Welcome to the United Nations | Department of Economic and Social Affairs

FINAL TRANSCRIPT


EIGHTH INTERNET GOVERNANCE FORUM
BALI
BUILDING BRIDGES ‑ ENHANCING MULTI‑STAKEHOLDER COOPERATION FOR GROWTH AND SUSTAINABLE DEVELOPMENT
THURSDAY, OCTOBER 24, 2013,
9:00 A.M. ‑ 10:30 A.M.
SESSION NO. 310
CYBERSPACE GOVERNANCE ‑ EXPLORATION

********
This text is being provided in a rough draft format.  Communication Access Realtime Translation (CART) is provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings.
********

(Video playing.)

     So the cyberspace governance is still in the very early stage. Here, we try to sort of discuss what is it, what's the issue and about the relationship with the Internet governance. Those are the things that we want to discuss in this order.

     First of all, we tried to show a video from the University of Toronto, but it seems to be computer is having some problems. So we may show later. It's a very nice video. Unfortunately, Ronald Deibert, he's attending another workshop over there, and so he can't join today.

     First, I will go through the introduction of cyberspace ‑‑ not cyberspace governance, okay. Then from the MIT, Professor Nazli Choucri is going to show the ‑‑ present on who controls cyberspace.

     Then we'll have from the University of Mexico Alejandro Pisanty, trying to join remotely. But yesterday, it was not too successful. I'm not too sure if he can join successfully. Otherwise, we'll show his presentation material. One page.

     Then we go through to Amelia. Would you like to stand up now? She's the youngest parliament member of European parliament.

     Then Adiel Akplogen. He's the Africa ‑‑ AfriNIK CEO.

     Then Johan Hallenbo. He's from the Swedish Foreign Ministry.

     Then we'll have open discussion.

     Can you show the ‑‑ my presentation material of who controls cyberspace?

     Yeah, cyberspace. That one. Yes, please. Try to go to the precise.

     I try to show basically two page. Okay. This is the oral presentation, but I try to explain some of the ‑‑ five to ten minutes using the two presentation material.

     Okay. Next one, please.

     Okay. First of all, cyberspace ‑‑ let me try to elaborate. What's the cyberspace compared to real space? Then the second, since it's the Internet Governance Forum, what's the relationship between cyberspace and the Internet? For today's discussion, we should have some agreed concept.

     Okay, can we show next.

     Okay. Here is the cyberspace and the real space. You can see the real space here, then we discuss on the real cyberspace. And to make more complicated, we have a mixed space. And actually, many of case, when we say "cyberspace," is mixed space rather than pure cyberspace.

     Okay. Do you know what is the mixed space? Okay. The best example is Google Glass. Do you hear about Google Glass? And you can see the real space with your eye, and also you see the cyberspace. And there is ‑‑ they overlap. That's a beautiful example.

     And we have many more case on which probably you may ‑‑ you may raise the issue.

     So today's discussion, we talk both cyberspace and mixed space. And I tend to be more of a mixed space. For example, we have a guest from Korea who is Human Rights Commission.

   Okay. Human right or privacy, yes, we have the real space, the human rights issue, and also in cyberspace. So that's a cyber human space ‑‑ human rights. Cyber privacy.

     Then in the priorities, we tend to discuss more in the mixed space, combining of the real space human rights and the cyberspace human rights and beyond, still kind of very explorative.

     Next one, please.

     Next one is cyberspace. What is it compared to the Internet? You can see that here, IP‑based infrastructure.

     Then we have another infrastructure, for example, smartphone. Smartphone without setup IP application. For example, smartphone addition is not really an Internet infrastructure; something beyond.

     Okay. So we have two infrastructures, and then on top, we have many other applications.

     David Clark from MIT stated in his paper this is aspect. "Aspect" means they are not really mutually exclusive. You saw the cyberspace from many aspects, from many views. Okay. And the one ‑‑ most popular one or popular ‑‑ I shouldn't say "popular."

     The one we most often discuss this day is cyber security. For example, cyberspace conference in Seoul last week, and most of the discussion is in cyber security.

     Then the big one is cyber economy. For example, here, we don't really discuss cyber economy.

     Then cyber society, including human rights, privacy, abuse, many things related to society itself.

     Okay. So the cyber‑ ‑‑ when we say "cyberspace," seems to be including this whole thing. So the humans consider cyberspace as a superset of internet. So the ‑‑ naturally, cyberspace governance will be the superset of Internet governance, but we'll see. How does anything particularly different from Internet governance is pretty much mostly similar or same.

     With that, can we go through the ‑‑ okay. I'll show you a couple more.

     Can we go next one?

     Okay. Aspect. David Clark set up society, security, economy are the three major aspects. Then we have a couple more, like a nation state ‑‑ cyber nation state, and including of the ‑‑ relation, which MIT Professor Nazli Choucri is going to explain, then cyber environment and many more.

     With that, let me stop here, and let's go to the ‑‑ Professor Nazli Choucri.

     Can you make hers ready? Either Web Ex ‑‑ she tried to join with Web Ex. If it doesn't work, then we show the video.

     Can you show her presentation material?

     We have her presentation material. The one ‑‑ MIT or something.

(Off microphone.)

     >>KILNAM CHON: Nazli, would you like to make a presentation?  

     Hello. Can you hear me?

     It's 9 o'clock over there at night.

     Okay. While she tries to get in, let me explain. We have several research centers, mostly in the northern ‑‑ North America, including this one by Harvard and MIT, exploration in cyber interrelations. Then University of Toronto has the Cyber Dialog Conference. The Georgetown University also has a similar one. Then Oxford University is doing something in this area. Those are the ones we are aware of.

     Nazli, would you be ready?

     Next, please.

     This enormous expansion of the state system in terms of the number of states ‑‑ I hope you can see the slide there ‑‑ and an expansion in the number of non‑states.

     Point B, that there are many, many factors that interact over governance and over the Internet.

     Please tell me if you can see the slides.

     Next, please.

     And we have to remember enormous shifts in the international context and international relations. I won't read the slide, but compare the 20th century power politics on the left side of the screen with the 21st century complexity of cyber politics, the non‑state actors and so forth. The important part of all this is at the bottom of that slide when we look at the multi‑stakeholder pressure. Stakeholders from various types are putting pressure and making themselves understood and demanding an influence in governance. This was not the case in the 20th century ‑‑ in 20th century power politics or even cyber politics.

     Next, please.

     So where are we now? All the elements that are on the slide, you're all familiar with. Major asymmetries, the dominance of the private sector operators. We think of operators as technicians, but they're really very influential and very powerful. But we also know that there's a leveling of the playing fields in the cyber domain, the Internet and the entire cyber domain, leveling in the sense that diversity is dominant and even the weaker actors are influential. And most important of all, we have entities of decision makers ‑‑ many, many, many different types of groups influence the decisions that are being made about the management of the system.

     Now, why is that?

     Because we have gone through major changes in the democracy and in the ecology of cyberspace. Now, you know that, but we have to keep that in mind when we address the matters of control.

     Next, please.

     I wanted to share this particular set of slides with you because of the proximity, the closeness of the trend in Internet access and in mobile sale of subscription between developing countries and developed countries. We don't have a world ‑‑ these slides represent really this leveling phenomenon I was talking about, which is new, which is a change in the cyber domain and in the power politics and in the traditional physical domain. But there are other changes as well that influence the parameters of control.

     Next, please.

     This is what I think is the most important of all and, in fact, is even an old, old reckoning ‑‑ record of the rate of change of languages that are used in the cyber domain.

     The rate of growth between 2000 and 2007, and its huge outlier is Arabic. And all the other non‑English languages also growing ‑‑ grown, have grown and are even growing more now at very high rates. This is part of the demography and the levelling that we talked about ‑‑ I mentioned.

     Let me move on to another aspect of the politics and the distribution of state influence in that domain.

     Next, please.

     I wanted to share this slide with you. It's about denial of service. It's been put together by a group at the mine here in technology review. And it represents diversity of motives for the denial of service. All aspects exercise a measure of control over the access and the services that are being provided. We take this for granted, because after all, this is what states do. They've always done it. But in this case, what is very relevant is that diversity and the differences in the goals and the mobile connections. That's the reality that we live with when we talk about control or in some cases, politics over control.

     Next slide, please.

     What is also very new now is the density in the actors that are involved in decision making. I mentioned that earlier, and here, I would like to remind you of the difference between control, which is operational leverage, and governance, which has to do more with rule making, principles and the like. In both cases, in the control and in the governance domains, many, many, many different entities are at the table, so to speak. But only the state asks real voters. Remember, the system as a whole is run so far by private entity. But we have something of an unprecedented set of ‑‑ I won't say tensions, but I would say pressures for the renegotiation of a control mechanism and governance.

     And I'd like to repeat one more time the issue of wantable and mobilized stakeholders, which is the last bullet on this chart.

     And that is not going to go away. The influence of stakeholders other than the state is one of the most important stakeholder ‑‑ in the state.

     Next, please.

     So here's the complexity of control, the checklist of issues we are concerned about: Why control? Why control? What is it that must be controlled? And the denial of service was simply an example. How to control: Exicon measures, regulatory measures, coordinated measures. Once we get the formal accord and we're in the governance domain, but as you well know, the instruments of controls are quite important. And then finally, when to control. All of these are up in the air. There's no consensus, and different states with different people ‑‑ just use different leverages in the complexity domain.

     Next, please.

     The chair, Professor Chon, mentioned David Clark. Here, I'd like to highlight the way we have approached the relationship, the connection between international relations; the world of power, politics of countries or states, et cetera; and the Internet, the core of cyberspace. If you look closely at this matrix, you will see that on one axis, we have the way we think about international relations, the individual state, international systems and global systems, et cetera. And then if you look at the rows, it's a representation of different rows of Internet itself.

     And what's in the cells of this matrix? If you look specifically at the state column, the column of the state, which is the third column from the left, it gives you a sense of the ‑‑ where the state has control, how it's controlled. And this is simply an example.

     What you would get out of this is that many, many fingers, many, many influences are on the topography of control from the international relations side trying to impact on the cyber domain and vice versa.

     Now, where does this leave us?

     Next slide, please. And I'm almost finished.

     It leaves us thinking about the contours of control or the parameters of control at this point in time. What is it that we're absolutely certain about? We're certain about the power of demographic diversity; the tradition and the importance of the state ‑‑ because the state system is not going to go away, but it's no longer the only dominant entity; the salience of multi‑stakeholders; the power of the ISPs. We have underestimated the power of the operational side in relation to the instruments that the state has to influence the operational side.

     Now, all of this is contributing to the necessity of revisiting governance. All of this ‑‑ and this is my concluding sentence. All of this illustrates something of a stalemate in the cyber domain with respect to control, who controls. And we are at the juncture where different entities control different features, and nobody dominates, and it actually is a stalemate. And what we must think about is what are the advantages for the global system and the cyber system at this point in time of being in a stalemate. And if you think about it, there could be some advantages. And with this, I would say ‑‑

     Next slide, please.

     And thank you. And I am done.

(Applause.)

     Nazli, are you going to stay here until the end of this session?

     I will just give him time.

     >>ALEJANDRO PISANTY: But I will speak up. Let her have the floor. Thank you.

     My name is Amelia. I'm an instructor, and I'm a member of the parliament for the pirate party. I thought that the topic of this session was interesting, since it touches on some of the dilemmas that I feel have been addressed more also in the context of Internet governance. And I see these discussions both here and at the EuroDig in ‑‑ EuroDigs in Europe about what do we do with this place that we've created and where all of us are and how do we govern the social interactions that occur in the digital space? How do we get along?

     This is not a very trivial issue. It's not just a question of choosing the right protocol for getting along. You can't only rely on HTTP to assure that there's peace and prosperity in the world. It's also a question of how do we resolve conflicts that can arise between different parties in an online space? How do we define what the conflict is that is relevant to solve in an online space? And I think these are some of the big challenges that face us now and that have been accentuated by the discussions that arose this summer of security agencies and militaries and how do we deal with police authorities creating special rules for technological implementations and computer software, and how do we get past the fact that it is looking as if state actors are increasingly the ones spreading dissent and conflict on the Internet when we expect them to be the authorities in society that actually resolves them?

     So I've been hoping to address the ‑‑ my dis‑ ‑‑ some of my thoughts around the possibilities of changing these problems. And because I work in the European space ‑‑ the European Union was set up in the 1950s at some point, because in Europe for a very long time, also we had problems with the police authorities and militaries and other agencies of government creating social problems for people.

     So for about 2000 years, in fact, Europe was a battleground between different nation states trying to get various advantages across each other, and also my own country around the Baltic Sea was striving for dominance for a very long time.

     The European Union, in theory, was a way to set up a place of trade and interaction that was peaceful and that allowed for civilian development and peaceful development in a way that the governments would be disincentivized from continuing their conflicts. So being born in 1987, it wasn't always very easy for me to relate to the purposes of the European Union. A lot of my childhood and, in fact, all of my adulthood is spent in a time when the conflicts of a Europe past have been more or less irrelevant.

     So not until I've actually started thinking about the Internet as a place where we now have renewed conflicts have I seen that maybe the European Union idea wasn't so bad after all. There is clearly a strong potential for the European Union to continue its important mission to help governments in Europe and people in Europe or even globally to have a peaceful development of the Internet. But it would require the European Union to make some very tough choices and show very strong leadership with respect to its member states and a leadership that the member states may not at present be entirely willing to accept.

     And so, with the European Union going into parliament elections next year, we're also going to find a new commission that will guide the executive of the European Union. I will personally follow that development very closely because I think it could be genuinely interesting.

     It is very clear that cyberspace governance faces some tough challenges right now. We've had them, of course, all the time. But in this particular time, I think globally, we're looking for somebody who is able to say that the Internet is a platform not for combat, not for war and not for distrust, but actually a place where we can get along with each other. And so the question is: Which policy agent has the capacity to advance that point of view?

     It's very clear from the discussions here also that a lot of the issues that we want to see solved on the Internet, they're not in the technical layer. We have a lot of social problems now, and they will be -- have to be addressed also. But I wanted to throw that into the room and see if there's anyone else who is maybe sympathetic to this idea.

     Next one is Alejandro. Are you ready?

     Please, go ahead.

     Alejandro? Is it on?

     Yes, please go ahead.

     I am very honored also to speak after Amelia, whom I respect and like very much for her participation; and after Professor Nazli Choucri, who has given us a masterful overview of issues. My comment goes precisely along some of the lines of her issues and the ones by Amelia.

     Cyberspace has ‑‑ Professor Choucri has mentioned and the skill ‑‑ is much, much larger than the Internet, and there are a lot of sources of power and sources for power in cyberspace. Some consideration has to be made through the infrastructure, the physical equipment of computers and telephones, what we call ICTs, in general information or communication technologies; and the control and regulation of standards over markets, over ways to use them, what is legal, what is ethical, is very large. And Internet governance, in particular, is more narrow ‑‑ a slightly better defined subject which has provided some experiences that we also have now neglected on the cyberspace problems.

     In particular, what has been very useful and unique in governance, in the historical evolution of Internet governance, is that it has been progressing by identifying problems and then looking for solutions to each of these problems, bringing together the right mix of what we now call stakeholders. The first act, literally, of Internet governance was establishing standards so that people who either operate or intercommunicate, and the IETF was created for that and then brought you some requests for comments or RITs ‑‑

   Later, things needed ‑‑ the IETF needed meetings and some interface with the outside, and they created the Internet Society. The IETF also created IANA, which was a solution to a very big problem, which there were a few unique identifiers that you need to have unique mathematical value, and you have a database there which essentially has created IANA.

     When IANA began to get into conflicts and domain names began to have monetary value and degradation was looming, the decision was made to create ICANN. And what ICANN does is make IANA decisions non‑arbitrary because there is a publicly available process there, and therefore, it shields IANA from litigation. Of course, you have a lot of litigation now against underground ICANN.

     And so far, you have the anti‑efficient working group. You have the messaging and you have youth working group, and many other things have come up in order to solve this issue.

     Suddenly, while this is evolving, I don't know the contention for the states in general, a particular country is trying to play power games or really assert more power or serve their citizens better ‑‑ depends on how domestic you are about the state ‑‑ we get the news this year from the Snowden espionage revelations which have continued because we see now that more and more countries are actually going beyond the law in surveying and spying on communications and secrets of their own country, of people outside the country. You have commercial secrets. The list will be endless. The only model they could have about it is that it will never end. And given that this has now permeated the whole Internet governance debate. And it will go ‑‑

(Audio difficulties.)

     So now, I think that we have a big mess, a big confusing mess, in the discussion about Internet governance because we actually do not have any espionage governance. There are very broad general arenas about espionage, and most countries just want to break them as soon as they can, spy on their own citizens if they ‑‑ or other countries.

     We need to come back to the Internet governance debate and to the cyberspace governance debate generally with a view that surveillance, privacy, the intimacy of life and the privacy and secret ‑‑ or confidentiality of communications are under threat. And each organization, each mechanism of Internet governance, if undertaking a review, the most effective review that I think we're already seeing is the Internet Engineering Task Force or IETF, which has now created a group and several activities in other existing groups to review the privacy, snooping, surveillance, confidentiality ‑‑ protection implications of the Internet protocols.

   I think that we will have to do what we have always done, which is identify the problems, solve them by layers, bring the right stakeholders and look at upper layer mechanisms ‑‑ what we call openly layer eight mechanisms ‑‑ to see what governments can agree inside the country and among themselves while helping the citizen, the law‑abiding citizen, the people who are creative and who are ‑‑ regulation as well as the people who are independent and inside oppressive countries to be able to communicate again. But we will always have now this alteration of the landscape by surveillance.

     And I will finish by saying that we should not allow this alteration of the landscape to lead to something which is not worth ‑‑ which is confusion. Because in this confusion, people are trying to compete with each other to see how they can ‑‑ how they can ‑‑ sorry. How they can take places from each other without exactly solving that problem.

     We are seeing in some countries what we can call waggle about operations, which means basically that the country may be hiding its own operations of espionage against the citizens, surveillance of communications, lack of privacy laws, et cetera, by complaining loudly about what is happening outside the country, and also using these very same ways to try to insert the state in ways that are not necessarily the natural, the productive or useful way to bring the state into a better position, which we have testified all stakeholders equally in Internet governance.

     Thank you very much.

     Next one is the AfriNIK CEO Adiel.

     Would you like to make a comment? About five minutes.

     Thank you. When I was first invited to talk about cyberspace governance, my first reaction was: Well, cyberspace governance, that is Internet governance. Why do we have to talk about a different term for governance of anything related to the Internet?

     But by looking at this closely, I think there is something to explore here about not just the use of the IP, or the Internet protocol itself, for communicating, for doing business, but beyond that: What will be the other usage of ICT without IP. But with the same purpose of advancing economy, advancing social environment, will that have any linkage, direct linkage with the use of the IP protocol and the Internet governance as we are talking, you know, all this week? What is the evolution of all this space?

     You know, the use of the Internet and digital equipment and device is becoming more and more pervasive in our environment. It is spreading out on our own. And nothing tells it will be always using IP to interconnect, to transfer information, all these things. Bluetooth ‑‑ we can use another thing. And there are communications. There is exchange of data. There are access of information.

     So how do we ‑‑ can we explore or which framework do we have to explore that overall digitalization of our world is something that was appealing to me. And I think I like ‑‑ I like very much the first presentation with the slides that clearly show ‑‑ especially the actors. The variety of actors that are involved in different aspects of what we know today as Internet governance, but in other ‑‑ other aspect of this cyberspace as well. And sometimes, the interest and the goal and the objectives are sometimes conflicting in the way that each of those actors won't see things from different perspectives.

     And I also think that there is some important exercise that we can and should try to do is to ‑‑ and I think Alejandro also touched upon that very briefly. It's about the utilization or the usage that is made of the technology and the technology itself. What is the demarcation between the two? Is the governance of the technology that makes the Internet work or the cyberspace work itself derived to the usage of the technology, the utilization of the technology in both economic environment, social environment? Is there a link? Can we see any common ground there? How can we define that? Who should do that? Those are questions that I'm trying to put out, because this is a workshop and I will expect us to exchange on some of those things.

     What I do believe fundamentally, coming from a developing country, is that the Internet that we have used and we have known in the '90s is not the Internet that we have today.

     At that time, it was very easy, very, very easy to solve many problems. I remember ‑‑ I have an engineering background ‑‑ when you deploy your infrastructure and you have a DNS issue or you have ‑‑ even a spam issue, you can quickly find out where ‑‑ what is that mail server that is not well configured and it's relaying motorized mail very quickly, talking directly to the system admin of that infrastructure and get that fixed. It was easy because it was a small group of people who generally know each other, meet at ITF meeting every time so they can social engineer.

     Now, things have moved tremendously. The interests are not always, I must say, just to keep the Internet running. There is a dollar sign very heavily apparent at different levels of this, which makes that social engineering, but getting a little bit to the edge of this environment. So we definitely have to take into consideration that widening scope of the Internet.

     The diversity, that is brought into it because, you know, there are many, many, many more countries and communities who are joining the Internet, which are using the Internet. We are finding the Internet as a critical tool for their day‑to‑day lives. How do we integrate that into the overall picture? How will government play their role; how seriously is society actively playing their role of balancing all this in their environment?

     And I think it is very interesting notion, this cyberspace governance. But it needs to be very well elaborated to make it clear and try to frame more specifically its scope.

     I will end by saying that the cyber security aspects could be seen as the most prominent aspects of this issue about cyberspace governance. And recent events have not ‑‑ allow us to maybe put more faces on that. And I believe it is very important to ‑‑ for us to be able to look at what we can do to make sure that we have some common agreement on the road sign. I think that is very important. Everyone contributes to build global infrastructure, but the road sign should be something that allows us to have safety while using those, I would say, infrastructure. And it is very important for us to look into that and defend this notion of cyber governance if we can and demarket it very clearly from Internet governance.

     Thank you.

     Next one, Johan. Would you like to make a comment?

     Thank you very much, and thank you for inviting me.

     My name is Johan. I work at the Foreign Ministry in Sweden in Stockholm at the International Law and Human Rights Department, mainly working with issues on freedom of expression and our work on human rights enjoyment also on the Internet. So thanks very much for inviting me.

     I'd like to start by just saying that Professor Chon's introduction here was very interesting, I think, seeing different parts of the cyber arena: Society, economy, and security.

Be it as it may, our take on this, it's important to see this as one area and not try to divide the area into several different ones.

     And, of course, coming from a human rights background, it's important for us to start by acknowledging that we have human rights in the real space, and they also apply in the cyberspace. So that was my first comment.

     I think Professor Nazli described the situation very well in her presentation. This is also our take on the current situation when it comes to a broader cyberspace governance picture extending beyond the Internet governance.

     What we see is that states are trying to increasingly assert control. And her presentation clearly explained the background from where we're coming and, unfortunately, where we're going.

     Our take on this is that the success of the Internet and the success of communications and ICTs, it has to do with the very little involvement by governments. It has to do with the fact that it did develop without too much of government regulation. And so this is ‑‑ this is what we think should be the continuing ‑‑ the continuing fundamental starting point.

     It's important, just as Amelia said, to see cyberspace as basically an arena where we are able to be together in a peaceful manner. This is definitely the aim of what we are trying to work for and work to strive to achieve. And not an arena where conflicts are created and remain unresolved.

     In the work that I'm involved in, we tend to work pretty much with traditional conflicts, resolutions, states talking to each other. For example, in the United Nations environment, what we see in those forums is that there tends to be a division between security on one hand and then the more softer issues such as human rights on the other.

     But it's important to see that there are things happening. Sweden was one of the promoters of the first resolution ever in the U.N. on human rights on the Internet. Last year, the Human Rights Council adopted a resolution on the enjoyment of human rights online, and it was adopted finally by consensus. So we have a fundamental ‑‑ we have a fundamental text in the U.N. system which affirms that human rights are applicable online as well as offline.

     In another part of the U.N. system, we see that work of the ‑‑ working of the group of governmental experts which are dealing ‑‑ it's 15 countries, 15 government experts who work together to find some common ground on how they believe international law should apply in cyberspace ‑‑ not just on the Internet, but in the broader ICT environment. And in that group, they reached a consensus this year that international law, existing international law, actually is applicable in the cyber environment as well.

     This is actually the first time that such an agreement has been reached. Although there is no normative instrument yet from that work, it is still a quite important conclusion because it is the first time that that has been said.

     So there are several different ways of trying to collaborate and find peaceful solutions in how we socialize in the cyberspace, broader than just the Internet. Our take on this has also resulted in a process we called the Stockholm Internet Forum. We, together with CEDA and our Dove SE, we have initiated a process where we discuss these issues in a comprehensive manner.

     And we think the added value here is that we reach out also to the low‑ and middle‑income countries of the world. We provide a platform where development in a global context is discussed. So it's an annual ‑‑ it's an annual meeting place. It's an annual conference where a lot of discussions are going on from a comprehensive way: How can we utilize and work together and make cyberspace something that we can use to improve development? Not just in a peaceful manner, but also for economic growth and well‑being. So we will continue to work on these and many other issues in trying to promote a peaceful and prosperous cyberspace.

     Thank you.

     All parties, would you like to come over here? We're going to open discussion.

     Would you like to show the video now?

     Okay. In place of the Ronal Deibert from the University of Toronto, we'll show the video, five minutes.

     And Adiel ‑‑ oh, that's right. Watch the video. That will be better, huh?

(Video playing.)

     "I think we're at a watershed moment for cyberspace. If you fast forward like 50 years down the road, future historians will look back and go, 'You know, there was that time in the 1990s and 2000s when citizens of the earth built this open distributed network, and everyone could communicate with each other freely, and then it all shut down through censorship, surveillance and micronization.'

     "We live in a surveillance state. Increased police state and as far as using services that are provided to them, and that business model has the unintended side effects of facilitating easy wholesale surveillance.

     "Most law enforcement folks, as well as military folks, say 'you might be part of a terror network. Therefore, everything has to be monitored.'

     "I see a real danger of the state casting itself in the role of protector and being seen as the enemy of the people.

     "It looks like we have two sides. So there's a side of governments that support openness, and the other side is governments where they have black boxes.

     "The approach to digital security has to be comprehensive, and we have to empower citizens as opposed to what some of the authoritarian regimes are trying to do, which is to disempower people and to not allow them to have control over their own lives and the tools in their hands.

     "We have to defend freedom of expression. Freedom of expression goes hand in hand with privacy.

     "And I believe that freedom of Internet is the biggest contribution to peace in the world.

     "I work with a group of people in Morocco who were targeted by a subculture called DaVinci.

     "A number of these what I call digital arms or heavily intrusive systems have a label made in Europe or made in the United States.

     "The digital arms trade is big business, and that means it won't stop.

     "We have to defend freedom of expression. Freedom of expression goes hand in hand with privacy.

     "And I believe that freedom of Internet is the biggest contribution to peace in the world.

     "I work with a group of people in Morocco who were targeted by a subculture called DaVinci.

     "A number of these what I call digital arms or heavily intrusive systems have a label made in Europe or made in the United States.

     "The digital arms trade is big business, and that means it won't stop.

     "What used to be our global commons of information has become ground zero for intelligence agencies and military organizations around the world.

     "If one side says, 'I'm building a national Internet from which I can attack people,' the rest of the world doesn't really have a choice. We are going to have to fight this out on a national basis.

     "National security is important, but it's problematic when governments reengineer a resource that the whole world uses for communication and for organization.

     "I think you're all running out of time, because the next really unpleasant event could cause people like me to pay a great deal more attention to the issue of cyber controls, and no one will like the results.

     "I think the future of cyberspace is not going to be determined by those of us living in Toronto or New York, or even Silicon Valley, but by the next billion digital natives coming online from a global site. If we care about keeping cyberspace open and secure, we have to engage in a global guideline."

(End of video.)

     All right. So would you like to come over here. We'll have open discussion.

     I like the opening statement dealing with trying to simplify the complexity that was apparently in the earlier comments in part because, in other words, to think of it not as different modalities or different things, but actually one thing.

     And so in looking at that, there was a slide earlier by Nazli which had the typical kind of layered view of trying to deal with that complexity.  I think it had sort of a physical layer, then you've got these ‑‑ the technology layer, then the ‑‑ and social at the very top. I have a concern that that characterization is ‑‑ can be simplified. Let me put it in positive terms.

     The physical layer and this like ‑‑ this traditional software layer is I think is no longer valid. Why? Because of the emergence of the virtualization of hardware. So the difference in hardware and software, I think, is no more. I don't think we can tell. When you can simulate hardware and software because the computers are so fast, then that is being exploited by those actors who are, for example, moving piracy to the Cloud, and they build infrastructures which are all virtual in the Cloud which simulate hardware and then simulate the software on top of that.

     So instead of characterizing as "physical," what I would suggest is characterization as "electrical power" or "power" is at the bottom. Because fundamentally, that is the infrastructure that if anything happens to power, it doesn't matter whether or not it's physical or software. It doesn't work. In other words, we lose power. So I think electrical power has to be ‑‑ how it is generated, how it's distributed, how resilient it is is fundamental to the argument.

     The second point I'd like to make is, in all of these domains, there is one fundamental characteristic, and that is the ability to detect the problem can cascade as fast as the problem itself occurs. And, again, electrical power is the ultimate example. Speed of light. If the electrical power grid goes down, you wouldn't be able to detect it because the rate at which it goes down, the signal to tell you that it has gone down goes at the same rate. So that's why I think the bottom really shouldn't be characterized as hardware. It really should be power. I think that's absolutely fundamental to the argument.

     Also fundamental to the argument is the issue to do with complexity. And that's why I'm fundamentally of the view that we need to not divide and conquer this ‑‑ try using traditional strategies of divide and conquer this very complex problem into even smaller fragments, which we then throw math at it and see if it works. The reason why I don't think that works in this case is because there is the social and human element to it, which is entirely unpredictable.

     Let me use an analogy. Yesterday in Sula, as you know, we had this session on the compu‑catcher. And these virtual games, which are ‑‑ multimillion people play are bigger than some state actors. And what they're trying to do now in some instances is model disease and how the end game players respond to the spread of disease. Some people go and help other players; some people stay away. It's very difficult to model social behavior mathematically. It has to be done in situ.

     And so instead of looking at a hierarchy, you have to look at it in some sense of cycle. And I think the one suggestion that I raised yesterday at the trade and virtual goods, because I think ultimately, we have to frame the issue not in terms of threats, but in terms of opportunities. We actually have a balanced argument, and that's why the trade discussion of virtual goods on the Internet I believe is very important. Why? Because I think the strategy now is no longer divide and conquer. As I mentioned yesterday afternoon, I think the strategy that we need to adopt to solve this issue is really connect and liberate.

     If I was to summarize, again, what I believe the Internet is all about, what we've been doing the last 20 years is not divide and conquer. That's the last 200 years. If the last 200 years of trade was characterized by war over physical resources and trade in physical goods, as I said yesterday, will the next 200 years be characterized by war over virtual goods ‑‑ virtual resources and trade over virtual goods?

     So if we look at it in terms of trade and in terms of trying to provide a positive angle instead of a very defensive angle, I think the discussion can be more balanced. Because I think the defensive angle is, in some sense, even if you solved it, what do you gain?

     Let's sort of discuss on his comment if we agree.

     Is it comment?

     >>AUDIENCE: Yeah.

     >>KILNAM CHON: Okay. Go ahead.

     I actually was going to say something very similar, but Peter beat me to it. But something occurred to me that one way to tackle this would be to use the formal systems thinking approach, thereby looking at complex systems in a totality rather than in a ‑‑ I don't know what people think about that, if they know the systems thinking approach. It's very difficult to do, but then this is a very large and complex problem.

     Nazli, are you still there? Do you want to make a comment?

     We all make decisions on how we cut into intersections between two different domains; that is, the natural politics and the structure of the Internet. On the matter of people and value and so forth, we put this under the people element of the fabric of being under the Internet, the specific part of the framework. But, in fact, remember there are some physical features that we can't ignore that may be reduced to energy inputs and advanced formation, but they have legally some physical properties: Undersea cables, for example; or alternatively, the physical devices, like cellular phones that you actually hold in your hand. So somewhere along the line, we have to go back to what the chairman, Professor Chon, mentioned at the very beginning about how we think about the physical properties or traditional properties and the cyber properties.

     What I would like to argue is that, given the present technology at this point in time, it is almost impossible to avoid physical representations and physical references, and I would use undersea cables as an example.

     And then to conclude, I would say that we all know that all human activity involves energy and the deployment of energy. But this is not an energy conference or an energy working group. So we have to factor in how we incorporate the basics of human interaction into the subject matter for this ‑‑ I was going to say this evening, but I really mean this morning for you.

     Thank you.

     In the last video that we saw from this cyberspace dialogue conference, it's very clear that we have strong government interests and economic interests that are aligned in a way which may not be conducive to actually most other economic interests and our social goals. And so I guess in the general political framework of the world, we have been dealing with that conflict already for a long time.

     The basic problem formulation is quite simple, and so now is the problem: How do we deal with this again? But we have dealt with it before.

     And this is also why I don't think that you really need to overcomplexify, basically.

     One thing I would like to comment from the speakers and also from the videos, I think it is obvious that governing Internet means exercising control, influence and technology. And all of that related to power.

     And when we talk about power, like Lord Acton says that power tends to corrupt, and absolute power corrupts absolutely. So it means that everyone or every actor who has power in governing Internet has the potential to abuse it. Either it's from the government or private sectors or other stakeholders. So the bigger power one actor has, the bigger potential that actor abuse it. So, therefore, it is essential to, you know, limit or make boundaries of the power, all the actors, and set guidance for them.

     Therefore, I think it should be ‑‑ should be ‑‑ there should be a checks and balance mechanism among the actors. Like the videos inform us, government has strong power to abuse the capacity of the Internet and technology to violate human rights. But we also have problems with big data where many of the big data are in business sector.

     Thank you.

     No, I agree with you. I think you're quite right; with power comes also responsibilities. And I think that we're seeing some ‑‑ some developments that are essentially in the wrong direction, and we see some things that are good. And it's important now, as we go along, to continue to work for the good, of course.

     I think our ‑‑ our work with establishing a link between the human rights framework and the Internet is essential. It's important.

     Will that mean that no more human rights violations will take place online? No, it will not. But it will give us a normative framework to continue the discussions from. And that's really important.

     We see now from the summer's revelations regarding privacy that there is an absolute need to deepen the discussions on how to protect the right of privacy, of course. And in that work, we need to rest on the international normative framework that we have.

     And I agree with Amelia: Don't make things more complicated than they are. I'm not a technician. I'm a lawyer. So, to me, this is very complicated anyway. But what I do know is that the rules that we have in the real space could, I think, apply also in cyberspace. And that goes for the right of privacy as well. What we need to understand ‑‑ we need to do two things. We need to understand the specific challenges that the technology poses. But that doesn't mean we need to change the core of the right. It remains the same. The limits remains the same. The right remains the same. So that's one thing.

     And secondly, we must make the rights work in practice. And in my country, for example, law enforcement agencies must be able to tackle things such as hate speech, for example. They must be ‑‑ must get much better at that. And that's a problem we have in my country, I believe ‑‑ this is my personal opinion. I don't think there is essentially anything wrong with the legislation regarding hate speech. But there is definitely something wrong with the lack of enforcement. So I think you're quite right.

     What we see is a grab for power and the misuse of power, and that has to be limited. But I do think that we have some tools that we need to refine and try to make them work.

     So I share your angst at trying to understand all this as a lawyer. But question for you, Johan: One of the predicates of human rights and international law presupposes protection from government actors. And, you know, we're not dealing with uniformly government actors in cyberspace. For instance, torture is not torture unless it's a government actor that's torturing you. If it's a private actor, it's not torture.

     So how do we get over hurdles like that when we're trying to graft international law and human rights law from the real world into the cyber world?

     And that's the challenge, of course: How to have other actors also respect human rights standards. And I think we see some developments there as well.

     In the international arena, last year, we had for the first time ever a framework adopted by the U.N. regarding human rights and business. It was a result of a multi‑year‑long project which ended in a framework which ‑‑ in which companies are actually given, for the first time, I think, responsibility to protect human rights ‑‑ or respect ‑‑ sorry, to respect human rights. Which means that we're now looking a little bit beyond the traditional relationship between government and individual by saying that it's not reasonable to have corporations clearly violating human rights. We can, as an international community, also expect that they do not violate human rights.

     Much of this discussion is still on a voluntary basis. Corporations and companies still, to large extent, needs to commit themselves to such frameworks. And from that broad agreement, there are a couple of examples of sectoral and regional continuations. We see the Global Network Initiative, for example, which is a collaboration between companies to sign up to a standard which is based on human rights and respect for human rights in the ICT area. So the Global Network Initiative is one such initiative and one such framework where companies voluntarily commit to follow human rights standards.

     Another one is a work by the European Commission which now have now developed guidelines in a very broad consultation manner, developing guidelines based on the human framework for companies working in the ICT sector. So that's another example.

     These are quite recent, but this whole area is also developing very quickly and very fast. So we are in ‑‑ I think in early stages still, but I think we do see some development that is in the right direction.

     But I had a question for actually, Alejandro Pisanty if he's still with us.

     Is he? Alejandro, are you still here?

     There is diffuse microphone noise.

     Because one of the things that has come up also in other panels where I have been is actually the intersection between technological standards and policy goals. And I know that Alejandro has been working a lot with the IETF and other technological standard organizations.

     There is an emerging debate on how also governments are tampering with standardization processes. That means that they're codifying into the very technological framework that we have to use for some social or economical purpose, perhaps insecurities, vulnerabilities, back doors, other elements that create inherent distrust for the technologies that we then have to use in order to conduct economic activities. And so ‑‑ but how do you set up a functioning interaction, then, between more worthwhile goals, like the respect for human rights and these technical standard organizations?

     Because I think one of the questions that we face in ‑‑ in particularly Europe is that we have laws for human rights also on the Internet for the right to privacy and confidential communications, but we find that they're not often implemented in the technical layer. And so it becomes only a kind of legal construct that everyone agrees is good, but the dialogue with the technical implementers isn't sufficiently strong. And that becomes a problem, because then even when you have the moral and ethical leadership and the political leadership that you need, it ends up being ineffective, and I see it as a great challenge to overcome that.

     I think that these are very important points. I think maybe not everybody in the room knows that Amelia is a brilliant mathematician who understands this technical stuff in depth as well.

     Yes, there is an ethical and power issue in technical center organization. You must remember that the standards are not the technologies themselves. The standards developed in an organization cannot create the technology. That is created by inventors in companies and universities, small labs. The standards, of course, have an ethical resonance. And what I can say briefly is that significant technical standardization organizations have ethical codes, like the IEEE or the IETF. There is a mandate in the IETF for many years now of not creating a ‑‑ not standardizing a technology in order to facilitate surveillance. And what they are doing now ‑‑ I am going to use this only as an example ‑‑ is to go look at the specific threat model. When you do these technical things, you have to start with a threat model. Who is attacking whom? What is the attack for? What is the objective? What is the information asset, for example, that the attacker wants? And the most important model that they are working on right now is called Pervasive Passive Surveillance. That means someone who is not doing something to your equipment, but is somewhere on the Net getting information from you. And the discussions are very detailed, because you now have to look at things like pictographic key management and stuff like that, which is very sophisticated.

     Also, because it has been worked upon already, it is our ‑‑ mostly at the asset of improvement. When governments take these international standards and develop a national standard, they are usually doing this for a good reason, which is that they cannot, for example, make a public purchasing; let's say, go and buy 10,000 computers or 10,000 licenses for software, based on a foreign standard which is not under their control. So they bring it into the national area.

     But then, of course, it can be fiddled with to order, for example, the possibility that the equipment that we buy complies with the international standard X, Y and Z, but also complies with a national standard that allows the police or the intelligence services to listen in to conversations. And you enter a very difficult area where you don't know whether this surveillance or this wiretapping will be legal in all cases. The technology proceeds for both the good and the bad.

     So these are the kind of dilemmas that come with this technical standardization for preventing illegal surveillance.

     I think, coming to the broader discussion, that regulating surveillance is a fool's errand, a very hopeless enterprise. You can regulate espionage as much as you want, but let's just think of ‑‑ you know, instead of getting very confused in general, let's just think of wiretapping against elephants ‑‑

     There is a telephone governance regime, which is the ITU, and what you do get? You have wiretapping on all telephone systems in the world.

     Adiel, would you like to make the last comment?

     I just want to ‑‑ I wanted to respond to Amelia about the standard, the standardization and the utilization of the standard by a company who operates on a very specific legislation or legal framework which makes the problem even harder, because then, there is that ‑‑ European Union can have a rule, but that rule is not global enough to be applied to a company from the U.S., for instance, which makes the problem a little bit more complex.

     Another complexity that I think, and as engineers, we tend to like to simplify, but its end users. As end users who are using technology at a different level, we also sometimes involuntarily infringe some of those privacy ‑‑ or have some issue with privacy or managing privacy, private information that we have that we caught maybe voluntary or involuntarily. How do we deal with that, with more and more decentralization of power of computers and the ability of everybody to capture, to manage, to process more and more powerful information? That is also something important.

     To finish, I think the multi‑stakeholder notion has to come back into this, because to be able to deal and see things from different perspectives is very important to make sure of the fine mechanism which will brought ‑‑ will bring around the table stakeholders from different perspectives to be able to exercise the check and balance within the multi‑stakeholder environment and to be able to share the collective responsibility for making this work. Because if the responsibility is not collective, it will be very, very, very, very hard to just simply find the issue and think it is just one side of that way.

     First, information. You can find more information on cyberspace and cyberspace governance at cybercomments.net. You can find many of those information.

     Also, if you have any further comments, please send it to me. My e‑mail address is [email protected]

     Yeah.

     >> AUDIENCE: Translation skill in for this ‑‑ thank you.

     >> KILNAM CHON: Thank you.

     We are wondering if we should continue this workshop next year? Also, we are discussing probably may focus also on the human rights workshop or globalization of Internet. So your comments would be appreciated.

     Additionally, I have to write a report.

     Okay. Thank you for staying up very late, Alejandro and Nazli it is 10:30 in the evening for them.

     Thank you for coming.

(Session ended 10:30 a.m.)


********
This text is being provided in a rough draft format. Communication Access Realtime Translation (CART) is provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings.