You are here

IGF 2017 - Day 1 - Room XXII - DC on Core Internet Values

 

The following are the outputs of the real-time captioning taken during the Twelfth Annual Meeting of the Internet Governance Forum (IGF) in Geneva, Switzerland, from 17 to 21 December 2017. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

>> OLIVIER CREPIN-LEBLOND: …the paper which is the Core Internet Values Dynamic Coalition has put together for this IGF. My name is Olivier Crepin-Leblond, I’m the chair of the coalition.  And next to me is Matthew Shears, who is one of our panelists today, and Vint Cerf further down. The agenda for today is going to be first discussing the paper for the first half an hour or so of the session. The second half an hour will be discussing internal core Internet value DC coalition work and planning forward as to how we are going to reorganize ourselves, I think, as the way forward and maybe see if we can come up with some committees, et cetera.

The session is supposed to be quite interactive, so we’ll just start with reviewing the paper quickly, discussing a few parts of it, and then digging into the actual “Freedom from Harm” proposal which is on the table today and which was proposed in our paper.

So first I guess maybe should I just let Vint and Matthew say a few words? Start with Vint Cerf.

>> VINT CERF: Well, bonjour Monsieur Crepin-Leblond. And that is all the French you’re going to get out of me. I just wanted to say that the notion of “Freedom from Harm” arose from the other language that we use about Internet- freedom of information, freedom of access, openness, permission, innovation, all of these very important qualities need to be tempered with the recognition that this is not necessarily the -- the online environment is not necessarily the safest place in the world. We rely very heavily on the software in our laptops, our mobiles, our tablets and, of course, in the cloud. And we know that the software, which makes the infrastructure, is not impervious to attack. A consequence of this is that people who are using the network, I think, would like to feel that in addition to the freedoms that they have, that they are also safe. And I think this is an important property that we should seek to achieve. We will not achieve perfection, but the notion that we try and we educate to achieve this objective, I think, is very important. To say nothing of trying to build software and systems and practices that leave us safer than we would otherwise be. So freedom from harm is not a guarantee.

There is, also, I think, a potential political hazard inthe use of the language, which I had not appreciated until it was pointed out to me, and that is those organizations and even Governments that wish to control the way in which the Internet is used, may use this “freedom from harm” phrase to justify a variety of oppressive methods to inhibit the use of the network. So we should be very careful about the slogans we choose because they may be abused by those who do not agree with an open and freely-accessible network.

So the paper, I think, is a very important explanation of the concept “freedom from harm,” the side effects that it might introduce, and that’s why we are here today to try and refine the idea and to try to achieve at least some of the objectives which are mostly associated with making the Internet a safer place than it is today. So, Mr. Chairman, I think I’ll stop there, that’s more than enough from me.

I hope that you’ll forgive me for leaving at 9:30. I have to go to another meeting, but I would like to hear, as much as possible, the discussion that will ensue.

>> OLIVIER CREPIN-LEBLOND: Thank you very much, Vint.

Next is Matthew Shears for opening comments.

>> MATTHEW SHEARS: Thanks, Olivier. The core value paper is very interesting. I’ll come to the freedom from harm in a minute. It raises a number of questions. And the one I like to come back to, and hopefully we can do that when we go through the paper, this notion of whether or not the core values themselves should, could, or will evolve over time. I think that’s something that we need to perhaps spend a little bit of time on. I’m also interested in thinking about, and this ties into freedom from harm, thinking about one core value that is, in my mind, missing. I’ll come back to that as well, which is the notion of secure. This touches on the freedom from harm very directly.

I think, Vint, you’ve raised some of the concerns I was going to raise with regard to freedom from harm, which is in my mind it’s very much -- and I think this is a good thing to have an interactive discussion about -- is very much a kind of an end state or a goal, something that we would want to see for the Internet as a whole. But how we achieve that may be through a combination of those values and perhaps including another value that may get at some of that core ideal of ensuring the security and possibly the safety, although we may want to distinguish between those two concepts.

So I think there are a couple of goo meeting areas we can perhaps have a good dialogue with, and we have a relatively small group so that- looking forward to that. Thanks.

>> OLIVIER CREPIN-LEBLOND: thank you very much, Matthew. So the paper is online and it is linked to the agenda for today’s meeting. We are collecting feedback online. There hasn’t been very much feedback, in fact, for any of the Dynamic Coalition papers so far, so I do encourage you to provide feedback. The Core Internet Values as we have defined in the past few years are purely technical values, so we’re not dealing with rights and principles and so on which are dealt with by other coalitions. The ones that we have listed at present are that the Internet is global, so global medium open to all regardless of geography or nationality. It’s interpretable, and that’s of course the ability of a computer system to run any applicable program from different vendors, et cetera. It’s not vendor specific, it’s not operating system specific. It’s open as a network of networks, so any standard complying devices can actually use the network and that promotes a lot of innovation. It’s decentralized, therefore free from any centralized control. It’s end to end with application-specific features residing in the actual communication devices rather than the network being geared for specific applications. It’s user centric and that’s where the user effectively controls pretty much everything they want to do on the Internet. It’s robust and reliable. This was the shortest list we managed to put together over the years with some question as to whether further values should be added to this.

Now I know there are discussions going on in the Internet Society about this. In ICANN, the accountability thread had some discussion on these Core Internet Values as well. One could also say that the discussion about network neutrality is something that is a breach, if you want, of Core Internet Values if network neutrality doesn’t actually remain there. So the notion that Matthew has brought forward and saying “well, we haven’t got secure listed in that set of values” is something that we probably need to look at, and whether freedom from harm is actually equating to secure in some way.

>> OLIVIER CREPIN-LEBOND: Vint?

>> VINT CERF: so that’s an interesting question because the term “secure” implies somehow freedom from interference, malicious interference. Achieving this usually involves a variety of technical applications, but it also involves behavior. For example, if we use usernames and passwords as a classic example of trying to limit who has access to your account, poor practices will leave you insecure.

One question is how do we posture the system to achieve better security?  And one example is not to use usernames and passwords, or at least not exclusively, but to introduce other mechanisms like two-factor authentications, end-to-end encryption and other kinds of technical means.

I guess I’d like to ask Matthew whether -- how you’d like to interpret the term “secure.”  Because it turns out that the attack vectors against the Internet’s architecture come at various layers in the structure. So security is not the result of an action in some single layer at all.  It’s a series of defenses. So I am interested to know how you’d like to interpret the term for best benefit.

>> OLIVIER CREPIN-LEBLOND: Matthew Shears?

>> MATTHEW SHEARS: We’re jumping straight into the hard one. I suppose it is my immediate reaction when looking at the list when compared to other norms or other lists of such norms that typically, although here it says “robust and reliable,” typically you’d see “stable and secure,” for example. It occurs to me that when we’re talking about an environment where we want to achieve a state of freedom from harm, a lot of that is really in exactly that which you’ve described, which is a sense of responsibility for cyber hygiene. It’s also ensuring there’s a right level of security built into IOT devices. So there’s a dimension to the notion of “secure” that I think is broader than just using a password.  It’s actually about the ecosystem as a whole.  It’s about ensuring that manufacturers place the right security within their devices and across their networks.

So I think- I don’t have anything against freedom from harm.  It’s more the notion that I think that’s kind of an end state of the applicability or abiding by these core values, and that’s something that we want to achieve. And particularly because the odd man out in this list here, which I’m actually delighted to see, which is the notion of user centric. Here we talk about user centric about control over information and data and things like that.  But there’s another dimension of user centric which is the responsibility to take on board that cyber hygiene and that responsibility for being effectively now nodes in a system. I think in that sense that’s also a part of the freedom from harm, right? It’s a responsibility that the user must assume.

So it’s a kind of a- is it a security or a secure from a technological perspective that we should be looking at because this is largely a technical list? But it may also lie within the user centric characteristic or core value as well.

>> VINT CERF: So if you don’t mind the back and forth a little bit

>> OLIVIER CREPIN-LEBLOND: That’s absolutely fine, Vint.

>> VINT CERF: So let’s talk for just a moment about users and the tools that they are offered in order to protect themselves. We are derelict as technologists if we declare that users are responsible for protecting themselves and we provide them with no tools to do that. Or we fail to provide them with an infrastructure that has the features that will allow users to protect themselves as long as they practice, we’ll call it “safe networking.” So there is, indeed, a technical component to all of this.

To give you a related example that I continue to worry a great deal about, this so called “Internet of things” or “cyber physical system” devices that have software in them that are attached to the Internet and are running more or less without any user control. They’re autonomous pieces of software. The big concern I have is people who build that software and sell the devices that contain it, may have very little interest in assuring that the device is safe from tampering or inappropriate control because their motivation is to just sell something and then it doesn’t matter what happens after that. That’s a new responsible attitude, but users are not necessarily in a position to asses whether the device they just purchased is, in fact, configured in a way that protects them.

The most recent example that I know about anyway of a significant side effect is the attack against the Dyn corporation by the Mirai botnet. The botnet herder, or general if you’d like, by the way, was arrested but not before a substantial amount of damage had been done. Half a million webcams were taken over in the botnet. And it was easy because they no controls at all. It was easy to aim their megabyte per second video streams to a common target.  If you do the arithmetic, it’s 500 gigabytes per second of traffic aimed against one target on the network that knocked the organization off the Net.

I consider the production and deployment of devices like this to be irresponsible, and I also think that the users, unfortunately, don’t have the tools for detecting that they have a device that is unsafe in that respect. So if feels to me, I don’t know, Matthew may disagree, but it feels to me like there are a panoply of different responsibilities that lie, at the early stages of design and implementation pieces of Internet or devices that use it, all the way up to and including the users in the application space. And if we’re going to achieve the goal of freedom from harm, we can only do so by a substantial amount of effort across a wide range of parties and practices.

>> OLIVIER CREPIN-LEBLOND: Thank you, Vint.  At this point in time I’d like to get a few -- a bit of input and so on from participants on the floor.

So Ralph Vaber and then perhaps -- well, we will go around.  So please introduce yourself and then we will continue.

      >> RALPH VABER:  Ralph Vaber, University of Zurich.  I just want to make a historical remark, so to speak. 

      Of course everybody would like to have secure communication.  But, in fact, five years ago, I believe it was in Dubai in December 2012, there was a huge controversy regarding the term "security."  And notwithstanding the fact that everybody would like to have security, interpretation of the term was quite different.  And a good number of countries around the world interpreted "security" as possibility to restrict free flow of data, because security was seen as part of sovereignty of state public order.  So I'm relatively reluctant to base a Declaration on the term "security."  

      >> OLIVIER CREPIN-LEBLOND:  Thanks.  We have Teresa Swanhart, please?

      >> TERESA SWANHART: Hi.  Thank you.  Just a question.  There's often sometimes discussions around the health of the Internet and the health indicators around the Internet.  And then there's discussions around how to resolve cybersecurity for matters.  And the core Internet values really go to the heart of some of the underlying issues relating to this. 

      What would be, in an ideal world, the next steps with regards to the values and how they might propagate into a wider acceptance of this is just how we need to function, similar to a clean environment or similar to other factors around that?

      I realize we don't want to leap to the solutions and next steps, but it seems like there is a fundamental part around the conversation of the DNA of the Internet. 

      >> VINT CERF:  I think I have to walk out the door in a couple minutes.  Very, very quick, two points to be considered.  The first one is the devices on the network that are available, you know, freely for purpose, for example, by the public, that contain software, might well look for some indication that they have been tested for safety and security.  In the US there is something called the Underwriters' Labtory and it tells us that electrical devices have been tested for safety, if there is an interest in trying to evaluate software on these devices in order to determine whether they appear to be safe to use.  So that's one kind of tactic that we might imagine happening. 

      I wanted to say one other thing, but I forgot what it was, so I'll stop. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you, Vint.  And I hear that the sound wasn't working properly.  But it's being taken care of. 

      So thanks for coming and giving us a few points on this. 

      So Karen, please. 

      >> KAREN KATS:  Hi.  Thank you.  My name is Karen Kats.  I'm with the African Internet Institute. 

      So I had a question about where this work fits in in the larger debate.  Because there seems to be multiple debates going on.  And on the one hand people saying that we need to protect the public core of the Internet, other people saying we need to, as the result, bring in ethical frameworks.  A third group saying we need a human rights framework, and having that be the basis.  Especially considering the fact that some of the principles that are in here are definitely worth pursuing, but are not in line with where the market is going. 

      I spent a lot of time at the Internet Engineering Task Force.  And, for instance, end-to-end is increasing harder with content delivery networks.  So I was wondering what is the data that this paper is trying to speak to? 

      >> OLIVIER CREPIN-LEBLOND:  Vint, you're allowed to answer. 

      >> VINT CERF:  No.  You just reminded me about something that I wanted to say.  The end-to-end notion has some great power to it.  And at Google we ended up assuming that all the networks, including our own, were unsafe.  And therefore we developed something called beyond Corp, Beyond Corporation, which you might want to look at it.  It advertises how it works in the first order.  And the whole idea is that you assume that everything underneath you is unsafe and use end-to-end networks for stronger communication. 

      So thank you for that reminder. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you, Vint.  So that's a very good point that you've made and I think it's down to whether those Core Internet Values should evolve.  And the very fact that yes, we do have content delivery networks that are skirting around the end-to-end scenario as the Internet is slowly evolving to a slightly different architecture, doesn't mean that the end-to-end Internet value should be deleted as such. 

      And so that leads us to the next part of the discussion, which we will start in a few minutes, which is whether we should have an observatory that looks at how the Internet is evolving, and which values are perhaps being broken or dropped, and which values are being added, if we do agree that the values are not inalienable and can evolve with time as the Internet evolved with time. 

      I think the Core Internet Values when we started didn't have in mind anything about the Internet of Things and all the new devices that are connected.  And if we were to stick to a core set of values and saying we well, we can't move from that, then technically we might end up having obsolete values as it goes. 

      That's just something I'm throwing into the room, and I'd like to have some feedback on this. 

      Matthew? 

      >> MATTHEW SHEARS:  Actually, I'd like to come back to a comment by the gentleman there, and also it touches on the freedom from harm.  We've always assumed that the words "security, stability and resilience" go hand in hand when we are talking about the network.  What Vint is getting at is bigger than that.  And it touches on some of the concerns that you raised.  And I think it's true, that we tend to interpret "secure" in absence of those other qualifying terms, as something that is much broader than the network.  That really will define -- if secure is inserted into the paper, we would have to define it quite specifically. 

      But I think one of the challenges, and I'm sorry that Vint left, one of the challenges, when you're talking about harm, that can mean many, many different things in many different cultures and under many different norm systems.  So, again, we risk, by trying to achieve or insert that core value, we risk that as well. 

      So it's -- you know, we're kind of struggling with something that whichever way you turn it starts to get you into a bit of trouble and you have to be very clear about what you mean. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you, Matthew. 

      Does anyone have a suggestion as to what language could be inserted for "Freedom from harm" or "Secure" or something?  Bearing in mind that I was at WCIT-12, and I was actually in the UK Delegation, which was the one that was mostly against having "Secure" being added to the paper.  And the response was:  Well, let's call it "Robust" rather than "Secure."  In full knowledge that robust means it won't collapse under pressure and under attack and so on.  So it would mean somehow that it's secure from being able to defend itself from any attacks, but at the same time it's a more neutral word that can be misused for control of the network, including log-ins, passwords, strong identification, et cetera, that could evolve from that, by saying well, the only way to make it secure is to know absolutely everything about whoever is connecting on it.  I'd be interested in hearing some feedback and thoughts on this. 

      Do we codify this into the Core Internet Values?

      Matthew? 

      >> MATTHEW SHEARS:  I think we need to bear in mind where the Internet is evolving and what ways it's evolving.  Let's just take the case of IoTs, as Vint and I were taking about earlier on.  We must assume that both the user and the manufacturer of IoT devices is going to assume responsibility for connecting them to the network.  And that means that the manufacturer must insure that they are secure and there are levrls of security that can be upgraded and can be understood by the user.  Particularly if they are IoT devices that you are buying in the supermarket in three or five years, so I think we need to address the issue of security.  We need to address it in a specific way. 

      To do so, we would be remiss and we would also be kind of stepping aside from something that actually is going to become increasingly important when it comes to the overall resiliency and stability of the network.  So we can't avoid security.  It's how we describe it and how we address it that is important. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you, Matthew. 

      Any thoughts in the room?

      Sebastien Bachollet. 

      >> SEBASTIEN BACHOLLET:  Thank you very much.  I just want to ask you one question:  Why do you want to ask innovation today to be more secure than the invention of the things before and particularly Internet?  Internet was not secure.  And it was not meant for that.  And it was not supposed to be what it is today.  And then why you want to add something to the inventor to be more expensive or what they want to do.  And maybe it will never work. 

      I understand why we need that, but in the same time, we may lose some innovation. 

      >> OLIVIER CREPIN-LEBLOND:  Thanks for this, Sebastien.  I think Vint mentioned earlier the botnet and the modification of attacks using weaknesses on the security design especially on things and devices that are now being connected.  So perhaps that is one of the reasons why we're looking in that direction. 

      Sebastien? 

      >> SEBASTIEN BACHOLLET:  Yes.  Thank you again.  But, at the same time, we as the end-user, we want to have the cheapest IoT that we can.  And why we will ask for more security, it will develop price or cheapen the price, and then we will never value it and then it will never come to the market. 

      It's something we need to take into account.  Yes, I understand we need security.  But how we can deal with that and not lose innovation.  Thank you. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you, Sebastian.  Yesterday I saw a device which was one dollar that now provides full WiFi and connectivity and et cetera that can be embedded in the system.  So maybe security can be added to this in one way or another, like some kind of a password or some kind of protocol. 

      The gentlemen over on this side, please.

      >> AUDIENCE:  Thank you.  I confess that I have not thoroughly read your paper for this DC, but it appears to me in response to the comments that you just made, a remark about what the Internet was invented for, it was invented for defense purposes.  And now it's evolving into a public utility, like electricity and tap water.  So it needs to pick up the values and the benefits for society that public utilities are supposed to respect, including human rights.  So maybe the phrase you were looking for a few moments ago is human rights based.  Unfortunately, that's too long, but if you can think of a short way of saying that, that would be good. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you.  And could you introduce yourself just for the transcript? 

      >> Yes, Winston Robert from (Inaudible).  

      >> OLIVIER CREPIN-LEBLOND:  Okay. 

      >> MATTHEW SHEARS:  This discussion takes me back to the NETmundial Internet Governance principles, in which human rights were a big component of that, as well as was security, stability and resiliency of the Internet as well.  What I want to do is respond to Theresa's comment about where is this going and how does it evolve?

      I helped ISOC with the future Internet report, which was released in September.  One of the questions that we asked on the sidelines of that report when we were interviewing people was:  Should the core values of the Internet evolve?  Will they evolve?  Do they need to evolve?  And this gets to the point in the paper which tends to -- seems to suggest that we should consider these as static.  And this was at an ICANN or IGF meeting that we asked these questions, and people didn't know.  Quite frankly, many responded no.  They shouldn't.  They are essential to the survival of the Internet.  Others responded yes, they should, because we don't predict what the Internet is going to look like in three or five years, and the others said it's totally unclear.  So we can't predict. 

      So I think we have to leave some flexibility to anticipate that the Internet will evolve.  Whether or not that means the core values change is another discussion, but the paper seems to indicate that the moment that they are going to be somehow -- unless I'm reading it incorrectly, Olivier, but it seems that they are reading it as they have somehow solidified as separate core values that may not evolve and may not be added.  This is just a comment. 

      And do you want to talk about the future?

      >> When we talk about value, we talk about what is inherent.  For example, we talk about freedom or we talk about universal nature of the Internet.  We talk about openness.  How do you alter a value like universal?  How do you alter a value like freedom?  And how would you alter what is inherent?

      So if you go a little deeper and look at one of the more intrinsic human values, such as truth, do you think you can modify a value like truth?

      So what we talk about core values here is what is inherent, what is being thought of it.  What was not put into the Internet, what was not designed in the Internet?  It was there, it existed.  And these values will continue forever.  These values are timeless.  And that is a notion that we have been trying to convey through our paper. 

      Thank you. 

      Matthew? 

      >> MATTHEW SHEARS:  I'm not suggesting that they would or should change.  What I was maybe saying is that in this survey that we were doing of the participants, people like us who use the Internet, it was very unclear in terms of whether or not they were in fact inherent.  And so I'm not proposing that they will change or could change, just wanted to reflect that there is some uncertainty, which I think is important for us to think about. 

      >> AUDIENCE:  Certainly it was basically because these are concepts which are very difficult to articulate.  And there is a process of articulating the value, not modifying the values, but articulating the values and looking at it again and again. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you, Shiva. 

      There is a sheet, by the way, that is going around the room at the moment with name and email address.  And if you wish to be put on the mailing list, please indicate so, so that we can continue the dialog for any other Dynamic Coalitions. 

      So where do we go from here?  Do we add this core Internet value?  How do we call it?  Do we call it freedom from harm?  It's the second year running that we are stuck in this position saying are we putting a level of security that is required in networks today?  We have heard from Winston that there is a need for this whole thing to evolve.  The Internet has changed.  It's not just a few groups of people that knew each other anyone.  You have public utilities.  You've got more and more devices being connected on there.  And you've got more and more cases of high profile hacking or malware out there and causing millions of dollars worth of damage.  At the same time, you have this problem of ordering the value itself so that it doesn't get used for other purposes than the intended purpose of, well, preventing people from being harmed.  There is always a thing about protecting you from being harmed can be interpreted in all sorts of ways.  

      Where do we go from here?  So I'm not sure we can find an answer today, unfortunately.  I can certainly see that we have had a little bit more movement forward, but it's a very tough question that we're addressing here. 

      Matthew? 

      >> MATTHEW SHEARS:  Hopefully others will suggest things. 

      I don't think that we are -- I don't think that Vint and I are in disagreement about the end goal of what he is trying to achieve, which is freedom from harm.  I think that's something that we would all want to see. 

      I think it may well be a semantic difference, and also how you try to be very precise in terms of talking about security, stability, resiliency, which is partially drafted in the core value.  But I don't think -- I completely agree with Vint that we have serious security issues and risk that we have to address.  How we capture that I think may take some wordsmithing. 

      So let me put an idea out there, which is perhaps -- first of all there is a suggestion at the end of the paper that this Dynamic Coalitions needs to work more closely with the Dynamic Coalitions on the Internet of Things and other Dynamic Coalitions where principles and norms are also being considered.  And I think that might actually bring some greater clarity to how these norms can evolve. 

      And then I think you could go so far as to use these core values as a score card.  Right?  People are doing things or building things for the Internet.  How do they measure up?  We have a set of inherent core values.  What's -- how do we use them?  Maybe they are a measurement tool of sorts that can assess whether or not changes to the Internet are actually consistently and have the, for example, user centricity at their core, for example. 

      >> OLIVIER CREPIN-LEBLOND:  Yes, thank you.  I had invited Martin Botterman, the Chair of the DC on the Internet of Things.  Unfortunately, he is on another panel at the moment so he can't make it.  But the IoT, the DC IoT has presented in this IGF first a set of good practice policies for IoT.  And they have introduced the concept or are proposing the concept of an ethical framework for IoT practice.  So I think that we should indeed speak to the DC IoT and perhaps even work together to try and get some kind of common work together perhaps even introducing the ethical good practice.  I was quite impressed with the paper as it was presented. 

      Another thing that the DC has done last year but we didn't do this year was to look at the world as such, and see if any of the core values were being breeched.  Last year was a bit straightforward, because there were several high level or high profile cases of breech of values.  This year was a little more complex.  The question is, should we continue doing this?  And perhaps should we go even further into this, because there is so much going on for the Internet.  It's very difficult for a single organization or for a single small group of people to track these things.  Should we go one step further and introduce the core values observatory?  So looking very much in this sort of the example of what -- Wendy -- I forgot her name, chilling effects.  Wendy Selszer, the chilling effects website, which put up all of these cease and desist letters on the website.  And it was provided by crowd and so on.  So there was a framework, a website, and so people could submit letters and things.  Could we have or should we think of coming together with a proposal where we would have a website, where breeches of core values could be registered by people around the world?  And I have no idea whether we would get an avalanche of such information and who would be curating it and how that would all work out.  It was just an idea thrown out here on the floor and see if it gets any traction and if there is any interest in doing such a thing?

      >> AUDIENCE:  First of all, on IoT's ethical framework, when it comes to core Internet value, it's much bigger than having an ethical framework.  It's like having core Internet value, it's a global Internet standards, which are just a reference to any policymaking.  And does it hurt this value?  Does it further this value?  Does it conform to this value?  These are the questions that policy makers fundamentally ask. 

      So when it comes to that website, you were talking about an engine, building an engine.  And it did have an engine, which is well designed, like some of the tweets that are tagged.  There is some news that happens which interferes with any of the core values, that engine would automatically pick up the feed, that Facebook post or whatever, and that -- on one side of that, and on the other side people could write and publish breeches.  And so it could take several shapes, several different ways of taking shape.  And so what we could do is we could get started and have this engine running.  And then let's see what happens. 

      That's a good move.  It's a really good thing to do. 

      >> OLIVIER CREPIN-LEBLOND:  Yes, thank you.  Sheban. 

      I think automating this is going to be a bit challenging.  And I see Andrew Sullivan,  perhaps, stepping forward to build this.  Perhaps.  Perhaps not.

      >> ANDREW SULLIVAN:  My name is Andrew Sullivan and I don't speak for anyone.  But I'm not stepping forward to build it.  It seems that me that we have Wikipedia.  The problem has already been solved.  All we need to do is stand up a wiki engine and people can put whatever they want there. 

      I think one of the Core Internet Values of course was that it was always distributed.  Your network, your rules.  You want to believe in these values, then go ahead.  If you don't want to believe in them, then don't participate.  And that seems to me, actually, to be one of the key things that, if you're going to proceed with this sort of thing, then you have to embrace that value as one of the ways that you're going to work. 

      >> OLIVIER CREPIN-LEBLOND:  Yes, thank you for this, Andrew.  That's a good point. 

      Any other comments on this?

      Matthew Shears? 

      >> MATTHEW SHEARS:  Perhaps this has already been done.  But it would be very interesting to see how these core values line up against other established and accepted values.  I don't know whether that has been done within the DC.  Because I think the weight of the values will be amplified if it can be shown that they are also the same or similar values as to those that were adopted in other similar processes.  The one that comes to mind is NETmundial. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you, Matthew.  We haven't actually looked at the NETmundial values and put them together.  We have had a joint meeting last year -- well, we invited Marianne Franklin from the Internet Rights and Principles Coalition, and it was clear that the Internet Rights and Principles was looking at more of the sort of ethical values when we were just focusing on the technical values.  But it's a good point to match them with the NETmundial.  So we will take note of that as well. 

      Time is going so fast.  And we had a second half hour that we were supposed to spend on the organization of the DC.  I've been Chair for a couple of years now, and would like to build somehow a team of people that would be interested in bringing the Dynamic Coalition to the next level, including this project that we might be attempting to do on the observatory.  So it's difficult to ask for immediate thoughts on this.  But I'd like to sort of throw an idea into the room as to whether there is any interest in creating maybe a core team or a leadership team of people from across the community that would be interested in not only sharing the workload, but also driving this forward so we would have people in charge of different projects.  Because I can see certainly several projects that can open up from here. 

      There is a sheet that is going around the room.  So we will put you on the mailing list if you're interested in following up on this. 

      But I'm not planning to be Chair forever.  I'm ready to stay for another year.  But after that, I think there needs to be a good team of people that can take this further and expand its work and take it to a level where we have not the same discussion every year, because I'm a little concerned we got stuck on this freedom from harm thing for a while.  But actually expand and do projects and so on that go further than just listing the Core Internet Values as they currently are at the moment. 

      Any thoughts or suggestions as to where we can move from here?  It's a very open call here. 

      Yes, please, go ahead.

      >> AUDIENCE:  Yes.  Hello.  This is Shiva from Nepal.  And we recently did a survey of the young people around the awareness and use of the Internet and how Internet youth leadership is struggling.  And most of the people came up with the idea that the current problem was the challenges that they faced with the Internet core values, especially in south, southeast. 

      So I think we need to work towards creating bridges for those areas, including -- you know, including all the stakeholders, and diversity is a must.  And the core values that we have, the set of core values that we have, are currently good.  But we further need to refine it and work, as you said, with different stakeholders.  Diversity, we need to include, and we need to move forward with the effort and energy, surely. 

      >> OLIVIER CREPIN-LEBLOND:  Okay.  Thank you.  Salina Talamica Romero.  I'm out of practice with your name.

      >> Good morning, Chair.  Good morning to the panel.  Lovely to be here. 

      I just wanted to add that ever since Vint sort of mentioned the need of core values at last year's IGF at Guadalajara, it triggered a whole bunch of discussions within the global community.  And from the region that I'm in, when we had the Pacific Internet Governance Forum, it was something that we sort of emphasized.  And in relation to your call as to your proposition in terms of gathering the stakeholders, I'd like to raise my hand in my personal capacity and also to nominate some organizations that I think might be interested in lending a hand as well.  And congratulations on the initiative. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you for this.

      Any other volunteers?  Maybe I'm not asking for volunteers right now.  But any other thoughts as to our way forward for the next year?

      Okay. 

      Very snowy day today.  Oh, Vanish.

      >> VANISH:  I'm a little bit worried that what we currently have in the core values, even though this is a consensus, misses out on things that -- I'm not the only one that feels that there is something really wrong and it's not being addressed in the core values.  Maybe the reason is we have been attempting to do the core values on the "right" spaces.  I as an individual have a right to.  But mostly what I have as a problem with the Internet nowadays is not my rights but it is the fact that other people are being mislead.  And I don't see anything like the old fashioned word of honesty.  It is not in the core values.  But an environment of honesty is what we somehow need, and I'm not sure how to build it.  You talk about the Scorecard, the idea of the Scorecard, what is the behavior of the parties?  Do they contribute to an environment of honesty or do they subtract from it?  And to give an example of how we live that, when you get the message on a mobile phone that says:  Your application such and such wants to do this.  Is that an honesty?  How many people responsible for the question?  But the consequences are.  Not if I press, but what are the consequences if millions of other people press yes, I'm okay with this, without understanding what they're doing.  That's going to have many consequences on me and millions of others, of course. 

      We have to be able to have something like a Scorecard to hold companies to account, I think mostly they are companies, that have to be held to account on what they do in that respect. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you very much.  Sounds like there is the word "trust" in here somewhere. 

      Matthew Shears. 

      >> MATTHEW SHEARS:  I was just going to say the same thing, Olivier.  That's one of the words that we're hearing a lot about these days is the word "trust."  And perhaps it's also a nice term, because it not only applies to the situation that you just described, but it also applies to the more fundamental ability to trust the network.  So it might be a good bridging term in that sense. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you, Matthew. 

      Shiva.  

      >> SHIVA:  On the way forward, apart from going ahead on significant projects, there are certain responsible things to do.  This coalition includes Internet community leaders who understand the Internet, who created the Internet, and who know what harms the Internet and what does not.  The responsible thing to do is to, one, is to educate -- not to "Educate."  I wouldn't use the word "educate," but to interact with the policymakers and to impart an understanding of Core Internet Values about what makes the Internet what it does.  And that's one thing to do. 

      And then when some serious harm happens in terms of legislation or a policy move in some corner of the world which could affect the rest of the world, then it also becomes a responsible thing for the coalition to get involved and plan to stop the harm from happening.  That should be the next level of activity in the Core Internet Values. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you, Shiva.  Would holding stakeholders accountable be something that could translate into what you were saying?

      >> Yes, that's what I mean. 

      >> OLIVIER CREPIN-LEBLOND:  All right.  Well we reached the top of the hour already.  It's gone fast indeed.  We only have one hour, unfortunately, for this session.  We have the sheet that has been going around.  So I'll be contacting you maybe next week and providing you with the ability to get on the mailing list.  Or if you want to be on the mailing list, just add a cross next to your name on the sheet.  I think the sheet is in that corner now. 

      And I'd like to thank Matthew Shears for having joined us.  I want to thank Vint Cerf, but unfortunately he had to leave early.  But at least he brought forward the concept of freedom from harm forward.  And I hope that you'll all remain involved with the DC and we can meet next year to take things further. 

      Think about this core values observatory thing.  And if you do have any ideas on the resources that we would need for this and whether there could be any organizations that would be happy to help with resources for the DC -- we don't have any income or anything like that -- then please step forward. 

      And perhaps one last word from the lady in the corner. 

      >> AUDIENCE:  Good morning, Honorable Chair. 

      I have a question for you.  And that is how would you teach the young people to respect Core Internet Values? 

      >> OLIVIER CREPIN-LEBLOND:  Matthew Shears. 

      >> MATTHEW SHEARS:  Okay.  That is a great question.  And I'm going to give you a very kind of obvious answer.  But it's something we should talk about more, but we are out of time.  But it's about educating.  We talk about educating kids about cyber hygiene.  But this is perhaps even fundamentally more important or as important as cyber hygiene, which is understanding what really drives the Internet and what makes it successful. 

      It's a great question, thank you. 

      >> OLIVIER CREPIN-LEBLOND:  Thank you, and Sebastien Bachollet the last word, no?  Okay.  Thanks. 

      Well, thanks, everyone, for coming here and see you next year.  And, please, we will see you on the mailing list.  So "see you on the Internet" as Vint likes to say. 

      This meeting is adjourned. 

      (applause)

      And just with apologies for people who are following us remotely.  Apparently they can't hear us or couldn't hear us.  I don't know whether they can now.  So apologies for this.  This is a problem outside of our control. 

      And I think that there is also a problem with the scribe as well, scribing somebody else's thing. 

      >> One of the problems was that we had two sounds.  Sound coming from outside the room and sound coming from inside the room.  That's something that we have to fix, because if we are going to have that for all of the IGF, we will never come back. 

      (end of session)

Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10
Switzerland

igf [at] un [dot] org
+41 (0) 229 173 411