This is now a legacy site and could be not up to date. Please move to the new IGF Website at https://www.intgovforum.org

You are here

IGF 2016 - Day 1 - Room 9 - OF13: Internet and Jurisdiction

 

The following are the outputs of the real-time captioning taken during the Eleventh Annual Meeting of the Internet Governance Forum (IGF) in Jalisco, Mexico, from 5 to 9 December 2016. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

>> PAUL FEHLINGER:  Good morning, everybody, in what is the only room at this year's IGF I was told that has natural daylight.  So it's great to see all of you here on the first day of the IGF.  And this is actually the first Open Forum of the Global Multi‑stakeholder Policy Network internet and jurisdiction we have organized.  Since internet and jurisdiction exists in 2012, every year a session at the IGF to report on progress and reach out to all of the participants who are here, and this year it's the first official Open Forum for those who don't know yet what internet and jurisdiction is to tell you more about the activities and to report especially on the Global Internet and Jurisdiction Conference which took place two weeks ago November 14‑16 in Paris, France.

To start, so internet and jurisdiction facilitates since 2012 the global policy process that engages the different stakeholders, academia and international organisations in order to address the tensions related to the cross‑border nature of the Internet and national jurisdiction.  And internet and jurisdiction has engaged more than 100 key entities from around the world since 2012, and in doing so, it also bridges not only the stakeholder groups, legal rights, digital economy, legal cooperation, cybersecurity and our work is structured around thematic meetings, regional meetings and global meetings as the Conference that took place two weeks ago.

And this mutual dialogue process that internet and jurisdiction is facilitating is supported by the ING Observatory which is a group of leading experts from 17 countries and more than 20 top universities around the world that help us to facilitate the process.  And our work is structured around three programs, and we will in detail present the global internet and jurisdiction where those three programs were reflected in the data and jurisdiction, content and jurisdiction, and domains and jurisdiction.  It deals with the overarching question of how can the transnational law address abuses. 

Continent jurisdiction deals with the overarching question how can the global viability of content be handled given the diversity of local laws and norms, and domains and jurisdiction which is dealing with the question of how can the neutrality of the Internet's technical layer be preserved when national jurisdiction is applied to the Domain Name System.  So without further ado, we will start the presentation of the Global Internet and Jurisdiction Conference.

>> BERTRAN DE LA CHAPELLE:  Thank you, Paul.  Thanks to all of you for being here early this morning on the first day of the IGF.  It's great to see familiar faces and also faces that we don't know which is an important part of this IGF.  My name is Bertrand de la Chapelle, and I'm the Executive Director.  Let me display the slides.  What I will do is a rapid summary of the discussions that took place in Paris two weeks ago.  Some of you were there, and we want to report briefly on what was the outcome and have a few of the people who were there also present their take away and what they felt the Conference achieved. 

Can we have the slides?  I'll just anticipate on the first slide because it's fundamentally to explain that there were about 200 different participants, senior level from the different stakeholder groups that Paul has mentioned.

The stakeholder groups are basically states, major Internet companies, technical operators, international organisations, Civil Society and academia, and the participants in the Conference came from over 40 countries.  What is important is that they belong also to different policy spaces, as Paul mentioned, and one of the objectives is to avoid the discussions that take place too much in two silos and for those of you in large companies or even in governments you know that even the silos exist inside your own organisations between the different industries and the different sectors.

The important element is that I think one of the main messages that was put forward is that it puts the question of jurisdiction on the Internet squarely and really firmly on the Internet Governance agenda.  And as a matter of fact, it was a follow‑up and a continuation of what the NETmundial declaration highlight in 2014 regarding need to address the question of jurisdiction.  And one of the big objectives is to make people be aware of the importance of this topic, which is basically how do national laws apply on a network that is fundamentally cross‑border, which raises a certain number of questions.

We have tried to ‑‑ I'm sure it will come now.  We have tried to gather in Paris a combination of actors who come from those different stakeholder groups, and we, I think, have managed to reach a certain balance in the participation as you will see from the screen and the pie chart.  What is important, I think, and people who were there will be able to confirm that it was the case, there was a very strong message.  And the very strong message is about the importance of the topic and the urgency.

So these are the pictures from the Conference.  So that was the first time there was a meeting dedicated specifically to this question of jurisdiction.  A few of the participants you can see on the pie chart here the distribution between Government, companies, technical operators, Civil Society, academia and international organisations.  It's never perfect, but it's an effort to really have a representation.

The structure was two days over three days.  The afternoon on day one and the morning on day three were so‑called stakeholder plenary.  There were no panels in order to facilitate the interaction between different actors.  The first was taking stock of the situation and what is the stake of the jurisdictional challenges on the Internet, and the last day, of course, was about moving forward and reporting on the discussions.

The second day was structured around the three parallel work streams that Paul has already mentioned.  Content and jurisdiction and domains and jurisdiction with one plenary session in the middle on the theme the future of territoriality.  Territoriality is the key criteria for determining jurisdiction and in many cases it raises a large number of questions because there are many groups for a certain jurisdiction on the basis of territoriality, which leads to conflict of laws or the  multiplicity of applicable laws.

The strong message was about the urgency to address this issue.  That includes the importance of this challenge, the fact that it reaches, touches upon several policy dimensions.  An important factor is the dimensions.  The fact that the different stakeholders cannot solve this on their own and if there is uncoordinated actions or inaction, there will be very high costs in Human Rights protection, in the growth of the digital economy, and even in security.

And the consequence or the natural logical consequence of this is that there is a need for cooperation and a need in particular for spaces for the different actors to be around the same table.  The message was clearly issued by some of the opening speakers of the Conference.  I cannot unfortunately quote everybody here, but there are two quotes from Carl Bildt the former Swedish Prime Minister regarding the challenge that this topic represents for the future of the digital age in general, and also from the Deputy Director General, Secretary General of the OECD regarding the need for transnational cooperation, and what we have labeled procedural interoperability.

We have a large number of actors who are developing their own norms, and one of the key challenges is to develop the equivalent of technical interoperability among the legal systems.  So without repeating, these are the three questions that were addressed in each of the work streams.  It was a smaller group, it allowed people to work together during the full day, and the methodology that was followed during this second day is as follows.

One of the most important things in those topics is to have a common framing.  If people don't agree on what is the problem and how to frame it in a way that is their common problem and not the problem that they have with each other because you know that it's very easy to basically say I have a problem with you, you are not doing what you need to do, be it a government talking to a company, company talking to Government, or society talking to both of them.  The first step is to turn this into common formulation.  Once you have this, it's important to know who is already working on this.

So identifying and mapping the existing approaches and what people are actually already doing is the second step.  Then you get an examination of what are the operational challenges that we are all facing when we try to do those approaches?  And this leads to identifying, and that was the structure of the day, a certain number of areas for cooperation.  So I will quickly go through those four elements to report on what was discussed.

So the first thing is on the common framing, on that jurisdiction the key issue is what are the procedural rules to have frameworks regarding cross‑border access to user data when you do criminal investigations?  The mutual legal assistance treaty system has limits.  It's not completely obsolete, but it has limits, and there are efforts to change this, and to provide new mechanisms for content and jurisdiction there is an increasing number of cross‑border requests that are being sent to private companies by public authorities or other actors to request the removal and the non‑accessibility to certain types of content because they are deemed illegal.

The problem being that what is legal in one country may be illegal in another.  And in the case of domain names, people in this room are familiar with this space which is usually less covered know that the registries and registrars receive increasing requests as well to take down a domain because the content or the activity on the site is supposed to be illegal in one or several countries.

The problem being that if you remove a domain name or suspend a domain name, it has a global impact and it is probably disproportionate as a solution if the legality of the behavior is only appropriate in one country.  So we provided as Secretariat an input paper with an effort at common framing of those issues, and this led to a second segment, second session that allowed for a certain number of actors to present what they are doing.  I will not mention them all.  We can read it while I'm speaking.

One of the objectives is that people are not necessarily sufficiently aware of what is going on in other spaces that they don't belong to and don't participate.  There is work going on in initiatives, for instance, on data among Civil Society, academia and companies in the U.S.  There are initiatives led by the Department of Justice in the U.S. regarding the potential bilateral agreement between the U.S. and the U.K.

But there is also work done by the Council of Europe in the context of the cybercrime Convention.  There is work done by the European Commission as well, and what we discovered in the preparatory work for this Conference is that actually people were not necessarily fully aware of what was happening in the other spaces.  And in order to have policy, it is important to allow those actors to just hear about what is being done and what can be organized in coordination and cooperation.  Content and jurisdiction is the same there is European unit, Council of Europe, UNESCO, but there are also society issues like Ranking Digital Rights, global network initiative.

And in the case of domains, there is a tension of sorts around the question of whether this should be handled by, within the context of ICANN, which means that it's potential expansion of mandate of ICANN but there is also an initiative within the domain name association called the healthy domain initiative.  So there was a second session entirely dedicated to explaining what people are doing so that there is a common awareness.

Then there was a longer section dedicated to what are the operational challenges?  Here again I will not detail them, but what is at stake is that there are a large number of what we label manageable chunks.  When you have a very big issue, the only way to address it is actually to structure the discussion around a certain number of smaller issues that are sometimes independent, sometimes connected and that can go to issues such as how do you identify who is actually sending the requests?  The question of authentication of a requester.

What are the formats for the submission of those transborder requests because in many cases they are just provided under all shapes and forms without any agreement on what a good request should contain, which means that usually there is a back and forth to get additional information.  This loses time and there is not enough procedural guarantees on how this should work.

So you can see here a certain number of the questions that were addressed in each of the work streams.  Without belaboring on it, the purpose was not to get an agreement on each of them because a certain number of them are relatively complex.  For instance, the question of what are the criteria that determine jurisdiction when you have a cross‑border request for access to user data is a very difficult and sensitive one. 

But there was an interesting series of discussions in that regard, and in the case of domains and jurisdictions, to pick another example, there is a growing role of what is called notifiers or trust in notifiers and what are the transparency mechanisms regarding how the notifiers should work, which leads to the next question which was to try to identify at the end of the second day a certain number of concrete operational cooperation agreements that the actors were agreeing should be brought forward or allow them to work together.

And we did in each of the work streams, we asked people to fill after the discussion a survey on what were the topics that they felt were most important for a corporation.  And the outcome, I will give a slightly more detailed account immediately afterward, but the main message is that there were four elements that were across work streams considered as being something that people need to work together on.

One seems very strange, but it is to develop shared vernacular.  Vernacular is a sophisticated word.  It is basically what is the terminology that people use?  How can we make sure that when we talk with one another, we understand the same thing behind the same words?  Because in some cases we are in discussions that people use a word and when you dig deeper you understand that they don't understand at all the same thing.  So working on the same vernacular is important.

The second thing is the importance of places and spaces where people can actually talk together.  And in this regard, I think there was a widespread recognition that internet and jurisdiction as a policy network is a space and it is important to allow those activities to continue.

Finally there were two other topics, one is transparency, and you know that there is a growing trend towards transparency reporting done by companies on the number of requests that they are receiving be it for access of user data or content technology.  What was striking was there was a clear message, I think, regarding the need to have a better or a more harmonized structure for those transparency reports so that they can be better comparison between the different elements and the different information that were provided by that.

And another message in this notion of transparency is that so far the information is mostly provided by the companies who receive the requests and that there would be a real interest, however, complex this is, to have Governments themselves providing an equivalent amount of information on the request that they are sending.  And the final element is there are many practices that have been implemented by the company when they handle those requests on the basis of their terms of service or on the basis of ‑‑ there are a certain number of practices that have been developed by the countries themselves and how they shape the request that they are sending. 

And there is a clear desire that was expressed across the work streams to have a better documentation and formalization of those practices to develop policy standards and best practices that people can replicate.  In particular because at the moment, most of those practices have been developed by large companies or large countries, and there is an issue of scalability, how to empower the smaller companies or the smaller countries to adopt the best practices that they don't necessarily have the financial resources to develop themselves.

So those four elements were across all work streams and the more detailed outcome of the survey highlighted the few specific issues in each of the three work streams.  And so, for instance, in data and jurisdiction, there was almost a surprising intense discussion on the question of notification of the users.  Once again, there was no agreement on how this should be done.  It was mostly an element or a way to highlight that this is an important element of due process across borders and that there needs to be a better understanding of how and when should the user notify or not of the request or access to user data that's being done on their account.

The other element in data and jurisdiction was as I said before the question of criteria for jurisdiction, and in particular, whether beyond the criteria that are used today regarding the location of the company or the location of the server and people who follow the Microsoft case know how important at the moment this discussion is.  There was a discussion on whether there should be other criteria related to where the crime was committed, for instance, or the nationality or the location of the user whose data is being requested.

So that's for data and jurisdiction.  On content and jurisdiction, there were two elements that were added to the four areas for cooperation I mentioned earlier.  One was to engage the judiciary in the discussions of internet and jurisdiction and in those discussions in general because at the moment these are actors that are completely outside of most of the discussions and they are very important players.

And the other element was how to handle redress, remediation, and potential alternative dispute resolution.  And finally on domains and jurisdiction, domain specific message was to pay a lot of attention to how those notifiers and trust in notifiers are involved in the process.  Notifiers are basically actors who screen activity and report to the registries and registrars about the alleged legality of a behavior or a content on a website and ask for the domain to be taken down.

It can be on illegal pharmacies, it can be on fishing, farming, bot net activities.  It can be on copyright infringement or child abuse images and so on.  Those notifiers are considerably developed in the last few years and there is a whole question of how are they accredited?  How under they recognized?  So without going into more detail, this provided a sort of roadmap for further activity and further work, and as far as Internet and jurisdiction as a policy network is concerned, this work in the coming months and years is going to be structured around the three pillars basically.  One is to continue to connect the different actors, facilitate collaboration to promote the notion of policy coherence, to avoid decisions that are taken in an incohesive manner make actually the problem harder to solve.  And this meeting at the IGF is an example of the desire to do an outreach and we can outreach to actors not involved in the project so far in other regions, in other groups and the different conferences that we participate in is an opportunity for presenting the work and engaging new actors.

The second element as Paul mentioned regarding the observatory is that there is no good policy without sufficient facts, although I know that it is an element that is not so frequent in the international space at the moment, and in this regard, monitoring and documenting jurisdictional trends as we do in the retrospect database is an important element.  And there are now more than a thousand cases of jurisdictional attention that have been documented since 2012. 

And 2017 will be, we will see a strong emphasis on the production and commissioning of research papers or ING papers on specific issues with the help and partnership with the members of the ING.  And last but not least all of this is not just about talking and the goal is to facilitate and catalyze as much as possible convergence of views and the development of policy standards and common agreements, mutual information and commitment if you want between the different actors.  So if they can agree if actor A is doing this, then actor B will agree to do that, and actor C will be able to monitor.

There is a need for coordination and for discussion for the distribution of responsibility which is one of the most difficult things to achieve.  So connecting, informing and advancing of facilitating and catalyzing cooperation is the way we are going to structure the work in the coming year.  I would be remiss not to give a nod to the different actors who have facilitated while contributing to the funding pool of the internet and jurisdiction process since 2012, made this possible.  And you can see here the diversified group of actors from companies, technical operators, Governments that helped fund the internet and jurisdiction process and you can understand that in the coming months and years ‑‑ growing the resources of this activity will be absolutely meaningful if we want to achieve the goals we are all aiming for.

So with that, I will just thank you and encourage you to maybe give us for those of you who are not following our activities already or regularly, give us your cards when you get out so that you can receive the retrospect newsletter and we are extremely happy to have this great attendance.  The balance is that some of you have to stand, but there is still light, so it's compensation.  And with that, I will give the floor back to Paul and also to a few of our former participants in the Conference share some of their take-aways.  Thank you.

>> PAUL FEHLINGER : Thank you very much.  Just to finish on the presentation of the Conference itself.  We released the Secretariat summary that you can find on internet and jurisdiction.net on the website and on the Conference website so everybody can go on the website.  We now want to take the opportunity of hearing from the people who were at the Conference what their main take away was because it's very important the messages and discussions and the notion of the areas of cooperation how we can advance the work together to address those issues that those messages are heard at the IGF.

And here in the room there are a number of members of the Advisory Group of the Global Internet and Jurisdiction Conference, and I would like to start giving them the floor so that they can tell us what their personal take‑aways were from the Conference.  And then I would like to encourage afterward people who were at the Conference to share their take‑aways with the wider IGF community.  I would like to apply a methodology that we applied in the stakeholder sessions at the IGF.  We were limiting at the Global Internet and Jurisdiction Conference, we were limiting all interventions to three minutes, so please stick to the time limits so that we have as many comments as possible.  So I hope I don't oversee anybody.  So I will start on my left side with members of the advisory committee of the Conference.  I would like to give the floor to Patrick Penninkcx from the Council of Europe.

>> PATRICK PENNINCKX:  The council of Europe did not financially sponsor the internet and jurisdiction.  We nevertheless are extremely supportive of the issue.  We were not at the Conference ourselves, one of our colleagues was there and he is extremely disappointed that he cannot ‑‑ (Audio technical difficulties).

There are high level of exchanges amongst stakeholders and that is extremely important because what you mentioned about the silos, that is exactly what we find that as we work across the silos and that is something very important even for intergovernmental organisations.  We try to do that in our different fields all of the time and we can say something more about what we do with business, for example.  We have started a partnership with these companies in order to reflect the items global multi‑stakeholder approach is crucial and that is nurtured and built upon and that is extremely important.  We also have quite a bit of newcomers.  What is important there, what you mentioned is a clear case of terminology is extremely important.  (Audio technical difficulties).

There I think we have a strong position on that.  And it sometimes needs to go the flow.  It is even more important (inaudible) increasing transparency just to mention our latest because transparency does not only concern companies.  It also concerns Governments.  And our latest recommendation on Internet freedom specifically specifies that and asks Governments to report on their policies.  It's just as important as (inaudible).  So best practices obviously (inaudible) go into any of the details you would like us to share.

>> PAUL FEHLINGER:  We forgot to mention one important aspect of the Conference is that it had institution of six organisations which was OECD, European Commission, Council of Europe, Slovak Presidency of the Council of European Union and ICANN.  I would like to give the floor now to maybe Fiona Alexander because the Budapest Convention Conference which was very unfortunate as was at IGF that was taking place at the same time.  I would like to give the floor to Michelle who is here from Microsoft.

>> (Audio technical difficulties).  We decided to take all of the copyright and IP related issues out of the scope for the purpose of the discussion because even though they represent the highest number, the highest volume, they don't actually get to some of the more thorny problems related to terrorist content, hate speech, et cetera.  Just to point out that for Microsoft, we operate at 123 countries.  We have well over 100 data centres, we have over one billion customers.  There is due process attached to it for any issues relating to takedowns, whether it's data access requests, cross‑border, cross jurisdictional access report, content take counsels or domain take downs there needs to be a process.  One of the things that came up in the content was the vernacular, whether we could create a common vocabulary and even though that wouldn't be necessarily universally agreed all the way.  It was agreed at the Conference that it would be better to take the effort to try to create one for the purposes of being precise in our own deliberations and discussions.  I think that was universally felt.

There is also a proposal to develop or work on the idea of process standards or behavioral standards.  One example analogous to this is what's been done in the international standards organisation, ISO to create Cloud privacy related standards which essentially are behavioral standards that Governments have basically bought into related to how data is managed within the Cloud ecosystem.  Something similar could be done in the Internet and jurisdiction universe in terms of creating a set of process standards that start from the point at which a request for data access or content takedown or domain takedown originates through to the end conclusion without necessarily in the definition of this kind of activity making the determination exactly who has specific jurisdiction, but the process of doing this work would actually lead to discussions in terms of how you could resolve those thorny issues across the landscape.

I think overall my own personal observation about the Conference was that it was a very lively and frank exchange of views that was moving towards execution rather than further talking and I will stop talking.

>> PAUL FEHLINGER:  Thank you very much.  So if I tip on the next side and the next member was Matt Perrault who was on the Advisory Group for Facebook.

>> MATT PERRAULT:  Thanks, Paul, you say my last name better than I do.  I thought I would use my three minutes to speak on the nature of urgency in these conversations.  As I was thinking about the nature of urgency, there are two sides to it.  The first is what we currently face now that is putting pressure on our companies, on our Civil Society organisations on consumers.  One of the things we have studied is the rise in blocking globally.  So we have increasingly seen blocks of Internet websites, so not just Facebook, just WhatsApp, blocks of the Internet entirely, blocks of certain classes of services such as VOIP services throughout countries in the Middle East. 

We worked closely with Brookings on the quantitative impact after blocking and found that there were more than 80 blocks in a one year period between 2015 and 2016 and the blocks had an aggregate cost of $2.4 billion.

The source of many of those blocks are the types of issues that the internet and jurisdiction project are working on, content issues, data issues, so it's important that we resolve those so that we can minimize the impact that they have.  I think the other side of the coin, the other side of the urgency coin is opportunities that we missed. 

So when I look back on the last six months, I am thinking a lot right now given the changing political landscape on things we might have done that we didn't do.  And one of the things that come to mind is the US/UK proposal that Bertrand alluded to in his remarks which was not a perfect proposal.  There are lots of different ways it could be strengthened, but in my time at Facebook I have not seen a proposal from a Government that tried as aggressively as I think this one did to reconcile the competing objectives between law enforcement organisations seeking to get access to cases that were from their point of view legitimate in investigating crimes, and on the other hand trying to introduce Human Rights standards that would govern when companies might be able to respond to those requests.

Again, it might be the case that that was not a perfect proposal, but it was, I think, a rare one and as we look forward in the changing political landscape we might look back at the moment and say we should have taken advantage of the opportunity while we had it.  So how do we move forward in light of this urgency?  And I think that there are a few different components, but the main thing that I am focused on, I think, is thinking of ways we can be more collaborative.  I'm not pointing a finger at all.  I think this is something I have been thinking a lot about the work that we can do to be more collaborative, working with different partners to combat issues where we have a shared perspective and the issues that the internet and jurisdiction project is focused on are those types of issues.

The first element to working more collaboratively I think is trust.  Again, that's not me pointing the finger.  That's, there are lots of things Facebook has done to erode trust in working with different partners.  I personally in our company, I think, are doing thinking about ways we can build trust.  The second, I think, is dialogue and transparency.  The Internet and jurisdiction project is focused on those two things.  It's important we continue to make progress and look for opportunities to have that dialogue and to have it in a transparent ways.

The third thing, and this is a focus for me, is trying to focus as much as possible much as possible on concrete outcomes.  I said to Bertrand, I meant it in a kind way, the era of productive dialogue is over.  And we need to emerge from these conversations with a different goal in mind than just having productive conversation.  I think we need to focus on the exact policy mechanisms we can use to make progress in these areas.  Thanks.

>> PAUL FEHLINGER:  Thank you very much.  The next member of the Advisory Group that is here is Eileen Donahoe.

>> EILEEN DONAHOE:  Thanks.  I would pick up right there on the topic of urgency.  But slightly different dimension to it.  I feel like at the Conference there was definitely a shared sense of urgency, but I think we didn't adequately address the fact that in the outside world outside of this community there is a completely inadequate sense of urgency about what are the consequences of assertion of jurisdiction not just extra territorially, but when you are asserting jurisdiction domestically and having extra territorial effects which seems to be happening in many ways.  There are many actors doing this in the name of protecting their citizens on some dimension or another, but it's still having a deleterious effect on two big things that we all care about a lot, one is the effective unity of the Internet as a platform for free expression and the exercise of Human Rights and all kinds of other good.

And then the other things that sort of a little subterranean but is also happening like a sub text of this territorial assertion of jurisdiction is that we are unintentionally in some cases under mining the concept of universality itself.  And the universality that was the basis of the universal Human Rights framework.  And I think those are the two big things that are at stake.

And I'm just going to mention one last thing.  I think we have got to be motivating people around the world that those things are really at stake, the Internet itself as a global platform and the universality of Human Rights.  One thing that we did do very practically at this Conference and it falls in the, I think it falls in the best practices area, we started to articulate this idea that for Governments that are intending to protect the Human Rights of their own citizens, but by so asserting their jurisdiction, they are having an extra territorial effect on citizens in other places.

They have to look at the consequences of that as experienced and articulated by the people in those other places.  So the idea being that if you are protecting your citizens' privacy, let's say, but people in other countries experience it as under mining the right to freedom of expression, be more humble about your assertion of jurisdiction and perhaps keep it within your boundaries, and use the concept of do no harm, at least do no harm as it relates to the enjoyment of Human Rights of people outside of your jurisdiction.

We just started to get our hands around a movement in that direction.  So I will leave it there.

>> PAUL FEHLINGER:  Thank you very much.  I see that unfortunately some members of the Advisory Group of the Conference already left.  Benedito, the Brazilian Ambassador had to leave already and I think Arun from India, she also had to leave.  Since we have 13 minutes left.  I may ask you to please be brief so that the maximum number of people can talk.  I would like to continue because Patrick mentioned with Fiona Alexander if you could give us an update on the Conference that took place in Strausberg.

>> FIONA ALEXANDER:  I fully agree with what the gentleman from Facebook said that we need to come to some conclusions.  I'm dealing with cybercrime, electronic evidence from criminal justice perspective and in 1995, it's 21 years ago, there was a report of the Council of Europe on procedural law issues regarding cybercrime and evidence that underlined urgency of the matter of securing evidence that may be in other jurisdictions.  That was in 1995 and now we still have productive dialogue on this.  The Cybercrime Conversation Committee is full of prosecutors, law enforcement, that sort of people that realize that very little cybercrime is actually reported to police, and of what is reported less than 1% ends up in court.

So if you look in the reality, very little is actually ever investigated, prosecuted and adjudicated, and we can have doubts about the rule of law in cyberspace.  So, therefore, in 2011 the committee established a group on transport or access to data, which went through a number of recommendations.  It's direct access to data not now via providers or any other intermediaries, that produce the report with some recommendations, the problem is that the recommendations were presented about the time the revelations came into the media so the issue of transport of data was not feasible anymore.  But the committee outlined at that time there would be a jungle of different solutions and that's what you have in reality. 

Everybody, Governments try to do their job to protect society against crime.  Prosecutors try to investigate.  Law enforcement try to investigate.  They all find their own unilateral solutions.  That's the problem.  We, therefore, established another group, the Cloud evidence group that produced its final report two months ago, and that report was discussed by the cybercrime committee three weeks ago with very specific proposals.

One of them is let's focus on data that is needed most often but is less sensitive to other data.  Let's focus on subscriber information because that's what law enforcement needs in 80, 90% of the cases.  I will stop in a few seconds.  But I also didn't stick to the three minutes, by the way.  There is a workshop tomorrow at 12:00, high noon, workshop 87 with Christiana, and so on, but there are specific proposals on the table of how to interpret existing commissions of the Budapest Convention to give a little basis for the type of requests that law enforcement sends to Facebook, Google, Microsoft and so on.  Thousands and thousands of requests are sent without a clear basis raising many rule of law problems.  We try to create a legal basis for that.  There are a number of other solutions, but for that you have to wait until tomorrow lunch time.

>> PAUL FEHLINGER:  Thank you very much.

>> AUDIENCE:  Just one point to pick on what Alexander was saying, one of the important evolutions is that access to user data doesn't concern exclusively cybercrime anymore, but also access to information in normal criminal investigations where information that is held by service providers is useful for the investigation of normal crime that are not only cybercrime and this is a big development that makes it even more important to discuss this.

>> PAUL FEHLINGER:  Before we open up for questions, one last representative of a member of the Advisory Group is here which is Leonardo who is here for Cerf from Google.

>> AUDIENCE:  Sorry you guys couldn't get Vint Cerf so you are stuck with me.  I think that what Google is experiencing around the world and other companies touched on this is we are concerned with the race to the bottom that did result from all of these unilateral initiatives in a sense.  We have seen blocking injunctions in Brazil, for example, we have seen legal legislation trying to be applied to the fact that any services just available there even though it was never targeted to a specific country or region actually fall into the jurisdiction as well.  So the major concern that we have, and that's why we praise this kind of initiative of the Internet and jurisdiction group is essentially the fact that if these common standards are not developed soon rather than later, basically we will still be facing these legal issues, these general issues of this race to the bottom that was raised.

So that's really concerning for everybody, anybody that's really interested in doing all of these scenarios of investigating crimes, no matter which stakeholder group you represent should really be focused on trying to get global solutions around unilateral approaches.  Thank you.

>> BERTRAND DE LA CHAPELLE:  Thank you, Marcel.  I have seen a few people raising their hands, so.  I have Aryan Dogen.  Priority to the urgency of scheduling.  Rebecca.  It's okay.  It's flexible.

>> REBECCA MACKINNON:  Thank you, Bertrand.  One thing I want to compliment you for an excellent meeting in Paris.  Just a few comments to pick up on what was already said, one has to do with the importance that attendees at the Conference stressed on transparency and accountability, that we need to have as we have this cross‑border system, you know, of requests of actions to restrict content and hand over user information, the accountability of this is vital.

And so transparency is a very important part of that.  The Ranking Digital Rights project which I lead and our indicators that we use to evaluate companies have come up with a bunch of things that we believe based on consultations with experts and companies over many years are best practices in terms of what companies should be disclosing, what they should be reporting on.  So I'm going to be leaving a thing here about our project, and you can go on the website and see what our indicators are, but that might serve as a good starting point for thinking about what the best practices around disclosure by companies ought to be.

One thing that we found in our research is that many companies are hindered in their ability to be transparent by law and regulation of Governments that are preventing them from reporting data, you know, even about content requests or even sometimes reporting data about copyright takedown or defamation take down, reporting not individual cases but data, or there is legal ambiguity about what they can disclose and I think that Governments that are members of the open Government partnership, Governments that are members of the Freedom Online Coalition have no excuse but to bring their laws into alignment with maximizing companies' ability to be transparent on these matters, and then secondly, of course, as many have raised we need Government transparency and particularly those Governments that are part of the Open Government Partnership.

I would argue that being open and reporting on requests that are being made for user data and content takedown and blocking and shutdowns of all kinds, should be a vital component of being committed to open Government, because otherwise that affects people's ability to access all kinds of other information that is needed for openness and accountability of any governance system.

Two other really quick things, there was discussion about grievance and remedy, and this is an area that is very under developed, and I think this group can work on and I know I'm getting a signal.  And the other is systems for monitoring and evaluating and benchmarking how both companies and Governments are doing on these things I think is really important for bringing greater accountability to the system.

>> BERTRAND DE LA CHAPELLE:    Thank you, Rebecca.  I'm sorry for the time constraint.  I have Michael Nelson, Aryan and Chris Painter.

>> MICHAEL NELSON:  Thank you very much.  I'm going to keep this to two minutes because I have to leave at 10:00.  I was very glad to be part of this meeting.  I'm Mike Nelson.  I'm in charge of global public policy for CloudFlare which is an Internet security firm.  I'm also a professional Internet Conference attender.  And this was a very good meeting.  Mostly because there was a huge amount of time for us to talk amongst ourselves over cocktails and the like and in the sessions themselves we had a lot of breakouts, a lot of good discussion.  The thing I wanted to highlight was one of the important recommendations that came out of the content and jurisdiction group.  It was listed as best practices for dealing with transnational issues.

It was actually best practices and worst practices, and it's very important that we highlight the really bad things that are happening.  A model for this is something that Steve Delebianco to your right is doing.  They call it I awesome and I awful.  And it's a compilation of really bad things that state Governments in the U.S. are doing.  The great thing about highlighting what worst practices is it gives a signal to people who might be inclined to copy those worst practices.  More importantly for you, it's controversial.

You will get a lot more attention which is the biggest problem with this whole project.  You are not getting the attention you deserve.  So get out there and start pointing fingers at people who are doing stupid stuff!  And not just Governments.  I'm talking here about advocacy groups, I'm talking about companies, call people out.  And make sure that we don't go down the wrong path.  The other thing that I wanted to highlight was this was a very good Conference because every so often when people started just admiring the problem, somebody would come back and say, no, what are we going to do about it.

And then somebody would stand up and say, well, the Government needs to do this, and then somebody would say we are not the Government, and we would start talking about what the people in the room could do.  So that's another reason I'm very excited about this project and why I was glad to be there.  Thank you.

>> BERTRAND DE LA CHAPELLE:  Thank you.  Aryan, and then Chris, Daphne and Steve, and I think we will have to close the line unfortunately.  So Aryan.

>> ARYAN DOGEN:   Thank you.  And I will try to keep my comments under two minutes as well.  So I will just echo the others in thanking Bertrand and Paul for this initiative.  Obviously going into this Conference I realized the issue and issues were very complex and I think I came away with a view that they are 100 times more complex.  I think this Conference really demonstrated the value of, well, A, that these are really complex issues and that starting to unpack and understand them and explore approaches to deal with them really requires multi‑stakeholder innovation.

You know, getting beyond sort of individual institutions or perspectives to sort of look at the collective opportunity.  And I think there are areas where, you know, they were identified coming out of the Conference where I think concrete and sort of practical, you know, work may be possible looking at things like shared vernacular, language and ways to improve transparency.

I think that how we approach the sort of constellation of issues is important as the final result, and so these types of initiatives that are inclusive, that are bottom up, that meaningfully engage the diversity of perspectives whether technical community or Civil Society or private sector, academia is obviously important, and openness to approaches being made from innovative approaches from the bottom up.  So I will stop there.  Thank you.

>> PAUL FEHLINGER:  Thank you and Aryan Dogen is from the Canadian industry.  It used to be industry, it's now innovation science and economic development Canada.  So we have to be very, very conscious of leaving the room in literally a few minutes, so Chris, Daphne and Steven.

>> CHRIS PAINTER:   I'm Chris Painter from the State Department of the U.S, which is still called the State Department of the U.S., and I want to say a couple of things.  We have been dealing with these issues that Alexander said for a lot of years you mentioned how this is not just cybercrime.  That's been true many years, we have looked at within the G8 group, the crime group I used to Chair this was literally 15 years ago and we made progress and what we are focused on is trying to look at things we can do nationally like beefing our ability to this and giving more resources to it, but what we can do creatively in the U.K., U.S. draft agreement and proposed legislation with that.  And as you said, and this is a key thing for us, we want to make that, we want to balance different interests.  We want to make sure that law enforcement access is easier, but we want to uphold certain principles and we had a very strong Government delegation at your Conference, Larry Strickling who is in the back there, David Bidcower deputy assistant attorney general in the criminal division and the Justice Department and me and we care deeply about this issue.  That's why we have been looking at these creative solutions.

One thing worth noting about the U.S./U.K. draft and the proposed legislation was that was an experiment that we think could really help in a big way and it's something that we could make more generally available to other countries, however, to do that, those other countries have to meet standards too.  So it might help raise the boat everywhere.  But I would agree with respect to your Conference, I think what I felt most valuable was you had the right people at the table.  You brought the right stakeholder both from Government, Civil Society, industry and academia and that was valuable in getting the concrete solutions.  I don't think this will get solved overnight certainly, but we can look at different creative solutions as we go forward.

>> PAUL FEHLINGER:  Thank you, Chris, Daphne.

>> DAPHNE KELLER:  Yes, Daphne Keller Stanford Center for Internet Society, formerly Google.  I will echo the thanks for the Conference, it was remarkable.  And one remarkable thing about it was the difference between the three tracks in terms of who was in the room and paying attention.  I think that the conversation Chris just described, the conversation about cross‑border access to user data for law enforcement is at a pretty advanced state.

Governments know they care about it.  They are sending representatives into this conversation.  They have positions, there are proposals on the table.  At the other end of the spectrum was the DNS takedown conversation where there was a great sense of chaos and crisis and nobody knowing what to do precisely because there hadn't been this sort of long conversation to grow proposals and for people to firm up their positions.

In the middle was the content takedown session, my session, and there I think there are beginning to be Government actors in the room paying attention.  We had Government representatives in the room for that session more so than I have seen in any previous discussion of this topic.  But not that many and while they are experienced in some details of it, they aren't as accustomed to the larger picture that's been developed in these Forums.  So I think I will echo Eileen's point about the urgency and I will urge those of you who speak for Governments or can speak to Governments, particularly outside of the United States and Europe, to pay attention.  To have trade ministries, justice ministries, culture ministries, everybody who is affected by the deletion of online content based on another country's law pay attention and be involved.  Thank you.

>> PAUL FEHLINGER:  Okay.  So thanks, Steve, for helping keep the time because I'm conscious of the group that will be coming afterward.  So thank you very much.  The importance of this session was mainly to report back, explain what it is.  For those of you who have not participated in the Conference, you can go to Internet jurisdiction.net where all of the videos are accessible of the public sessions.  I want to highlight a few of the words that were used.

One of the key elements is the question of due process across borders, the dangers of having a sort of legal arms race due to the nonalignment of unilateral decisions, and the question of policy coherence so that the different stakeholders know exactly what the others are doing.  Thank you very much for those of you who have participated in the Conference.  Thanks for having come this morning and please come to the booth in the village if you want to keep in touch with us.  Please give us your cards as you are leaving if you want to be kept informed and go to Internet jurisdiction.net to have more information.  Thank you so much! 

(Concluded at 10:07)

Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10
Switzerland

igf [at] un [dot] org
+41 (0) 229 173 411