Enhancing Transparency in Internet Governance

IGF 2010

VILNIUS, LITHUANIA

15 SEPTEMBER 10

SESSION 88

1415



****

Note: The following is the output of the real-time captioning taken during Fifth Meeting of the IGF, in Vilnius. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.



****



>> MARIA HÄll:  Hello, everybody.  We are going to wait a couple of minutes before starting the session.  Everybody is welcome.  Maybe everybody can grab some food.  I am not going to be grumpy, I promise.  So we will start in a few minutes.

(Please stand by for the IGF workshop number 88, Enhancing Transparency in Internet Governance.)



>> PAUL RENDEK:  Good afternoon, everyone.  I think we are going to start the session now.  My name is Paul Rendek from the RIPE NCC together with Maria Häll from the Swedish Government, standing next to me.  We the moderators for this workshop, Enhancing Transparency in Internet Governance.  Today we are going to be looking at the variety of initiatives taken both from the private and from the public sector to enhance transparency in Internet Governance and increase our understanding of each other's processes and the things we have put into place to actually enhance transparency in the way we work.

So I know we don't have a lot of time and we have quite a list of speakers.  We are going to dig right into it.

First speaker will be Maria Häll from the Swedish Government.

The way we would like to run this session, we would like to keep it as informal as we can.  We will call on the speakers to give us about a five minute presentation.  Then we will open the floor for any of you to ask any questions and engage with each other.  That is the way we would like to run this.

We have somebody that is scribing this session and we will summarize some of the points that were brought up.  Hopefully we can share those with our colleagues from the public and private sector to see what we managed to come up with in this workshop.

Without anything further I will pass the floor to Maria Häll.



>> MARIA HÄLL:  Thank you very much, Paul.  So good, very happy to see you all here.  And I am of course very happy to once again be at this IGF Forum where we have been talking about multistakeholder platform and good dialogue between different sectors.

Actually, I have a history being very, very interested in cooperation over sector for a long time.  When I was working for instance at the Swedish agency for municipalities, for instance, I was very, very keen on having good dialogue with, between the regional, the national and local levels.  Now it's really come into this international arena for me to work with corporations.  I am very, very pleased to do that, to be able to do that.

From the Swedish perspective, we started to go into two different perspectives.  One is the    well, a kind of format that we use in Sweden for having good dialogue between different sectors.  Another perspective is, of course, what we are doing on the European level and also the work, very, very nice work we have been doing with RIPE NCC and of course on the international arena, not only the IGF, of course, but a lot of talk about IGF but also platforms like GAC, Governmental Advisory Committee for I    ICANN.



>> PAUL RENDEK:  Speak into the mic.  They can't hear you very well.



>> MARIA HÄLL:  Okay.  Does everybody hear me?  Okay, very good.

When I started working for the Government some years ago, I was very keen on making, helping out with governance decisions, standpoint, speeches, for my ministers and myself and colleagues.  That was actually Swedish view.

Of course, it has been very nice to stand up in different foras and different platforms and say this is what Sweden thinks.

Of course that means that we have to have a good dialogue with business sector with civil society and so on.

For some years back when we started working more active on the Internet Governance arena we created a group, a reference grouped called the reference group for Internet Governance in Sweden.  That is run by our PTS agency.  We tried to gather this group maybe a couple of times every half a year.  Of course, before a big meeting, before this IGF meeting, for example, and before the ICANN or GAC meetings and of course we have the plentipotentiary meeting coming up.  We have this dialogue also at this meeting, but then we have a mailing list.  We can actually share our standpoints and ideas.

What I also did when I started working with this, I created like a standpoint document where I gathered all the different Internet Governance issues.  It could be issues like DNSSEC issues or what we think about the Internet Governance Forum and also the GAC, all these GAC issues that have been on the agenda for a long time.

Then it is a little bit different way to work with the governmental document because normally you don't share those documents outside the Government offices.  After some dialogue within my offices and a little bit with my colleagues, we thought it might be a good idea to do this.  A lot of things in this Internet arena are actually private sector issues.

Of course we from the Government side have a lot of public policy perspective, a lot of these technical issues.  A lot of things that actually run, most of the things are run by private sector.

Doing that made it a bit easy for us to actually get, have a process to get good consultation.  So this is a little bit of informal way to do it.  When I started to go at the RIPE meetings some years back, I realised a lot of the technical discussions, for instance about IVP6 but a lot of security oriented discussions have a lot of public policy perspective.  That's why me and together with the RIPE community and the RIPE NCC we created this working group, the cooperation working group which I am sharing together with the    that has been a very good platform, for instance, getting ideas and information about IVP6 deployment and also you can hear at the main session today about managing Internet critical resources.  A lot of things that happened on the governmental side, talking about IVP6 and deployment.

It has a lot to do about knowledge.  And when I talk about knowledge, I think it is very important that we from the governmental side or from actually the public sector side know, understands how the business community is working, which is not always very clear, actually.

On the other side also, that the business community in the private sector also understands how the decision process at the Government works because then the dialogue becomes much easier.  It is rather often, even though it is more seldom nowadays comes to a point where sometimes the Government or public sector person says to business sector:  Why don't you just build the broadband in rural areas?  You're mean.

Wait a minute, the business sector works differently.  So you shouldn't mix those two things.  We can have the same goals.  We can share information.  And we need to share more information.  But we also need to understand our different roles.

On the other hand, I hear business sectors telling me sometimes:  Why can't the Government decide?  This is important.  Or the Government, aren't they kind of governing Sweden or some other country?  Of course, we can't.  We have processes.  We have legislation.  We have different roles for our agencies and things.

So keeping higher knowledge about each other is also very good and a better platform for having a dialogue and sharing information.

And of course, the last thing I would like to say is if I give a couple of quick examples of processes or issues, I would like to be a little bit more transparent.  In Sweden, for actually I think a couple of years we have been working with open Internet issues and that has to do a little bit like with the social network neutrality issue.  But it also has to do with what actually is an Internet connection and how open are the business providers, the ISPs or the private sector.  But what actually they are providing for the customers and how could we increase the consumer information to actually the customers, what they get.  If there is some filtering, some latency, some kind of look in/look out situations.  That's something we are working with in Sweden to try to make this process or to make certain issues a bit more transparent.

But I think I stop here.  Thank you.



>> PAUL RENDEK:  Does anybody have any questions or comments to what Maria brought forward?

(There is no response.)



>> PAUL RENDEK:  No questions?  I think we have a question for you.



>> STEVE DelBIANCO:  Hi, Maria.  Steve DelBianco with NetChoice.

The transparency about what your issues were is important.  But the ultimate transparency from private sector into Government is to learn how you made the decisions you made, given all the input that was gathered.  That's the part that seems most opaque when we look in on decision.  We can always see the comments that have come in and then we see the final decision, but understanding how you got there will inform us to influence the next decision you have to make.

Do you feel like the groups you described have really been transparent about how the decisions were reached?



>> MARIA HÄLL:  Thank you very much for that.  That's a very good comment because it is a shade of things that leads to certain decisions.  Of course, getting input from different players to help us having the decision, but why did we actually do that and what actually caused it.

That's a good point.  Thank you very much.

I actually have my colleague here from the Minister of Foreign Affairs.  Maybe you can give a little bit of other perspective of how you cooperate with other sectors.  Thank you.



>> SWEDEN:  Thank you very much.  I work at the Human Rights Section at the Ministry of Foreign Affairs related to freedom of expression and human rights in the new technologies, including the Internet.

Transparency issues, of course, are central to the enjoyment of human rights in general.  The freedom of expression and also rights to information.  It is something that we try now to work more concertedly with.  We try to bring this into the entire agenda of Internet Governance.  We try to use the human rights approach to all different kinds of aspects of Internet Governance.

One initiative that we are doing is that we work together with the UN Special Rapporteur on Freedom of Expression, Frank La Rue, supporting his work in detailing more detail how human rights apply on the Internet.

As it is right now we have freedom of expression as a fundamental human right, but it has been there for 50 years, but we need to know more how this right will play out on the Internet.

Quite a few initiatives are going on by Government and by civil society actors.  We think at this point that it's good to have many initiatives.  We think eventually that somewhere down the road in a multistakeholder setting there needs to be some kind of agreement on where the balances should be struck where it comes to right to privacy, freedom of expression issues, but also other kinds of related rights.

So these are priorities for us and also several other of the EU member states, actually, France and Netherlands also working in this respect.

We use the IGF as one Forum for pushing this issue or raising it at the broader level.

Tomorrow's main session on security, openness and privacy will deal a lot with these issues.  So I recommend you to come to that one.  Thank you.



>> PAUL RENDEK:  Thank you very much.  The gentleman that brought the question up about how we understand how decisions were reached was a very good question.  I hope everybody is spending some time thinking about that and we'll hopefully pose an answer sometime during this workshop, but I hope we will return to this gentleman's question.  I think it is very valid.



>> MARIA HÄLL:  I just want to add a couple of few things before I give the floor to the next speaker.  That's on the European level.  I was happy to see half a year ago that we invited a person that actually from the private sector coming and talking to us about the root scalability report, one of the authors.  That kind of interrogation not only between on the country level but also the European level, I was very happy to see that.  Hopefully, I'm looking forward to more the these kind of meetings with a high level group.  I see a few of my colleagues from the high level group, from government in the EU.

The GAC is another example, Governmental Advisory Committee.  They have a lot of interrogation with the ICANN community.  There are a lot of these kind of platforms.  So I am very happy to be able to participate in that.



>> PAUL RENDEK:  Thank you, Maria.

Okay.  Our next speaker is Jonathan Zuck, Association for Competitive Technology.



>> JONATHAN ZUCK:  Good afternoon.  My name is Jonathan Zuck.  If I can be somewhat provocative, I will argue that transparency in strict sense is of little or no value.  If we talk about transparency as visibility, it's only part of what I think is a three part question because the reason that we strive for transparency is really about participation.  It's fundamentally a Democratic concept.  We want transparency to allow greater participation by a greater number of actors in the notion of Internet Governance.

I think one of the things that plagues Internet Governance generally is that the players in Internet Governance and the people that follow it closely are people either in Government or in the business of the Internet itself, or the infrastructure of the Internet.  And that the people that are left out of those discussions more often than not are the people that represent the majority of the stakeholders in the Internet, which are the people, both the individuals and the businesses that make use of the Internet.

So if I might suggest a framework for true transparency, it probably includes visibility.  It includes understanding.  And finally, accountability.

It used to be when I was a kid, I had a watch.  On the back of the watch it was clear so that I could see the inside of the watch.  And it's kind of a clever gimmick.  That doesn't mean I knew how the watch worked, right?

So having visibility into Internet Governance is not the same as having understanding or having the ability to participate.

I think right now we are at a time of unique level of visibility into Internet Governance, both in the institutions of ICANN and through IGF which I think have made tremendous strides toward making more information available about Internet Governance than perhaps anyone could ever consume in two lifetimes.  Right?  I mean people whose business this isn't can't even begin to consume the amount of information that is available on what is going on in Internet Governance.

One of the challenges that faces us is to find a way to boil down some of the questions being asked in the IGF and in the context of ICANN in particular, so that more people can participate in answering those questions in a larger sense and make it less about the processes of minutiae that really actually end up being exclusionary to the general public.

Then the third piece I think of true transparency and participation is this idea of accountability.  So one we have an understanding of what is going on, what decisions are being made and as Steve pointed out, how they are being made, then we actually understand the implications of the decisions, the reason for that is to understand whether we agree or disagree with those decisions, right?  That's what affords opportunities to actually participate in the process.

Part of the reason I was asked on this panel, I have become a broken record within the ICANN context about increasing the accountability inside that organisation.  Truth be told, it's one of the more accountable organisations that exists in these fora, right?  It's all about sort of improving what's there.  One of the benefits that the IGF has over some of the existing intergovernmental institutions is that there is a greater degree of participation and visibility to the general public and general businesses, et cetera.  I still think we have some large challenges ahead to really enable greater participation in these processes.  It's going to come through greater understanding and greater accountability.



>> PAUL RENDEK:  Thank you very much, Jonathan.  Does anybody have anything to add to what Jonathan is saying?  Or challenge Jonathan?

I have a question for you, Jonathan.  So judging by what you just said, I can probably see we are in the visibility side of things currently.

How would you propose to move us out of the visibility and into a bit of the understanding?



>> JONATHAN ZUCK:  Well, I think that the visibility has been critical.  We've developed a lot of resources toward increasing visibility through remote participation technology, through all kinds of reports, et cetera.

I think we need to devote resources now overtly to boiling down these processes and the questions that are being asked in a larger sense so that more people have an understanding of the questions that are being addressed and the decisions that are being made and why they are being made in a form that more understanding to people whose business this isn't.

It's really about making that a priority within the institutions that exist today, such as ICANN, such as the IGF, so that rather than overwhelming the public with so much information that it's useless, we boil it down in a format that in fact it can be made useful to more people who have an interest in these issues.



>> MARIA HÄLL:  I have a comment and a question.  What you are saying, you are talking about the international level.  I mean, the ICANN   

Sorry.  I certainly have to scream.  I don't have a problem with my voice, but it is a bit noisy.

What you are talking about is international level of ICANN and IGF.  But that needs to process to have more participants and accountability and everything.

You have also the regional or even the local level which are totally other processes.

But still if you have this very good multistakeholder dialogue which is not on a digs based platform which is the IGF as we want it.  But then you take the information back home where you actually take the decisions, but then you need    if this is going to be a good flow of process, you need to have a multistakeholder availability also on the national level and that is, of course, a bit more tricky maybe and a difference between countries.

Do you have any comment on that one?



>> JONATHAN ZUCK:  Too many comments to raise in the short time that we have.  One of the things that is interesting at the national level, of course, is that more work has been done on the accountability function.  You often have Governments that can be removed.  Not always, but often you do.  The desire to have accountability means you have more reportage out to the public.  You have more boiling down of the issues.

Some might suggest too much boiling down of the issues as they become electoral issues.  On the national level there's a greater agree of accountability understand transparency because of electoral politics and things of that sort.

As far as multistakeholder participation, we're seeing an expansion of that through regional IGFs and other types of fora that are beginning to crop up at the national and regional level.

I think again the visibility component is there.  The discussions are there.  But I think there has to be a more overt attempt by the so called Internet community to broaden participation.  I think most of that is going to come through education.  I think we need to set as an objective of this community to make more people understand even at a very basic level what is being discussed here and there even at the national level.



>> PAUL RENDEK:  Thanks very much, Jonathan.  Does anybody have anything to add?  Yes?



>> AUDIENCE MEMBER:  



>> JYRKI KASVI:  Thank you.  I'm Jyrki Kasvi from the Finnish Parliament.

One of the things we need to do is look where things are transparent.  One of the problems I see on a national level is that politicians do not see this question about looking into at all.  So no matter how transparent it is, it doesn't exist when you don't look there.



>> PAUL RENDEK:  Thank you.  Yes?



>> AUDIENCE:  David Caesar.  I think there are two fundamental issues that you are raising here, which I call missing stakeholders issue and the opacity issue rather than transparency.  In the case of missing stakeholders, in our debates here we are very much within an insider community about the Internet Governance.  We are talking about something which we say is fundamentally important to the whole of society worldwide.  That is to everybody on the planet.

So how do we engage the outsiders in these discussions which are currently insider discussions?  Part of that, I think, is that those of us who have been involved in Internet Governance for a long time have to cede some of what we see as our rights to make these decisions and accept perceptions that we may not think are coming out of the mainstream of our history, our legacy.

The second point about opacity, this is a long standing issue in ICT decision making.  It's possible for something, an organisation to be so transparent it is opaque.  I think you can say this in a sense about ICANN.  There is so much information about ICANN that the only way you can understand it is by being a full time observer of ICANN.

What people need in order to engage here is clear accurate up to date information which summarizes issues in such a way that they can come into this room and participate meaning fully.

Now, on the whole with some exceptions of some ISOC material, the Internet Governance world has been poor at providing that kind of resource for people not currently inside the tent.  Those are the two issues I think you are raising which it's important to move forward on.



>> JONATHAN ZUCK:  That goes a long way to address the comment from the Finnish Government that people have to look that direction.  If looking that direction is nothing but static, then I can't make any sense of it, then I'm not going to spend a lot of time looking.

I think we really need to find a way to boil this down.  We get caught up in minutiae in these discussions.  It's incredible.  Yesterday I referenced the fixing things that are not broken.  We need to get less political and more practical in the discussions that we are having.



>> PAUL RENDEK:  Thank you very much.

We need to move on to the next speaker.  But please hold these comments.  Hopefully at the end of this workshop we will have some more time to discuss that.

I wanted to touch on one of the points that you brought up, Jonathan.  That was taking a look at things from maybe the national level or the regional level.

Certainly in this first phase that you're looking at as far as visibility, we are seeing a lot of that happen both from the Government side and from the Internet technical community side.

I know that when we do, for instance, in the technical community now when we reach out to our local areas inside of our certain service regions, for instance, or inside of the regions that any of these technical communities operate in, we try to make sure it is as inclusive as possible, that we include Governments and other stakeholders in these meetings or deliberations that we have.  Hopefully that visibility is moving down to that level you are talking about.

Thank you.  Thanks.

Our next speaker is Bill Graham, the Strategic Global Engagement at the Internet Society.



>> BILL GRAHAM:  Thanks very much, Paul.  Well, at the Internet Society I am somewhere in the middle of the consultive process because I lead on some consultations.  I'm a participant in other consultations.  So I want to bring a little bit of those two perspectives to this and talk a bit about what I've learned in the three years I have been there, working in this area.

I have to say I came to the Internet Society from Government where transparency is handled very differently because there are a whole lot internal and external considerations about what you can and cannot say.  And those are very different in a not for profit, obviously.

At the Internet Society we talk a lot about the Internet model, how it is open, transparent, bottom up and collaborative.  And how it is necessary to make decision making accessible to users around the world.

What I've found is a key element in transparency is clarity.  To be transparent, whatever you are talking about has to be understandable.  So there's an educational function involved in transparency.  The more information you put out at the beginning, the better response you get and the more understandable response you get.

So I guess what that's saying, you really need to plan consultation where you're trying to get inputs very carefully.

I already talked about availability.  You have to be very clear about what the purpose of an exercise like consultation is.  What is being asked for, from whom, and what is going to be done with it.

Now, obviously this is talking more about consultation than about decision making, but I think it applies.

As Steve said, when a decision is made, one of the really critical things    and we have said this to ICANN in some of their processes.  You really have to make it clear what information you've used, who you've talked to, and how you have selected and filtered the information, what the rationale is to making a decision.

And that kind of transparency is very, very difficult.  When I do a consultation inside the Internet Society, I do try to put out a fairly concise issue statement at the beginning, indicating the kinds of things that I want to    that I am primarily interested in hearing back about.  At the end if I'm actually doing a good job, which I don't always do, I'll put out a summary of why some things had more weight than others in a decision or a position that comes out of it.

And I guess the last thing I would really say about this is that transparency is never going to be absolute.  It is always an ongoing experiment.  You're always making adjustments.  You're learning from the feedback you get on every process that you engage in, whether as a participant or as a leader.  And you've really got to be open to changing how you do things to improve as you go on.  Thank.



>> PAUL RENDEK:  Thanks very much, Bill.  Does anybody have any questions or comments for Bill?

(There is no response.)



>> PAUL RENDEK:  Okay.  Thanks very much, Bill.

We will move on to our next speaker.  Which is Pilar del Castillo from the European Parliament.



>> PILAR DEL CASTILLO:  It is difficult to speak with all the noise.  One of the problems we are addressing is we have a lack of definition of concepts that we are using all the time.  For example, Internet Governance.  What does that mean, Internet Governance?  What really that means?  Because if you ask someone, immediately you are going to check it against all, with the concept of governance we have.  We live with the Government of the country.  The governance of the country.  The governance of the company.  The governance of an institution.  But we are talking about Internet Governance.  It is very difficult to really explain, define what we want to say.

Then this kind of difficulties also immediately affect two concepts as transparency and visibility, and so on and so on.

I think some kind of somebody done in the sense of trying to define what we want to say when we are talking about Internet Governance.  Even for those people that are more or less a customed to being in this sector are not specialized in Internet Governance.  It's difficult to understand.  And then if we don't understand that, it is very difficult that we can solve problems of transparency, visibility, knowledge, and so on and so on.

So that's to start with.  Well, it is related to the debate we had with some of the former integrations.

But even though when we think in governance and transparency and visibility, we are trying to think, we think immediately more or less as a big brother in ICANN.  ICANN looks like a kind of big brother, which is you know, behind all this Internet Governance issue.  That happens all the time.  The European Parliament has taken position on that, has made recommendations on the need for ICANN to be more transparent, to have more visibility, not to be influenced just for one specific Government, to make it more international and so on and so on.

That is the reality.  That is the reality.

So I think, well, this is not the subject of my presentation because it is too broad, but it is necessary to clarify the concepts we are using.  Because once the concepts are clarified it will be easier to put every actor in their own position exactly according to what they are doing and not to create such a picture in which this is a kind of black ball in which behind that in terms of governance is a big brother, it's a big brother which is ICANN.

Anyway, I have to tell about ICANN something.  The European Parliament has reflected or has presented a suggestion, I have to say more than any other thing.  Because all these things in the last two years, I think ICANN has developed some new possibilities, some new perspectives for breaking this image of depending of the Government of the United States on one side and on the other side to be more transparent in order to offer data and be more accountable at the end.

But we have mostly to capture a couple of things which is the Affirmation of Commitment by the United States Department of Commerce and ICANN which you know there is a number of commitments.  Because not more than a commitment, but it is a commitment.  It is interesting in the way of having more transparency.

We have now the IANA contract expires next year if I'm right.  So maybe there is an opportunity to try to achieve a better understanding with these new situations, this new contract that for IANA.

In the second place, I think it's interesting, there was an initiative of ICANN to launch last April of the committee for ensuring accountability, transparency and the interests of the global Internet users.  The so called ATIT which will deliver reviews, I mean their conclusions at the end of this year in principle.

I think it's a good idea because if you make publicly all this analysis of the State of play, you know.  So I think it would be interesting, we will be interested in a follow up of the conclusions on the new roles, to have the kind of multiple check points after the report we can follow up.

I would say that all of this, mostly two steps that ICANN decides to take in the last couple of years is interesting.  It's the right line.  But still I think it is a long way until    because the problem is, as one of the previous interventions said that the data need to be summarized.  The data need to be put in a manner in which you understand basically the things.  But you cannot ask for all people to be specialists on that.  That is not the time and it is not the role of the people to be specialists for that.

In getting more visibility, more transparency, I would suggest first clarify what Internet Governance is about.  Who are the actors of this governance?  Who are the actors?

Which role plays each actor?

Secondly, each one of the actors, they have to deliver information to be visible, to brief you know, there, there, there, what is necessary and be recognized.

With all this together you can get a higher level of transparency that is in the offline world never is going to be absolute because in the offline world, it is not absolute, the transparency of any institution, so on and so on, in the governance in general.

But then in the online it will be more or less.  The problem with the online is everything is confused.  Actors, governance concept and so on and so on.  I think that will be the way.



>> PAUL RENDEK:  Thank you very much, Pilar.

Does anyone have any questions or comments to the speaker?



>> JONATHAN ZUCK:  I guess I do.  I don't want to talk too much.  I think you are exactly right that defining Internet Governance is critical.  And part and parcel of doing that is recognizing what a tiny minute part of Internet Governance is represented by ICANN.  It seems too often we equate the two.  I think we are doing ourselves a disservice.  As dysfunctional as ICANN is, it is probably the most high functioning part of Internet Governance that is writ large today.  We have to make sure we are addressing things that are truly broken and solve problems that have to do with access to broadband, et cetera, around the world and the roll out of IVP6, et cetera, which is an issue that is not really something ICANN is holding up.  So I think that taking a broader perspective on this is something that would well benefit us.



>> PAUL RENDEK:  Alice?



>> ALICE MUNYUA:  Thanks.  I like the idea of   



>> PAUL RENDEK:  Could you introduce yourself?



>> ALICE MUNYUA:  Yes, my name is Alice Munyua from Kenya.  I wear many hats, but today with the Communication Commission of Kenya.

I like the idea of clarifying what Internet Governance is.  We have been trying this at the East African country level and in the regional level.

As you were talking some e mail came in where one of very high level CEO of one of the most famous service providers, safari.com which introduces innovative ways of bringing in the end banks populations of Kenya around issues of data protection and simply just providing phone book provision and mobile money payments because there's a question about how you are able to find out who you are paying your money to using a mobile phone.

For this is an Internet Governance issue.  It may not be at the global level, but protecting money users who are using mobile phones is an Internet issue.  When we come to the global level we sometimes feel that the issues are very high level.  We are grappling with issues of access and access to broadband.

ICANN hasn't even begun to feature as an institution in the way it is managed.  Yes, we participate in some of us.  Some of us are in the Government advisory committee and there are issues of transparency which I hope one of us will raise.

For us Internet Governance issues are still simple issues that relate to livelihood issues in terms of using the Internet for economics or for cultural and social development.  Thank you.



>> PAUL RENDEK:  Thank you, Alice.  The gentleman over here is the comment.  Could you introduce yourself and speak as loudly as you can into the.



>> BILL SMITH:  Bill Smith with PayPal.  A couple of comments.  A little background.  My background is, I was at Sun Microsystems for many years and I have been at PayPal for six months.  I spent the last ten to 15 years in Internet related standards development organisations.  They are largely open, transparent collaborative and in my opinion highly, highly accountable.

Now, I did have the benefit of participating in several of those from their inception.  So I have a very biased view.  But I find them quite easy to understand from a governance perspective, the ITF and ISOC being one of them.  I went in there as a newbie and was able to participate effectively.

This is my first IGF meeting and I feel I'm able to come in here and participate effectively.

Where I see significant issues is around the ICANN, the Internet registries in how they are organised, how they operate.  I think we need to    I think there needs to be some work done there.

At the risk of agreeing with Jonathan, I do think we need very simple mechanisms for describing what is Internet Governance.  What are the institutions.  As the last speaker mentioned, who is involved?

In the U.S. we would call this an elevator pitch.  Imagine you're in an elevator.  You have someone with you.  You have 30 seconds to give them an overview and enough detail to close a sale.

We don't, I don't believe we have such a thing for Internet Governance.  My view of it as I've described it is that it's a three legged stool where we have on the one leg the technical standards and specifications, largely done by ITF, ISOC, et cetera.

On the other leg we have ICANN, the RIRs doing some operational things but policy as well related to that.

The third leg is this operation or this organisation, the IGF, which is not decision making but provides a Forum for everyone to come to participate.

And for me the unique thing in that each of those, while not everyone does come and participate, is that we can.  We have the ability to do that.  And the gentleman over here was asking, you know, how do we get more people to participate?  How do we make decisions?

I argue when we come, anyone comes to this fora, it is our responsibility, all right, to act on behalf of others.  We don't have a mandate to do that, but we have I believe a responsibility to not just present our personal view but think about how others would wish because they can't always come.  And I don't think there's anything we can do where everyone on the planet will be able to participate.  It's infeasible.  Thank you.



>> PAUL RENDEK:  Thank you.



>> MARIA HÄLL:  Before I give the floor back to Alice, I would have a comment on, I very much agree with you, Alice, that for me also Internet Governance is also on a national level.  It is how we from my example, from the Swedish Government Internet with the    interact with the Internet community.  It is also how the Internet Governance or tech cam Internet related issues actually affects other policy areas.

That is something that me and my colleague Ylen talked about a lot, how technical decisions can affect, like the freedom of speech and human rights.  There's a lot of perspectives and angles and a lot of levels like national, global and so on.

Of course, it comes down to how do we actually define Internet Governance?  That is a very tricky one, I have to say.

But I would like to give back the floor to Alice.



>> PAUL RENDEK:  Are you done?  Oh, no, no, no.  Okay.

I want to add one more thing.  You said something interesting about walking into the RIR or ISOC or ICANN and saying how you would participate and feeling quite comfortable.  That's funny that you say that because I think also coming from the technical community, I understand what is going on here at the IGF.  I would know how I would probably conduct myself here because it feels quite affordable the way it's set up.  Same with ICANN, the same with the RIRs.

Every time I speak to Governments and Governments that know the RIR industry, which is where I work in, they know the industry.  They kind of know how we work.  They still find it not so easy to participate or don't find it as easy as you would find that.  In fact, there are a few people in this room    I will not mention anyone    that has mentioned that very point to me.

My feeling is I think the visibility part, and I'm hearing this come from Alice as well.  The visibility is there.  I think it's this idea of how do we get to the understanding level that seems to be somewhere everybody wants to go but everybody here is pointing out we are still in that visibility stage if we are looking at what the three pieces that Jonathan had given us.



>> BILL SMITH:  Yes, Paul, I think that's interesting how Governments don't know how to participate in RIR processes.  It's true in the different Internet organisations.  As someone who is trying desperately to prove there is life after Government, I can tell you that it takes some adjustment when you start participating in a place where there's unscripted give and take.  You know, inside Government there's free discussion.  But when a bureaucrat reacts with the public or another organisation, you normally come to those meetings with the set of speaking points you're supposed to stick to those and you know what happens in the real world?  People say things that aren't covered by your speaking points.

So that leads to a really high level of discomfort.  It's one of the issues around transparency because, you know, people would like to be transparent, but the restrictions inside Government, if I can spill a State secret, are pretty tough.



>> PAUL RENDEK:  Jonathan?



>> JONATHAN ZUCK:  I want to refine your definition of the technical community.  Lots of technical people wouldn't have an idea what this is.  The technical folks in Government know how to switch roles to play.  But a typical company trying to build a Web site in Bulgaria and wondering why there isn't Cyrillic script for their URL, can be technical in their understanding of C++ but not understand why the interactions of Government and the heart of business that works in Internet Governance haven't been able to resolve an issue that seems simple to them or issues of spam, for example, and why isn't it we haven't been able to reach international solutions to run spam?  Everything that happens at the national level is rendered irrelevant by the international problems.

There's plenty in the technical or business community that don't understand what is going on in these venues as well.



>> PAUL RENDEK:  Thank you.  Thank you, Jonathan.

We are going to move on to our next speaker, Alice Munyua from the Communication Commission of Kenya.



>> ALICE MUNYUA:  Thank you.



>> PAUL RENDEK:  Please speak as loudly as you can into the microphone.  They are having trouble hearing you.



>> ALICE MUNYUA:  I'll pick up where the last speaker spoke about and just mention the issue of Governments getting involved in Internet Governance issues and is very much a concern of ours.  We feel that it is not all that inclusive.  That could be said about Governments as well, not being inclusive in the policy processes, but it is of specific concern to most of our Governments, where I'm coming from, not being involved in, for example, African processes.  I think it's also about not understanding how that process works.

And then having other institutions, for example, the ITU that comes in and begins to introduce the perceived new role for the ITU in terms of managing IP addresses and, of course, because of the certain level of clarity from that space being provided, there's a tendency to want to go with what is clear, what is simple and I think that's why sometimes I think the technical community and not all of them, makes it very difficult for some of us to be part and parcel of some processes and not also Government.  But also coming from civil society background.

I think what I would like to, you know    very impressive, I also represent a very impressive Government because I'm from a civil society background, but representing what the CCK considers issues and issues on the regulatory authority.  And in a way trying to bring, pass on the information between the two groups and how we managed to do that is by just creating a network called Kenya ICT Action Network that allows all stakeholders to speak together, to each other.  Sometimes it has involved a new policy being developed, like the most recent one was the Kenya communications amendment act.

That process in itself being forced to be extremely transparent because there are issues or gaps that have been noticed by industry and by civil society and Government having to take them up and having to do their job in terms of creating those policies and creating that conducive environment.

Having said that, I also admit that we are rather slow in following up in that some of the policies are not flexible enough to be able to follow up the advancements in terms of technology and in a way we've made mistakes, but also gone back and admitted that yes, we made mistakes.

One very good example was just the way we approached, for example, the 3G.  We took it as a licensing process.  And then eventually decided that no, we needed it to have a technology neutral framework.  But went back to industry and said:  Mistake.  Let's try to review it and see how we are able to make sure that we are taking care of everybody and not simply taking money from a particular stakeholder who is providing a service that enhances development.

So for me, that's a great example of a Government that is trying very hard to be transparent and trying to understand this new    it's pretty new, Internet Governance and just the word governance itself.

We had an issue in the East African IGF most of the private sectors complained about the word governance in Internet Governance much one of the reasons they say they are not able to play an active role is because governance is ambiguous and frightening.  For them, to quote verbatim, was it feels like it might affect their bottom line.

Well in the west African IGF, it is the Governments that had the issue with the word governance after Internet.  It has to do with processes, what is perceived as ICANN processes that have really not everything to do with Internet Governance.

Having said that, though, I think for us the issues of transparency have to do with clarity and getting information on time.  One of the reasons why, for example, the East African region had been missing in the Internet Governance process from the first to I think Rio and Brazil, we didn't understand what it was about.  Yes, sir, it's about discussing public policy issues, but they are not necessarily public policy issues and to go back to the comment I made about Internet Governance for us now discovering and standing up and deciding this is what Internet Governance will mean for us.  And also will mean for us in terms of content, in terms of substantive issues and in terms of the process as well.  That's why the East African IGF, for example, has taken a different stand and said we are going to have to make local relevant sense out of it and develop it to suit our own context.  For us it means providing clear information, you know, whether it's of technical or content nature and ensuring that that works with our processes in terms of creating conducive environments, policy and regulatory conducive environment as well as technical advancement and innovation and involving all stakeholders, ensuring that our processes are multistakeholder in nature.

The Government, for example, doesn't pass on any piece of ICT policy without first taking it out to the stakeholders to discuss.  The same things with the Communication Commission of Kenya and the UCC and Rita and Rwanda, it has been enshrined on some of the pieces of law that we have.

Before we introduce any regulatory framework of any nature, be it how we manage our ccTLD, we have to take it out to the Internet stakeholders to discuss if that's the way, best way to go over it.

We delayed for two years or more with just beginning to look at how we are going to deal or how we are going to deal with the new law and our new ccTLD, for example.  We are waiting, we have stakeholders with differing views and the Government will eventually have to take a stand on it but we have to wait to take on every stakeholders position on the various issues.  I think that's it for me for now.



>> PAUL RENDEK:  I have a quick question for you, Alice, if I could.

How do you, your Government then define your Internet stakeholders?  How do you define that?  That's a lot of us from the industry side have a difficult time understanding when we would be considered somebody that you would consult with and when we wouldn't.



>> ALICE MUNYUA:  I think for, yeah, the Government has considered Internet stakeholders as everybody.  But the main ones are currently what the CCK or the regulation considers the Internet stakeholders are ISPs, users in terms of organized civil society groups like consumer groups, private sector including, now we are actually telling telecos to be Internet, because they provide Internet via mobile services and the public.



>> PAUL RENDEK:  Thank you, Alice.  Does anybody else have questions or comments for Alice?

(There is no response.)



>> PAUL RENDEK:  Thank you very much, Alice.  You touched on pieces that the speaker from the European Parliament also brought up.

Our next speaker, Thomas Dailey, Chief Internet Counsel from Verizon.



>> THOMAS DAILEY:  Thank you very much, Paul.  Can everybody hear me all right?

I'm going to bring a little bit different perspective than what we have been talking about to this point.  I suspect I'm one of the few people who works for private corporation in the room.  I may be wrong.  But I'm going to give you some thoughts from somebody who is actually the recipient of governance and regulation.  And just give you a few thoughts on what Internet Governance is to us in the U.S. as one of the biggest ISPs in the United States.

Then a couple thoughts about Government transparency just to consider.

In the U.S., as many of you are probably aware, the Internet business is largely unregulated.  A lot of us think of that in terms of FCC, Federal Communications standpoint of regulation of the communications network.  Thankfully, that's largely almost exclusively unregulated in the U.S.  As an ISP I say thankfully.  We are happy with where we are in that regard.

But when you step back and look at how you run a business, which I have been the chief Internet lawyer for Verizon for the past 12 years.  I can tell you we have gone from a small sleepy dial up business to a fiber optic corporation with 10 million ISP customers.

We have seen a lot of change over those years and I've seen a lot of governance change.  I actually like the word governance.  It's better sounding than regulation, which sounds rather heavy handed.

Governance to me implies that there is a participation, that there is a lighter touch in a sense.  That the industry and others are working together to sort through issues and problems which, all the discussion up to this point and throughout the last several days has been focused on these different issues and problems.  But it isn't necessary that you need a heavy hand in forcing resolution.  The Internet evolved because of freedom and flexibility.  We hear that all the time in the net neutrality debates going on.  The concept is to preserve flexibility and freedom.  We need to think about that as we think about governance as women and regulation and whether regulation and heavy handed participation is something that is really necessary or whether it might be counterproductive.

But so from an ISP standpoint there are several ways that we are actually quite regulated in the United States.

One is there are laws that affect how we deal with our customers.  Laws on advertising.  On credit, on privacy, consumer protection.  All of these are forms of governance from my perspective where I sit as the Chief Internet lawyer.

There are laws that affect how ISPs deal with the actions by their customers.  We have customers, as do all of the ISPs in the countries represented in this room, who have a tendency to pirate copyrighted material.  If that's the case, there are rules about that.  In the U.S. there are copyright laws.  There are approaches being taken by different countries.  Everyone is trying to look at this issue of how to deal with a rather difficult problem.  But it's a form of governance on us because we have certain things that we at Verizon do in connection with helping the content owners deal with a very serious problem that they are addressing.

Then there's also regulations regarding the ISP's role as part of the overall Internet ecosystem.  Ecosystem, by the way, is the word of the year in the United States.  I don't know how it is filtering out to the rest of the world, but areas like data protection, cyber security and law enforcement cooperation.  These are all things that ISPs do partly because there may be underlying laws but also because the ISPs do these things to help with the Government and other issues and protecting their customers.

Finally, there are industry technical standards which we heard all about with ICANN and all of the other various organisations.  We are in a sense governed by those as well.

The second big area of governance for ISPs is really internal.  It is contract.  That's the fundamental governance mechanism in the United States for dealing with ISP customer relations.  It is by contract.

There is an agreement that every customer signs.  It lays out what the ISP will and won't do and what the obligations on the customer are.

Fundamentally we are governed by our contracts and our acceptable use policies.  Our other internal policies on topics like e mail retention, privacy, how we handle data, subpoenas from law enforcement, things like that.

And then finally there's a form of governance that isn't heavy handed at all, it's very light.  Internal philosophies and approaches to things.

Governance comes from inside, from outside, from laws, regulations and also from industry self regulation, which we see in the area of threat assessment and response with the various CERTs.  We see online advertising, a very hot topic in the U.S. and over in the EU now as we examine principles of privacy, principles of online advertising, the economics of the Internet.

These are all very important issues and in the U.S., we are moving towards an industry self regulatory model for online behavioral advertising, interest based advertising.  Is it going to work?  We hope so.

There's different ways of looking at these things and that is one.  We are going to look at industry self regulation.  That's a form of governance.

There are issues around child pornography and law enforcement and all these things that ISPs cooperate with and voluntarily do on their own to address societal problems.

Let me shift a gears and talk a little bit about transparency.

From an ISP standpoint when we are dealing with the development of laws and regulations, when I hear transparency, I think:  I want to have transparency and a view into what those who would pass laws are thinking as they are developing the words that they put down on the paper that would then govern what I can do as a business.

So transparency in the way laws are developed is very important.  In the Internet space, as everyone in this room knows, it's highly technical.  The goal of every law maker should be avoiding unintended circumstances.  I'll give you a very simple example.  There has been a lot of debate about blocking and filling    fill in the blank, illegal pirated content, child pornography.  There are countries around this room, around the world that block content for different reasons.  They do it today.

So as we are in the United States, we don't have a law requiring the blocking of content.  We have a State that tried to do it once, Pennsylvania.  It fell considerably short of what was constitutionally acceptable.  And for good reason.  But when you dig into an issue, just a simple issue like blocking, it's not so simple.

To understand blocking, you have to understand the technology that is behind it.  What works and what doesn't work.

I have gone on.  I brief legislators a number of times in our country about what blocking means and how one does it as an ISP and what works and what doesn't work.

If you are talking about doing something like that or if you are a court looking to impose an order to block content, you need to understand what you are doing.  And what those rules are.  Because if you're not careful and you impose a 100 percent obligation on an ISP to block a certain type of content, that ISP might as well start paying the fines right now because there is no way to guarantee that you will block all access to certain content unless you go into some technologies that most Governments are really not all that interested in having ISPs do.

So I'll stop there, but the notion of transparency is important to a company.  An ISP in an evolution and development of laws and in working with those who develop those laws and there are 100 other areas of transparency that I'm sure we can talk about, but I'll stop there.



>> PAUL RENDEK:  Thanks very much, Tom.  Does anybody have any questions or comments for Tom?  Yes?



>> JYRKI KASVI:  I'm Jyrki Kasvi from the Finnish Parliament.

Just to comment on this blocking thing because you may end up with really controversial results.  For example, in Finland we have this child pornography filter.  It is very easy to analyze.  It is not rocket science.  We are using taxpayers money to build a database of potential child pornography sites for anybody who wants to look for them.

That's what happens when you don't understand the technology.  Thank you for what you said.



>> THOMAS DAILEY:  I'll tell you, the technology that goes into identifying sites, the worry that we have is that particularly if you are using DNS or something like that to block, you can only block the top level domain.  If you get a Web site that is www.   I don't know, a big hosting company dot  com/child porn and you block at the TLD, you now blocked everything.

This is the over blocking problem that we see.  This is the risk, that you have a very specific domain.  You know it's only that, it's less of an issue I see.  This is part of the challenge in picking a technology that can actually affect you, the thing we all want to do, but do it without blocking things we shouldn't block.



>> PAUL RENDEK:  Yes?



>> JAMIE WAGNER:  Excuse me.  I want to identify myself.  Jamie Wagner from Brazil.  I'm from the ISP community.  I own an ISP provider and I represent the ISP community in the CGI, the Brazil Steering Committee.

I would like you to comment.  There is a difference between blocking and filtering, preferrable filtering and a way to react and to be very proactive in removing content.  That's the way we are envisaging it in Brazil.  ISPs are signing terms of agreement in order to under judicial managers, not police measure but judicial measures to be very proactive in removing content after there is a complaint and there is also a technology up for receiving these complaints and to be very proactive and effective in removing rapidly.  I would like you to comment, do you think is this something that would work and would you admit that in the U.S. also?



>> THOMAS DAILEY:  Yes.  Actually we do something very similar in the U.S.  The notice and take down.  We are working on the ways to learn if there is illegal content hosted on our servers and then to do something about it.  So yeah, we have that same model in the U.S.  I think that works very well.  We also try to use a lot of software.  We give it to our customers to let them do their own filtering of URLs.  That's less of an issue.

The problem comes when the Government passes a law that tells you you must do this.  In our country we have the First Amendment that kicks in to address concerns over the over blocking problem.  I think what you're doing in Brazil makes a lot of sense on the notice and take down side.



>> PAUL RENDEK:  Okay.  Thank you very much.  This is a very interesting discussion.  I find it interesting personally, but I just want to bring the discussion back to the workshop focus.  Thank you very much.



>> BILL GRAHAM:  Paul, I just had a very brief comment that I think will actually do that.  What concerns me about all of this kind of work is that what we are doing is having state actors like police forces getting private sector entities to act in their behalf in a very nontransparent fashion.  That to me is a significant concern.  There is work going on in a number of international organisations that appears to me to be heading toward, to be advocating doing that.  I think it's a very dangerous incursion into transparency and law enforcement.

Thanks.



>> PAUL RENDEK:  Indeed.  Does anybody have a comment on that?



>> MARIA HÄLL:  Short one.  I very much agree with, Bill, what you are saying and an interesting presentation.  It has a lot to do with knowledge about the Government's need to know, when doing regulation, they need to know how Internet technology works, to be able to target the right thing.

That's why I think dialogue during this is very interesting.  Of course, what Bill also said is Governments have different, have a certain process.  Of course, the business entity needs to know the process.  We can't say anything.  We have our standpoints.  We have to keep at our agenda.  That is also something we need to understand.  Better knowledge, more understanding is going to increase the dialogue, I think.  It's very, very important.



>> PAUL RENDEK:  Thank you and thank you, Bill.  You've actually done a wonderful job in introducing our next speaker.  We actually have a speaker here that I hope is going to bring to light some of the thing that are happening in the law enforcement area.  And hopefully these are brought up to the surface so that they are transparent and we can all see what is happening there and all participate.

On that note I will introduce Wout De Natris from the Cybercrime party as the next speaker.



>> WOUTH de NATRIS:  Yes, this is one of the concerns we are going to run into.  My name is Wout De Natris, Chair of the Cybercrime Working Party.

Being one of the last speakers, the problem is always a lot of things may have been said, but I want to do my best to try to wrap up more or less everything that we are going to take and the title, fight Cybercrime across the board.  Here is, it's a Dutch board name, Man Don't Get Vexed.  We have four players.  You have to get these into an individual box, but it can be knocked off the board.

You remember playing the game and wham, that what happens when you were five or six years old and the board flies through the air.

Let's go back to the board and let's look at the board as Internet.  As far as I have been told in the past couple of years, 30, 40 years ago it was very obvious that there were only a couple of players and one was the military.  The other was the Universities and there was somebody keeping score of the IP addresses in his own private log book.  That's the way they were allocated then.  They played the game and everybody was happy and there were a couple of end users who through the University, over the Internet from their home and there were telecommunications companies that made sure the connections were made.  It was that simple.

Through the years, other people got involved and everything got closer together.  That's where I am going with my story Sha industry became more or less everybody involved with the Internet, whether they were an ISP, hosting, doing the communications.  It's a very vague understanding of who is industry and when you look at the main session tomorrow, it says we have to cooperate with industry.  So okay, that sounds very nice, but who are they?

On the other side there is a technical community who grew from in notebook giving out IP addresses and became bigger and bigger.  In the end they become also industry.  There were more players moving on to the board.  It meant on one hand we have the Government moving in because they are concerned about this Internet and all that, and the openness of it and the problems that we may give to the use of the Internet.  And all the things they want to keep secret more or less.

On the other hand, look at the end user.  Bigger and bigger.  The Government is an end user and banks and companies became end users of the Internet and protocols and all starting to play against each other more or less because they all want something else.  Maybe they stopped understanding each other somewhere along the way.

And then came the fourth player nowadays and this is, of course, from law enforcement, the end user there.  These are very creative people called cyber criminalists and cyber warfare and other names for them.  And there you, they started playing the game and bending the rules and they make up their own rules and not playing the game anymore.  They are playing their game.  The rest is looking at it in a bit of frustration.

Of course, this happens somewhere along the way.  A lot of people got annoyed witness, but they don't have an answer.  What happened in the first years, more or less it was an individual approach.  And local, national Governments started making local laws and a local force was looking at local criminals.  And now that is not working that way anymore when the Internet is involved.

The company protects its own interests.  They start building these defense mechanisms.  As we heard this morning these motes and big castles and Archers and even a mote with crocodiles and it wasn't working.  The back door always seemed to be open.  In terms of the contract, we heard the gentleman from Verizon, they have a lot of contracts going on, but everybody deciphers whether they cooperate on this, do they regulate their own contracts and terms?  Do they enforce them?  Maybe they do; maybe they don't.  Nobody says you should be doing this or you shouldn't be doing this.

End users are basically ignorant, just to name this word, and sometimes just slack because they have to update the software and well, I would rather download something illegal because it goes faster.  I'm updating, I'll just keep that for awhile and maybe their computer becomes infected along the way from the bigger end users.

What happened a couple of years ago, I went to a few meetings over the years and saw people getting together and ISPs and hosting companies.  This is what happens.  This is, dealing with folks with a lot of arms.  The name is Durga.  You can see she's multifunctional because she is doing something here, fighting, holding up her Regalia and running, nice smile.  She must be able to do everything at once.

But what happened in the meetings I was in with all the ISPs is that even this goddess didn't have arms enough for all the people trying to point to each other and trying to say you are the one that has to do something.  And they had ten or 20 or 40 arms, they were still using them to point at somebody else but not at themselves.

That is probably what we will have to change over the years and what IGF is managing to change.

What we need is a break through with change.  In the next hour in the room next door, number 7, they will speak more about the need to change.  We are going to try for international cooperation because it becomes a necessity.  And we are going to have multistakeholders, multiopportunities.  There's a question already asked who is the industry?  But also who is Government?  Who is the technical community?  If you divide it up into spare parts, let's say I'm a criminal.  I want to go on the Internet.  What do I need to be able to go from my computer to the end user and everything in between?  And get the revenues and send the packages I want to pack everybody when I'm sending illegal drugs or whatever I'm selling, whatever I'm doing.  Who do I need to make sure in the end I've got money or I've got an infected computer I can use for whatever.

That's what I am proposing to the IGF for next year as an idea:  Let's try to find out in the meantime who do we need at this table?  Who has the keys to what part of the solution?  And when does this individually divide and recognized, we can go on and look for what are our common goals?  What are our common concerns?  And we are able to discuss common concerns, that means you might be able to start talking about common and agreeable solutions for everybody which may help to tackle this problem.

And that means the question, the last one, who needs to be on board?  Well, committed Cybercrime working party, we started with the right NCC, RIPE NCC, the EU is on board.  Transparency, that's what we are aiming to do.  We have to come together and alert each other, to share information on time about what is going on in the world.  The industry should alert law enforcement:  I have a major problem.  If a bank doesn't say I have been Phished, to law enforcement, you know the biggest problem we have to tackle at that particular point in time.  It's the same way from law enforcement to industry.  We can't do anything, but we know there's something being hosted on your network or whatever.  Can you help us remove it?  That's the only thing we can do in our country.  As a law enforcement agent you maybe able to give information to another country that may be able to prosecute.

Let's identify who does what.  What are the next steps in industry with law enforcement and government and try to tackle some major, major problems that we are going to engage, which is something I will tell about an hour from now about.

But the Cybercrime Working Party is a way of doing this.

So multistakeholder in the RIPE NCC community, we have a goal to share, coordinate and cooperate on international solutions and to try and aim for a national implementation.  To find solutions at the international level and make sure they trickle down to the national environment and have them implemented there.

And hence, across the board approach.  Otherwise, if we don't all play the same game on the board, we will never get to an understanding of each other and try learning to trust each other.

And just look around at the whole IGF.  Have you given a thought to who is not here and who we will need here next year?  That's something that I hope we can get at in a couple of months and from there try to take this further.

If you would like to hear more I'm in the next workshop, from 1630 in the next room and RIPE NCC will give their angle to the story as well as Microsoft will tell about the information systems they have in place for governance and for law enforcement to exchange and in order to exchange information an work together.

So I've advertised to everybody to come to that meeting.  So I thank you.



>> PAUL RENDEK:  Thank you very much for that.  Does any questions have any questions for Wout or any of the comments he brought forward?

I have a quick question.  One of the transparency questions that I was about to raise but sort of thought I had run out of time is whether there's sufficient transparency between Governments or between foreign Governments and a domestic corporation when there has been a Cybercrime committed.  Do you think there is?  Do you think there needs to be more?  What is your thought on that?



>> WOUT de NATRIS:  Okay.  Sorry, I thought that was somebody else, but my thoughts to that, I can speak more freely now since I'm no longer with a law enforcement agency in the Netherlands.

One of the things we run into and the questions we had at a meeting we had last week at the RIPE NCC's offices is a good example.  I think that industry, if they learn how to respond to threats and make sure that the law enforcement hears about them, law enforcement may learn to make different decisions.  And the response we got from law enforcement agency said when I explained what one of my aims for this working party is, I can give a presentation on how we prioritize and then industry said take would be very interesting because it might help our members to understand how you work.  The other way around, hopefully they appreciate that maybe not with the biggest cases are being dealt with at this moment because of what we don't know about them.  As law enforcement we can only know what is going on when it is related to us.  We may make the wrong choices.  Committing international Cybercrime, there are not enough examples that are being taken on in a serious matter.  I know how why that is.  You go across a border and it may take a year to get a simple answer on an IP address.

If you have a choice between a domestic case and international case, 99 percent of the law enforcement agencies, the choices they will make.  That's something which we need to change if we want to get a real change in fighting Cybercrime.



>> PAUL RENDEK:  Thank you, Wout.  Are there any other questions for Wout?

(There is no response.)



>> PAUL RENDEK:  We'll move on to our last speaker of the day.  Ruth Puente.  She is the policies and external relations officer at LACNIC.  Ruth, please speak into the microphone as loudly as you can.



>> RUTH PUENTE:  Good afternoon, everybody.  I will address the organisation perspective of transparency.

The number one resource organisation NRO, represents the five regional Internet registries, RIRs.  That's as you may be aware, their response is indicating administering the IP addresses and related Internet resources.

It was formed in 2003 as a coordinating mechanism.  It allows the RIRs to speak as one voice and to work jointly and collectively in technical projects and security, Internet security and community outreach also.

We participate in the Internet Governance discussions with respect to NRO information.  We have been actively participating in the WSIS repository process in the IGF.

The RIR community operates under an open and transparent and bottoms up development, policy development process.  Open because all of our policies are discussed in an open Forum.  All our meetings and mailing lists are open to anybody.  And transparent, because all these aspects of this policy development process are documented and publicly available online.

Bottom up because all of the policies are born from the community.  But beyond our policy development process, we have a close relationship with a wide range of stakeholders group individually and together as NRO such as network operators group like APRICOT, MaNOG and others.

Company standards, standard bodies ace ITF, intergovernmental organisations such as APIC, ACD, CANTU and ITU.

Also we work closely with Governments and regulatory bodies.

We found that transparency enables us to achieve certain things such as foster sustainable, robust and secure Internet and facilitates the exchange of information as well as it encourages the engagements of our stakeholders in countries with capacity building in developing countries.

The open structure of the RIRs allows the organisations to engage with all stakeholders including Governments through our working Government groups, governmental meetings and also with law enforcement agency events.

And to summarize the result of our transparent and inclusive model, we understand that our better understanding between the stakeholders groups, a positive cooperation in the Internet environment and open processes to all the stakeholders.

Some recommendations to enhance transparency.  We think that remote participation is vital as we use it as an inclusive tool in our events in all RIR events, but also we can see here, for example, in this workshop and all the sessions how this still helps to include all the interested persons that want to participate in this Forum and can do it remotely.

And we identified the need of inclusion of, in the events organised by the Governments.

Finally, we think that this is important to make use of the technical community and experts in the governmental arenas, given a bias in exchanging information.  That is the final remarks.  Thank you.



>> PAUL RENDEK:  Thank you very much, Ruth.  Does anybody have any questions or comments for Ruth?  Yes?



>> JAMIE WAGNER:  I have a comment to present to the group.  Well, I already identified myself.  My name is Jamie Wagner.  I am from Brazilian Steering Committee and represent the ISPs.  I'm also in the GNSO Council at ICANN.   

Bottom up multistakeholder process.  But I would like to make a comment because sometimes there is participative bottom up approach, it is the well informed and the more interested people participate more than the less informed and less interested people.  And sometimes this approach of bottom up participative approach can legitimate decisions that are not taken by all of the interested parties, but by some because it was in the form and in the process open, but, well, it is just natural that the more informed and more interested participate more than the other ones that are not, that can be affected by the decisions but they don't have the information or the interest to participate enough.

And that's why in Brazil we tried another kind of approach to democracy, that is to build from bottom up, to try to reach consensus in some very high principles and the whole process and even legal authorities and national authorities, the legislative bodies and judges must or should participate in these principles as top down can be also sometimes a kind of transparency fostering way.



>> PAUL RENDEK:  Thank you.  Thank you for that comment.

Are there any other comments?  From the floor?   



>> WOUT de NATRIS:  I have a question for the room.  I call, the paradox I run into, when we are at meetings like this, whether at the Council of Europe or it's here or the action plan that we participated a lot is that when we sit in a room, usually everybody agrees in the on international cooperation and information sharing and finding an international case to work on.  It's important that there's something that we can do.  The other side of the picture is, everybody goes on to their jobs and the boss tells them this is the job you have to do.  Whether it's international or it is not my affair, it doesn't score very much with my boss.  So you are going to do what you usually do.  That's a big paradox I usually run into.

What are your thoughts on how we can bridge that gap between the people who participate in international meetings and usually agree to the final comments and when we come home they are not able to do what they more or less talked about in the international level?

So how can we break through that paradox?  That is the question I want to put to you.



>> PAUL RENDEK:  Would anybody like to comment to that?  Nobody going there?



>> WOUT de NATRIS:  Is it so difficult?



>> PAUL RENDEK:  It is a very difficult question now, yes.

Oh, Karen.



>> KAREN BANKS:  Thanks, Paul.  I did have   



>> PAUL RENDEK:  Who are you?



>> KAREN BANKS:  Karen Banks from the Association for Progressive Communications.

I did want to share something about some work that we have been doing on transparency information and participation in Internet Governance with the Council of Europe and the UN Economic Commission for Europe.

But I also wanted to ask a question, clarification to the previous speaker.  Is your question if I want to get involved in policy making around Cybercrime prevention, how do I do that?  I wasn't clear what you were asking me as an interested participant in this room.



>> WOUT de NATRIS:  Well, it is literally the gap between people at international conventions agreeing that you have to cooperate and their management basically saying this is not in our interest to do because it doesn't score with my higher bosses.

So that the international work is always at the most bottom part of his agenda.  And how do you reach that gap and change management's choices?  That's what I'm asking.



>> MARIA HÄLL:  Each and all of us have this problem when we come home.  Agreeing in the room is one thing and then we go home.

We have to present the issue in a way that it is understandable.  We talked about this before also.  It needs to be understandable and everybody is going to have a question:  What is in it for me?  Does it affect me?  Can I effect the process?  What the question is about?

It is very much about knowledge but also about presentation of the certain issue, which is of course a product of, it is a problem, but that's actually one of the problems.  Thank you.

>>:  Now that I understood your question, I have a suggestion because there is, for instance, if you are addressing the managerial part of industry and who is the industry?  Well, they are the ISPs and hosting companies and in Brazil we have more than 3,000 ISP providers.  So we are all in some associations and through these, they are getting acquainted through as my colleague from Verizon said, we have self regulation.  We are trying to bind managerial and Presidents of the companies in self regulation.  You know that private sector is averse or at least suspicious of self regulation, even in self regulation.

But we are making progress in this and I can assure you that participation in this kind of fora increases the awareness, the local awareness of every industry and also from Government and the trust that this can be done.

But I am not saying that self regulation would prevent a local and Government regulation, but we don't need measures of enforcement or even from law enforcement to cooperate.  We know how to cooperate, but we do demand judicial process, not a police process, but made by individual requests to police authorities and then to judicial process.



>> PAUL RENDEK:  Karen?



>> KAREN BANKS:  Thanks, Paul.  I agree with a colleague from Brazil.  I'm from a civil society organisation, so we work primarily with activists and NGOs at the international level and the example that Alice gave in Kenya, that is a multistakeholder and is an effective actor in affecting policy by increasing among other things, I think, increasing demand for participation in processes.

And events like the IGF definitely help that cycle of linking local to global.  I think it's a very important part of the capacity building needed to support that bottom up process of influencing policy.

But if I may just take a minute to share a little bit of information about an initiative that APC has been working on with the UN ACE and Council of Europe for the last three years.  It is a framework of principles and guidelines that is intended to help improve transparency and inclusiveness in governs processes and for entities involved in Internet Governance that outlines principles concerning information and it actually refers to several of the things that have been raised by people such as the need for clarity of information, getting information on time, summaries and so on.  Similarly definitions around participation.  It's really intended as a framework that includes some ideas for monitoring and review that we hope could be useful for entities, whether they be private sector, Government, any entity involved in Internet Governance that they could use to help improve their own processes concerning participation, information and transparency.

We have actually developed this in consultation with quite a few of the organisations that are sitting around the table and we are at the point now where we really would like to start using the framework and seeing if it is useful in helping to improve those processes.  We have a workshop tomorrow at 3:00 o'clock in this room.  If anyone is interested in hearing about how it might be used in practice, how you could apply such a framework to a policy process related to Internet Governance, we would very much welcome your participation.  I think that the framework was also discussed in some of the regional IGF cc's.  There has been discussion around it and we are at a point where we can see whether it's something that can be useful and applied in our work.  Thanks.



>> PAUL RENDEK:  Thank you very much, Karen.

We are slowly coming to the end of this workshop.  Would I like to know if anyone has any closing remarks before Maria and I provide closing remarks to this workshop and where we think we are going to go from here.

Yeah?

Okay, thank you.  If I may, I will first provide a few remarks here and then I will hand the floor over to Maria to close this workshop for us.

Some interesting speakers, as you can see.  We tried to choose people from across the board in all kinds of areas, probably with differing views, which was the idea.  I know that's difficult to get something done in a room like this when you pull so many different areas together, but I think it's important that everybody is heard.

From that we can take things into maybe smaller groups or into other areas and get some real work done and then return and maybe share these things with our other colleagues.  I would like to comment on a few things I've picked up here and also my ideas for what I think I would like to do with workshop moving forward.

Certainly with my colleagues, the industry partners in the technical communities.  I'm putting parentheses around that.  I know that Jonathan will catch me on that because there are some things I've taken from this.  I think I can open up some of the eyes of my industry partners and what we are doing in our transparency and how we work with other stakeholders.  If I look at this, I have to jump over to what you said, Jonathan.  Actually, I did buy in very much to the three points you raised.  I very much feel myself we are in that visibility stage.

It's something that I do with my job, so I kind of feel that's where we are.  I'm very interested in seeing how we can move from the visibility to the understanding part, which is something I do spend a lot of time with Government colleagues such as Maria that I have been able to work a little closer with because it's very important for me to than have an understanding in order to share that with my own community and with my membership.

The second point I wanted to bring forward was the one raised by the speaker from the European Parliament.  I think it is very important for us to define the concepts.  I think yes, they are slightly overwhelming when you don't understand them or you haven't worked for them.  They may mean different things for different parties.

I think it's important for us to go home and understand what do those concepts mean for us?  What does Internet Governance mean for you or for your entity or organisation?

The last thing I wanted to bring up was something that Alice brought forward.  That is, even though I have also had a lot of dealings with Alice in these IGFs and other smaller regional Forums or even personal dialogue that we had, I still find it quite interesting to hear, and I know it's true, that you don't see at times our community being transparent.  I'm looking at this from a part of the technical community and Government.  And I need to know what we can do to try to bridge that or to get rid of that feeling, because I know it is there.

Also you mentioned the stakeholder groups, the Internet stakeholder groups.  I find that very important because I would like my organisation to be one of those groups that is consulted.  I think we work very hard to try to reach out to all these different parties to make sure that we are consulted on the area we feel we are an authority on.  I think it's important for other organisations to take that and understand where they fit in in this whole stakeholder environment.  This is something I've taken from this.

I do think we've got a great start here.  It's just a start.  I think we need to move this to another level.  I'm hoping that some of you will help me and Maria, because I think we have the idea that we would like to actually organise another workshop like this, be it here at IGF or somewhere in a smaller regional Forums where we can take some of the stuff we've learned here and build on them.  I would very much welcome that with any of you here.

With that I will actually hand the floor over to my colleague, Maria.



>> MARIA HÄLL:  Thank you very much.  Wait a minute.

Thank you very much, palm.  And thank you very much all of you that have been contributing today.  It has been a very good discussion.  I could go on for quite a long time, actually, with all the ideas and thoughts that come up when I listen to you guys.

Anyway, a few things that struck me.  You said about this it is not only about transparency and visibility.  It is also about participation.  And I very much agree on that one.  But you know on the other hand what you also discussed today is actually that you need to understand that it actually addressed your policy area or your sector or your issues, which means that it's what is in it for me, as I said before.  That is also something that I am not going to go too deep into when I go into the meetings.  My first RIPE meeting, I understood finally that there are a lot of things here that could affect what I'm doing.  It was not that super obvious.  That could be a little more    we could help each other more out to try to present the things that people really know that they need to get engaged and they are actually going to affect their work one way or the other.

Sometimes we also talked about is the lack of definition of Internet Governance.  We pretty much talked about a lot of things.  Apparently there are a lot of perspectives, a lot of angles, and it touches on other things that we work with on a daily basis in some other ways.  Some definition is necessary to be able to concentrate and be able to go forward.  On the other hand, also maybe not all of us is actually Internet Governance.  This could be Cybercrime.  It could be a lot of things.  I'm not going into whether it's Internet Governance or not.  The way we work within the Internet Governance platform or the Internet Governance community, the way the multistakeholder way we do, could affect other areas to be able to work that way.  It's a positive successful way forward, this way of working.  So it doesn't necessarily have to be Internet Governance issue, but still it could work in a multistakeholder way.  I think that's very important.

What else did I find out here?  Of course, it's a lot about knowledge about the different sectors.  The more the business sector, the private sector or other sectors knows about how Governments work, the process of the decisions and other processes, the easier it is to actually come with contributions and it's the same, even more important in a way that we understand that the Governments understand how the business sector, the technical community or whatever    I don't want to define that one because sometimes I feel like I'm in the technical community myself actually, for sure.  We need to understand how these those things work and we need to know the technology and the technology guys, which includes myself sometimes, need to be able to describe certain things so you understand that this could affect regulation or be affected by regulation.  That is a big area.  That could be a workshop on its own.

Thank you very much for sharing the ISP view here.  That is very important, I think.

Steve mentioned, the first question, even if it's the case that we have a good dialogue, we have open stakeholder dialogue, it comes to the decision.  Of course, the steps towards the decision is very important.  That step needs to be transparent as well.  How on earth did you come to certain decisions?  Why did you actually take the decision or whatever things we actually concluded.  And I would like to say a little bit like Emily Taylor very beautifully ended and wrapped up the managing critical interests resources main session.  She did it in a beautiful way.  I am not going to be able to do it that beautiful, but it was very positive the things she said about we sharing our flaws and our mistakes which gives us, ourselves and all the other people that we are having a dialogue with, a lot of experience to be able to not do the same mistakes, but also to share our success.  I think it is, has been a great two days at the IGF meeting and I am very much looking forward to the other two days.  It's great being able to have these kind of discussions over the sectors.  I'm looking forward to much more of this.  Thank you.



>> PAUL RENDEK:  With that, I would like to thank everybody who participated in this workshop and a special thanks to our speakers and their organisations for actually giving their time to come here.

If any of you want to speak with Marie and I about what we could do in a workshop to take this to another level, whether it's locally or here again, we welcome your contact.  Thank you very much.  Thank you.

(Applause.)

(The session concluded at 0820 Central Time.)



***