You are here

IGF 2019 – Day 0 – Raum III – High Level Internet Governance Exchange Panels on Security, Safety, Stability and Resilience - RAW

The following are the outputs of the real-time captioning taken during the Fourteenth Annual Meeting of the Internet Governance Forum (IGF) in Berlin, Germany, from 25 to 29 November 2019. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 



   >> WOLFGANG KOPF: Okay. Let's get started. Good morning, everybody. I'm very pleased that with a slight delay, we are starting this distinguished panel. I think we only have half an hour.

    My name is Wolfgang Kopf. I'm really pleased to have such a distinguished panel. In order to speed up things, everybody who speaks, otherwise, we're losing too much time. The questions we're discussing here are twofold. The first question is how should we deal with constantly upcoming new threats for the technical core of the Internet. That's all about IGF. And the second one is what legal regulations and capacity‑building approaches we need. So it's about technology, and it's about international law, and maybe also national law.

    I know we have a variety of experts here who cover both. We'll start with the professor next to me. Sorry. We have no seating order.

    Before he starts, let me give you just a few facts about cyber threats. We operate one of the biggest cybersecurity centers in Europe. We employ almost 2,000 people. What we're doing there is constantly monitoring the attacks which are seen in the Internet. We use so‑called honey pots, that's a small device simulating to be a vulnerable device in our network, but we detect the attacks.

    What is your estimate about a daily average day in terms of attacks? I'm not asking somebody. The average is currently about 50 million per day attacks on these devices. At peak, it's 100 million per day. If you look at recent figures, the German association of digitized companies just published some figures. The crime is 100 billion euros per year. Three out of four companies in Germany have already experienced data theft, espionage, or other threats coming from cyber.

    If you look at the recent report, their estimate is 6 trillion, trillion, dollars in 2021 of damage worldwide coming from cyber. So that gives us an idea how economically important this subject is.

    But I leave it with that.

    Professor Waidner, the floor is yours.

   >> MICHAEL WAIDNER: What I would like to do the next few minutes is setting the stage for what are the threats for the infrastructure. To introduce myself, I'm a professor for cybersecurity. At the same time, I'm heading the main cybersecurity for Germany's largest organization for applied research, with, like, 28,000 employees. And I'm also heading the newly founded National Research Center for Applied Cybersecurity, with 500 researchers. So a lot of capacity for doing computer research.

    So what are the key challenges for security and safety and for stability and resilience. It's kind of a mini Mickey Mouse stick. This espionage information that's targeting our applications, at the bottom is our core infrastructure, which is what I'm going to talk about.

    Typically, attacks, hacks, are coming from all sides, but typically, it's weaknesses, problems, they're at the bottom. These three on the left, I'm going to talk about each for like one minute.

    The first one is establishing ownership over resources. This is actually something that everybody here is experiencing. If you do anything over the Internet, you want to know who is the other side. On the Internet, people could say, the problem with all of this, it's a challenge.

    There are methods for verifying other sides. If I want to get a certificate and do it securely, everybody is using domain registration. I am saying, Hey. I'm Michael Waidner. If you receive an email, it was me. The problem is this doesn't work. So there are attacks, and we can show that essentially all of the main locations on the Internet can be attacked.

    The same is true for many others. One problem is establishing ownership over resources. There are solutions for this, I would have to say, but they have to be deployed, of course. Deployment is always a problem.

    The second challenge is something like the internal challenge in secure routing and secure naming. I send a message not for the correct route, but I reroute it somehow, so the attacker can intercept it. This is a well‑known problem. There are solutions to it. This could play a big role. We've done a lot of statistics and measurement in the Internet. It happens thousands of times. Prechecking and rerouting. It's still an open problem. Same for DNS. That's the naming system on the Internet. If you want to reach me,, so to speak, someone has to tell you who that is. This is the domain system. 75% of all company networks are vulnerable against something called cache poisoning.

    Again, forging certificates and with DNS, I can reroute you to anywhere I want.

    The third is stability. You will see one example. We did a very simple experiment where we tried to measure a few things in the Internet. We did this by using some ‑‑ usually not used flex and TCP. Routers didn't behave well. Instead of doing what they should do, many of them simply crashed, and people figured out that by using standard protocols and doing something that's not so common, you can prevent an attack.

    What it shows you is the Internet, this basic infrastructure, is very fragile. We need to find ways to figure out what other devices are there, what is the software, what is the hardware that's used. And we have to find ways to deploy better solutions.

    Again, this is the third challenge. So this was setting the stage, I told you. Research is providing many, many solutions. If you're interested in what we are doing, this security analytics, is headed by ‑‑ and the solutions are there. Deploying is difficult to be done.

    With this, I hand it back to the moderator.

   >> WOLFGANG KOPF: Thank you. I think the next guest speaking is the secretary general of DTU. His theme will be the framework, as I understand.

   >> Thank you, very much, Wolfgang.

    Let me appreciate Deutsche Telekom, first. I was director in Peru for 1998 and 1999 I started my office. I received higher delegations by your board members with technical guys. In Geneva, we spent one day talking about it. There are many operators in the world. I am pleased that 20 years after that meeting, Deutsche Telekom is very strong. They cap even stronger. It's one of a few remaining very active. It's not only a German carrier.

    I would like to talk international framework. Of course, international telecommunication was created in 1865 by 20 European states. There's a new Germany. Germany did not exist. We had seven German states. If you talk about German membership, we have founding members from Germany. We worked from the very beginning to talk about the security. It's taken very seriously.

    We realized that we have to engage the approach to engage many people. In 2003, first in Geneva, the IGF was created.

    Recently, we advanced work on the cybersecurity, particularly in the artificial intelligence areas and the computings. We established groups to look at this issue. Now, this is a technical issue, but IT is working with our members to try to increase the knowledge about the cybersecurity and the capacity building of cybersecurity, and we have a lot of partnerships with many people.

    Over the last 10 years, we established a global cybersecurity agenda. The experts from Norway, a lawyer, we developed this agenda. I was very pleased to know that at PP18, this global agenda, we could continue to use the guidelines to help us to strengthen our corporations with our members.

    The head of the American delegation was there. We appreciate very much his personal roles to support us with this kind of work.

    And, last but not least, when we talk about this new technology of 5G, I am very pleased to share with you the last four weeks we had our meeting and talked about communication business. I was very honored to receive a letter from President Trump to facilitate our meeting and encourage ITU to continue to place rules for the spectrum.

    The spectrum is absolutely important when we have the next technology of 5G. We're very encouraged by President Trump's message at our conference. I was very pleased that we finished this conference last Friday. It was very successful. We have the support to deploy 5G everywhere. We have also established some groups to talk about the security issues.

    Also, in my message, I replied to President Trump that we encourage the United States to play its leading roles to this new technologies and also invite our U.S. experts to come to join DTU's activities to develop global standards for the securities. It serves the purpose to satisfy everybody, including our American friends and to meet the expectation of the end users for the security because it's them who really help us to use cyberspace. We have to include this to increase confidence.

   >> Wolfgang Kopf: Rob, there was a lot of themes already. Maybe you want to take over. The deputy assistance secretary for CyberMetrics in the U.S., well known to us Europeans. You're spending more time over here than in the U.S., I think.

   >> Almost. Thank you. Thank you, Wolfgang. Thanks for including me on your panel. Secretary general, I want to congratulate you on completing that communications conference which has identified 5G spectrum and it's going to contribute to the growth around the world.

    We're just now passing the 50th anniversary of the creation of the Internet. In that time, the Internet has faced many challenges, and those challenges have been addressed by multistakeholder institutions that have grown up over that time. The organizations like the Internet Engineering Task Force, the IEEE, the last 15 years, the IGF. Also, ICANN for the domain system. We've seen these develop to address challenges.

    Now, hopefully, we're going to see the next 3 billion people connected to the Internet, probably a trillion new devices connected through the Internet of Things in the next couple of decades, as well as every important sector of our economy becoming more digitized and, therefore, more reliant on the Internet and secure connections.

    That means we need to continue to strengthen and revitalize these stakeholder institutions to address those very significant challenges of the future.

    As we do so, we need to keep in mind what has made it successful so far, and that is having a very successful innovation base in a set of policies that have allowed innovation to bring us so much positive development and improve people's standards of living and connecting people around the world. That innovation has happened because we've used flexible and efficient regulatory postures so we're not stifling future innovation.

    In the United States, our vision is to have an open, interoperable, reliable, secure Internet for future generations. In part, it's important to make sure we have the trust of the public and businesses. Related to cyber intrusions and cybersecurity of the systems, I think it's important to advance a framework of responsible state behavior so that nation states do not undertake malicious behavior in cyberspace. Along with other nations, international law applies in cyberspace just as it does in the real world, and there are certain norms of behavior in cyberspace. That includes another nation not attacking another.

    We saw on the sidelines this last September of the U.N. high‑level week, 28 countries come together to say we support this framework of responsible state behavior and that states that act inconsistent with it and contrary to it should be held accountable and further that accountability to at times impose sequences for states that act in malicious ways.

    You know, I think it's also important ‑‑ one last point to really bring home here ‑‑ we need to address all these technical vulnerabilities between border gateway protocol to DNS poisoning.

    Because we're in a software‑based system, any software can be updated to push forward new vulnerabilities and new compromises to systems. There have, we really need to have a trust relationship with the vendors for our most critical technologies.

    In 5G, it will support artificial intelligence, we must have the highest standard of trust with those vendors. The United States are encouraging countries around the world to comply with the rule of law and has a judiciary in place to make sure it adheres to our most fundamental rights, including freedom of speech and association.

    A vendor that does not comply with the rule of law is one that we cannot trust with our most precious data that will be generated on 5G systems.

    With that, thank you.

   >> WOLFGANG KOPF: Thank you. Well, what is the view of the smaller state? I think you're able to comment on the details.

   >> LUIS SALAZAR: Thank you, very much. I'm Luis Salazar, the Minister of ICT and Science and Technology in Costa Rica.

    It's very important when we talk about cybersecurity because we're talking about people. We're talking about children. We're talking about all the people that live in vulnerable areas. So my message is that we want to improve all that we are doing under two concepts. The federal, gender equality, and protect the child.

    So we're trying to do it from multi‑culture to cybersecurity for computer science, coordinate at a national level and international level. This is very important to work together. That's to improve the cyber and computer security and support administrative and judicial for the prosecution of perpetrator of cybersecurity and computer crimes.

    We're talking that we live in a global world, and everybody each day have more connected devices. We have to manage public policies. We're talking about innovation. We're talking about how can we make access to the Internet. However, the most important thing is not to talk about the technical skills. I know that all the technical skills. I am an engineer. But the most important thing is to talk about the benefits of the people. The center of all the discussion must be the people.

    If we don't work having the people in the center, we will have big and strange solution for technical risk. However, we won't take the benefit for all. And this is the reason that I am here. When we work together, we need to be capable to cooperate between the countries.

    Sometimes we're trying to define our national strategies, but this national strategy depends of our ideology. However we think to do is try to endorse to strengths all the breach along the different country, in order to work together. So I think that if we fight, in order to increase the capacities of the vulnerable people, we are going to move on, and we're going to get more benefit of all of these challenge that we are facing.

    Thank you.

   >> WOLFGANG KOPF: Thank you very much. I am now pleased to introduce Michael Bolle. He's the CIO and CTO of Bosch.

   >> MICHAEL BOLLE: I'm Michael Bolle. I'm the chief technology officer of Bosch. There's a reason for that. We're a strong player in the Internet of Things and the Internet of Things that's a combination of the real world and the digital world. Therefore, we have both worlds in one person.

    I would like to talk about the role and the importance of trust in the Internet of Things. At our initiative representatives like the IEEE, like Digital Europe, Trustable Technology, the Industrial Internet Consortium, Trusted IoT Alliance met for the first trust forum in Berlin this year. The main focus of this gathering was to answer the question: How to build safe trust in digital systems.

    In order to understand this, we all know that the global IoT market is significantly growing. So we see 250 billion U.S. dollars revenues already in next year. This is a growth of 35% year over year.

    We cannot accept a situation in this world, in this development status, that the overwhelming reaction in the public space is mistrust and fear. In order to fight this common notion, we have to find, also, technology and governance solutions for that.

    Therefore, we established the Digital Trust Forum as a global initiative for connected intelligent products utilizing AI and the Internet of Things. Therefore, we talk about the AIoT, and the Digital Trust Forum was created.

    We believe this is the time for the format because governance as a foundation for trust in the IoT is obvious. A key question addressed by the Digital Trust Forum is how to enable trust by defining quality parameters, monitoring compliance, and, therefore, formalized AIoT, trust policies will be at the heart of operationalizing this managed by a trust policy management system.

    The idea is that by formalizing trust policies for AIoT systems, trustworthiness can be established because all policies are made transparent. The system can exist the current valid policy definitions remotely in real time and use the data to control performance. The system behavior from a trustworthiness perspective can be locked and published, and trust can be efficiently enforced by managing system exceptions and escalations. Together, with our strong partners, our company is to strengthen the confidence and the possibilities in the future.

    However, we know that we not only need policy makers as partners, we also want to support them with concrete proposals from an industry perspective. The Digital Trust Forum will aim to define policy framework to address all key aspects of digital trust in IoT‑based solutions. This framework will include a set of AIoT trust policies, a data screen to manage instances of policy trust definitions, and a catalog of reference, definitions for IoT trust policies based on set schema.

    We look forward to discussing these and other questions during the upcoming next Bosch connected world in Berlin in February 2020 where we'll continue our discussions in the Digital Trust Forum. I would like to cordially invite you to this event as well.

    Thank you.

   >> WOLFGANG KOPF: Thank you very much.

    Let me turn to my left now. I think you did a lot of research in earlier times on rights and copyright, but you're now deep into these subjects. You're from ‑‑

   >> POLINA MALAJA: Yes. I'm Polina Malaja. I'm with CENTR. Thank you for this opportunity to be on this panel.

    So I want technical community. When we speak about cybersecurity, we need to make an important distinction. So, first, there's crime committed online, facilitated by the Internet. And, second, there's criminal activity that's aimed at disrupting infrastructure, including domain name system.

    Technical operators are a cornerstone of the infrastructure that is the domain name system. And they cannot assess whether any crime has or has not been conducted online. The investigation and prosecution of any illegal activity on the Internet should be left for competent authorities. However within their technical capacity and expertise, they're actively taking measure to tackle mere technical security threats.

    So, for example, Botnets, phishing, farming, malware distribution. These security threats are targeted at technical infrastructure. This is where there's the necessary expertise and capacity to respond while still actively cooperating with the public authorities and within the limits of the local legal frameworks.

    Furthermore, they're continuously working on making sure that the zones are reliable, stable, and secure. For example, in the last three years, investments into security amongst European CCODs have increased an additional 30%. So this is by adopting relevant standards, performing regular audits, and increasing their in‑house security expertise.

    So when it comes to a global resource like the Internet and the cybersecurity threats within all stakeholders in the ecosystem have shared responsibility. So it's governments, technical actors, private sector, and, to some extent, even users. That doesn't mean that, oh, these responsibilities are shared equally or identically. Each of those actors can act whether it's technical, legal, or societal. Consequently, when it comes to the technical core and the cybersecurity threats within, these need to be addressed by increased collaboration and information sharing between partners. So, for example, responsible disclosure policies of shared vulnerabilities, sharing best practices and the information on security threats and working together on global standards within the technical forum.

    Last but not least, the importance of education, I think, should not be underestimated. There's often some extent, as a part of social engineering, involved behind at what at first glance seems to be a cybersecurity. So it continues training of staff, raising public awareness and educating local Internet communities is a necessary building block to make sure that there's greater security online.

    Thank you.

   >> WOLFGANG KOPF: Thank you very much. That was a very good overview of the entire program.

    Let's go standards. We heard more about standards in different remarks. Mina Hanna is the IEEE representative. He knows best about standards in this circle, I think.

   >> MINA HANNA: Thank you very much for the kind invitation. Very honored to be here on this panel with my very esteemed speakers. I really appreciate the kind mention of the IEEE by Bolle and Secretary Strayer.

    My name is Mina Hanna. I'm also the chair of policies committee. The IEEE, of course, had, as you may have heard, whether IGF and other organizations like ICANN, had an important role in creating the infrastructure that enabled the Internet. The Internet is built on technology that a lot of it was built on partnerships including the Department of Defense. There were a lot of protocols invented to create the commerce and sharing of data, like the TCIP, Wi‑Fi standards that IEEE created, 2.11 and all the varieties from A to I don't know how many letters we have now.

    On top of that, too, the entire infrastructure is not just technology. It's conventions. It's diplomacy. It's agreements. It's a lot of multistakeholders efforts.

    This was driven by the fast progress and development of artificial intelligence and autonomous, which without too much guessing, you can conclude that the pervasiveness of the technologies and how they are, so the ubiquitous in our lives, the IoT enabled a lot of ‑‑ or will enable now and more in the future, we'll see the increasing growth of more vulnerabilities, for example cybersecurity vulnerabilities will create a larger sphere for cyber vulnerabilities that would be quite a bit of threat to what we have built over the past 24 years, you know, resilient and safe and secure global supply chains, for example. That makes that a very ‑‑ kind of a big threat to economies on the free flow of data, commerce, and the Internet.

    So with that in mind, the global initiative is working on developing standards and certification processes to certify the due diligence processes, how companies work with each other. The aim with that is to increase the transparency, accountability, and trustworthiness of AI and essentially oxygen in general.

    And, you know, the global initiative has been ‑‑ you know, we have invested heavily in the global initiative to build that very large community. The community now is engaging with a lot of governments. We are, of course, here today at the IGF. The global initiative, through it, we have engaged a lot with the OCD, the high‑level expert group in Europe, and we were one of the first organizations that published principles for worthy AI and so on.

    I would say that this is my personal worry, is that what I'm most concerned about is what we might see in terms of vulcanization of technology in the future. I don't know if you want to call it. It's a catch word, the AI race and so on. We're seeing there are some different schools of thoughts on the values that should govern the Internet and govern what we do with AI tools and autonomous‑making systems. We're going to talk about that a lot in the next four days on human rights and civil rights and so on.

    Now, if I were to pick on something that the CEO of Siemens has said, the rules ‑‑ and I know he meant standards. The multistakeholder dialogue that raises awareness of communities that need to be involved to weigh in on the values that are critical and important. That, of course, is the role of the speakers here, everybody in IGF essentially. The critical role for diplomacy, signing conventions and having more engagements and dialogues. We look forward to staying involved in that. Work with us. We have a lot of collaborators and we continue that collaboration hopefully to solve that problem and challenge.

    Thank you very much.

   >> WOLFGANG KOPF: Well, thank you very much. Finally, we have Eran Brown. He's a data center architect. So he knows best how to really protect our data. And we're coming back to the technical level, I suppose.

   >> ERAN BROWN: I'm going steer away from technology. My name is Eran Brown. I'm with Infinidat. Two points you mentioned throughout the panel that I want to tie into. Number one, you mentioned $6 trillion in investment and damages expected from cybersecurity. So we're spending a lot of money, and we'll still be accumulating a lot of damage. Under GDPR and various standards and regulations, we call on corporations to protect the identifiable information of the data subjects. That's important.

    However, I feel we're lacking in encouraging companies to protect their own data. If a lot of that cyber damage comes from intellectual property theft and a lot of that theft is through social engineering, through the human element, we have to device our systems to design for failure. That means we have to encourage corporations to not only encrypt data that will get them a fine of up to 4% of their turnover, but also to encourage them to encrypt the data because somebody else in another country stole their intellectual property and can compete with them.

    We have to start looking at what data needs encryption beyond just personally identifiable information. What critical infrastructures or technologies will be potentially stolen from technologies. We see data breaches at hundreds per year. The number keeps going up. Number one, let's encrypt more data.

    Number two is the human element of that. I cannot have a higher agreement with Polina who said we have to have education. In Israel, they ran a study. 94% of all images and videos shared by pedophiles comes from jeopardized mobile devices. That's a terrible number because we don't have digital hygiene, because we don't teach kids how to protect themselves online.

    A couple of years ago, as part of a volunteering project I do, I started working with about 20‑year‑olds to make them more aware of what is being done with their data online. It takes quite a few minutes at the beginning of this training to get them to understand that for a company like Facebook, they are the product. Their data is getting sold. They're using these tools for years. They were kind of born into the digital revolution, and they have no idea what's happening behind it. They have no idea how to protect their accounts from password theft, for example.

    We are missing one element that is completely not technology. It's education. How do we build educational programs that will make the end user and the enterprise for resilient to fishing, and it will make the next generation, our kids, our grandkids, more resilient to social engineering. We're seeing cases of bank money theft, social accounts being locked out by hackers. A lot of our lives are not digital. We have to start thinking about teaching the younger generation to protect them. That will have a great side effect of having better educated employees in the enterprise and commercial sector. In this context, I treat it as a great side effect. 94% of pedophilia online comes from jeopardized devices. That alone should trigger action from our side.

   >> WOLFGANG KOPF: Thank you very much. I think that was another extreme important aspect, the human factor. We are always overlooking when it comes to these technologies.

    Given the time pressure, I'm not asking questions, but I open the floor for one or two questions to the audience. So who likes to pose a question to our distinguished panel? Do we have a mic there? Yes, we do. Just wait. Maybe you could introduce yourself briefly.

   >> AUDIENCE MEMBER: My name is Walter. I run a pilot project on the Internet standards and the deployment of Internet standards and the lack of deployment. If we agree something needs to happen, how do we get the education that gets it rolling, and how to do we deal with the bad actors that will never comply with what we agree with. Two questions: How do we go forward from here as an action plan? How do we deal with the bad actors? Thank you.

   >> WOLFGANG KOPF: Who likes? Please?

   >> I think we need global standards. We, ITU, work together for Internet standards and support a global accountability. In ITU, we also take care of the intellectual property protections. I think definitely we have already some observations that when we see some market failure, that they don't respect the global standards or something like that. Then we know that this kind of commercial could be picked up by the sister organization like WTU. We would like to encourage global standards for global services. We work with industries, for example, in IEEE, IETF, they all come to ITU to address the concerns of global standards. We try to make additional or stronger force to encourage them to continue to work on the global standards for the benefit of users.

   >> WOLFGANG KOPF: Thank you. I think Bolle ‑‑

   >> I think if we look at the various standardization efforts which are done in the various groups, which are sitting here on the panel or which have been present also in our Digital Trust Forum, it's clear there needs to be a stronger correlation between the activities in order to make them really tangible and more successful at tend.

    For example, if you think about the various activities which my colleague already mentioned and the impacts of artificial intelligence, also to cybersecurity and the other aspects, I think we need a global view and aligned policy making behind those things. So what is done, for example, in the IEEE for the ethics of AI, what is done in Europe has to be coordinated to a certain extent so we have a common view. This holds for the other aspects as well.

    Therefore, we think from an industry perspective, we think we need to create some kind of forums and exchange formats in order to bring those various standardization experts together and drive forward more holistic approaches to that. And the other aspect I would like to mention is clearly industry has to take a more active role in this standardization activity as well.

   >> WOLFGANG KOPF: Well, thank you very much. I'm already reminded that we're eating up too much time. So I have to close that panel. I'm sorry.

    Let's give a hand to these distinguished panelists.

      ( Applause )

   >> WOLFGANG KOPF: I think we covered very comprehensive set of themes, so I'm not summarizing this. I wish you a very successful IGF. Thank you.







Second Panel   


   >> STEFANIE KEMP: Thank you very much. A warm welcome to the next breakout system. We're talking about transaction and trust. I know we're the last stop before having lunch. Thank you very much for having, also, a very interesting fellows on the panelist.

    My name is Stefanie Kemp. I have the pleasure to moderate a very interesting session. We would like to have a little bit more on‑the‑fly exchange because one of my colleagues here on stage, Mr. Engel is not joining us. I would like to do a brief framing on our session. We're talking about that cybercrime is increasing. The problem here today is do we really find rules or would we like to have standard policies in place and what does it mean from the various angles.

    So I'm very pleased that I have several here today, our deputy minister from Lithuania. Thank you. Unexpected, Mark is again here. Mark is representing the insurance company. That's my understanding. The next one is Maximilian Tayenthal. Maximilian, thank you. And then we'll get Thomas Rosteck on stage. And I have the change of Mr. Xiaoxia from China. We decided everyone will have a short introduction of himself or herself. Give me a small frame of what is your touchpoint to this topic.

    I would like to start on my left side.

   >> Surprising to come here. It's my first time to be at IGF. I've done research on cybersecurity. My background is information and intentional relations. I would like to talk about the background and the framework.

    We're talking about mechanisms a lot. These kinds of malfunctions, it's to regulate the different actors' behaviors to make them more predictable and stable and finally lead to a consistent, stable corporation among different actors. The second, I've seen, of course, it's very important to the cyberspace.

    These things happen in an environment where we don't have trust. Simultaneously, it's very interesting to find out the development of ICT in the cyberplace depend on if there's trust. It's a very interesting thing. On one side, these actors compete. There's more influence to enjoy more advantages. On the other side, the actors' behaviors must limit certain margins. Which means during these competitions, you should not completely destroy all the cyberspace. If you unilaterally enjoy these too much, you destroy trust and there's no Internet. It's very interesting games. During these procedures, there's important characteristics. It should be important to notice, last but not least, these should only serve this unilateral actors' profits. It must meet the benefits for the actors as much as possible.

    Thank you very much.

   >> Stefanie Kemp: From Reporters Without Borders, what are the relevant cyber breaches you see today?

   >> CAMILLE GRENIER: The first I see first of all, the overarching things, we're a human rights organization, defending the right of freedom of information but the whole environment has been changing in the last year. We have a discussion on trust and distrust into media. So this is actually the fundamental layer for press freedom. For us, this is really a breach that we have all over the world, discussions of trust into media. The aim we're currently facing is we're thinking about how to create trust signals in the information and communication global space. That's why we developed ‑‑ we negotiated, actually, a bit of IGF style multistakeholder approach, so‑called journalism trust initiative, which is a European standard, which the idea is ‑‑ in the end, it should be a trusted third‑party mechanism to incentivize media outlets. Methods can be prioritized by algorithmic authorization. We had a discussion with several stakeholders in the last year. Facebook, Google participated in the project, and they registered for it. Multistakeholder with media organizations, Facebook, Google. We aim that this prioritization in the algorithmic organization in the end will lead to more trust if people can identify better some ethics and principles; but what is important, we don't have the aim to judge any content. It's just about ethics and principles because we, as a human rights organization, we are not defending any content. So the question of trust is, for us, a ‑‑ distrust, actually, is a major breach.

   >> Stefanie Kemp: Thank you, very much.

    I would like to go here, to Elijus Civilis. I really like your question. Do you feel secure in the Internet?

   >> ELIJUS CIVILIS: Well, I think this is a relevant question for all of us. Me, personally, I feel secure. If I think of my main stakeholders, like my grandmother or my mother or my kids, I don't think they feel very much secure. This is because of this mystification because of this cybersecurity, cybercrime, and everybody is talk about the digital skills.

    We're focused very much on the digital‑enabled services. In Lithuania, we have 90% of all the enterprises that engage the government through digital channels only. Everybody is talking to us digitally, but not everybody is having enough understanding of what is happening in the digital space. In the past, we were so much focused on the digital skills, what it means is basically training my grandma to do programming. But it's not about programming, right? It's about how do we understand the identities in the digital space, how we understand the ethics, how we understand, you know, the rights on the digital space. So I think the digital intelligence is what we are really aiming at. If we increase that with society, then, I think, we need to get a lot of those crimes as well.

   >> Stefanie Kemp: So Maximilian, the founder of N26, what are you doing?

   >> MAXIMILIAN TAYENTHAL: We found the company in 2013. Today, we employ about 1,500 people. The idea has always been to build. The goal is one platform of customers all over Europe. We want to build the first global retail bank. We just launched in the U.S. from New York with other markets to follow. So the product is providing a digital first bank account. So we're providing a product for millennials that like to do things on the smartphone. There's a massive shift in behavior from offline to online and mobile. In our world, people went to the bank branch and then they did banking on the browser. Now they do banking on the smartphone. Now it's realized that no bank throughout the world is really providing a great product, a great user digital experience for people that like to do things online and on the smartphones. That's kind of the niche we're tapping into. I think we have 1.5 million customers today, and we're the fastest‑growing bank in Europe.

   >> Stefanie Kemp: And if you're working in an online bank, there's specific challenges to prevent cyber ‑‑ or internal breaches, from your point of view to establish and provide a secure business?

   >> Absolutely. We're not ‑‑ we're dealing with the most private data of the customer and with the customer's money. So security, keeping this data private and keeping the money safe is an interesting part of the business. If you lose data, if you lose money, you can just go home and do something else.

    I think also in terms of ‑‑ there was a lot of thought about that at N26. We're not advertising with security because I think, one, it's not a place where you can differentiate yourselves from other banks. With banks, there's no way to claim money at a traditional bank is more safe than at N26. Obviously, trust is a very important part of the metric. This is around service. It's around predictability, but it's also about safety and security. What we're doing at N26, we're basically maintaining the standards of modern technology companies.

      (End of scheduled captioning)


Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10

igf [at] un [dot] org
+41 (0) 229 173 411