Cybersecurity, Trust and Privacy
Kaleem Ahmed Usmani(Technical Community, African Group) will replace Jean-Robert Hountomey. (modified on October 5th)
IGF 2019 – Day 2 – Raum V – Advancing Cyberstability: Final Report of the Global Commission on the Stability of Cyberspace
As we connect more devices in our homes to the internet, the cyber security of these products is now as important as the physical security of our homes.
Cybersecurity, Trust and Privacy
Subtheme: Data Privacy & Protection
Subtheme: INTERNET OF THINGS
Name: Luã Fergus Cruz
Organization: Center for Technology and Society at FGV Law School
Country where Organization is based: Brazil
Stakeholder Group: Civil Society
Regional Group: Latin American and Caribbean Group (GRULAC)
2018 Best Practices on Cybersecurity
Wedneday 14th Nov, 10:10-11:40 CET, Salle XII
Co-moderators: Markus Kummer, Internet governance & policy consultant and Kaja Ciglic, Microsoft
1. Introduction by the co-moderators (5 minutes)
IGF MAIN SESSION ON CYBERSECURITY, TRUST & PRIVACY
Cybersecurity and privacy practices that can build trust and ensure growth and prosperity for all
Tuesday, 13 November, 10:00-11:20 (80 minutes), Salle I
Becky Burr. ICANN Board member.
Farzaneh Badii. Noncommercial Stakeholder Group. ICANN.
Grégory Mounier, Europol
Jac Sm Kee, APC Women
Farzaneh Badii, Georgia Institute of Technology
10 minutes - Introduction: primary use and purpose of WHOIS. Accountability on the Internet. Anonymous behavior.
30 minutes - Discussion: Use of Whois by the CERT community. How IP address operators or domain name holders are informed about a security incident affecting them? Can registration data help identify individual malicious actors? Why is important that CERTs maintain access to Whois private data? To what degree has the security community made a successful case for the collection of WHOIS data under GDPR rules? What existing or new technical means of access can be used and deployed to provide access to a limited set of accredited security actors? Who accredits the security actors?
20 minutes - Answering to questions.
10 minutes - Closing
Part 1: Lightning talks - 25 minutes
- Each speaker gives a "lighting talk" of max 2 minutes on their specific area of intervention/expertise.
Part 2: Breakaway group discussion - 20 Minutes
- Breakaway groups discussing different aspects of algorithmic transparency
- The remote participants will organise an internet breakaway group
- Someone from each group volunteers to rapporteur
Part 3: Report back from breakaway group discussions - 10 Mintes
- Rapporteurs report back and display their flip charts
- Remote participants, the internet reports back
- Some panelists take notes and document in order to create an outcome document for the event.
Part 4: Questions - 5 - 10 minutes
Wrap up with questions and interventions from audience and remote participants.
Speaker 5: Natalia Filina, Private Sector, Eastern European Group
- Setup of the topic by moderator & introduction of speakers, online moderator and rapporteur, including their background/experience - 5 min
- Short statements by each speaker reflecting the theme of the session from different perspectives - 15 min (3 min per person)
- Discussion phase where moderator is addressing one/two key questions to each speaker - 20 min (4 min per person)
- Questions from onsite and online participants are welcomed throughout the whole discussion - 15 min
- Brief conclusion and thank you note - 5 min
- Techno-utopia: neutral nature of technological tools v. their targeted (for better or worse) use. Current paradigm - the more information we have, the more ignorant we become. Data is not the new oil due to its infiniteness.
- Controlling technology or controlled by it: domain name v. FB profile. How to regain control from technology over us? Generation of prosumer communities.
- Social platforms as a profitable business: can money be balanced with morals when it comes to self-regulation?
- Impact at the society level: awareness and education for the connected and non-connected communities. Digital culture. Everyone should learn to use technologies. Create own technologies. Protect developed technologies. Generate awareness about the use of data and its importance. Is it fair to receive income for the use of your data?
- Impact at the state level: nations overtaken by technological companies in charge of data. Does it make nations dependent on businesses? Does this impact democracy? Does the abuse of social platforms by states ensures tolerating self-regulation?
- What can a country do to recover its technological sovereignty? With examples such as Estonia, could a true digital government and democracy exist in the future?
- Industry landscape and regulatory environment for platforms in China and the USA: national intermediary liability laws.
- Shortlist of possible regulators: heavyweight v. super heavyweight. Mutually exclusive or complementary?
Raman Jit Singh Chima (Access Now; speaker)
Brett Solomon (Access Now; moderator)
Antti Poikola will present the MyData model, stressing its potential for individual empowerment with regard to the control of personal data Robert Mathews will scrutinise the security challenges and frequent failures of critical infrastructures and so-called “smart” systems
Nicholas Bramble, will discuss some of Google's thinking about smart cities and sustainable urban partnerships, and then will explore Google's plans for smart cities and IoT
To stimulate a dynamic format and facilitate interactions with the participants this workshop will feature two co-moderators, Luca Belli and Jhessica Reia, that will also act as speakers.
The workshop will follow the following agenda
First segment will be moderated by Luca Belli
Mr Robert Mathews, from University of Hawaii (and former White House senior official), will open the session exploring the security challenges and frequent failures of critical infrastructures and so-called “smart” systems.
Mr Nicholas Bramble, from Google, will debate Google's recent projects with regard to smart city services and will share his perspective on the future evolutions of this field
Ms Jhessica Reia, from FGV, will discuss the main challenges related to smart city initiatives in the implementation of the New Urban Agenda over the next years.
Brief pause: 3 questions from the participants
Second segment will be moderated by Jhessica Reia
Mr Jean-Philbert Nsengimana, from Smart Africa (and former ICT minister of Rwanda), will analyse the potential of smart city services and open data utilisation for African countries in the context of the Smart Africa initiative
Ms Olga Cavalli, from the South School of Internet Governance, will analyse the challenges of smart cities and IoT with regard to Latin America.
Mr Antti Poikola, from MyData.org and the University of Helsinki, will present the MyData model, stressing its potential for individual empowerment with regard to the control of personal data.
Mr Luca Belli, from FGV, will analyse some of the challenges related to personal data regulation in the context of Smart Cities, exploring the initial findings of the project “Discrimination vs. Data Control in Brazilian Smart Cities”, run by FGV and supported by the Open Society Foundations
Wrap-up (1 min per participant)
The panelists will interrogate such questions as:
- How is the local population involved into the organization of smart city services?
- At which stage consultations are organized?
- What kind of information is shared (if any) prior to the local debates and by whom (i.e. the local government, NGOs, academics, smart city service providers)?
- How are procurement rules defined?
- How are procurements organised?
- What kind of control/governance is foreseen to manage public data and publicly owned digital infrastructure?
- What kind of measures are foreseen in order to keep the smart city infrastructures secure?
- Are personal data collected through smart city services shared with law enforcement? If so under what conditions?
- What kind of legal frameworks apply to personal as well as non-personal data collected in the context of smart city services ?
- What kind of control can individuals exert over their data?
- Are local residents’ data covered by any (intellectual) property right? If so who is the rightholder?
- What are the business models utilised to finance the development of smart city services? Are such business models clearly presented prior to the development of the services and described in openly accessible information? Can the local population express its preference for any proposed business models?
IGF 2018 WS #75 Approaches to a Wicked Problem: Stakeholders Promote Enhanced Coordination and Collaborative, Risk-Based Frameworks of Regional and National Cybersecurity Initiatives
- Barrett, Kerry-Ann; Organization of American States (government)
- Craig, Amanda Microsoft, (private)
- Dutton, Bill; Global Cyber Security Capacity Centre, University of Oxford (civil society)
- Shannon, Greg; Chief Scientist for the CERT Division at Carnegie Mellon University’s Software Engineering Institute, and Vice Chair of IEEE Internet Initiative (civil society)
- van Duren, David; GFCE (government)
- Wilches, Juan Manuel Commissioner, Comision de Regulacion de Comunicaciones, Government of Colombia (government)
- Cybersecurity Challenges Create Need for Collaborative Solutions: Importance of Multistakeholder Participation
- Why regional approaches are necessary regarding such issues as strategy development, cyber risk frameworks, CSIRT, awareness raising, cybercrime, and research
- What are the benefits of global but also regional coordination
- Why a Voluntary, Risk-Based Approach Is Optimal
- The Importance of Finding Consensus Among Global Stakeholders: International Standards and Trade and how can they be translated for other communities, such as academia, private sector, civil society, and intergovernmental initiatives
- Design Principles to “Build in Security” from the Start
- Addressing Capacity-Building Challenges: What Policies/Support Are Needed for Implementation?
- It is clear that investment remains national. Are there opportunities to improve the return on investment of cybersecurity capacity building projects to nations, such as through better coordination of systems, better metrics to access their outcomes, and improved identification and prioritisation of cybersecurity risks
- Wrap Up
Shashank Mohan, SFLC
Welcome, setting the scene and introduction of speakers (5min)
4 speakers, each will share their story for about 5min (20min)
Exchange between panel on implications of luxury to disconnect from their region (20min)
Q&A with audience (10min)
Concluding remarks from each panelist (5min)
Lucie Krahulcova, Policy Analyst, Access Now, Brussels Office
Speaker 1: Lisa Vermeer,Senior Policy Officer, Ministry of Foreign Affairs the Netherlands
Speaker 2: William Dutton [intgovforum.org], Quello Professor of Media and Information Policy in the College of Communication Arts and Sciences at MSU
Speaker 3: Claudio Cocorocchia, Acting Head of Information and Entertainment System Initiative, Global Leadership Fellow, in World Economic Forum.
Speaker 4: Leandro Ucciferri, Lawyer and Researcher, ADC
Speaker 1: Koliwe Majama, APC, Civil Society Organisation, African Group, female
Speaker 2: William Dutton, Oxford Martin School, Academia, Western European and Others Group (WEOG), Male
Speaker 3: Matthew Shears, Global Partners Digital, Civil Society, Western European and Others Group (WEOG), male
1. Speakers (conference part):
- Tonei Glavinic, Director of operations of the Dangerous Speech Project (United States of America);
- Alexandria Walden, Free expression and human rights at Google (United States of America);
- Nalaka Gunawardene is a leading commentator and analyst on social, cultural and political impacts of information and communications technologies (ICTs) in Sri Lanka (South Asia).
- Robi Chacha, Program Officer under the Safety & Dignity Program at Amnesty International (Kenya);
Moderator (conference part):
- Sasha Havlicek, CEO of the Institute for Strategic Dialogue (United-Kingdom).
2. Project founders (pitch part):
- Guillaume Buffet, Founder of the Seriously project and Vice-president of Renaissance Numérique (France). He will present the seriously platform (www.seriously.ong) : a tool and a method to pacify online discussions;
- Louis Brooke from Breakthrough Media (United-Kingdom). He will present the activities of the company. This private company works closely with the UK government and the civil society in order to co-create online campaigns and movements that address complex social challenges, including extremism;
- Cristiana Lucaci, Vice President of Group of the European Youth for Change (Romania). She will present an innovating educational program on online civic education;
- Christine Vidal, President of the association Le Bal (France). She will present the work made by her association in a classroom called “the truly identity of cats”.
Focus of this year's Open Workshop of the Dynamic Coalition on the IoT is two fold: