it in one way or the other. And that's why happy that Tonga is soon a part of the Budapest Convention because we are now going to negotiate solutions of how can we get to this other, how can we regulate, get clear rules of access to evidence in the cloud computing context. But again. The clarification to first speaker, Bangladesh, you had an interesting case, bank robbery via Internet. How would you resolve this if it's not addressed in substantive criminal law? Just one more comment to the intervention by the representatives of the UK there, yeah, you cannot change -- changing criminal law is very complicated. Very difficult. You may be able once every three, four years to go to parliament with that. You cannot go every three months. There has been a new technique, a new type of Cybercrime comes up. When you look at the conduct in the Budapest Convention, the 9 offenses defined in the Budapest Convention, that covers in combinations almost everything you still need today. The parties to the Convention every now and then issue guidance notes saying how can you apply the Budapest Convention to address denial of service attacks, bought necessities, crucial -- identity theft, terrorism, knowledge offenses that are not defined in the laws itself but you can use combination o of offenses. So we have to be technology-neutral so we don't have to change it; but when it comes to the procedural law, you have to keep it up-to-date all the time otherwise you don't meet the basic Rule of law principle. >> DR. WALID AL-SAQAF: Thank you for your important comment. I'd like to ask if we have one more comment and then come back to the panel for another round. >> Hello. My name is Victor Benavides from the Dominican Republic. Here we are talking about Internet Governance. And here is about the cyber evidence and penal law. And I have a question. Do you think that strict cyber law in many countries to regulate the crime, the crime, can affect the governance of Internet because the government regulate the crime alone. They don't ask to civil society, to the multistakeholder who participate in Internet Governance. Do you think that this strict every e lance can affect the governance of Internet? >> DR. WALID AL-SAQAF: Thank you. We'll have first the response and take another round of discussions. And also if there are any remote participants raising your hands, you can also keep us informed. So a few comments from the panel. >> Yeah, thank you. The questions how we could handle digital attack without law. To me, digital attack means I'm doing a service. And somebody interrupted somehow and I have been stopped from doing the service. Delivering packets or whatever it is. But again same thing that could happen in physical world. I am providing service. Put garbage in front of my shop and cannot open my shop. This is criminal an offense. I think normal law can handle this kind of situation provided we have to reform the evidence that I have attack in the civil world, sending this type of packet. And court should see that it actually stopped my service. So that kind of I'm talking about. We don't have to have type of law in digital world that it happen in cyber world. I don't think we need to have any para leal law for handling that. Rather we need to accept new kind of evidence in the cyber world that can be produce today the court. That is my one point. And secondly getting that cross-border effort like mentioned the bank robbery happened in Bangladesh from other countries, mostly money went to Philippines. And before going on, how to resolve that. Again, Bangladesh we have a cyber law. And for this kind of crime. But it cannot be applied in Philippines from what the crime is for. We need kind of collaboration on that. And globally I really like the point by the gentleman who interrupted first that we have international standards about criminal evidence so that all the court would recognize clearly in all the countries. That is the most significant thing in terms of handling Cybercrime. The law handling Internet Governance. But in my point of view yes in some cases it is true actually because some harsh civil law may -- cyber law may create issue on free expression and many other laws like maybe if you look at Cybercrime law in different countries, you will find valid questions on that actually hampering that governance. That's my personal point of view. Thank you. >> DR. WALID AL-SAQAF: Since your name was referenced, Andrew, before, we'd like to comment on the discussion? >> Andrew: Thank you. I'd just like to point out like to the gentleman from UK, you have pointed out believe there shouldn't be any additional. What we are trying to stop this in Doma is to establish one. You have mentioned that in the UK you already have a cyber law. We do believe that we should have a cyber law and then like me like the comment before, we stop this and then we can amend it as it needed. As we going through the exercise of developing our law, we have identified so many shortfalls in the procedural powers in apprehending that evidence. And so we added some more class to develop a more stable law that can assist in the court of law. I still think it's very important for us to look at even though the technology was really fast, we also need to identify a baseline where we can work on just like the mention from the Council of Europe. They have developed a baseline that has been there for a while. And it's been not applied. It covers most of the cases that need to be addressed. And we also don't believe that but he wanted to develop the baseline and he can always refer to. In regards to that question from that gentleman relating to other organizations, it's also from the interest of our government and also and is probably true from other governments that the reference to other organizations just like Council of Europe. We also when we develop our cyber law, we also learn from other countries like Sri Lanka. Those similar environments that we establish a good relationship with them and also learn from them on how they prosecute their Cybercrime. And we also added some values to our law based on their perspectives. And I think at the end of the day, we really need to have something on the baseline. So later on we can add on. We can add on like it's been mentioned. It's not easy to change the law every three months. But if you have something solid on the baseline, you can always relate to add on new to the law to what make it more appealing or focused on how to prosecute the criminals. As the criminals are getting smarter every day, they find new ways of intruding to your personal properties or personal life, we need to address those. And I think some of the -- cannot really define how to prosecute those who are committing law via cyber. And I think by looking at different ways of amending those laws, it will also help them in the court of law. Wham wal thank you, Andrew. Before going to another round of comments. I want to check if Babu has additional intervention as panelist. Babu would like to respond to comments? >> BABU RAM ARYAL: Yes, Walid, I'd like to make a couple comments. As I already mentioned, we need to focus on more principle rather than technology or any medium. But this electronic mediums are electronic evidence that they are more vulnerable for compromise. So we need to have certain level of legislative practice on this area, how to protect this kind of evidence rather than judging about the -- based on the content. So if -- in courts they have interpreted traditional evidence based on the principle of evidence or impact of that thing to any crime. So we need to that to level of legislative part. One is evidence in the law practice. There are certain substantive things and certain -- thing. So first outstanding thing if the traditional Rule of best evidence law/principle and for procedural law, maintaining the evidence, we can have more developed, new -- evidence. Thank you. >> DR. WALID AL-SAQAF: Thank you, Babushings. We will now move to another round of comments. I realise there are several who would like to comment. The lady? Also any remote participations. Also remote participant, please. >> Just a comment from June Tessi, IGF ISOC fellow. So her comment says as a counsel they we are also reviewing our Cybercrime law. And I agree that there is a need for review and constant update. I think we need both reform and new laws. The traditional law did not foresee certain current trends just as Mr. Alexander from the EU council said. And there is a need to provide it in law in order to affect prosecution. >> DR. WALID AL-SAQAF: Thank you for that comment, Jun. Yes, please? >> My name is Lawrence. I'm IGF Fellow. I have a question. How does the government handle the Rule of encryption when collecting cyber or digital evidence? And how can the technical community come to sort of aid in this? >> DR. WALID AL-SAQAF: We'll take another couple comments before we go back. Yes, please. >> Good morning. Thank you for your presentations. My name is Patricia Vargas. I'm a PhD candidate Vera cruise university. Kind of followup what the representative of the Council of Europe mentioned. Initial between substantial and procedural law there is a distinction between local and international law. Academics call the cyberspace a perplexity for the international law because there's no recognition of the traditional borders of the nation states. So with the nation states come the issue of jurisdiction, the jurisdiction in what a crime is state B may not be a crime in nation of state C. There are also differences in encryption policies. For instance, so in the Budapest Convention itself helps because it gives some kind of framework for the members of how to address these issues. But when you talk about collaboration -- because we may have multiple nation states involved in a crime. What would be the main elements for this potential collaboration? Because we are talking about different legal systems, different legal cultures, different ways of searching, et cetera, et cetera. Thank you. >> DR. WALID AL-SAQAF: Thank you. Were there any other comments at the back? And then we can come to you. And then there's also one remote participant. >> So I'll just give you a quick example of where I'm coming from with this. I bring you or bring in something slander comments. You want to take me to court to slander. Do you use a different law if I running you using GSM or Skype from the same phone? And more importantly, can you prove it was me? That's what it really comes down to. >> DR. WALID AL-SAQAF: Very strong point, yes, indeed. >> Luis, BCS-- for IT. I think one of the important differences that hasn't been raised yet between some Cybercrime and some "conventional crime" if I can call it that. Is the question of scale. If we take the example of DDOS versus putting garbage outside a single person's shop, both of them prevent people going about their lawful business, which is probably illegal in the country and cross-border, let's just stay in one country. I think the difference that perhaps needs to be considered -- and I'd like the panel's opinion on -- is: Should the -- is the thing that needs to be changed not the underlying law but the range of things that you can do to -- if you find the person who's done it -- to stop them because one affects many more people and is perhaps more serious. And maybe your law before said you could only fine a person loss of one day's service for one person; whereas it should be a of bigger fine or maybe -- much bigger fine or perhaps a civil sentence, it should go from civil to criminal law because of the scale of what you can do in so the cyber world. So I'd just like your view on that. >> DR. WALID AL-SAQAF: Thank you. There is a remote participant who wanted to add a comment. >> Jun: Yes there is followup comment from the earlier remote participant June. She says the problem we have seen with blanket alteration of the traditional criminal legislation, at least in Kenya, is that there's created loopholes in wide interpretation and excessive abuse of power by our state agencies. There's therefore a need for specialised Cybercrime law. >> DR. WALID AL-SAQAF: Thank you, June. Yes, please. >> This is Mohid from Internet Society chapter. First of all, many thanks for your presentation. I think it's important that we have this sense of diversity in the Forum where people debate about: Is cyber law really required to properly cope with the challenges we are facing in the current world? My question to the panel is about two things. One is about cyber disarm amount because there has been increased talks about cyber disarmament because all the nation states have been affected. And there are some things which are in the challenge of jurisdiction. So this has been talks in the Forum of Budapest Convention and otherwise also about cyber disarmament. So is cyber disarmament somewhere related to cyber law? That's one of my questions. Andy forgot the second one. Thank you. >> DR. WALID AL-SAQAF: That's more time. If it's a pressing comment? Yes? Go ahead. >> Everything is pressing, no? [Laughter] Just to this last one because refers to Budapest Convention. Budapest Convention is not a treaty about the states, state to state Phil Terry criminal, it is a criminal law treaty only. Of course it can help if you can deal with interstate relations if you can deal with it as a criminal justice matter rather than putting it to national security measure. But something to keep in mind about the issue of electronic evidence. Most of the offenses investigated these days by criminal justice authorities have an element of electronic evidence without it being Cybercrime. Kidnapping, terrorists communicating with each other, extortion, whatever. Element of electronic evidence. You have to keep in mind probably 99 percent of cases that I investigated -- are not Cybercrime but are traditional crime. We have to keep that in mind. We also have to keep in mind that all charges, all prosecutors, all law enforcement would rather sooner or later come across electronic evidence. Large that touches criminal charges altogether. I agree with the first speaker in some ways; namely, that it is a mistake if you put every new technique that cyber criminals use into the criminal law. It's impossible. Don't put a substantive law in place that talks about phishing or pharming or bot attacks. I've seen some of the laws I mention in countries because we get lots of draft laws to review from around the world that you have for one offense, in the Budapest Convention takes about 3 or 4 lines which some countries have implemented that it works, that in some countries you have 25 different paragraphs on the same offense of criminal access to this, criminal with the intent to do that, criminal against government computers so on and so on. That's a mistake. DDOS attacks can be covered by system interference as it is defined in the Buddha test Convention, it is five lines. So you don't need to update the laws every three weeks if a new technique comes up have keep it neutral. Keep it simple. Use the Budapest Convention. >> DR. WALID AL-SAQAF: Thank you. I may want to abuse my role as the moderator and pose my open enrollment question before anyone else does. Is that have you not felt that some governments, it's not a blanket assumption, some governments have abused cyber law to prosecute bloggers, prosecute journalists and prosecutes several civil society activists on the basis of the committing a crime? And in fact they may use the scale aspect and say they've done of bigger damage to national security than other regular crimes? So keeping that in mind, isn't that the case in some countries? And how can one deal with it? >> Absolutely. I was on a panel in I think it was the Nairobi IGF. And we discussed after the panel I discuss Wednesday the person next to me. It was a blogger from a Middle East country, he said "I was blogging critical to the government. Under the criminal law, the government couldn't do anything against me. But then the same day they declared me a threat to national security and that's how I ended up in prison and being tortured." So let's keep it in mind. We need criminal law. We need to have it clearly defined with all the safeguards in it. We have to bring as of as possible within the realm of criminal law and not give governments the possibility to work in a different arena, the national security arena where all these protections don't apply. >> DR. WALID AL-SAQAF: Do you have something quick? Very quickly, please. >> I wanted to add. I just remember what I wanted to ask. So I wanted to ask about is concealing any potential Cybercrime by one nation state is also a crime in another? So, for example, if you want to take an example of heartbeat where NSA was knowing about these vulnerabilities which can be potentially used to attack some other nation state, so is concealment of those kind of activities also be considered as Cybercrime in the law? >> DR. WALID AL-SAQAF: Good. So many questions and different ways of looking at it. But perhaps I can start the other way around, with Andrew, perhaps. There were several provocative questions including ones about how to use Skype or GSM device and how we differentiate? Do you have any responses to those questions? >> Andrew: Thank you. I'll just try to remember all the questions. But let's start with this question. I think it's very important that we have some kind of mutual understanding or bilateral understanding with other countries. In regards to Skype, you all know Skype is hosted somewhere else, possibly in the United States. We have similar cases in Doma where people do defamation through Facebook. And the police, they report it to the police. The way they have to do it is to ask Facebook to bring down the account. Because of Facebook, they have also have policies in place for privacy. So you can't ask them who it is unless you go through the legal process in the United States where you and launch to -- what happened is a threat to national security? Or committing crime in your country? There is a way of going through it, mutual legal assistance where you can launch a complaint through the Department of Justice in America and they launch a court order. So in that way, you can bring down and identify if that evidence is sufficient enough. And I think it applies to something of that degree of what you just said. If you talk on Skype and it's proven that it's some terrorist nature, to our country, we can make that arrangement to identify the person. That's the beauty of interconnecting with other jurisdictions in regards to this. And that's reflected in our new cyber law also that we need to address those things. With the encryption data. As you may know, we're starting our cert(? Srt?) when there's encryption data coming through and there needs to be decrypt, is that what the question is all about? The question was? >> When collecting cyber evidence, the aspect of inscription, there is already encryption, how does it play? Or what's the effect of encrypted data in relation to evidence collection? >> Andrew: Okay. There are different ways that addressed those issues. And I think there are mechanisms that they can decrypt data and also store those. Encryption data is also -- there's procedures that need to be followed. In order for that data to be presented as evidence in court. Because if you are to tempt, to try to decrypt any encryption data in some ways that it will alter the data, it won't be recognized in the court of law. So there are certain ways and procedures that need to be accounted for. And follow through in order for you to deal with that kind of data. >> DR. WALID AL-SAQAF: Now to Sumad, you had the bulk of the questions. >> SUMON AHMED SABIR: After the discussion of all the audience here, I think the question already answered have and we have a very clear view about that. Again, even so, first my apology, I'm not lawyer, actually. I'm not expert in legal. I'm more of technological person, technology. Sometimes came to us and we need to handle this in that regard, discussions came to my mind that while we are -- law rather we need to empower, we need to ensure Hans the ability of our law enforcement agencies or legal systems so that we can measure, we can address the Cybercrime evidences. We need to measure on the degree of the crime, the impact on the people. If it is single individual or it is impacting a large community. So other crimes or in physical world, that needs to be measured based on the evidence. It is important how correctly, how effectively we can guide the evidence and the Code and the court give justice more. That is more important than creating new laws, thats my point of view, actually. Apart from that I think. >> DR. WALID AL-SAQAF: You had questions about the effect that perhaps 99 percent of cyber criminal laws are actual real laws, any. Yeah,. >> SUMON AHMED SABIR: Yeah, maybe, using the Internet or technology. But it is essentially something, some criminal law real world, actually. So the same law can actually apply. That's what I believe. And I believe that's very doable. Another point you mention, Skype call or GSM call. It may happen that I come to you and tell you that we need to do this crime together. Or I can use eye use pigeon to send a letter to you. Doesn't matter what kind of crime we have done through that. If it is that, important thing that government should need to identify that it is me or we have done this crime. So that is more important than creating laws for different technology for different method. Maybe new technology come in the future. So we need to focus on the laws, rather than focus on how things happen. Actual fact. Actual evidences and that should be created equally. And discuss the international boundary actually that I don't have answer how to do that properly, but I think we altogether work to that, that if criminal actual happen cross-border, maybe different countries involved in that, how we can work together, some ongoing problem and discuss you all are having. I think we need to work on it together. I don't have anything else to that. Thank you. >> DR. WALID AL-SAQAF: Maybe if I could reflect on the last point. There are laws that actually deal, real laws that deal with cross-border issues, for example, smuggling, you have money laundering, you have aspects regarding global economy. So there are ways to deal with it. But again to come back to the point of the baseline. There cannot be a way to ensure that every single crime in the format on type needs a separate law. I mean that's ludicrous. No one here argues for this. But perhaps you have to have some kind of disagreement, some kind of agreement that there are certain things that can be put into a cyber law and then there's still the view that even that is not necessary. Let us take Babu, and then come back for last round of comments. >> BABU RAM ARYAL: Thank you. I have a couple of examples of issues of this platform or this kind of law, cyber laws you just mentioned before. In any Pál, there are recording of Supreme Court hearing and the municipal court charge that person -- Cybercrime case, which is absolutely different regarding -- posting is not Cybercrime. And that was taken by the court though he won the case but it was absolutely -- posting in that kind of case. Another case was Nepal police published one their good attempt of defending law and order. But one comment by the citizen was that and they didn't do this without any bribe. So police charged that person based on cyber terrorism. So there are issues that apart from and this in aggregate is more severe than traditional platform. If it is definition under our traditional law, punishment is just like -- but in this cyberspace, it goes up to five years. So based on the technology, we should -- we should not treat differently. You just mention that there are certain laws, certain crimes which are in traditional format. For example, binding recovery we covered earlier this discussion, there are certain kind of tools, krobbers or criminals are using to transfer money in the bank but actually that is transfer of money which is also a crime in traditional law. So we need to balance these kind of things. This is my perception. We need to balance offline and traditional evidence. >> DR. WALID AL-SAQAF: Thank you, Babufrom holding the stick from the middle, I guess. Let's move on to the last round of comments because we are about to finalise. >> I want you to keep in mind because reference was made to the international nature of the crimes or of the evidence. Create difficulties getting international cooperation by another country if the dual criminals done that is not met. Which means if you don't have something -- if there is a denial of service attack against Bangladesh and your offense comes from Tonga, but Tonga says that type of interference is not a crime, they would not cooperate with Bangladesh because criminality is not met. And pornography issues, not talking about child pornography, pornography is a crime in some countries but not others. It is difficult for Europe to get cooperation from United States with hate speech and xenophobia and that kind of thing. So you need something in your domestic law to obtain cooperation from other country. And again the type of conduct that is in the Budapest Convention, that's internationally agreed. If you put it into law, you get cooperation. If you don't put it in law you don't get cooperation from another country. On the issue of the severity of penalties, sometimes it's more severe in cyber environment than not, indeed it has often to do with the impact it has. I think the garbage in front of the shop is a very good example to that. There are only a few crimes in the Budapest Convention which are crimes committed by means of computers. Like the nature of child pornography has changed in the online environment. The impacts, the negative impact has changed a lot in the online environment compared to real life when you had to send some around by posts and now you spread ity by Internet. Similarly the type of fraud have changed a lot. There are a lot of fraud that you don't have in real life. In real life you have to deceive the mind of a person to be fraudulent. Now to deceive the computer, the man in the middle attack, in some countries that would not be a crime. In Germany it was not a crime until they ratified the Budapest Convention. Now two-thirds of the crimes in Germanry crimes because of the Budapest Convention, it was not a crime before. And so forth. You have to keep that in mind, as well. >> DR. WALID AL-SAQAF: Thank you. Anymore comments? Remote participants? >> Again, comment from June. I think it goes back quite far back. So what the Chair said earlier, please refer back to comments several times ago, has actually been seen in Kenya, in other words, abuse of law on Cybercrime. The effect of that, however, upon chal enbefore the court was that the law was declared unconstitutional. So that was her comment. >> DR. WALID AL-SAQAF: Good. So now we approached the last 10 minutes of the workshop. And perhaps I'd give the panelists a few minutes each to round up their comments and bring in the strongest points to persuade whoever is not yet persuaded. And then finally I'll just give a very short summary and conclude. >> Thank you, Walid. I agree with the comment made last example. I just forgot, actually. >> DR. WALID AL-SAQAF: Of the laws having to be there? National? >> Right. And the Budapest Convention is actually important that all the countries should agree. It is not debating that creating laws are different kind of situation we're debating, but practically we need to solve the problem actually that Cybercrime is a real issue and crime coming to the Internet being used. Even we got report of this kind of complaint to police and say that my -- is lost. He bought it paying money physical loss and that has been snatched by somebody and told police to get that. So that is also happening. So we're living in both physical world and cyber world. So things are getting more and more difficult to divide us. So we need to act sensibly and effectively so that in future we can get a safer and better Internet. For that we need to all work together. And I really want to thanks all the different comments for supporting me. But all very important. Then again come to decision. >> DR. WALID AL-SAQAF: That's sportsmanship we like. Thank you. Andrew? >> Andrew: First of all, I would like to thank you for all the comments made. And thank you for your contributions, especially for the Council of Europe, for the kind of enlightenment in a lot of issues that we have discussed today. From the government point of view, especially from my government, the bottom line is that it is the best interest of any government, including Doma, that the issue of safety of our citizens is the most important thing. And that's why we looking to different laws including the cybersecurity law because as I was mentioning before, we just knew -- the case with the fiberoptics to Tofga. And there's a big form in the using of technology. According to our system right now, there's not many cases reported. But in our assessment, there's been cases happening in Tonga. But the problem is they're not aware of what's going on. And they never get it reported or recorded because they didn't really know that what's going on. It's something can be classified as a crime. Putting up the new law, it really defined what considered as defined and what is considered as crime and also have some more definition to it. And it really helps our prosecutors, our judges to really understand activities going on throughout cyberspace. And I would like to recognize the an assistant from Council of Europe in that regards because they have contributed a lot in developing the laws for Tonga in regards to Cybercrime. And we have come across a lot of issues that we have now recognized that needs to be addressed, probably. And also looking into the future, we'll hope that we will create something that will better serve our citizens as well not only for our country only but also provide any mutual assistance to any other countries that we can interact with through the Budapest Convention. Thank you. >> DR. WALID AL-SAQAF: Thank you, and drew. And perhaps the last word by analyst Babu would like to say something. >> BABU RAM ARYAL: Thank you, Walid. Major thing in this evidence lesson is that we need to recognize the format of the medium of -- in many -- traditionally they require, for example, document is the only document which is in paper. So now we have the documents in electronic or digital form. So we need to recognize the evidence or content rather than interpreting totally differently. We need to emphasize the impact of any act or any tools rather than -- And second part I'd like to say that cooperation, national international is different thing when talking about the evidence. Evidence is basically a fact. Rather than interpretation. Many laws whether it is crime or not is interpretation. But evidence is a fact. So evidence are basically it's universal. Need to recognize universal these things. And then only you can prosecutor we can have better Cybercrimelessness. Thank you. >> DR. WALID AL-SAQAF: Thank you, Babu. So let me try to take the hard task of summarizing what we've been through. It looks like there is more or less, I am sorry to say, Sumon, majority were calling for keeping cyber law and having it there. However, there was also agreement with you on the need to not take things to the extremes, to the details, to the level that makes cyber law not possible to implement. It is one thing to ensure that there is something, some baseline, some commonalities, common ground that everyone can agree with, which would foster international collaboration and fighting Cybercrime. But on the other hand, some countries as earlier mentioned may take it to the extreme either too the ecosystem inicly by elaborating on things, maybing laws very difficult to make laws to continue to evolve and sometimes to sue protocol east citizens to suppress dissent. And in some cases cause more harm than good. But if you think of in in terms of the benefit of society at large, the benefit of citizens, keeping them safer, then having some sort of guidance there that's uniform, that's standard, that's based on digital evidence, good practices is very useful and it can be elaborated more and clarified in ways that help society at large. The points that have been raised on various subjects from the different tools used to collect evidence, the technicalities, procedural things, these are lower in some -- they're not laws, per se. So they need to be taken into account. However, there's something that I felt was a bit missing in this discussion, which was the competence of the ones, law enforcements and evidence collectors and judiciary systems and injuries and everyone, competence understanding what is going on in the Internet, cyber evidence, what are we dealing with? This has been mentioned in different workshops, in different events. And that's why there were capacity building programmes for individuals from lawyers, to judges, to civil servants, to police forces to understand how the Internet is shaping our world and making us a need for these come pep tenses and abilities. And so it's very complex workshop and the topic is complex. The ideas that have been floating around are very much ingrained bodes as citizens and governments and law enforcement units as well as technologists and lawyers. But on the other hand, it's still promising that we have a way to debate this openly, fairly in a sense of sportsmanship and spirit of understanding that we can disagree but eventually it's the interests of the end user that matters. So we are two minutes earlier than our time. Thank you for coming here. I'd like to give a special round of applause for the panelists. [CHEERS AND APPLAUSE] And for you. And for the remote moderator, thank you very much for helping us. And we hope you enjoy the rest of the day. Thank you. (end of session) 10:45-12:15. WS208: Ip cluInclusive responses to intentional Internet disruptions. >> Can you hear me? Hello, everyone. We'll start in about two minutes. >> MODERATORHello, everyone. Thanks for joining us this morning. So this is in case you're in the wrong spotted, this is a panel, a work shot about intentional disruptions to the Internet. And it's a workshop format. So we'll begin with quick remarks from the plenary from our panelists here and we'll break up into two workshops. After that we'll reconvene and talk about the lessons we've learned. So we've been access now, the organisation I work for, we've recorded more than 50 intentional disruptions to the Internet by governments around the world. We expect -- we actually believe that the number is far higher than that. That's an extremely conservative estimate. And we've seen that Human Rights violations and Internet shutdowns go hand-in-hand, meaning that when governments order and disrupt the Internet, which can include social media applications, people live in -- are shrouded in darkness, they're unable to communicate with their friends, they can't talk to family, emergency services are disrupted, and as you'll hear there's also aer economic impact -- severe economic impact. Several of the panelists here we're very lucky to have people from various stakeholders, we have people from government, from countries, from civil society, we have people in the room who have been directly impacted by Internet shutdowns. So we hope that that will make for fertile conversation during our workshops. Just want to start out by explaining a few great things that have happened this year. One is there was a human lights council resolution that unequivocally condemned Internet shutdowns. We had a straight statement by the global initiative that you'll hear from shortly. And there was an important statement by the GSm. association. We've also had progress in other areas. At Access Now, we are involved and spearhead the Keep It On campaign which has 150 organizations from many countries, many impacted by shutdowns. And this year we've also joined with creative partnership with the partner called lush, a cosmetics company to raise awareness about shutdowns. And we launched a campaign with a very special bath product that launched in 40 countries, six languages and nearly 1,000 stores around the world to tell people about Internet shutdowns. We also invited people to take action to show that this is a practice that needs to stop. And you're looking at it right here. This is the action. This is a thousand pages of signatures of people who are committed around the world to keeping the Internet on. So we're going to deliver this message later today. So I'll turn now to -- and after this, after we have these brief introductory remarks, we'll have another discussion. So we'll open it up for questions before going to the breakout group just in case you have any burning questions. So we'll turn now to Judith Lichtenberg from the global initiative to talk about their societies. >> It's great to talk about your coordinated efforts with lush. My New Year's Eve bought the bath bombs. I didn't know what it was until they happy to know they are like it. And I am happy to give it to them and relate it to network shutdowns. The network shutdowns have been named as one of the issues. We have been concerned with government shutdowns already for a long time since the complete shutdown of the Internet in Egypt in 2011. But what was then almost an unprecedented step has now become ultra frequent. We know that national laws allow governments to take control of communications during a national emergency. And we also acknowledge that the protection of national security and public safety are legitimate government concerns, but having said that, network shutdowns and disruptions are very drastic measures. And they often risk to be disproportionate in their impact. So they cannot only have serious consequences for the Freedom of Expression but also for a whole range of other economic and social rights and economic development. And DJ gave already a couple of examples of about. The good news is that awareness has grown. Diverse voices have spokep up against network shutdowns. But I think an important question now is what are the next steps to prevent and mitigate network shutdowns? It's a question for all of us. And in any case, it is a problem that cannot be solved by companies, governments or civil society alone; it really requires a sustained multistakeholder collaboration. And I want to conclude with two comments. First of all, we believe that it is critical that all stakeholders, including governments, are not seeing network shutdowns only through security lens but also through a Human Rights and economic development lens. And that requires education of and also engagement with governments and their agencies. And, secondly, in terms of engagement, it's very good to keep in mind that the window for engagement is before network shutdowns are issued. Telecommunication companies operating on the ground in challenging jurisdictions and in the middle of a crisis will have very limited options to respond at the moment their local staff is confronted with a government order. So this discussion is very timely indeed, and we look forward to the results of the beakout sessions. Thank you. And I now give the floor to Dgigi. My name is Gigial ferd. I work at the United States Department of State at the bureau of democracy Human Rights and labour. Thank you for the remarks before. I think this is obviously very important panel and great panelists to talk about this. . As many of you know, the United States has been speaking out increasingly about our concerns and taking steps to condemn measures by state actors to intentionally prevent or disrupt access to or dissemination of information online in violation of international Human Rights law. So essentially this is what government- backed disruption of mobile and Internet networks does. This is something is articulated in the U.S. strategy for cyberspace that was issued in 2011, which speaks in support of an Internet that's global, open, secure and reliable. And living in fear that the Internet will be shut down or that mobile services will be blocked disrupts that trust in the Internet. So I think I've been asked to speak specifically, along with a colleague here, about the increasing trend of disruptions of Internet mobile services around elections. And this is, I think, one sort of case study that needs to be analyzed because it locks at the motivations of governments behind doing this. And so when we speak about the economic argument for keeping the Internet on when we talk about the Human Rights argument for keeping it on, analyzing how to work with governments ahead of potentially planned shutdown along these issues requires a little bit of getting into the psychology of wanting to stay in power, wanting to make sure an election is peaceful because these are concerns that we know are often behind some of these sensitive times. And so something that just can't be treated in the abstract. It's important to understand these tendencies. Elections and protests are times that we've seen it. We know that this violates international Human Rights obligations and can run counter to Human Rights commitments. So reminding governments of those commitments is definitely a first step. Making sure that they understand that these types of restrictions are not provided for by law, and that they're not the least restrictive measure for achieving what in some cases might be legitimate government interests such as the protection of national security. So making sure that you're coming to the table with alternative viewpoints of what can be done to try to address these times of transition and political sensitivity because unless there are other options on the table, that extreme measure tends to be what governments will go to. So to give a little sense of where the U.S. has been engaging on these issues over the past six months to a year, we were really pleased to join consensus on the Human Rights Council resolution in June of 2016, which unequivocally condemned these intentional measures to disrupt free flow of information. This is also something we're engaging with the Freedom Online Coalition to speak jointly with other governments on these issues. The more and more the trend grows, the more it becomes normalised. That's something that the Human Rights Council resolution statement tried to do, was to push the norm back towards the assumption that once the Internet is turned on in a country, that it will stay on. And making the Human Rights legal case for that and kind of adding to the voices that are making the economic argument, which is important, but kind of this bigger picture. In addition to co-sponsoring that, this was something that in October the Freedom Online Coalition conference spoke to quite frequently. There were panels to discuss this and a decision by all 30 members of the F. O. C. to issue a joint statement speaking on network shutdowns. Now, what will the join statement say in addition to what's already been said in the Human Rights Council resolution? This is something that we're hoping to work closely with private industry, with civil society, with academia to understand what can be said beyond that normative statement, how to take it to a new level of political commitments and operationalization. So there's been support from our assistant secretary for democracy, Human Rights and labour, Tom malinowski. He wrote a blog post speaking to some of the concerns the U.S. has about the trend and calling on governments to make commitments not to engage in these measures. And I'm happy to say that there were examples of good news to report. So at the end of the blog post, our secretary did mention the example of Ghana. And so I'm happy to turn the microphone over to Kenneth Adu Amanfu, who is the deputy director for ICT and the Ghanaian national communications agency to speak a little bit the experience there. Thank you. >> Yes, thank you, Elizabeth. Yes. I think in this era where almost everything that we do -- hello. I'm sure you can hear me now. In this area, almost everything that we do is generally migrating to the Internet. I mean, we cannot afford to have the Internet shutdown. Heat me just speak about the experience in Ghana. A couple of months ago, the police chief issued an order that the Internet was going to -- or the network was going to be shut down during the elections because of incidences that has happened in other countries. And the whole public came up, the media, everybody came up. So the government, the President, they had the option -- not an option, but the President came up to issue a communique that the network was not going to be shut down during the elections. Fortunately for us in Ghana, the President happens to be a former Minister of communications. He also happened to be the first board Chairman of the telecom regulator, so he understands technology and he appreciates it. So he came up and issued a communique just to assure the citizens of Ghana that the network was not going to be shut down during the elections. After that, still the civil society groups that are coming out, people were still not -- even though the President has issued that statement, people were still in a little bit of doubt. But last week, about two weeks ago, we organised our cyber week, which was part of our the U.S. government, security programme that is being implemented and as part of creation, we organised a security week where the whole society was there. And the ministry of communication really assured the general public at the form um that the Internet was not going to be shut down before, during and after. And the Director General or the head of the telecom regulator also did same. Reassured the general public that the Internet was not going to be shut down. Subsequent to that, organised a press Forum with the media to reassure them that, hey tinternet is not going to be shut down during the elections and afterwards. And then we also organised another workshop with the telecom operators and ISB, to also assure them that it wasn't going to be shut down and all that. So fortunately for us, today is election day, and my time is almost going to about 4 o'clock p.m., and the network has not been shut down. So far the elections have been peaceful. [CHEERS AND APPLAUSE] People are going around voting and everything. And it's not been shut down. So I think -- having said that, I think when it comes to Internet shutdown, it is not only about during elections. When we look at the social, I'm sure we break down to those discussions are going to take place, looking about people over the top, the O. T. T. services where by the operators is kind of disincentive to the operators because I work with the regulator. I know also the time that the mobile operators made a proposal, gave a proposal to the regulator that, hey, people are now making all calls using the wassup and it's affecting our revenue because the voice calls are dropping down and our revenue is dropping down. And if that is happening, that means government taxes also dropping down. So it's something that has been proposed, that has been forwarded to the regulator that a discussion is currently going on. So it's not about just the elections but also looking at the social and the economic aspect. But I'm sure that during the breakout, we are going to have a lot of discussions. I don't want to jump to conclusions right now. Thank you. >> ANDY O'CONNELL: I'm andy O'Connell from Facebook. Thank you for organising this. This is obviously an incredibly important issue for a lot of people, standing room only. It's certainly an incredibly important issue for Facebook. I'm not going to repeat any of the condition tent that's been discussed already, but I would agree with everything that's been said. From our perspective this is an incredibly troubling issue. And trend is in the wrong direction. In 2015, we -- it's sometimes hard to access, we will talk about that. We think we were blocked by government 15 times. 2016 it's been more than 40 times. So the trajectory is in the wrong direction. And governments do appear to be getting more sophisticated about blocking the Internet for a number of things including elections. The thing I've been told to focus on is one the economic piece and two the measurement piece. I'll be very brief. I think that echoing Judy's statement about multistakeholderism, there's an important role for the private sector, civil society, academics, governments in establishing mechanisms to monitor and track when blocks happen. It's not -- there is not such a resource right now that's publicly available where it's easy for a large number of people to understand exactly what's going on if realtime. And we think that's an important thing that the multistakeholder community needs to step up up on. And I think that will be an you that we dig into in the workshops. The second piece I'll talk about is the economic piece. Our company's mission is to make the world more open and connected, and it's really anchored in letting people share or connect with friends and family. And so for us, the Human Rights arguments, the social arguments are very persuasive, but we have found that there are certain stakeholders who are much more likely to be persuaded by economic arguments. And so we do think again the multistakeholder community needs the spend more time on that. We've seen good progress on that front this fall. There have been two I think pretty important studies on the consequences of blocking that came out in the last couple months that I'll just mention very briefly, and I suggest all of you take a look at them. The first one is a brookings institution study that came out in October. And the headline of that is essentially that between -- in the year that they looked at, which was part of 2015 and part of 2016, there were 8 is blocks that they tracked globally pursuant to government orders -- 81. And the estimated economic damage was 2.$4 billion. So a huge amount of economic impact. And they were very clear that they were only able to look at pieces of this and that the estimate, the actual impact is probably much higher. The second study is a study that we supported and worked with GNI to release I guess last month, I think. That was a study that was conducted by Deloitte. And, again, I'm not going to get into all the details, but the headline was they structured a number of scenarios for government-ordered blocks. And under the most extreme scenario, a block cost 1.9 percent of global GDP if it's government-initiated. And then there's a lot of other scenarios and they tracked the mechanism by which the economic damage happens. Again, I commend both of those studies to you. And I sort of call on the community and I'm excited that we're going to have the workshop to really dig into these two issues because both on measurements of when blocks happen, when, why, how, and understanding the consequences, the economic and social consequences, there's a lot more work that needs to be done. We've got a decent foundation. But I'm counting on all of us to work together over the next half hour, 45 minutes to figure out what the next stage of that work should be. So thank you. >> NICK DAGOSTINO: Thank you, andy. We're going to open it up to questions. Just want to mention, first of all, those studies are fantastic and really important contribution to this challenge. The other thing is there are three victories within the past week. One of them is that Chad, which had a long term disruption lifted those restrictions. Ethiopia has also lifted many, if not all, of its restrictions on social media. And game be an did shut down the Internet last week, but before the order was supposed to carry out from Thursday election day or the night before election day through Saturday, international pressure, groups, members of Keep It On and various stakeholders really pressured those governments to stop their disruptions. And Gambia, if you look at it, it was a small country of 2 million, I do think that the shutdown brought a lot of attention. Most of the headlines around that election involved -- said something about an Internet shutdown. So our feedback from local partners in Chad Ethiopia and Gambia is that international pressure makes a difference. And it can come from other stakeholders. So these were not just random events. They weren't arbitrary decisions. Your contributions from whatever community you're a part of make a huge difference in protecting lives and economies. So with that, I don't see a place to receive the Web ex questions. So Andreas is from international media support is moderating those and maybe we can coordinate there. But we'd like to open it up to 2 to 3 questions. Then we'll go to the breakout groups. Please let us know which panelist you're addressing. >> I just have a question about the scope of the term international, just see turning off the switch, "the" switch, that connects to all types of, all URLs where obviously Internet shutdown, but is blocking of certain social media sites; is that also considered part of the -- within the scope? I am asking this because the Korean government, through Korean communications standard commission routinely blocks various platform sites, for instance forsale.com, which is a peer to peer file sharing web site that has been blocked, although it has faithfully abided by notice and takedown under DMCA for Copyright violation., I mean for assisting Copyright violation, of course. And also North Korea technology.com, which is a media site that provides information on user of technology North Korea also has been shut down by south Korean government for national security reasons. I don't know why. You know that all north Korean government sites are inaccessible, are inaccessible from within Korea. So access to those sites are also blocked. Is that also within the scope of the term international tolerance? >> NICK DAGOSTINO: I can answer that question. We kicked off the keep it on campaign by creating a definition. I can read it now because there's a transcript. In Internet shutdown is an intentional disruption of Internet or electronic communications rendering them inaccessible or effectively unusable so that takes into account throttling for a specific population or within a location often to exert control over the flow of information. That's a very technical definition. Duration is missing from the definition. Also two-way communications tools, because we think that's an important part of it. So we're looking to refine that definition at our coming conference Access Now's conference called write come. We welcome your input and feel it could be better and more effective. The case examples that you gave, the longer-term per, persistent disruptions to the interin et at the moment wouldn't quite fit the definition. But we can re- examine that together and we invite anyone to participate in that. >> Good morning. Thank you for your presentations. I have a question in terms of scope. So when talking about full shutdowns, I mean the control of the elements of the TCP/IP protocol and stopping the connection between the sender and the receiver, a personal account of mine is that since 2005, there were at least 21 shutdowns. I mean I know for the applications this is a lot higher. But I believe there is a mistake believing that this is a type of policy considered only for -- to silence the political rivals in times of disruption, in times of elections. This is a policy that has been in the eyes of the well-established democracies for a while. Now, they have different reasons for WHO participants they say they do it. The most classical reason is always on the basis of the national security, the attack on the critical infrastructure, or the attack on the vital elements that preserve the nation's data life. Do you have any insights into these? Like I heard sometimes, too, some representatives talking about a cyber Pearl Harbor. They talk about this, but they don't know exactly how they are going to implement it and when they are going to do it. Okay, thank you. >> NICK DAGOSTINO: Sorry, did you say cyber Pearl Harbor? Someone want to speak to this? Well, I can speak to the -- we do know that there are many causes for shutdowns. So the 2 number that you mentioned -- 21 number. Governments are disrupting the Internet for school exams when sixth graders sit down to take exams because they believe they are cheating and sharing answers. University students, there are all kinds of reasons. And the public order around elections, national security they're cited frequently. But we do know that there are several different causes. About the cyber Pearl Harbor, that's something that I think we're going to be exploring. It does seem that disruption by one government of another government's Internet can impact this discussion. But at the moment, that's not the focus of -- we're talking about internal disruptions within state borders rather than cross-border attacks. So I think that's a slightly different discussion but one that will impact this community soon. >> I think one thing we've noticed since 2011 when there was a very high profile Internet shutdown in Egypt that grabbed headlines across the world, that a number of governments are looking for ways to do this in practice without detection. And it looks like that there are a range of attempts to figure out how to achieve the purpose of this disruption without inflaming public outrage and pushback or international pushback. So I think this is something that is important in the definitional conversation. We do need to know what we're talking about when we talk about it so that the conversation can be productive and move forward. But that's why I think it was wise for the Human Rights Council resolution to use the phrase "measures by state actors to intentionally prevent or disrupt access to or dissemination of information online." For that context, that made sense. You're invoking a right and trying to make sure that there is an awareness and application because this same resolution establishes that the same rights that apply offline apply online. And this is clarifying what that means when it comes to access to Internet information online. Likewise, for the cyberspace strategy that I spoke about earlier, the descriptions are that people must have confidence that data will travel to its destination without disruption, assuring the free flow of information, the security and privacy of data, and the integrity of interconnected networks themselves are all essential to American and global economic prosperity, security and the promotion of universal rights. So again this was passed in 2011. And there is an increasing number of tools in the toolbox of controlling information online. If you look at the Freedom on the Net Report for 2016, they document # types of Internet controls -- 9 -- that governments use to censor and control information flows and commerce. One of those is localised or national shutdowns of communication technologies and it's happening in 15 of 65 countries around the world, the same countries that are using this one of the 9 types of Internet controls. It's sort of a grab bag. And they're going to use the ones that fit their purpose and often avoid the most -- avoid the negative backlashes that we know are there. And I think that's part of the reason why the multistakeholder approach is so important and I really echo what Andy and Judith said to that effect. >> NICK DAGOSTINO: Than Gigi. I think we'll break. We'll go to the breakout groups. So we'll have -- no exercise. We will not force exercise on you. [Laughter] So on my right, your left, we'll have the economic impact. And we invite everyone along this table to just turn your Chair around. And on this side will be the elections. Because of change, unfortunately, the technical measurements one, which is an important part of the conversation, our panelist was unable to participate today. So we'll focus on economic impacts and elections. So everyone on this row, please just turn you were Chair around. Everyone on this row turn your Chair around. And for 40 minutes, we're going to discuss these questions. We do have a goal within each group. So just to shape the conversation a little bit, we'll have a moderator. So Andy will moderate the economic impact, I will moderate the elections conversation. So just to ground the discussion, so we're not starting -- we're going to start by looking for one point of progress. So something that has been accomplished within either the economic impact or the elections. One to to challenges that need to be addressed. And then one or two next steps or solutions just to ground things a little bit. So we'll reconvene at about 12. We'll aim for 12 to 12:05. Thanks. >> Just Martin. You mentioned that you were missing an expert on measurements. I just want to say that there are a few people in the room that have that expertise. And if people want to find us, we should put our hands up now. Higher, Colin. >> NICK DAGOSTINO: Yeah. We can create one more breakout group. >> No, I don't want to break your breakout groups. I'm saying if you want to find us individually to chat. >> We do have folks in the room that wouldn't want to miss the opportunity. >> NICK DAGOSTINO: Would you, Colin, be willing to moderate that? Okay. So why don't you come to this back corner here? Anyone who wants to talk about technical considerations can come to this cornerback here. Sure, yep, thank you. (breakout groups will have no caption. >> NICK DAGOSTINO: Hey, all, before we lose everyone, let's reconvene and get started with the wrapup. If we can please sit down and get started, we have just a few minutes to do the wrapup and I know we've already lost quite a few people to some competing events that are going on right now. So thanks. >> I'm David Sullivan from the -- global network initiative. So we will have a wrapup. Is that better? No. Okay. So thanks, everyone, for also helping us to pioneer the breakout group format here at the IGF. Very curious to get feedback on how that went. I know our space was not optimal. But I think at least from the economic group that I participated in, I think we had some really useful discussions, some useful chances for people to get to meet one another and start to strategize on how we can adopt a multistakeholder approach to these issues. So I believe that Digi had to run to deliver these petition. So just based on some very helpful notes provided summarize the discussion in the elections group and then perhaps turn it over to others who were part of that group who can elaborate. So for the victory in elections, we can clearly point to Ghana. And we were very delighted to have the representative from the gambia nayian government here today Ghanaian government today. A person with influence in the country and region. And that's something that we hope will play out in a positive direction in the coming months as other countries go through their electoral cycles. Challenges. I see that decisionmakers may not yet understand ICT issues and that the laws in some countries allow for shutdowns or allow national security laws to enable shutdowns. And then, finally, we have technical failures that governments can take advantage of for political purposes. Finally, in terms of solutions, I see push for better laws, including laws on Human Rights. We need to be able to marshal the economic impacts arguments and joint statements in order to engage with governments and to develop best practices that we can share with each other. So I'm going to stop. There are I see a lot more victories, challenges and solutions that this group has developed, but I'm going to first perhaps check and see whether Judith or Katie has anything from that group that they would want to add to or subtract from my attempts to summarize it.. >> JUDY LICHTENBERG: I think that is a good summary. We had one Vick at this to point to with Ghana today. But we had lot of small victories that pointed to more attention coming to this you very formally. And there was a lot of talk about kind of taking those and looking at other ways to push, like I don't know if you mentioned the Australia example, but Australia developed a set of principles for blocking. And the thought was that that could be taken and applied in other contexts. It could also be a potential model on shutouts and that the FOC to look to it when they are e developing their joint statement. So there was a lot of creative statement on how we can take something that's happening now in some of the smaller victories and turn those into larger victories. So it was a good discussion, thanks. >> MODERATOR Great. Should we move, then, to the economic group? Andy? Pass the mic. >> Andy: We had a really good discussion. I'll try to go quickly because I know we're losing people's attention. But I think on the challenges side, I think the biggest challenge with the lack of a comprehensive, reliable dataset to get more robust economic analysis is going to require more robust data, time series data, lots of of details, lots of coding. I think another big challenge we identified was the diversity of the ways that governments disrupt access to data, information. You have everything from the DPI blocking to throttling, but you also have sort of policy measures hike extremely executive taxation on mobile data, which some people in our group might be seen as a type of blocking. There's also a tension between having a very conservative, defensible methodology for an economic study that excludes a lot of things that you know are important but are harder to definitively measure. There's a tension between that desire and the desire to have a practical impact on the behavior of stakeholders. There's also a challenge of needing to localise a lot of this information. Sort of the studies that exist are sort of at a global level. Typically done in the global North. We feel, a lot of people in our group felt there was a need to do this with local anecdotes, local data, local cultural context. In terms of solutions, we're really looking forward to what the measurement urmt group has to say. Our number is solution was: Getting a of better dataset. And we thought that that would require sort of a multistakeholder measurement apparatus. And so I'm excited to turn it over to them in one moment. The second thing was getting studies that look at the longer-term economic issues, sort of the existing studies are more about the like abrupt impact of a shutdown. But a lot of people in our group felt like there were longer-term potentially of more damaging consequences in terms of consumer confidence, investor confidence, the education decisions that people make, the business decisions, deciding whether or not to start a startup in an environment where shutdowns happen. But none of the existing studies seemed to capture that because it's hard. But we think there's a lot of room for that. And then the last two things are we think we need to do more to put this issue on the agenda in regional and local and national fora, opposed to it's mostly at the global level these conversations happen. We think we can all do a better job submitting proposals for local events. And then the other thing was doing more to get international financial institutions to look at this issue, like the World Bank, the IMF. A lot of people in our group thought that that could potentially be impactful in terms of generating interest. Actually, sorriy skipped one have the last one is moving this conversation out of just sort of the Internet Governance rights space and into more traditional economists conversations. So figuring out how to get this on the agenda at, I don't know if these organises exist like the international association of economists, making this not about Internet issues trectly but a broader issue of interest to economists so they can do more serious work in addition to the great work that's already been done. I think that captures it. I don't know if anybody else in the group wanted to throw something. Okay. I'll stop there. >> I think ours can be succinct as well. As far as successful case studies, I would look forward to look to the blog posts that were put up and -- has also published on certain incidents. I think these are really good examples of characterizing the political and economic impacts and also demonstrating that there's a po the ential for accountability that these things can be monitored. Are as far as difficulties, I thought there was really good counter example that showed how many of these technical measures are informed by our political biases or our expectations, which is, for example, when tellster goes down and takes down the entirety of Australia, do we think that that is a politically motivated or economically motivated shutdown? Why do we think that that's the case? And also demonstrated how crucial in certain respects external assistance, whether it be active measurements from other data sources or whether it be sort of country expertise, whether you find through personal relationships or based off of social media, how much that sort of demonstrates this. This is kind of goes back to a classic joke RFC that there's no evil bit on the Internet. There's no like real political intent shutdown indicator. And then getting back to the moving forward, what was unique, at least for me, about this panel was that a lot of the data sources were sort of passive measurements from service providers. Those are entities that aren't often in the room in the academic settings where we talk about ackive measurement from purposeful tools. And I think that this highlights that there's an opportunity for commercial providers with respect to confidentiality to inform the process and inform our understanding complimented by the public data sources, the public tools, whether it be measurement lab, which I work with, or ripe atlas or other, Uni, for example. So it's not just that we -- this is truly a multistakeholder process in order to gather really rigorous and comprehensive data. Oh, I also missed that it's often difficult to determine shutdowns in smaller countries where there are regional shutdowns or whether there's an inconsistent methodology in the shutdown across different service providers. But I think that that also speaks to the value of making sure there's -- between civil society who might have a better understanding based off of having people on the ground and the people who are responding to it from a service provider perspective or whether it be like accountability in public interest movement. I think that's all I have. >> MODERATOR That is terrific. Thank you, Colin, and all of your colleagues for taking that technical conversation forward. We're going to take this conversation forward in a number of respects. Particularly there is another workshop on this topic I believe on Friday morning. So I encourage everyone to go to that and to keep the conversation going. We'll be doing that, looking ahead to things like rights con and other international gatherings in the future. So on behalf of GNI, Access Now and international media support, thank you, everyone. I think this was really valuable. And we look forward to continuing the conversation. (end of session). [Applause.] Hahn key luth,. >> HANANE BOUJEMI, Hanane Boujemi, luth luth, luth luth luth, Sophie Veraart,. >> SOPHIE VERAART,. >> SOPHIE VERAART Sof, an nowk volunteers, nowk nowk, nowk nowk nowk, Catherine Garcia van hooking strat en, krath krath, krath krath krath, Hague university, what ann languages bow gemmy,. >> HANANE BOUJEMI, Hanane Boujemi, Alejandra can tone Moreno, can tone month reign oh, can't can't, can't can't can't, ar gambia gerk ensure,. >> MARCO GERCKE,. >> MARCO GERCKEGerk,ardard,ardardard, sue Sonia herring, herring herring, herring herring herring, sleuthry, sleuthy Cameroon math,. >> MR. KAMAYEMA,. >> MR. KAMAYEMACam. >> MATTHIAS KETTEMANN,. >> MATTHIAS KETTEMANNMath, sleuth sleuth, sleuth sleuth sleuth, Alice mun ewe an, mun mun, mun mun mun, irate Garcia Perez, gasser gasser, gasser gasser gasser, Mikhail comarch ov, comb comb, comb comb comb,. >> Welcome to the workshop. We would like to thank the Internet Governance Forum and the Williams and cybersecurity Forum in the Netherlands. They have organised this truly international and multistakeholder approach workshop. Now, as panel moderator of this workshop, allow me to introduce myself. And shortly present the subject followed by the presentation of each of our panelists and afterwards we will have a social engineering sort of demonstration exercise. And, finally, well start with the panel answering the questions that we bring today to the table in relation to sex torsion. So, my name is Catherine Garcia digital governance and cybersecurity law at the centre on cybersecurity in the Hague University of applied sciences and also member of the women in cybersecurity foundation in the Netherlands. Online sextorsion is based on none consensual pornography and refers to sexually explicit videos and images disclosed without consent and for not legitimate purposes. In both footage obtained by helped encameras, stolen or leaked photos and recordings social media manipulation, and blackmailing training communications, computer hacking, use of malware and -- it is a violation of privacy and a form and often gender and intersectional sexual abuse for an objections based on negative perceptions of nudity or displays of sexual conduct. The current architecture of Internet and -- these vulnerabilities lead to scalability, replik ability and searchability for private information. Although existing private for mechanisms have been developed and improved over the years. They are still not helping users in distinguishing self-disclosure behavior that might put them on interrisk. In the confidentiality paradigm, privacy as the right to be let alone and our aim to create individuals autonomous fear free from intrusions. The confidentiality and paradigm places a strong focus on security but not too much attention in enabling transparency and online identity construction. This has been already raised in several workshops in the course of this week here at the Internet Governance Forum. An all the privacy contributes in a big part to the construction of one's identity, both in individual and collective level, this is the notion of privacy underlying self-disclosure activities. Therefore, we believe technologies located in the practice paradigm shares such an understanding of privacy and pursue making information flows more transfernt through feedback enhanced awareness. Considering the Internet law as a Forum for public discourse, it is clearly undisputed that cyber harassment such as distortion interferes with expression even if it's perpetrated via expression. Given that it is proa foundly damaging to free speech and privacy rights, sex torsion is growing concern and needs a coordinated multi stakeholder efforts to bring about greater level of Internet safety. Consequently in this inter146 sex torsion we aim to restore order on the one hand alternate and behavioral approach which is going to be the first tract of course we have for you today for our panelists and for you to commend and react on. And on the other hand, adaptable and legal policies approaches and good practices sex torsion that can be harnessed to keep up with technological advances. This will be addressed through the social engineering societies that we have and therefore after through our panel discussion. Thank you. Now we will pursue to introduce ourselves. I already have done it so I will pass the floor to my colleagues, members of the panel please introduce yourselves. Can't can't I'm security director for Mexico system engineer and expert in end user behavior and awareness programme. Thank you. Alejandra canton Moreno. >> Hi, I'm Su Sonia Helling. >> I work at Google here in the Mexico office. Oh my bad. >> Hi, good afternoon everyone my name is Hanane Boujemi government manager with Hivos. >> My name is Nicholas. I'm member of the recent training group and user centre social media in University of Pittsburgh and my research topic is self-disclosure in social media and privacy and social media. >> Hi, good morning. My name is Ramila researcher in Rio. >> Hello, good morning, my name is Arda Gerkens from the Dutch parliament and president of inhope, the network of all hotlines. >> All right. We will start with Alejandra that will explain a little social engineering she has done over the course of the last two days. >> Hola, buenos tardes a todos. I want to say who we are, what we are or better what we are in the Internet. The answer, we are dozen, hundred, thousand regarding of our banking information, our health, our work, our friends, our vacations, our networks and maybe our sexual activity, relations and even our preference. It's a lot of information that needs to be protected and needs to be protected because it's valuable. And it's valuable on money and it's valuable in power. And not only for us but also for a lot of people for good or for worst. There is a lot of risk around information. And social engineering is one of them. Maybe the most important because, one, sometimes intruders get the chances when there are general gaps in the security. Well, they use it. But more often we can guess they get through because of human behavior such as the natural human inclination to be helpful or liked or because people are reckless about the consequences or being careless of the information. I know that most of the -- know about social engineering. After all, we are experts in so many subjects related, right? Well, during the past two days, we did an exercise with some of the participants of the Forum. 53 to be exact. What we did is that some of us work around the workshops, work around the different rooms without but any badge. We take out this. And without any IDs. We ask some of the talents to register in some regular white sheets with some printed column asking their names, their employees, where they work and their email address. 46 didn't ask anything and gave us their information. 6 asked a little bit more but with some and useless answers, they gave us information. And just 1 said no way. I don't want to give my information. I already gave it in the station area. Imagine. Almost the 8 percent of the people gave us their information. The conclusion of this is we are so expert and so protective with antivirus firewalls, complex passwords that we forget the basics. Do not trust the people you didn't know. So if this happens to us, imagine what happens to teenagers and not tech people. It's important to tell you that all the information that we collected was used just for this workshop and just for statistic purposes. It's already destroyed. And also all the emails accounts. So if one of you gave us the information, please, your information is safe. Well back to our business. Social engineering gains access to any systems despite the layers of the security that we have implemented are now in hardware or software. The ultimate security wall is the human being. And if that person is instructed, the gates with wide open and computer text control. And when computer gets control, some of the things that he or she can do is to get -- access to your local information, access to the cloud information. Access to send Emails. Access to the social networks information, also ongoing support services post in your social networks. So your personal information could allow criminals to open bank accounts, to get credit cards, passports, launder money or to make fraud or even to make you sextoward because they have your information, your personal information. And these could be even worst in many ways to lose all the money in your bank accounts. So unfortunately there are many cases of socially engineering cases. The only way you can do is promote awareness. Thank you. >> MODERATOR Now we will start with the panel announcement. The first is technical and behavioral track. And for this we have specific number of questions that will be addressed by in the first place Nicholas and he already introduced himself. But a little reminder. Nicholas Diaz, fellow PhD fellow at use centre -- University of -- in Germany. >> Nicholas: Thank you, Catherine, for invitation, I'm very happy to be here. And so basically my research is on online self-disclosure and also to build a connection on what online self-disclor your mean and how it can be with sextorsion. Basically social network sites that people share diverse content and information in order to get some benefit like maintaining friendships, blog, sharing photos, music, articles, et cetera. So the process of making the self known to others have been defined in 1958 by -- as self-disclosure. So this is basically in an offline context like we are now. So in the online context that would be redefined as online self-disclosure. So there are benefits of self-disclosing. We maintain friendships. It's the key way of building social relationships. So when I'm talking about my interests, my what I like, what I do not like, I can build an emotion a tie with another person. However, when we do it in social media, we forget that these places are not free. Thief, et cetera. Unfortunately engaging in self-disclosure activities can bring negative consequences for users that go beyond the problem of image. In the case of sextorsion, perpetrators that get access to the profile of the victims can get their address, phone number, they can know about their interests, habits, their workplace, and therefore they can build a social profile out of their victims and start seducing the victims and engage with them. Unfortunately these consequences are not part of the user's privacy concerns until they live it in the flesh. So why do we disclose more in an offline context than online context? Basically I know how many people are in this room. Well, approximately. So I can regulate my speech. I can self-censorship and I can follow basic rules of information sharing. Unfortunately these rules and ways of behavior is not the same in the online world. So we talk about our personal life, we talk about, for example, what I had for breakfast in the morning and that I had a party yesterday and got drunk, and this information, it's often very sensitive and very private. The thing is that we, as users, are emotionally detached to our private data when -- support. For example, if I lose my passport, my reaction will be visceral. I'm losing something that's very important for me. However, like Alejandra just showed in her experiment, we are very happy and willing to give away our data constantly over and over again. And that's actually because computers are social actors and therefore they moderate the way we perceive our own privacy and the way we perceive our private data online. So we are responsible as designers of interfaces, of hardware, in the way people understand their privacy and live their every day online privacy. We believe raising awareness is very important for users to know how important their data is for them. There have been a lot of approaches on trying to do this. For example, some researchers of carn Gerkens melon tried to do the privacy notches. They tried to apply sentiment analysis to their posts on Facebook. So they were warning them if the post could be in a negative or positive way. For example, if the system was okay, your post could be understood in a negative way, the users had a chance to hold it and not post it at the end. Many of this approaches that are very interesting rely on very static approaches for awareness. This is each one of us are different, each one of us understand privacy in a different particular way and each one of us have different privacy needs and concerns. So in order for these approaches to succeed on engaging the users, they need to be adapted. And we believe that if we consider users as individuals who could significantly benefit from learning about online privacy, this is like taking a more pedagogical approach and consider the user as student of privacy literacy, we can get closer to raising awareness in the right way. So we have defined an instructional awareness system that its aim is to provide personalised feedback messages when detecting user disclosures. And consequently we have designed what we call software architecture that we said we have described the architectural components of such instructional awareness system. And this as I said before that has a pedagogical, it's a pedestrian gojal approach. Resembles -- intellectual -- systems have been used before. It's not something new. But they have been used for academic purposes in academic environments. And these systems provide a learning environment to the student and try to give him feedback and assessment on learning particular teaching topic. For example, sequel, the language for databases, and in order to generate this, the tutoring system is contains a knowledge base divided into basically extorts the main knowledge about a topic that he's teaching. And database, being a part of database user performance. So if we think about it in terms of privacy I can teach privacy to someone but at the same time in order to adapt feedback and give the right guidance, I need to measure in some way the progress of how this person is learning this topic or in this case privacy. So we think that can be a way of reducing excessive online self-disclosure. And we are, if my research training group, we are actively trying to make this happen. And this is our big goal for the next year and for the next years to come. However sextorsion has other requirements, I mean we are not as I said before, this is more for online self-disclosure. But a very important part or aim of fighting sextortion is the generation of consent because basically the perpetrators that are disclosing these pictures, videos do not have any concerns on doing it. And it's a debt in software architecture and we as developers on how to generate right mechanisms for detecting consent. If some ways about disclose a picture, we need to double-check, triple check if that person has consent over that information. >> CATHERINE GARCIA VAN HOOGSTRATEN: So now we will break out to comments or discussions. Who will like to start? The software panel and then participants, I'm sorry. Any questions. >> Hi, can you hear me? I know we don't have enough time. My name is Hanane Boujemi just for the record. I would like to maybe ponder the question relating to the terms of use, the existing terms of use that we have at the moment in various platforms. Not only Facebook. Facebook we usually give it heed. But videos can be exchanged on what's up and other services. And of course even Google Plus, maybe. So I think it would be very interesting to hear from Google, for example, since you're representing that segment of the industry, on what kinds of terms of use do you have at the moment to deal with this phenomenon? >> I'd like to stip you hate two things, first of all the social engineering which is really the way we work it as sextortion at our help line. Because what they will first do is through all the information they get from you on the Internet contact you and build up a bond, the two of you together. And they will suggest that you will have a conversation, for instance, on Skype. And where the actual sextual contact will take place and then sextortion will lead out of that. So it's very good that you just showed us that social engineering is a very important part of this terrible crime, actually. And I'm really looking forward to the results that Nicholas will bring us. One of the problems with sextortion is also sending material you don't actually want other people to see. And what we know is that very young people, they don't have the ability to think about what they do. We older people always tell them think twice, but they don't. So it would be really good if there would be a tool if it they were about to send it out saying hey, do you really want this to go online? Do you know what happens? And I think it might be useful to in this sextortion especially, I think there's a great challenge on the other fields because it's very hard to detect what kind of material you want to send out. But it's very interesting to see this technology arising. >> CATHERINE GARCIA VAN HOOGSTRATEN: So we have a space for a couple of questions. So please raise your hands. Yeah. First here and then. Yeah. So first we have our panelists, then you and I think you're up. >> Okay. I want to follow Arda's comments by mentioning research done in October 2015 about sexting and comparing youth behavior to adult behavior and also how preventive measures, how it worked with the behavior of youth and how they -- did they stop sexting or they didn't? So I'm just quoting from the research that "letting people know proximate the negative consequences is not very effective as discouragement. In fact, it's recently been shown to have the forbidden fruit effect. And so focusing on negative outcomes campaigns is communicating to youth that sexting self is wrong. We can replace the word sexting here with maybe even, well sextortion or excessive self-disclosure is wrong without recognizing the positive aspects of it. So this is likely to be infective because youth would not engage in sexting without any potential benefits, although it may not be obvious to us or adults in the first place. Instead, prevention campaigns should recognize that there are some positive aspects to it and make it clear that what needs to be prevented is only the negative aspects of it, not sexting itself. So the reason I'm quoting this is, well, as, I mean, as parents or people who interact with younger people, sometimes it has the exact negative effect to tell someone that, no, this is very bad and I ban you, I forbid you from doing this. So I think maybe a more lenient approach instead of telling people no, this is bad, don't do this, can be followed. >> CATHERINE GARCIA VAN HOOGSTRATEN: All right. So now we will give the floor to the first participant. Do you have a question? >> Okay. Thank you. My name is Marcelo I'm -- I work with security in Brazil on university. We work with different kinds of malware, virus and different programmes, similar for that. I think the principle problem is the case try to extras Tate the persons, the users to understand the problems with these technologies. In the following years we have different problems with Internet of Things on other technology that you will use. And the principle problem is that the user accept or not understand how to use specific security. In this case I think the problem is Facebook but the other problem is the application in Android, the problem of zero dates, problems in the system, malware, the bought knots that try to keep your information. I think it's a very big problem. Not only with sextortion. >> CATHERINE GARCIA VAN HOOGSTRATEN: Thank you. That was exactly what we were talking about awareness, the importance of the awareness programmes not exactly behavior but the use of the technology and also the online and offline culture because sometimes you aren't aware of what are you doing offline that will be harmful in your own life. So it's basically that to be aware and to be educate of the technology you are using. Kratdz krath the second question, please. >> My question is directed to the second speaker. A lot of the research that we have done in India shows that young people when they self-disclose people of any age, particularly when they are using the Internet for sexual expression, including sexting, have a pretty good idea of what they are doing. And so I was very curious about the concept of excessive self- disclosure that was up on the chart because my sense is that people, when they use the Internet for sexual purposes, which is pretty of -- is very, very common nowadays, do assessment of the risks and that perhaps the solution is to actually use safer sexting practices, et cetera. So I'm not clear what excessive self-disclosure means. Because I'm a little worried, to be honest, because it seems to blame the person for sort of disclosing too much of themselves. >> Nicholas: Thank you for your question. Basically as I said before, the rules of interaction in the online world differ tremendously from the offline world have and there's a very interesting paper from researchers of carn Gerkens melon. It calls "I regretted the moment I press shared." So this is empirical research where people had reported a bad experience online for having disclosing this personal and sensitive data. So these bad experiences can be certainly mapped to a certain attributes that the person had disclosed in that moment in time. So when talking about excessive online self-disclosure, it's that when you start revealing and revealing more and more and more and more and more, the likelihood of some harm, it's increasing. So we have to find a way -- that's my research about, so I'm spending a lot of time trying to decode it, to find out how to do it -- how can we provide the right assessment? And of course this should not be about a censorship for these activities. It should be in sync on the privacy needs and expectations of his or her online experience. >> I think it's also important to distinguish between the two ways of sharing consensual -- sharing sexual information on the Internet. One is with consent. Debate on how to do it or whether you should do it or not do it. This could be a tool to help them. Then you have unconsensual which is when you get into the sextortion. And this is I cannot emphasize it more a very, very serious crime. We don't at this point we are not even thinking of how serious this is. There are people killing themselves by the fact they are being sextorted. It is huge. We have no idea the things we get to our help line they are only the tip of the iceberg because most of the people, they will just pay the money that they are being asked. And I think that we have to also realise that the perpetrator who gets people to sextort themselves, they use what you just called the heat of the moment technique. It's not something you can really think about. It happens to you also because there's a lot of dopamine in your bodies. It's within minutes it has happened and the video is out there. The perpetrator is sextorting you. And I think, therefore, it is something that we should really look on how we can stop this because it's, like I said, really serious crime. >> CATHERINE GARCIA VAN HOOGSTRATEN: Next question, yeah, please. >> Can you hear me bay an tries from Brazil.' an anthropologist and I study online security especially connected to gender -- yeah, okay. I wanted to ask Nicholas but I think I could ask anyone. How do you see sextortion as being a form of gender violence? Because we have at least in Brazil, statistically it happens to girls and women. So we're not talking about any kind of violence or any kind of exposure or the consequences are not the same. They are very different. Depending whether you're a woman or man. >> CATHERINE GARCIA VAN HOOGSTRATEN: I may take this question if any of my colleagues want to also add something shortly, briefly. I do agree with the fact that it is definitely not only a gender sort of phenomenon, but also and most importantly we have discussed within our group intersectional. Because we have to be aware that most of the studies usually refer to women, which is true. There might be more statistics, statistically speaking, women that are usually victims of these situations. But, in fact, there is also the non-reported cases, which mostly concerns to members of the LGBTQR community, so on and so forth. Religious minorities. So there is an intersectional, actually, and not only a gender-based situation underlying the problem of sextortion. So I would like to move quickly to the legal and policy track. And for this part, we have the pleasure to have Jamila of the society FGB Rio and also member of the coalition on platform responsibility which actually recently, only yesterday, I have been informed, has launched a book which I hope is easy to get access to but is basically focused on terms of services. So here we will have Jamila giving some comments on what has been the findings of this Dynamic Coalition in the IGF. And also, then, we will open for the panel discussion probably then you will be able to answer Han, nane's question. The floor is yours. >> Thanks, Catherine. Thank you for the opportunity to talk about this topic. So, yes, as Nicholas was saying before, it's interesting to hear this conversation because I remember when we started interacting the Internet, the biggest concern we had was with our security. And at some point the economy -- okay, thank you. At some point -- do you hear me? Okay. At some point it seems like the economy of platforms or how things on the Internet work changed in a way that we got used to giving our data to have access to a lot of information that are available online, right? And we do that especially or guided somehow through the Terms of Service. Despite the fact that sometimes we don't have to explicitly accept those terms, the mere use of some web services imply the acceptance of some rules and conditions that will regulate behavior online, right? So considering that somehow what we analyzed this this study, considering these Terms of Service are defining how we interact online and how we exercise our Human Rights online. Because Internet is as we all know a tool for the -- privileged tool for the exercise of Human Rights, particularly access to information and Freedom of Expression. And also they also define the conditions underwhich we will exercise these rights, in this case affecting the use of our data, for instance. We decided to analyze the terms of use of 50 online platforms. We only analyzed the Web-based platforms. We didn't analyze mobile platforms. To understand how they deal with Human Rights, Freedom of Expression, privacy and due process. It's interesting that we find that there are several rules that apply regarding privacy. There are lot of commitments regarding the protection of user data already present. The privacy policies, they are detailed, they are long. They usually give somehow a notion of how this data will be used. But it's difficult to understand how this may impact on users' rights, right? How the collection of all this data may impact on users' rights. And that's because we have a language that is technical and it's not just in a legal way. It's all a technical language regarding to computer science and the mention of several technologies that may affect our privacy and that we don't know how they really act. So it's more complicated to understand these terms than reading a common contract for other types of service. And at the same time, these terms are usually written in a way that they are broad enough to allow companies or platforms to use data in different ways without having to ask for a new consent, right? So they usually say they may track users' activities. We found that that's almost all platforms we analyzed, we analyzed bigger services, smaller services, so most of them say they pay track yrs' activities. They may allowed third parties to track users' activities. They say they may share users' data with third parties without specifying which are those third parties, under which conditions these data will be shared. So it's mostly difficult to understand how this may impact on our privacy. There are excellent practices we observed, e special had I in the biggest companies. For instance they are mostly directed to informing user about the impacts of their privacy regarding other users, right? And it's exactly what it's more related to what we are talking about today. So for instance there are some tutorials, help pages, videos that try to inform users about the impacts of the information that they share. And these can be a very good practices. However, when we look at the relation between the users and platforms, that's more complicated. And the guarantees that are present in the terms are fewer. On the other hand, when we talk about Freedom of Expression, what we find is that the terms are smaller. They are not that long. And they are not that detailed. Usually you have several guidelines regarding which is the content that is allowed or not in the particular platform. And then most of them, 80 percent of them have some mechanism for flagging abusive content. They include that in their terms. But a great part of them, it's related to the DMCA. So it's just about Copyright content. And that's what you have on the Terms of Service. Regarding other types of content, you usually have general clauses saying that they may be taken down. But there is no transparency regarding how that will be done or under which conditions. And I'm talking about only the Terms of Service, privacy policies, community guidelines and the documents that we consider that are binding to users. We are not talking about other pages or other mechanisms, right? So it doesn't necessarily mean that these mechanisms do not exist. There is just no commitment in the legal document that users have to accept to interacting the platform. So there is no transparency regarding these takedown mechanisms, how they will be implemented. Not even to the potential victim of these type of abusive content but also not to the users. So what you find is that few platforms or I would say on the contrary, most of the platforms say they may take down content with no notification, no diswrus at thisfication to the affected user. And more than that, # 8 percent of the platforms, that's 44 platforms out of 50, say they may end-users' account without notifying users. So it seems like there is a problem that affects both victims and creators or users that are sharing their content. And it seems like what we need is more information and more transparency regarding that so we can understand better how that can impact on our rights. >> CATHERINE GARCIA VAN HOOGSTRATEN: Thank you. That's hupper helpful, actually. >> Thank you for having me here. I'll be brief because I think what Google has to say here, we're not here as a representative of the whole industry, unfortunately. I just know one company. But I wanted to highlight that we do have a consistent approach across our platforms and across our products. So that's the first thing. And the other thing is that we didn't operate about this particular issue in -- without information. We actually went and sat down with advocates, with victim groups and we really tried to understand where this problem is coming from. When the first terms of services were created, revenge porn wasn't really there. So the phenomena that comes over and over over the Internet has to necessarily feed back into the product. So we try to take the time to be here, to talk to groups like the ones you lead to understand how the product can be adapted. So we have no tolerance whatsoever for revenge porn have we take it very seriously in our platform. So we have a system where you can ask for that content to be removed. So that's on our removal policies. Actually you can find that as one of the sensitive contents that we consider. And we don't allow it to be shared in the rest platform. So blogger, Google Plus. Once this is asked by you or by someone to be taken down, it's reviewed and it's taken down and it's not allowed to be shared across the platforms. I will highlight, though, that removing it from Google search does not remove it from the Internet, okay? So we also have a mechanism to try to make ez whyer for you to contact a site's webmaster. Because if this image or this video lives in another person's web site as a search engine, we're responsible for indexing that information. But we can't really go out into the Internet and remove things. We don't have access and we really can't do that. But we do try to give you information on how to contact the website's webmaster to follow through on that particular request. I do think that we all agree that search and these types should reflect the Web. And these examples of what gets taken down should be considered really carefully by communities like this one and by dialogues like this one. So I think personally identifiable information, so if you find that your credit card information was somehow posed in a website that's indexed, that can be removed. And the same way that's how we got to the revenge porn. We also not only review the requests but we also demote on search. So on the ranking on search the websites that have been known or been denounced to put revenge porn on there. And I think that you should also think about the rest of the way we think about this is we don't allow pornographic content in general on our platforms. We don't make money from it. We don't allow advertisement for pornographic webs. And we take sexual and violent content out of complete function in search. Because we do believe that there is a role here to play. Obviously you talked a lot about how much information we disclose. Then there's a responsibility of those that distribute some of that information without consent. So those are two sides of the problem. And then the platforms sort of in the middle receiving or letting things through because that's what we were created for, to let the flow of information get from the creators to the users and vice versa. And I think what I wanted you to take away is a responsibility to be here, to talk, to gather the information, to take it in and to try to improve all the time on these practices. I don't know if you're going to talk a little bit about sort of the legislations because you mention crime a few times, right? And I don't think it's very clear yet in all the countries across all the jurisdictions what the crime is defined. So on the platform side, I guess what I wanted to highlight was the importance of having very clear definitions of what you're considering revenge porn in this case, if you're penalising the content creation, the lack of consent to distribute it, how to handle content for commercial purposes. Those types of things would be really helpful to have in domestic legislations or in an agreement because that really puts the sort of crosses the T and puts the dot on the I's of what we need to be looking at in those community guidelines in the end. And obviously I think all of you would defend Freedom of Expression and sort of making sure that these definitions do not conflict with that right. So I will leave it there. >> Thank you. I just want to highlight something relating to violence against women and the issue of revenge porn or sextortion. Men are also subject to that. And I think we have to bring that up somehow here so we're not too concerned about only one part of the problem. When it comes to legislation, I think legislation is going to help in some context but not others. In the Middle East, for example, we definitely cannot aim for legislation against revenge porn or sextortion because the perception of the society, the cull culture, the religion and a lot of things. There are a lot of elements in the mix. The terms of use, I'm going to go back to that. And I think the terms of use or the conditions under which Internet companies usually operate I don't think are sufficient in the current state. So let's not focus on the regulation now because we need to find more solution that we can scale to different regions. The terms of use are a little bit neutral. If you look at them very quickly, you don't see -- I mean you see things like oh if you're a sex offender, you can't open an account on Facebook. But you make the assumption that you only have the clean people on Facebook. And that's not the case. This is applicable to many other services. I think we have to get more serious when it comes to, well, taking down content from these platforms because I don't agree 100 percent with that. Because taking down content again in the context of the Middle East will be completely different. We will be talking about censorship and so on. So it's a little bit a sensitive issue, as well. As I said, it would be really more useful if mat forms are more efficient filtering through that content more seriously. At the moment, we see a lot of disturbing videos that are not being kind of addressed. I'm part of a mailing list where all these cases are actually being disclosed from victims and also from other communities like LGBT community, like political, all kind of people at the moment are trying to see a better to moderate this kind of content on Internet companies' platforms. So I really call for a more comprehensive rules or guidelines for people to use these platforms. >> If I can add to that, one of the biggest sources of sextortion is your platform YouTube, as you probably know. YouTube is very good in removing the material as soon as it's flagged. But the chances of it being uploaded again are always there. Now, we have perfectly very good technical possibilities like follow DNA or hashes to prevent this from being uploaded again. And I would really, really ask Google and Facebook and every other platform to start using those techniques because like I said, this is a really serious crime. It threatens people. It costs lives. And I think you should take your responsibility here. >> CATHERINE GARCIA VAN HOOGSTRATEN: All right. So just to wrap up, is there any question? Okay. First here and then -- >> Cláudio, State University. Another Brazilian in the game. I'd like to build on the argument that was made by the senator here. I think we're pretty if not solid, we have an idea of where we're going with awareness. We also have an idea where we're going with the search foreleggal remedy. And now towards the end of the panel, we discuss something which is really, really essential, which is the ecosystem any cal response. We can't rely on -- this is not humanly traceable. What happens here is not humanly traceable. And we have, again, building up on the argument extremely interesting and effective tools, content ID, for example, has an interesting mechanism to filter Intellectual Property breaches. So we're discussing now how to automate responses to hate speech. We're discussing how to make responses to the search of the truth in the last days. So are we not working a little bit more in automating because time matters and it matters a lot here. And this is destroying the lives of not only but also of women and girls and women all over the world. >> Hi, I serve on the ICANN board. But my question is more to my previous incarnation as a lawyer and a politician. Because as Arda said, it's a serious crime and it's costing lives. But I understand it's not a crime in many countries or it's not clearly defined. So are there any plans, from your network, from all the people here, to very concretely start working to make it a crime, clearly defined prosecutable crime in every single country in the world so where there's this cross-boarder effect that the victim is in one country, the perpetrator is in another, we don't get caught up in endless jurisdictional discussions and we can very quickly make sure not only to help the victim or to prevent, if possible, but to go to the next thing, which is to -- and I see a member of the European parliament is going to fix that for us. Thanks. >> I can't fix it everywhere but I can raise my voice. I'm on the committee in the European parliament, I'm a British labour politician. And I work a lot on this issue, the issue of online violence. And actually we do have an instrument in Europe and it's called the Istanbul Convention. And even my country, the UK, has ratified this. And I just heard -- has not ratified this. I just heard yesterday we have a more right wing Polish government. They are going to actually pull out of the Istanbul Convention. So I think it was 2014 it was agreed. Some countries, some unexpected countries, have signed it and are doing really, really well. And some countries that ought to know better are doing really, really badly. A friend of mine in Slovenia who is a women's rights campaigner said her government said they couldn't sign it because it was too expensive. And our response to that has to be that the cost is women's lives. I know, but theis tam bul Convention is specifically about women here. I'm on the gender e quality committee, so we are working with gender and violence issues across a whole lod of different platforms. But I just wanted to say there is an instrument. There is an instrument. And we are now still in the 16 days of the campaign to eliminate violence against women and girls. So you need to raise your voices and you need to be in touch with your governments and tell them that the cost is women's lives. So they have to do something about it. They have to do more than just sign it. They have to ratify it. And then they have to implement it. And then you have to hold them to account. >> CATHERINE GARCIA VAN HOOGSTRATEN: Okay. Thank you for more the remark rather than a question. However to also add to this that currently the Budapest Convention, as well, could be a framework of protection as long as obviously there is a criminalisation of these behavior in the national level. So it has limitations. I also want to add that there has been concrete criminalisation norms started in Philippines, Australia and moved towards mostly Israel, Canada, recently U.S., many states in the U.S. have criminalised sextortion or as they call it revenge porn. And recently Ireland has added its own legislation to the list. However, as most of the panelists have already asserted, the criminalisation of sextortion also has challenges and limitations. Flows such as the narrow or very broad definition of the behavior that is criminalised can be also a situation that arises a challenge. But also do not forget that as sextortion was or revenge porn was defined, it was only mostly focused on the ex partner.En that has been also reflected on the recent upcoming regulation, criminalisation of this behavior. I think I have final comments on these from my panelists. So I will give the floor to them before we finish this session. Thank you. >> I just wanted to react very quickly. I guess you said most of what I was thinking. But I believe there is a great challenge. And it's not a simple criminalised/not criminalised takedown/do not takedown type of solution. And we have to -- we can't forget that any type of action or regulation that we have on the Internet may an ifect the whole Internet environment. I mean, we do believe that we have to discuss how intermediaries may be responsible for these type of things. But we have to be very careful in drafting or thinking about solutions because they may affect our possibility of communicating or accessing information online. That was my final remark. >> I'd also like to add on the remarks and talk about also enforcement of the law. I'm coming from Turkey. So it's real problem that the one fact that it's know the defined in law. But even when it is, it's almost impossible to have it enforced. And we are discussing removing punishments for rapists in certain countries. So it's very, very difficult to have law enforcement take seriously when someone goes to them and says oh, someone is sharing a video or an image of me that I'm not consenting to sharing. So I think we really need to remember the problem of enforcement on this problem. And also, finally, I'd like to say that creating more public awareness in these regions is very important because it's really not being taken seriously and not being considered as a crime no matter what the law says or doesn't say. >> CATHERINE GARCIA VAN HOOGSTRATEN: And we will five the floor finally to one of the participants that has been raising their hand for a long time there. Thank you for waiting. >> Hi, thank you. So I think when we are e speaking about sextortion, we need to also speak about rape videos. It is a major you in India. These are. Actual rapes sold in shops and further used for extortion. This is violent of contenten three levels. It's the rape itself. The film mg. As well as the distribution. And when we speak about -- and as you can see it's not self-disclosure per se, which is leading to sextortion. These are the factors which lead to that. And I think it is a very important point to remember have and it's such big you in. >> INDIAia that even the Supreme Court has issued a report into this. To respond to this, yes, m inare subjected to revenge porn but I think it's remember most of it is different for them. The frequency is different. The extent is different. And it's also important to remember what type of men are subjected to gay porn, it's usually gay men, transmen, young boys. That's my opinion. That's all. Thank you. >> The last two years we saw a rise from boys up to 50 percent of all the reports we get. Men and boy being sex toward. And we're talking about 14- year-old kids to 70-year-old men. So this is also a very serious problem for men. The video, if they don't pay, so it's financial sextortion. If they don't pay, the videos are sent to their bosses, they lose their wives, their families, friends. It is very disruptive. I think last week, the report came out that three men already killed themselves because of this in the UK. So I think we should really consider this is a crime which is very serious to women and men both. >> Quick reflection. Maybe the solution to the issue is not on the Internet or with Internet companies. We have to look at the subjects also from the sociological point of view. And I've heard something recently in the Netherlands that basically about sex education. It starts from there, in my opinion. It's not about opening an account on Facebook or Google Plus or so on. The kids who are very close to their parents, even though they engage at sexual activity at a later stage, I think people that engage in revenge porn and these activities, they are, I think, personally there is a percentage of them that are not sexually educated or they went probably through traumas and so on so we have to bring a stakeholder from the socio, even cultural point of view to discuss these issues because I see some kind of connection with that, as well. So maybe we have to look outside the Internet fora for the solution, as well. >> CATHERINE GARCIA VAN HOOGSTRATEN: All right. So finally to wrap up before we close the session, we have the last question. Or remark. >> Nicholas: Yeah, related to but my point is that perpetrators very often get in touch with their victims using their social media profiles. So they have all the information there just to get in touch with you and engage with you. And therefore committing this crime. And I was hearing today and the day before a lot about connectivity, how can we generate, promote connectivity in the parts of the world that do not have Internet access and so on. I think on one side this is excellent. But we have to prepare new online members, new members of the Internet regarding their privacy. And I think that I'm trying to fight in that direction very seriously. >> I'm sorry. Maybe I wasn't clear when I was saying -- >> Nicholas: I totally understand it. >> They don't meet the survivors through social media. These are actually -- >> Nicholas: I totally understand the concept. But those are two different things. That one leads to the other in some cases, but what you just said, it's very close, but it requires other measurements. >> No technology plays a role here only in the filming and the distribution. It doesn't play a role in the perpetrators meeting the women where I was involved. I wanted to make that clear. >> CATHERINE GARCIA VAN HOOGSTRATEN: We want to thank ones again the Netherlands intergovernance Forum to for bringing us together. As well as the women's in the neats he Netherlands. Please follow up the discussions on Twitter. But also follow up the report I'm going to submit after this IGF session. So we will have a report online. And you can see the conclusions that will be raised there. Thank you very much. [Applause.] (end of session). >> Also, a report of the session will be on the digital watch observatory at the end of the >> Okay. I can just talk to them. Hi, we're waiting to are the signal to get started. So if you would kindly relax. Just make sure you're at the right workshop. This is -- in south Asia. Mod pod good afternoon, everyone. Welcome to this workshop, tech women driving ICT innovation and collaboration in central Asia and south Asia. The workshop purpose is to explore collaborative programmes that will focus on women in technology and its implications for inclusive and sustainable growth among various players in central Asia and south Asia. And for our purposes, we are looking at 13 countries Kazakhstan, Turkmenistan, Afghanistan, Pakistan, India, Nepal, Bhutan, Bangladesh, Sri Lanka and the mull dives. I'm sorry that I did not have time to do time to do a chart of this information, but the important things out of this chart are the figures related to penetration or percent of population. So, for example, in Afghanistan, it's only a 12 percent penetration. And then I think the highest one is mull dives which is 6 to 7 percent. As you can see from the raw data, there is a lot of work to be done in terms of inclusiveness and getting the Internet out to those various countries. So for today's agenda, we're going to have an overview of the Internet Governance framework. We will do country presentations from Afghanistan, Pakistan, India, Taj icky Stan will be online. And then we will break up into small group sessions to look at three issues related to capacity building. We'll do a report back to the larger group. And then action planning. And as part of the action planning, we have some resource speakers who can speak to us about the possibilities and opportunities that their organizations can provide at the regional level. So in terms of super net governance -- Internet Governance, what are we talking about. We're talking about three things mainly. We're talking about stakeholders, issues and decisionmaking processes. Who makes the decisions about the Internet in a particular country? It's another more complex chart with regards to what the different issues are, who the different actors are, and where the decisionmaking rests. So just as a reminder for everybody some of the issues we're focusing on is telecom infrastructure, the protocol standards and services and content and applications. I'm reviewing this because they will be important as we talk about capacity building. And then in terms of the decisionmaking processes, some of them are related to technical decisionmaking. Some of them are concerned with infrastructure and access, decisionmaking and public policy issues. And of course a question of whether or not there is a national Internet Governance Forum. Stakeholders. We are all stakeholders in Internet Governance. Some of us are with government. Some of us are with technical agencies. Some of us are with academics. Civil society and I wear my consumer hat, as well. A user of technology. So briefly again, those three things, issues, stakeholders and where do the decisionmaking processes rest in each country? And in addition, the country presentations will focus also on gender policy and practice and technology and the reason for why we're together, recommendations for a tech women in central Asia, south Asia and we just call it casa for now. So we'll start with the country presentations. But before that, let me just go through the small discussion group sessions so that you can be thinking about which group you want to be with. So one discussion group 1 will talk about fostering collaboration among target countries by creating a network of women in technology in casa. Discussion group 2 will explore capacity building ideas including online learning that could be done on a collaborative basis in the region. And discussion group 3 explore what technologies could facilitate collaboration among women, for example, a platform for networking, an online repoztor of resources and I'm sure you have other examples as well. So that's your sort of as we multitask, you think about those discussion points as you are listening to the country presentations. So with that, we will start from the bottom of the list with Pakistan. >> I work an organisation called code for Pakistan. I know we have very little time so I'll run through this quickly. I'll talk a bit about policy and decisionmaking and some of the work that our organisation does and then talk about some other as pejts of Internet Governance -- Internet Governance public policy. Often defense concerns can take precedence over the interests of citizens. An example of this is the frequent suspensions of cell service during religious holidays and public events. Moral and religious concerns also affect availability and access of condition tent online in the most prominent example of that is the YouTube ban, which went on and off, continued for about eight years and was just recently lifted earlier this year. People in charge of IT policy are in many instances not from IT backgrounds, so they have a lack of expertise and limited understanding of Internet architecture and other concepts. Hoism the IT policy draft was drawn up in consultation with IT professionals so that's a step in the right direction. Some policies under development are publicly released as drafts and input is sorted encouraged in stakeholders. However there's no transparency on some decisions are actually made in the end. The prevention of electronic crime bill which was recently passed and highly controversial. When the act was introduced it was highly cite sized. And there was feedback from civil society organizations wasn't really taken into account. And the bill was just recently passed. I'll let -- talk more about policy and practice. Women in Pakistan largely face restrictions to the Internet due to cultural and societal factors particularly in rural areas there's a huge divide that needs to be bridged in terms of access and digital literacy. The Pakistan association of software houses, the president is also a woman and she runs -- as well has conducted research on the IT industry but there is a need more more comprehensive method allege research. The last survey conducted about four years ago. Part of our work with government departments to improve their service delivery by leveraging technology. Democracies an organisation that we work very closely with on multiple initiatives they run a gender in tech programme capacities and digital security and of women in media for effective use of ICT tools and on encountering gender abuse online. To policy reviews from gender lens is required before developing a comprehensive strategy building. One is to start with a network of organizations both commercial and nonprofit that engage and work with women in tech at various levels. Advocacy and awareness raising is also necessary to change societal attitudes about women's access to tech and their participation in the space and not just focused on women but entire communities. And the men who hold the decisionmaking power in our society. Regional network like this would be incredibly helpful in developing methodologies and approaches to such research and tech is generally a male dominated field. A network like this can allow ultimate gender to develop and map and analyze and combat challenges to diversity inclusion in digital spaces. >> Thank you. Hello everyone. I'm Numana Suliman. Pioneering organisation with the perspective of social rights and social justice. The fact that my colleague has talked about I will avoid repetition. Basically I will be focusing with a little -- we have different focus but on the whole it's like to you curb or to end violence against women driven buy technology and for the digital safety and capacity building and all that stuff. We have been doing. It's basically a research and advocacy organisation around all these issues and all these thematic areas. So with regards to the policy thing, there are like quite different things happening. Talked about the electronic crime base which is another form. So there have been several reservations from the civil society organisation not only from the organisation who are like very much into the digital rights discourse but also from the organisation who are like solely like coming from the Human Rights perspective, as well. So now it is being passed. And some of the concerns were addressed. But there are sometime a lot of room for improvement in those laws and policies which can be indiscriminately those can be used to curb Freedom of Expression and opinion or association or assembly. So there is a dire need to have a review on that. Since this discussion is being revolved round the tech women and the issues regarding women facing so back in my country, to be patriotic, Pate rye arcky society, it is like different social fabric. Mostly happens in most of the south Asian countries I can say. But in my country it's like the access is there though there is an advent of 3 G and 4 G technology. But still the people are not necessarily in the urban areas but in rural areas as well specifically they are like having a kind of remote access. And even when it comes to the point of access, then women are like they have less access because of that all like norms and societal pressures. So currently the recent research which fight for all did the Internet access in Pakistan showed that there are like almost 30 million users of Internet. But of course women are like less in numbers. So when it comes to the use of Internet, so first they don't have that kind of infrastructure. You don't have that facility even if they have that facility so there is a need of capacity building as well. So how they can use Internet safely because there is a lot of cases and things we have seen which were basically the violence against women using the technology as well. There is a report we wrote technology violence against women which you can find on our website. There were several case studies we did and sometimes if you are uploading your pictures, if you are like sharing your views, so being a woman, it's easy. You are being to give like kind of shut up call or being harp assed or abused. But it happens in different genders, as well. So gender equality comes in question, then. So it's not like that all the like genders of people from different sexual orientation or stuff like that, they are equal. And then when it comes to the women and then if you narrow it down to the minority women, then they have a double jeopardy. Happened to be women in that male dominated society and happened to be a form of minority faith. So there is a different story for them, as well. And even the minority communities like whether they are on the basis of their language or culture or ethnicity, so there is a difference how they deal with all these challenges there which are being brought not like only because of the de facto situation there but because of the -- situation as well. So therefore it's like we see, it's a good thing and opportunity that we can like move forward by building this kind of network. And learning from each other how we can better address all these issues and get them resolved so we can have a peaceful word in the technology arena, as well. So having the rights online and offline, as well. Thank you. >> Thank you. Now we'll hear from Afghanistan. Please introduce yourself. >> I have my presentation there. >> Can I have some technical support? Can I use this? Okay. My name is Omar Mansoor Ansari. We are based in Kabul. We do technology development, startup support, community technology and some policy advisement. One of our programmes is called tech women Afghanistan which is a network of diverse stakeholders. It's a women-led, women-focused initiative helping bring together women with technology background to get us where they can support each other through different activities as well as to support other women who are not in technology by providing them with computer literacy programmes, awareness on technology and different other issues. Our presentation, I'll be co-presenting with my colleague Shabani Mansouri. Overview of Afghanistan. The presentation is called Afghanistan plus tech women. So I'm going to be doing Afghanistan and she's going to be doing the tech women part. I'll be giving you like a general overview of how the situation related to technology access and telecoms, ICTs is Afghanistan have and then we'll go to Shabana and hear from her about what the status of tech women is and how they're dealing with the situation and what activities and all are. Okay. So let's go to this is -- can you go back? This is about the spectre. This is our tech women sum miment last year where we brought together about 250 women in technology in Kabul. It was big summit. It was opened by -- chaired by the First Lady of Afghanistan. We had cabinet members. People from the industry leaders, the government of Afghanistan and civil society. And the major issues we discussed here why how we can promote and support women in technology in Afghanistan. So let's go to the next slide. Just in order for the people who do not know where Afghanistan is located, this is the map. Yeah. You see I'm sure you know, but, still, when we say casa, the central Asia south Asia, you see above Afghanistan, central Asia, below Afghanistan is southern Asia. On the left side you will see Middle East. On the right side you will see China. Which by itself a region, right? Afghanistan is in the middle of these three, four regions. Sometimes we are considered as part of central Asia like if you see the UNESCO documents, you will see Afghanistan as part of central Asia. But when you see the World Bank, some U.S. government and others, you will see it as part of the south Asia. And we are member of this south Asian packet, forgot the name of. Yes, we are member of that. But when you see the ICANN documents. They put us in the Middle East. So it's quite confusing sometimes. In casa is south Asia, central Asia, and the reason Maria and I thought about doing casa thing was that -- not being able to connect with the rest of the world. South Asia compared to central Asia has like more access to education, to opportunities, to the resources. So in order for us to transfer the knowledge from south Asia in technologies from south Asia to central Asia, we thought it will be good to bring these two subregions together so they can collaborate. There are a few things I wanted to share with you. The technology infrastructure, we have information technologies here, honorable Wahab San, dat, who might intervene when we come to the resource persons discussion. And we have two other very informative personnel from the mini industry of communications here. They might talk more about what the situation is and how they are planning it in the future. But this is just an overview. Voice and data, when it comes to the voice and data infrastructure, there are technologies used like satellites. We have an afghan sat and Ymax. GSMNCDMA operators. We have land line and 3 G connections. There is a national data centre and operations centre which is a centre for cyber emergency response team which basically deals with a cybersecurity issues. One of the biggest assets Afghanistan has, I'm going to go back to the map slide, is the optical fiber ring. Can you go back to the map? When you see the map of Afghanistan, there is a ring, optical fiber ring within Afghanistan that connects the major provinces with each other. And then data provinces are linked to the main optical fiber ring. And then it's connected in the north with Taj icky Stan, Uzbeky sten and -- and in the south with Iran and in the east with east and southwest Pakistan in two locations. One is tour ham on the line and other is bin bullic and we are connecting with China very soon. So that provides like the only hub in the region which would contribute a lot to the regional collaboration when it comes to the data flows and a lot of other collaboration in the information communication technologies. In terms of access, we have over 24 million subscribers. The total population of Afghanistan is about 30 million. GSM active subscribers include 18.5 million. 3 G subscribers is about 18K. And population coverage is about 89 percent. That's both voice and data. Internet users, that's very low, about 500,000. Investment in total in the past 15 years is about 2.2 billion U.S. dollars. The figures are as of from the September 2015. I couldn't find the latest figures on the ministry's website or other source, but I'm sure the figures have changed and improved, especially with the rollout of the fiber insert and provinces as well as the 3 G expansion across Afghanistan. We have one major problem which I discussed this yesterday, as well. And that's the cost of Internet which really limits our access to not only the Internet but so many other resources like education, business, development and social development. Internet in Afghanistan costs 300 US dollars per connection. That's for redundant connection. And redundant means when there is a fiber cut, you will have a backup. Which doesn't happen all the time. I had like five hours. I have redundant connection. Like the contract says it's redundant. But there was like four hours that we didn't have Internet. I call this ISP. I told them hey, what's going on? They said there is a fiber cut. I said we have written connection. What does that mean? He goes, get me Internet from satellite or somewhere else. I mean that's your job. But they were saying no. There's no option. So the redundant still has a problem. It done mean you will get 99.9 percent of the connection. But for nonredundant is 150, which means you could have -- you could not have Internet for weeks or something. Fiber to home, that's another big issue. Although we have the biggest asset of being the hub in the region, when it comes to the fiberoptic erg, but if you want to bring fiber to home, there are additional costs. The 150 to $300, that's monthly subscription if he for one MBPS connection. If you want to get a 10 MbPS connection, then you need to multiply that figure by 10. Plus their monthly maintenance fee which is $550. And there is one-time installation cost which is from $2,000 to $30,000 depending how far you are from the main fiber cable. Other challenges include availability in certain areas, security issues. Engineers cannot go to maintain the fiber in other infrastructure. And investment of the private sec torp because of lack of security and stability in certain areas. The policy process includes -- time's up. Though is the policy policy. I'll yickly wrap it up and pass it on. With laws when it comes to technologies, they draft the laws and then parliament has to approve it for the policies MCIT drafts it and cabinet approves it and regulations are done directly by the ministry of communications in IT. Sometimes they bring consultants to do their policy formulation for them who do not understand the local needs. They are not aware of the issues and challenges. That's why sometimes the policies cannot address issues locally. But it's improving. They are e trying to do some open consultations. Human resources is one of our biggest challenges. We do not have the capacity or expertise in certain areas that is required, especially when it comes to the public policy and regulatory issues. Stakeholders involved are diverse. This is the list which I can share with you later on. But there are like a few big projects which are really contributing to the ICT sector development in Afghanistan. There's $50 million World Bank funded project called ICT sector development. It's divided into different smaller components which is like business incubators, policy development, trainingings and different other areas. Digital casa, digital central Asia south Asia is another World Bank project like a cable coming from the central Asia and going to the south Asia to connect the region together. More details, promote that's $216 million project. The biggest in the U.S. government's history that's helping empower women across Afghanistan. Another NATO project with general review the total population of women constitutes 48.46 percent. Female literally is 49.2 percent. Tech involvement is 3 million now. Very low in 2001. Public university enrollment is 62 K for women. And women life expectancy is 64 years. Thank you and gracias. >> Hello, everyone. This is Shabana, I work for tech women Afghanistan at the same time having two hats here, tech woman and also ISOC Afghanistan and this year IGA. So contributing to the sharing of my colleague Mr. Ansari, without any doubt, information technology has been one of the leading drivers of economic of globalization have Afghanistan is having fast growing ICT industry in past 15 years of development and also a new generation of technology advanced and increasing group of entrepreneurs and technology. Fortunately women are playing an increasing Rule in participation and contribution in this growth. Among the 30 million population, 20 million have access to mobile technology. We are 48 percent of the population of women and 80 percent women have access to the -- mobile technology. This digital literacy access has given them the -- international and also regional conversations. Participation in ICT growth in the country in past one decade has been positive and increasing annually by both male and importantly by females. After many years of efforts and optional launch of tech women Afghanistan in 2013, three years from now, through public and media presence, efforts thousands of women are given the opportunity of awareness and encouragement for participation and contribution to digital literacy as well as the importance digital literacy. Hundreds of women are supported and encouraged for current technology since many women lose interest having current technology even having education and degree and ICT. Women are given support, encouragement and capacity building to take participation and innovation entrepreneurship related activities and events. Fortunately women participation innovation and entrepreneurship programme have given tech woman a positive and considerable result. Many of the winners of participation in the country have been female just recently. On the major issues which was addressed or were corruption harassment and education. We consider these con trial butionzs key role player in creator of hope. Peace through innovation and establishment of businesses in ICT and industry and economic group of the nation and contribution to global Internet Governance. One of those chal evidence-based policienings not having aisle strong government policy on gender and ICT. Through joint efforts. Lack of connectivity and support to regional and international efforts for capacity building, technical support as well as financial support for the initiatives recently. Not only intention globally as joint efforts for supporting current initiatives and leading to the development as well as for sustainability of the initiatives and the achievements. Describes these chal enlsage especially for having connectivity regionally and internationally to Afghanistan for supporting the initiatives and area of woman in ICT through capacity building and collaborative efforts and also through the joint efforts. Thank you. >> Our speaker from India got delayed at some airport. So we have asked ambassador Latha Redi, who has an freed to give us some information about India. >> Let me begin by saying you're not going to get a structured presentation from me because I was asked to make this presentation five minutes ago. [Laughter] But it's a cause that's dear to my heart to bring more women into technology issues. Let me tell you briefly my background. I was a diplomat for 36 years. I was a deputy National Security Adviser of India. And part of my responsibilities as the deputy National Security Adviser was to work on cybersecurity policies and cyberspace issues India and on Internet Governance issues. So I can claim to have some expertise in the general area of how Internet Governance and how cyber issues are looked at in India. And so I'm going to perhaps as Omar did, talk a little bit the general situation in India and then talk a little bit about with women's situation in technology. As far as India is concerned, where the technical governance or important issues related to Internet Governance are concerned in India, obviously the government plays a big role because though we do have a separate information technology -- do you want me to close it? We do have a separate information technology ministry in the government. We've had that for a long time now. We passed the information technology act in 2000, which was amended in there was a separate department which earlier was part of the IT ministry but is now a separate ministry. And what we discovered when we started looking at the issues of Internet Governance and how we should be looking in general several industries had a very key role to play. For instance when you look at information security or cybersecurity, it becomes an issue of national security and of internal security. So obviously the home ministry or the interior ministry as it may be called in many other countries has a crucial role to play. Similarly if you look at Cybercrime or cyber terror issues or user cyber for terrorism, these issues would also be dealt with by the home ministry. The foreign ministry would be involved in international negotiations on Internet Governance as well as on the development of some norms on which discussions could take place in the UN and other bodies. You also have specialised agencies. We have set up an agency called the national from for critical information infrastructure protection. And that means the key sectors which would vitally affect the economy and well-being of a country are defined as critical infrastructures. So for instance it could be roads. It could be power. It could be the banking and financial sits tempts. It could be airports. It could be the entire transport sector. And it could be sensitive installations such as in defense, nuclear, space installations. Satellite systems that disrupted that can cause unimaginable havoc in the connected world of today. Also the commerce ministry gets involved because there are certain WTO, trade and other issues which get an ifected by the Internet. So the first task was really to build a kind of an architecture within the government to make sure everybody knew what they were supposed to do and without too many overlaps and gaps. In government you can never avoid overlaps and gaps but the idea is to reduce it to the minimum possible. The second job was to write an actual cybersecurity policy for the country, which we did in 2013. We were only the nird country in the world to publish a cybersecurity policy. And we set up a joint Working Group on public private partnership in cyberspace which was to say the government couldn't do it alone, the private sector couldn't do it alone so wed to work together in order to develop the Internet in our country. Now India is a paradox because at the same time we have the second largess e the number of connected people in the world on the Internet, the last figure that was put out by the Minister for IT in September this year was that we had 400 million people online in India. Given the fact that India's population is 1.3 billion, we still have hundreds of millions to get online. So it's a peculiar situation. We're the second largest connected country after China. We have now overtaken the U.S. in terms of numberless of Internet connections. But we are the largest number of unconnected people in the world. Because of India's immense size. So it's a did youal challenge. You're trying to find the place at the high table to pay part in Internet, international dezs and negotiations because you feel you are a major IT user and a major country of the future to be a major IT decisionmaker, really. But at the same time, you have to look at it from the point of view of a developing country of how are you going to get hundreds of millions of people online? Many of whom are illiterate and who have special language needs because you need diversity in languages because many people do not speak English fluently and the majority of the material available on the Internet is in English. So I was asked -- I was given some general guidelines by Omar and Maya just now about what are the decisionmaking processes within government? I think I've given you a broad idea of the government departments and so on who would be involved. We do have a national Security Council that would talk about these issues. We have a cabinet committee on security that would talk about issues like cybersecurity and so on. Internet Governance largely has been coordinated between the foreign ministry as the main negotiator and the ministry for information technology. And they are both on the same page. India, after wavering for sometime has come out clearly on the side of a multistakeholder system of Internet Governance. But they have also very clearly stated that it cannot be the old definition of multistakeholder but that you have to have a more democratic, inclusive, multistakeholder arrangement where the new emerging economies which are really going to dominate the use of the Internet in the future, for example, China or India must have more of a say in how the Internet is going to be run or how important decisions are taken. Infrastructure is a big issue. Omar, you mentioned the question of optic fiber networks. Last mile connectivity is an issue. But I'm hearing some very interesting things from technical companies about the possibility that low flying satellites could be used to overcome the problems of -- I know Google has been doing work with balloons for the same reason. But that cost has to come down because if the cost doesn't come down, it would still be cheaper to give optic fiber. But I'm told that the cost is coming down to where the cots the of developing infrastructures, using alternative methods is going to be better. I think as far as on public policy issues, we have a very healthy and vociferous civil society in India who make their views known, and which is as it should be. I find the system has become far more democratic and engaging with industry and in engaging with civil society. We see that, for instance, the cybersecurity policy was put on the Internet. It was put on the Web. And people were asked to give their comments. The same thing with the telecom policy. Right now an encryption policy is under consideration. And when there was a great objection to the encryption policy, it was actually withdrawn by the government. So you can see that there's a give and take between civil society, industry and government. How much time do I have? >> I think wrap up. >> So let me turn now to the question of women and technology in India. Obviously as with all Developing Countries, women are not present in the numbers they should be in the connected world. In fact, a survey done showed worldwide that the vast majority of those who are not connected are more likely to be female from a rural background, not educated. And that's as true in India as anywhere else. We do have some shining stars. We have women heading CEOs, heading some big companies. We have people who are working in institutes, Ghita is doing an an exemplary job in trying to get women to take up technology courses and work in technology. And we have some very prominent figures who are very frequently seen in forums like this -- heading the Twitter government policy in India. We've -- who is heading Facebook in India. And we've -- who is with ICANN. And we have journalists. We have experts and people who sort of devoted some time and attention to these issues such as myself, woman. But by and large it's the exception rather than the Rule. So I would completely endorse and I'd be happy to engage with your group in seeing how we could build a group for central Asia and south Asia and try to come up with some concrete recommendations. Thank you. >> MODERATOR Thank you for that. We're also missing our Kirkistan participants. So we're going to do hear from Zura, who is from Taj icky Stan but will be logging in from George Washington University in Washington, D.C. Do we have Zuhra? She has been texting me on the side. Yes, I think she couldn't hear us. But if we catch her sometime, we will do that. But for now I think what well do is go to our small group discussions. Remember, there were three questions. Fogs terg collaboration. Ex portion capacity building. And exploring what kinds of technologies. So to make it easy, we could just say this will be from here to there raise your hand, please, with the stripes. That will be group 1. And then group 2 from you to the U, to, yes. And this will be group 3. Now, as you try to -- no. If you want to move to different group, that's fine. But please stay within the topic so we can have as many specific ideas regarding to that topic. So group 1 is going to do collaboration. Group 2 will do capacity building. And group 3 will do technologies. And as you discuss, please also try to see if you can figure out what should be kept national and what can go regional. And please also assign a rapporteur who would report back to the large group. We will give you -- you come with suggestions. And we'll give you 15 minutes. Capacity building. If you really want to move around, feel free to do so. For the purposes of the streaming, they will just do one of the groups, right? (no captioning during group discussions). >> MODERATORWe'd like to get back to the big group. Your small group challenge was to try to come up with some suggestions. We're not interested in problems and challenges. We're interested in -- time's up. We just want suggestions and recommendations. Okay. Each group will have about 2 to 3 minutes to provide the highlights. It doesn't have to be everything that you discussed in your small group. Shall we start with group 2? >> Thank you, I'm Brandon from citrus at U. C. Berkeley. And group 2 we were charged with answering the question of exploring capacity building, including online learning that could be done on a collaborative basis in the region. In our group what I found interesting about our discussion was that we didn't just focus on technology capacity building but capacity building around the technology. So looking at training and online safety, also I think this is a critical issue especially we're engaging young women and girls in technology, thinking about retention in the field and building a culture of acceptance in the professional workforce of having women in technology and making sure that those workplaces are inclusive and welcoming. And also around leadership skills, which is incredibly important for women, even in discussions here, making sure women speak out. We had specific examples using a train the trainer model in Pakistan where you had -- you trained women in how to develop apps and then they go on and train other women. One that I thought was very interesting in Pakistan was connecting women entrepreneurs with tech companies to enable them to have monl brought band in the home so that they could engage in their business from their home. And then also I think that we should all be acknowledging what the Internet Governance Forum has done at promoting capacity building among youth and women and actually having an Internet Governance course. I think that's it, unless someone else from the group would like to add anything? No? Okay. Thank you. >> MODERATORThank you very much. >> Hi, good afternoon, everybody. This is Hasim from Afghanistan telecom regulatory authority. I was the rapporteur for our group, collaboration on woman network. Due to loss of challenges in fostering the collaboration, budgetary, culture, there is less awareness and capacity building. Some suggestions which come out of the discussion was: First to identify organizations in each country which are working and engaging with women activities and technology. And the next is to do some research and provide or pave the way for them for some capacity building through the fellowship programmes of different technology summits. For example, ICANN. IPnick or GSMA. After that, in this conference will pave a way to connect each region or each country with another country and then do some technical exchange which will pave some common ground for them to find the networks and foster the collaboration for capacity building and make a better network. The time was very limited and lots of ideas, so we can just report this of out of it. >> MODERATOR Thank you. Those who still have ideas coming out of their heads and brains, feel free to send emails to myself or Omar during this IGF, or even after. Group 3? >> Good afternoon, everybody. My name is Minia, I'm being bossed by Omar today so I'll be presenting with Catherine. Group 3 is a group of 3. [Laughter] I'm going to take names today. But we're coming up with a concept. The name is not fessly novel. The concept is necessarily novel but we think is necessary. So what we are proposing is something that we'll just in short call "the hive." Now, the hive would be a resource hub or ecosystem where women in this region that are interested and want to gain more from the technology space will be able to post and join events, have access to educational resources that would be uploaded and populated by those potential members, educational resources would be on particular site. They would be able to connect -- well, let me back up and say the one thing that we thought and know that was going to be a challenge is how do we find a common mat form, a common denominator. Because again ours is exploring what technologies could further facilitate collaboration among women. And so the common platforms plural would be Facebook, Twitter, linked in and others where a lot of individuals use but have this hive be sort of its own ever evolve ecosystem where women would have the support that they need, the resources posted and the like. And so this would be multipurchase psoriasis, multimentional, ever evolving. But using those social media platforms and whatever physical platforms would be easily adopted. For this to not just be educational sup support for women in central and south Asia. >> I like the name, the hive. You know the queen bee? Exactly. Two to three minutes. Just let us know if we're building a capacity building network for women and by women in the region. I've written the names alphabetically. I don't see Marilyn here. Sylvia, I see you. >> Sill oh, my name is Sylvia. I work with APNIC foundation. I'm the head of programmes there. We do APNIC is the regional Internet registry. We are located IP addresses and provide a lot of capacity building for network engineers to set up ISPs and IXPs and network around the region. We cover from Afghanistan to the Pacific. So we cover 56 economies. We do have fellowship programme that encourages women to participate. And we have -- we pitch funders from donors and other agencies for capacity building for women engineers that are able to build the network that they want to use for their daughters and their mothers and the other women out there. So, I think that for such a platform to exist is not only about underestimating the technical capacity that women have but also that there were many women that are very tech in Nickly able and willing to enroll and participate and give time to these. And it's important to look at the network engineers in the region which would be a good base on which to build the platform. There are lots and lots and lots of capacity building materials in the region available already. Most of them available free of charge. We do have our own share of those training materials. The big problem that we have is that most capacity building efforts are not necessarily done in a local language. So translation is complicated and collaboration, as I was mentioning in the small group that we are working, is a wonderful word but is very expensive not only in money but is expensive in terms of time and effort and just to find that common ground that you need to be able to make the commitment to work with someone across the world that might be -- that you share, I don't know, a corner, an angle or something, and not someone that is directly linked to the work you do. So it's important that you set up expectations about what that collaboration actually looks like in terms of times, commitments and then conference calls, things like that, kind of rotates. Everybody has to wake up early once, I don't know, every three months but not every time. I'm based in Australia, and that rotation is great because sometimes it will be impossible for me to join every single conference call at 3 in the morning. So I'm grad that my colleagues in Los Angeles sometimes decide to just okay, I will wake up really early and you can have a normal day at the office. So it is about being considerate with others and acknowledging what already exists in the region. So do your mapping. Very good mapping of what is out there and try to look for the network engineers that are actually building the network. There are plenty of women out there, many from the countries that you have mentioned. We cover Afghanistan and some of the countries in casa, but ripe and CC covers the others. I mean, we will be able to support you at least on the technical side. >> MODERATOR Can we have Joe? >> Joe: Sure. Thank you very much. My name is Joe. Thank you for inviting me. I'm with the United States Department of Commerce Commercial Law Development Programme. 10 seconds of my 2 minutes I just wanted to say I find it very interesting and almost ironic that the word casa is well known in central Asia, south Asia to mean the collaboration. But yet we're in Mexico and it means something quite different. Your house. There must be some kind of ironic statement to make but we don't have time to delve, to this think about the houses. I've been thinking about how the work we do relates to what we've been talking about. And throughout the course of the session, I found that I think there are a lot of parallels. I should put the caution that I have a limited view. I work for a very small office that does development work, technical assistance to countries around the world. And because we're small and because we're legally focused we don't have all the solutions to all the projects. But perhaps from the examples of types of things we do. And in that context, we do an number of projects going on in ICT and currently our largest projects, we're funded country by country, are in Afghanistan, in Pakistan. And what we do is in the ICT world is try to work on technical assistance that helps grow the sector or that generally affects the investment climate. That gives us in this field a lot of leeway because things that are directly related to, say, connectivity obviously are important. Cyber security affects the network and therefore affects investment. Trust in the network. Whether a woman feels safe on a social media platform will affect usage in development. So we're able to get into a lot of different things. And thinking about how we are talking literally at this session about technology and about women, and I think in our work, we're not focused on women exclusively. But this infuses everything we do. So, for example, we sometimes advise countries by bringing in -- we bring in private sector or government experts who would volunteer their time, say, to advise on a Cybercrime law. One of the issues might be how does this law affect women? And that will affect us because that is a policy we watch for. We also do training. We also do workshops. We have it as a policy throughout the United States to include women in our training and capacity building programmes. Same for internships and fellowships. We in the past, for example, have made it possible for law student to get internships with afghan telecommunications firms. Again, there's an opportunity there. In our small group earlier, we were talking about there being several aspects here, one is the collaboration itself. And it's a challenge. We agreed it's a challenge. The other is getting the women, finding the women. I do struggle when I do programmes in the region, in all due respect to the folks who are here, who are with me, to find the women candidates to participate if our programmes. And if we look at the whole system, whether it starts with education or training as some of our participants said, they would be available for us to identify. And having organizations that are dedicated for this that I could work with provides an opportunity for me to put my programmes to work in that way. So I think that covers it. Thank you very much. >> MODERATOR Thank you. Let's go to Karen. Yeah. >> Karen: Hi, I'm Karen Mccabe and I'm with the IEEE, which is one of the world's largest technical professional associations. We have like 460,000 members around the world. We're really sort of rooted and grounded in the community approach. So we have technical societies. But within those, there are affinity groups and technical communities. And one that we're really proud of is our women in engineering affinity group. We actually have 600 of them around the world including in south and central Asia which actually our largest representation is in India. And the focus here is looking at that full life cycle. So it's from technology development and use and teaching skills among those but also, and we touch upon it, I was in group 2 when we talked about capacity building, is the entrepreneurial skills, the leadership skills. One might look at it as soft skills of that whole ecosystem of ICT and technology and getting women comfortable with it. Another focus of the group is also, of the groups, I should say, is getting young girls excited about getting into the ICT, in the engineering fields. It is a cool field to get into. It's something that we really are needing in the world is to get more young girls and women engaged in ICT from a profession. And a big focus of the work in our women in engineering affinity groups is to generate that, as well. So it's really sort of a local approach where we bring communities together through education, capacity building, networking to teach these skills along this full spectrum along the way. So I'll end here because I know we're short on time. Thank you. >> Hi, I'm here. My name is Laura. I work for the economic corporation and development. We have a Forum where governments come to share good practices on common problems. And we deal with several issues ranging from economics, trade, environment, health, education. And today I'll be talking about gender and what we do in gender. In 2013, the -- adopted a recommendation gender equality. It recommends members to adopt good practices that promote gender equality through a whole of government approach and in cooperation with all the relevant stakeholders. It also instructs the university to support efforts by producing data analytical studies and collecting good practices on achieving equality in areas of education, employment and entrepreneurship. So in other words, what this first recommendation from -- to this issue states is at least four messages. It's that there's no silver bullet solution, that this issue needs to be addressed holistically with the help of the partners cross institutions and stakeholder groups and it also highlights the necessity of the evidence-based studies. And since the first recommendation the university adopted a new recommendation on gender equality, this time on gender equality in public life. This was in 2015 last year. We also carried out analysis on engineering quality in education, climate change, financial education, health, taxation and science and technology. So having been actively building a substantial body of work in the area, the university created a gender portal in 2015 through the university gender initiative. So our gender portal compiles good practices, analytical tools on gender across all university policy work. So examples of that include a gender -- on science and technology we have statistical and model surveys that can help countries to address the gaps of ICT usage and availability of male and female IT specialtyists. It is imperative we compile data to develop evidence-based policies to monitor the implementation of these practices. In terms of regional focus, the university has regional programmes within our member countries. So we have programmes in Latin America, Caribbean, in southeast Asia and in the Middle East in North Africa region, it's one of the regions where we've already implemented projects targeting gender issues. So I invite you all to assess our portal. It's university.org/gender. And get familiarized with the work that we're doing. And we believe getting to know the data and implementing these model surveys is a key input for you to understand what's missing and what are the bottlenecks to improving gender equality. So thank you very much. >> MODERATOR Thank you. We have one more. Facebook? Maybe we could just give them the URL later for the video. >> So we will skip the video. In terms of what Facebook is doing to build capacities of women in the casa region, so we around this programme means business which celebrate entrepreneurs throughout the region workshops and training sessions and online resources. The programme with women entrepreneurs with knowledge, connections, skills and technology required to build and grow their businesses online. So far we have trained more than 1800 women entrepreneurs in India. And we are going to sort of hike train more and more women as we increase our programmes in the region. In Pakistan, we have recently launched this programme in collaboration with -- which is an initiative of the pan jab information technology board. So that's the SME prong of it. Another prong of how we sort of build capacities of women entrepreneurs is develop engagement. We innovate through partnerships. We partner with fast moving startups from around the world to help them test and develop new platform technologies which would benefit developers everywhere. We have worked with top startups from across southeast Asia from India our top music April to Pakistan's top real estate application to Bangladesh's top traffic app called go traffic. We also have the Facebook platform and also the FB start programme which sort of works with startups and entrepreneurs and developers to necessarily scale their products. We give them the tools. We give them the mentorship and get them involved in the process. We've also worked, this is very specific to the work that we are doing in India. We are also working with organisation called key start on startup goal challenge where we partner with this organisation to induct five women-led startups into the FB start programme. So where we'll sort of give them the mentorship and also the tools to develop. Then we have the developer round tables and advisory councils that we do. Production engineering team from our headquarters in Menlo Park to key markets in south Asia like in Pakistan to listen to first time feedback on what are the market challenges and the values so we can design and develop products accordingly. We also have Facebook developer softwares. It's sort of like a community programme where we invite developers, from all backgrounds to raise awareness, solve problems and build a bridge with our tech teams have I'm really proud of the fact that in the heart of our developer circle, we have more than is thousand developers, we have more than 1500 developers participated. And lasly we live by the principle of open source. Many of the solutions we use internally at Facebook are vibl to any startup or developer at code.facebook.com. So everything from building cross platform applications are available on this site and developers are free to use that. There are over 387 open source in that site. >> MODERATOR Okay. May I ask the resource speakers to please email me the text. I guess we can get it from this discussion, as well. But whatever you haven't been able to discuss, please share with us. I'm sorry I have to wrap up. It sounds like we will -- it's a good idea to move with a regional capacity building for casa, central Asia and south Asia. And we shall do so by setting clear expectations, beginning with a mapping of what's already there, which organizations are working with women, which women are working with technology. And I guess we also need to be clear in terms of what we, as organizations or as individuals can give to the network. It's not just about getting from the network in terms of this collaboration. It's a reciprocal collaboration among the various players and stakeholders. So if you are interested in learning more about the network and continuing this discussion, please email me, Maria.bb@gmail.com or Omar, you can find our names in the programme and so on. Thank you so much. If you want to stay for the video, the Facebook video, we can do so. Is there another organisation happening? Okay. Sorry. We're out of here. Thank you so much, everybody. And thank you so much for all the wonderful ideas. (end of sess >> Ready for the next session, so if we could ask anyone who is just chatting after the last session, to take it into the hallway that would be a big help and we can get started in our next session momentarily. >> MODERATOR I think we can go ahead and get started. I'll wait for the cue from the technology people. Okay. Well good afternoon, everyone. Welcome to the workshop that's entitled a new social compact for Internet Governancement. I'm at American University in Washington, D.C. and a senior fellow of the centre for international governance innovation, CG, in Canada. The backdrop for this workshop is the global commission on Internet Governance, which was launched in 2014 by CG and Chatham house in response to some problematic trends including concerns about cybersecurity breaches and lost of trust in the Internet, movements toward fragmentation of the Internet the various ways with the aim of offering some guidance on how to address new challenges. So I would just as the moderator like to give a little bit of background on the commission and then turn it over to our panel. We'll all have very brief interventions and then would like this to be an interactive discussion. This independent commission was chaired by Carl built, former Prime Minister of Sweden. And it was made up of 29 individuals who represented a range of Internet Governance stake hold. And geographic regions. I'll soon turn it over to Latha Reddy. We also had a global advisory network which supported which produced over 50 research papers on papers from fragmentation to human aspects of Internet Governance, interconnection and access issues, cybersecurity and trade. Emilie Taylor will be speaking. She's one of the research exports. And I saw Rebecca Mckin on here, as well, hiding in the back of the room who was also one of our preeminent contributors. So this scholarship informed the deliberations of the commission and the recommendations that were put forward. We also had a lot of public engagement in the form of surveys, quantitative surveys. We engaged through CG and the global polling form ip ongoing support services two extensive public opinion surveys that polled 23,000 users in 24 different countries on a range of issues from Internet Governance, cybersecurity and access. Also contributing to the commission was the OECD and mrk Kinzie helping with some of the economic analysis and our work was enhanced by thought leaders like Kathy Brown from the Internet Society, ambassador Eileen done an hoe who was kind to join us here today and who will give us some brief remarks. So I just want to mention if anyone is interested in looking at the specific recommendations of the report, their available on the website which is ourinternet.org. The 50 research papers are also available for free download there. And actually just today we launched a new book on Internet fragmentation called a universal Internet in a bordered world. Research on fragmentation, openness and interoperability. Also available on the commission website and it synthesizes a lot of the research of of our experts that were involved in the commission. So the commission focused its recommendations on a call for a new global/social compact which explains the title of this panel and this workshop. Global social compact among stakeholders to promote a single, open, trust worthy, inclusive and secure Internet for all. Now, some of the recommendations are very specific such as in the area of security. Governments should not compromise or require third parties to weaken encryption standards through back doors. So very specific recommendations like that and then a range of issues related to Freedom of Expression, privacy, interoperability and openness. And all of these recommendations are available on the website. So the purpose of this workshop is to discuss some elements of this social compact. Mechanisms to achieve agreement and the best ways to build on an agreement in existing structures to make Internet Governance more inchew receive and supportive of sustainable growth in addressing some of the many issues that have come up at this Internet governance Forum and others. So if I may, I would like to turn the workshop over to my friend and colleague ambassador Latha Reddy, who is the former National Security Adviser of India. She was the ambassador to a number of countries for India. She was a Commissioner on the global commission on Internet Governance and is currently a distinguished fellow at CG. So Latha, if I may turn the microphone over to you. >> LATHA: Thank you. I was asked to speak on the core elements as envisioned by the commission. And that's what I'm going to try to concentrate on because the commission report let me tell you is a good read. I would recommend it strongly. And as Laura said it's available online. But what we're talking about is real at this new social compact that was recommended as part of the commission. And commission report. And let me just quote from a section that really struck the government in India, my successor deputy National Security Adviser actually quoted from this in his valedictory address to the biggest Indian cyber conference, which is called sci-fi, cyber for you. >> ITALY: Says there must be a mutual understanding between citizens and the state. If the state takes responsibility to keep its citizens safe and security under the law, while in turn citizens agree to empower the authorities to carry out that mission under a clear accessible legal framework that includes sufficient safeguards and checks and balances against abuses. There is urge end need to achieve -- digital age in all countries. What are the factors? What are the core elements? I will just run through, there are nine of them. I will run through them briefly and also tell you why these concepts that seem so self-evident seem so easy but should be very easy to implement why should it even be necessary to talk about them? So I'm going to play devil's advocate a little bit. Say something about the core element but also say something about why it's difficult to achieve understanding and agreement. Firstly, we talk about fundamental Human Rights. I know you will talk about that in detail including prismcy and personal data protection. The need to protect it online. And that we need to really address any threat to these core Human Rights. The question is when it comes to actually implement this, you will hear different countries' definitions of what are fundamental Human Rights? What are Human Rights. You could argue that the United Nations declaration of Human Rights is a bedrock. But how it's interpreted in different countries and cultures and governments is very different. Even those who are SIGNA torpies to it. Secondary, the interception of communications, collection and analysis of use of data over the Internet by law enforcement and government intelligence agencies should be for purposes that are openly specified in advance, authorized by law, and consistent with principles of necessity and proportionality. Very good. It sounds very good. The question is: That there are different views again in different governments as to where you are justified in intercepting, under what circumstances would you be justified. And we all know the famous Apple and FBI standoff in the U.S. There are similar standoffs in most countries. And the real question is well government says is my responsibility to keep my citizens safe to prevent a terror attack? And am I to go through a long and complicated process and lose valuable time? So these are really the dilemmas that you're addressing. And the third point is that laws should be publicly accessible, clear, precise, comprehensive, nondiscriminatory, openly arrived at and robust, independent mechanisms you should be in place to ensure accountability and respect for rights. I think this is possible to achieve, but what it means is new legislation is needed both in individual countries as well as some common understanding of international jurisdiction and legal frameworks that should apply across-the-board if not to all countries, to most countries. The next point is that businesses and other organizations that transmit and store data must assume greater responsibility to safeguard that data from illegal intrusion, damage or destructions. But apart from just securing the data, there's a second point which was also one of our core concerns, which is: There is a need to reverse the erosion of trust in the Internet brought about by the nontransparent market in collecting, centralising, integrating and analyzing enormous quantities of private information about individuals and enterprises. How are you going to restore that trust? There is a real fear that data mining and personal data is being used in very unethical ways, to put it mildly, by some of the companies. And that all of our personal data is just "out there" and not regulated in many ways. The next point is that it talks about government's roles, that communication should be inherently considered private between intended parties regardless of communication's technology. And the role of government should be strengthen the technology and not to weaken it. So, again, there's a debate here on how many governments would agree that it's their responsibility to strengthen security and not the responsibility of the private sector and business. Surely it has to be a joint effort. The next point is the encryption issue, which is as we all know a very difficult issue. The problem of creating back doors to access data, I've already spoken about some of the issues. And I think the real issue is where issues of national security, maintaining law and order, avoiding social disruption, dealing with Cybercrime and terror come this is where you're going to have a problem with this one. Finally, there's one I think one which we can all agree. We need more cyber literacy. We need good cyber hygiene to be spread among all our population. We need capacity building in cybersecurity. This I see as the easiest to incorporate because everybody wants this. It's a question of having enough resources and building it worldwide, not just in isolated pockets of excellence. And, finally, the transported nature of many significant forms of cyber intrusion curtails the ability of the target state to interdict, investigate and prosecute individuals or organizations responsible. And that we should coordinate responses. Different countries should coordinate responses and provide mutual assistance. This comes down to the very important question of norms and of MLAT reform. Because unless you devise some norms, right now they are nonbinding the norms that months countries have agreed to in the UNGG recommendations. But can they actually be implemented if they're nonbinding? How do you make them binding? How do you move from nonbinding to binding? And MLAT reform is essential. It's too long, the process. And agreements could be bilateral between countries. They could be pluri lateral between a group of countries. They could be regional. They could be multilateral. And, finally, they could be universal and international. The universal/international and even multilateral agreement is the hardest to achieve. It will also go by the lowest common denominator, so it will yield the lowest results. So I believe we need to pursue on all fronts, the bilateral, the regional, the pluri lateral, and, finally, the multilateral or universal. So I hope I've left you all with some thoughts about what the core concepts are and what our challenges are going to be. >> MODERATOR Thank you very much, ambassador. And now if I may turn it over to Sami Wentworth for some thoughts. She is the Vice President of global policy development at the Internet Society. >> Sally: Thank you very much. And first I'd just like to say that the Internet Society was -- (feedback). Is this better? Are we good? Oh they're bringing me one. Okay. The Internet Society was pleased through Kathy Brown to participate in this work. And I think it gives us quite a bit of food for thought. There's been a lot of discussion this week about how you move from discussion to implementation. And it's possible that things like this kind of social compact are a good medium step to take as we try to get to implementation of the norms and the best practices that we all care about. One of the comments in the report that I wanted to jump off of is a comment that in the Internet we are all interdependent. So the actions taken by one actor in the ecosystem have effects on other actors in the ecosystem. And this seems intuitive, but we often speak about how one actor should act in isolation from how another actor should act and another actor. And we miss sometimes the interdependencies. I think that's a particularly important port that the report and the compact brings forward, that we all have responsibilities in the ecosystem to make it a secure place, to bring about the kind of Internet that we want and an Internet that continues to grow and evolve. At the Internet Society, we've been particularly focused on issues related to trust and security in the Internet, believing fundamentally that for the Internet to continue to grow, people have to trust it for the kinds of advanced transactions that are starting to take place online. And no one actor is going to solve for that, right? It's not going to be a single government treaty that is suddenly going to make us all secure online. It is not going to be a single product rollout from industry that suddenly we are all going to trust the Internet. And as end-users, I don't know, but many of you are maybe as befuddled as I am about which technology or which security protocols one should be using at any given point. So we all have a role to play here. And in the Internet Society, we've sort of thought about this a bit and talked a little bit about or coined a phrase, so to speak, on how to approach security called collaborative security. This idea that each actor in the ecosystem has a role to play and they have to do this in a collaborative fashion. Nobody does this on their own. And that there are some benchmarks or some principles that are worth keeping in mind as each stakeholder group tries to take their steps forward. Fundamentally, the goal of security, the goal of cybersecurity action should be to foster confidence and protect the opportunities of the Internet. This seems, again, intuitive and yet sometimes it's important to remember that security is only part of the goal. The other parts of the goal are to keep the Internet growing and innovative. So we can't forget that. This notion of collective responsibility, it's not enough to say that I'm just going to think about my own network. Every action in your network has spillover effects to other networks. The Internet is an inter network. It is a network of networks. So practicing good security policies within your network is crucial for the security of the whole. And we see that in major breaches where you have actions by one actor having significant consequences for others in the ecosystem. That there are fundamental properties and values. Fundamental Human Rights are crucial and should be at the foremost of stakeholders' minds as you're looking to secure the Internet. And often, I'm afraid, that those are the very first thing to be trampled when we delve into security. So protecting the free flow of information, the ability to speak freely, the ability to build communities and to protect marginalised communities, et cetera, is a crucial aspect of any efforts towards cybersecurity. This idea of evolution is crucial in the Internet. The Internet doesn't stay still. So if you create a security environment in which things cannot evolve, in which innovation can't happen, you have not respected the basic fundamental properties of the Internet. So that means that you have to have security approaches that are -- that allow for evolution and that allow for continued growth. That's often harder than it sounds. And, finally, think globally, act locally. Again, this notion that you are not alone in the ecosystem, that your actions online have effects around the world. And so these components are how we approach sort of quote/unquote cybersecurity or other trust-related discussions whether it's at the technical level, the commercial level or the political level. And we found it to be at least a helpful tool for thinking about online security, online trust. And I think that it fits nicely within this notion of a compact that we all are in this together and we all have responsibilities to the whole. >> MODERATOR Thank you very much. I think that might be a good transition to Pablo Hinojosa. I see a hand there, though. >> I have a question from remote participant. Do you want me to read it? >> MODERATOR Would you mind holding the question until a few brief interventions and then we would love to take that question. >> Okay, perfect. >> MODERATOR We'll definitely come back to that. Thank you. So I would like to -- we have Pablo Hinojosa, the strategic engagement director at APNIC. Very happy to have his brief intervention. Thank you, Pablo. >> Pablo: Thank you, Laura. First about the report, I think the work of the commission was very good and timely. The report is an excellent compilation. Let's say it explains very well the state-of-the-art, where we are on Internet Governance discussions. However, I think we are very far from being able to agree on a social compact. The way at least it is described in the report. The first question I would like to bring to the discussion is have we ever reached a social compact? And I think the only process that can qualify as such is the World Summit on the Information Society. Is the report suggesting that it is time for another World Summit on the Information Society? I really, really hope not. The second question. How are we doing so far? And I don't think we're doing very well, actually. Let's take two examples. The way things went at the ITU the recent world telecom uncations standards assembly. Last month in Tunis. And ongoing discussions, this is the second example on CSTdispvment on enhanced communication. We really need to revolutionize all parties commitment to the multistakeholder model. Some proposals contracted at the WTSA were very consensus, in particular the ones that Member States pushed to direct some study groups into the standards around the technology called digital objects identifiers. And these proposals consider abandoning global open standards and instead suggest proprietary object identifiers. I think there are many questions around digital objects governance structures. And I'm not sure they abide very well to the multistake molder future that the report suggests and that we want to see. I want to talk of about the enhanced, but preserving the open Internet and ensuring good multistakeholder outcomes, for example, privacy, the Internet of Things, also cybersecurity, as Sally said, this is a very, very big challenge. Now, if we read social compact as something that might not need to be written, something that we might wish for it to be absorbed rather than agreed, from these basis, a new social compact should not require a new process. For example, at APNIC, the place where I work, it is a regional Internet race. We are purely technical organisation. But since our foundation, we have worked for a goal of Internet development in the Asia-Pacific region. And this didn't require social compact, but it certainly have a social dimension, one that we have fulfilled through our technical work. What I want to say here is that the great interest of the Internet has achieved so much already without the need for a social compact. For instance, the work of APNIC has been undertaken with distinct, ethical or developmental interest. So we think about new efforts to find such a thing, it is important that they not have negative effects and the costs shouldn't outweigh the real benefits. Let me finish just by saying something. And it is the question of how the idea of a social compact translates globally. And let's learn by example. How hard it was or it has been to find proper words in Chinese, in Japanese, in Korean, even in Spanish to translate governance, to translate multistakeholder. Here we are again dealing with a concept that it is very of attached to the history of the modern west. Hopes John lock, John jacks or so. Does this social compact translate or refers well, say, in a confusionism or do youist approach? I don't think so. In conclusion, I think the report offers good recommendations with e should all consider. I don't think the social compact requires a new process or an agreement. And I think there are Internet Governance. Such as stewardship example. These need to be discussed dynamically throughout the years until a social compact that will not be achieved but it can only be ina spired. And I think that's the real value of the report. >> MODERATOR That you very much for that intervention. We have two more quick interventions and then I would like to open it up to discussion. If I may call on Emilie Taylor next who is a research contributor to the global commission on Internet Governance. She's a regional Internet Governance associate fellow in international security at Chatham house in the UK. Emilie. >> Emilie: Thank you very much, Laura, thank you for inviting me to participate in panel. Like Pablo and the other speakers, Sally, I think that the global commission report -- and I can say this having not been involved in writing it but as part of the research team -- I think that the report is a very important piece of work. Thank you. And it does reflect the state-of-the-art and the state of thinking at this thinking and the concerns. What particularly struck me about it as really sensible is this sort of scenario-based thinking on what could happen in the future of the Internet. It could be a colossal loss of trust, ram panned Cybercrime, breaking up into fragmented, according to national borders. An Internet that none of us would want. And at the end of the spectrum, this rosy future where we really harness the capability of the' net to do good and to help the environment, the Internet of Things had really take off in a positive way. And then this sort of middle course which is one of, you know, muddling through, but stunted growth or perhaps, you know, just lack of realising that potential. And I think these scenarios are sensible because they recognize that there are different futures that we could have and that also it's up to us to try to shape, to decide what sort of future we want and to do a little bit to help it. Now, I think many of us were in the session the other day where somebody sort of mentioned -- and it was quite funny, the sort of well, this is a great report, all these great minds. And really it boils down to why can't everybody just cooperate a bit more? And that got a laugh. And I laughed, as well. But it made me feel a bit uneasy because what we're advocating is as Pablo said is in short supply at the moment. I think we're all our confidence shaz been shaken by a series of unfortunate events or shocks, you know, going back to the Snowden revelations, increasing cyber attacks. Those of us in the United Kingdom or perhaps the United States, we might be worried at the moment about what this new medium is doing to our democracies and whether that's having a positive effect. You know, it's hard to know that to do. It's hard to solve these problems. I think that it reminds me of that saying by Churchill of when you're going through hell, keep going. And I think we have to keep going with our positive local actions. And so from the point of view of Chatham House in terms of what we're doing to take the work forward, we have developed a new peer review journal called the journal of cyber policy. And that is hoping to take the discussion forward to reflect, to sit at the intersection of all of these different overlapping policy issues and try to just raise awareness. What we're seeing is that people from different disciplines are becoming increasingly interested in this area and they're looking for information about it. They also have a lot to contribute from other perspectives and other walks of life. I think the other thing that I think perhaps is uncomfortable -- and this is my final point -- about from those of us, like Sally and myself or Pablo who have been in this space for quite a while is a growing realisation that actually states do have a role in terms of making a fair future both in balancing the power of an increasingly small number of very powerful private sector organizations who almost exercise the powers of states, it seems, in some ways. And there's an important need for that power to be counteracted for the Human Rights obligations of states to be upheld and for us to, you know, keep speaking truth to power wherever that power happens to lie. It might lie in new places like companies, for example, rather than states. And we just have to keep the dialogue going and keep advocating a fair and non-radical future. >> MODERATOR Thank you very much, Emilie. Now if I could call on ambassador Eileen done an hoe who is also a fellow. She was part of the global commission on Internet Governance and needs no introduction. Former United States ambassador to the United Nations Human Rights Council and former director of the global affairs for Human Rights Watch. So what are the Human Rights implications of all of this? >> There are many. And it's incredibly consequential. I just want to pick up on themes that were already mentioned because I think the previous speakers hit what's really important. In particular, Latha, it's one thing the say what we want, it's another thing how we get there, whether it is protection of Human Rights or protecting the Internet or how do we get a social compact? That's of easier to say than to do. Sally, I thought your emphasis on the concept of collaborative security is a really interesting move that I think we have to make and to be thinking about the whole. We all have some response about it to the whole and this sense of interdependence. And then Pablo and Emilie, you both sort of, you said we got to move through hell. Where are we in this process? We are in a very difficult space. And we've got to get through it. You emphasized the dual sidedness of the technology. There was an optimistic moment when we all thought it was going to be great for Human Rights. Now we're feeling so negatively about it. It's almost like we're retreating from the technology itself. And we have to get past that. So I'm just going to make a couple quick comments, more focused on the Human Rights dimensions. You know, obviously the Internet and the concept of universal Human Rights, they in some ways go so well together. The universal Human Rights framework was in some ways the first global set of norms. And it was almost the founders of the universal declaration, they were almost prescient in coming up with that notion. We know that we've went through a phase where the flourishing of Human Rights, Freedom of Expression, freedom of assembly and association, there was a time when Human Rights defenders were really ahead of the curve and we felt really good about it. We know that all of -- the three pillars of the UN are all completely interdependent with technology now. The Sustainable Development Goals, norms on use of force is connected to cyber technology, and then the enjoyment of Human Rights. We basically cannot conceive of the enjoyment of Human Rights without ICT. And that goes for the people who are not yet connected, more than half the world. We have to be thinking about their enjoyment of Human Rights through the expansion of technology at the same time we're trying to figure out how to protect people from the technology. Where are we now? I think we are, as several of you have said, we're at a tough moment because the fear of systemic cyber vulnerability and society-wide digital insecurity is overwhelming people in many different walks of life. And that is combining with the conceptual confusion of how do we think about governance in this space? There is few dimensions that particularly challenge the original Human Rights framework itself. So digitisation of everything. It's got many upside benefits. But obviously it presents a serious threat to privacy, which in turn presents a threat to Freedom of Expression, freedom of assembly and association. It also raises challenges about how do we think bid at this, ownership -- about identity. Is the government watching the people? And then digitisation has played into this sense of deep digital insecurity. The second part of the conceptual challenge of the digital eco system is the fact that extra-territorial reach is the norm, not the exception. And the original framework envisioned nation states with primary obligation to citizens within their territory and boundary. And now they are somewhat powerless to protect people. And they also, by the way, have extra-territorial reach themselves. And the last piece of the conceptual puzzle is this trend toward privatization of governance. Again, the Human Rights framework does not really directly address the private sector. And yet they are by Terms of Service or community guidelines or just plain ownership operation and securityisation of the infrastructure itself playing a dominant role in governance. So, I will just make a couple of slightly more optimistic points, which is I do think there's something we all need to push on in the multistakeholder model because we don't have many good examples of it, but I think we can sense there is something there we need to learn from. And we've moved way past this concept of governments having a monopoly on governance. That's over. I think we're all dissatisfied with the dual relationship between governments and private sector and the burden shifting from governments to the private sector and the lack of transparency and accountability. That's not going to cut it, either. However difficult it is, this multistakeholder concept will get to the sense of greater inclusion and diversity, and it will help build legitimacy and trust. I know it's time consuming, frustrating. It's an ugly thing sometimes. But I think it's the only way through hell, as Emilie said. I also think we need real paradigm shifts society wide on digital security. I think we need to turn it on its head and stop seeing security as opposition to Human Rights. Security is the most fundamental Human Rights issue of our time. Digital security. Human Rights defenders' lives depend upon it. It's not just nice to have. It's basic. It's so fundamental to the Human Rights movement. It's also happens to be fundamental to economic security and national security. So that I think there's opportunity for new alliances. And then last, Latha, you raised this issue of how do we implement our existing Human Rights commitments in this transborder environment? I don't think we know the answer, but I think one clue is to have some humility about the assertion of the jurisdiction extra-territorially. And at least embrace the concept of "do no arm." If you're going to claim of doing something in the security of your people or protection of Human Rights of your people and people elsewhere are affected but experience it as undermining their Human Rights, that's not your space. >> MODERATOR Thank you very much. I think at this point we'll open it up for a discussion. Shall we start with my friend -- okay. We have, thank you. Let's start with the question from the remote moderation if we may. Would you mind saying that one important time with the microphone? And just a little bit slower, too. >> The question is: Before NSA or SDI, how could we forbid a website from collecting a private data unless it's allowed by a specific law? >> MODERATOR That's very specific. Let's hear from Alex and let's take a number of questions and then we'll respond. >> Law, Laura, this is Alexander Pisanty from the Internet Society in Mexico. I will repeat. This isle Alejandro Pisanty from the Internet Society in Mexico. Thank you, Laura and the global commission for putting forward this report. This is an amazing piece of work in so many ways. It brings together strands of thought that are around that brings them together in a structure and then intelligent way. It looks at ways forward. I am not going to say anything specific to points in the report right now, but more like a global view derived from the reading. And the reactions that it is sparking comments and questions that are already around. First, I think that one has to be very careful in going forward in presenting things in such a way that spark the delusion of one world government. The idea that there could be one single global uniform social compact for the Internet or for cyberspace or for whatever is easily associated in many people's minds with the idea of a single way of doing things, a single place to concentrate and a single legislature and a single judiciary power. And then you would have to have a single executive power because you can't have two without having three. And this is a very dangerous delusion because it will never happen. And it won't be built by the liberation. The report suggests a single social compact. And I think that's an pipe dream. That's not a goal that people should have. In conversations about four or five years ago with Paul Tumi, which I think then fed into the work of the Commission, I mentioned to him that my wording was a new social covenant about the things that happened around the Internet and it starts with very basic likal not etiquette kind of relationships and agreements. Like what is it right to do if you see a picture of your classmates who are very drunk on the beach? We already have a Rule for that. If you saw somewhere your classmates in a very improper position, you would be expected to do something and not to do something else. And we have to change that because of the way the Internet has changed the memory of these things. And this goes all the way to the big social compact. Pablo has well mentioned western concept of the social contracts. But it leaves aside layers in which these things happen. You have one contract that you need for the physical layer, communications layer and it's going to be very difficult when you begin to think what hate is, what freedom is. I take an phrase from spam analysis where we say one man's spam is another man's -- one man's freedom is another man's threat. One man's struggle for freedom is seen as extremely threatening to other cultures. So it's hard again to build a single social compact around these concepts. And they have to go layer by layer. Or some layers have better defined stuff and some have to be very diffuse and vague. Mixing, we have heard during this meeting, not this particular session but during this meeting of the IGF calls for the correct use of the Internet which are -- calls for responsible use of the Internet which still I find -- I do feel -- there's an association for proper Internet Governance. All these objectives. So low that need definitions. And we should not feed any of these things by the reading and diffusion of the report because it would lose its value. It's important to keep things dynamic to remember how the Internet works, to remember how the Internet is decentralised, diverse, how Internet Governance has been built around solving specific problems by bringing the specific large number, broad number of stakeholders but I will say it with examples of imaginary companies. If you have a content company and net work company, if they are going to discuss spam, they will bring in the engineers. If they will discuss intellectual properties they will bring the lawyers. It's the same entities making the agreements. So the final point I would like to make is to emphasize that as we are looking at the problems the report looks at and time has been passing, we're looking less and less at problems of the Internet than at problems of conduct that display or execute over the Internet. By being displayed or executed over the Internet, conduct becomes massified, it becomes easier to objectify, to cross jurisdictions and as a consequence you have reduction of freedom, friction, and lowering of barriers. That's what happens. Essentially that's what happens to conduct, human or corporate or governmental with the Internet. We have to focus on the conduct have we have to focus on the motivations. We have to focus on the objectives of the humans or corporations or governments that are creating this conduct and then separate what the compact will be properly about. Thank you. >> MODERATOR Thank you very much. And I think it's a good time to probably make clear that the report is not calling for one government entity or one judiciary. It actually is something that disaggregates this dialogue about Internet Governance as one thing into many different parts. So it actually disaggregates and talks about specific areas. And it's a very strong statement of support for the multistakeholder approach to Internet Governance. So I thought I would just mention that. No one is calling for another WSIS, either. But I just wanted to say that so that people didn't have the idea that there was a call for anything like that in the report. But thank you very much. And how about a comment from right here. If you wouldn't mind stating your name for folks. >> Hi, Jeremy Malcolm here from Electronic Frontier Foundation and I want to respond to Alejandro's remarks and also to Pablo's in some way. So the report is very coy about what sort of process or institution might guide or host the construction of a new social contract for the Internet. And Pablo suggested that it might sort of be some kind of emergent property of the status quo whereas Alejandro is saying we can't aspire towards a broad social compact. We have to have a multitude of different -- >> I'd really like you to imot me accurately. >> Anyway, we all just heard what you said, we don't need to repeat it. But it doesn't seem realistic to me that we can achieve the outcomes that the report is terming as a new social contract if we don't be a little more proactive about it. Even the IGF, after 11 years, hasn't come up with a single recommendation. And meanwhile as the report points out, Internet roles are being developed in fora such as trade agreements. These are intended to be all encompassing in the nature of a concept. We're saying we can't do this because it's incompatible with Confucian can cultures, and yet it's happening in trade agreements. If we want to counteract and and be more multistakeholder how we address trees problems, we have to do things like at the one meeting where we did come up with a broad compact. It wasn't universal. It didn't cover all issues. But perhaps, I mean the report does recommend the continuity of the IGF. And that has happened. But can't we do more to actually facilitate the development of a new social contract in a way, I MENA lay Hahn DROIand said it's kind of impossible to do what Mondale actually did. Can't we be a bit more ambitious? So that's my question. >> Alejandro: I'm glad you have the privilege to reinterpret creatively what the previous speakers say. Thank you. >> MODERATOR There's hand down at the end of the table and then one here. Let's take those there. Starting at the end of the table, there's some mics down there, too. And if you could please state your name that would be fantastic. >> Hi, my name is -- and I'm from the -- IGF programme of ISOC. So my question is regarding a lot of the agreements and compacts and covenants that are happening round the world right now, one of the problems is that the binding issue is a real problem to enforce such compacts and such agreements around the world and throughout cultures and throughout religions and everything. So my question is about in the report, what are the proposals and what are you proposing to enforce? Cohesive covenant that is binding to all of the signing parts? And what are the possibilities of these to actually happening in the real world? Thank you. >> So I maybe just will weigh in. I wasn't on the commission, but I think the emphasis or the desire to go straight to implementation and we need a single mechanism or a formal this or formal that, I guess the way I looked at this was there's a nice list in here of some core elements of this compact, whatever you want to call it. We don't like that mic. Okay. It's a way of doing things. It's an a way of approaching issues. And I think the way I was thinking of it is if we say in here the Commission has said that interception of the communications, this is something the ambassador raised, this should be necessary and proportionate. So there's some basic principles in here. You don't then have to go immediately and codify that. But rather think of it as a way of doing business, as a way of trying to move forward on problem solving. If we immediately have to take everything into a treaty or into a single implementation mechanism, then we challenge I think the point that I was making was you got to allow things to evolve and grow. These are some basic norms or concepts that should help guide our thinking as we try to solve these problems. >> MODERATOR Thanks, Sally. And Emilie as a quick two finger intervention and then we have a comment here and at the end of the table. >> Sally: Sorry. I'll be brief. Really to support your point, Sally. I hadn't read. It's become clear to me listening to others that people are reading the report in different ways. Well there's a surprise. Of course people are. I had also seen it as almost like a strategic framework. And I think this is reflected in the final lines of the report which says "we reiterate the value of approaching Internet-related issues within a conceptual framework of the global/social compact. It is not a world where any one group can unilaterally make or impose decisions no matter if it is as powerful as the nation state." So I didn't see the report as advocating a particular solution or of doing a power grab but just of projecting different futures that might occur and encouraging us to think about our own role in really trying to help shape a positive future for the Internet because it is possible to do that. It is also possible to make a choice to take no action and just allow technical determine any many to just take its course. Determinism. >> All right. This seems to work. Yes? Yes. Okay. The first thing -- oh, I'm sorry. I'm garland McCoy with technology education institute. And first thing I'd like to put on the table is that governments lie. They violate their own laws. The private sector lies. Of course they don't have any laws to really violate. But there's a real trust issue that goes really at the core of all this. I sit here in a session or two back and this guy was saying "well, in Brazil they have a law against depack and inspection." I said that's great. That means you don't have an Internet in Brazil. What do you mean? Well then you have depack inspection because that's how you find the anomalies. That's how you weed out your malware. In other words, they just constantly getting caught on their own lies. The right to be forgotten. It's garbage. Anybody knows how the thing works. So you got a huge trust issue you have to deal with. The other problem that I see looming on the horizon is the fact that you're going to end up with only a few governments and only a few companies that will have both the financial wherewithal, the technological wherewithal, and most importantly the power, electricity, that will be needed in quantum computers to crack any code. So they'll be the preeminent guardians of security, if you will, in the fact that they alone will be able to put enough just plain force behind getting any code you possibly can write. Because eventually you can krk anything. You just have to keep piling enough computing power which requires enough electricity on the issue. So one is trust, the other is security, which then translates back into power. So you'll have these power kings at the top of the pyramid. One of the things that I thought might be something to look at that I had a hand in setting up is the broadband Internet technical advisory group, what they call BTAG. The reason I sort of like this molded with the multistakeholder structure is at some point you really do need to have some trusted, impartial group sort of like the MPAA found very early on they needed to have some way of firewall protecting the folks that were going to rate the movies. And since that was a very important thing that would go to the bottom line of the studios, they had to really firewall these guys out. Their ruling was law. You have to have some way to hold these, both sides, the two big boys, if you will, hold their feet to the fire. Show the lies for what they are. Keep flashing the light back in their face for two reasons, one on the private sector side, they don't want to lose customers. They live on the customers. They get the customers start not trusting them, then they learn about the dirty dealings, they'll walk. Second on the government side, not all governments, but at least the ones that have some sort of democratic elections, same thing, you lie to them once too often, they say okay, you're not getting re-elected. So if we could form some sort of trusted core, surround it with the kind of stakeholders on both sides that will keep that, protect that core element there, keep it trustworthy and give it the power and authority to keep shining that light, keep being the truth teller regardless of what side we're working with, then maybe the next step will become a little bit more obvious than it is to me right now. That's it. Thanks. >> MODERATOR Thank you. The gentleman at the end of the table. There's a mic for you. >> Does this work? Yes. I'm Thomas. I'm the ambassador for cyber foreign policy at the German general foreign office. I wanted to react to the criticism that was addressed to the drafters or to the report as such. I didn't read it that way, that this would be a document that governments or stakeholders should sign up to and that was it. What I liked about the report was that for the first time, a group of experts like this actually challenges us saying: We are at a point where people may no longer trust the Internet. And they may be withdrawing from it. Because so far all the narratives where it gets better. We inyou had the next # billion and everything goes up and forward. . You for the first time say we are at an important point it may not be the case. Then you come up with these three scenarios which I think is very useful. One is really scary. The middle one is probably what we have and the other one is maybe too rosy but it's nice to think in alternatives. So in that sense, and then you come up with these recommendations. Which, let's put it this bay way. Well meaning democratically controlled government that is not lying. My government doesn't lie at least not flightily in the face of people in the room -- flatly. Government that is aware of its responsibility. And users who want to defend and preserve freedom and liberty of the Internet, these groups, stakeholders as we call them, that could be their vision, in a way, the renewed sense of purpose. This is what the report contains in my view. That's how I read it and in that sense I'm very grateful to the authors. It's a good thing piece and makes us step back and think again. Thank you. >> MODERATOR Thank you. Latha, feel free. >> LATHA: I just wanted to say that if you read the introduction to the report carefully, you would see that we very clearly stated that in writing this report, the GCIG is we, we believe, providing practical advice on the steps everyone needs to take to achieve a positive, creative outcome. So it was never meant to be that we have the solution. It was simply outlining the problems. And as you said, the three possible scenarios. The danger is broken, cyberspace, the unequal gains and, finally, the wonderful utopia of the broad, unprecedented progress is I think what we called it. And I agree with you. I think we're at the uneven and unequal gains but with the very real threat of the dangerous and broken cyberspace if we don't act now. >> MODERATOR Do we have any remote moderation questions that have come in? Okay. Any other thoughts from the room? Yes. At the end of the table. >> Good afternoon. I'm Michael. I'm a bit like Thomas have I'm the cyber foreign policy for the foreign ministry of Canada. We were pleased to support the work of the commission. We were there at the early days and some of the early discussions about the Commission. And we've been assisting the Commission in transmitting the results of its report. And we've been very pleased to do that. A bit like Thomas, we find the report to be a very useful assessment of the current situation. It portrays some different possibilities for the future. And I think as Latha has suggested it does make some concrete recommendations about moving forward. But I did want to speak a little bit about the social compact. In my view, in my reading of the report, the social compact is not meant to be something that's negotiated and adopted and written down and cast in stone; rather, it's a conceptual framework. It's what we should all be thinking about when we think about how we tackle these problems. And I think that the key part of that social compact, the proposal there, is the idea that we've got to stop looking at this as a zero sum game where one person wins and another person loses, that really what we need to do is stop and think about how do we all gain the benefits that are available to us if we can solve this problem? And I think that that is a very salient point and one that we should keep in mind as we go forward. But I wouldn't want to underestimate the difficulty of that because as some commenters had suggested, there are -- this is a complicated world. Issues like multistakeholderism are not universally accepted. States are powerful. States do operate in this space. And states reject the notion, some states reject the notion of multistakeholderism. I've had the questionable pleasure of being involved in negotiations in UN General Assembly at WSIS and elsewhere. And reference has been made to met mundial, which I think was considered by many an enormous success. And yet we have states that block every effort to even refer to it in a resolution. So. So let's please not underestimate the difficulties that we face. But I think in a way the report tries to address that, as well because I think it suggests that in approaching this intellectual or conceptual framework that's exemplified by the compact, it points out the way that I think we need to engage with those other actors, as well, to try to turn it away from zero sum game and into one where we all benefit, taking into account all the various interests of every one there. So thank you very much for the report. >> MODERATOR Thank you very much. Alejandro? >> ALEJANDRO PISANTY: I will try the unfriendly microphone. That's where it stops working. So I would like to insist that I appreciate the report very highly. I was able to read most of the report that the Commission was producing, so it's a pleasant conclusion. It's a capping. A very worthy capping stone to the effort. It's unfortunately, let me make this more direct. I am not referring to, as I said, to that report as saying that there will be a single world government or other the things that I mentioned. I said I perceived readings of it that are possible in that way. In fact, I found parts of the presentation of Ambassador Reddy that already resonated with the views that we in turn look for global agreements, treaties and so forth. I think we are in the best of cases very far from all encompassing treaties that could really deal with the whole of cyber or the whole of Internet Governance. There is value in the work of the traditional international relations point of view of aiming at treaties or multilateral agreements. But definitely multilateral will only cover the government part of the problem in the best of cases. It may become irrelevant by not covering the rest. But again these are echoes and resonances from the reading of the report. About the effort that went into NETmundial which called for the ratification of some of the views of the report, there is amazingly for some YMMD your mileage may vary. Some of us perceive that the top-down politically motivated very substantial and time- driven, deadline-driven process of NETmundial induced some flaws in the process. They don't kill it. They don't reduce the value that it does have. It does put a cap on that value and the value as example. Plus the fact that the report has been decoupled from the initiative. And the initiative, the NETmundial initiative has faded away tells you again that these one-time efforts that are not completely organic are again only part of what you need. That's the way forward that I think. I think that we have to again realise also the IGF has produced very little resolutions. In fact, it will be half fulfilled its mission if it has as its principles if it produces no resolutions and recommendations that can be implemented elsewhere. If it produces a resolution or recommendation on spectrum, it'll be duplicating the ITU's work. If it produces a recommendation on freedom of speech or on linguistic diversity, it will be invading UNESCO territory and so forth. These are the boundaries that you have to look at when we try honestly to build something like a social compact or moving pieces that will eventually lead to an assembly of come tax that actually work instead of a single one that you don't achieve. >> MODERATOR So just trying to be a bit optimistic and think of the opportunities for how we use this work going forward, if we look forward to 2017, I know my German colleague is here, there's the G20 meeting that Germany is hosting, the G7 that Italy is hosting. These are government meetings. But hopefully with multistakeholder components. And some of the specificity that comes through these principles when coupled with what comes out of WSIS, what comes out of other venues could be a nice basis for some of that work. And we see some opportunities to move this forward in those venues. Those are government venues. But there are others. There's work being done on jurisdiction where these kinds of principles can be useful. That is not government-driven but that is -- has some policy implications. Many of my community live in the technical world. And looking at an understanding that the protocols that we develop have implications for real people and that there are some requirements on privacy and security that need to be taken into account. So I think again rather than looking at this in the singular, we look at how we utilize these principles. And what I like that comes out of here is it seems to take it to the next level. So we've had some high-level statements. Now we get a little bit more specificity and we start to use these principles to shape the policy frameworks that are emerging in the opportunity space that we see before us. So 2017 has these G7, G20. The next year will have something else. And we keep moving and building on this. So from this perspective we found this to be quite helpful. >> MODERATOR Well that's actually a great place to stop is sessiony want to thank everyone for coming and for providing such feedback. It has been really interesting over the last 10 years to watch Internet Governance, just thinking back to the 2006 Athens IGF. A decade before that even watching it go from being interesting only to those of us who are technologists and academics and a certain subset of policymakers to being so high on the agenda of all governments and talked about in the same vein as poverty and human security and climate change and other kinds of global collective action problems. So I appreciate very much the opportunity to share some of the information about the report and thank everyone who had interventions. If anyone would like a copy of the report, that's a hard copy, there are some floating around the room and I hope you'll just take them. And I want to reiterate that the 50 research papers, the poll information, the report and also this specific document toward a social compact for dinl teal privacy and security, are all available on the website ourinternet. So thank you so much for coming and enjoy the rest of the IGF. (end of session) Copyright © 2016 Show/Hide Header