Introductory Breakout Session: Security, Safety, Stability & Resilience

Description

This Introductory Session will “set the scene” for the Safety, Security, Stability and Resilience theme.

The session provides attendees the opportunity to connect with attendees who are engaged in similar work and have similar interests.

Security and Safety are prerequisites to economic growth and a healthy digital environment beneficial to all. While security, stability, and resilience refer to the systems, the infrastructure, and the devices; safety and resilience of the users are also of paramount relevance. Under this theme potential risks to security and safety will be discussed from various angles with due consideration to how stability and resilience can be achieved. Strategies for protection of both systems and users will be addressed, taking into account a multidisciplinary perspective to potential solutions and the importance of stakeholder collaboration for responding to the growing range of threats to the global Internet and its users.

Lead organizers and rapporteurs: Sylvia Cadena & Rajesh Chharia (MAG members)

Session agenda:

9:30 – 9:40     Welcome and Introduction (5m) by MAG member Rajesh Charia, who will moderate the session.
                       Who is in the room? brief dynamic to break the ice.

9:40 – 9:55     Scene-setting remarks by Cyber Ambassador Tobias Feakin, Australian Government – (Confirmed) (15m)

9:55 – 10:05   Questions and discussion regarding scene-setting remarks (10m)

10:05 – 10:40 Sub-theme breakouts (35m)

The breakout discussions will be led by the workshop organizers/speakers as listed below. They will facilitate break out group discussions with the people interested by each subtheme. The breakout discussions will start with the following two suggested questions, but it will be up to the group to decide the focus of their conversation: 1) What are three or four policy questions relating to this sub-theme that you hope to address during the week? And 2) If you are a workshop organizer, what policy areas will your workshop explore?

  • Safety: Ana Laura Martínez. Coordinator of International Cooperation Networks at the Regional Center for the Development of the Information Society (Cetic.br/NIC.br). Brazil. Technical community. Confirmed
  • Security: Alexander Isavnin. RosKomSvoboda. Russia. Civil Society. Confirmed
  • Stability & resilience: Kaveh Ranjbar. Chief Information Officer, RIPE NCC. The Netherlands. Technical Community. Confirmed
  • Technology, Industry and Trade: Peter Koch. DENIC. Germany. Technical Community. Confirmed
  • Internet ethics: Amrita Choudhury. CCAOI. India. Civil Society. Confirmed
  • Human rights: Charlotte Altenhöner-Dion. Head of Internet Governance Unit. Council of Europe. France. Intergovernmental Organization. Confirmed.

1040 – 1115    Readouts and session previews (35m)

1115 – 1120    Conclusion (5m) by MAG member Rajesh Charia

1. Key Policy Questions and Expectations

As the Introductory Session reviewed the policy questions and challenges under the Safety, Security, Stability and Resilience track, covering 42 sessions of the program, the introductory session did not focus on 3 specific policy questions, but rather on the relevance of the track's theme and the subthemes identified.

2. Summary of Issues Discussed

The session started with Cyber Ambassador Tobias Feakin keynote, followed by breaout discussions around 5 of the 6 subthemes the track covered.

Ambassador Feakin started his intervention by highligting how sound cybersecurity policy and practice are enablers for democratization, freedom of speech, and economic growth. An online environment that's free and secure, sound simple but those are hard words to deliver upon. Ambassador Feakin highlighted the efforts of the Australian Government to be transparent about how policy is developed, implemented and documented locally, embracing the multistakeholder approach, as well as how the Australian positions contribute to the international policy space. As more cybersecurity continues to grown in importance strategically in the international environment, now at the heart of geopolitics in a way that, was hard to anticipate. That places a big responsibility in the way the states are looking at this issue, as well as a huge burden on all of us to try to think about creative solutions to what we see happening in the technology environment, including increasing authoritarianism and all its manifestations online, weaponizing the technology to undermine democracy, abuse human rights and infringe intellectual property. This issues are very troubling and generate increasing concerns among all stakeholders.

Ambassador Feaking highlighted that we are in a period of transformational change in the digital space, as technologies emerge and mature, at a pace that presents a challenge for government to understand how we keep up with that and ensure it acts as an enabling mechanism rather than a hindrance of the technologies enabling societies; how government engages with the private sector and the large technology companies like Google, Facebook, AliBaba, and others as they've grown in an unprecedented size, influence and scale in a short space of time. Some companies are really willing to engage and have this conversation with governments and civil society, but some aren't. This disparity of approach is incredibly challenging. As governments, we need to become more flexible, adaptable, and proactive in the way we deal with technology and equip ourselves in being able to make policy.

Ambassor Feakin also mentioned the pioneering decisions from the Australian government around 5G and how it presents as a precedent for thinking about technology issues: What is it that you want as a nation from your technology posture? what is it you want to gain? what are the kind of values that you think are important for technological developments to imbue and absorb in the years to come.

A multistakeholder approach to the discussion that incorporates values and values and principles of technological development is paramount as the decisions made will shape our societies, our economies, and our national security agendas over the next 20 years. Ambassador Feakin closed his intervention inviting people to question, to challenge and engage their governments on the issues that are important to each and everyone of us as only by acting together as a community we can make it happen. It is only through balancing the interests and concerns from different stakeholders and ensuring that we're all equipped with that understanding that we'll be able to shape the technology environment of the future we all want.

Ambassador Feakin answered questions from the audience around sovereignity in cyberspace; tensions between privacy and security; as well as how review processes for policy and law enforcement implementation around security and safety. He responded highlighting the importance of maintaining an open dialogue on these and all other issues, to frame those conversations around respect for human rights and the rule of law, but open to review, to make adjustments as things change/evolve so that government is responsive to the advances of technology.

Then, the facilitaors for the 6 subthemes identified for this track, introduce their subthemes and briefly walked through the workshops and other sessions types included as part of the track as follows:

  • Safety: Ana Laura Martínez. Coordinator of International Cooperation Networks at the Regional Center for the Development of the Information Society (Cetic.br/NIC.br). Brazil. Technical community.
  • Security: Alexander Isavnin. RosKomSvoboda. Russia. Civil Society.
  • Stability & resilience: Kaveh Ranjbar. Chief Information Officer, RIPE NCC. The Netherlands. Technical Community.
  • Technology, Industry and Trade: Peter Koch. DENIC. Germany. Technical Community.
  • Internet ethics: Amrita Choudhury. CCAOI. India. Civil Society.
  • Human rights: Charlotte Altenhöner-Dion. Head of Internet Governance Unit. Council of Europe. France. Intergovernmental Organization.
3. Policy Recommendations or Suggestions for the Way Forward

During the breakout discussions, the groups discussed the issues that will be covered by many of the sessions on the program and some of their observations and insights offer an interesting set of suggestions.

Human Rights

- Put people first: The group discussed about the difficulty to put human rights into practice, from the regulatory framework design all the way to its implementation, the group identified that different sessions recommend to add emphasis on the end user, to be more inclusive (specially with the youth) during the design of the different regulatory approaches, while balancing the protection of their rights and their safety, without hindering their opportunity to participate.

- Platforms should not only focus on compliance with community standards but also to incorporate mechanisms where harmful content -although removed from the public- can be kept (not deleted) to support law enforcement investigation and criminal prosecution. Platforms should be reminded of their responsibility in countries where human rights are not enforced with the rule of law.

Security

- Multistakeholder dialogue is key to understand norms in cyberspace and their impact.

- Strengthen collaboration among different stakeholders and across different jurisdictions to fight cybercrime, not only with the large tech companies but also with smaller/emerging ones

- Public policy should look at incentives to adopt best practices and modern security technologies based on solid technical knowledge.

- Technical capacity building around security should be supported at all levels, from end-users to operators, to law enforcement and criminal investigators 

- More research around security incidents, adoption of security practices and compliance with law enforcement requirements is required to be able to design security approaches based on evidence and not on fear alone.

Internet Ethics

- An inclusive ethical framework should be the starting point for companies and governments when defining the regulatory and non-regulatory approaches that will address issues of concern. Such framework should incorporate monitoring mechanisms that allow to identify unintended consequences, abuse of power, miscarriage of justice, human rights violations, among others.

- It is paramount to do more intensive and extensive work around clearer definitions to seek consensous building at a global level while documenting localized interpretations that reflect cultural differences

- Education around ethics and how it impacts the online and offline world, targetting different age groups and sector of society should be supported and encouraged, and adopted as part of the formal education system. Rights and responsibilities need to be better understood by users to become mature digital citizens.

Stability and Resilience

- Cooperation among operators is key to increase the number of peering agreements and interconnection points that can improve the resilience of the network by offering more paths for network traffic to operators: less peering among IPv6 networks means lower resilience.

- Lack of interoperability between IPv4 and IPv6 means a possible fragmentation and creating two islands in the Internet.

- IPv4 is gaining value and a high cost can hinder enterance of new network operators or the expansion of the coverage of existing network operators, that could have an impact on both stability and resilience of the network.

- There are a variety of DNS technical implementations to filter/block content that are not in line with the architecture of the Internet, intended to be neutral. Consideration to intermediary liability is part of the framework to consider when addressing issues around content blocking and filtering to understand the burden placed on network operators to have the skills, the computer power and the budget to cover the legal costs to comply with such regulations across different jurisdictions.

- Balance between security, encryption, and human rights including personal freedom is a challenge for the stability and resilience of the Internet. It is key that law enforcement and policy makers get a deeper understanding -through education and training- to the architecture of the Internet and how these solutions affect its growth, so that they can design and implement frameworks that are more inclusive, technologically sound and future-looking.

Technology, industry & trade

- The group suggested that information exchange around cyber security and privacy is key for the development of new devices and services that will enter the market. This information exchange could lead to develop a general playbook how to address concrete problems, for better understanding and adoption of security practices.

- Diversity considerations around access to the cloud were discussed, as cloud resiliency in a concentrated market is a key policy issue. The more the cloud is used to collect, analyze and store data for online services and applications around the world, concerns about ownsership, security, misuse, as well as local access and localization continue to emerge. Approaches that are inclusive and considers diversity are required to balance economicaly driven approaches that may have a negative impact on developing economies.

Safety

- The need to rely on robust data in a topic that is sensible and frequently covered by the press.

- To bear in mind that risk does not equal harm and, therefore the, importance of putting in place protective and coping mechanisms to prevent harm.

- Importance of equilibrating protection speech with the exercise of other rights, such as freedom of expression.

- Need to consider the complexity of achieving safety: it involves all stakeholders, it involves different levels of intervention, from the legal and regulatory, to technical solutions focused on systems, to education of individuals (both children and mediators, such as teachers and parents, key figures to improving child online safety).

4. Other Initiatives Addressing the Session Issues

This question does not apply to the introductory session as the purpose of the session was to introduce the track.

5. Making Progress for Tackled Issues

This question does not apply to the introductory session as the purpose of the session was to introduce the track.

6. Estimated Participation

30 people, including 10 women.

The remote participation technician in the room indicated 5 participants were connected remotely.

7. Reflection to Gender Issues

The conversations focused on the subthemes under the track. Gender issues were mentioned as part of the Internet Ethics and Human Rights subthemes contributions but were not discussed in detail as the purpose of the session was to introduce the track.

8. Session Outputs

Transcripts and video of the session are available here.