FINISHED - 2014 09 04 - WS47 - Enhancing Digital Trust in the Post-Snowden Era - Room 7

FINISHED COPY

NINTH ANNUAL MEETING OF THE

INTERNET GOVERNANCE FORUM 2014

ISTANBUL, TURKEY

"CONNECTING CONTINENTS FOR ENHANCED

MULTI‑STAKEHOLDER INTERNET GOVERNANCE"

04 SEPTEMBER 2014

14:30

WS 47

ENHANCING DIGITAL TRUST IN THE POST‑SNOWDEN ERA

***

This is the output of the real-time captioning taken during the IGF 2014 Istanbul, Turkey, meetings. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.

***

>> GORDON SMITH: Good afternoon. My name is Gordon Smith and I would propose we start now, although we still have one panelist to come. Despite none of you can see the clock in front of me which would indicate we have two hours here. We don't. We have one hour. We are going to have to move fairly quickly. And what I thought we would do is I was just going to pose a couple of questions to begin. And then I'm going to ask each panelist first just to say in 30 seconds who they are and what their interest is in this subject because it is a very interesting cross‑cutting subject obviously. And then secondly to give their reply to the two questions I will put out and make whatever comments they want. I hope we can keep our comments at this end of the room down to five minutes or so. Because I really want, would like to have an exchange with those of you in the room and really try to engage you all rather than all the talk coming from this end of the room.

The first question I hope we will address this afternoon is, you know, the word revelations, the Snowden revelations, that's in the English language. This is a strong word when you talk about revelations. What is it exactly that the leaks from Edward Snowden was so revealing? I am tempted to start answering the question myself but I don't want to do. What are we talking about when we are talking about something that a revelation which is obviously something totally you would think in using that word is absolutely amazing. Is sort of the charts in terms of predictability. At least that's how I would understand that word. Let's try to be clearer than some of the discussion has been as to what revelations we are talking about.

And the second thing is I mean I don't think there is any doubt that I feel it, too, that there isn't a trust that was once there. But how is that lessening of trust, unless somebody is going to argue that there is no lessening of trust, how is the lessening of trust playing out. Is it something that people feel, an unease or something where you know and can ‑‑ and can describe in terms of use of Facebook data, whatever. But I'd like us also on both questions to be more specific than a lot of the debate has been. So why don't I go to my right Moez and let you introduce yourself and comment on my questions and make what other comments you would like.

>> MOEZ CHAKCHOUK: Thank you. I am Moez Chakchouk from EU. Agency that survived for longer years the Internet in my country. When we deal with trust, trust is an important issue that we are talking about because of the revelation. Of course, yeah, again. When we deal with trust I mean we need to trust each other and I think that people in this world don't trust each other anymore as before because we lost a lot of values and these Internet things become much more complicated and worse.

Let's talk about why we need ‑‑ why we need this trust so bad today in my country, for example. Why we need to trust the Government now saying that I won't surveil my citizens, I won't censor the Internet. At the same time people are thinking there are a lot of issues that we need to deal with before trusting this Government or trusting the state to do such kind of things.

And, of course, this is not helping because actually when we see in this field and these revelations because ‑‑ let my country become much more complicated because we reveal that powerful countries are now doing a lot of surveillance and for the reason that they have the national security issues and because of the spying issues. At the same time when we come to this country and to this Government and say we don't need it, we say no, look to examples of all developed countries. We need to do the same. This reminds we have something very important. We try to the same weapons as we did before for war, you know. And now for the cyberspace we talk much more about the cyber war. It is like a Cold War anymore. Not between two powerful countries or two groups of powerful countries but it is much more about all countries in the world, all countries are against each other. And trying to trust each other now has become much more difficult because of these reasons. Because if we want to guarantee the security of people and safety and do keep bringing arguments to do some surveillance or to find solution for cybersecurity we need people to trust this and this is not the reason because for different reasons. Because in my country we are in a transitional period and after election it won't be so trustable. Some people will doubt. There is some people in the Government they will ask for much more surveillance to ask other countries to bring much more censorship. But it is just not because they are elected that we will not trust them for sure. We need more actions. We need to show that, for example, we can talk about how they become much more transparent. How they can publish, for example, transparency report on about all these requests from coming on the cyberspace. This is one of the issues.

So I think transparency is a big important to deal with for this panel and also how to open the dialogue with all the society. We try always to keep these issues on cybersecurity and cybercriminality as it is only the role of the Governments. And we now know for the cyberspace we need to be much more open and to find new mechanisms that could involve much more than society on these issues.

>> GORDON SMITH: Thank you very much. Chris?

>> CHRIS RILEY: Thanks. And thanks for keying up a couple of key themes. My name is Chris Riley and I work for Mozilla. It has been our position that there has been a significant and perceptible harm to trust in the last couple of years. I have to ask a psychologist, I am a recovering engineer and recovering lawyer and I am not particularly qualified for that. The degrees of surveillance and reality has demonstrated was much larger than anyone has imagined. And we don't have a full sense of what that reality is. I don't have a handy cheat sheet to all the revelations that were put out but sort at the high level interest have been major intersection points at border collecting data as they pass in and out of the United States. There have been deliberate actions to store and deploy security vulnerabilities against individual targets of intelligence and a broad private sector interest for business purposes and even use it for law enforcement and surveillance activity resting on a framework saying third party doctrine you lose your privacy ‑‑ I put these in to three buckets, buckets for mass surveillance, again can be domestic or international, things like using vulnerabilities to try to get in to a specific person's computer and then surveillance by proxy, already gathered by other private sector entities and using it for other purposes.

I don't think it is really surprising that there is aggressive activities in this space. These are legitimate and there are reasons to do these things, but the breadth of what's going on compared to the degree of secrecy that has been maintained about that breadth is what's startling. And we have seen behavior and response to that. I was at a panel Tuesday morning looking at localization and at the responses that have been made. Some additive and technical like trying to lie a new ‑‑ a cross Atlantic data cable between Brazil and Africa and Europe and some that are potentially harmful like localization mandates in different countries that really interfere with the global free flow of information. There is a major harm here and we need to work on it and fix it.

>> GORDON SMITH: That's great. Carl.

>> CARL FREDIRK WETTERMARK: My name is Carl Fredirk Wettermark. I am from the Swedish Ministry of Foreign Affairs. I also have a terrible cold due to the air conditioning here. If I am a little bit short that's why. I will just make a brief reflection on the revelation part of the Snowden revelations. And I wanted to for a second perhaps bring back that debate to a national context that we have had in Sweden. These laws generated massive, massive national debate and I would say that for us that was our time of revelation. We had a couple of propositions from Governments that were thrown at Governments and debated in parliament and parliamentarians were quitting their jobs and lawyers were writing amendments. And the original draft for this bill was heavily changed at several occasions. It was one of the possibly largest political events of the late 2000s in Sweden.

Now the reason for this was obviously we were moving from ‑‑ we were moving from intelligence collection in the east to intelligence collection in cable and this was ‑‑ it was clear already then that this would have consequences for privacy and for people's integrity. So the debate that we saw nationally now we in some ways are seeing being mirrored in an international scene now and I think it is ‑‑ I think lessons can be drawn from the experiences of countries that have gone through that process of adopting what I would say are very cohesive, one single cohesive law that describes constraints and abilities and tradeoffs that exist in a different interest here while doing in a Human Rights framework. There were obviously a lot of debate about at this time as well about what impact will this have on people's willingness to spread information online. How will it affect, what chilling affects will it have and this debate lead to major changes in this legislation.

Among other things the legislation was the concept of nationality was removed from the legislation so as to give equal rights to both Swedes and non‑Swedes. There was oversight mechanisms and parliamentary court was also enacted and limitations to Government power. For instance, the Government cannot use the intelligence agencies to target individual nor can it use intelligence information in any legal process.

So these were very clear and strict limitations that were put in to place as a direct result of the very vibrant national debate that we had. And as a consequence I would say that the revelations that we've seen did generate a lot of debate in Sweden about the NSA and about international revelations less so about the Swedish intelligence because of the fact ‑‑ there is obviously an ongoing political discussion but at least a broad agreement about the rule of law implementation, rule of law based implementation of this intelligence law. And I think that is really the key issue here now that we are seeing how the focus is being shifted from the countries that were early on adopting these types of legislation. I was involved in the drafting process of this early on in 2008. And I remember that we were taking a lot of heat for this because we were giving ‑‑ it was easy to give the perception that Sweden was the only country that was doing intelligence collection. But in reality we were one of the few ones that were prescribing it in open and clear statutes at an early stage together with several other countries. But noted as well in the excellent report that I can't remember the name just released now, globalization society report detailing the IGF.

It is also clear that the issue of global surveillance and how it is being conducted in many different countries has never been more broadly discussed. And I think it is crucial to bring forward these principles of rule of law of transparency and for this ‑‑ I mean I commend, for instance, Sweden has very much welcomed the adoption of these ‑‑ of the necessary and proportionate principles as a starting point for that discussion. And we moved onwards ourselves with a number of principles that we should think basic, but principles that we think many countries should be able to sign up to. And we also see that other countries such as the U.S. is starting to talk about intelligence collection in terms of principles to be followed and that is, in fact, a game changer. And looking forward I mean it is, in fact, the first time in history that you have intelligence methods being discussed in a matter of establishing not international principles for intelligence collection and it has never been done before. I think it is sometimes easy to lose track and it needs to be nurtured and brought forward.

>> GORDON SMITH: Thank you very much.

>> MARILLA MACIEL: My name is Marilla Maciel. I am a researcher and head of technology and society of Getulio Vargas Foundation in Brazil. We work in the fields of digital, Internet Governance which is personally my line of research. The first question you ask about the use of the word revelations I think that we know for a long time that there are mass surveillance going on. And we know about the existence of agencies like the NSA and their counterparts in other countries that have pretty much expended their powers in the secrecy during the Cold War. They are in a chronic and democratic society and maybe the revelations tell us that this is something that needs to be discussed with urgency because there are fundamental elements missing in how these intelligence policies are being developed by countries such as transparency consent, oversight, all these elements are missing. And even though the intelligence community likes to think they are apart from other public policies, intelligence is a kind of public policy. And it needs to be discussed openly by the public.

I think one thing that was a surprise for many of us was the lack of respect for Human Rights that is being conducted by the state agencies and the reaction from the U.S. Government that try to differentiate the standards of Human Rights that apply for U.S. citizens and for non‑U.S. citizens. Taking in to consideration the leading role that the U.S. has played in Internet development and the fact that they have set high moral standards for all I think that this explanation was pretty surprising for many of us that are not U.S. citizens.

Another surprise for some is the depth of the strategy of mass surveillance that encompasses all the different layers of the Internet. Some people were aware there was surveillance on platforms but there is also on softwares. There is also on the telecommunication layers and all this technology is being put together and make it really hard for other countries to try to curb more surveillance at least in a short time frame. One of the consequences of these revelations is that the fragmentation of the Internet that we have been talking about for a long time, maybe it is now real than ever as a possibility. Maybe not so much structural fragmentation of the Internet because this would not be in the best interest of the most powerful players.

There could be disaggregation of Internet Governance in three different levels. The first of them is on the level of ideas and the ideology that underpins the regime and this is related to a relative loss of influence of the U.S. Government that had the ability to shape the predominate understandings that we had Internet Governance. I think that we lack leadership in Internet Governance. I am not passing judgment on that. Maybe this is positive for other countries that have tried to exert influence. But this is something that we need to look in to. There is a clear vacuum of leadership in the regime now. The second level where disaggregation can take place is normative level. Make national laws apply to data that is stored in different servers. And it may create difficulties and complexities for regulations that we need to deal with and creating difficulties for intraoperability on the judicial level of Internet Governance.

And the third aspect we have a trend of continued institutional disconnection and this is something we need to look in to, especially the silos that have been bridged between the cyber community and the security community and the Internet Governance community. This is something we need to be more involved with. The discussions around cybersecurity, many of us have started to follow up. We have been to London and we are looking forward to being in other meetings, but there is other topics that are being discussed elsewhere that most of us are not very much informed and aware such as the control of cyber weapons. Countries are trying to impose export controls on technology. This has been going on for some time. Hardware and technology of new use are controlled since '96, but now they are moving towards some kinds of software that could be used for hacking or softwares of DEPAC inspection. And these softwares that are used for hacking they are being poorly classified as cyber weapons. There is no established definition. So there can be an overinclusion of software that is used by hackers to acquire information as cyber weapons.

So this will make it harder for us to continue to have action and information of surveillance that is taking place. This is one of the issues that we need to look in to. Maybe us who are in the Internet Governance Forum and involved in Internet Governance one of the best things we can take from these revelations as a lesson to us is to bridge the two worlds. I had a chance to be in an MIT conference before NETmundial. But the security community has concerns about how they have been framed and this is something that we need to discuss with them and here in order to reach a common understanding because the security level is really strong inside our countries and we need to move them to have them in our side as well. So this debate is necessary and these bridges need to be bridged. Thank you.

>> GORDON SMITH: Thank you very much. I will go now to you please, Carolina.

>> CAROLINA ROSSINI: Hello. Yes. So first I am sorry I was a little bit late. We were in the wrong room. There was a guy literally standing in front of the arrow and this was Workshop 7. So we didn't see the arrow. So I brought like 15 people with me that were in the wrong room. But anyway, so my name is Carolina Rossini. I am originally from Brazil living in U.S. for awhile. I am the vice‑president for international policy at public knowledge which is a watchdog for major mergers, Net Neutrality and Internet rights and Human Rights that currently exist for almost 18 years. So I was asked here as my colleagues to speak about revelations. And I think you guys heard and we heard a lot in NETmundial and also in the past in Bali a lot what these revelations meant and how much that affected all of us even at the emotional level.

And I want to talk about how this emotional reaction is impacting how we do policy. It is interesting to understand because it means unveiling. It means surprisingly previously unknown fact that has a deep ‑‑ that has an effect, deep transformation in how we exist in the world as humans. And it is true that a lot of people said we knew about that but all those folks that knew about that that read a lot of science of fiction. They didn't have enough legitimate work on that. There were people that already work on that necessary and proportionate stated in NIF, but I was doing the Intellectual Property part there. That was actually built before the Snowden revelations because they already knew something was coming. Before the revelation in Apocalypse book we have these visions. And this revelations really impacts on us as humans. Because she was personally surveillance. The President of my home country and besides understanding that she was personally surveilled she also saw that besides political and targeted terrorist surveillance there was actually economic and political surveillance. So she really didn't accept that and she went to the UN and made a very strong speech and then cancelled her visit to the U.S. That are extremely strong diplomatic acts when in bilaterals putting the flag up and says U.S., I don't trust you any more or I do not trust you for now until you show me something different. And I really like to think of this as the prisoner's dilemma. Now somebody has advantage bigger than the other and then Brazil has advantage bigger than U.S. To build the trust we need to try to establish back the balancing job and I think the U.S. announcement of the IANA transition using that direction. I was happy to see in the U.S. public knowledge, we gave a testimony in Congress on how that was important and also how was that important to balance the job politics regarding the International Telecommunications Union and so on. I am happy to share some of those materials if you are interested. But exactly because due month was emotionally affected. When you are emotionally affected you make bad decisions. You call your boyfriend when you are drunk at 3 a.m. She took a strong decision ‑‑ you like to be called or you call?

>> GORDON SMITH: We will talk about that later.

>> CAROLINA ROSSINI: She took a bad decision and not inform the decision of changing the view of Marcus to exactly ask for locally placed servers and everyone freaked out. You cannot imagine how ‑‑ it was a Pandemonium when that was announced. If you were in ‑‑ he was telling us the conversation with the communication Minister of Turkish and the first thing he said the guys from Turkish ask what did he ask you. He said the first thing that everyone asks me when I go to their countries is are you going to install servers. Are you going to give us jobs. Are you going to make partnerships with our universities. Server placement was not a first time. It occurs as part of investments of companies in certain states even more in those states and Brazil follows this theory of development. Development ‑‑ I don't know if that's the word in English but it is a development theory behind that and behind policymakers. We need to understand these development to not judge and create more anxiety in the international job politics. So on the trust part and we had a question about that, we have different actors coming from different context who have different responsibilities and it is very important to understand and not judge and not act from a country without understanding where they are coming from. That's why I also wanted to bring the Turkish ask for Vincent Cerf.

So let's move to some of the solutions of it. Technology can empower arriving on some of this balance. And when I say that I am asking all of us to really make a binding commitment to transparency and accountability and documentation of what happens. Brazil and other countries, U.S. including we are founders of the open Government partnership. There are a series of commitments there and a series of implementation there. And one thing we should use coming from Civil Society how we can use those commitments on the surveillance. Talking about all their commitments in transparency. So I went with that document to SGR and look at your commitments with transparency. This is really congruent what you are acting and promising on the other side. Pay attention to different verticals as they call them because they can inform each other. In Brazil ‑‑ so in Brazil one ‑‑ another consequence of all of this is that now we should not just be thinking about the Marcus view. And if you want I have the English version of the Marcus view. I translate and folks distributed after the NETmundial and we need to regulate that yet.

There are three pieces that will come as translation. One is Net Neutrality and this is the IGF of Net Neutrality and you guys have probably heard about it. Personal data protection and copyright reform which actually is going on for nine years. In data protection maybe that's where we can find some balance, that mesh balance that I was talking about. Ways to find that balance is countries should negotiate what are the limits. If we recognize what Human Rights are universal ‑‑ and who arrive at that agreement in a way that's also informed by society. Brazil just passed two or three weeks ‑‑ no, a little bit more, a month ago a law that's called Public Participation Law. So now citizens are empowered and there are technological based channels and platforms for citizens to participate directly in law making in Brazil. That's one way to do it. And because, of course, I just don't want two countries negotiating who can surveil me and how. I want to have some input on that. And the other thing is things like informed consent. How can we design a system of informed consent also informed by all stakeholders that actually can help rebuild the distrust. So these are some alternatives that we are actually also looking in to. And Brazil as a lot of you guys are looking, in your countries, U.S. is looking for health and consumer data and that's my roadmap on how I see those things.

>> GORDON SMITH: Thank you very much. I thought all the comments have been useful and in the same direction. I am glad Carolina, you also push the discussion to looking forward and what kinds of things could be done. I'd like now to engage those of you in the room who want to speak and also to know whether there are out there in the cyberspace that want to connect with us. We do have a microphone. And I'd ask any of you to speak. I would be particularly interested if in this crowd, it wouldn't be an easy thing to do, if there are any contrarians that would argue that people shouldn't be surprised or that the impact is being exaggerated. It would be great to have a discussion. Probably most of you have chosen to come to this panel because you are basically of the same view to my people to the left and right. Anybody directly back there who wants to comment? You got someone?

>> REMOTE MODERATOR: Yes, hello. Yes, I have two questions from remote participants for the panelists. So the first one, do any panelists think national laws can or should discriminate by nationality and the protection of right to privacy? And the second question in what ‑‑ in what moment do you consider a difference between individual online protection and individual online surveillance?

>> GORDON SMITH: One question at a time. The first question is there anybody who wants to argue ‑‑

>> CAROLINA ROSSINI: I can.

>> GORDON SMITH: Okay. Go ahead.

>> CAROLINA ROSSINI: But I think there should be no differentiation. Human Rights is universal and if we differentiate besides not enforcing human rights even locally and citizens that are within a jurisdiction they are protected by that jurisdiction. I almost cried the first time that the big club board met in the U.S. What is the acronym? Privacy and Liberty State Oversight Board in U.S. supposedly is like the Ombudsman, accountability mechanism for surveillance. They don't know a lot. It was a whole day conference and not once they mention foreigners. Not even those foreigners that live in the U.S. It was completely absurd. And then I ask the judge, a lady that's a judge there saying can you please address the foreigners and she said no, I can't talk about that. One person from Civil Society brought it up but the answer is they should not. Their rights are the same if they are in the country. They should be protected by the same laws and Human Rights are universal.

>> GORDON SMITH: (Off microphone).

>> REMOTE MODERATOR: Sure. You want the second question? So in what moment do we consider a difference between individual online protection and individual online surveillance?

>> GORDON SMITH: That's interesting, almost philosophical level. You want to have a crack at that?

>> MOEZ CHAKCHOUK: In Tunisia, and I have a lot of secret borders, a lot of terrorism, in this field these arguments are put on the ground and this is kind of things that we want ‑‑ we can never guarantee the safety of people by just surveilling the Internet. And this is very, very obvious, but unfortunately people use these arguments every time and especially the Government, especially the venders and also the equipment that if you want to guarantee the safety of your people you need to surveil the cyberspace and this is something we need to prepare.

>> GORDON SMITH: I want to take you up, Chris, that you would play the contrarian role.

>> CHRIS RILEY: I have had some conversations with this set of issues. And one of the messages that I have heard from that is that although trust has been harmed at the end of the day it is not going to matter all that much because when we talk about why trust matters we talk about it in terms of Europeans building a cloud, localization laws being proposed and in some cases adopted. And people not trusting American technology products because they are too worried about how the government can get data out of them or put back doors in to them. For my part I think these are valid but to play devil's advocate I have heard from others who believe this just isn't going to matter because it is a tradeoff, right? If people like American products and services enough, they will at some point in time get over the trust problem and it won't have made any difference. And we have seen a lot of these localization laws made and shot down. I don't know ‑‑ sorry, what? The law was passed but corrected. They removed the localization from it.

>> CAROLINA ROSSINI: Not because I thought that is the trust. They just understood it would not work to avoid surveillance.

>> CHRIS RILEY: Yeah, it is consistent but it is totally fine. So I think basically the open question is basically yes, there has been harm to trust. Does it matter? And I'm a little worried that these people might be right and it might not matter and as a result we might not get systemic improvements to surveillance practices.

>> MOEZ CHAKCHOUK: I have some remarks. After the Snowden revelations we try to look at statistics of famous DNS of Google and they increased a lot after Snowden revelation. People don't care in my country on the issues. But at the same time what is important to build the trust today it is not just trust between maybe Tunisia and a country versus another. It is a trust between people and the Government inside because we are in the same position. We are a Developing Country and the Developing Country needs to build trust between different stakeholders in order to build a new and better Internet. And this is the most important issue for us is how to build a society. That society could be much more effective in the country and then could trust the government and the government give the opportunity to the society to make the Internet better. I can raise open WiFi like an initiative. Why in Developing Countries Government always raise the issue of security to not allow opportunities to build Networks. They don't trust the society. Why they asking the society and community to trust them some day?

>> GORDON SMITH: The context you made clear right through the comments is understanding the context is really important and your country is in a different place in terms of development than the others. It is important to understand that. Yes, the lady here in the scarf.

>> AUDIENCE: My name is Ninda. I come from the Internet. I would like to speak those of us who have connections, Internet connection who are here in IGF. When we talk about post Snowden revelations, I had Tweeted that maybe we need a priest here. People talking revelation, vision, prophecy and all those things. Now having said that we are talking about the other 60% of the population that are not online. What we risk is that many people in Africa when they heard about Snowden, when they heard about America, and they heard about what is happening in their own country they are now like um, maybe we should just forget the whole of the Internet thing. So our risk is that those who are not yet online may actually lose trust in the Internet itself.

And what does it mean? It means that all the talk we are doing, all the investment we want to make in to bringing the next five billion people online may actually be a waste. That is the threat.

>> GORDON SMITH: This is really interesting and (Off microphone).

>> AUDIENCE: Can someone come and take the mic from me?

>> GORDON SMITH: (Off microphone). Somebody in the back left as I am looking at the room that wanted to speak and Samantha will get the microphone to them. Just as the last intervenor did and tell us who you are and pose your question or make your comment. Thank you.

>> AUDIENCE: Okay. My name is Theresia from Nigeria. Talking about the emotional impact of the Snowden revelation I want to give a personal experience. When I heard the first time my reaction was what. You mean everything about me has been observed by somebody. And that created fear in me. I am now afraid. I am careful what I write on the Internet. I am careful what I write through the cell phone. And I think that is affecting my Freedom of Expression, my innovation, because if I feel I'm not safe to communicate certain things, then I feel my freedom has been threatened. And that, of course, is bringing the question of trust. I'm afraid I don't trust the Internet and how do I even contribute to development of my community or my society and even the global ‑‑ the globe generally when it comes to use of the Internet. Thank you.

>> GORDON SMITH: Thank you. Those are important observations. I have got a gentleman here in the white shirt about halfway back.

>> AUDIENCE: It is a question for Chris. It is Pat Walsh of the GSMA. It is great to see you as launching Firefox OS in five countries. So I have a question in today's mobile devices and ecosystems underpinning are architected for the selection of data by default. Some of your key target markets are in the developing world where rules are not clearly defined in relation to various rights. How is Mozilla approaching this?

>> CHRIS RILEY: That is a very good question, and my answer is probably going to mostly be a deflection because we view our role as manufacturing the operating system, not as building the phones, not as offering the service plans. We offer the operating system to carry our partners to sell the phones through the carrier. So I mean I think this is something that's on a radar screen, but it is something where we by virtue of only really manufacturing the operating system for the phone rely primarily on the open source nature of that phone and on the ultimate right that users of the phone have to look at the code themselves and to understand what goes in to it at a level that's greater than other devices. So that's not a complete answer. But it is about as complete of one that I can give from Mozilla's point of view.

>> GORDON SMITH: Did I see ‑‑ no, no. Other comments out there? Yes, please in the middle there.

>> AUDIENCE: Thank you. Hello. Sophie for the Council of Europe.

>> GORDON SMITH: Try to speak in to the microphone a bit more.

>> AUDIENCE: Yes. Can you hear me? Yes. So first coming back on this whether it is a revelation or not, how we consider reacting to this news, in Europe at least in 2000, 2001 the European Parliament had a report on the system called ISNAL at the time. It was known. There were some investigation carried out by European MPs at the time except then there was September 11 and the whole dynamic completely changed. That has to be underlined I think. Then I have another question for Brazilian speakers on the panel. Your President had a strong restriction. Why don't you have a data protection law adopted yet?

>> CAROLINA ROSSINI: Does anybody want to comment first on something? Okay. Sorry. So for Nan and our colleague Nigeria you said? I do think and I would hope that you also count on your local communities when computers and laptops and One Laptop Per Child and tablets and whatever arrives in those countries as we are worried in Brazil you develop some type of training because computers are not enough. You have to really do some peer training, to ‑‑ so people are conscious on what it means getting on the Internet and what you can do besides Facebook. So in Africa, for example, there is a huge, huge, huge, huge all over Africa, even projects got a bunch of prizes already projects on open educational resources. Those projects they teach students and teachers and the community on how to develop and engage with educational resources through technology. And by solely defining this feeling that you can be an author. You are making people responsible for how they engage in the Internet. If you are interested on that, there is a bunch of things on collaboration between Brazil and Africa on that specific thing actually.

On the data stuff, so Marcus was not easy. As I said the copyright reform is ongoing for nine years and the data protection bill is being developed for at least three or four years and Marcus view, I have to just say just passed the way it passed because of the Snowden revelations. We have been advocating for it forever. Now that the Marcus bill has passed they are going to have to follow that principle to implement. There was a consolidated version of the data protection before Marcus view, the current version is not public yet. It seems it is going to be public around November. So we hope that by then after the elections, remember that we always have elections in October so everything can move in January. Can change. But what I have been hearing is that in November we are going to have a new and they are going ‑‑ really looking in to good models of informed consent for consumer data protection. And another thing that happened is that before the Snowden revelations data protection in Brazil was about companies and now the bill has two topics. Actually data protection citizens in regard to Government and citizens in regard to companies. It is a much broader view and I am happy they took time on that to really understand and what could be the design there.

>> GORDON SMITH: Thank you very much. Maria.

>> MARILLA MACIEL: Civil Rights framework was changed and privacy was re‑enforced. So the contract with a platform will be void if there is no consent for the use of data for other things. Brazilian privacy rules would apply if one of the terminals are localized in Brazil and there are other provisions in the civil rights framework that was re‑enforced. And we have another privacy and data protection view that should be sent to Congress next year. It is a good bill. I think that it drives a lot from European law. We have provision of data protection authority which we see with good eyes, but it will be a battle in Congress to approve that. And we count on the help and assistance and expertise of those who are more knowledgeable on the field of that.

I want to make a quick comment between privacy and Freedom of Expression and I think it is a very important one. I think that the Snowden revelations kind of revealed how it is important this connection to discuss both things together, because as she said if we have expectation nor privacy, if we begin choosing the words then the quality of the public debate will certainly decrease. This is dangerous not only in terms of expecting Human Rights but sustainable democracy. If the cost of this becomes too high, then less and less people will be willing to engage in public debate because they know that all the past issues in their lives are going to be sought and made public. So the cost will be too high. We will have less and less people involved in politics and the quality of debate will decrease and also important for democracy.

Just to come back to a question from the remote participant regarding individual online protection and surveillance, what underlines this is to find the right balance between both. Here in the IGF and in many places that we have been to we try to find the balance between security and privacy or freedom and security as if they were like two curbs of offer and demand that we are trying to cross them and find the balance. And this is a real change on the way that we have understood the relation between freedom and security for many, many years in our tradition as Democratic countries. No freedom should extend until where security is located. Security is not trying to find the balance. Security should be in the fringe that is the very limit. When we talk about balance, we already lost a lot in terms of freedom and of liberty. And we need to bear that in mind how we frame the debate is also very important.

>> GORDON SMITH: Thank you very much. Moez, I am going to you and I have got you in my sights as well and one more. Carl. So Moez, over to you.

>> MOEZ CHAKCHOUK: Just want to comment about the importance of the law and the privacy law. And in Tunisia we have a privacy law since 2004 before the WSIS in order to show the country respect the human rights and so on. In the implementation view it is completely different. We know that we need people to understand what is the meaning of this privacy and how they could protect themselves any way in this cyberspace. There is a lot of capacity building required in a country. And I raised it before that it is important to build society and big communities and these communities can be much more effective in the country.

>> GORDON SMITH: Thanks. Now we will move to (Off microphone).

>> AUDIENCE: Sorry. One question, is there any way to overcome the security versus privacy illusion?

>> GORDON SMITH: I am going to put that question up there and (Off microphone) ‑‑ that will produce some reaction that I am glad the question is posed to clearly. Carl, you are next. Maybe you will comment on that.

>> CARL FREDIRK WETTERMARK: I will try to comment on many of the issues raised. There was an early question about whether nationality should be an issue when it comes to Human Rights. I mentioned that early and that's not the case for our legislation. Do you treat everyone equally. So that is for us a key point in these types of legislation. I also wanted to pick up on the comment made about the dangerous path of putting, using the balancing rhetoric or from our view the security, states do have legitimate security concerns and we do recognize the right for countries including our own to have intelligence agencies and intelligence collection to define the threats than is a fact and will remain so. But that activity must be taking place within the Human Rights framework. That is a very clear ‑‑ there is no balancing of rights versus nonrights.

I wanted to pick up on the last comment. It is clear that countries that have moved on these issues and have given thought to these issues are due ‑‑ do need to obviously take a lead as much as possible. Because we are seeing a situation where many Developing Countries are in a very informative stage of fast development. And the institutions put in now will probably remain for a considerable amount of time and the discussions, for instance, on the ‑‑ on certain Conventions, regional Convention, African Union Convention and these issues are very, very important to look at and follow closely. Because if the Human Rights aspects are not treated right from the beginning it is very hard to change afterwards.

And just briefly also touching on Chris' comments earlier, as long as people like American products. I will take a more positive note than that, and this Snowden revelation, massive way of privacy regulations and thought. And I recognize from going from the very technical level at the IETF to a high policy level internationally and through several national initiatives, for instance, Sweden has a national parliamentary Committee for personal integrity that is reporting in 2016 these issues have been put on the table. And also note that as the leader from Nigeria mentioned I think the overarcing what we really have as a consequence here is a more public awareness of the fact that the Internet per se is not very secure. I mean there was possibly especially among new users an illusion that their data could not be listened to and cannot be read by anyone else, but I think this really shows how the chain from devices to cloud storage, mentioning the much publicized iCloud leak happening a few days ago really shows how much that notion has to change and how much technology needs to adapt to this new landscape. Thank you.

>> GORDON SMITH: Thank you very much, Carl.

>> AUDIENCE: It is a great panel. Thank you very much for the great conversations. I am representing IRP Coalition. I would like to I guess kind of introduce the idea and it is not my idea, that privacy is not a zero sum model. And Helen Istanbom did great work on privacy and context. So our expectations, we have different privacy expectations in different context. We expect our data to flow in a certain way when we are on Facebook as opposed to ‑‑ as opposed to our health care provider, for example. We expect the doctors to share certain kind of information that we wouldn't expect in Facebook. So it is with that expected data flow is rerouted when these privacy issues surface. With the Snowden revelation is exactly what happened. We weren't expecting the data flow to be that way. And that was kind of exposed. So I mean I don't know how this would add or, you know, add to your conversations here but I just wanted to kind of insert that.

>> GORDON SMITH: Well, thank you very much. I appreciate that. Unfortunately our hour is up. I don't know how we only ended up with an hour and others got an hour and a half, but we will take that up with the management later on. We have had a terrific panel and I certainly learned a lot. I think we all kind of see the world in more or less the same way. It would be interesting to have because I do agree with the comment that there is no question of balancing rights. It is a right or it isn't a right. The way that Carl put that would be something that I would share. In any event thank you all very much for coming. And I'd ask you to express your appreciation to those who have done all the work to my left and right.

(Applause.)

(Session concluded at 1530

***