IGF 2019 – Day 1 – Raum V – Safety/Security Introductory Session

The following are the outputs of the real-time captioning taken during the Fourteenth Annual Meeting of the Internet Governance Forum (IGF) in Berlin, Germany, from 25 to 29 November 2019. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 



>> RAJESH CHHARIA:  Good morning, we're starting this session, the Safety, Security, and Stability. As we know about internet media, fuel the country, especially the country that I belong to, India, we're really fast growing. And the way we are growing and especially looking at the 65% of our population is the rural population, a lot of about the security. And the same with underdeveloped countries, they are developing to the internet. They are developing. But they're facing a lot of challenge. Today, we're going to discuss about the issue and especially for this, I am inviting from Australia, cyber ambassador, Mr. Tobias Feakin for the keynote address on this subject. Please?

[ Applause ]

>> TOBIAS FEAKIN: Good morning. Thank you. It's great to see you this morning. It's a pleasure to be here at the IGF and have the chance to open up this stream that you all are taking part of today. And I must say thank you to the multi-stakeholder advisory group who decided to invite me, a real privilege to be chosen and be allowed to open up this track, a track of work that I spend an enormous amount of time on, I guess, unfortunately. In some ways, the Australian government views cyber security as a fantastic enabler for the things we want to achieve in the on-line environment whether they be development goals or economic growth, we believe sound cyber security practice and security practice in general will enhance the objectives. But we're mindful there are big changes that are going on in the world, which are important to talk about and important to engage with such a wide group as we have here today.

So, I'm the Ambassador of Cyber Affairs in Australia. This is a privilege that I was given this position as inaugural Ambassador of Cyber Affairs. We try to look the economy but try to face cybercrime, state-on-state international security activity and try to address those in order that we don't lose out on all of the benefits of the on-line environment that we know and love.

It's been summarized that my role really is as simple as trying to ensure that we keep all of the benefits that we enjoy in the on-line environment whilst negating the risks that we face as well. And what is Australia looking for? We're looking for an on-line environment that's free, secure, very simple words to say but hard words to deliver upon. But we try to do that through something called an international cyber engagement strategy, something we tried to be as a government is as transparent and forward-leaning as possible in terms of what policy and ideas we'll put out to the public domain to the international sphere. So if you're interested enough or tapping away on your on-line searches in the course of the day, please have a look at our website and tap in international cyber policy, Australia, and you'll find all sorts of documents you put out there that I think may cast one of the most transparent countries in the world in terms of what we're willing to say in this important area of work.

We place this position and the work we do at the heart of multi-stakeholderism. So, we ensure the kind of policies we take are tried and tested with broader communities than just a government thought box. We try to ensure that we are reaching out to the broader cross section of society, civil society, private sector, and a number of entities. I see in this room, including IGF that we work with very closely to make sure we're as connected as possible and pulling in as many different views in the way we approach cyber space.

I think one thing over the three years of doing this job is once we thought at a cyber-related issues were vital and growing in importance strategically in the international environment in 2016-2017 when this position was formed, now we're seeing cyber-related and technology-related issues at the heart of geopolitics in a way that, to be Frank, couldn't even myself have imagined back in 2017 when I began on this job. That's a huge burden of responsibility in the way the states are looking at this issue. But it also places, I think, a huge burden on all of us to try to think about creative solutions to what we see happening in the technology environment.

So, I'll be really thrilled to hear what kind of issues we've spoken about in the course of the day and some of the ideas and concepts or challenges for government that you think we should be listening to and understanding in this important area.

And we're totally cognizant of the opportunities that exist in cyber space and the fact that really the on-line environment and the way it's developed has been an enormous enabler of democratization, freedom of speech, and economic growth. We think those are great things to celebrate.

This year in Australia, we celebrated the 30th anniversary of the internet in our own country and with the positive things we think the internet brings to our society.

But, we are not averse to understanding that there is a dark side now that's growing. The dark side is the increasing authoritarianism that's encroaching on the on-line environment. Once upon a time, the transparency that the internet provided was really a challenge to authoritarian regimes who saw it as a particular threat to their existence. And there's all sorts of interesting historical examples if you go back over the last 30 years where this is the case.

What happened is those authoritarian states have identified this is an issue and are now trying to exploit that openness, that transparency, and democratization of information, education, and the further bonuses that we have in the on-line environment and use it back against us. That concerns the Australian government and the broader international community. You heard it in many of the keynote speeches yesterday the concerns that are shared by all of us in terms of what the on-line environment is morphing towards.

And we've seen authoritarian states are willing to utilize the on-line environment as a weapon to level the playing field against democracies. And we think that's something that's worth challenging. The defining quality of the democracy is the ability to utilize the ballot box, to ensure you pass judgment on your leaders and change your government peacefully through that process. But, you know, we've observed numerous cases now where we see those democratic processes being interfered with in the on-line world, equally we see increasing instances of human rights abuses on-line. And we also see increasing cases of intellectual property death and we think these kinds of incidents are not something we all blindly accept and not go without challenge.

And all of these are being increasingly enabled by cyber space. And they demonstrate this this opened that we're used to inherent to healthy democratic systems and free market economies are coming under challenge and being received as a key vulnerability.

But how do we increase that cooperation so we can challenge what's going on in the current environment? Well, we are in a period of transformational change in the digital space. And new and emerging technologies now are transcending borders in a way that's unprecedented in terms of its being reached and capability.

We're increasingly reliant on technologies, I look at a whole range of digital technologies maturing in a reasonably similar rate and the combination effect of whether it be AI, quantum computing, a whole range of other technologies, they're maturing rapidly and it presents a challenge for government to understand how we keep up with that and ensure we're acting as an enabling mechanism rather than a hindrance of the technologies enabling societies.

But it also challenges it in terms of how we operate with especially large private sector entities to try to keep up with the technological developments, the policy developments that were going on within the private sector itself. Google, Facebook, AliBaba, they've grown in an unprecedented size and scale in a short space of time. That kind of rapid evolution of change, to be Frank, those inside government, we find it challenging because we're perceived as a slowly moving beast when it comes to technology. This presents us with challenges in terms of the way we incorporate and engage with the private sector. You see it play out consistently in the international environment in the way that governments are addressing some of the issues with large multinational companies.

Major tech firms in our foreign policy plays in. There's no getting away from that. The size, the reach, the influence they have, they genuinely effect change in enormously significant ways which I don't need to explain to a well-versed audience like yourselves because you're all dealing with the issues and read about them constantly in the work that you do.

Some companies are really willing to engage and have this conversation with governments and civil society. Some aren't. And to be honest, it's the disparity of approach that's incredibly challenging with how we take this forward. Why was it unique. We brought together 20 of these kinds of positions around the world and engaged with senior levels of some of the major tech players in Silicon Valley. A small initiative but one we think will have more potency in the years to come in order to get on a similar kind of playing field when we think about poll around technology. As governments, we need to become more flexible, adaptable, and proactive in the way we deal with technology and equip ourselves in being able to make policy.

As I began my talk, I'll begin wrapping up around the idea of technology as a core aspect of geopolitics, which has already been a key theme of the IGF and gives genuinely the IGF, I think, increased fodder for engagement with our multi-stakeholder community. Because, you know, if we said in terms of the development of cyber space and the associated technologies that was predominantly in the hands of academia, the private sector, and others, this is certainly going to be the case in the whole range of technological developments -- we're addressing in the international environment.

We're talking about issues like 5G, a global phenomenon. We in Australia are used to talking about 5G, we made decisions early on in the piece compared to many countries around the world. We were the first country to take major decisions on 5G. But the importance of that decision is more setting a benchmark for a whole new range of technological developments that are coming on stream and the way as we as governments view these as a core part of our infrastructure and policy making cycles. So, for us, it's not so much we focused on 5G, but more what it presents as a precedent for thinking about technology issues. What is it that you want as a nation from your technology posture. What is it you want to gain? What are the kind of values that you think are important for technological developments to imbue and absorb in the years to come. I think that's a really important discussion to have in the room today about values and principles of technological development because your voice is incredibly important in what's coming down the track.

So, how governments around the world are going to take these challenges on and tackle these issues, I think, is going to shape our societies, our economies, and our national security agendas over the next 20 years. And it's one of the few areas, I think, in policy where you can really directly affect the way government is thinking. You should challenge us. You should present us with questions and engage with us with what you think is important in this regard.

And ultimately, it's only by acting together as a community that we'll be able to shape the kinds of technology futures that we all want in this room. We as government will have certain interests, but also civil society, you will have other different interests. And it's only through balancing these and ensuring that we're all equipped with that understanding that we'll be able to shape the technology environment of the future we all want.

And ensure that the security of all of us in our societies is at the heart of that. So, thank you very much for letting me take up a bit of your time this morning. Really pleased to be here this morning. And I look forward to hearing all about the discussions that you've had over the course of the day, thank you.

[ Applause ]

>> RAJESH CHHARIA: Thank you for such a nice keynote about a very important concept. Yesterday only we were told by 2020 our data will be 40 -- a lot of data, a lot of responsibilities, and a lot of issues. I was able to jot out the policies that the government is to make, friendly policies, not hardcore policies. To open this, issues, privacy, but before that, we have to take the self-responsibility on the subject. Because we are taking the security in a very light manner that it may not harm us, but it will harm to everyone.

And now, the -- the session -- no session is properly completed. So, if you have any questions to please introduce yourself and ask the question to our cyber ambassador, Mr. Feakin?

>> MODERATOR: I just wanted to explain how the session will work. I'm Sylvia Cadena. I'm a MAG member. He gave our keynote address. You have a bit of time to ask him questions. I'm not sure if you have to leave or if you can stay with us for the rest of the session, if you have to leave, it's fine. We have you for a few minutes for questions. And after, we're going break to six groups that are going to work through some themes on this track that is going to cover the conferences for the rest of the -- of the week. And we have among us, the facilitators for those sub themes. And then we'll have a few minutes to introduce themselves and what are the areas that are going to cover under those sub themes and then we'll break out in discussions.

If you look at your shares of your schedule app or -- how you want to pronounce it, there's a secure code on that screen. You can click on it, use your phones or your devices and get a spread sheet that we're putting together with the pictures of your sessions. If there are session organizers under the track, and we are collecting the messages from this track, the Safety Security Stability and Resilience track that will cover the rest of the week in a report about what you discussed during the week.

So that's the -- that's the name of the discussion. So, I have the roaming mics. I will be around for people who are nice, great, and brave to open the discussions so we can warm up. Please raise your hands. I will walk around.

>> AUDIENCE MEMBER: Hello. Thank you for your comments. Greg Channing (phonetic) from Carnegie-Mellon. Can you speak to how you think about sovereignty in cyber space, in cyber security, in the decisions that, you know, you as a government are trying to make around sovereignty issues? You know, we have interesting conversations going on around ICANN, kind of a non- governmental, non-state actor that has a huge influence?

>> TOBIAS FEAKIN: Thanks very much. That's a good question. The whole issue of cyber sovereignty is one of the core discussions that we get into, especially in the multilateral arena. There are all states that will say cyber space is something we should be able to imprint borders from cyber space. Our position is different than that. We at the heart of Australian policy, we don't think cyber space does have specific borders. We believe in the principles of free-flow of data, the rights of the individual on-line , all of these sorts of principles that we think are important for the kind of cyber space ecosystem that has allowed us to be where we are. The more we begin imposing strict principles, the less innovative we'll be, the less able to ensure that this incredible technological function that enables our global communications and markets that flow, the more we begin to lock it down and shut it down and impose the kind of border restrictions, the less beneficial it's going be for all of us.

However, we are mindful of the fact, and it's important to say that, you know, we are dealing with an internet environment, which is fundamentally different from what we knew in Australia 30 years ago when it was first introduced. I wish I had the figures at hand how many users we had when the internet first switched on. When they turned the engine on in Australia, I imagine we'd be talking tens of thousands of users and now talking about 90% of our population plus being connected and that's somewhere in the region of 22 million users. That means that there's a very different environment that we're dealing with. So, we're cognizant of the fact that in certain areas of legal practice, we do need to be able to enforce legal jurisdiction. So, I don't think any of us should be arguing about the ability to convict cyber criminals, whatever the particular criminal act. We want to be able to convict those individuals.

So, that means that we have to be thinking about the application of cyber space. We think that's an important process to go through. We don't think there should be an incredibly wide ranging raft of new, especially in the international arena, new legal practice that needs to be drafted. It's more about how do we apply existing law in the on-line environment so it's respected.

Again, I think that's the challenge we as a -- as governments were wherever you sit in the world is that the way we talk about the internet is often, I think, based on the assumptions of when it was built. And it's -- and we're talking about so many billions of users now compared to where we were when we began 30 plus years ago. So, we still want to embody all of the principles and do of open, free, secure, we don't want there to be restrictive borders in cyber space, which some countries most definitely do. But we're also cognizant of the certain aspects of legal practice that need to be easier to apply in the on-line environment as offline. And I think it's most clearly in the criminal space that we think that's a really important discussion that's challenging us all.

How do you maintain the kind of core ethos as far as possible the way the internet was set up and run, but applying it in a modern context where it's a very different beast in the way it's used; and it was fascinating hearing Tim Berners-Lee yesterday talking about that journey that he's seen the internet and his own personal journey what he's seen changed fundamentally, that's one of the biggest challenges we have in government and how do we as liberal democracies ensure that we do that in the right way. The whole era of change in the tech policy is troubling. In Australia, we introduced legislation applicable to the tech industry and you get to all conversations about how to apply that law in the jurisdiction outside of your shores so it becomes difficult. So, in many ways, it's about setting legislation that creates principles around which you want the tech industry to engage with you as a government. I restate it's making sure those are based in liberal democratic principles and values. And we ensure that that's the case in the Australian setting.

But there is no doubting that the issue of cyber sovereignty, I don't know how many of you are completely aware of what's going on in the UN, the United Nations, we've been through a process of having the groups called U.N. government groups of experts, I see you nodding heads, that's reassuring who agreed 2013, international law applies including the entirety of the U.N. charter and in 2013 agree there had were 11 norms of behavior that apply in cyber space. We put it in some of our policy documents, one of the few governments that has entrenched it in our policy. But the issue of cyber policy is a consistent thing to conversation and challenge to the way we think the international system should work. Really good question. Thank you.

>> AUDIENCE MEMBER: I'm Andrea, I'm from India. There have been reports of governments such as yours asking tech companies for certain access to information, which is rightly so in certain cases like -- but how to draw the balance between how much access you should have as a sovereign one should have and how much would affect the basic human rights or anyone's privacy? How do you strike the balance? Because there's also a question of having too much access.

>> TOBIAS FEAKIN: It's a good question. I'm pleased to have that conversation with you. There's many countries you would not be able to have that conversation and you wouldn't be able to challenge policies that the government came out with. In terms of the legislation that you're talking about, absolutely. Like, fundamental human rights principles are at the core of, you know, when we make these kinds of legislative decisions. And in terms of the legislation you're refer to, it got a lot of misrepresentation in the press.

Once you read into the detail of it, I think it would allay 99% of the kinds of fears that have been portray in the media. So, for us, well, what does that legislation mean? Well, it's saying to the tech industry, there are in certain cases with appropriate judicial oversight, there are certain cases where we would want to have the legal right to look at content. And if you are trying to apply areas of your own criminal law in the on-line environment, we don't think that's incredibly unreasonable.

We are, as it's being represent in the media, we are not looking for companies to build back doors to their technology. Because one thing, and, again, it should be quite clear and maybe we don't make this point clearly enough, if for whatever reason, a country broke encryption, we'd be doing ourselves out of our own economy, out of our own ability to function, because as governments, we function on the backbone of good robust encryption. So, we're not looking to do that.

And we understand that, you know, as citizen, everything we do has enabled fire encrypted services, I wouldn't be able to enjoy the wonderful things I do on my phone if I didn't have an encrypted services to be able to do all of those things through. So, that's where we start from. And it's just saying with proper legal oversight, legal jurisdiction, we want to be able to look at certain content in certain legal cases. And I think it's targeted, it's about proportionality. And it's ensuring that, yes, we don't -- that those kinds of pieces of legislation are never misused. I think what we've seen as well in the tech industry is coming up with innovative ways they can deal with that legislation and in some ways it's led to innovation, pieces of innovation in the tech space which is superb.

It still allows the customer bases to have every ounce of confidence in what they're doing in the level of encrypted services they expect or have the right to expect while still being able to, being able to actually in certain legal cases allow access in a specific way. You know, there are other countries where that is not the case. And, you know, and I think that there is a very definitive difference in terms of what it is.

But, I think no one should think for a second in a country like Australia, we don't take those kinds of decisions incredibly in a really considered manner and with true consideration of, you know, the impacts and consequences of these kinds of decisions. Because as I said, as its heart, we want an internet and respective technologies which enable our societies and enhance people's security and confidence in what they're doing in the on-line space.

>> MODERATOR: I have a question. While I'm considering this question, I ask a very specific question, under the communication act has lost the confidence of the user. And what's the biggest fear. Because when used to breach the communication between the two users, then why are they are claiming that we are highly encrypted end-to-end and nobody can -- the government is asking them to share the data messages, they refuse, saying we're encrypted. But two-party software is able to breach the communication, how the confidence, how the human right and the interest.

>> TOBIAS FEAKIN: I'm not going to comment on a particular platform that doesn't directly involve Australian policy making, but I would return to the point that I think any application, whatever it is, I read the cases that you talk about, they near the media. It's for that platform to decide what do they feel their corporate social responsibility is in certain cases. I don't want to get to the specifics of how you went how it can be utilized.

If you get to a discussion like that, it's as far as the imagination can run, right? But I think the questions we should be asking companies now is, yes, we want encryption, but isn't there -- isn't there a part of corporate social responsibility for your platform to your users? And to also kind of -- to the law when it's applied in the appropriate manner?

I don't think it's a good enough response to just say we have absolutely no responsibility for what goes on on our platform, and therefore, you know, we absolve ourself of any responsibility of what goes on in this platform in terms of content wise. That's a hard stance to defend in certain cases that we see and we deal with regularly in terms of inside government.

I appreciate these are contentious issues. I'm sure I can imagine a number of people in the room cringing to what I'm saying. We're not -- unfortunately, we're not living entirely in the utopian world anymore in cyber space. We know there's a whole -- there's a whole range of kind of dark things that are coming on in this environment. And our job is to ensure that we get better and better at making good policy decisions as a community which allow the internet to function in the way that it should, and that's the game-changing enabler of modern time. We need to get this right because of everything that's about to further connect us in the coming years, which need good sound policy decisions made about them now. Because if we make bad choices, well, then, we could stifle what's going to be the most exciting periods, I think, of technological developments certainly in my lifetime if not beyond.

>> MODERATOR: Thank you.

>> MODERATOR: Last one, questions later.

>> AUDIENCE MEMBER: Thank you for engaging in the discussions. I'm Karl Edgeright. I understand how your government makes policies and how they're applied. The main thing -- I think you were trying to explain, you mentioned the reliance on the judicial system, and basically it's all governed by that, it's fair. But I think the whole balance of checks and balances is how these things work are based on basically how applicable our -- are the laws.

So, when the systems are put in place to open a liberal government of -- or a state of Australia, basically it was hard to go to at once to go to 1 million homes and knock on doors and say, okay, I need to see inside of your home. There are checks and balances, you can impose legislation and there's judicial governance there and there's oversight. But now, some of this legislation is basically enables the government to -- with judicial approval, to look into communication of 1,000 or 5,000 or a million citizens at once. And nobody is looking into that balance of power. And has the checks and balances are in place or not.

And I see government as one part of the state doing their job. But who's looking at the bigger picture?

>> TOBIAS FEAKIN: This is a real misconception of government. You're talking about someone who came outside of government in, so I've been that guy in think banks to look at national security policy, cyber policy, and tech policy for the last 20 years of my life. I've had in terms of the research and the environment I've been in with various government agencies looking at what they do, and how and why it's done.

And so now it's really interesting being inside of government and trying to ensure that we make good policy decisions, which are mindful of kind of broader interests of civil society and the private sector. Maybe that's one of the things I bring to government, the broader thinking I came up in in the environment. We need to be better to communicate this. But actually, as a liberal democratic government, we do go through those processes. And it's not that the decision inside the government to have access, you know, it is just made light, yes, you know, as the Australian government, we want to look at everyone's data in Australia, don't have the capability, don't want to do it, don't have a principles requirement of do we want to, right? I think what we get to is this very bipolar discussion of almost like government: Bad. It does everything to try to undermine the citizen. And it becomes one or two things. It's an oversimplification of what's going on.

There are various review processes going on, independent review processes of our legislation, of Australia. If you think of how fresh and new the legislative powers are, we're looking at how we can tweak them to ensure we're mindful of human rights that people and business concerns around these pieces of legislation. So, you know, I think actually that's a really healthy way of making these kinds of policy decisions. So, sorry for jumping in. It's trying to redress that. That's one of my jobs as working in government and representing Australian government to make sure that we get better at communicating that to reassure the public that they're not -- they're not being led on a merry dance by the Australian government here, not at all. There's all sorts of checks, ball lapses, measures, reviews, legal processes that have to be followed.

>> AUDIENCE MEMBER: I think you answered my question. My question was not criticizing the government, asking -- asking a representative of government, are you satisfied basically with not only the government's role in that but the whole three aspects, the parliament, the judicial, and the government basically having enough checks and balances for this? Because not Australia, but in general, any government can actually now looking at the -- when the systems were set up and have checks and balances for the whole state, correct? There are loopholes there. And I wanted to know as an Australian government representative, do you feel confident that the current system for the whole state, the checks and balances are enough. And are there systems in place basically correct like the review panels we mentioned and things like that.

>> TOBIAS FEAKIN: I'm comfortable as an Australian system and seeing inside the system how the checks and balances are. Happy to reassure anybody the public about that. And comfortable to say let's look at more reassurances and checks and balances, it's a better policy cycle than other countries where, A, you can't broach these issues, you wouldn't have an official here discussing these kinds of issues and no right to apply wholesale human rights abuses conducted in no sort of discussion in a room like this. That, to me, is a big problem.

So, what I think we need to be better as the government of Australia or anyone would take this, better at communicating what their checks and balances are. Let's be Frank, it doesn't take the news headlines or the newspaper or the on-line news outlet wants to convey. It's not as sexy, is it? There's other kinds of issues.

>> RAJESH CHHARIA: Thank you, everyone, for this session and especially the ambassador for enlightening a lot of issues and answering a lot of questions. Thank you very much.

[ Applause ]

>> RAJESH CHHARIA: I will introduce the breakout session and an all oh it was organizers of their groups may join at the desk.

>> SYLVIA CADENA: So, the facilitators of the discussions, if you guys could come to the stage for a minute so we can introduce yourselves and the topics? And then we will break into small groups. Or we see how it goes.

>> RAJESH CHHARIA: There are six groups, safety, security, technology, ethics. Yeah, yeah, they can speak for two minutes each. Well then, I would suggest that all the group leaders should speak for one minute, 1 1/2 minutes, and then they can create the group and accordingly, we can discuss.

The request? Anna Laura Martinez for the Safety.

>> ANNA LAURA MARTINEZ: I come from Brazil where I work with the internet committee in Brazil in the research center focused on indicators of internet access and usage and we cooperate with other countries of the world on how to answer that. One of our focuses is safety. We run a national representative survey on that issue linked to the global network, this is one of their research lines that we work for. And we work closely with a set of government and nongovernment actors working on this issue of on-line child safety. This is the workshop that we presented for next Thursday. So, I'm very happy to be here. And I will facilitate this breakout discussion on Safety.

>> RAJESH CHHARIA: Thank you. Now for Security, Alexander?

>> ALEXANDER ISAVNIN: I'm from Russian international society. And we're making research on how Russian legislation affects Russian internet development and also our organization makes it for free internet. Russia is not as free as we once were. And security topic. It's a difficult thing, in policy world and technical world, understanding Security is different. We're trying to connect and collect opinions on what's going on in IGF.

>> RAJESH CHHARIA: Thank you.

>> KAVEH RANJBAR: Hi, I'm Kaveh Ranjbar. I'm living in the Netherlands for the last 12 years. In my day job, I'm the regional basically industry for Europe, Middle East, and central Asia. I'm a nonvoting member of the ICANN Board and in charge of one of the root servers for basically stability and resilience. I think there are multiple challenges we have to deal with. But there are few questions, which I think are not prominent in discussions, not only in IGF, but in multiple forums. One of them is how -- can we approach this or should we approach it as a global issue or should it be regional. And regional should be defined are they in regions or countries. There are multiple examples which I think are in the breakout session s eel get to. Resilience has a strong technical factor. The identifiers, it has run out in most of the world. And it will run out soon in all of the world. So, that's one of the -- the questions that is facing the whole industry. And it also has non- technical factors, including financial aspects and the organizations which are running them, their governance, the financial health, and all of that. And I think there's a lot of questions to be explored in that track.

>> RAJESH CHHARIA: We looked at the last report.

>> KAVEH RANJBAR: Yes, which ended for Europe and central Asia, it is no more.

>> RAJESH CHHARIA: You're the first --

>> KAVEH RANJBAR: Yes, it's run out.

>> RAJESH CHHARIA: Yes, thank you. For technology, Peter?

>> PETER KOCH: My day job is working as a senior policy advisor for DENIC which is a country in Germany and I'm the chairman of the board for the Germany chapter. I have a strong technical background being active in the numerous and RIPE and IGF and also more recently in ICANN.

As the top-level domain registry, we're concerned with a lot of things, the uniqueness of the identifier system, keeping the identifier system out of discussions about content control, and on the broader scale, the issue is that we can address in some of the workshops and the breakout sessions this, is concentration and consolidation, and potential consequences for the regulatory aspects of certain things. And, of course, the overall stability of the -- of the internet identifier system. Thank you.

>> RAJESH CHHARIA: Thank you, Peter. For Internet ethics, Amrita from India.

>> AMRITA CHOUDHURY: Good morning. I'm based out of India. I run a civil society organization called CCUI. We work primarily on internet policy issues, specifically looking at end users. And a bit more of capacity building in terms of engaging more communities in to discussion s, discussing issues how technology is affecting users, and, so, internet ethics, which Sylvia had gotten in touch with me for the breakout session is something of interest, because with internet actually coming in to our lives, we also need to see that, you know, we have issues of misinformation, fake news, etc.

It's a global phenomenon. And we need to see who is response -- responsible. It cannot be just the government or technology companies, but it has to be the policies that are being framed may not be applicable at all times, sometimes there are concerns of stifling human rights where these issues need to be addressed.

Similarly, there are questions if you look at the various proposed workshops in the internet ethics, which are in IG at this time also for workshops, there are discussions on whether the ethics aspect needs to be looked at, or is it just in the content layer. And then there are discussions on the role of governments. Are there any best practices available which others could look at? Self-regulation here. So these are certain things that I'm interested to understand that from my organization, we're doing a study on trying to understand whether the perspective whether digital literacy or awareness has helped our digital illiteracy makes people more vulnerable to misinformation, especially in India we had last year around 21 cases of lynching -- death by lynching, which and the messages were shared through a messaging platform. Not necessarily the messaging platform is to be blamed but the information went viral very soon. And so these are certain things which we need to find at least not just a solution, but some ways to address.

>> RAJESH CHHARIA: An important subject being discussed is a human right. I'll address Christopher -- sorry, Charlotte.

>> CHARLOTTE ALTENHONER: Yes, good morning. I'm here with the council of Europe, the European's leading human rights organization where I had a small internet governance unit. The council of Europe has for decades setting standards and helping the 47 member states to hard wire human right safeguards to the decisions they take and they implement with respect to the on-line space. What does this mean? It means for the council of Europe that we bring in the rule of law into what we do when we work with regard to the on-line space. All interferences with human rights, whether this means freedom of expression, privacy, or other rights, must be based on law. Open law, accessible laws, that are approved through democratically -- democratic processes. They must be legitimate, and they must be proportionate.

This must be put in place as well. And we have oversight through courts. This was already discussed today.

What that means in the individual cases, of course, often quite problematic. We have four work sessions under this working group with the sub theme "Human Rights" at the IGF this year. Two relate to illegal content on-line, one specifically on hate speech and one a little broader on illegal content including hate speech.

We have one session that relates to misinformation and suitable governance mechanisms for that. And then one that looks at the shadow market of medical products on-line and how more safety standards for consumers can be incorporated there. So, I look forward to the discussion and good luck at the IGF.

>> RAJESH CHHARIA: Thank you. Now, for the half an hour for the breakout?

>> SYLVIA CADENA: I was going to ask to check with the room, who are session organizers? Okay, only three.

So, the idea was to break into groups to show case your session s and discuss the sub themes of the safety, security, resilience and stability track. And there's a section at the end for the show case of the sessions. There are three organizers here, it's safe to say we have more time for the breakout discussions. So now it depends on how you -- how this room can -- we can move around and have each one of the facilitators sitting in different tables and then you can walk around and the Google document that is on the QR code that I mentioned earlier, if someone from the group can please help us to take some notes because there is no transcript and no remote participation for the breakout groups, that will be really appreciated. So I think we can break -- I don't know how we want to do it, in two tables, two tables, two tables, two tables, something like that, if that will work? And we'll come back --

(Indiscernible speaker)

>> SYLVIA CADENA: Safety here and human rights. Human rights. These two tables. And Kaveh Ranjbar with stability here. Amrita here with internet ethics. Alexander here with security. And then industry, technology, and trade here with Peter.

(Breakout discussions)

(Breakout discussions continue)

(Breakout discussions continue)

>> RAJESH CHHARIA: Can I request all of the group leaders to wrap up the session and come for giving their paper. Is

>> RAJESH CHHARIA: Please, the group leaders?

>> RAJESH CHHARIA: Okay. We're starting -- resuming the session again. And this time I will request -- I'll request -- no, no.This time I will request the human rights first so that yeah?

>> CHARLOTTE ALTENHONER: Human rights first. I like that very much. We had an interesting discussion in our group. We discussed mainly the difficulty to put human rights first into practice, really. We -- we discussed the difficulty of having clear loss and clear policy objectives and also good intentions often. And then the practice in terms of implementation often being very different.

We also discussed that in order to address that, what we probably need to do is bring more focus again to the end user, really, to the patient who is trying to get a medical products on-line, to children and youth who are as a matter of fact, the majority of users of the on-line space who are not really though, yet, involved in deciding themselves how we should solve the balance between their protection and their participation.

So, what we want to do is we want to make sure that we empower youth. We want to make sure that they understand what is at stake and how their own rights are going to be affected. And we want them to also be heard in parliaments and to be included in law-making and policy making approaches to see that they are better protected in the on-line space and that they participate in it actively.

We came also to the situation what happens if we cannot really work with government structures, because the government structures that we have themselves are not in compliant with human rights. And here we -- this is a field where, of course, human rights have to act not through the rule of law, but as principles. We have to work in advocacy, raising awareness, what's important. We had an example from an organization that supports media actors in Syria to work against hate speech against women in Syria. And they do a lot of raising of awareness and advocacy to promote that purpose.

And we finally, I think, concluded that in all of this, we need to, of course, work with platforms but we need to make sure that they understand that, in situation where is we have democratically elected governance and we have law enforcement structures in place, they must simply oblige platforms. For instance, to cooperate with law enforcement when it comes to child sexual abuse on-line. They cannot just delete based on terms of standards. We understand they want to work against hate speech, they want to work against child sexual abuse on-line. But it's not helped if they simply delete. They also need to cooperate with law enforcement because we need to have criminal processes afterwards.

If content is just deleted, it will reappear on another site and the victim is not going to be identified and protected. We are just seeing the situation continue. So we need better law enforcement in such situations and we need to remind platforms of their responsibilities and their international human rights principles also in countries where human rights are not enforced with the rule of law. Thank you.

>> RAJESH CHHARIA: Thank you very much. Alexander Isavnin from technology.

>> ALEXANDER ISAVNIN: I'm with security. I'm not sure we identified all possible issues which have to be addressed, but some of them were identified. One is the understanding of norms related to security in cyber space. The other one if you're talking about security and you're talking about enforcement of law, and inability to avoid justice, the easier the criminal justice response to keep the security incidental, including cooperation between the countries and institutions. And, qualification of criminal -- qualification of skill of criminal investigators in a modern world.

And another issue is engaging with platforms, not only with a huge global companies, but also with a smaller platform, including local ones.

As an issue which was stated, if there are a lack of public policies that's -- that motivates and enforces implementation of modern security technologies, which also leads to a number of vulnerabilities on the internet and the possibility of exploitation. So it's also closing the norm.

And, our colleagues from IGF said that another issue that the government people and state people does not understand what is implementable on the internet. So, in this case, the legislation may be different from what is possible in the real world.

And the last, maybe, but not the least, identify issues in their attempts to measure security or security compliance. If we're trying to have a scientific approach, we need to understand how secure are we.

Talking to different areas, different areas allows communication s between different stake holder groups. Maybe stake holder groups is wrong, but the different institutions like government, technolodge organizational investigators are the best areas for addressing these issues.

>> RAJESH CHHARIA: Now thank you, Alexander. Very important item, ethics. Internet ethics, Amrita?

>> AMRITA CHOUDHURY: There were three of us. He wears another hat from the government. So we had a mix of both. And we had Ita Bilong (phonetic) so, the expectation from IGF2019 for our group was consolidated baseline of internet ethics that can be adopted by different states and communities. What we discussed with internet ethics is broad spectrum which does not only involve individuals and societies on-line behavior but also extends to governments and business.

At the policy level, the wish list is a need for clearer definitions. For example, how do we define ethics? Are there any international standardized definitions? Similarly, for fake news, misinformation, disinformation, etc.

And, then, how -- a need for localized definitions, which are aligned to standard global definitions. That creates a lot of gap between countries, but general local sensibilities need to take into consideration.

The policy development process discussed in the group was that there is a need for inclusion. And the inclusivity should be of all stakeholders irrespective of gender, age, and young people need to be involved because they're going to be the next internet users. They are users, but they are the ones that will be bearing the brunt.

And the process should not conclude by just making the process but include monitoring mechanisms, having representation from the stakeholders who actually participate in drafting the policy process. However, when the policies are implemented, there's a need to draw a line between the policy implementation and misuse of the same powers to block freedom of speech or human rights, which is kind of seen happening globally.

Then, what we discussed was the need for on-line companies to proactively develop and share transparent public code of ethics. It's so complicated, most internet users especially from developing worlds can't understand it.

Lastly, incorporating on-line ethics, modules for different age groups and communities. For example, have them incorporated even at the educational level for children because they are the ones who are abused most. They need to know their rights and how to be a safe and more mature digital citizen. So that's about it from our group.

>> RAJESH CHHARIA: Thank you, Amrita. And now I would request Stability and Resilience.

>> KAVEH RANJBAR: We dove into two, one was the independence day and rest in peace IPP4 where we had a session lead. Few items, most technical. One was basically because of at the moment this list of V64 means low resilience, because if you look at how the network has developed, it has less adoption and at core, there are less peers and less interconnects down on IPP4 so the path that the provider has through much more limited which means less resilience.

Lack of interoperability of the two programs, although there are mechanisms but by nature, the IVV4 cannot talk to 6 or vice versa. Which means if people cannot get 4 and want to operate on 6, they will be loose connectivity to a large number of users at least today. And that has the potential of basically creating two islands. Then finally, IVV4, because it's no more, gaining value, and that high cost can hinder entrants of the new players or the expansion of the existing ones. That's the thing we can trade both resiliency and resilience.

We discussed about trade center opportunities. We had actually very interesting discussions. One was the merit of global use as the bottleneck for many types of abuse. Because if you look at DNS, it's by nature. You have one route, where ICANN has more than one internet. You want to have one route, not a fragmented root, naming space, but technically, that naming space is also distributed taken from a technical point of view also with as a tree with one root. But the whole distribution is also centralized. Technically, it doesn't need to be. But that's how it's designed. That's made DNS an easy target for many, for example, law enforcement, as an easy bottleneck. As you see something you don't like, you can easily find and because it centralized, you can go wherever you have access in the tree and take it down, which has happened in many cases.

But the question here is is that should that be or is that the right thing, doing that? And if a hacker is hacking the system, you don't cut their electricity, if you use the domain stability, should you just attack him, like disconnect or take down the domain, which would be similar to disconnecting water of electricity with someone you don't agree with. So that was one of the points. Which would be nice if we discuss in the session. The DNS protocol, we discussed data rate. The main challenge there is the change of control. Which is at the moment there's a contractual relationship between -- normally between the user and the service provider, the mobile phone provider, DSL provider, which, again reside in jurisdictions and the control of who is the named service provide, DNS provider at the moment is with the service provider.

There's a dispute, misuse of data or things like that, the end users can -- they can go on and complain about their service provider. This is taken from the service provider and now is in the application provider. So, someone is residing in India, if there's a provider basically decided as a California-based organization. And if they have a dispute, good luck with filing complaint and following judicial process from India to California from a person to a multimillion-dollar organization. And it's one of the good ones if you want to pretend.

But that's -- that would be one of the challenges. And a few other -- other stuff like that, the importance of education and the traction with law enforcement and the balance between like technologies like encryption and freedom. Some of them are more document in the file.

So, I hope they get -- they end up in the sessions. Thank you.

>> RAJESH CHHARIA: Thank you very much. Peter for the technology trade industry.

>> PETER KOCH: Yes, thank you. The topic was challenging given that we didn't have anyone who was going to attend the sessions. But we had an interesting discussion thanks to the small team. Basically two topics trying to ask these questions, what policy questions would people like to see addressed during the week? And the one suggestion that came up was after some discussion around information exchange for cyber security purposes, which is a bit out of scope for this, but that's what people are interested in, there will be going to have a multi-stakeholder discussion involving technology as policy makers, users, so on and so forth, of course, about tangible subjects around information gathering and sharing for cyber security, like discuss things in the detail as an example. Then from there, develop a general playbook how to address concrete questions and maybe have an outcome that could be in agreement or it could be that different positions are recorded and then the various sides understand or external parties actually understand what the -- what the different aspects or different positions regarding the particular questions are.

And because I've talked about concrete issues, when is this long-standing question at least in Europe that whether or not an IP address is giving identifiable information and there is, of course, we can discuss that for ages. But, in -- in this environment, getting a stance on what the -- what the different positions are and get that on records in that environment with the pros and cons and the consequences that might derive from that would be a helpful takeaway from such a policy session.

And the other one, and it's probably well within the scope of the technology and trade is the topic of cloud resiliency which definitely is, today, a policy issue. We also talked about the whole aspects of -- of data access through data localization, which we know there's a separate track for. But, from the resiliency perspective, it's policy issue and the interesting question is who is the most applicable facilitator of somebody who can stir up the discussion. And we address that or talked about a bit of the questions of diversity in the cloud sphere versus concentration that we see in the internet environment from the economic perspective.

Of course, the concentration right now is -- is probably a risk for the resiliency, because it shrinks diversity. And getting a policy approach to that rather than simply an economical driven approach would be -- would be a helpful takeaway for people. Thank you.

>> RAJESH CHARA: Thank you very much, Peter.

Now, the most important item, is the Safety. And, Ana Laura?

>> ANA LAURA MARTINEZ: Thank you. I will provide a brief overview since there are many overlapping issues with the other topics. I'm going to highlight the specific perspective to internet safeties more related to human or individual or personal safety when using the internet rather than focusing on systems. And the threat is considered criminal more than political, including things such as internet scams, cyber bullying, extortion.

I'll go over hate speech as well today. Mostly, just not a -- just to provide an example of the -- of this approach. However, I would like to highlight a few issues related to the one is the data to talk about these issues. The issues are covered by press. We need to -- we need to introduce reliable data when talking about an all of them.

This is a need to balance. Because sometimes these issues are -- but we need to rely a different reflecting on them, and fundamental policy decisions related to them.

Another thing that is important is to risk are not equal harm. And this is drawing from the perspective that we try to balance the idea of risk with coping mechanisms and mediation figures that will help the scope with whatever they face. And finally, they need to be reminded always that we need to have protection with freedom of expression especially when talking about vulnerable population. Not everything is about protection measures, but we have to guarantee the exercise of other rights such as the right of Eck presentation.

This topics and perspective will be in the sub theme of five workshops. I'll read "kids on-line, what we know and what we can do to keep them safe" we have another workshop how and why to involve perspectives of children effectively. We have some workshops focused on children this year. We're having a few of them. Internet detox. To end on-line sexism. Another workshop is tackling cyber bullying on children with digital literacy. And finally, solutions for enforcement to access data across borders. And We have a dynamic coalition on child on-line safety, how to balance children's right to play and be protected. And another forum called on-line protection and underage users.

So, this is how we -- we are going to have the opportunity to discuss these issues in the forums. Thank you.

>> RAJESH CHHARIA: Thank you, Ana. The time is over and the next program is on. I will just thank you, everyone, but I can see all of these groups are not separate. These are the integral part of the internet and this is required and they're gelling with each other. Thank you very much for your presence. And thank you very much all of the group leaders. Thank you.

[ Applause ]