IGF 2023 – Day 2 – MAIN SESSION 2 Cybersecurity, Trust & Online Safety

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.



>> OLGA CAVALLI:  Thank you, everyone, for being with us this early afternoon here in beautiful Kyoto, Japan, and welcome all of the remote participants that are following from all over the world. For my colleagues in Latin America, it must be extremely late at night, but I'm sure that some of us, some friends of us are there.

Thank you, distinguished colleagues, and dear co‑moderator here. My name is Olga Cavalli, National Cybersecurity Director of Argentina.  Here with me is my dear friend Tracy Hackshaw.  He is the chef D’entreprise, POST.  He will be here with me to moderate the session.

I would like to briefly present my distinguished colleagues and friends who are with us this afternoon, Mr. Christopher Painter, he is Director of the GFC, Global Forum on Cyber Expertise, but he is also a well-known expert in cybersecurity, cybercrime, and he was the first cyber Ambassador or cyber diplomat in the world.

We have online Katitza Rodriguez from the Electronic Frontier Foundation.  She is the Policy Director for Global Privacy.  She is online.  Are you there?

>> KATITZA RODRIGUEZ: Yes, I'm here. 

>> OLGA CAVALLI:  How are you?  She is in New York, but she is Peruvian from Latin America. 

And we have Alissa Starzak, she is CloudFlare's Vice President from Global Head of Public Policy.  Welcome.  And over to Tracy who will present the other distinguished panelists.

>> TRACY HACKSHAW: Thank you very much, Olga.  Let me introduce, well, welcome, everyone,  to today's session.  I would like to introduce Elizaveta Belyakova, the chairperson of the Alliance for the Protection of Children in the Digital Environment.  Are you there?


>> TRACY HACKSHAW: We have a very special guest with us, Ernesto Rodriguez Hernández, Deputy Minister of the Ministry of Communications of the Republic of Cuba.  Welcome Deputy Minister.

And remote we have Folake Olagunju, Program Officer for Security, Internet and E‑applications at the economic community of West African states, who is also remote.  Folake Olagunju, are you there?

>> FOLAKE OLAGUNJU: I am indeed here, a very early good morning to everyone.

>> TRACY HACKSHAW: I hand back over to Olga to continue the program.

>> OLGA CAVALLI: Thank you all, and thank you for distinguish panelists.  There are several international activities and forums and United Nations efforts in relation with cybersecurity, cybercrime, like, for example, the open‑ended Working Group and United Nations ad hoc Committee.  There are regional initiatives, but how those initiatives do impact or do relate with national activities and national regulations, activities of the C CERT, activities of companies trying to build different best practices.

Is this a real relationship?  Is this a real impact of those global activities or intentions to have a global policy with local efforts?  Is there a link or could we find ways to enhance a possible link into between these two, kind of a global and national and regional activities.

So for this, we have prepared some ideas and questions for our ‑‑ no, I'm sorry.  I have to give the floor to Tracy who will do some other comments, general comments about the session.  Sorry for that.

>> TRACY HACKSHAW: That's all right.  Thank you.

So to add to what we are saying, today we want to look at best practices, maybe get key studies out of the group to understand and get to the real meat of the matter.  What are the on‑the‑ground experiences that you have, whether with your clients, with your stakeholders of cybersecurity, and your country of policies and potential best practices, effective measures, and maybe some lessons learned first?

That's what we want to deal with today, and I hope we can get to the crux of the matter, get questions from the audience as well.  Let's deal with the real issues.  Let's not get into theory.  Let's get into the base issues in cybersecurity.

>> OLGA CAVALLI: Thank you, Tracy.

Let's start with Christopher.  He has vast experience and now if you talk to him and he explains to you how many places he will travel in the next month, you will be amazed because he is going all over the world trying to do very important efforts in relation with capacity building related with cybersecurity.

So, Christopher, how can international bodies like the United Nations open‑ended Working Group and the ad hoc Committee on cybercrime and similar entities effectively incorporate the expertise insights and real world experiences gained from cybersecurity practitioners?

>> CHRISTOPHER PAINTER: Thank you, Olga, it's great to be here.

You are wondering what I'm wearing around my neck.  When I lost the Government, the Government of Japan was nice enough to give me the Order of the Rising Sun.  It's the first time they gave that to someone doing cybersecurity work.  That shows in a sense that cybersecurity has matured as a policy issue, but I wanted to express gratitude to my Government of Japan when I worked close by when I was in cybersecurity and cybercrime issues.

I have had a long experience as a federal prosecutor doing cybercrime before anyone thought it was cool, and at the main Justice Department at the F.B.I., at the White House, and finally at the State Department.  I have also followed these negotiations, both the open‑ended Working Group in New York, I have been to those meetings and the ad hoc negotiation on cybercrime, and, of course, those are not the only games in town.

There are things outside of the UN as well.  I think that's really an important question how do you incorporate on-the-ground experience, because often the people who negotiate are diplomats who now we have more cyber diplomats.  Many countries have people dedicated to this, but they are not necessarily the people who are the practitioners or who understand the real challenges on the ground.

The other thing that happens at the UN level, it's great because it brings every country in the world together, but it's not build for other stakeholders, it's built for countries.  It's also just as a natural course of matters there is a lot of geopolitical aspects.  So a lot of things that in those venues are driven by geopolitical issues. 

Bringing that expertise, especially when you are negotiating a cybercrime treaty, it's important to know how things work, how investigations work, what has worked?  What hasn't worked?  What are impediments?  Making sure you are respecting human rights?  So having the experts in the room both from Government and outside of Government, and the same with the OAWG on cybersecurity issues there is a wealth of experience and knowledge outside of those rooms so you need to figure out how to bring them in.

I'd say they have done a good job at reflecting a lot of things going on, and we will talk about this later in terms of multi‑stakeholder involvement, but I do think the Cybercrime Treaty is building off the Budapest Convention.  It's looking at where that's going to go.  I can't tell you where that's going to end up now.

There are geopolitical differences in terms of this treaty, and the open‑ended Working Group.  It's good that all of these countries are meeting.  That wasn't happening before.  Every country has this issue.  At other times it's like listening to paint drive it's like things are not moving quickly.  So I do think that there has been activity, movement, more of a political priority of countries on these issues which is important, but I think there is a gap between that political level and the practitioner level which we need to do everything we can to bring together because you need both.

You need to translate between policy makers and people on the ground, whether it's cybercrime or cybersecurity so that the trade space, you understand what the trade space is and the policies you are making reflect reality and also help the people who are trying to protect our networks and also to go after cyber criminals.

The one thing as I wrap up, it's interesting that ransom were, the scourge over the last few years as converted this more than ever into a priority for countries around the world.  People have to wait in line for gas or they can't get health insurance or their hamburger are other kinds of food.  That makes not just a pocketbook issue, but a backyard issue, a political issue, and that raises more than it did before.  And I hope we can sustain that effort, not just here in the room which is a great forum, but beyond that.

>> OLGA CAVALLI: I think you influenced the importance of the dialogue between technicians and diplomats.  So we have this, we should develop this ability to explaining concepts, not very technical things, but really conceptual things, so other colleagues that are involved in other stakeholders can understand concepts.  Once you get the concept sometimes it's easier too.

>> CHRISTOPHER PAINTER: I think that helps.  A lot of policy makers are afraid of this because it's technical, but you don't have to be a coder to understand the key geopolitical and other issues here.  I'm a recovery lawyer and I can still talk to people, so.

>> OLGA CAVALLI: Thank you very much.  We will follow up with other questions in a moment.

I'll go now to Katitza Rodriguez in New York.  Are you there?


>> OLGA CAVALLI: Nice to see you virtually, it's been a while we haven't met.  I hope to see you in the future in person.  Considering the role of the media how can effective communication about cyberattacks and cybersecurity risks contribute to bridging the gap between negotiations and practical efforts fostering public awareness and facilitating informed decision making.  The floor is yours.

>> KATITZA RODRIGUEZ: Thank you, Olga.  It's nice to hear from you.

Hi, everyone.  Well, first I will start saying that my work focuses on global privacy topics including changes in the context of criminal investigations, and I have been involved for a long time on discussions of cybercrime policy and legislative issues from a civil society perspective, and right now that focus of the grand part of my job is in the United Nations treaty, the negotiation that is currently being held in Vienna and New York.  There has been a large process at the global level involving as it was said by the previous speaker, by Member States, Member States around the world.

Over six negotiation sessions and a lot of controversy about this treaty even at the basic level of defining what cybercrime is and how can law enforcement and evidence guidance assistance should work.  Back to your question, we see in the media security problems everywhere, from data breaches to ransomware, infections to botnets.  Harms are everywhere.

Cybersecurity should make more people more secure and should not undermine privacy and human rights.  We would like to see the media better understand the threats landscape and the importance of a rights base approached to cybersecurity to protect a free and open Internet from malicious attacks we need to address the underlying problem.

Far too many programmes, devices and systems are willfully insecure, and the process of discovering, disclosing and patching vulnerabilities is often underfunded and disorganized across the public and private sector, at the domestic international, at the federal level.  Users have little knowledge how to protect themselves against such attacks ... legislators should not just demand expansions of surveillance and law enforcement powers, including across borders.

The media should report on the key roles of digital security trainers, journalists and others improving and safeguarding our rights.  Many of these professionals are also working inside of technology companies.  They have made security research a priority.

By presenting their stories, challenges, and contributions, the media can humanize cybersecurity.  To other cybersecurity challenges we need better incentive to make software devices and networks secure, better education for users and developers and better sharing of information about threat, vulnerabilities and solutions.

We need legal protection for security researchers.  Unfortunately, high profile efforts like the UN Cybercrime Treaty which is currently under negotiation have focused exclusively on enhancing law enforcement power including across borders while giving minimal attention to a cybersecurity agenda.

Sometimes this focus only on law enforcement powers is short sighted and even counterproductive, I will say, because it does undermine human rights by on line free speech as cybercrime.  It can interfere with the work of people who are actually trying to make a safer, to improve security at the technical level.

Some provisions in the treaty threaten to criminalize essential work of independent security researchers in identifying vulnerabilities and getting them fixed.  Other provisions threaten to allow Governments to compel engineers to undermine and bypass security measures in the name of furthering an investigation.  These proposals can be interpreted in a very broad way which could require, compel an engineer, someone with knowledge on computer systems to secretly turn over keys and passwords even without their employer's knowledge.

So this goes against cybersecurity and these are complex, but the media has the responsibility to try to explain these issues in an easy way, to understand not only the criminal landscape of ransomware which is important, but also the whole importance of the whole cybersecurity ecosystem.

So this broader perspective is important for one reason.  It would show how the landscape of cybersecurity is just not cops and robbers.  So many people other than law enforcement and criminals play a crucial role.  Second, because it might emphasize that cyberattacks are not.  They are grounded in the operations of ICT systems, and protection fixes and counter measures.

So the media can demystify these attacks and also reduce the public's sense of powerlessness in the face of them.  Finally, to conclude, it could also show opportunities for cooperation and strengthening our infrastructure.  For example, tech companies academic researchers.

That's something that the media can also promote in their own narrative.  Thank you.

>> OLGA CAVALLI: Thank you very much, you bring very important concepts, for example, the importance of security by design in all of the devices, the importance of knowing the vulnerabilities, for example, in the national state of Argentina once we know about a vulnerability, we do communicate it to our, the areas of the Government that we are in contact with, and also you mentioned the important role of the media in getting to know and informing the public about what is happening.

And we were talking yesterday in an open forum that we organized exactly that, that sometimes we get to know about attacks only by the media, and sometimes those who have been attacked or in vulnerable situation not usually share all of the information, and so the role of the media is really relevant.

Thank you for your comments and we will get back to you in a moment.  Now, I would like to ask Alissa a question, how can the Internet Governance Forum where we are now play a proactive role in promoting human‑centric approach in cybersecurity and facilitate insights and experiences between global cybersecurity initiatives and practical on‑the‑ground efforts, which is mainly the purpose of the session, and welcome and thank you for being with us.

>> ALISSA STARZAK: I'm very excited to be here today.  I think it's worth background about why I'm here on the stage to begin with, and then I can tackle that question.  CloudFlare is a global cybersecurity company with equipment and operations in more than 100 countries.  We protect people all around the world with millions of customers.

In fact, something like 20% of all of the websites in the world pass through our network on a daily basis.  One of the things that's interesting for me on the stage is we fit in a couple of different places as a member of industry.  We are both a cybersecurity company that is involved in seeing attacks.  But we also just protect a lot of what's happening on the Internet and in internal networks.  We play sort of on both sides of that game and have an opportunity to think about what those issues look like.

Thinking about that question, one of the things we do at CloudFlare is try to make it easy for people to protect themselves, recognizing in this space that prevention is actually better an addressing cybercrime in many ways.  There is a goal in security to protect in the first instance, to prevent cybercrime altogether which solves some of the challenges.  So those questions are really tied very closely together because it's not just about enforcement.

If you can prevent cybercrime in the first place, that is a much better place to be overall.  So from a, from the point of industry, thinking about what those solutions sets look like, making sure you have things that are secure by design, that are easy to implement from a presentation standpoint is important.  I think on the cybercrime side, I think one of the things we have seen from a practical standpoint is often there are gaps in ‑‑ you know, cybercrime is global.  Let's be honest, it crosses borders.

And practically, sometimes that means international collaboration on the law enforcement side.  Some of the discussion points have to be about making sure that those barriers are addressed and address in a human centric way that protects rights.  Those are important components.  On the question of IGF in particular, one of the things that CloudFlare does is we offer a bunch of initiatives that actually provide protections to vulnerable groups in particular.  We think about secure by design, and we try to think about what those offerings look like and make sure that people understand what they can do to protect themselves.

So we actually think of a forum like Internet Governance Forum is a place where you can have those discussions about what initiatives are available for people to protect themselves to make sure those steps on prevention in the first place are throughout through and people are aware of what is out there, even before you get to the cybercrime side.

The amazing thing about IGF is that it's multi‑stakeholder, so you actually have not only Governments in the room, but civil society in the room, you have industry in the room, you have a lot of different players.  You all bring a different piece to the puzzle and can have a conversation together.  And there aren't that many forums like that.

So thinking about that practically, I think that is one of the biggest things that IGF can do, really thinking about that piece, how do we make sure people know what initiatives are out there and what are the real barriers to enforcement?  What are the challenges that come into play?

>> OLGA CAVALLI: Thank you.  I think you really made a good point about the role of the IGF in bridging gaps in between the different stakeholders which I think is fantastic space.  And also this concept of equal footing that you can find authorities, Ministers, experts from, a person from civil society, experts from the technical community, and exchange some ideas, and have a coffee or share some sushi and bridging the gap is important. 

And sometimes in the multilateral meetings which  are important, it is not so easy.  And there are barriers that prevent some of the stakeholders in participating freely and exchanging information with other stakeholders.

So I will give the floor to my dear colleague, Tracy now, and the floor is yours to continue with questions to other panelists.

>> TRACY HACKSHAW: Just a few housekeeping guidance, just at the end of this round of questions, we will be asking to come to the mic so go on Zoom and ask questions, so get ready for that.  You could begin lining up as soon as we begin the question period, and secondly, one of our speakers in this round will be speaking in Spanish so if you don't have interpretation available and you don't speak Spanish, it's a good time to try and look for those devices or if you speak English, you could follow the transcript.

All right.  So moving onto one of our remote speakers, Elizaveta Belyakova, she is from the Alliance for the Protection of Children.  So how can we promote the adoption of best practices such as self‑regulation mechanisms and social initiatives to foster collaboration in combating digital threats and reducing risks with a particular emphasis on safeguarding children in the online environment?

>> ELIZAVETA BELYAKOVA: Let's not forget that one of the most important part of our society is, of course, children.  So protecting children from cybersecurity and cybercrime is of up most importance.  That has been increasing over the last couple of years.  This is the reason we created the Russian Alliance for the Protection of Children in the Digital Environment.

This trend is something that we saw beginning in 2023 in the Summit where calling for the interstate Alliance for the Protection of Children.  These statements once again emphasize the relevance of this topic not only in the Europe but in countries of the Global South.

Now, speaking on behalf of the Russian IT society, I can safely argue that voluntary commitments of digital platforms and maker players in the IT market are the most effective way of public mobilization aimed at protecting children on the Internet.

Let me once again emphasize that this is precisely an independent initiative of the largest IT companies of Russia.  The alliance promotes the protection of the youngest generation from time not through restrictions but through education, creation of positive content such as games, podcasts, et cetera, and as an example for more precise measures, allow me to mention that we created the digital ethics of childhood charter which reflects recommendations concerning issues of child safety.

And this is soft law.  It's based on ethical principles, the respect for the child as an individual, shared responsibility, the protection of privacy and values in the online space as well as inclusivity.  One of the key points expressed in the charter is self‑regulation of digital platforms in terms of proactive content moderation.  This means that platforms themselves have to vow to take steps to prevent the spread of negative content that could potentially harm children.

In addition, the alliance also works to improve digital literacy for children and adults.  This, for example, has led to existence of the alliance making more than 20 events.  This is an important step in protecting children.  Given the rights conditions, major digital platforms are willing to admit their responsibilities and take actions to shield children from negative content and other online threats without Government interference.

Considering the risk for children in the era of global digitization, it should be notes the greatest threat is sexual exploitation and abuse on the Internet.  It has never been easier for sex offenders to share images, and encourage others to commit crimes.  And here is an example, let me mention the fact that about 80% of children in 25 countries report feeling at risk of sexual abuse or exploitation on line.  That's a UN statistic.

The problem of sexual exploitation, sexual violence and the abundance of content that exists on the Internet that contains images of sexual nature is the most acute issue that needs to be solved.  Unfortunately, this is something that we have not yet solved.  Despite the efforts of the global community and international organisations we are very far from solving this problem.  The World Health Organization in its 2022 report on preventing online violence focused on child sexual abuse and highlighted that the particular issue is very, very important.

The We Protect global alliance emphasizes in its information resource, and I quote, access to child sexual abuse material online is becoming easier and easier.  And the volume is growing so much that we could say we are experiencing a tsunami of child sexual abuse material online.

We are aware that a primary school child can easily with literally three clicks access content that is so highly traumatic and cause serious psychological trauma and something that's to be done about this, of course.  I would say there are general statistics with negative consequences of a child health.  This does not reflect the clear picture because children themselves and their parents in many cases do not take incidents out into the public space.  They don't complain.

So, therefore law enforcement and other agencies aren't asked for help.  What additional steps can we do to protect children from sexual exploitation on line.  How can we strengthen the fights against the spread of sexual abuse material and how can we prevent the spread of sexually explicit content that threatens mental health of children?

The most effective and practical measures in our opinion are the following.  First of all, exchange of data on the localization of materials that are harmful and dangerous to children.  The exchange of data on new methods and mechanisms that are used by criminals.  The creation of black lists of resource on these materials in child pornography.  As well as the exchange of data about attackers and criminals themselves.  And we call them predators.

Also we need to look at blocking content creators, downloaders and think about the consciously malicious distribution of harmful content.  Moreover, such data exchange should be carried out at the interstate level and between authorized organisations to protect children on the Internet.  We need to also have campaigns and look at digital fingerprints and hashes.  For example, in 2022, 9,126 units of content were removed in the category of sexual content, and this was using the hash database.  Again, hash digital fingerprints.

The largest tech players on the Russian IT market as participate in this.  In conclusion I would like to invite my colleagues to join forces and work together.  We are open to cooperation and invite participants into the discussion to join our charter and together we can help to protect future generations.  I thank you very much.

>> TRACY HACKSHAW: Thank you very much.  I thought there were very interesting stats you gave there, 80% percent of children feel at risk of being exploited.  I have children myself and they are online and 80% feel at risk.  That's really troubling in our part of the world where I’m from the child trafficking is very big, and it seems to be coming from the online world and I think we do have to take a look at that.

I also like the fact that you gave practical examples of how we can combat this utilizing data exchange, black listing and working with the authorities to get things moving as well as self-recognition.  So I'm hopeful we could take this up in the question and answer session.  And find out what you did in rush that to get this moving.

I'm going to ask Deputy Minister Ernesto Rodriguez Hernández, the threats faced by states and cyberspace are increasingly worrying.  It is a topic that is widely debated on international stages.  What your opinion on the matter, and what actions do you consider could contribute to mitigating these threats?  Deputy Minister?

>> ERNESTO RODRIGUEZ HERNÁNDEZ: Thank you very much, and Olga, thank you for allowing me to be able to share my thoughts on these topics which I feel are of paramount importance for all of our humanity.  I believe that first and foremost we need to characterize cyberspace where everything is being developed.  Undoubtedly so there is a rolling development of cyber offensive capabilities and, as a matter of fact, there are national security strategies of some states which also include the possibilities of using offensive cyberweapons and also to undertake cyber offensive operations.

Undoubtedly, there are now preventive cyberattacks with a view to deterring adversaries, and they can turn all of these issues, they can turn cyberspace into a new scenario of conflict.  This is a danger that has now been heightened by the doctrines which consider the use of force as a response, a legitimate response to a cyberattack.

Secondly, increasingly, there is a more covert and illegal use of other nations' computer systems by individuals, organisations, and also states to carry out computer attacks against third countries.  In addition, this can also be a trigger for international conflict.  The misuse of information and communication technology and media platforms, I'm referring to social networks and radio and electronic broadcasts, as a tool for interventionism by promoting hate speech, insight to violence, sub version, destabilization, the dissemination of false, fake news.  All of this with political purpose against other states.  And this is a pretext for them to use this force.

This also constitutes an increasing threat to nations, and where it is more important to abide by these international principles of international law.  Where are these actions, where are they being undertaken?

They are being, now they are part of a so called fourth generation warfare which is rooted in manipulating emotions, the use of information that has been stored and processed in the clear violation of issues that are so important like protecting personal data rights, and many companies also are involved in this.

They turn all of this into a business model.  All of this is taking place in an international context with various threats, with armed conflicts, unconventional wars, attempts at regime changes and frequent violations of the United Nations charter as well as violating international law.

This is the environment where these actions in cyberspace are being carried out now.  The question is what is it we can do to counteract all of these threats?

First and foremost, I think we must undertake a global commitment so that the use of ICTs are used only for peaceful purposes for the benefit of cooperation and the development of peoples.  We must also do away with the colossal technological gap which are obstacles and hindrance for these Developing Countries to invest in the security of their ICTs, and that is the current state of awareness.  It is dire, it is essential and we have spoken about this in many states.  We need to adopt an international instrument which is legally binding, which complements the applicable international law which also should respond to the significant legal gaps in the sphere of cybersecurity and to effectively address the growing challenge and threats through international cooperation.

It is of paramount importance to increase cooperation in order to grapple with cyber incidents.  And as part and parcel of this exchange, we need to exchange information which does not compromise the privacy of states, nor should it violate any national legislation.  We must also implement technical assistance mechanisms to exchange good practices which would enable us to grapple with all of these incidents and also should bolster the operational capabilities vis‑a‑vis a cyberattack.

As much as possible, we should also standardize all of these cyberattacks.  We should use common terminology that fosters international exchange, and finally I think that is also of paramount importance we need to set a multilateral mechanism under the auspices of the United Nations to determine impartially and unequivocally the origin of these incidents related to the use of ICTs.

>> TRACY HACKSHAW: Thank you very much Deputy Minister.  You pointed to the violation of international law that is used to involve state actors and cyberspace, but I think your call for use of ICT to be used for development purposes and for peace, I think that is really something that we need to take a closer look at, and as you said, the call for an international instrument to complement existing international law is something we could discuss as we get into the question and answer session.

Thank you very much for your comments.

Again, questions and answers coming up after this round of questions, so I will go to Folake Olagunju who is from the ECWAS, and she will give a practical take on what's happening in West Africa.  So Folake Olagunju, the economic community of West African states comprises 15 states.  Which are the main challenges that these countries face in relation to cybercrime and cybersecurity?  Over to you.

>> FOLAKE OLAGUNJU: Thank you very much, Tracy.

So right, as Arissa rightly says the issues we are talking about are completely global.  So that would put into context what I'm about to say.  So what we are seeing within the West African region is obviously just a quick geographical background.

The 15 Member States, 11 are classified as LDCs so you can envisage sort of issues and challenges they already have without even putting cyber into place.  So what we have seen over the last few years is we are lacking a national coordination at the national level which is leveraged into an effective cooperation at the regional level.

We have seen that not only cyber is global, it is also a trust game, and for that to actually happen effectively, countries need to speak to fun another.  For them to do that, they have to be willing to collaborate to combat the cyber threats.  This requires adherence to international conventions, we are talking about the Malabo Convention.  Aside from that we are talking about Member States have the capability to collaborate with one another.  Resources is a big thing that is lacking on this side of the world.

Resources have three levels, the technical, the financial and the human.  Globally, we do acknowledge that there is a dearth of cybersecurity work for personnel, but on this side it's a little bit more different, it's a little bit more critical.  We do have personnel that are highly qualified that can do the job, but we don't have enough of those people available.

So it's an issue of how do we then cascade down the little knowledge that we have so that it actually makes an impact across the region?  Finances, a lot of our budgets actually not concentrated on cybersecurity, I think one or two Member States have actually put into their national budgets a very thin line on cybersecurity.  We are trying to see how we can encourage Member States to do a bit more.

Again, on the technical front, there is a lack of the requisite equipment and facilities actually required to actually do the job.  Aside from that, I think we are not only, the region hasn't gotten to the point where you are seeing cyber as a warfare like other parts of the region so the mentality is closer to boots on ground.  We are looking at physical security and that conversation needs to be leveraged a bit more.

I will say, and that there was a watershed moment.  I think everyone talks about preCOVID and after COVID, and I think COVID was a watershed moment for the West Africa region because a lot of conversations prior to that had resolved around the socioeconomic development issues that the region faces, but what COVID actually did was brought digitization to the forefront because everybody was tub obviously not prepared and you had to make sure your citizens could meet their daily needs and requirements.

I think the good thing, if I can say that and I use that loosely, the good thing about COVID is because conversations about digitization were brought to the forefront, Member States now have to start thinking about security.  And it's getting the attention it needs, and I'm going to borrow Christopher Painter's word here about sustained attention.

What we are trying to do now is ramp up and promote that our Member States actually start doing a bit more when it comes to cybersecurity.  Some are doing well, others are not, but it's our mandate to ensure that as the 15 Member States come together, that they actually do more, because the region promotes free movement of goods and people so you can imagine if we are promoting free movement of goods and people are indirectly promoting cyber threats across the region, so we need to do more.

One of the things that is a really big issue is the weak critical infrastructure that we have.  I don't know if a lot of people know about what goes on in Africa.  I will speak specifically about West Africa.  The grid are down.  Sometimes telecommunication is down.  It's common for this people on this side of the world not having energy or lights, power grid, social infrastructure.

So if we do sort of go two, three years from now and a cyberattack are on any of our critical infrastructure, a lot of people will be nonetheless wiser because they are used to not having this infrastructure.  It's a key challenge within this side of the world.  We are trying to see how we can promote the development of these infrastructure, make sure they are actually built to a capacity that can actually help its citizens, trying to promote a bit more cooperation and coordination amongst Member States.

We are trying to ensure that there is peer to peer cooperation.  It's not constantly looking towards the Global North because the nuances are different, the environments are different.  We are talking to Member States that have done fairly well, and actually I will take that back.  Member States that are doing really, really well within this side of the region actually pick up other countries that have not, and show them what they have done so that we can collectively address challenges together.

Like Elizaveta Belyakova said, one of the things she has seen in her own thematic in terms of child protection is the exchange of data.  That is not just about children, which is very important, but I think it's a cross‑section of promoting information sharing on cybersecurity on cybercrime as a whole.  And that is still lacking within this side of the world and we are trying to see how we can do that.  Like Katitza Rodriguez sewed, incentives.

A lot of the workers within the sector, the public sector are not incentivized enough to actually do more.  So it's a way of, we need to try and figure out a creative way to encourage Government, public sector to actually do more to incentivize their people to actually stay, train them, retrain them or make them pivot to other areas where they can actually use the skills they already have, involve the private sector and see how we can use that PPP collaboration to sort of move the cybersecurity landscape, improve resilience and strengthen it across the West African region.

I will stop here for now.  Thank you.

>> TRACY HACKSHAW: Thank you very much, and I think you had some extraordinary points there on how we can work together, collective action.  I want to pull that out as a Small Island Developing State citizen myself, I think we do have opportunities to work together to lift each other and share best practices.

In my particular field of the UPU we are forming an analysis centre.  So the postal sector in this case, but maybe sectoral ISOCs within West Africa and other regions could be one where we look at this.  You mentioned the issue of limited resources, limited resource budgetary and people.  That's a problem in many Least Developed Countries and SIDS and regions as a whole.

We do need to get that support, but with collective action working together we can probably drive this forward.  I appreciate your thoughts on that.  So now we are moving to questions.  So Olga, maybe we could see what is happening on the floor and online.

>> OLGA CAVALLI: Do we have colleagues in the room that would like to make questions to our speakers or comments or remarks adding to what we have been hearing?  There are mics in the room that you can line up or we may have questions from remote.

Do we have questions from remote?  It's a quiet afternoon.  Many the meantime, I would like to thank Folake for her comments, she resummarized the major concerns that we all have, especially in Developing Countries, not only West Africa we share the same challenges in all of the Developing Countries in the world.

No comments, questions from audience?  I don't see hands.  Some comments, questions from remote?  Okay.  One minute.

>> MODERATOR: We have one question on line and it's from Riad Hasan, Bangladesh youth IGF and a member of the Bangladesh remote hub.  The question is how can we ensure effective use of emerging technologies to ensure cybersecurity?

>> OLGA CAVALLI: Addressed to any speaker or in.

>> MODERATOR: No, no.  How can we ensure effective use of emerging technologies to ensure security?

>> OLGA CAVALLI: How do we ensure the use of emerging technologies to ensure security.

>> MODERATOR: Effective use of emerging technologies to ensure cybersecurity?

>> OLGA CAVALLI: Yes, please, go ahead.

>> ELIZAVETA BELYAKOVA: One of the reasons I wanted to take that one is because one of the things we are talking about a lot now is really that idea of secure by design, secure by default.  So that would be one.  The other piece on the emerging tech side I think it's been said a lot of IGF, but there is a reality that AI is coming for cybersecurity as well.

And it's, that can be a positive.  We see both the negative potential for AI in cybersecurity is the world of things you could use for exploitation, but the positive of that is that there are a lot of systems where AI can actually help.  If you are talking about big data sets, for example, identifying vulnerabilities quickly, being able to patch quickly, being able to identify them in sort of real time and correct all of those things are coming.

And I think that the reality of being able to make sure that we have systems that enable that is incredibly important.  I do think, I think that we are going there.  I think that's one of those areas for global collaboration as well, because when you start talking about data sets and information sharing, a lot of tech, a lot of AI requires big data sets, so being able to do that for cybersecurity systems, making sure that you have adequate access to data to enable that protection is important.

>> CHRISTOPHER PAINTER: I agree with everything you said.  I would say that emerging cloths are part of the larger problem but we can't lose sight of the cybersecurity too.  One of the things we didn't talk about yet and something that my colleague mentioned is when we have had these UN meetings when I have talked to countries around the world, almost to a person, especially for the developing world, the Global South, their number one interest is they need help.

They need capacity building.  They need the ability to actually deal with these threats whether they be nation state threats or criminal threats.  They need to be able to actually take things like norms and behavior and international law and apply them.  They need to be able to have emergency response teams.  They need national strategies and, of course, when you are looking at new technologies, you build that in.

So the fear as you see the technologies, and it becomes a bright shiny object and you forget about the foundation you have to build for these things and what the GFC does, it really does that, coordinates that capacity building around the world.  It's multi‑stakeholder.  We have 200 members and partners, countries, civil society industry, academia.  The whole idea is to work around the world to make sure that countries and others are up to speed.

They have these basic things in place, and it's a sharing platform for where they can work with each other.  I think that's, as I think about practical aspects of this as opposed to some of the political and other aspects, the most practical aspect is helping countries protect themselves, both new threats but also from existing threats and really build that capability around the world.

>> OLGA CAVALLI: Thank you, Chris.  We have two colleagues lined up.  I didn't see who was coming forward.

>> AUDIENCE: The colleague on the right came first.

>> OLGA CAVALLI: Go ahead, please.

>> AUDIENCE: Thank you very much.  My name is Jinson Alufi, based in Abuja Nigeria.  I have two comments, just to commend the panel, thank you for the work you have been doing, Chris, Olga and everyone in particular.

The first comment is to corroborate what Folake has been saying concerning the scenario in West Africa.  It is really weakening, we got to the good part of COVID, so digitization is a serious business and with it, of course, cybersecurity and that is to say that we need to take cybersecurity very seriously indeed because a lot of things are moving online.

Secondly, the United Nations Economic Commission for Africa sponsored a kind of research to measure the link between cybersecurity and development.  The objective is to present to policy makers, to take cybersecurity more seriously based on data, and assure that a 10% increase in cybersecurity maturity kind of yield between 0.66 and 5.4% increase in GDP per capita.

So with this you can see indeed if it you take cybersecurity seriously, there will be value add even to the economic part of the citizens, so just to bring that to the discussion.

Thank you.

>> OLGA CAVALLI: Thank you for your comments.  Thank you very much.

>> CHRISTOPHER PAINTER: Thank you for that.  I was at the IGF in Addis last year and that is really critical.  A lot of the interest around the world prepandemic, but even now is seizing the digital economy, digitization.  Often the economic parts of Government don't talk to the security parts of Government, or the communities don't even talk, but to achieve that digitization, to achieve that economic growth, strong cybersecurity helps you.  It's the platform to achieve that.

That's where capacity building comes in, but having statistics like that which makes it concrete helps sell this more to make it the local priority it needs to be for the sustainable effort we need over time and not just a boutique effort but one that is really important as part of it.

>> OLGA CAVALLI: Any other comments from colleagues.  Speakers remote would like to make any remark or comment about the two questions that we have received?

>> FOLAKE OLAGUNJU: Can I join in?  Thank you very much.  So just to quickly tap into what Chris said, yes, the GFC is actually doing amazing work, but I think the approach the GFC is taking is the best ‑‑ well, it's a good approach because they are also trying to leverage on regional economic communities, and the commission has been working with the GFC over the last years to see how they can drill down the capacity building to make it more meaningful to the member countries involved.

If you think about it, if you are trying to do capacity building from a global level, it would not actually tap down into what Reilly matters to me working and living in West Africa.  The second point was toward what Jimson was saying, yes, we are aware of the UNECA report, but I wanted to say again it needs to be drilled down.  We are looking at trying to promote cybersecurity or encourage more Member States to be more cyber aware.  To do that we need the awareness, the evidence and the practicality of how it has worked.

We cannot, for example, take what has worked in the U.S. and bring it to West Africa and expect it to work out actually having meaningful engagement with the people on the streets.  So for that to work, there needs to be a practical angle.  One last point to quickly sort of go back to what Tracy was saying about ISAC, that is an important point you have mentioned.  It is one of the approaches the commission has taken.  We have started a new program that was launched under the good 7 German presidency, it's the joint platform for advancing cybersecurity in West Africa.

And one of the things we are looking at is setting up an ISAC.  So it will be good to see how we can see what you have done and how we can leverage that.  Thank you very much, Olga, for giving me the floor.

>> CHRISTOPHER PAINTER: I don't mean to hog the mic but reacting to that comment, a couple of years ago or maybe more than a couple of years ago we recognized what was being said that this has to be a demand driven approach.  You can't just say here are programmes, go run with it.  That's not sustainable.

So having it both globally and regionally is important.  We worked in different communities.  We are having a Conference in Ghana bringing the development and cyber community together but we have a hub with the OAS in the Latin American, Caribbean and North American region we have something in ASEAN, we launched a Pacific hub.  It is important to have both of those together and they can share information because although list sons might be different, there may be lessons to be learned from other approaches.

>> OLGA CAVALLI: Thank you, Chris.  Tracy, you would like to ‑‑ let our colleague to make the other question?

>> TRACY HACKSHAW: Over to you, colleague at the mic, yes.  State your name and where you are from.

>> AUDIENCE: I'm from the Ministry of Foreign Affairs for the Netherlands.  I do have a question, well, first of all, thank you very much, everyone.  I think it's great that this panel is talking to cyber capacity building and cybercrime and state behavior.  Those three topics are equally important when we are discussing how to increase cyber resilience.

I do have a question for the Deputy Minister but also for the other panelists, maybe, the Deputy Minister was talking about the perceived need for a legally binding instrument on responsible state behavior in addition to international law, and, we have had a lot of discussions on international law at the UN level.  I was wondering regarding these discussions and considering at the UN level it was agreed that international law is applicable in cyberspace and we are all working out or real experts are actually working out other than me what, how international law is exactly applicable to cyberspace and how specific roles would be applicable.

And I was wondering if you could elaborate on how a new or new negotiations on a legal by binding instrument are related to this ongoing effort to find out how these existing roles apply to cybersecurity space.  Of course, I don't think we want to be premature in starting negotiations on something when we are still trying to figure out as a global community how international law applies and many countries have shared their national views on how international law applies and I think it's important that usual countries do that before we go to see whether there are gaps that we need to fill with a new treaty.

Since we are here at the IGF, I think it's important to say when we are talking about international law and cyberspace that we have not only international lawyers looking at that, but we need the technical community, civil society, and the stakeholders to look at that because it's an issue that is not only for those writing about international law.  Thank you very much.

>> OLGA CAVALLI: Yes, go ahead.

>> ERNESTO RODRIGUEZ HERNANDEZ:  I appreciate this question.  I will strive to be concise.  First and foremost, there is indeed an international debate deeply rooted in both of these issues.

There is a need to have a binding regulatory framework., also, the applicable of international law, and very specifically in terms of international humanitarian law in terms of security vis‑a‑vis ICTs.

I feel that there is one scientific element that's important.  What we are going to have to grapple with.  This is a completely different environment.  Cyberspace is highly dynamic.  The various topics that trigger conflicts and also safeguard international security or very different from the traditional ones we knew before from yesteryear.

I feel that we cannot think that the current existing standards, the good practices which strive to proliferate their use and the responsible use within cyberspace that are necessary indeed for us to be able to have a safe cyberspace where we work together geared toward development.

As a matter of fact, I feel that we have addressed this topic hear.  We have talked about disruptive technologies, emerging technologies as well.  This means that there are new standards, and that they need to be binding.  It cannot be voluntary, and it should not, the state should not decide whether they will be abiding by these laws.  I think we all need to be on equal footing, all countries.  We must abide by them.

They need to safeguard, they need to favor, foster a peaceful cyberspace geared toward cooperation and the development of peoples.

>> CHRISTOPHER PAINTER: First of all, thank you for the question and thank you to the Netherlands because they launched the GFC, but taking my GFC cap off for a moment and based on prior experience, the norms and behavior that have been agreed to by every country in the UN, every one of them, they are voluntary, but they are political commitments by those countries so if they agree to do that, they should be held accountable.  And we have seen violations.

So it doesn't matter if you had a new treaty or not.  We have seen treaties violated all of the time, and if there is not accountability, they just end up being words on paper.  I do think doing a treaty at this point is premature.  The norms are a good step.  More development needs to be done.  A lot of countries even though they agreed to the norms don't know what they mean.

You have to build on this.  And also there is a challenge because some countries when they think of a treaty they think of a treaty about information.  They worry about what they think is harmful information and that gets into human rights and free speech, so I think a treaty is far down the pike right now.  I think there is a lot we have to do including capacity building which is the more urgent thing to do right now.

>> I think from the industry standpoint, one of the things that becomes challenging for us is when you try to define things in a treaty, one of the fevers that you may end up actually ‑‑ fears you may end up less secure.  One of the challenges that has come up in the treaty negotiations is the question of access for researchers trying to do security research.

If you try to define that prematurely, you actually risk a world where vulnerabilities don't get patched because there are too many challenging legal questions around it.  And I think that's really concerning from a practical standpoint for industry.

So I will say I think industry sort of watches these questions really carefully.  We have been sort of strong proponents of norms in the space, really trying to think about, we look at it very much from a protection across the board from a, from an industry standpoint.  We have been trying to look at what actually promotes that primarily, and really thinking about what that looks like for everyone on the ground.

>> TRACY HACKSHAW: Thank you very much.  I know the time is short, but we do have one more question for the floor.

>> AUDIENCE: Hello.  My name is Dr. Mona Houck and I'm under Germany.  I have been working in projects, AI medical area for the last few years.  I'm AI tech, I'm working with experts, and I have been responsible for supporting networks within the EU.

So my experience, and this got triggered by what Folake was saying is I wonder, I have seen so many experts all over the world.  I have been working with more than 60 nations and it's amazing, but the knowledge and all of the lessoned learned, and I work with business industries, big major companies, the knowledge gets lost, and I wonder if I listen to Folake if there is not a way of somehow creating a knowledge pool with all of the technology that is available to not only think about, like, cybersecurity, but the people who create cybersecurity, the people who you want to teach kind of like a certain mindset.

So in order to avoid bias and include gender aspects on all of the things.  So we have been creating kind of like a certain best practice case for the EU, and it was the first time that we did it by applying, by kind of like coaches who supported the tech experts, people who were trained from social psychologists and social science.

I was wondering in all of these things because so much gets lost if people are focusing on tech and not including the other aspect, if there is anything, so my vision is that there is a worldwide knowledge pool where people from Africa and South Africa can just access to it.  It's a dream.

>> TRACY HACKSHAW: There are questions in the corners.  I wonder if we can take the other questions and pool them together?

>> OLGA CAVALLI: That's a good idea.  I was wondering if remote experts would like to make any comment or respond to any of the comments we have received.

>> TRACY HACKSHAW: Thanks for your question.  Let's go to the colleague on the right and the colleague on my left, and my right and then we will pool them together.

>> AUDIENCE: Thank you, Tracy.  I'm from Benin, from Minister of Economy and Finance of Benin.  I think Folake for her intervention.  I have one question for her.

I want to know if it's possible to use solar technology to serve the gap of lack of electricity for critical telecommunication infrastructure in West Africa?  Thank you.

>> TRACY HACKSHAW: Thank you very much.  And colleague on my right.

>> AUDIENCE: Thank you very much.

Let me introduce myself.  This is Gannis, I work for the Government of Nepal as a secretary in the Prime Minister's office.  We discuss a lot about the cybersecurity as well as the cybercrime.  And we discuss little about the cybersecurity and the children.  UN reports show that one in five girls and one in thirteen boys have been sexually exploited or abused before reaching the age of 18.

Don't you think this is a serious thing to our future challenge.  So concerning this I would like to raise some of the things that need to be considered.  First of all, having a kind of holistic approach for all cybersecurity may not be functioning, so we need a separate compact to address the challenges of the cybersecurity related to the children because of their specific necessity and specific characteristics of the children.

The second thing I would like to emphasize that one of the speakers already said about building the capacity of the children themselves through the Internet Governance as well as some of the Internet technology by giving digital literacy about making the way about their rights.  So this may be one of the most important things to save from the online safety measures.

The third thing that is most important due to the nature of the cross‑border issue of the cybersecurity.  We need cross‑border regional international collaboration across Member States and the private sector and the ICT companies.  That is very important in addressing technology facilitated child sexual exploitation and abuse.

This is the third thing I would like to emphasize.  Thank you very much.

>> TRACY HACKSHAW: Thank you very much.  We have an online intervention.

>> MODERATOR: We have some questions online from Rowanna from Sri Lanka what is the impact of cybercrime Conventions to cybercrime investigations?  And another question from Amil, what should be done when someone cross‑border digital platform refuses to cooperate with national competent authorities regarding cybercrime cases and refuses to establish official representative in the country?  Thank you.

>> OLGA CAVALLI: I would like to address the question made by the colleague from Germany.  I agree with you this is a relevant desire having this pool of knowledge and especially to be shared among different countries and regions, just to let you know that there are some efforts in preparing database of experts at least in the Organization of American States or correct me if I'm wrong, Chris, also in the open‑ended Working Group on cybersecurity in United Nations, they were working on a database of all of the experts of different countries, which is not the whole picture, but it's a start.

And it should be an ongoing process.  What is difficult from these effort is to keep them updated, and sometimes it's expensive and complicated, but I think it's an idea that should be, that we all have in mind.

>> CHRISTOPHER PAINTER: The UN effort is more points of contact for CBM so it's more limited and I'd say it's a great idea.  Part of what you are saying is being able to translate between the policy and technical people too which I think is important.  I had mentioned the civil portal again which is what my organisation has which now has over 800 best practices, guides, tools that can be used and it's open to everyone, not just members of the GFC at civil portal.org, but there are other things out there.  I think we are building toward that.

>> OLGA CAVALLI: Who would like to?  I'm sorry, Katitza Rodriguez, I didn't see you.  I'm so sorry.  Please go ahead.  And we have Quisai in the queue.

>> KATITZA RODRIGUEZ: The challenge of remote participation, but I'm grateful to be able to participate online.  Thank you, Olga.  So there were many questions that were very interesting through the discussions.  One of them is relating to the application under international human rights law or international human rights or international law. 

I will respond to this when it comes to the negotiation of the UN Cybercrime Treaty.  I don't want to confuse my answer with the other work of the OEG which there is no treaty.  When it comes to Cybercrime Treaty we have seen many of the powers for criminal investigations including across borders are obligatory while some of the states are optional.

The chapter on international cooperation should be subject to International Human Rights Law.  It should be treaty specifically that protect or the baseline for international cooperation, but instead the treaty deferred to national law the level of protection of privacy.

This means when one country wants to assist another in cooperating in investigating a crime, the law that will apply is the law that country is providing assistance in collecting the evidence.  We see in ongoing negotiation with 190 countries or more the level of privacy protections and the left of human rights differ from country by country.  If we don't have a minimum baseline on the chapter on international cooperations that all states should comply with, we are allowing very strong powers with almost minimal leaving international law to sky the level of protection what it is.

That could be very bad in many countries.  We are talking about surveillance powers that are very invasive like real time intercessional communication, real time collection of data.  In many countries the people who speak truth to power who are criticizing the Government end up being criminalized for posting a Tweet and sometimes people get criminalized in many countries, for instance, for being LGBTQ, being themselves because, so the issues that provide international cooperation and letting countries decide what are the crimes that will be allowed for that cooperation without restricting it to the core crimes that have to be in the treaty open the door of providing a legal basis of international cooperation for crimes that for some countries could be crimes and I call it crimes, but it could be also acts of expression in many other countries.

So without clear respect of International Human Rights Law, clear laws in the treaty that are the basis for negotiation and the narrow scope limited to separate crimes and crimes that specifically define the treaty, the treaty could be too broad and it could lead to abuse.

That's one of the things that are concerning.  To the other question about the grounds of refusal in criminal sessions, so it depends.  Sometimes companies refuse to cooperate on human rights grounds.  As I said, sometimes some countries criminalize someone for being LGBTQ.

Sometimes a journalist for writing an Article or sometimes an activist for writing a post.  And so sometimes there are grounds for refusal because the request is disproportionate, because the request is in violation of human rights law, and in those terms it's valid for the company to be able to refuse cooperation, to deny or challenge requests that are disproportionate.

We are not talking about the requests that are necessary for the investigation for crimes that are, that respect human rights law, that are necessary to file cybercrimes, but the problem we are having in the treaty right now is that this international cooperation will be based for any crime as defined by national law by any country which will be a lot of crimes and it will be very difficult for the authority to be able to know what the crime is about, and on which grounds they can refuse it which will create a lot of, it will be even very difficult for democratic country who will willingly refuse request will end up failing to, failing to be able to actually notice that the request is proportionate, that the request is not comply with principle, that follow the criminal procedure safe guards, and they will be able to not to deny the request and handing over information.

When we hand over information on an activist in places where speaking get you in jail, you can lead this type of investigation can lead to torture, disappear, and very service human rights abuses.  It's open the door for what we call transnational deprivation.

Safe guards are important not to undermine criminal investigations, but to be able to deny requests when they are disproportionate in violation of International Human Rights Law.  Thank you.

>> OLGA CAVALLI: Thank you.  I think you have summarized well the complexity of transnational concept of these activities.  I suggest that we take the question from Qusai and we let our experts do final question.

>> TRACY HACKSHAW: And shall we close the cue after that.

>> OLGA CAVALLI: Yes, and then we will get some final comments and wrap up.  Nice to see you and welcome.

>> AUDIENCE: Thank you, Olga, Qusai Oshati from Kuwait.  There was talk about the need of an international Convention or a treaty on cybercrime and I agree with the panelists when they say this is a long way to go.  Actually, we have, and earlier in the century we have the Budapest declaration which was about cybercrime and there were countries that were about 40 or more that signed the declaration, but the cooperation or international cross‑border cooperation in cybercrime did not pick up.

I wonder if we need a treaty rather than let's say improve or expand the role of current organisations like the Interpol, for example.  The Interpol currently is working from country to country when it comes to cybercrimes and whether the exchange in information, criminal investigation and facilitating the evaluation from a country to a country whether it is an issue.

Is there a possibility to improve that role of an organisation, like, for example, the Interpol rather than going for the track of Cybercrime Treaty or a new con depression on that?  Thank you.

>> OLGA CAVALLI: I suggest we give the floor to each of the panelist experts and then we wrap up.  You can answer the questions and do some final comments.  Chris.

>> CHRISTOPHER PAINTER: Yes, thank you, Olga, just in answer to the question, they are negotiating, with we have the bud pest Convention, where many countries, I think north of 80 have signed or exceeded.  There are negotiations happening in the UN for a cybercrime as opposed to a cybersecurity treaty that we are talking about.  Even there there are major differences between countries, between thought, some want an expansive view that covers everything including things I think would be protected human rights.  Others want to view this more focused on cybercrime.

We will see what happens.  I do agree that we need to continue to improve operational coordination.  Interpol is a great vehicle.  We have, when I was in the Government, I used to Chair something called the G8 and G7 high crime group.  We created the 24/7 crime network that has over 80 countries to share information.  So that is key.

This is a space that continues to evolve and become more and more important for everything we do, and if you are not following these negotiations in the UN, if now the following the things that are happening on a regional basis, you should, because it really, it impacts all of the stuff we talk about at the IGF, but even broader than that.  I think, again, one of the keys is capacity building.  The keys are working with countries that need help.  And that's something that I invite you to join us in that if you are a country and you are not a member of GFC. 

If you are a stakeholder we want to engage with you too.  This is, and one of the reasons I'm doing this role after leaving Government, is I think the foundational thing about capacity building which both helps us defeat all of the bad things but also enable the good things is critically important and it's a practical thing we can achieve.

>> OLGA CAVALLI: Thank you.

>> ALISSA STARZAK: I want to pick up on the theme of capacity building.  I think industry has a role as well.  One of the things we see and are looking for are to think about how we improve security for everyone.  That is not necessarily being done on the Government to Government side.  It's thinking about what resources are available, again, capacity building straight up, and then thinking about that collaboration that happens.

Sometimes that collaboration is on information sharing related to threats.  I think there is a lot of work that can be done there.  Again, first and foremost, I think there are a lot of people that just need tools, understand how to protect themselves and make sure the attacks don't have it in the first place.

>> ERNESTO RODRIGUEZ HERNÁNDEZ: I feel that we are debating a highly complex issue.  We do not have much time to make headway with the necessary resolve.  The criteria are decided, the standards, the binding standards, the treaties, Conventions, how they are all so violated, how they are not abided by with good practices, with good coexistence, with no binding criteria.  This is something we need to continue addressing.

We need to continue speaking about it and to reach a consensus.  For Developing Countries, it is a very difficult situation, and capacity building which we mentioned here, they are not comparable between the developing world and the developed world.

What are the capabilities that a developing country has to ascertain where the cyberattacks are coming from, where there is such a gap in terms of the digital divide, in terms of the information awe have access to.  Financing as well for development where there isn't parity.  And in a few words, I think these are topics we need to continue discussing with the understanding and the responsibility that we cannot, we do not have the time to put everything in order, and to fix everything in the cyber, in the world of cyberspace.

As I said, we need to foster all of these Conventions for the development of all of our peoples.  Thank you.

>> TRACY HACKSHAW: Thank you Deputy Minister.  Let's go to online panelists, Elizaveta Belyakova, please, final words and responses.  You have 30 seconds left.

>> ELIZAVETA BELYAKOVA: In conclusion I wanted to thank my distinguished colleagues for this debate and call upon them to join our efforts and work together because cooperation and participating in today's discussion has allowed us to further our work to protect childhood, as I have mentioned and you can find a link to our website in the information.

I hope that we will be able to protect children from these cyber threats and I hope we will have a more open world.  I thank you very much.


>> FOLAKE OLAGUNJU: Thank you very much, Tracy.  I think more needs to be done to promote the development of the cybersecurity culture which I think hopefully will lead to better communication and coordination at the national level which then leverages to effective cooperation at the regional level.  We can use that to strengthen collaborations with partners and to actually then develop the capacity that is required.  Thank you very much.

>> TRACY HACKSHAW: Five seconds.

>> KATITZA RODRIGUEZ: Thank you.  I will conclude that for me, human rights are universal and we don't have to view them as fundamentally conflicting with sovereignty.  In principle these are rules that the state has already accepted and already agreed upon to govern their own behavioral.

So in the treating discussions on cybercrime, we have been saying that we want to see minimum safe guards that are strong for both the domestic and international surveillance powers as a minimum basis for international cooperation, but it has not made it into the current test, and this is concerning.

Instead, in the cooperation may be provided by the national law by the country providing assistance which can vary and may not immediate international human rights standards.  So to conclude, to the question, of sovereignty and human rights inherently conflict, I would say that not necessarily the perceives tensions come from your political views and intentions not from the principles itself.  The treaty requires an anchor of international Human Rights law.  This is not about sidelining domestic standards on contrary, it's about elevating global standards to ensure that no human rights are compromised in the name of international cooperation, in the name of multiple systems.

Our goal should be clear, a Convention that not only acknowledges, but actively champion strong human rights.  Instead of using sovereignty as an argument to undermine human rights, the state should craft a Convention that uses criminal investigations for core cybercrimes as defined in the Convention while providing concrete and detailed human rights safeguards for both domestic and international cooperation.

We would like to see human rights not only in the preamble, but throughout all of the chapters and we would like to have very narrow scope that is limited to such core cybercrimes.  That's all for now.  Thank you for inviting me.

>> TRACY HACKSHAW: Thank you very much.

>> OLGA CAVALLI: Tracy, your final comments.

>> TRACY HACKSHAW: Thank you all for coming.  We are three minutes over.

>> OLGA CAVALLI: Thank you for the constructive dialogue.  Share information, cooperate, be active I am always positive towards technology.  I trust human capacity, so the journey is the destination with this issue, so let's keep on talking, keep on interacting and learning and I wish you enjoy the session.  Thank you all very much.  Thank you all panelists, thank you the audience and thank you the remote participants.  Thank you the remote experts.

Thank you all.