IGF 2010
Vilnius, Lithuania
16 September 10
Main Session
SECURITY, OPENNESS AND PRIVACY
10:00

* * *
Note: The following is the output of the real-time captioning taken during Fifth Meeting of the IGF, in Vilnius. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.

* * *


>> EVALDOS KULBOKAS:  Good morning, shall we start our meeting?  I am Evaldos Kulbokas, Lithuanian ICT Association President.  Excellencies, ladies and gentlemen, we should resume our session, which is today, security, openness and privacy.  There is a problem in Lithuania, the farther you go into the forest, the more trees you stumble upon.  And probably we've got the same issue with the Internet.  During 5 years of IGF existence, probably most of us would agree that there is issues which are mostly related to a paradigm shift.
I will just touch one, and leave the others for our moderators.  During centuries it was considered a good manner to be able to use poetry to express one's feelings.  Nowadays youngsters use Youtube and other online services for the same purpose.  They make music but videos, et cetera, they are not doing this for infringing copyright.  They want to express their feelings and information how they would like to pass it to their colleagues.
It's just a natural way of communication for the young people, because we provided them the technology to do it.  But with the current legal setup imagine what a business would be to make a royalty stream out of the usage of Shakespeare's "to be or not to be."  Probably the wealth would surpass that of bill gates but is it right for society?  Is our current laws open to use for everybody in the world?
From the legal point of view, yes, but law is just a certain way of looking at the world issues and it's not always right to stick to the century old paradigm.  Laws can be changed as well.
I believe that knowledge is something that doesn't shrink by sharing and is the opposite.  That's why IGF is highly valuable as a platform of open minded discussion.  We have many different angles towards the same issues and I believe as I actually say to my son always, I'm 10 times richer by having my own opinion, and 9 of my colleagues' or neighbors'.  And this one opinion just shouldn't count for everybody.  So today we're here to    on a journey to make ourselves 500 times richer but some people are sleeping probably.  They will join us.  I believe we'll succeed in sharing our knowledge.  On the other hand, no matter how rich we are if we have 500 ways of driving the same highway we probably will not succeed.  So I believe we'll have enough wisdom to encourage progress to the whole world.  The topics we will cover will be derived from the workshops and through discussion with workshop organizers.
In order to manage the session there will be three moderator ors to ensure expertise and facilitation of the dialogue and three themes in relation to the issues.  Our moderators this morning are Frank La Rue, Ms. Lisa Horner, and Mr. David Hoffman, and Ms. Kieren McCarthy will do the remote participation moderation.
So the moderators, floor is yours.

>> LISA HORNER:  Thank you, Mr. Chairman.  Thank you every one for coming to this session today.  As the Chairman has said, we will be discussing issues of security, openness and privacy.  With we'll be using three main thematic lenses to explore the issues today which we have up on our screen there.  The first theme that we'll be looking at is social media and we'll be looking at a range of security, openness and privacy issues related to social media.
Our second theme is the nature and characteristics of Internet networks, technologies, and standards.
And Theme 3 is international cooperation and collaboration on security, privacy and openness.
And as the Chairman mentioned, there are three of us here today.  We'll each make some opening remarks of around 5 minutes, and we'll then move on to address each of these issues in turn.  One of the moderators will take the lead with each issue, so Mr. Frank La Rue will be in charge of the social media section.  I'll be running the second section.  And Mr. David Hoffman will be taking charge of the third session but we'll also be working together throughout to make sure that we try and have a very lively and fluid and coherent conversation together.  The format of this session is really open discussion.  We'll be relying on you, so please do speak up.  We want to hear your views, we want to hear your opinions about the issues.  Please do try to keep your interventions quite short because we really do want a fluid conversation and we want to be able to include everyone.  Please try and speak up in the relevant theme as well so keeping your conversations and your comments and your interventions obviously relevant to the subject matter at hand.  We also have some feeder workshops, these are workshops that are relevant to the themes we're discussing today and we'll be calling on those feeder workshops to let us know the outcomes from their workshops and to provide some points we can then discuss together.  We also have invited some people to make comments on specific issues.  So the aim of this session is to look at whether we can achieve our goals relating to security, openness and privacy in ways that complement each other and to highlight any areas where there might be tensions between these goals.
To give you a bit of background about this, the session was structured by a Working Group with representatives from all of the three stakeholder groups that the IGF works with.  As the Chairman said we consulted with workshop organizers to identify some killer questions and we looked at these and that's how we identified these three themes.  They seemed like salient important topics we can discuss.
In the early IGFs, security and openness were dealt with largely as separate issues in separate sessions.  But it was soon realised to act to create artificial boundaries between the issues and there wasn't enough space to bring them together and the discuss how they interact with each other.  In more recent years, we've tried to bring these themes together we've had very interesting debates and learned a lot from each other I think.
But it was still felt we weren't doing enough to bring these three themes together.  They're often being seen as incompatible with each other, as competing rather than perhaps complimentary goals.  While tensions do exist and we need to be honest and open and really explore those, we'd really like to also explore how these issues can interrelate with each other and compliment each other.  Do they have to be zero sum in the way they're often treated?  So I think an open Internet can also be a secure one in which the privacy of citizens is respected.
But how can we actually achieve this in practice?  How can we make these three issue areas really work for each other and support each other?  So we hope that the format of open discussion here around thematic issues will help us explore that complementarity between the issues.  I think these three issues are critical and they're all cross cutting, relevant to all the themes that are discussed here at the IGF.  I think that openness is particularly important.  In the past we've are relied more on closed systems of communication:  Television, broadcast, et cetera.  These are largely one to many models of communication and we as members of the public are largely receiving information and didn't have many opportunities to really talk back, to express our ideas and opinions, to express our knowledge and our creativity.
So the Internet's really changed all that, as we all know.  It's empowered humankind, placing the power of communication back in the hands of individuals, the everyday man or woman.  And this is a revolutionary development.  Never before have we really been able to tap human creativity and knowledge in the ways that we now can, using Internet technologies.  The Internet's a hotbed of innovation in so many spheres:  Commerce, art, culture, knowledge creation.
It was openness that allowed the Internet really to develop into the powerful communications medium that it is today.  But it's obviously come a long way since the early days.  The Internet's now so central in everyday lives, so central to the global financial, economic, social, and cultural infrastructure that we have.  It's too precious, too important to really be left alone, which is obviously why we're here today.
We have to recognize that it's a powerful communications medium that can be used and indeed is used for harm as well as for good.  We don't want the tool to be used to attack the values, goods and systems that we hold dear and that we rely on.  We don't want people to lose trust in the Internet through feeling vulnerable to fraudsters and criminals when they go online.  And this would undermine the very value of the Internet as a network that really connects millions of people across the world.
So we therefore have to work to promote and protect security online, and equally, we don't want people to lose their trust in the Internet and its applications, because they feel that their privacy is being violated.  Because they're not sure who is monitoring their online activities or who's gathering information about them and why.
So privacy and security are incredibly important, but we have to be careful not to irrevocably damage the characteristics of the Internet, its openness, its interconnectivity that make it so powerful through policies that are perhaps very well meaning but may be a bit misguided or disproportionate or even short sighted, policies that place unnecessary controls and limitations on communication so we have to be careful and deal with all these issues together.  So the question is:  How can we foster the continued evolution of an Internet ecosystem that continues to support human creativity, expression and knowledge sharing in new and exciting ways while also protecting and promoting privacy and security?  And as we said how can we make these goals work together?  I'm looking for ward to this discussion today to working with you, to bringing these three mutually reinforcing goals together so we can come away with a better understanding of how to foster an Internet ecosystem truly empowering and liberating for human kind.  Thank you for that.  I'd like to hand over to my colleague David Hoffman to make some opening remarks.

>> DAVID HOFFMAN:  Lisa, thank you very much.  First I'd like to thank the organizers for inviting me here today.  IGF is a unique and essential form for voluntary multistakeholder dialogue, and it's truly a great honour to be here and to help moderate this discussion.
At Intel, I get the opportunity to work with some of our engineers who are in our laboratories, who are developing and designing the technology of tomorrow.  And when we look at that technology and we see what is evolving, we see what we refer to as the growth of the computing continuum.  What we're starting to see then right now is when individuals participate with technology, they are using applications and data for a great growing number of functions within their life.  And they're using now a variety of different technologies.
There was a time not too long ago when all of us if we were using computing technology, we had just potentially a stand alone desktop computer at work, and potentially one at home, and we kept our work data at work and we kept our home data at home, and occasionally we'd have to work on how to get things from place to place, but didn't have to do that very often.
The world we are evolving  to is going to be a very different place.  We're evolving to a world where people are going to wake up in the morning and interface with a certain computing device that will have applications on it and data that they will be using in certain ways.  They will then maybe potentially have breakfast where they'll go to their kitchen and have another tablet device or something on the counter in the kitchen.  They'll then get in their car and there will be a computer in their car and then they will go to work and after work they will have their handheld PC that is also their phone.  You can see where I'm going that there could be 15 maybe 20 devices during the day that all look very different whether they're handhelds or tablets or a car PC but those devices will be devices people are going to expect that they're going to be able to have to a large degree their applications and their data available to them, for them to be able to do that, those applications and those data are going to need to be transmitted from device to device.
This is going to be a connected computing continuum, and that likely means that in most cases, we're going to be using the Internet for the backbone of that connectivity for individuals' participations in their personal and business lives.
Now, there's nothing all that revolutionary about any of that, other than to recognize that this is an evolution that we are going through.  What that's going to mean is that many of those devices that we will use are not going to have the memory to hold all of those applications and data just on that device.  This is going to create an increasing need for remote storage of these applications and data, and that could be done in a variety of different ways.
One way to do it would be for people to operate their own server and communicate back to their own server, but more than likely, in most situations, individuals are not going to want to do that and they're going to take advantage of this growing aspect of remote data and application storage, which many people would refer to in some context as "cloud computing."  Now we have a situation we're evolving to where people want to rely upon this computing continuum for these new and innovative life in their use and businesses and they have to rely upon individuals to store this data remotely for them.  And that data could be stored, applications could be managed, anywhere all around the world.
This creates a tremendous need, since individuals will be relying upon this for individuals to be able to trust that computing continuum.  When we look at trust, we think that both privacy and security are fundamental components of that trust and creates the need to have the types of discussion we're going to have today of:  How do we provide a reasonable basis for people to be able to trust?  And for people to have an understanding that it's reasonable for them to engage in these computing activities because their data is going to be protected or the network is going to be protected?
So there's obviously this great need for us to figure out, how do we provide reasonable privacy and security for individuals and entities that are using this computing continuum.  Too often I think in the past, people have said:  Well, if we're going to do this, this is going to be a great problem because we're going to need to balance privacy on one side with security on the other side.  And if we want more security, we obviously have to give up personal privacy to be able to get that.
I contend that that is a fundamental misunderstanding of the concept of balance.  And instead, what I would say to you, speaking as a lawyer, that we should think about things more in terms of what is thought of as a legal balance, the scales of justice.  And with the balance of the scale, what you're doing is if you're going the need more security and you're going to put more on the security side, then you are absolutely then going to need to put more on the privacy side.  So what does that metaphor really mean?  I think actually what I see in my daily practice overseeing my company's privacy compliance measures is that that's actually how it works.
When we want to take more security actions in certain regards, we recognize that for the people that we do business with, or our employees, that they are going to need to have much more than understanding of trust.  We're going to have to put better privacy compliance processes and transparency in place so things come into balance, that there's more on the security side, and more on the privacy side.
The additional complexity is that this computing continuum also is evolving on a global basis that what we have found ourselves in is something that I refer to as the global digital infrastructure.  We have an Internet infrastructure that is, to a large degree, made up globally of some common, fundamental hardware and software components that make this global infrastructure which we get tremendous benefits in interoperability and the capability for folks to design to a common infrastructure, tremendous benefits both for communication, for people to use technology as they travel around the world, and for economic growth and business development to be able to design new products and services to this global digital infrastructure.
However, we have a global digital infrastructure, then, that meets siloed policy structures, country specific regulation of a global infrastructure, and this is one of the things I think is the fundamental challenge we have today and we need to discuss during this panel is how do we reconcile those two?  How do we provide respect for differing cultures and the need for people to have differing regulation within their specific country, while providing enough harmony or harmonized regulation so as not to disrupt this computing continuum?
So those are my opening remarks, and I'm very much looking forward to the discussion and I would like to introduce our third moderator, Frank.

>> FRANK LA RUE:  Thank you, David.  I would like to include in my
opening remarks something different.  My process in the -- of all -- is
how do we maintain the focus on Internet, on the new technology, the
new development, the new challenges, whether it be in privacy and
security or whether it be on openness or whether it be on the
technological leaps or new policies applied in different parts of the
world.  How do we look at all that from a human rights perspective?
I think this is crucial.  I have been only twice to the IGF, but I
think this year has been much more in sing any with the right orient
tiff perspective.
We want to make a difference between what is the technical side of
issues, what are the legal side of issues and what is the human rights
focus of issues.  Although you can separate them to study them in an
academic way, I will always insist that human rights is a perspective
that should be applied to all forms of life.  It is apply the to all
individuals all around the world to all aspects of their daily
activity.  I think this is crucial.  And Internet has a very powerful
element that openness that Lisa was mentioning, it is a new venue that
has created an interactivity in the world that should enhance what
David was saying, that multi cultural dimension, the better
understanding of the world, what UNESCO calls a culture of peace and
not be used to the detriment of dignity and rights of people around the
world.  For the first time we have a truly global means of
communication around the world, very fast, very effective.  That should
be transformed into a better world with more respect for human rights
and not less.
And in this sense, as Lisa was explaining was the particular panel
drawing from a lot of the other panels that you have had to try to draw
conclusions around social media.  First when we talk about social
media, normally we're talking about the social networks.  But let me
begin a little bit backwards.  Social media is the media that we use
that is not of commercial nature, that is in a voluntarily exchange of
views and positions.
And the social media really began with broadcasting or with community
newspapers or journals, or community broadcasting in terms of community
radios or even community television.  It was a public service of all
the community, not at the interest of anyone in particular, but of all
at the same time.
But obviously when this evolves into the Internet, and it becomes
this sort of social communication, this public service, using this
excellent medium, this openness of the Internet, then it has a new
added element, which is that it becomes an interactive form of
communication.  No longer the passive form of broadcasting when a group
of people were broadcasting to another or communicating.  In this case
it's effective, systematic and constant interactive communication of
all.  And I think this is -- and this is where it then develops into
the social networks that create a more specific type of framework for
that interactive communication.
Obviously there's a tremendous good and tremendous function in this.
But at the same time there is perils and fears as well.  When the
Internet began, I was living in Washington and the people living in
Tacoma park decided they wanted to do their first neighborhood network.
They were worried -- this was an experiment, this is many years ago.
And they were worried that this was going to ruin their percentage
neighborhood relations because everyone was going to communicate by
Internet and not directly in a friendly manor and personal way.
A few weeks later I spoke -- a few months later I spoke to them to
see how the experience had gone.  And many commented that no, it had
actually enhanced communication.  Balls of an older person would come
out of their house and find that their car had a flat tire, they would
come back in and immediately ask for help on the Web for anyone in the
neighborhood near their address that could come and help them change
their tile.  And that effectively happened.
Some people began asking for help to babysit and take care of their
children.  And it ended up instead of reducing the personal
relationship, enhancing the personal relationships.  Well, I believe
that this experience in the neighborhood can actually now be
transported -- this was many years ago -- transported to the world.
This should enhance this or the sort of neighborly relationship and
enhance the exercise of rights around the world.
There are legitimate concerns for security and will he jet mat
concerns for privacy.
Can this openness guarantee both?
And here as following on what David was saying, I actually like to
say that it's not exactly a balance what we're looking for between
privacy and security.  But a balance seems that you're giving in one to
achieve the other.  Systematically.
I think we have to begin by saying, number one, is that privacy is a
right.  It's a fundamental right of anyone and it is a permanent right.
And security is a necessity for exercising all rights.
So it doesn't mean that we have to give away our right to privacy or
we have to give away the protection of security or a right to security.
So I believe that we have to see how we can enhance both simultaneously
and not allow that one erodes the other.
One of the reasons why this is becoming a discussion now is because
clearly the Internet was sort of a -- and especially the social
networks, which began as sort of a friendly experiment and all of a
sudden exploded around the world -- because they actually responded to
a necessity of communication that people had.  And I think they grew
much faster.
And obviously was.  Less -- or was no regulation at the beginning.
And one of the panels I remember someone said Internet grew so fast
because it had the element of open creativity.  And no one had
regulated it, and no one knew how fast it was going to grow.  But it
was an experiment to let it flow freely.  But now you begin to
understand that many of those facts that data placed on the Web can
actually be transported to someone else.  As David was saying, some of
that has to be launched in a different place for security, but
eventually could also be sold or sent to someone else.
I remember that in the I have had FG coverings in Sharm El Sheikh,
there was one person made a presentation that was called the end of the
ephemeral.  What we wanted to leave on the record, we would put in
writing and we were very cautious in putting on the paper because we
knew it was going to be filed somewhere.  Whatever we wanted to say we
would say by word.  And we could be very open about it.  And introduce
ourselves and give openness about our ideas, because we knew that those
wording would go with the wind.  That was the ephemeral.  But we write
on the Internet as we speak freely and we want to write with the same
freedom.  So we put everything there and we say everything we think.
And you go into a chat room and begin letting everything out.  Or into
a social network and you put all your information and your family
information and everyone else's.  And you do it so openly that you
never thought that could eventually end up in someone else's hand.
Ironically one of the examples I also received in one of the panels is
that a friends of mine got as a present, they send to him two
photographs of his childhood which he personally doesn't have and no
one in his family had.  He doesn't know where they appeared.  But
someone just sent them over to him to his address.
So this is the speed and the fastness and the openness which this
moves, creates a serious challenge for security.  And at this security
oriented world, the idea that all this information actually has a
tremendous value.  An a value for security, but also commercial value.
And these are limits that were probably not thought of at the beginning
that will force some form of regulation in the future to defend, like I
said, the basic rights, to defend the right to privacy.  But also to
defend security as something necessary.
And in that sense we would like to call on some of the panelists that
were working on some of these issues.  Let me begin with asking for
comments from Cynthia Wong, from CDT.  Thomas Snyder from Switzerland,
Allen Davidson from Google, and Giacomo Mazzone.
If they would like to share ideas that they would on these, or others
that they may have.

>> CYNTHIA WONG:  My name is Cynthia Wong, and I'm with the Centre
For Democracy and Technology.  Thank you to the organisers of this
fantastic session.  I think this conversation will be a very fruitful
one.
I just like to start out with just by distinguishing on line social
media from traditional media along several different dimensions that I
think are very important for the discussion.
First, I'll say that social media enables average users with little
technical knowledge to publish and access information in unprecedented
ways.
Social media also allow -- is also relatively inexpensive to use,
basically allowing anyone with a computer and Internet connection to
participate.  Social media platforms are also -- potentially allow
users to engage with a global audience and support an almost unlimited
number of speakers, making it one of the most interactive mediums ever
existed.
Finally, social media is uniquely user controlled.  Users have a lot
of choice over what content they will see and who they will interact
with.
And it's precisely these distinct attributes that undermine a lot of
the justifications for why we have regulated traditional media the way
that we have.  And I think most importantly here, social media
platforms have played an indispensable role in enabling free
expression, civic engagement and a range of our rights on the global
Internet.  It is precisely these services that provide platforms for
users to speak, access information and engage with the global
community.  But of course the openness of these platforms also means
that they can be used for ill as well as good.  Including to commit
crimes, or disseminate expression that might be deeply offensive to
some.
So the question then becomes how do we address this reality in a way
at that preserves openness and protects privacy and security?  And I
would really put forth that laws that hold the platforms themselves
responsible for the bad behavior of users cannot only hurt the
expressive potential of these platforms but will also have a negative
impact on openness and the privacy of users for a couple of different
reasons.  First, the fear of liability will encourage platforms to act
as gate keepers and close these platforms for user activity; and
second, the platforms might feel like they need to surveil users more
for fear of legal action.  That doesn't mean that the companies that
provide these social media platforms themselves don't have a
responsibility to protect the privacy and security of their users.  And
there's actually a growing body of work that provides a common
framework for how companies can do this on the global Internet.
Companies who built their practices around the fair information
practice principles and around the privacy framework created by the
global network initiative will be best positioned to protect both
privacy, security, and promote openness on the global Internet.  And of
course governments also have a role ensuring that companies live up to
this responsibility.
But in any cases, the policy approaches that we adopt must address
the bad uses of social media in a way that fully assesses the tradeoffs
in really assesses the impact on openness, security and privacy as well
as a range of human rights.
Thank you.

>> FRANK LA RUE:  Thank you Cynthia.  We will ask Giacomo Mazzone, to
address the new media we're talking about.

>> GIACOMO MAZZONE:  Thank you for this invitation.  Traditional
media as you know representing the European Broadcasting, representing
unions of -- from around the globe.  Have a certain kind of obligation
that comes to them from the contract that they sign with the
government, with the authorities that gives them the license to
broadcast.  And in this contract there are a number of obligation.
Among the most important there is universal service obligation.  So we
need to talk to everybody.  We need to be listening to everybody.  We
need to address also the minority.
There is an obligation of reliability and security.  So there is
information has to be accurate, has to be verified, has to be fair.
There's an obligation of fairness respecting the rights of everybody
that could listen to us and that could be addressed to -- from our
messages.
Of course there are other obligation like protection of minors and so
on.
In the world of convergence where we are living together more and
more, the traditional media are expanding their activities through the
Internet.
And then we have a different speed and a different kind of respect of
this rights of the citizen in the Internet world compared to the
broadcasting world.
We live with different definition, we have a precise definition in
most of the countries about information.  We have a certain number of
obligations and rules for giving access time to minorities and other
kind of people.  And this doesn't exist in the Internet in a qualified
way.  So the day that we arrive into the Internet world with our
services, with our information, with our educational purposes,
et cetera, et cetera, we have this discontinuum between these two
worlds.  The reference point for all the broadcasters in the world is
recently published in March this year.  And you can find on the
website.  Call the contact for all BBC world, and the special
representers, the anchor when they go into the Internet world, for
instance in the social media more and more because the biggest part of
the work that the -- Protus does is to create community.  And the
Internet is a wonderful system to create communities around the
particular interests and so on.  There is more and more the capacity to
aggregate people around a certain number of contents, a certain number
of interests.  And in that case we need to adopt as much as possible
the same rules of fairness, accuracy, respect, that we are obliged to
keep in the broadcasting world.
It's not easy, but we try to cope with this the best.  But of course
the problem is a lack of governance in the Internet world comparable to
the governance that we have into the traditional media world.
A last point was not one of the feeder workshop of this session, but
I think that is relevant:  We had yesterday a workshop on how to
measure the media consumption in the converging world.  That is
important in the sense that not -- we in the broadcasting world, we
measure in terms of audience rate.  In the Internet world is measuring
in terms of clicks or time -- number of pages or time spent on a
website.  But there is a problem there that concerns everybody, that in
order to understand and to protect a certain number of value like
plural, diverse cultural diversity, consumer interest and so on, it is
important to have a common index, a common paradigm in order to measure
how the media are viewed.  Because for instance if you want to protect
the pluralists, you need to know which media are reaching the
population, the citizen to which they address.  If you don't know, all
the kind of measures that we have in place in terms of protecting
pluralism and that characteristic of Europe, they are not any more
accurate and efficient for serving the scope.
So this is a point in which we need to reflect and it is very
important for the future.  Thank you very much for your attention.

>> FRANK LA RUE:  Thank you, Giacomo.
In my report to the general assembly which I'm doing on freedom of
the press and protection of journalists there is a section on citizen
journalism and a congratulation to the campaign the IFJ is doing on the
ethics of journalism but including progress in citizen journalists in
this new challenge of ethic, challenge of the world to generate in a
world that is being confronted on the basis of racial, cultural and
especially religious differences how to build a culture of
understanding from a new perspective and objectivity.
Thomas Schneider is here.  We would like to hear from the European
commission what is the perspective between the old me yeah and the new
media, what are they looking at.

>> THOMAS SCHNEIDER:  Hello, everybody.  Actually, I do not work for
the European Commission; I work for the Swiss government.  And I
represent my country in -- for like the Council of Europe and I2 and
ICANN and others.  But we of course are also in contact with the
European commission on these issues.
What I would like to tell you is some work that I happen to do as a
chair of an expert group in new media at the Council of Europe, which
might be interesting for this discussion.
I think it's very good that you started by highlighting the funds
mental importance of freedom of expression for the functioning of
democratic societies and the relations to privacy and security.  This
is linked.  And maybe less opposed to freedom of expression.
And in the last 50 years the mass media would most important means
to -- for people to exercise freedom of expression, freedom of
information.  And as we have heard with the convergence and the changes
in technologies and in the use of technology, the media system has
become a little bit more complicated.
We have a lot of new actors that have entered the media system and
have taken on some functions that used to be performed more exclusively
by traditional media organizations.  And this has led people in Europe
but elsewhere as well of course to realise that the traditional
approach of regulating media that was mainly done according to the
technique of the fusion like television broadcast or press or radio or
whatever, that this approach is -- somehow needs rethinking.  And the
Council of Europe at last year's -- at its last year's Nicera
conference under the title of what's the new notion of media has
decided that we should think of developing this new notion of the media
and seeing to what extent traditional media regulation could or should
be applied to new actors in the media system, to what extent new
regulation should be developed.  And by regulation, I do not mean
control.  I'm basically mean to focus on the underlying aim of that
regulation as the Council of Europe understands it, to help these
actors to fulfill their role in guaranteeing and promoting freedom of
expression and information.
So this is the main goal of the regulation.  And it should not be an
overregulation.
So -- what we are doing at the moment is we a looking at cases like a
block or a search engine or a social network or media -- it's funny
that some people call the social networks or media networks or media.
So for some of them a social network is a medium, for others it's just
a network.  So it's an interesting thing I realised yesterday again.
And what we are trying to do is trying to see to what extent -- these
new actors that are active in the media system, to what extent they
take on functions that are relevant for the media system.  And there
are some new actors who are -- it's easy -- it's not easy anymore to
distinguish them from a traditional mass media.  Because they fulfill
the whole range of functions.  And others maybe are just aggregating
information or making them available or giving access like a serve
engine which performs one particular function of the media system.
So instead of calling all the media actors in the media field media,
maybe we need to go from -- leave the organisational approach and go to
a function approach, a graduated approach where we look at what
services, what activities correspond to what functions, and therefore
the regulation should also be graduated.
So it's -- might not be easy to say you're a medium or you're not a
medium or you're just an intermediary at the other end of the scale
provides physical access to the Internet.
There are many actors in between, many functions in between where we
might have to see to what extent they fulfill some criteria that means
that they are part of the media system.  And for these functions, for
these aspects where they are relevant for being part of the media
system and relevant for contributing to the exercise of people for
freedom of expression, information, that the regulation should be
adequate to the function.  Not overregulation and under regulation.
And this is a positive and negative regulation.  And we want to put the
stress on the positive regulation meaning enables these actors, from
the access provider to the social network operator, what is their
contribution that they can make to allowing their customers or people
to exercise their freedom of expression?
How should they therefore be protected, protected from other
interests that might abuse their function in preventing them from
contributing to freedom of expression and access to information.  But
also -- and that goes along with this -- what are the responsibilities
that they go through performing one or several functions that are
relevant for the media system?
This is what we are -- the idea that we are trying to develop in
order to have at least for Europe a commonly shared notion of the media
system as it is now with these new actors that are changing and the
technical development that is changing based on the functions.
And there are several ways, then, if you identify these functions to
react.  Maybe for some functions you need an exact regulation which is
maybe for prescriptive.  For other functions you let people act and
then if somebody bad happen, you have an ex post regulation.  Maybe you
have binding regulations for clearly illegal things like child
pornography.  Maybe you have soft law provisions for things that are
more dependent on cultural diversities between the societies where you
just give guidance and say, you should treat things in such a way, but
there might be reasons to treat it differently.
So there is a whole range of graduated regulation from very strict
legal provisions to just recommendations on how you should behave.  One
thing that is very important is transparency and consumer -- not only
protection, but consumer empowerment.  For instance, if you are social
media, that you raise the discussion of if something appears on a
social network which is -- which might be considered illegal, who is
liable?  Is it the operator, is it you who put it on line?
Is it the one who created the content?
Is it the one who found the content on the blog and then put it on
the social network?
These questions have to be transparently discussed and there of
course the network operator, the social network operator has a
responsibility.
That does not mean that he is responsible for the content that is on
his network.  But these questions have to be made transparent.  And the
user should be aware of the part of the responsibility or liability
that they share.  Because if everybody just says, no, it's not the
operator, no, it's not the user, in the end somebody will be made
reliable.  And for the sake of legal clarity and avoiding chilling
affect because everybody is afraid that he might be made liable, the
more transparent and the clearer the words are to all the people
working in the media system, I think the better freedom of expression
is protected.  Thank you.

>> FRANK LA RUE:  We were going to ask -- but instead to ask for
comments from the floor.  If everything that the conversation is
flowing makes the same sense for all.  Because I think we're all moving
in the same direction of the question of the new challenges and the new
definitions of what this new social media and the actors, and who is
actually playing the role of the media and who's facilitator.
But is there any comment that will come from the floor?

>> LISA HORNER:  If you you'd like to move to a mic.  Or there are
people with roaming mics in the room.
We have a -- we have the row moat captioning and we have the
interpreters.  If you could announce as clearly as you can your name
and your affiliation, that would be great.  Thank you.

>> VYTAUTAS BUTRIMAS:  Okay.  My name is Vytautas Butrimas; I work
for the Lithuanian Ministry of Defense.  I have been working in cyber
security area.  I have been attending these conferences and workshops
throughout the week.  I hear the word "security" being used.  And I
hear that the IGF has been meeting for five years.  Yet I find no
evidence that the IGF has digested three significant events that took
place during a five-year period.
First one was the cyber attack against Estonia where for a few hours
a whole country was cut off from the Internet.
Should be a lot of concern for freedom of expression and access to
the Internet there.
Doesn't seem to be digested.
The following year, 2008, we had a military action against another
country that coincided almost to the hour of a military attack a cyber
attack.  Very well planned, hit infrastructure.  Resulting with
disruption to communication, a government could not communicate with
its people.  The outside world could not figure out what was happening
to a country.
Security.  Third thing, the growth of the social networks where also
it's a good thing, freedom of expression, freedom to express one's
point of view, organise demonstrations.  But you can also organise a
cyber army.  And you can attack and focus a targeted attack.  You can
be a government, you can be even an individual.  You can rent a botnet
for 100 Euros a day to attack a country's infrastructure.
I don't see any evidence of this being addressed at this conference.
And to me it's like a naive way of looking at the real things that are
happening in these worlds.
These events by the way, were perpetrated by -- not by pimply
adolescents but many of them are professionals.  They have quasi links
to intelligent services and also links to governments and militaries.
Something should be thought about that.
Security and the three things that were mentioned at the opening of
this session, the way security is handled will have an effect on
openness and on privacy.
If we don't do anything about reducing at least some of these
freedoms of -- freedom, for example, you can't shout "fire" in a
theater, you can't burn the Koran in public.  These things have to be
considered.
And you can't -- so that's the freedom.  And also, the second part --
it's a long, drawn-out statement.  But the -- second part -- I'm sorry
that I wasn't able to -- but some mechanism needs to be for
enforcement.  Again, perpetrators of Estonian attack, Georgian attack,
are not identified.  These are great exercises for these professionals.
The world reaction to this, nobody was punished.  Let's not hope -- the
way these issues of security are handled, we can result in another form
of crisis more than Al Qaeda.  Thank you.

>> Frank la Rue.  Thank you very much.  And someone coming from a
minister of defense and strictly looking at security aspects.  This is
precisely the benefit of this forum is how to integrate the different
views with the full respect of individual human rights.
We had Allen Davidson from Google who is going to also comment.

>> Director of public policy of Google in Washington D.C. to echo
some of the things that Cynthia Wong started with, which is to say that
social media creating -- which is very broad term by the way, social
media -- but creates these incredible challenges and we have been
hearing.  But it also gives us the tools itself to address many of
them.  That's what I think is important to think about.  Just by word
of context, one thing that Cynthia mentioned is some of the unique
features of social media.  But what is in some ways most interesting is
that we've really reached this long predicted world where users
themselves are the creators of content.  Individuals are.
That's been our experience.  Goggle operates You Tube.  Every minute
on You Tube, every minute, 24 hours of video is uploaded.  Since this
panel began almost two months' worth of new video has been uploaded to
You Tube.  Every minute on our bloggers' product, 270,000 words are
uploaded.  Every minute.
So we really have reached this world where individuals are the
creators of content.
As we've heard, this creates huge challenges.
What do we do about it?
We believe that it is not a zero sum game.  That in fact there are
opportunities to address these problems.
Industry has a new role here.
Three quick areas where we can do a lot.  One is privacy.  We have
the ability to create tools that give people transparency, control, and
protect their security.  There's a tremendous amount of experimentation
going on.  But it is essential from an industry point of view that wee
provide privacy.  Because people will not use our products if they
don't trust them.
Safety, we can do a lot to give people the tools of control to
protect themselves and their children and their communities.  And the
community itself can do a lot on line to do that.
Openness.  Interoperablity is essential in this media.  We have a new
group at data, called the data forefront -- literally walk around
product to product and make sure that people can take their data with
them.  That's something that consumers should demand.
Another thing, though, that we need is industry cannot do this alone.
We need the help of government.  A lot has been said in some of the
sessions about the importance of free expression.  And the dangers and
risks to free expression around the world.  We need government to help
us and to use the tools at its disposal to protect free expression.
We need more transparency from government about when it -- government
itself is asking for content to be removed or asking for data about
users.
And we also need good legal regimes that allow social media to
develop, particularly protections around intermediary liability.  We do
not want a world where the providers of social media services are
themselves forced to become gate keepers.
So I would just say there is much for us to be done.  Freedom and
openness on the Internet is not an inevitability.  Something we all
have to work for.  We're delighted to be part of this conversation at
IGF.  And I congratulate the organisers for this.  Thank you.

>> FRANK LA RUE.  We're running a bit late on time.  We're having a
little problem from the feedback panels.  Three persons that were going
to call.  To briefly see what the panels they have participated in add
to this debate in a very quick statement.
I'd like to ask Maja to participate.
Jac Sm Kee and Xianhong Hu from UNESCO.  One quick statement from every one of those panels that they were participating in.

>> LISA HORNER:  I think we have Maja up front.

>> MAJA RAKOVICH:  I'm from the Centre for Research at the University of Belgrade.  We had yesterday a very interesting panel about freedom of expression and intermediaries and where do we go from this particular moment?  And what was interesting about this particular panel is that it has been organised by a large number of stakeholders such as Council of Europe, global partners and associates, electronic frontier foundation, the Internet Governance project, APC Google and centre for democracy and technology.  There was also a lot of participants and it's a broad and complex issues so I won't go into details.  Basically we heard a lot about projects and on going work that's been carrying on in the Council of Europe, UNESCO, GNI regarding social, economic and Human Rights impact of Internet intermediaries.  We heard about different cases from around the world.  From Italy, Estonia, Thailand, Pakistan, United States, et cetera.  About issues regarding defamation, protection of children, insult laws, copyright, domain name registrars, legal immunity, legal liability, self regulatory principles.  What was stressed was basically we need to take when we speak about Internet intermediaries and freedom of expression we need to take into account different types of categories of intermediaries and different roles they have in enabling communication and free flow of information on the Internet.
It has been stressed that it is very important that clear roles and principles are defined between different stakeholders and that basically everybody's clear about these principles because a lot of concerns has been raised about certain legal uncertainties, about certain transparencies, arbitrary decisions around the world which can have chilling effects on freedom of expression and Internet intermediaries.  It's been stressed by the participants that it's necessary to have transparency, legal certainty and due process and there's obviously a lot of work to be done in this complex issue and this group of partners is willing to continue looking into these issues and trying to develop some common agreements about basic principles we should start on with this.

>> LISA HORNER:  Thank you, Maja.  Jac, please.

>> JAC SM KEE:  My name is Jac Sm Kee, with the Association for Progressive Communications.  We had an interesting workshop on sexual rights, openness and regulatory systems and I won't go into the whole statement, I'll just read parts of it.  What we found is that sexuality lies at the heart of the debates on the need to limit the rights to freedom of expression, information and privacy on the Internet.  For example, the problem of pornography is cited as one of the reasons for Internet regulation.  
However, sexuality has been raised as a negative issue at the Forum and also in other spaces rather than a positive rights issue.  Issues of sexual health, sexual education and sexual equality are rarely tabled as policy dimensions of internet governance.  And we found that solid research is recognized as essential in informing all important policy decisions.  In relation to this issue, decisions are made based on assumptions that result in information of regulatory responses broad based and discriminatory in effect.  
Due to the value ridden and highly charged character of sexuality, policy needs to be based on research that aims to understand how users engage with sexual content and spaces, their motivations and what are the values that are given to them.  This is a major motivation for us in organising the workshop as well.
We also talked about how the Internet has a key role in the realization of a broad range of rights.  For example the right of association by lesbian or transgendered people to form online communities.  The right to access information such as on sexual health and pleasure.  The right to privacy including control over personal data and respecting its contextual integrity and the rights to opinion, expression and assembly over the internet which are important in the process of active and public participation in social, cultural and political life.
And finally, the participants stressed the rights framework is key in approaching the challenge of balancing different interests and concerns in regulation.  Simply stated, the approach needs to prioritize the protection of rights of people as opposed to the protection of people, whereby rights are interdependent, indivisible and inalienable and applied equally to everyone.  This will avoid the pitfalls of regulatory approaches that privilege the interests of one group of people over the other, or approaches that assume people having no limited ability to make good decisions about their own lives.  It also provides opportunities to look at the issue in the multifaceted way and ensures that different stakeholders are guided by universally agreed and binding Human Rights agreements such as the Convention on the Rights of the Child, Convention on the Elimination of All Forms of Discrimination Against Women, and the ICCPR.
In this regard, the state has the duty and obligation to ensure recognition and respect of people's fundamental rights and freedoms and to ensure there is access to justice and redress in the event of violation in an open and transparent way.  And the protection of users right to privacy, information, expression, assembly and so on cannot be entirely devolved or delegated on accountable private entities.  Thank you.

>> FRANK LA RUE:  Let me just comment, if I may.  We were having the conversation chat before this panel and I was suggesting that there has to be a rights approach and all rights are equal but that I would not make the separation between rights and people, because the rights originate in individuals in human beings on the basis that all people are born equal in dignity and in rights.  But I do believe we have to impress on the fact of the equality of rights and the equality of dignity so no special groups of individuals have a special protection to the detriment of others that have lesser protection.  The equality of lights should make us see the equality of the dignity of all individuals.
To close up this part and I know that there was many other things that didn't develop in the security question, the profiling, the stereotyping, the use of information an the Internet to target people, the geotargeting, or even the right to delete or the right to forget issues, that were not dealt with but we'd ask to close this part and continue then with Lisa for Xianhong Hu from UNESCO to comment.

>> LISA HORNER:  We've just had a request also from the translators that we speak a little slower so hat they can catch what we're saying so thank you.  Xianhong?

>> XIANHONG HU:  Thank you, Chairman.  Thank you to all.  Actually as you know, the UNESCO is the only U.N. agency with the mandate to promoting freedom of expression and we really organised two workshops at IGF which are really important to    pertinent to all the discussions here.  I'll just briefly share the outcome from the participants.
The first workshop is on the freedom of expression and the freedom of connection.  We launched UNESCO commission report to see the ecology policy approaches shaping the freedom of expression on Internet.  The study has shown that with growing access to information in cyberspace, there is censorship and filtering done not only by Government organisations but also by private companies, which have diverse goals and values.  We need to explore their relations.
And there are also various policy approaches we need to explore further including industrial policy and regulation, such as copyright, user centric approach, such as child protection policy, net centric policy, such as linking to internationalization of domain names, and also the security policy in terms of the relation to privacy and the freedom of expression.
The second workshop is also in light of the, it's about    it's focused on how to find applicable standards and legislation of the social media.  And participants have shared good practice on privacy protection, some legal and regulatory instruments for social networking have been developed to protect user's right to inform, to leave and to control their personal data but still there are many questions posed by participants, how do we provide a reasonable privacy and security in the computing continuum?  How do we promote this in the same global environment, freedom of expression?  Many participants called for more education initiatives such as the use of potential online tools to prevent unexpected results.
All in all, UNESCO views freedom of expression and privacy, interdependence within the same Internet and legal framework of Human Rights.  The challenge of applying the instruments exists in the discrepancy of the legal framework between online territory and the real world.  To address these changes UNESCO will continue to promote Internet collaboration between the different sectors.  Thank you.

>> FRANK LA RUE:  Thank you.  With this I pass it on to Lisa.

>> LISA HORNER:  Thank you, Frank.  We're going to try and move into the next session.  That's something that we wanted to address which was really the nature and characteristics of Internet networks and technologies.  I realise we haven't finished the discussion around social media and indeed I think we're a bit ambitious to try and cover all the issues in the short time we had.  But I think we can carry on that discussion into this next theme.  Where I'd like to ask you as the audience, what do you see as the particular characteristics of the Internet networks and technologies that we have and that we want to perhaps preserve or protect?  So I'd like to ask you to make your way to your microphone if you'd like to comment on this.  But please, I'm asking you for maybe 5 words.  I want you to say what are the natures, what are the characteristics, of the Internet that you value.
So if you'd like to answer that in 5 words, please make your way to the microphone.  But in the meantime, we have some comments from a remote participation.  We have Kieren there taking comments from people participating remotely and I think there's some issues relating to social media and also this nature of what it is that we value the Internet?  What is it that we want to preserve?  Thanks, Kieren.

>> KIEREN McCARTHY:  Thank you, Lisa, so while you were all in this room as well we're also being followed by various remote hubs around the world and on online.  In particular at the moment, there's 44 people in Dhaka and I'm not sure how many in Jakarta watching this and providing comments.  We were having a discussion online about something both Frank and David raised which was the issue of privacy and security and it not being a tradeoff.
And Dhaka would agree.  Jakarta said it agrees in general but in implementation you find security is sacrificed such as giving away your mother's maiden name.  We've been running some polls and with regard to social media.  Quite a few people felt social media did live in its own special world and needed special protections mostly for the reasons outlined in the room because it enables person to person, individual interaction.  You don't have to feed through people.  Some people felt that was something that needed to be protected and was worth protecting.
I have some comments very briefly from Jakarta.  They had a longer discussion about this.  Bear with me, it's long.

>> LISA HORNER:  While you find it could I ask David Allen    Richard Allen from Facebook, are you still here?  Maybe we just had a comment there about social media and we know you're here, and it was a comment about privacy and the relationship with social media so maybe you could say quick words while Kieren is finding his words from Jakarta.

>> RICHARD ALLEN:  It's been interesting to be a representative of Facebook at this event given the focus on social media and perhaps that's not surprising given that social media is really exploded during the lifetime of the IGF itself over the last 5 years.  And really to pick up on Cynthia Wong's comments about the value of these services I think it is worth perhaps celebrating the fact that in terms of some of the core objectives of the IGF around inclusion and diversity, and creating platforms for openness, the fact that we now do have platforms like ours that reach 500 million people in over 70 languages, accessible all around the world, the vast majority of those users being over 18 and are engaged in a wide range of activities including very important political speech, and that includes country like Indonesia that we're hearing from at the moment, that I think has been quite a significant step forward.
It does create challenges in terms of privacy I think because of that scale and the ease of access again, as Cynthia pointed out.  I think the fundamental change is one from a world in which we only had large organisations collecting personal data and publishing it about small citizens to now sit citizens being much bigger in their own right as publishers and that raises a number of significant questions.
But I would just say I think it's a mistake to think it's an unregulated space already.  Today if you're running a service, there's a wide range of regulation on everything from privacy to illegal content to advertising and commercial regulation that if you want to be around for a few years, you have to respect, and we work with regulators and different authorities on a daily basis.
So I think that it is a space where the value is enormous, potential is enormous.  Important questions are raised about individuals publishing information but I think the starting point is one in which it would be a mistake as I say to think that it's a completely unregulated space as we exist today.

>> LISA HORNER:  Thank you very much.  I think that's a really useful are reminder, an indeed what we're trying to do here is try and work out, what is the best balance for regulation?  What systems are in place and what can we do better?  What are the roles and responsibilities of different stakeholders?  Do we need the same kinds of regulation that we've had perhaps with additional media?  And how are these issues different?  How can we get the balance right?  But Kieren I'll come back to you now.  Maybe you could follow up with those comments.

>> KIEREN McCARTHY:  That very much for the extra time.  It was appreciated.  As it leads on immediately to where you're going on to, the comments from Dhaka is they feel openness makes the Internet what it is.  Intelligence at the edge and not at the centre is what makes the Internet spread and makes this possible, makes this valuable.  They feel there's enough borders and divisions and boundaries already in place.  And the thing that makes the Internet so terrific is enabled communication in a way the current political systems have never managed.  But very broadly, that we spoke to more people from the Cameroon, Argentina, I'll ask them what they felt the characteristics of the Internet are that we need to preserve.
Almost to a person they said that the openness, the openness of the Internet, the lack of ability to control the Internet, and the free flow of information was what makes the Internet so valuable.

>> LISA HORNER:  Great.  Thank you, and thank you to our remote participants for those comments.  We have a couple of people who have stepped up to the mic here.  I hope this is just a very short, brief statement about what it is about the Internet we value.  Thank you.

>> ALEJANDRO PISANTY:  Good morning, my name is Alejandro Pisanty.  I am from the Internet Society and the National University of Mexico.  First, a few seconds of very important recognition of being able to address Frank La Rue here.  Many Mexican citizens are very thankful for your recent study on the media environment in our country and the statements you made together with the OAS observer have been extremely welcome.
I think that many of us will easily agree that openness is one of the main values to be preserved on the Internet, but I don't think that there's enough depth going on around this thought.  It has to be much more technically grounded.  The Human Rights approach is undeniable once you state it but if it doesn't have attraction, chain, to the technical grounding of what an open Internet means, it may easily become too vague to be useful and lead to some serious weirdness.
We need these debates to be technically grounded.  We have to go up into the higher spheres of principles about the way humankind should develop and come down to a technical basis.  The end to end principle, the interoperability principles, are key to way the Internet is built and governed, and they have to be present in these debates.
It's not just the basic concept of openness that works   

>> LISA HORNER:  Sorry, could I ask you   

>> ALEJANDRO PISANTY:  I have to address a second point here that security is also being dealt with in an extremely vague way.  Mr. Vytautas    I didn't get the family name    I have a chapter in the book on page 46 where I have explored this issue in depth.  There's a time lag of at least 2 years between what happens outside the IGF and the way it comes in here.  I'm revising this figure to 7 years with very basic security principles.  We have again a need to have more exchange and make sure that there's more technical knowledge infused into the debate.

>> LISA HORNER:  Thank you.  I think that's an extremely important point.  And it's really what we're trying to work out all of us I think and I know that coming from a Human Rights field myself rather than the technical field that we always feel we really need to hook up better with the technical community and I'm hoping that in this session, we can talk about some of those technical issues and indeed, that's what this session is about.
So maybe I'll put some of the issues we're hoping to discuss on the table and particularly I think the two that we identified that came out of our prior conversations with people were really the issues of traffic management, and then also the roles of intermediary liabilities.  And here when we're talking about I guess the infrastructure layers, the codes and protocols, layers of the Internet environment, we're talking primarily about service providers so I think we've moved on now from the social media discussion and now starting to address some of those more technical issues.  So there was someone over here who wanted to make a brief comment.  I repeat the plea, please keep it as short as possible because we have a lot to fit in in a short period of time and please introduce yourself.

>> BILL SMITH:  I'm Bill Smith.  I am with PayPal.  So I have 5 words:  Openness, inclusivity, collaboration, experimentation and voluntary.  They are the founding principles and characteristics of the Internet itself, I believe.  And I think it's essential that we continued to live by those on a going forward basis.

>> LISA HORNER:  Perfect.  Thank you.  I'd like to invite Alex here to make a similar contribution.  Please introduce yourself.

>> ALEX:  Alex from the Youth IGF project.  And I really believe that the Internet should remain an open place with youth and mission at its core as it was when it was created so we don't lose the main ethos of the internet in my opinion.

>> LISA HORNER:  I'm hearing these values of openness, interoperability et cetera that we need but then also our challenge is to link them into so what does that mean in practice and what are the practical issues?  Next at the microphone we have John la prize.

>> JOHN LAPRISE:  I'm John Laprise, a faculty member at the Northwestern University in Qater.  These are the words of one of my students and that is the Internet is important because precisely it's not like the real world.  They can do things there they can't do in the real world, and the ideas of freedom of expression are very important.  Thank you.

>> LISA HORNER:  Thank you for that.  So I'm hearing these ideas of openness and freedom but as I said also the plea to really get down to the nitty gritty here and understand what we're talking about.
So I'd like to maybe perhaps move the discussion on a bit.  We have some feeder workshops that we wanted to invite to comment on these themes but I'm wondering if we could bring them in at the end to help us wrap up and return to these grand notions, these principles and values and see how they relate maybe when we start talking about specific themes.
I'd like to perhaps move on to one of the areas we wanted to look at here which was that notion of traffic management.  Obviously, we have maybe what's now an idealized version of the history of the Internet where it was open as we had one of our speakers mentioning, where we had the end to end principle.
But things have since moved on.  So in this session we really want to talk about whether it's okay if certain types of content are given priority across the Internet.  For example.  Obviously, back in the early days, the network wasn't so capable of distinguishing between different types of content online.  But now, new tools, new technologies are being used to manage the flow of data across the networks in new ways.  And I know there are concerns that this will be used purely for commercial gain and there's a worry this might undermine some of the openness of the networks that we've seen.
We need to look at whether there are security issues here, whether there are privacy issues here as well.  So I'd like to invite Vladimir from the DiploFoundation to give us very brief if you will Vladimir, just three sentences hopefully from your workshop that you had on the issue of network neutrality yesterday.  Just some key points to provide a basis for discussion as we move forward.  Thank you.

>> VLADIMIR RUDONOVIC:  Thank you, Lisa.  Two pages but I'll try to squeeze to three sentences, kidding.  First topic was new developments in technology, and the need for future network management especially when it comes to wireless networks and having in mind the next billion of users will be connected through wireless and mobile networks.  The second one was back to the principles that have already been discussed in the earlier years of non discrimination, transparency, choice of services, on the Internet that we are using.  The third one was the notion of new business models especially mentioned also in the Google Verizon policy proposal where certain new advanced services might be prioritized.  Yet business noted that this would not impact the Internet as we know so that would be an additional service.  It is still more to be discussed on how it's going to go.  And there is a special concern of developing world when it can comes to the investments which are needed from the business on one hand, and on the other hand, of the innovations from small business that might emerge in developing countries and then freedom of choice, especially having in mind high prices and small, limited bandwidth in developing countries.
The fourth topic was how to do that.  Transparency was definitely widely mentioned as a key point, definition of transparency is something we still have to work on and there were two different approaches.  One was mostly suggested by business, which is competition and case by case resolution of problems.  On the other hand, by the regulators who mentioned that the soft law might be the best way, basically the coordination of the stakeholders to reach the principles that all should respect and that can be guided by the regulators as the safeguards that concerns of people from developing countries was that the pure competition based regulation of network management might not always be best because competition is not always available especially in developing countries.
And the last point was future steps.  That we need more formal participation from people from developing world to raise their concerns about network Manager and network neutrality and we've heard very good valuable inputs yesterday.  I think they were helpful for the business sector as well.  That maybe the panels next year might be divided, maybe we can have more panel and give more focus to technical economical user choice aspects and lastly we should continue with discussions between the Forums including regional forums of course and one of the invitations was also on behalf of Diplo to continue discussion at discuss.diplomacy.edu.  That's it for the panel.

>> LISA HORNER:  I think you've provided us with interesting points for discussion so let's try to pick them out.  Please make your way to a microphone if you'd like to speak on these issues, if you have a contribution to make.  We'd like people to respond to Vladimir's suggestion that we need people from all around the world and particularly from developing countries.  If you have an opinion on this, please come to the mic.
Are the issues we're dealing with here are they different in the wireless world as they are in the fixed line world?  What is the difference between these issues?  And do we need to be thinking about them in different ways?
Does anyone have any thoughts or comments they'd like to make on these issues?  So maybe with that I could invite Patrik Hiselius to make some comments.  If you'd like to comment on how we manage these networks please make your way to the mic.  In the meantime Patrik what are your thoughts on these issues and more broadly on the nature and characteristics of Internet networks and technologies?

>> PATRIK HISELIUS:  Thank you, Lisa.  My name is Patrik Hiselius, and I represent Teliasonera, the leading Telecom operator in the Nordic and Baltic region.  So the question that I have been considering is if a degree of traffic management is necessary, can we agree on certain principles, limitations or boundaries?  Let me start by putting this question on openness in perspective.
This is the leader published in the Economist, September 4, a couple of weeks ago.  Its named:  The Web's new walls.
There are indeed threats to Internet's openness and any future possible network operator misconduct is not the prime.  Governments are tightening controls.  Internet companies are building walled gardens like closed email systems and integrated Web basbed services.  Apps on your display is a more close world than Web browsing.  Then there is the can discussion about operators and openness.  When it comes to operators and openness, the economist leader states, quote, net neutrality is difficult to define and enforce, and efforts to do so merely address the symptom, concern about discrimination, rather than the underlying cause, lack of competition, unquote.  In line with what was said by the previous speaker here.
In more and more geographies, there is competition and offers of Internet access.
In many places like in the Nordics there is fierce competition, so if an operator would discriminate between content providers, customers would leave for another ISP.  Here we come to the a principle that we should apply and I agree the principle of transparency.  The user needs to be informed.  What such user information should contain that must be discussed.  There needs to be user friendliness and not several pages of technical and legal text so in our strive for competition on providing Internet access do we also need limitations and boundaries?  I would say no.  Rather we need flexibility, flexibility for business to develop and flexibility to meet user needs and if there have been a need to regulate, I.E. defined limitations and boundaries, how would we through regulation define Internet access?  Nationally?  Would this be helpful for global Internet neutrality?
In any case, the specific access operator cannot control from A to B what will happen with communication which travels over the Internet.  Let me conclude by saying in my view there is one more principle that we can agree upon and that is non discrimination.  All content and application services should flow across networks.  This said, all types of applications will not be included in all price models in all offerings but provided as options.  That is obvious already today on the mobile side.  Thank you.  

>> LISA HORNER:  Thank you, Patrik, for that intervention and,
again, I think useful fuel for thought there.  We have an introduction
for some positive principles we could be working around to help us
guide our way and navigate through these issues.  Principles perhaps of
transparency and nondiscrimination.  We need to think in terms of what
boundaries there are to these issues.  We're also thinking a little
more broadly about the roles and responsibilities of different people
and what working and acts at these layers.
So I'd like first to go to our remote moderator.  I think there's
comments coming through or that he has some points to make.

>> KIEREN McCARTHY:  An interesting comment approaching it from a slightly
different angle, One of the remote hubs.  In their country ISPs are getting
pressure from movie companies to prevent movie copies being
downloaded from Torrent and Torrent software.  And pressure on the ISPs
to cut off service to those that are downloading the movies.  Their
question is what should service providers do in this situation?
It's another side of the debate which is commercial pressures put on
to ISPs in order to prevent copy right, restricting to a certain degree
the openness of the Internet?

>> LISA HORNER:  We're talking about a range of actors, different
roles and responsibilities and think there are were interesting points
coming through there.  Looking at them from a slightly different angle.
As I said, please do come up to the mics if you'd like to make any
comments.  We now have Kurt Opsahl, to comment on the roles and
responsibilities of those intermediaries.

>> KURT OPRASAHL:  Thank you, yes.  Kurt Opsahl, Electronic
Frontier Organisation, a nongovernmental organisation dedicated to
defending civil liberties and rights online.  The Internet is an engine
of expression.  It represents an extraordinary advance in the
availability of information and opinion and intermediaries are the
means by which people exercise the freedom of expression, making
available new avenues for creativity, collaboration and civic
discourse.  These online content has flourished because of policies
reducing the cost and barriers of user-generated content.
For the Internet's infrastructure to allow users to post opinions
would you tell us interference and allow users to seek, receive and
impart information, it's critical to have the policy infrastructure
that maintains this engine of expression.
The protection of students -- of citizens' freedom of expression,
privacy and due process has to be a primary public policy objective.
And citizens are directly impacted by Internet intermediary liability
and obligations.  Citizens are impacted because of the vast diversity
of information and opinion on line as all hosted and transited by
intermediaries.
We enjoy such a wealth of content because of the policy of posting
first and asking questions later.  To maximize the amount of
information available, it's final for intermediaries to allow posting
without ex ante review.  Posting out ex ante review, however, requires
limitations of liability so the platform is not held liable for what
the speaker has said.
And user generated content websites have provided a tremendous amount
of culture and value.  But they cannot function under regime where
somebody has to look at and review and analyze the material before it
goes on line.  So imagine a different world in which you submitted a
video for an online website and it took six weeks for the backlog to be
cleared and the video to go on line.

>> LISA HORNER:  Could I ask you to wrap up there, Kurt, please?

>> KURT OPSAHL:  Yes.  Thank you.  There are problems as well is
technical filters.  It's ineffective at determining whether there are
torts like defamation and like privacy violations.  For copyright
violations they're ineffective at determining whether it is a lawful
use of the copy right.  So that any form of ex ante review has severe
problems.  Ex post review must protect for due process and protect
against misuse.  Notice and take down regime that removes content
before judicial determination can become a de facto censorship range at
least for a short time because it's time sensitive and even a few days
of down time can be a serious blow to freedom of expression.  To the
extent that the governments are deputizing intermediaries to engage in
public policy objectives, they must do so affording the full rights to
the citizens including due process.  So the most appropriate role for
intermediaries is limited to simply forwarding notices of alleged
problems to their customer and then allowing the judicial system to
determine the subsequent set.  And this includes protecting the
identity of the user and anonymity is an important aspect of allowing
full and open conversations on line.  And cannot be given up lightly
without judicial process.

>> LISA HORNER:  Thank you.  Thanks very much.
I'm going to suggest that we move on this session here.  We haven't
had anyone else who looks like they want to speak on these issues.
So I think we've had a lot about the roles and responsibilities of
different stakeholders and I think it's coming through quite clearly
that there are principles here that we can be using and drawing on to
guide us in our work.  And all of us as different stake holder,
transparency, openness.  The importance of due process, the importance
of these principles which have been long established and which do apply
equally off line as they do on line.
I'd like to invite you all to reflect on these issues.  Right at the
end of the session we're going to be inviting people to make final
comments and to describe what they are taking away from the session.
So that might be a time when you'd like to intervene and give us your
thoughts.
For the time being I'd like to move on to our next issue, which was
really the issue of interoperability and open standards.  I'm going to
invite my colleague David to lead that session.  In doing so I'd like
to maybe suggest we use it as a bridge into the next session.
And we've heard quite a lot about interoperability, and maybe we can
focus specifically on the role that the technical standards can -- the
role that they play in helping us to achieve that before we move on to
our discussion on international collaboration.
I'll hand over to you, David.  Thank you.

>> DAVID HOFFMAN:  Thank you very much.  This is the portion of the
programme we want to talk about Internet operability and technical
standards.  I talked in my opening about this evolution of this global
digital infrastructure and the tremendous value we get out of the
Internet as a global mechanism for conversation and communication and
for free speech.  It is difficult to think how that would be possible
without interoperability of the different subnetworks that end up
making up the network.  And the different slices of the hardware and
software stack that are created as part of the technology.
And so I think the real question is what really are the role of
technical standards as a part of interoperability?  And what are the
impacts to security, privacy, and openness from these -- from
interoperability and technical standards?
So I believe we have at least one person who will be sharing their
views with us.
Ask you to introduce yourself and then to offer your intervention.

>> PRANESH PRAKASH:  Thank you, David.  My name is Pranesh Prakash,
I work for the Internet Society in Bangor.  Standards are the
infrastructure on which we carry on our digital interactions.  They can
be anything from network standards such as the Internet protocol to
markup standards such as XML and HTML.  These are important because of
our choice of infrastructure determines what we are able to built on
top.  And the rules by which our interactions take place and they
themselves present policy implications.  For instance our choice of
network standards Bated on end to end principle determine how
censorship can and cannot take place on the Internet.  Some policy
implications are in the realm of governance.  Standards determine how
governmental departments interact among themselves and how citizens can
interact with their government, thus having implications on citizens'
rights.  Some policy implications are in the realm of access for
persons with disabilities, for illiterate people, for the aged, for
developing country governments.
For instance, can your screen reader understand what is written on
the Web?  Can your government afford in all senses of that word, to use
proprietary standard?
Some policy implications are in the realm of the rights of consumers.
Can you as a consumer download data stored in gmail or Facebook and
move to a different system?
This races a question of interoperability and openness which is often
a short form of saying allowing for innovation on top of existing
infrastructure.
So our choice of standards are important and thus equally important
is the way those standards are formed.  They're through a transparent
inclusive and participatory process or imposed de facto through
monopolistic practices?
And how those standards are available for use?  They're openly, to
those who want to implement it and as certain -- Lee reminded us in his
address in Sharm El Sheikh last year, without any associated royalties
and owner's conditions.  That the present forum recognizes this is
shown bring the fact that open standards are promoted in the business
declaration of principles and in the Tunis Agenda.  However, having
said this, I have to underline the fact that open standards, while they
are a necessary condition for development, for innovation e for
guaranteeing many aspects of citizens, consumers, nonparticipatory
producers, freedoms, they are not a sufficient condition.  Even if a
government uses open standards, if it doesn't allow for transparent
interaction with its citizen, the open standards do not fulfill their
potential.  Even if a social network stores user uploaded data in an
open standard, it can still choose to prevent its users from
downloading this data or from accessing this data using third party
tools.
So it's quite clear that -- would not exist without open standards.
And the Internet governance forum provides an ideal process and
platform to push for issues that require reflection on such
interconnected issues.  Thank you.

>> DAVID HOFFMAN:  Thank you very much.  Your comments are well
received.  The value to openness that come about from the use of
technical standards creating that interoperability are tremendous.  I'd
like to now go to the remote moderator.  I understand there are
comments that have come in.

>> KIEREN McCARTHY:  So we asked a question are closed standards a
threat to the Internet?
And got an interesting response.  So 43 percent of people said no.
28 percent said yes.  And 28 percent said they were unsure.  So I have
a few comments from the different people which I think give a range of
sides on this.
Cameroon said yes they are -- because exclusive networks may prevent
them from communicating others and the Internet is the network of
networks.  So they need to be able to understand one another.  On the
other side a lot of people felt that the basic Internet protocol,
Indonesia and the Philippines felt the basic Internet protocols
developed in the ITF are open and need to be kept open.  They thought
people adding proprietary technologies such as Skype, the iPhone and so
forth, because they add value to the Internet.  Another quick comment
was if the standards are put in place by a sufficiently wide selection
of stakeholders and industry and tech, and with input from the user
community, then they're very useful for furthering technical
development.
And very lastly, people feel broadly that proprietary standards are
fine so long as they are not in the core application, so long as they
sit on the edges of the network.

>> DAVID HOFFMAN:  I think this is very important, this notion that
there are elements and times when it's going to be very important to
have open standards.  And portions where it's absolutely appropriate,
especially to encourage economic growth and entrepreneurship to have
proprietary standards.  I would encourage everyone who wants to share
comments on these issues to go to the microphones.  And we'll now
proceed forward with our third theme of our discussion, which is around
international cooperation and security, privacy and openness.  And I
first would want to bring the discussion -- I think -- really like to
get a practical conversation about how do we encourage more of that
international cooperation and collaboration.  IGF is a fantastic place
for us to have that discussion since this is a unique multistakeholder
dialogue.  To kick this discussion off I would like to first go to ask
Lisa to lead a discussion around openness.

>> LISA HORNER:  Thanks, David.  I would like to keep this brief.  I
think we have quite a lot of openness, which is natural because it's
such a cross cutting issue.  I see someone has come up to the mic.
Was that the issue you wanted to talk about there?

>> AMELIA ANDERSDOTTER:  I just wanted to point out first -- hello,
my name is Amelia Andersdotter, I come from the Swedish Piratpartiet,
European Parliament.
I think the question about open standards is very often discussed
from an economic or a business perspective, but it's actually more
about the values we have in society as a whole.  So we need to have a
discussion about open standards as a promoter of democratic rights and
of freedom of speech.
If you look at open standards purely from a technical perspective,
you have the Hungarian government.  I heard some were implementing very
good open standards in their document systems.  It's just that many of
the documents they published are handwritten, scanned-in documents.  So
it's still very difficult for citizens to read them.
Similarly, France issued the French authority -- issued the press
release just available that they won't use open source.  An open source
piece of spy ware to help users monitor the peer to peer -- habits so
it will be more difficult for -- to eventually shut users of the
Internet after demands from the copyright lobby.
So open standards should -- and what is often lacking in that
discussion is the democratic rights.
If we use openness as a model for a society and democratic rights for
model for society, we will eventually have open standards as a
counsels.  Yes.  That was my contribution.

>> LISA HORNER:  Thank you.  I think it's a really interesting way to
look at things.  I think we had someone urging us earlier to think
about really a technical dimensions, all of this.  And then we have the
opposing side or complementary side that really, yes, but technology
you can't untangle it from values.  Looking at how the technologies we
have will affect our values and how we want to achieve through them I
think is an important point.  The role of technical standards can
enable different types of technologies, and it's really important.  And
I think that brings us nicely on to this theme of collaboration around
openness.  We do have some discussions that we were asked to make a few
words.  I would urge them to make them extremely brief.  Then we can
look at the security and privacy dimensions of collaboration.  I would
like to start with Johan Hallenborg from Sweden to talk a little bit
about the work that they're doing in this field.  Thanks, Johan.

>> JOHAN HALLENBORG:  Thank you very much, Lisa.  I'd like to start
by congratulating the organisers.  Very useful and fruitful session.
Just some remarks from our side.  Security, openness and privacy on
the Internet are fundamentally about our possibility to enjoy our human
rights in the Internet context.
Most notably the freedom of expression and the right to privacy.
Therefore Sweden believes it is of vital importance to address these
issues from a Human Rights perspective.  The core Human Rights norms
were established in binding U.N. conventions almost 50 years ago.  In
many specific contexts these norms have been interpreted and further
developed and refined.  Even in some cases paving the way for new
conventions.
A lot remains to be done to give meaningful interpretation to the
core Human Rights in the Internet age.  And Sweden believes that there
is a need to address this issue with some urgency.
We have a responsibility to ascertain that such participation is
done in accordance with the spirit of the norms much we now see
worrying trends around the world that point to the contrary.  More than
100 bloggers and activists are in jail for merely expressing their
views on the Internet.  This is against the spirit of the norms and is
not acceptable.
Although we believe that there is no need for new Human Rights, we
are convinced that the international cooperation on these issues is the
only way forward.
A critical mass of governments and other stakeholders must agree to
make this happen.  Several recent initiatives point to the growing
momentum around this issue.  And this is something we welcome.
On our side we are providing support to the U.N. special Rapporteur
on freedom of expression and we look forward to his report to the Human
Rights council on this issue next year.  The first expert meeting on
this issue was arranged in Stockholm in June this year to be followed
by regional consultations and a second expert meeting in Sweden during
next year.
We have also initiated a cross-regional statement in the Human Rights
council on Human Rights on the Internet last June.
With the support from a group of countries from an all regions around
the world.  Sweden will continue to give this issue priority in our
work.
Due to the unique character of the Internet with its many cooperative
and individual actors, developers and managers, it will be of
continuous importance to retain the multistakeholder approach to
Internet governance.  Where we also accept and understand our different
roles and responsibilities.
Consequently Sweden also welcomes initiatives by civil society
networks such as the work done by the dynamic coalition on Internet
rights and principles.  With our draft charter on Internet rights and
principles.  Such policy frameworks serve to take the debate further.
Finally, we would welcome more governments' participation in such
initiatives since this nurtures the discussions on Human Rights
application on the Internet, and this is an issue that governments are
going to have to address with more vigor in the near future.  Thank you
very much.

>> LISA HORNER:  Thanks for that.
If there are any governments here who can respond to that, let us
know what you're doing in any of these areas.  Please do feel free to
stand up and take the microphone.  I would like to call on human rights
watch Arvin, and I think that would lead on some of the points that
Johan was making.  If you can give us one sentence really about your
experiences here and at the IGF as someone who has been working
traditionally in the Human Rights sphere.  Thank you.

>> ARVIND GANESAN:  I wanted to briefly say,

off the
comments from the Swedish government, there are two issues critical to
keeping openness on line.  That is, one, government should collectively
stand up for freedom of expression and protection of privacy on line.
And that will require governments to work together to ensure that there
is a respect for Human Rights within their jurisdictions as well as
collectively abroad.  To make sure that the governments that are trying
to shut down this space are prevented from doing so.
And second is to ensure that the companies that have provided the
innovative technologies and services to make the Internet open actually
commit to keeping it open through adoption of standards and principles
to do that.  Such as the global network initiative.  But I think it's
essential that both companies and government make a commitment to
freedom of expression on line.  Thank you.

>> LISA HORNER:  Thanks very much.
And you made a love life perfect bridge there into -- I'd like to
invite Susan Morgan from the network initiative.  I think this is an
interesting way and we should all be thinking about what are the
practical things we can be doing.  And I think this initiative is a
good example of the practical things we can be doing.  And also maybe
some of the privacy aspect of the debates we're having.  I know you're
working also on privacy issues.  Thank you Susan.

>> SUSAN MORGAN:  Thanks very much, Lisa.  Just a few words of
introduction about the global network initiative.  We're a
multistakeholder initiative engaging companies, academic, investors and
civil society.  Really looking at how to work to protect freedom of
expression and privacy on line.  And it's going to see some
representatives from member organizations here today such as Google,
Microsoft, the electronic frontier foundation and Human Rights watch.
I'll talk a little bit about the work that we have been doing.  And
there are four key things I will highlight.  The first is the framework
that we've developed.  Really to help guide information communication
technology companies in the decisions that they're having to make when
they're faced with government requests and demands.  So I'll just give
two examples.
One is in the blocking and removal of content or the second is the
request to hand over informational data about users of their services.
Another part of the work that we're doing is setting out the
importance of developing mechanisms and expertise within companies to
help understand and address the Human Rights risks that they're facing
in their business.  That's true in the markets in which they operate,
the products and service that they sell, and the technology that
they're developing.
Under pinning the framework that we've developed three key things.
The first is an accountability process to assess the way in which
companies were implementing the framework.  The second is policy
engagement.  And the final thing is shared learning in a shared -- in a
safe space to really explore the issues and develop good and best
practice.
And if you'd like to find out a little more about the global network
initiative, there are a few brochures just at the front on the table.
Thank you.  

>> LISA HORNER:  Thanks for that.  If anybody has any ideas, thoughts comments on what you've heard so far I urge you to make yourself known to the people with mics, come up to a microphone and we'll invite you to make your contributions, let us know your ideas, let us know what you're doing in this field.  What do you think needs to be done to foster international cooperation and collaboration in these important areas, while always thinking about how to from bring these three issue areas together:  Security, openness and privacy.
With that I'd like to hand back to David to take us forward with this session.  Thank you.

>> DAVID HOFFMAN:  Now we'd like to transition to talking a little bit more about security.  We've talked quite a bit about the greater reliance that individuals and entities have on the Internet, and the digital infrastructure.  We've also heard a number of interventions on the need for greater security, particularly we heard from the representative from the Lithuanian Government about several events in the past of malicious and potentially criminal activity that have gone on that create a need for us to have the greater discussion about how to achieve a higher level of security.  So we wanted to break this up into two separate parts.  Talk about what role could standards play in that discussion?  And then talk about how we can have a greater role for collaboration to achieve a higher level of security.  So we have several people who have already said that they would like to intervene on these topics.  The first, is Markko Kunnapu.

>> MARKKO KUNNAPU:  I'm Markko Kunnapu from the Ministry in Estonia, and currently I'm chairing the Cybercrime Convention Committee as well and I'd like to speak a little about the importance of the international cooperation and minimum standards.
In order to cooperate with each other, the states who want to cooperate, they need a minimum standard.  They need a certain legislative base, certain level of harmonization in order to cooperate.  As regards minimum standards with regard to the fight against Cybercrime in terms of criminal justice then actually we have minimum standards in place already.  There are standards and they are quite widely applied all over the world and those standards are provided by Cybercrime Convention or the Budapest Convention.  Beside the Budapest Convention there are also plenty of other tools, instruments and best practices in that matter.
And we have seen so much progress since 2006, since the first IGF took place, and right now, we can see that there is global legislative process going on all over the world.  Governments and then states are implementing their legislation, and the Budapest Convention is taken as a basis, taken as a guideline.
And I would also like to point out that the IGF as a Forum, as a multistakeholder process, has been a very helpful to achieve those results we have right now.  And to conclude my short intervention, I'd like to point out that first, we have already minimum standards.  The standards are there and needs to be applied by the states, and various and internationally legally binding instrument on the fight against Cybercrime.  This is the Budapest Convention, and here I would like the states to encourage to join that club.  Thank you.

>> DAVID HOFFMAN:  Thank you very much.  And I think that's a very important intervention to note that there has been a tremendous amount of work that's been done.  The Convention is an excellent example of a framework that's created to allow different countries to be able to communicate and to move forward in this area.
I would like to encourage people to approach the mics if you'd like to make comments, also we will move forward with people who have also said they wanted to comment in the past, and particularly I'm interested in whether people think while there has been a tremendous amount of work with the Convention, there's been a lot of work done on best practices.  Where do people think this are gaps?  Where do people think there's work that still needs to be done and who should do it?  While we wait for people to come to the mics, Alexander, would you like to make your intervention?

>> ALEXANDER SEGER:  Thank you.  I'm also from the Council of Europe.  I participated in three workshops that were related to Cybercrime, cybersecurity, cybersafety, workshop 172 on public private cooperation organised by the Netherlands.  The workshop 123, organised by The World Bank, and workshop 23, organised by the Council of Europe.
And the points that I retained from these workshops are the following, picking up from what Markko said before:  Tools, common standards, good practices are already available and applied in many countries but full implementation of all of these globally is the most effective way ahead to help countries deal with Cybercrime.
The different workshops and also a few months ago United Nations crime Congress agreed that there is a strong need for capacity building at the global level to help countries implement what is already there, and here a stronger involvement, a stronger contribution from development cooperation agencies is required.  We should make Cybercrime an issue of development cooperation.
The different workshops pointed out there are many examples of multistakeholder cooperation including public private cooperation.  In workshop 172 organised by the Netherlands, it was noted that progress has been made in the way industry, Government, and law enforcements cooperate, coordinate and share information but in order to advance, we need to define more clearly who are the partners in these partnerships.  What are their roles and authorities?  What can they do and what can they not do?  What is the legal basis in order to prevent and disrupt attacks, prosecute criminals, investigate fraud, confiscate proceeds from crime and many other questions.
In the different workshops, it was pointed out that measures against Cybercrime are composed of many elements, that includes prevention and awareness, technology, but also criminal justice measures.
I think it was in The World Bank organised workshop where the analogy was used of a house on fire and the Fire Brigade.  We said of course the first priority is to put out the fire, to mitigate the impact but then the question I would raise is if you know that the same person puts many houses on fire, then probably the most effect I've way is to go after that offender.  If you know there are about 100 criminals around the world responsible for over 90% of the fires around the world, you should try to cooperate to go after the 100 criminals.
We should also point out and this was raised in several of these workshops that criminal law is not only there to catch criminals and to deter crime but also to prevent abuse of power, to establish safeguards and conditions in procedural law and ensure due process is followed and that rule of law and Human Rights are respected.  Countries are rightly so very cautious when designing criminal law measures.  The disconnection it was felt there's need for stronger cooperation between the ICT communities and the criminal justice communities when designing measures against Cybercrime and that not only at a domestic level but also at that time international level and the disconnection this would mean that also the ITU and the Council of Europe and others need to cooperate stronger with each other.  The final point raised was perhaps we should think about a mechanism, a sort of Cybercrime action Task Force or something similar to mobilize resources for capacity building but also to monitor progress made by countries in the measures against Cybercrime.

>> DAVID HOFFMAN:  The comments points made there and I think very thought provoking particularly around the need for more work on creating the roles and responsibilities and the forms for these effective public private partnerships, to move forward with the kind of collaboration that we need.  I've gotten a couple of notes from people who want to make interventions from the floor.  We also have comments from the remote moderator.  I'll ask everyone to really limit your comments as much as you can since it appears there are quite of few people who want to speak on this topic.  I have someone from the BPD wanted to intervene?  Tadeusz Golonka.

>> TADEUSZ GOLONKA:  Thank you very much, I'm from Poland.  Not so many people from Poland.  I'd like to give you impression from this area in Poland.  In this session we're hearing the Internet is creating security and safety risks for users, but in my opinion, bad actors are responsible for most online security and problems like crimes, cybercrimes fraud, phishing scams.  During the workshop 123, our participants heard the term "crime fire brigade," yes.  Users and business need more help from law enforcement.  But we don't need new entity, new agency.  We have an example in Poland with a new agency.  In Poland we have many evidences that in this area:  Cybercrime Department of Polish Police works pretty well, even having so many jokes about the police.  No jokes about the Cybercrime Department.  I never heard, never found on any Web page.  Maybe you'll know what this means the Polish jokes so you can see the difference.  Different people very well educated, good infrastructures,  procedures and international channels for cooperation.  In my opinion, we must cooperate across international borders and move quickly as soon as we identify the source of cyberattacks, attempts to hack into websites, and threats to personal safety.  In my opinion, crime fire brigade is good, yes, but inside the police structure.  Thank you.

>> DAVID HOFFMAN:  Thank you very much.  I'm getting buried under a flurry of documents from people who want to intervene.  We'll quickly go through so everyone can get a chance to intervene since that's the whole reason why we're here.  To the remote moderator.

>> KIEREN McCARTHY:  Very quickly we asked people, do we need global security standards?  The interesting element of that was the majority of people were unsure, they're not sure.  After that, it was yes.  People were drawing a distinction between standards that are best practices guidelines and standards that are put in place by countries or economies which broadly people don't like.  For several are reasons, one because they felt if you have standards then you find standard ways to get around them.
Most of the people felt that global standard guidelines would be very useful because the risks are global.  And they would also help maybe mitigate some of the misdirected or Draconian measures that some Governments put in place in an effort to provide greater security for them and their citizens.

>> DAVID HOFFMAN:  Thank you very much.  I would now like to ask if Martin Boyle might be able to do his intervention?  Martin, are you available?

>> MARTIN BOYLE:  Thank you, David.  I'm Martin Boyle from Nominet, and we organised Workshop 112, protecting the user in an online world.  I'm going to try and summarize what was actually a brainstorming session that covered a vast number of issues into just three headings.
What we did was a very panel light session so that we managed to engage the audience, and we had a very, very active discussion.  We started    well, no, my first point is the idea of trying to identify the specific issues in cybersecurity and Cybercrime that you're trying to address.  Otherwise you've got a massively broad area and you just can't cope.  So what we concluded was that you needed to try and find things that you could address into a narrow enough package where you could do something about it, and then take those practical steps, looking for solutions.  And in that discussion, there was the concept of the incentive for industry itself, which is their reputation.
Remembering a comment earlier about the attack on Estonia, this was something that came up in a very much more general manner, and that was about the fact that for the infrastructure, there has been now the development of quite a number of cooperative arrangements that help the infrastructure operators to move very, very quickly, so the attack on Estonia probably helped to stimulate that, but certainly, we didn't pick up specifically on that one attack.
My second point was    well, this actually came up, led into, by the young people who were involved in the discussions in the session.  And it goes back to comments that young people made in Sharm el Sheikh, that they wanted to have access.  That's what they wanted.  But at the same time, they wanted to be safe, so they wanted to see, access, what they wanted, but they wanted that round of safety.  And in the discussion yesterday, we got the intervention from them of the need to help them understand the implications and also came in very, very firmly about the responsibilities of digital citizenship.  And that then led on to that wider discussion, wider point, of education, that people need to be helped to understand the consequences of what they're doing, the implications of the actions they're doing, so that when somebody uses a mobile phone to make a payment, they're actually aware of exactly what it is that they're doing so that they can make the right decision.
Education was a very, very important one, and there was a clear feeling that we needed to have very, very strong intervention by the various actors to make sure that people were brought up well to speed.

>> DAVID HOFFMAN:  So what I hear, Martin, is I hear people have a real perception that they know that they are at risk, but they don't    they have not been educated on particularly what they can do to avoid the risk.
We're going to have to move on very quickly so if I could ask you to quickly summarize the rest of the points.

>> MARTIN BOYLE:  You're right, but in fact, actually, the education point was to help them understand the risk and they have got risks.
And the last point was about legislation.  Legislation is not the best solution.  If it's going be effective legislation, it needs to be enabling legislation, not focused on particular issues.  It usually isn't.
There was a very clear point that we haven't solved crime in an off line world.  That doesn't stop us trying to address crime in an online world, but we do need to be quite realistic.  Business needs to take its responsibility and show leadership, and there is a shared responsibility for safety and security, the ownership leading to a partnership for prevention.  Thank you.

>> DAVID HOFFMAN:  Thank you.  I would now like to call on Wim Rullens to make an intervention.

>> WIM RULLENS:  My name is Wim Rullens.  I'm from the Ministry of Economic Affairs from the Netherlands, and I would like to report back on the discussion we had in the workshop on the importance of public private cooperation in the fight against Cybercrime.  This workshop was organised by several parties from the Netherlands and was moderated by Liesyl Franz.  It illustrated a number of good practices namely from the U.K., from the Netherlands and the most recent model from Georgia.
It is important that public and private parties work together on solutions to combat and prevent Cybercrime through cooperation and self regulation thus avoiding the need for new regulation on top of already existing laws.  Governments are interested in doing that because they know that laws rarely prevent what they forbid and private parties are interested to cooperate because they want to avoid new regulation, but also because they want to show responsibility and to have a good corporate image.
The experience in these countries also shows that starting small and learning by doing works best.  Do not try to solve everything at once but see what is working, and what is not.
We had a dialogue on some of the issues and which were brought up and some of these points I want to mention here for further discussion.
Everyone sees the need for public private cooperation in the fight against Cybercrime but the question is how does this public private cooperation refer to the Democratic oversight?  How do we deal with transparency, accountability, and democracy?  Another question.  What is Cybercrime?  How can we precisely define it?  We need to define it.
ISPs have engaged in the fight against Cybercrime, but sometimes authorities tend to stretch the definition of what is clearly illegal to what is unwanted, and that's a much more subjective criteria.
It's important to all stakeholders to invest in building trust and demonstrating value and cooperation between all parties involved.  To name a few important ones:  Industry, Government, Parliament, Civil Society.  We need to move from action in isolation to action in collaboration, and we need to move from suspicion to trust.  Issues like tracking down and prosecution is very important, but they're not the real solution for the problem.  You have focus on prevention, including awareness.

>> DAVID HOFFMAN:  Could I ask   

>> WIM RULLENS:  Some successful National projects were shown but in the end that is not enough.  International cooperation is needed, because of the inherent cross border nature of Cybercrime.  A case was presented also including    involving international partnerships.  The Cybercrime working party was presented, and this is a cooperation involving private parties such as Microsoft and Internet registries, and Government law enforcement agencies, and they are working together from several countries.
So they have made a start, and now we need to build it out.  Thank you.

>> DAVID HOFFMAN:  Thank you very much, and thank you for highlighting the need for collaboration between the different stakeholders, but then also the nature of the need for the international collaboration.  One of the notes I was pass, there's someone who also wanted to make an intervention calling on the specific need for international cooperation.  Is Wout de Natris here to make the intervention?

>> WOUT DE NATRIS:  Thank you, Chair.  Feeding on Wim's comments.  It's the Cybercrime working party which is the cooperation between RIPE NCC, RIPE members and different people like the FBI, the Dutch High Tech Crime but also the EU and public prosecutors on Cybercrime for several countries.
The IGF I was there last year and basically I'm going back with the idea of the multistakeholder approach, and started to work on to create an environment to build trust between all these different parties because all the suspicion I saw something that really needed to take down.  To have resulted in 6 months in several projects that were identified between these partners I mentioned, and it's from something simple like standardized information forms from Government to agencies, to industry, to all sorts of identifying problems and concerns that we all have.  And from these concerns, we try to get to a common standard and common answers to the problems we see.  We do that through organising trainings, technical people from one side, from the industry, training people on the Government side.
We have identified concerns, and one of them is to find a way to organise some sort of a tabletop conference, which is what I want to focus on.  Which is to bring all the people which are now industry, Government, who are they?  Are they all here?  What do they exactly do on the Internet to make the criminal from A to B, make sure he gets his money and ships the illegal products, whatever they are, to the end user?  So who are there involved?  What is their role?  What sort of terms of contracts do they have?  How could they intervene with the process, and maybe come up with a common solution.  And we can only do that in my opinion in a neutral, friendly environment like the IGF, by inviting these people to express their concerns to the world and from there look at what are possible solutions.  And that's my suggestion for next year, to try and organise that sort of meeting with the IGF.  Thank you.

>> DAVID HOFFMAN:  Thank you very much.  Perfect time for that intervention to provide an example of the type of venue that could be provided for further collaboration.  We have a participant from China who has asked to be able to participate.  If Mr. HOU Zhaoxun, if you could move to one of the microphones.
I want to say so many people would like to intervene, I will transition to talking about privacy to make sure we get into that and that everyone has a chance but if people while we're talking about privacy want to come back and talk about security, we should do that, also.  But I want to make sure we don't have the folks who want to talk about privacy not getting that opportunity.
[ No English translation ]

>> MR. HOU ZHAOXUN    Good afternoon, Mr. President,It’s a great pleasure for me to attend such an important conference where friends from different countries and regions can frankly share opinions and exchange ideas. This will make the conference a success and also promote the development of Internet.
Now since I have the microphone, I would like to ask a question -which country has the largest number of microphones? My answer is China.
How many microphones are there in China? At least 420 million. Because China has 420 million Internet users, the largest group in the world. The number of microphones is 700 million because China has 700 million mobile phone users, also the largest in the world.
The era of the Internet can also be called the era of microphones. In China, it has been increasingly popular to use those invisible microphones in everyday life and work.
What do they use the Internet and mobile phones, those invisible microphones for? They can be used in expression, socializing, work or entertainment. As for the use of microphones for Chinese people, updating blogs and posting opinions in some online forums or Bulletin Board System (BBS) top the list. So we can say that China has the largest forum for expression in the world.
About 300 million netizens enjoy participating in discussions at BBS and the number of such 24-hour online forums has exceeded 1 million. Among the 200 million bloggers, at least 30 million have weekly updates.
Besides sharing the life experiences, happiness and ideas, those forum entries and blogs become a platform to criticize social events and supervise government policies. If you want, you can access some large portal sites such as QQ.com, SINA.com, SOHU.com and 163.com now. On those websites, you can know that almost every piece of news will get diversified reactions, including criticisms and complaints.
I’m a very active blogger. I write at least six stories on my blog every week. If I don’t update it, I probably get drunk or am held up by something the same as getting drunk.
Like everyone else, I will depict my life and feelings on the blog, appeal for environmental protection, criticize behaviors that go against the social morality and oversee work in the government.
For instance, a local government plans to tear down a village to develop the economy, a bad idea in my opinion. Because the demolition will force peasants to leave their 600-year-old village and farmland that they depend on to survive.
So I investigated the old village to explore its historical values, emphasizing in my blog how important the village is to the local’s inheritance generations, and remind the government of the terrible outcome if the peasants are deprived of rights.
The story was widely redistributed on the Internet and admitted by the dictionary service of Baidu.com, China’s largest search engine. More importantly, the local government decided to revoke the decision of demolishing the village.

>> DAVID HOFFMAN:  Important examples of the power of the communication vehicle.  But we have a number of people who would like to make interventions so I'm going to ask you to    if you could quickly conclude your remarks.

>> MR. HOU ZHAOXUN:  There were times I criticized poor service by some telecommunication companies in China, and there was no response from them. But I received strong support from many netizens on my blog, which received more than 40 million page views in less than two and a half years.
I once wrote a story about the Wenchuan earthquake in May 2008, which garnered more than 3 million page views and over 25,000 pieces of comments. Millions of people were moved to tears by the story. QQ.COM, one of China’s leading portal websites, selected me as China’s top 10 opinion leaders in 2009. I’m not a leader, but just an ordinary person who is willing and used to observing and writing from the grassroots perspective. These 40 million visits page views didn’t bring me any money, but the support and attention of millions of netizens, which is more valuable than money.
I believe the Internet gives rise to three most useful tools- search engine, blog and instant messenger. Among them, blogs serve as the spiritual home, expression channel, cultural workshop and economic salon for the Chinese people. These are the four functions that I believe blog should perform. When the population of Chinese bloggers hits 100 million, I wrote a story titled When 100 million people do the same thing. What do they do? Blogging. That’s why I say a blog makes it possible for large-scale cultural creation, transmission and sharing. Blogs changed the cultural status quo of China.
As a blogger, I like to express myself in a lively way using pictures, audio and videos, but all in accordance with Chinese laws and morality. Chinese morality originates from valuable Chinese traditions and civilization, such as these sayings “Do not impose on others what you yourself do not desire” and “Be strict with one self and lenient towards others.” Abiding by Chinese laws and morality, I employ this new socializing tool in the information age to extol life, create fun, relax myself and encourage others.
I like to express my opinions with light-hearted words and in a soft way. Chinese leaders have always been an advocate for “respecting differences and tolerate diversities.” In China, a rational, inclusive, moderate and orderly online expression environment is emerging.  
My friends, thank you for your patience to hear about my experience as a Chinese blogger and as a Chinese who has been exploring the use of new media. My monthly income is not high and I cherish my suit. I seldom wear suits except for weddings or important meetings. Today I’m dressed in my suit and discuss with all the Internet elites from around the world about cultural diversity and freedom of speech. I find this experience very rewarding and pleasing. Thank you. Welcome to my blog and welcome to China. http://34200567.qzone.qq.com/


>> DAVID HOFFMAN:  Thank you very much.  We appreciate your
intervention.
Is Mr. Satola here for his intervention?

>> DAVID SATOLA:  David Satola, from the World Bank.  I'm here to
report on our workshop 123 on international collaboration on legal
issues of cyber security.
Many of the matters which I would like to have reported on have
already been covered by colleagues from Estonia, the Council of
Europe, and the Netherlands.  I have two points I'd like to make,
having carved out the rest.
We recognize of course that there are existing mechanisms,
instruments of international cooperation on legal issues of cyber
security and of course the Council of Europe's Budapest convention is
primary among them.
What we wanted to do in our workshop was to deconstruct matters of
cyber security in order to provide a new lens through which to look at
how to enhance future cooperation and collaboration.
The part of the deconstruction and the disaggregation that we talked
about was first to look at just the question of cyber security and what
it is.  Cyber security does not necessarily equal cyber crime, which
does not necessarily equal cyber war.
Threats to cyber security come from a number of sources.  Outdated
legal architecture that doesn't necessarily reflect or apply well to
the Internet, a dissonance of policy and legislative approaches by
countries make international collaboration and cooperation on certain
levels difficult.
We have buggy code and bad practices.  We also have natural disasters
that contribute to cyber insecurity.
So going forward, what can we do as we approach these new issues of
cooperation?
The first finding and recommendation that we had was to adapt a more
layered approach towards the question of cyber security, looking at the
infrastructure layer, the protocol or software layer, and the
applications layer.
We also thought -- and this was mentioned by Alejandro Pisanty
earlier today, that we need to really adapt a more resilient-based
approach instead of a perimeter security approach.  And I think that he
identified that we're probably in a seven year time lag on that.
Finally, we need to understand better the incentives of the different
actors involved.  And those include economic incentives and personal
incentives.  And I would reiterate in that regard the points made about
building capacity of -- especially for law enforcement personnel and
the engagement of the private sector through public-private
partnerships.
Thank you very much.

>> DAVID HOFFMAN:  Thank you very much.  And I think your point of
noting that the need to move beyond just perimeter security or even
just security of the end point equipment to actually also -- thinking
quite a bit that we need more conversation about what does risk
mitigation and what does recovery look like in an imperfect world where
we're never going to be perfectly secure, as we're not also in the
physical world.
Before I move on to privacy -- let me call one last person from -- of
the notes I have been handed.  I will keep calling on more after we
move to -- Mr. Michael?

>> ALUN MICHAEL:  Thank you.  Alun Michael, a member of Parliament
from the U.K. and chair of the U.K. IGF.  I want to reiterate what has
been said up to now which I think is interesting to the importance of
the IGF itself.  Important for tackling crime and nuisance activity on
line to be part of the IGF process.  If the IGF process can't tackle
tough issues, we will lose credibility and revert to a more traditional
approach that won't work.  So the Council of Europe speaker referred to
cooperation between industry, government and law enforcement.  And of
course that's vitally important, but it's not enough.  You need the
engagement also of members of Parliament, or representative
organizations, at a cross-party as well as representatives of
government.  And you need the voice of civil society to be involved.
Frankly, government and industry need members of Parliament and civil
society because otherwise there is no transparency and accountability.
The example I would point to is in the U.K. where tackling child abuse
sites, the notification and take-down has worked precisely because the
engagement of MPs in civil society means that the process which is
working well led by industry or the engagement and law enforcement has
proper accountability.  For that reason we haven't needed to try to
legislate because there's a system that everybody is aware of and is
working well.
What I'm saying basically is that we need a new model other than the
traditional forms of legislation which cannot nationally or
internationally keep up with the Internet; industry led, government
engagement including you law enforcement but with MPs and civil society
providing the accountability.  Resulting in minimum legislation,
minimum regulation, but maximum cooperation, maximum delivery and
maximum transparency.  And that's what the IGF process -- not just the
event once a year, but the process including at regional level has to
be about for the future.

>> DAVID HOFFMAN:  Points are very well received.  Thank you very
much.  I especially would want to take note of the importance I think
that the sense that the speed with malicious actors are innovating the
threats do not lend -- does not lend itself very well to a legislative
process.  And the time that is required for thoughtful legislation to
be passed, for that to be the sole activity to try to address these
threats.
So looking for these other ways that we can bring folks together to
be able to address those threats even in the absence of legislation,
while we layer the legislation on top as an enforcement backstop from
what I -- I think absolutely critically important.
And something that I think also closely applies to the area of
privacy.
And we want to talk a little bit more about privacy and talk around
standards and collaboration with privacy.
We've had for at least 30 years --

>> AMELIA ANDERSDOTTER:  Excuse me.  I'm from Piratpartiet again --

>> DAVID HOFFMAN:  You will have the opportunity --

>> AMELIA ANDERSDOTTER:  I want to have the opportunity now.  We have
listened to predominantly men, predominantly old white men.  I am
visiting Internet governance along with a German 15-year-old.  He's
brilliant, not white, he's an expert in security issues.  He's been
requesting to speak here already 30 minutes ago.  He was talking to
some of the volunteers here who were talking to you.  And now he's been
consistently not able to come up and talk.
Could he please hold an intervention on security, which is his area
of expertise and that is so rarely heard on international level that
now that you have the opportunity here.

>> DAVID HOFFMAN:  Will you cede your time now for him to come
forward?

>> AMELIA ANDERSDOTTER: Yep.

>> DAVID HOFFMAN:  Even though you referred to me as old, something
I'm more than happy to do.
The voice of our future.

>> LEON BAYER:  Hello, I'm Leon Bayer, from the -- Bayer.  From Junge
Piraten, the -- I'm 15 years old and a security researcher.  Besides
school and -- when you're looking at international policy regarding
security, will see two things.  First of all you will see the developed
industry countries with hard security laws which disable security
researchers to do their research because they could be punished in
doing that.  Secondly there are countries where no law regarding
security research or security and Internet exists.  Those countries are
used by criminals as well by researchers because they're forced to do
so, to hide their actions.
And this is kind of situation which doesn't allow anybody to fight
crime.  And to fight crime is essential to hear the voice of security
researchers, because they know well how criminals would work to -- and
you look at this IGF, which I would like in the last two days.  I saw
plenty of people coming up with proposals on how to fix international
security and what to -- what we could do for botnet handling and so on.
But they all kind of compare it to the Parliament throwing their
attention -- did not hear the voice of experts.  I wouldn't call it
cyber -- but there are plenty of people around there which have a voice
which don't get a time slot in discussions like this to bring another
kind of thinking in there, and bring the technical side to topics in
there.  And that's why I offer my opinion, which is kind of making this
event to -- useless event, because in case you're discussing with
people who simply didn't get the topic quite right, you cannot achieve
any movement.
Thank you.

>> DAVID HOFFMAN:  And excellent point.
(Applause.)

>> DAVID HOFFMAN:  I think they embrace the notion of making this an
event where all bodies and folks have their opinions heard.
I would like to move to -- over to privacy.  And in the tradition of
moving away from just old white men speaking, Christine, would you be
willing to give an intervention.

>> CHRISTINE RUNNEGAR:  Christine Runnegar from the Internet Society. Reporting for Workshop 66 – The Future of Privacy.  The following points reflect some of the views of particular participants on this theme and are not necessarily consensus views.
In the time permitted, it is, of course, impossible to cover all of the points that were made.
In a world of global data flows and new technologies, privacy laws need to be harmonized (or there needs to be convergence) with the aim of better adapting those
laws to the characteristics of the Internet,  international cooperation among data protection authorities needs to be improved, and resources need to be allocated to enforcement.
It is important to note the considerable efforts currently being undertaken in various forums to assess whether existing privacy principles remain relevant and effective.  For example, the reviews of the OECD Privacy Guidelines, the European Convention 108, the European Data Protection Directive and the U.S. Federal Trade Commission series of public Privacy roundtables, to name a few.
There are challenges to achieving broad international harmonization because privacy is a broad subject matter with limited international consensus in certain areas.  And indeed, even at the domestic and regional level, privacy issues are currently undergoing re-examination. There are also difficulties introduced by jurisdiction and conflicts
of law.
It is important to support the open development of globally-applicable privacy standards, both technical and regulatory, to continue having confidence in the Internet Ecosystem.
Transparent architectures that secure private information and enable information sharing in a secure, privacy-enhancing manner are fundamental to effective privacy.  
Technical work needs to be backed-up by providing incentives to incorporate privacy into system design and at the same time to keep the speed of innovation and the openness of the Internet intact.
Data protection must take into account many different rights.  
The concept of accountability means that the obligation flows with the information - a useful paradigm for global systems and global data flows.  It may be accomplished with tools, practices, contracts, etc, and not just by relying on laws.
The Madrid resolution of data protection authorities on international privacy standards has been a useful guide for developing countries that do not have active data protection laws but need specific provisions regarding cross-border jurisdiction and conflicts of laws.
Privacy by design – technology is not a silver bullet – privacy by design is a concept of people, practices and technology.  You need to look at all these aspects to have privacy by design – privacy needs to be designed in from the beginning.
And finally, search engines should be instruments of freedom, accurate and accessible democratic knowledge.  In order to assure this, it is important to include Intermediate Liability Exceptions for intermediary service providers in new revised privacy principles.
Thank you.

>> DAVID HOFFMAN:  Christine, thank you very much.  I now -- we have
a request for an intervention from Mr. Sosa.  And I'm told by the
organisers that we have only a few minutes left.  So I have to do
things rather quickly.

>> FRANCISCO SOSA WAGNER:  Allow me dear friends to speak in my
mother tongue, which is Spanish.
My name is Francisco Sosa Wagner, I'm a deputy in the European
parliament, and I'm like to stress here the importance that the E. U.
attaches specifically to this particular question of the governance of
Internet, which is the central theme of this meeting.  And proof of
this is that the plenary of the European Parliament has adopted a
resolution.  And I'm going to give you a brief summary of its content.
And this happened in June.  Correction, June of this year, 2010, just
a few months ago.
I have the privilege of -- I had the privilege of being the
Rapporteur.  The European Parliament has stressed with emphasis the
character of the Internet as a world public good that should be managed
attending to common interests.  It has already considered that an
essential element was the Internet for the exercise of fundamental
freedoms, especially the freedom of expression, specifically cultural
diversity, pluralism and means of communication, democratic
citizenship, education and access to information.
Therefore, the European Parliament believes that the Internet is a
very vigorous, very powerful means of propagating throughout the world
the democratic values that are included in our treaties.
The exercise of these public freedoms, the exercise of these
fundamental freedoms requires in addition that it should be combined
with the scrupulous respect of the private life of European citizens.
Therefore it is very urgent to have appropriate legislation for data
protection.  This appropriate legislation for data protection cannot be
done at the level of the old states, nor the entities of states such as
the E. U.  This matter goes beyond those institutional frameworks, the
traditional, political frameworks.  And requires a global response.
A response that is at the world level by national authorities.
And in this sense Europe is contributing some very important input in
order to define the content of privacy.
And I would like to refer to it, make an allusion to it, because I
think it is particularly relevant.
The case law of the Parliament in Strasburg and over the course of
the years there is a body, a doctrine, a legal doctrine which is
extraordinarily important which in some fashion needs to be emphasized.
The European parliament is very much aware of the problems which stem
from the freedom of expression and requests that one should ensure
significant and relevant guarantees against any form of vigilance,
control monitoring by public actors or private stakeholders so that
access to Internet and protection of private life are real and not
usury.
Lastly, something which doesn't fit within the strict framework of
what we're discussing here is the bridging of the digital divide.  And
today the digital divide, which is the difference or the discrepancy in
an unjust fashion of citizens in the world; we have to find a way of
including in the Web everyone, regardless of their economic situation
or the place where they live or their language or their culture.  But
this is an enormous endeavor where we should have public authorities,
but also the society as a whole involved.
I conclude by saying a world forum such as this one, where we find
ourselves now, is a most appropriate place to motivate everyone to make
of Internet this wonderful resource that I have referred to.  Let us
ensure that there will be continuity of this forum because this will
certainly be a very fertile endeavor if we do so.  Thank you.

>> DAVID HOFFMAN:  I would be happy to stand here all day and have
everyone be able to continue to intervene.  Unfortunately I am told by
the organisers that we only can take one more.  And the person in the
back has been standing there for quite a long time.  Waiting to
intervene.
So let me cue you for the last intervention.

>> JORG POLAKIEWICZ:  Thank you very much.  And I promise to be very
brief.
My name is Jorg Polakiewicz; I'm from Germany and working for the
Council of Europe.  I think the light motif that came from all the
workshops I attended on privacy is that the general standards, they are
quite common indeed and the principles, there's a broad agreement
worldwide if you look at the OECD principle, the U.N. declaration or
indeed convention 108, of course now the challenges to adapt these
standards to this new reality of the Internet and I think it will be a
gradual process.  We don't have to replace them to throw them away.
They have stood the test of time.
But we indeed have to compliment to adapt them.  And this will be in
fact the work which will be carried out in the coming years.
And an important forum for this is in fact the -- as was said, there
are different forum working currently on revisions.  Was mentioned the
OECD, the European union, the Council of Europe.  I would just mention
convention 108 because what distinguish it from the other forum is the
advantages of this tool is -- it has the force of law.  And can be
applied potentially worldwide.
Indeed it was drafted not for Europe, it was drafted with the
participation of nonEuropean countries like Canada and the U.S.  And
now the 47 governments have launched process to modernize this
convention.  And this we want to be a global process and all stake
holder process.  That's why we were so happy to be here at the IGF.
And this process we will -- the Parliamentary assembly will see it I'm
sure besides the democratic oversight, we will work hand in hand, not
only government experts but also Parliaments, have become very much on
industry, NGO's participation.  What we need to do for the Internet,
you need global standards.  That's the call for the NGO community,
that's the call from industry.  You need certainty for these standards.
So I can only invite you to participate in this process which will
also -- we should all celebrate together.  In a few months, data
protection day, the 28th, January, 2011 which at the same time will be
the 30th anniversary of convention 108 and we'll be celebrated
worldwide.  Data protection authority, not only in Europe, but
worldwide have taken this day to be the data protection day.  So I hope
very much we will see you in Kenya and to continue this discussion.  We
will have a report ready by the end of the year.  A questionnaire which
we will send to all the people who have contacted me and of course
through the usual channels and -- but as I said, we will also -- I
think IGF is an ideal place to continue this discussion.  And thank you
very much.

>> DAVID HOFFMAN:  We have one more person.

>> ALVARO GALVANI:  My name is Alvaro Galvani talking from the Brazilian Government.  Good afternoon, everyone.  I promise to be brief, just two comments.  In the last 10 or 15 years, we have seen many regional or specific initiatives towards the question of security and the Internet, mainly of them the initiatives from industry, from the Convention of Europe, Budapest Convention, law enforcement initiatives and is so on.  We understand these are all valuable contributions but they must feed international consultation process where all stakeholders, all Governments, private sector, Civil Society, can participate and write the principles and mechanisms within their own capacity towards a secure Internet.  This approach of international participation is very important.  My second and very brief comment means the experience of Brazil in that respect.
We evaluated privacy, security and openness are issues that must be dealt with together.  We have to treat them together.  So in this sense, last year, we produced internally the principles for Government    Governance and use of Internet and they are 10 principles.  They were distributed along    during all this IGF, and just to be brief, two of them are directly related to our debate today.  The first principle means that the use of Internet must be driven by the principles of freedom of expression, individual privacy and the respect for Human Rights, recognizing them as essential to preservation of a fair and Democratic society.
And the 8th principle means, functionality, security, and stability of Internet.  The stability, security and overall functionality of the network must be actively preserved for the adoption of technical measures that are consistent with international standards and encourage the adoption of best practice.
I'd like to thank the Chair for the floor for this last minute.  Thank you.

>> DAVID HOFFMAN:  Thank you very much.  I'd now like to pass back to Lisa and Frank to sum up.

>> FRANK LA RUE:  What we're talking with Lisa is this is a dialogue that's really just beginning and it's a pity we have to cut off, but all meetings in IGF have an end but we should find a way to continue this from now to the next IGF and to have this intercommunication.
But I'd like to say just two things and with the last conclusion I was delighted that the focus I see taking hold and being now assumed by all if not the majority is that Internet has to be seen under the light of the right to freedom of expression and the principles that guide freedom of expression and from that develop into the new challenges that obviously the new technologies and the new realities of Internet brings in terms of being social media and the social networking and all that that we were talking about today.  It is true there's different challenges but to keep a Human Rights focus I think is important.
Secondly I agree there has to be an international response and again here I always are remind people that Human Rights are built upon the international consensus that each nation of the world should then adapt their internal legislation but ultimately the most important instruments of Human Rights are part of that worldwide consensus that has advanced and that would is moving.  We build upon that.  And in that way I think, with Internet, we will begin building on the structure and the framework of Human Rights that we already have.
And finally, let me say coming from a developing nation, that although privacy, data protection that some call, the right to privacy, or the questions of security are the main concern I think in the developed

, and legitimate concerns, of course, for all peoples of the world, but for the developing nations and the peoples of those nations, also the equal priority is the question of access.
I believe access has been focused as an element of technology throughout in terms of new technologies that facilitate for those that are illiterate or those people with disability.  But access also has to be seen as was mentioned by Mr. Sosa from the European Parliament, access has to be seen also as bridging the digital gap in the world, the sharing technology from the developed nations to the developing nations, but also has to be seen in terms of the population that suffers from extreme poverty around the world to which we cannot talk about freedom of expression if we don't guarantee access to the Internet.
And thank you very much.

>> LISA HORNER:  Thanks, Frank.
I won't say anything apart from to give the remote moderator just a quick sentence to sum up what went on there.  I guess we only have room for one minute and I hope the Chairman will be so kind as to give us that space if we keep it brief.

>> KIEREN McCARTHY:  I'll be very quick.  Briefly, I would say the remote participants mostly from developing countries, but there's a very broad range of perspectives.  I think we've had a lot of interesting views here.  I think they have typically represented the developed world from the developing world.  It's a little bit more complicated in the sense that they're fighting to get hold of access in the first place.  We're fighting with what is done with access once we all have it.
So I would say broadly, people's concerns are privacy, the abuse of data that they put up there, and the ability to get on the network without legislation getting in their way in the future.

>> LISA HORNER:  Thanks, Kieren.  And I would like to say that I'd like to explore possibilities to take in the comments from those who didn't get to participate.  I know in the past, we've been able to feed those into the transcript for the session so I don't know if it will be available but we'd like to explore with the Secretariat whether that will be available so hopefully we can let you know about that.
And thank you very much.  Mr. Chairman if you'd like to close, thank you.

>> EVALDOS KULBOKAS:  It was a very good discussion.  Ladies, youngsters and gentlemen, those who are not able to express their views, I think everybody's interested.
It was very, very interesting and those who were cut, please send by email your ideas to IGF.  It will be published on the Web so we will not lose any single point of wisdom.
As a wrapup, I would say that ensuring the Internet is safe is paramount for children and youngsters, and we're talking about trust.  We have to provide security.  But is it only the industry or Government that should do that?  I was wondering the whole session why nobody was touching one subject, and then Martin Boyle mentioned it.  The skills of the general public.
Do we really don't feel that the lack of skills may be a probable threat for the rust of technology?  And how do we treat our neighbor who simply unwillingly sends information which we send him confidentially?
My background is in systems programming and that's a funny story.  We have a famous slogan that it is not possible to write a foolproof programme because ignorance is very ingenious.  So we have obligatory driver's license all over the world, even in those countries who drive the wrong side of the street, they do have their driver's license.  And still, everybody's trained and we have lots of accidents.
I think information is also a deadly weapon, if it is used not in the right way.  So in Europe, we have a driver's license, as well, computer driver's license, and I think globally, that is the way to ensure that having solved one part of the issues, technology and legal stuff, if we will ensure the public is trained properly, we will have the security.
So I thank you for all your contributions.  I thank very much for our moderators.  It was wonderful.  And hereby now I have the pleasure to close the session, and the meeting is adjourned.  Thank you.
[ Applause ]
[ End of session ]
* * *