IGF 2021 – Day 1 – WS #130 The risks of pursuing digital autonomy

The following are the outputs of the captioning taken during an IGF virtual intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.



>> OLAF KOLKMAN: We are live.  And we have started.  So, I guess that also starts this session on Digital Autonomy.  For the people online, thank you for joining.  For the people in Katowice, nice you made the travel.  It's unfortunate that we cannot be here with you.  It is what it is.  This is what we do nowadays.  And I hope that this is going to be a nice, hybrid way of debating.  I hope it will work. 

Today we're going to talk about digital autonomy together.  It's a session that is organized by the Dutch IGF, NL IGF and ECP, which is a public‑private organization for the Information Society.  And during this talk, or during this panel discussion, we're going to look into a number of questions, questions about regulation, competition, and innovation; how regulatory and self‑regulatory frameworks can help foster more competitive internet‑related markets, a larger diversity of business models, and more innovation; how to enable equitable access to data, marketplaces, or infrastructures for fostering competition and innovation on the internet; data governance and trust, globally and locally, what is needed to ensure that existing and future national and international data governance frameworks are effective in mandating the responsible and trustworthy use of data with respect to privacy and other Human Rights.  So, those set of questions are usually framed in terms of digital autonomy, or maybe, digital sovereignty.  And we have some questions around the risk thereof.  In what way could pursuing digital autonomy lead to a splinter net and that could be a day‑to‑day risk of pursuing digital autonomy on a national or even regional level? 

So, we have a panel.  My name's Olaf Kolkman.  I am Principal at the Internet Society.  And we have a panel of a number of persons.  Gergana Petrova, External Relations Officer with RIPE NCC, with expertise in internet governance, academic engagement and internet learning.  We have Chris Buckridge, also with the RIPE NCC, on global strategic engagement with the organization's full range of stakeholders. 

We thought we would have Hanane Boujemi, but unfortunately, she couldn't make it.  She sends her apologies.  But we found Roelof Meijer, and he is in Katowice, a speaker on the topic, a Manager in the Dutch IGF and Manager of the SIDN, the organization that manages the Dutch top‑level domain. 

We also have Lousewies van der Laan, also in Katowice, an ex‑member of Parliament, ex‑ICANN board member and with Advocacy International in the Netherlands.  I think you also have a role with the Consumer Union nowadays.  I'm not 100% sure. 

>> LOUSEWIES VAN DER LAAN: That's right.  I just became Chair of the Dutch Consumer Organization, but that's very fresh information, so you're totally on the ball. 

>> OLAF KOLKMAN: Cool.  That was not even on LinkedIn yet.  And finally, we have Nadia Tjahja, and she's a PhD Fellow at UNU-CRIS and the VUB, which is I believe the University of Brussels, and she's working on the project of the contribution of global and regional multi‑stakeholder mechanisms in improving global governance.  Gremlin.  You can tell this is something in the internet field because there is a cool acronym. 

For starters, we are talking about digital autonomy, and I assume that is a term that means a lot of things to a lot of people, and potentially, all kinds of different things to different people.  So, I want to do a quick round with you all, my panelists, to understand what you think or how you define what digital autonomy is.  What will you be talking about when you talk about digital autonomy?  Let me start with Nadia and then work my way through all the panelists.  Nadia, please. 

>> NADIA TJAHJA: Thank you very much for the introduction.  I think I would like to start off with going top down, starting from digital sovereignty, which you mentioned before, which is, as you mentioned, a term in the making and you'll see throughout the IGF, also yesterday, that there have been many sessions with efforts to kind of define what it means.  But I find that the ways in which it's being used lead us to think that the world is being divided in kind of binary divisions, kind of friend/enemy, competition/cooperation, and then you have sovereignty and autonomy.  And we're doing this in a world where black‑and‑white solutions to these conflict issues aren't going to take us far, so digital sovereignty pits independence against interdependence, and operations for global communications. 

But I believe when we talk about digital sovereignty, willing to break it down to different aspects, and more importantly, where it is political narrative, and then where it really matters in our day‑to‑day functions.  So, I'd like to move swiftly away from the political narrative and look more a little bit at the day‑to‑day.  And as an NGO, as an individual what does that mean to me? 

So, when I talk to friends about digital sovereignty, many think about their data, their privacy, ownership, but also their identity, because all these things are linked to them as a person.  When you buy something online, you buy it with your or with someone else's credit card, which relates to a bank account that you can only get with your identity card or your passport.  But I'm speaking here, then, of digital autonomy, the right to make your own informed and on‑course decision.  So, if I then wanted to summarize digital sovereignty, there are many different ways it's being presented, such as cyber sovereignty or technological sovereignty or data sovereignty, but I'll take an academic stance on it and say, the concept that is state‑centric and then digital autonomy, which is the right to make your own informed on‑course decision, which is more about you as an individual.  And then I question the future and then look at your own self‑sovereignty identity.  And I think, for now, I'll leave it here. 

>> OLAF KOLKMAN: Thank you.  That's already an insightful way to split things up.  But Chris, maybe you want to share your idea about this. 

>> CHRIS BUCKRIDGE: Sure, okay.  Thank you, Olaf.  Thank you, Nadia.  Thank you, everyone.  It's really nice to be here.  Sorry I can't be there in person.  I really like the title of this session, and I think I'm sort of edging on to Nadia's territory here when I sort of point out that digital sovereignty seems to be the term used more often and used very regularly in a lot of the sessions planned for this IGF.  And that makes sense.  I mean, that's the term that the EU institutions have been using, and it does refer very much to sort of state frameworks, law, legal frameworks, et cetera. 

I think it's really important and really useful to sort of bring it back to the idea of autonomy, which is a much, much less sort of state‑based idea.  It's an idea that's really baked into the idea of the internet itself from very early on.  So, I mean, we have that sense of the internet is a network of networks, and what you do with your network, what the rules are in your own network is up to you.  That's an autonomous system.  But then that needs to be balanced with the need to interconnect, to be interoperable with the rest of the internet to gain the value of that global network. 

So, I think in that sense, the technical principles help us to sort of understand that autonomy, itself, is not necessarily in conflict with that idea of a global network, a global internet.  Where we do see the tension start to rise is when you do start talking about sovereignty.  It's where you start to see that tension between national legal frameworks in the very traditional sense and the global interoperable network.  By talking about autonomy, maybe we mitigate the need to take that step to using legal frameworks, using national laws and nation states by creating autonomy in technical ways, in social ways, in ways that allow more easily for that global interconnectivity.  So, I'll leave it there.  I think that's probably the general thrust of my discussion today. 

>> OLAF KOLKMAN: Thank you, Chris.  Over to Katowice, to the room.  Roelof, do you want to share your thoughts on what you see as being digital autonomy and perhaps digital sovereignty? 

>> ROELOF MEIJER: Yeah, I think I'll avoid presenting what I wish it meant, so I'll just try to give some clarity on what I think that most people mean when they use it.  And interesting, the distinction is already there.  I think the discussion, or this whole topic started with the term "digital sovereignty." And I think at a certain phase, a lot of people said, well, maybe it's not just about states, like Chris said.  And I think then the term "strategic digital autonomy" was launched, and now we have already gotten rid of the "strategic" part, but I think that's an important thing. 

For me, what I see is the context in which this is mostly being used, it's about states or groups of states, in the sense of the European Union, being able to take their own decision, so have a choice on digital issues that are strategically important.  And I think you can also translate that to individuals.  And I, for myself, I would like to have a certain level of strategic digital autonomy, where I would have a choice on issues in the digital arena that are really critically important to me.  And I think in most cases, we would make that choice or we would base that choice on those that are important to us.  And I think also there, the distinction for states is important, that sovereignty is also about having a choice based on the value of the country or the region in the strategic digital decisions that you take.  And if we do that well, I don't think that there's a risk that we can break up the internet into splinternet, but I think it's also a very ‑‑ it's not a one‑day project.  This is going to take quite some time, both at the personal level or individual strategic digital autonomy, but also on country and regional level.  We are very far away from that.  And if you look at other sectors, for instance, energy or food, we are already way beyond the point of no return.  So, it's interesting that we discuss this now in the terms of the internet and digital issues, while we have already given up in other areas that I think are crucial to us as well.  Let me leave it at that. 

>> OLAF KOLKMAN: Yeah, yeah, clear, Gulaf.  Now, Gergana, what's your perspective? 

>> GERGANA PETROVA: Yeah, talking about the design of the internet, how the internet was structured or built, compared with the ideas that the world as a whole, up until present time, has of governing, so the general concept of governing and governance.  The internet design departed from traditional centralized structures; for example, compared to other communication channels that we had.  If you take telephone, for example, if you want to call someone, your request is going to go through a central office, and then from that central office is going to be forwarded on to the person you're trying to reach. 

In the internet, on the other hand, there is no core or no central office.  As Chris mentioned, it's a network of autonomous networks.  They're all interconnected.  So, the hierarchy is not there.  And that has positives but also negatives.  I'm going to start with a few negative examples.  It can make it a little bit more difficult to implement changes.  So, for example, some standards like IP Version 6 or RPKI, they have been a bit slower to implement than we, the technical community, would have liked.  And the reason for that is that there is no central core that tells all the periphery, you do this or else. 

On the other hand, you know, if you think about it, when you have a decentralized system, it's a lot more difficult, for example, to attack such a system that has no core.  If you take one network out, then the traffic will be rerouted through other networks.  And I think one of the biggest strengths is that a distributed model also distributes power to the edge of the networks, and that is what has supported the so‑called permissionless invasion.  So, as the mantra goes, the core is dumb, or passive, in the sense that it just transports data indiscriminately, and then the Edge is smart.  So, that's what has made the internet as successful as it is today. 

If you think about the '80s, it just used to be a method of communication between academics, and now it has totally transformed our lives, for the better, I think.  So, this decentralization, having spurred all the innovation, has brought us a lot of value. 

And now, without going into too much detail, so, the innovation happens at the top layers or the periphery of the internet, what we call the application layer.  And then the lower levels, where the IP protocols are, the transport layer, those are more passive.  So, how does this translate into governance?  I think if you think about power distribution, that is quite a new concept to a lot of governments, also then, but also right now, that are used to being in charge of making legislation; they're used to being, you know, the boss.  Of course, they would consult experts, and many of them did.  However, they had the final decision. 

So, for a complex and decentralized system like the internet, top‑down decision‑making doesn't seem to be a very natural fit.  For most of the internet's life, decisions or policies were approved by consensus and by technical people in technical fora.  So, now we're trying to fit this system that is used to a very horizontal decision‑making and decision‑making that was done by technical experts, we're trying to mold it into our traditional forms of governance, which are very vertical, hierarchical and are done by politicians. 

So, I feel like at the moment, we're in kind of a juncture.  We know that we need some sort of rules, some policies that would limit the negative effect of the internet, but at the same time, we want to keep all the positives, and we want to keep the innovation. 

So, I think the global nature of the internet is essential to much of its value.  And while this global nature creates certain risks, there is also the risk that the regional and national policies will fragment the internet, and that would diminish its usefulness. 

>> OLAF KOLKMAN: So, that's more a little bit of an explainer of why we are where we are talking about digital autonomy and sovereignty.

>> GERGANA PETROVA: Yes, I will wrap up.  I think the internet tomorrow might look very different and function very different than the internet now, if we don't adapt the traditional form of governance to the internet.  And so, the last thing I want to say, I think the EU's now working on a Declaration of Digital Principles.  And in September, IPCC responded to the open consultation with a recommendation to include a commitment to a globally interoperable and unfragmented internet.  And I think that that is a recommendation that we have for policymakers, not just in Europe, but all over the globe. 

>> OLAF KOLKMAN: Good.  Well, same question to Lousewies now.  Lousewies, digital autonomy/digital sovereignty, what do they mean to you? 

>> LOUSEWIES VAN DER LAAN: I'm delighted that the term "autonomy" was chosen for this session, because as an international lawyer, sovereignty immediately calls into all kinds of definitions of territory, of nation state sovereignty, things which are actually completely irrelevant in the digital age, and I think we have to be very careful about the way we frame this debate, because there are many forces who would love to capture, make it a political thing.  And I think by using the term "autonomy," we can focus on what we need to focus on, which is that if we want an interconnected, unfragmented, free internet, which we need for all the reasons that Gergana also explained, you know, for our prosperity, for interaction, for being connected, it's extremely important to not allow the black‑and‑white forces, as Nadia so nicely called them, to divide us and make this into a big political debate.  I mean, it's one of the few things globally that actually works, so the last thing we should do it politicize it. 

So, I think for me, autonomy, personally, there is the personal autonomy that was spoken about: Can I still make informed choices when it concerns the digital aspects of my life?  And then the other part of it is regional.  You know, some of those choices are limited by where you actually are based.  And as a European, for example, I'm extremely happy that we have the GDPR, because it means my privacy is better protected than that of the average American.  So, it's working together at the two levels of autonomy. 

And from my perspective of end users and consumers, I think one of the things I'm deeply concerned about is that even though we would love to actually have personal digital autonomy, there is a couple of things standing in our way.  One, of course, is lack of knowledge; and you see this when you're clicking cookies or other things you need to do to get some service.  You're giving away so many things without actually being aware of it.  And I think the way that this kind of has been pushed into the personal choices area is actually not smart because it affects all of us together, so this is why I would very much like to include in this discussion, like should there be regulation, and in what way, because it's hard to push things to the individual. 

And then at the regional level, I'm very interested, and I see also in the room here, I've met people from many different regions, is how others are looking at the developments in the European Union, which in many ways is trying to take a lead on some of these issues, saying, look, we have to claim our autonomy back from big American tech companies, but also to protect ourselves from forces that are using this free internet to undermine our democracies with misinformation, with other things.  So, I would find it very interesting to see how we can find the right balance to keep our internet free and connected, and at the same time, make sure that we have autonomy at the individual, and ideally, at the global level as well.  Thank you. 

>> OLAF KOLKMAN: Thank you.  I see your hand, Chris.  I was sort of reflecting on what I heard.  I think I've heard two things throughout every contribution, namely, the difference between a sort of personal or individual type of autonomy, but also autonomy from states or from regional bodies or groups of people, so to speak.  And I think those are two different discussions when I hear people speak a little bit.  Chris, you raised your hand. 

>> CHRIS BUCKRIDGE: Yeah, and sorry, I don't mean to throw off any game plan here.  I just was wanting to respond a little bit, not just to Lousewies, to a few of us that have spoken here, because I think one thing that's jumped out at me and that I was also thinking a bit about before the session is that sense that autonomy can and has to exist on multiple layers in multiple ways at any one time, in intersecting ways.  So, you have personal autonomy, but you also have the autonomy of the state, the government, to sort of look out for its citizens.  You have the autonomy of private industry, private companies.  You have networks across multiple jurisdictions.  So, I mean, that's really a never‑ending negotiation, I think, in how do we manage autonomy to the extent that we wanted in all of these different facets that have to intersect with each other? 

And I mean, I see Milton's point here in the chat on Zoom, where he says, "If you favor regulation, then doesn't regulation come from national governments, which are bound to do things differently, and therefore, inherently create fragmentation?" I mean, I think that's a really important point, and it comes a bit back to what I was saying in terms of autonomy doesn't need to be just regulation or state control.  And really, in a sense, what we should be trying to negotiate towards is minimizing the need for using that regulation state control, because once you get into that territory, that's when you're really going to run up against how do we maintain a global network of networks? 

And I think ‑‑ sorry, I'll finish.  But it's a sign of how much this is being discussed here and also the quality of the discussions in the IGF that I'm already referencing sessions that just took place yesterday, but there was some really good points made in one of the last sessions yesterday by Paul Timmers, where he was talking about the move towards digital sovereignty being pushed by external factors, by the sort of rise of global platforms, by the increased risk of cyber events, but that that global shift might mean that some of the fragmentation is actually mitigated by a more aligned move towards, okay, what should digital sovereignty look like; how should it intersect with these other forms of sovereignty?  I'm not sure I'm necessarily convinced by that, but it's a nice, optimistic idea of how it might go. 

>> OLAF KOLKMAN: Any of the panelists want to reflect on that thought?  Because I always find that useful.  I cannot see you raise hands in the hall, unless you really stand up. 

>> LOUSEWIES VAN DER LAAN: We can keep an eye on it here if anybody in the room wants to get up.  I think from my political background, I want to sound a bit of a pessimistic note, because governments are very uncomfortable ‑‑ or many governments are very uncomfortable with the way that the internet actually works, with the fact that it is multi‑stakeholder, that it's not run in an intergovernmental way, and we see different governments in different places trying to see if they can somehow get control over what's happening on the internet by grabbing control over the technical layer of the internet.  And I think this is an extremely dangerous development.  So, it's important that we try to push back and find solutions for some of the problems they're using as an excuse to regulate in order to keep the kind of internet that we want.  And I think in that regard, I'm a little bit less optimistic than perhaps the gentleman that Chris was quoting, because the push is taking place not here at the IGF, but it's taking place in places like the ITU and other places, and they tend to come from autocratic regimes who love to have control over what's happening. 

And at the same time, we mustn't underestimate that there are negative aspects to the digitalization, and we have not been able to deal with a number of these, precisely because they are global.  And so, it's going to be a constant ‑‑ finding a constant balance of solving the problems on the internet so the governance on the internet without actually touching the technical layer and explaining what the difference between those two.  And the biggest problem there is, and I can say this as a recovery politician, is that policymakers generally don't understand any of this.  And so, we have a huge responsibility, and especially those from the technical community, to keep the dialogue with policymakers ‑‑ and they change every single time.  Just when you have one who understands it, they don't get re‑elected, then they become lobbyists for big tech or something like that.  So, you have to keep them engaged, try to bring them here and explain these issues to them, and that's going to be an ongoing challenge.  And there is Roelof waving. 

>> OLAF KOLKMAN: Before you give him the microphone, I have a question for him, because he mentioned something that triggered me here, which is strategic interests.  And I always have to think about strategic interests from nation states.  I think of supply chains and those type of things, which keeps societies running.  Given that you are in the business of providing a critical infrastructure, given that you're in the business of a service that is a critical supply for many, and they need .nl supply or domain, how do you look towards that, towards having a conversation about autonomy in this case? 

>> ROELOF MEIJER: That's an interesting question, because ‑‑ let me see if I understand your question correctly. 

>> OLAF KOLKMAN: Let me see if I understand it.

>> ROELOF MEIJER: For SIDN, the strategic digital autonomy is very important because, one, it solves the problem of single points of failure, and I think that's also something that governments, but also, we as individuals, probably look for on important issues.  We don't want to have a single point where important things that we have can fail.  So, that's why we don't like Facebook, why we don't use WhatsApp, et cetera.  Right? 

So, for SIDN, the ability to choose from different options and avoiding lock‑ins, avoiding single points of failure is very important.  That strategic autonomy is crucial for assuring that the digital .nl domain always works.  Is that a reaction to your ‑‑

>> OLAF KOLKMAN: Yes, most certainly, yes.

>> ROELOF MEIJER:  Can I react to what Lousewies said?  Because although she was one, I think I take politicians and governments slightly more seriously than she does, and I would say, yes, there are governments that want to regulate for the wrong reasons.  There are governments that regulate wrongly for the right reasons, but there are also a lot of private actors that, if I said unpolitically, misbehave and should be regulated.  So, we have to find the solution to that, and I think we do it by properly regulating ‑‑ by precise regulation.  So, with regulation to catch the culprits and not the whole sector. 

And I think if we look at our recent privacy legislation, there we caught the whole world, instead of just the bad actors.  But I think that's also a consequence of private parties saying, no, no, no, we don't want any regulation; we will self‑regulate ourselves, which quite a few private actors consider to be no regulation.  And there's kind of a synonym for self‑regulation, no regulation.  And I am from the private sector and I definitely want to stay there.  I don't want to go to politics, nor to government.  But I'm a realist, and I see big private parties misbehaving.  They are not acting in our common interests.  They're acting in the interests of a relatively small group called shareholders, or major shareholders.  And if we don't do something about that, I think then we will really get a very bad taste of an internet that nobody of us really wants. 

>> OLAF KOLKMAN: I want to do a little bit of a step back, because we are talking about autonomy, the ability to be autonomous, to act autonomous.  But I think that Nadia brought up an important sort of a digital divide issue.  Some people cannot be autonomous because they cannot participate because they don't have the credit card, for instance, that identifies them.  I think that was what I picked up from your introduction, Nadia.  Can you go a little bit deeper into that possible digital divide, how we can enable people to stay on board as it were, or come on board and sort of gain their own autonomy? 

>> NADIA TJAHJA: Thanks for picking up on that.  That is one of my concerns, especially when I relate it to Lousewies' comment about regulations.  What if governments don't want to regulate on areas where people don't have access to things?  If we're thinking, for example, of refugees that are leaving their countries and their universities have burned down and they have no documentation whatsoever and they come into a new country and they can't participate in the society, therefore, not being able to get access to bank accounts or general education or filing for support.  Then what happens then? 

So, here's where I wanted to kind of start raising the issue that the research that's being done in self‑sovereign identity.  So, in the Netherlands, TYTN and SURF have been developing innovation relating to self‑sovereign identity.  For those less familiar with the concept, self‑sovereign identity kind of introduces this new area, this new paradigm where users have direct control of their profile information, and it is based on blockchain technology.  And this gives you a wallet where you exchange information which is built on the trust that you have with each other, and you can know exactly what information is being given to someone and what you're going to be receiving.  Because now, if I go to a nightclub ‑‑ well, at the moment, I'm not going anywhere ‑‑ but if I go somewhere and I show someone my identity card, then you see my name, where I was born, when I was born, and all those additional pieces of information.  Same with when we are logging into a website, et cetera.  So, we then provide more information than we actually expected to be giving.  So, there is now this research into this self‑sovereign identity which then kind of provides us opportunity for those people to be involved, because government does not wish to provide solutions to those who are kind of suffering in those areas. 

And then when it comes about governments not getting involved with kind of the technical components, if government doesn't want to react in such a way, NGOs, individuals, they will find and use innovation themselves to find technical solutions to their problems.  And this is one way of moving forward, but I wouldn't be surprised if there are other technological solutions made and created to be able to foster their participation within society. 

And then, if you don't mind me commenting on government and the technical component.  Yesterday, I attended a session in which there was mentioning of whether or not splinternet then would happen because of government involvement.  And ICANN asked the question when new IP was raised, you know, what are the consequences of what a new protocol can bring, and what is the problem the new protocol seeks to resolve?  Because if governments then get involved in a technical layer and they're introducing new things, these are the things that could lead to a splinternet.  And I believe if we have self‑have sovereign identity that would work within the existing system and could create perhaps digital sovereignty separately, and therefore, self‑sovereignty, but when it comes then to the technical layer, there are so many complications in between them that we need to question ourselves, what kind of innovation is going to be supportive towards the future of the internet? 

>> CHRIS BUCKRIDGE: Olaf, you're muted. 

>> OLAF KOLKMAN: Thank you, yeah.  I was sort of reflecting on this, and it seems that we're hitting almost all corners of Internet Governance problems from agency of individual users.  We already talked about will regulation make things easier for users or not?  Do we really expect people to know what "cookies" mean?  Now we're talking about blockchain‑based attribute‑carrying, self‑sovereign identity.  How much do we expect users to do that, and will it ever be recognized by the governments when that matters?  And then now we're back into networks and splintering of the networks because of different protocols.  Perhaps, even mandated by some governments, if we don't watch out. 

Let's see.  I think I saw a hand from Louswies.  Did I see that correctly?  I did not.  But I see Gergana raising her hand, and that's good, because I just wanted to ask you, how does this tie in to the request that you just made to the European Union for another principle about the internet?  Can you say something about that? 

>> GERGANA PETROVA: Yes.  So, we have asked today the European Union to make a stronger commitment to an undivided, a global and interoperable internet.  One thing that I wanted to mention that concerns what Nadia was talking about.  I also share the doubt that you mentioned that to what extent can we rely, actually, on users, and fact that we need to realize how powerful the options we give to users are.  They can only operate in the world of the options that they're provided.  And oftentimes, like, okay, if users don't like it, they can go elsewhere, but often, there's not alternatives, you know.  Some platforms, for example, are so predominant that, you know, telling users, if you don't like it, go elsewhere, that's not really an option. 

And then there is also the side that even if users take their individual decisions, those individual decisions can impact others.  So, your individual decision does not ‑‑ the impact of your individual decision does not stop with you.  And we know that with machine learning can get a lot of profiling on certain type of people, and even if you don't share any data about yourself, if you belong to a certain category, they already know quite a lot about you, based on the information they have gathered from others.  So, we should find some sort of balance between individual freedoms and what is good for society and protect freedoms of society as a whole. 

And yes, let me see, to your question.  What would we advise politicians to think about, what sort of impact the measures they're thinking of will have within their borders, but also beyond their borders.  If you have, for example, if you mandate organizations within your borders to behave such‑and‑such a way, that may still impact their relationships with organizations or companies beyond their borders, and then you can expect that other governments will take action based on that.  So, yeah, it's very important to think about the long‑term impact. 

And often, sometimes, when you have some measures that aim to have a short‑term effect, they might actually have long‑term consequences because of the decisions and measures that the other government takes.  And then, basically, what I'm trying to say, it's a lot easier to not break the system than break it and then try to piece it back together. 

>> OLAF KOLKMAN: That is a true statement, also for coffee cups. 

>> LOUSEWIES VAN DER LAAN: Olaf, there is a question here in the room. 

>> OLAF KOLKMAN: Yeah, yeah, I saw that.  I saw that.  That was echoed by Mario Lang.  Please go ahead, whoever is in the room. 

>> LOUSEWIES VAN DER LAAN: And would you please identify yourself, for the record, and not by blockchain.

>> JULIAN RINGHOFF: With a digital identity.  No.  My name is Julian Ringhoff with the European Council on Foreign Relations in Berlin.  And we currently work on a lot of projects that touch upon exactly what we are talking about here, and we're trying hard to find an ideal state of European strategic autonomy or sovereignty, or whatever you want to call it.  But at the end of the day, of course, it is about securing a capacity to act for the European Union and with self‑determination in international affairs. 

And we talked a lot about conceptually what an idea state could be, but I would find it very interesting if some of the panelists could take a position on maybe a few selected of the European initiatives in this area, because, of course, the European Union is doing a lot, whether it is in legislation, AI Act, Digital Services Act, Digital Markets Act, Cybersecurity Act, but at the same time, there are a lot of industrial policies, whether it's the CHIPS Act or an alliance for cloud computing. 

And for many of them, there's a lot of criticism that they go too far, that they're protectionists, for example, with the Digital Markets Act, whereas others, I think, are hailed as very good tools to protect the autonomy of European citizens, maybe the Digital Services Act or the AI Act.  And I would be interested if you could maybe pick a couple of them and say this is something where we are eyeing a good state or a good level of European sovereignty, autonomy, and maybe others where we are going too far, where we are being protectionists and are threatening to cause a splinternet. 

>> OLAF KOLKMAN: Let's zoom into that last bit of your question, if I may focus the question a little bit.  A little bit.  That is, where do you think that the European Commission goes too far and is at risk of creating that splinternet?  And there I see Chris Buckridge enthusiastically raising his hand.

>> CHRIS BUCKRIDGE: Gives me a chance to launch into a more specific story, which is always nice to get down from the really high‑level discussion.  No, I think this is a really great question, and, because, I mean, I think the European lawmaking is obviously a really important example of where this is happening and the ways in which it's happening.  So, the example I'll talk about is the cybersecurity directive, for those not away.  There's a lot there.  It's a very big, dense directive. 

I want to focus on one specific part, which has been important for the RIPE NCC, and that's that what it sought to do in the draft originally coming from the European Commission was to extend obligations, regulatory obligations to root server operators.  Now, root servers are really the core of the DNS, they're an important fundamental part.  There are 13 letter root names, so A-root, B-root.  RIPE NCC is the operator of K-root.  But the important thing to be aware of the root server system is that it's not just 13 servers distributed around the world allowing the DNS to actually work.  It's hundreds and hundreds of these nodes of these servers around the world.  Which means that the system, itself, is really resilient, really strong. 

Now, the European Commission in putting this together, obviously had concerns about stability of the internet.  Now, we can talk about how there's not reason to be concerned about that DNS layer, or at least at the root server level.  But the other thing just to think about then is what damage can be done by exerting European regulatory authority over the Root Name Server System, which is what this would essentially do, because this is a global system.  And what you're essentially saying is that, if the EU, the European Commission, says the Root Server System is so critical to European internet users that we need to bring it under regulation, then what's to stop the Russian government saying, the Root Server System is so important to Russian internet users, we need to bring it under regulation ‑‑ the Australian government, the Japanese government, the rest of the world, basically.  And at that point, you've essentially broken and politicized what was a really well‑crafted, apolitical system, which had managed for 30 years to go without any down time on allowing the Root Server System ‑‑ I'm sorry, the DNS ‑‑ to actually operate and allow us to use the internet.  So, that's one really quite clear example of the danger. 

Now, just to very quickly finish there.  And again, it's perhaps a slight retort to ‑‑

>> OLAF KOLKMAN: Very quickly, Chris.  Very quickly. 

>> CHRIS BUCKRIDGE: Very quickly.  Just to say, what we've had is really good progress in this area in talking to the European Council, in talking to parliamentarians at that level.  It looks like in the final draft that's agreed, that won't be included.  So, that's been a really positive experience, but it has taken a lot of work and effort not just on the part of the RIPE NCC, but the Internet Society, Net Node and others in the technical internet committee. 

>> LOUSEWIES VAN DER LAAN: And a compliment to Chris and others who made that happen because it would have been a dreadful precedent if it had gotten in there.  So, congratulations. 

>> CHRIS BUCKRIDGE: Thank you. 

>> OLAF KOLKMAN: I believe it's still not a ran race, so to speak. 

>> CHRIS BUCKRIDGE: It's not.  It's not. 

>> OLAF KOLKMAN: Continue to pay attention.  But that's not my role as moderator of this panel.  In Katowice, Roelof or Lousewies, do you have examples, perhaps, of ‑‑

>> ROELOF MEIJER: Want to go first? 

>> LOUSEWIES VAN DER LAAN: Well, no, I don't want to actually give any examples.  There is something I do want to react to Julian's comments, because I think on some of these, for example, the AI, it's too early to tell.  And two concerns from the consumer, from the transparency aspect that we have, is the first is that it takes a huge counter lobby to have the big tech lobby influence to counter that.  And it is ‑‑ if you look at the report, for example, of the Corporate Europe Observatory about the money that is being spent by big tech to try to get the regulation to go into their direction, it shows that there's a huge effort in the example that Chris gave, it went well, but it doesn't always go well.  So, I think that's one. 

And the second thing is ‑‑ and then I want to zoom in specifically on the AI Oversight Board ‑‑ is that it's going to be extraordinarily important.  We're going to have to see how it develops.  But one of the interesting things, and we put that into the consultation, was that the financial interests of these people are not public yet.  I mean, and it's one of the things we should know.  If you're smart enough or know enough about AI to be on this Oversight Board, I would like to know where your investments are, and I want to make sure that when you're taking decisions or developing policy, that you're not doing it for your own pocket.  So, we need transparency on that. 

So, that's why I'm saying, as this starts to develop, we have to make sure that we keep an eye on lobbyists, that we keep things transparent, and that we know what people's personal and financial interests are, because that's the only way we can make sure that all of this legislation starts to develop for the common good, instead of us finding out later, oh, my goodness, you know, again, we've fallen into the trap that we're trying to not fall into. 

>> OLAF KOLKMAN: Hulav, Nadia, or Gergana, do you have any additional response to Julian?  Otherwise, we will go to the mic line in Poland. 

>> ROELOF MEIJER: Yep, can I? 

>> OLAF KOLKMAN: You can.

>> ROELOF MEIJER: My reaction will be that in almost all cases, regulation overshoots its purpose.  And I don't have a solution for that, but it always takes a lot of lobbying afterwards, and lobbying is probably the wrong term, because it's all about the interests of the organization that does the lobbying, not if it's the technical sector, I think.  But there are so many in this one niche.  There are so many examples of where the intention probably is justified. 

I'm a realist, like I said, so we cannot do without regulation, and we need more regulation also in our industry, but in most cases, we spend more time correcting the regulation than the original people who made it spent coming up with it.  And I think you'll also, probably between the lines, refer to a guy (?) and DNS for you.  Actually, there is no clear picture on what DNS is all about.  The signals from the European Union are a bit mixed.  So, one is, no, it's just going to be a fair and open European DOH; and the other, a new protocol serving DNS installation.  But sometimes we also hear, and I think there was a signal that came from the high‑level interest group, that this is going to be clean DNS for ANU.  So, things will be blocked and filtered so you have a safe environment where you can get your DNA services from.  And that's probably, again, regulation overshooting its purpose. 

>> OLAF KOLKMAN: Thank you.  In the meantime, I've asked Nadia and Gergana if they had something to add, but we feel that it's better to go to the mic line in Katowice. 

>> Please identify yourself.

>> ALEXANDER: Hello, Alexander from Moscow.  Sorry for rushing in to this Dutch party, but I have exactly a question to you.  Because for example, distribution of IP addresses for autonomous to European Union imposes some sanctions.  And we have discovered, for example, people in Syria cannot obtain IP addresses because European sanctions doesn't allow them.  So, that's an issue which, well, usually could not be discussed, but it was discussed by previous RIPE meeting. 

And what to do for people with Syria, how to do them, that's a question for you Dutch people.  Sorry for ruining your party.  But I could give as a positive example.  If you don't like DNS, how it runs now, you can do your autonomous DNS with open rooter route roots here on IGF, physically, who provides you with such forum of DNS.  Is it also autonomous, is it suitable for you, in some cases, will you use it, alternative .nl, for example.  So, are these autonomous and various other autonomous examples good for us and how to react to them?  We no longer can just ignore or saying that nothing is happening.  Thanks. 

>> OLAF KOLKMAN: Thank you, Alexander.  There is another question from the hall, I understand.  Let's take that question, and then I'll give Gergana the opportunity to respond to your first question, because I think this is a typical RIPE NCC question, then we'll see where if we have some time left.  Go ahead in the hall with the question that you have.

>> COLLEEN CURRY: Hello there, I'm Colleen Curry from Qualcomm, the UK's independent communications regulator.  I really like this image of the kind of overlapping and different sizes of autonomy that we've painted during this session.  But it made me think about good governance principles like goodness, transparency and fairness, which could be equally applied to public or private endeavors, indeed to personal autonomy as well.  I wondered if the panelists had any reflections on how these concepts of accountability or good governance or responsibility could be delineated or monitored where you have kind of potentially overlapping or confusing levels of autonomy? 

>> OLAF KOLKMAN: Yeah, Gergana, if you want to take the first question, and then we'll round off by giving everybody just 30 seconds to give their opinion about the complicated space in which we have to govern, because this is basically a question about how to govern in a complicated space.  Gergana, go ahead, then a quick round.

>> GERGANA PETROVA: I'll be quick.  Concerning sanctions, it is something that has impact RIPE NCC's operations.  Our board came with a position as far back as 2014 and that was that we believe that internet resources should be kept separate from political disputes, especially having in mind how fundamental connectivity has become to our societies. 

We are concerned that sanctions that are in some way restricting the use of the internet number sources in some countries will continue to put pressure on the existing system of Internet Governance, and we are currently in talks with the EU.  We are investigating the possibility of getting an exemption of internet number sources from EU sanctions regulation.  I will put in the chat a link to an article with a lot more information on this. 

>> OLAF KOLKMAN: Transparency accountability in a distributed and slightly overlapping environment of many topics.  Your thoughts, Nadia? 

>> NADIA TJAHJA: When it comes to all these different concepts, I really come back to the idea of the political narrative and where it really matters for our day‑to‑day functions.  And when you see how important that is to individuals, how we have these discussions about what do we let people see and urging people to regain our privacy and regain our transparency and people taking action to provide these systems through this self‑sovereign identity system, I see that there are continuous efforts for people to look at these different principles. 

There was an RFC ‑‑ I can't remember the exact number, but it was co‑authored, looking at different components of technical development and human rights and how these interlink with each other.  So, this has been a topic of thought that continues and is being promoted and continuously debated to be included.  The way that we then need to make forward is to ensure by our question, but also raising that, that come back into our communities, raising this information that is then shared through all these different spaces to raise that to the attention of policymakers, as Lousewies mentioned earlier. 

We try to keep people informed of developments that are happening, and when they then go back, if they don't get re‑elected and go back into the communities, we lose that valuable information.  It's then a way for us to come back together to kind of really ensure that these topics continue to be on the agenda.  I think that will just need to be an effort to comes from all of us.  And I do hope that we can continue to foster that type of research and support those who make those efforts. 

>> OLAF KOLKMAN: Thank you, Nadia.  Over to Chris. 

>> CHRIS BUCKRIDGE: There we go.  Yeah, I think Colin raised a really interesting question here, like when we talk about all of these different autonomies, how do we actually then manage the intersections of all those?  The best answer I have is the IGF.  I think that really is sort of deliberative processes where we come together and talk about, analyze, think about the ways in which accountability is being enacted and protected and governance is taking place.  That's the role of the IGF, and it doesn't need to be a sort of uber‑regulated power.  It just needs to be a place where some transparency is brought to bear, where some sunlight comes in on how this is all being done.  And hopefully, we can all improve over time. 

>> OLAF KOLKMAN: Yeah.  To me, the word collaboration always comes to mind when I think of these types of processes. 

Gergana, do you want to say a final word on that topic? 

>> GERGANA PETROVA: Yes, very quickly.  I think that the point that Lousewies made earlier is worth repeating, and that is differentiating between the top‑layered applications layer and technical layers underneath.  I think regulators should be careful not to break or change the technical core of the internet when trying to come up with regulation on how the internet is used.  And then when you're thinking of legislation, try to think of what you're trying to achieve, what your end goal is, whether it's privacy or security, rather than how to get there.  The technical bit can be, of course, discussed in technical fora.  So, that's what I wanted to close with. 

>> OLAF KOLKMAN: Thank you.  And given that we're actually over time, I'm going to thank everybody.  Before I give the opportunity to Roelof and Lousewies, but I'm going to return the mic to Katowice, and with that, I'm going to thank everybody for their attention.  But first, let's wait for Lousewies and Roelof's answers. 

>> LOUSEWIES VAN DER LAAN: Yeah, we have a big minus two minutes blazing right in front of us, so there's not a lot of pressure here.  No, thank you, Gergana, for making that point because I think this is repeating my point, because I think we cannot repeat often enough the difference between the technical layer of the internet and what happens on it, the applications, and it's incredibly important to keep repeating that to policymakers and to explain the difference to them, because that's the way we're going to avoid fragmentation. 

And the second point is the point that Chris made, is it is extremely important that we keep these discussions in the IGF, because it's more open, it's more transparent than anything they're going to do between governments.  Plus, when governments get together, a lot of other interests are at play.  There's economic interests.  There's, you know, countries that are indebted to other countries, that are not free to speak.  Whereas, here at IGF, we get a lot more real open, honest debate, and therefore, better governance and better accountability. 

So, my call is also for people who are in those intergovernmental fora, maybe the lady from off com has good connections to the British government, to say, whenever they try to put these issues in the ITU, in the UN or at other places, say, "No, we have a forum for that, it's called the IGF.  You have an issue to raise?  You do it there," because here we can really counter them in a really different way than all of those polite diplomats with their other interests around.  They're important, too, but I think for these kinds of issues, multi‑stakeholderism is the only way to go.  You have your own microphone. 

>> ROELOF MEIJER: Yeah, well, there's now 3 minutes 52 seconds in red in front of me, so I think I'll thank you, everybody.  Thank you to the room for participating, and it was a good session, I think, because we didn't mention breaking up big tech in the context of autonomy, so, that's pretty good. 


(Session concluded at 1530 CET)