Managing Critical Internet Resources

(No.194) Localization of Data and its Implications for Economic Development

Go to Report
Status: 
Accepted
Workshop Theme: 
Managing Critical Internet Resources
Theme Question: 

What can we learn from countries who have implimented local data directives, with a focus on economic impact, and what can developing counties expect as challenges and tradeoffs when they look at implimenting local data directives?

Concise Description of Workshop: 

The US, EU, India and many other Countries are looking into laws and regulations designed to implement new codes or strengthen existing ones covering the storage, security and use of personal information about their citizens. In our digital age an individual’s name, photo, e-mail address, bank details, posts on social networking websites, all of this personal information and much, much more passes effortlessly around the globe at the speed of light.

Backgroung Paper: 
Organiser(s) Name: 

Garland McCoy, Technology Education Institute, (US)
Vladimir Radunovic, DiploFoundation (Serbia)

Submitted Workshop Panelists: 

Ambassador David Gross (US) (Confirmed)
Naveen Tandon, AT&T (India) (Confirmed)
Robert Pepper, Cisco (US) (Confirmed)
Bill Woodcock, Packet Clearing House, NGO, (US) (Confirmed)
Jacquelynn Ruff, Verizon (US) (Confirmed)
Jimson Olufuye fncs, ficma, Chair Africa ICT Alliance (Nigeria) (Confirmed)
Sam Paltridge, OECD Economist (Belgium) (Confirmed)
Ko Fujii, Google (Japan) (Confirmed)
 
 
 
 

Name of Remote Moderator(s): 
Virginia Paque, DiploFoundation (Venezuela) Remote Moderator
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Please include any comments or recommendations you have on how to improve the inclusion of issues related to gender equality and: 

Our workshop on the Localization of Data had one female panelist, Jacquelynn Ruff from Verizon and we did have a solid 50/50 split of men and women in the audience but the topic is one that does not have any particular gender issues related to it (at least not that I can think of) but it is an important issue that has an impact on both men and women.

Report
Reported by: 
Garland McCoy, Technology Education Institute
A brief substantive summary and the main issues that were raised: 

Workshop #194
“Localization of Data and its Implications for Economic Development”
November 8, 2012
 
Vlada Radunovic from DeploFoundation was the moderator and he began by introducing Ambassador David Gross who delivered the opening (setting the stage) remarks for the workshop. David began by reminding the audience (both the audience in the room and the remote audience) about the huge amounts of data that are uploaded onto the internet every day and downloaded every day. Youtube, Hulu, Netflix, government date, email, were all cited and David raised the question “where is all this data, content, stored and how do we access it?” “Who cares about the security of this data and the looks after the privacy concerns associated with huge amounts of stored but accessible data?” David asked the audience. David cited the policy challenges, economic challenges and environmental challenges associated with the advent of huge data centers that are popping up to handle the exponential growth of data on the internet.
 
Vlada next introduced our fist panelist, Bill Woodcock of Packet Clearinghouse, who delivered an easy to understand explanation of how data moves through the internet. He discussed the relationship between the internet exchanges and the internet infrastructure. He spoke about the significant cost savings associated with setting up IXPs which facilitate the exchange of local (in-country or region) calls and data. He spoke about how traffic is routed through the internet with every digital packet going through one internet exchange point and the concept called “hot potato routing” where outbound traffic takes the shortest path. He spoke of the importance, from the perspective of an ISP , to minimize your costs by getting packets off your network as quickly as possible as this is to the customers benefit. He spoke of how data is cloned (copied) again and again to move it closer to the consumer. The cost of replicating data is very low so it is sent out to as many local servers as possible to bring it closer to the consumer. He stressed the importance of exchange points being neutral, not being aligned with any particular market operator.
 
The next panelist to speak with Robert Pepper from Cisco Systems who delivered a power point presentation on the Visual Networking Index study which looks at data traffic and a similar study called Cloud Index. These studies look at data center and cloud traffic, workload, transition and cloud examples and how people are using cloud services. The studies all point to the significant growth rate of data center traffic globally. He stressed that 75% of the traffic stays within the data centers (data center to data center traffic as content is cloned and distributed) and he spoke of the efficiencies of scale, so that bigger is better in the data center world!
 
Robert noted that the growth in use of cloud services and traffic is being driven by consumers in large part. He defined cloud as shared access to things like voice, video, data processing, computing. So it is a demand type of service that is shared. So in four more years Robert said, two-thirds of the traffic will be cloud based. It’s taking the desktop and putting it in the cloud. Right now cloud applications are being driven largely by video and video on demand which of course is the consumer. Robert ended his remarks by talking about the need for robust delivery of data for public purpose applications like healthcare and education and he spoke of the need for developing countries to consider moving from 2G directly to LTE to ensure they have the bandwidth and he noted that the LTE technology has lower latency because of its design.
 
Both Robert and Bill agreed that having IXPs (local exchange points) and local data storage and delivery is to everyone’s advantage. If you are providing services locally, nobody is at a disadvantage. There are 340 data IXPs all designed to localize the data exchange and data centers are always build (clustered) around exchange point (hot potato concept).
 
There was audience participation, both remote and in room and the discussion centered on the need for the exchange points to be neutral, not controlled by the government or by a carrier. Bill pointed out that the cost of putting in an IXP is returned in a matter of days because the IXP creates valuable bandwidth. Traffic that once had to travel outside the country or region can now stay inside the country or region freeing up valuable bandwidth. There was also discussion of the need to build many Tier 1 capacity fiber connections to handle the traffic between data centers. Supper high speed capacity is needed to handle traffic between the data centers.
 
Bill woodcock mentioned the five things you need in the network as an answer to an audience question, you need; local loops to reach end users, domestic backhaul, international transit, multiple ways to get in and out of the country, and a regulatory environment that makes all of this work.
 
Next we heard from Naveen Tandom of AT&T in India and he spoke of the sovereign need to protect the data in country. He spoke on the need to have interoperability capabilities and recognition of standards and certifications. He cited India’s data laws and gave an example where you can’t take customers data, like billing data, out of the country. There was discussion about the fact that India has 7 exchange points but only two are in active use because the other five are not trusted because they are not seen as truly neutral. Again it was stressed that these exchange points need to be neutral for them to be trusted and used by all the carriers (ISPs). Bill said that India needed more IXPs and faster IXPs.
 
Next we heard from Jimson Olufuye who runs an ICT company in Nigeria that manages among other things, data facilities. Jimson, with his ICT colleagues built and association called the Africa ICT alliance and they have built 6 IXPs in the region. He stressed the fact that the content is in a local language and the importance of working with the government to address issues and to help get the right laws and regulations in place.
 
Ko Fuji from Google was the next speaker and he talked about the fact that Google was a cloud-based internet company serving both companies and consumers alike. He listed some of the consumer services; gmail, YouTube, search and maps that were cloud services with shared access. He mentioned that the cloud gives end users flexibility on how access their information, what devices they use; mobile devices, fixed wired devices etc. He listed some of the criteria that Google looks at when they select a location for one of their data centers; proximity to reliable networks and bandwidth, proximity to end users, political stability of the host country and its laws and regulations, also important is an available skilled work force and the availability of abundant and affordable power (with an emphasis on renewable power sources and the environment). He stressed, as others had, that data centers consume a lot of energy. He cited the web site where people could go to take a virtual tour of one of Google’s data centers and see the location of some of the centers.
 
Next up was Sam Paltridge and economist with the OECD who also had a power point presentation. He documented that when you put taxes, fees and regulations on voice and data moving into and out of a country the volume of voice and data declines dramatically. His presentation documented country after country that had put termination fees on voice and data only to see their volume drop and their tax revenue decline. His presentation sent a clear message that countries looking to fill their treasuries on the backs of taxes and fees on data flows in and out of their countries that revenue path disappointing.
 
We wrapped up the workshop with a presentation from Jacquelynn Ruff from Verizon who spoke of the significant investments made by Verizon and others in the network and how cross boarder agreements on data flows and spectrum use are essential. She discussed the concerns about government intervention in systems that are working and the need for a multi-stakeholder process.
 
We had a solid engagement with the audience and had several remote participant questions. We have a lot more to discuss on this topic and every member of the panel hopes we can continue this topic discussion at next years IGF
 
 
 

Conclusions and further comments: 

We just touched the surface of this important, dynamic and evolving issue. "Big Data" is becoming more and more a part of the internet structure and we should continue to discuss this topic. 

(No.192) Disaster Resiliency and Continuity of Internet Operations

Go to Report
Status: 
Rejected
Workshop Theme: 
Managing Critical Internet Resources
Theme Question: 

Question 2: How can IG policy choices ensure sustainability during natural disasters and recovery/relief efforts?

Concise Description of Workshop: 

Recent natural and man-made disasters have shown the importance of ICTs for connecting relief workers, coordinating response operations, and keeping citizens informed. As Internet-based communications are increasingly relied both in daily life and to support disaster response and recovery, advance consideration about infrastructure, access and sustainability must be taken into account for disaster preparedness. Moreover, disaster recovery and reconstruction offers a further opportunity to learn from experiences and reduce disaster risks through more resilient infrastructures.

Organiser(s) Name: 

Kelly O'Keefe
Director, International Public Policy
Access Partnership

Submitted Workshop Panelists: 

Represnetative of US FCC
Representative of Ministry of Communications of Turkey
Representative of Inveneo
Representative of Microsoft
Representative of Red Cross

Name of Remote Moderator(s): 
TBC

(No.140) The International Telecommunication Regulations and Internet Governance: Multistakeholder Perspectives

Go to Report
Status: 
Accepted
Workshop Theme: 
Managing Critical Internet Resources
Theme Question: 

CIR question no. 4. 

Concise Description of Workshop: 

The International Telecommunication Regulations (ITRs) are a binding treaty negotiated by the International Telecommunication Union in 1988. A World Conference on International Telecommunication (WCIT) will be convened in Dubai from 3-14 December 2012 to revise the ITRs.

Organiser(s) Name: 

Media Change and Innovation Division, Institute of Mass Communication and Media Research, University of Zurich, Switzerland 
The Internet Society
with the co-sponsorship of:
Association for Progressive Communications 
Institute for Internet Policy & Law, Beijing Normal University, China
Oxford Internet Institute 
 

Submitted Workshop Panelists: 

Moderator

Markus Kummer,  Vice President of Public Policy, The Internet Society, Switzerland [confirmed]

Panellists
Richard Beaird,  Senior Deputy United States Coordinator for International Communications and Information Policy, Department of State, Government of the United States  [confirmed]
Vint Cerf,  Chief Internet Evangelist, Google, USA  [confirmed]
 
William J. Drake,  International Fellow & Lecturer Media Change & Innovation Division, Institute of Mass Communication and Media Research, University of Zurich, Switzerland  [confirmed]
 
Geoff Huston,  Chief Scientist, Asia Pacific Network Information Centre (APNIC), Australia  [confirmed]
 
Alice Munyua,  Chair of the Kenya Internet Governance Steering Committee, Ministry of Information and Communications, Government of Kenya  [confirmed]
 
Franklin Silva Netto,  Head of the Division for the Information Society, Ministry of External Relations, Government of Brazil  [confirmed]

Name of Remote Moderator(s): 
Olivier Crepin-Leblond, Chair of ICANN's At Large Committee, France
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Report
Reported by: 
Karen Mulberry, ISOC
A brief substantive summary and the main issues that were raised: 

 
The topic of this workshop, International Telecommunication Regulations (ITRs) and Internet Governance: Multistakeholder Perspectives is a “hot issue” in light of the December 2012 World Conference on International Telecommunications (WCIT) meeting in Dubai. The conversation identified some core principals for the revision of the ITRs.  The main principals proposed were:
• The ITRs should not be expanded to cover the Internet, explicitly or implicitly.
• The stakeholders who are affected by regulation should have something to say about it before those regulations are adopted. 
• Don't regulate for the wrong reason.
 
It was also noted that the key is to analyze what the effects of regulation will be before any are adopted.  One of the worst things that can happen is to discover that the side effects of a regulation are so damaging that it destroys the very system that one is trying to support, enhance and evolve.  Therefore discussion centered on a need to establish a way forward at WCIT that preserves the Internet's utility and allows it to continue to evolve.  The discussion then proceeded to address a range of additional points. One concerned claims that the existing International Telecommunication Regulations deserve the credit for catalyzing the development of the Internet because they allowed Administrations to enter into special arrangements with counterparts that could include the liberalization of leased circuits and networks.  While such claims are overdone, it was recognized that the 1988 ITRs did remove an important treaty barrier to change.
 
The workshop then explored the processes that Kenya, Brazil, and the United States are undertaking to consult with private industry and civil society on the various proposals that have been put forth to modify and add to the existing ITR treaty text.  The workshop explored the various mechanisms being used to develop national and regional proposals for consideration during the WCIT discussions.  There was also an extended  substantive discussion discussion of on onethe proposal pbut forward by ETNO to add new text to the treaty that would have an impact on the Internet by creating aInternet-related provisions, including one requirement encouraging interconnection agreements based on that a content provider or senders pays for network transport.principle.
 
In addition, there was a discussion of the differences between the Internet and traditional circuit switched telephony. It was noted that convergence and the emerging shift of public switched telephone networks to IP-based networks could increasingly complicate efforts to draw a bright line between Internet Governance and telecommunications regulation.  Nevertheless, it was argued that the Internet and Internet Governance should not be addressed at this WCIT and the focus of the ITRs should remain on enabling international telecommunication services as these have long been defined in the treaty.

Conclusions and further comments: 

 
It was agreed in the concluding discussion that the Internet model works. It is also important to recognize that when the Internet was first being constructed, it was a series of private packet switched networks connected via TCP/IP and agreements between parties.  Two questions were raised that will need to be addressed in the ITR debate; the definition of recognized operating agency, and the treatment of IP interconnection.  Finally, it was noted that public policy needs to be for the public good, and to take into account the people whose lives are going to impacted.  Hence, any closed intergovernmental discussions of the Internet, which is about open and permissionless innovation, are problematic.   
 
In conclusion, given the potential hazards in renegotiating the ITR treaty, the smartest outcome for this WCIT would be minimal changes to the existing regulations.

 

(No.123) Human Rights, Internet Policy and the Public Policy Role of ICANN

Go to Report
Status: 
Accepted
Workshop Theme: 
Managing Critical Internet Resources
Theme Question: 

Q5

Concise Description of Workshop: 

The recent years have proven that the openness of Internet is a
fundamental feature for the empowerment of citizens and the
strengthening of democracies. The framing of Internet policy should be
oriented towards this goal and the policies governing the Domain Name
System are not a stranger to this debate.

Organiser(s) Name: 

Joy Liddicoat - Association for Progressive Communications (APC) - Civil Society - WEOG
Carlos Affonso Souza - Center for Technology and Society at Getulio Vargas Foundation Law School (CTS/FGV) - Academia - GRULAC
Robin Gross - Non Commercial Users Constituency (NCUC) - Civil Society - WEOG

Previous Workshop(s): 

Human rights: a unifying approach for access, development and
diversity: http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W...

Submitted Workshop Panelists: 

Joy Liddicoat - Association for Progressive Communications (APC) - Civil Society - WEOG - Confirmed
Wendy Seltzer - Non Commercial Users Constituency (NCUC) - Civil Society - WEOG - Confirmed
Franklin Netto - ICANN's Governmental Advisory Committee - Govt - GRULAC - Confirmed
Avri Doria - DotGay Application Advisory Group (dAAG) - Civil Society - WEOG - Confirmed
Hong Xue - Institute of the Internet Policy & Law at Beijing Normal University (BNU) - Academy - Asia Pacific - Confirmed
Kuo-Wei Wu - ICANN Board - Civil Society - Asia Pacific - Confirmed 

Name of Remote Moderator(s): 
Carlos Affonso Souza - CTS/FGV
Gender Report Card
Please estimate the overall number of women participants present at the session: 
The majority of participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was mentioned briefly in the presentations and discussions
Report
Reported by: 
Carlos Affonso
A brief substantive summary and the main issues that were raised: 

 
The workshop aimed at providing the audience with information on human rights implications that might arise out from the public policy role of ICANN. The panelist presented their perspectives on a number of human rights involved in ICANN activities, mostly focusing on free speech, privacy and security concerns, as well as in the implementation on a rights assessment in ICANN’s public policy activities.
Domain names – as mentioned by Wendy Seltzer - are ways for people to express themselves, either for commercial or for non-commercial purposes, in the internet, raising concerns over restrictions that might be applied to them as pointers to online speech.
As recent national laws have been authorizing the filtering of content using the DNS, as well as domain name seizures by law enforcement entities, the regulation of the DNS sets the stage for a fine tuning of the balance between several rights and interests.
The panelist discussed the fact that ICANN is not – and should not be – a human rights developing body as such would go far beyond its technical mandate. At the same time, as comment from the audience suggested, the framing of the debate around the expression “human rights” be the most adequate for some stakeholders as it may be understood as a strictly non-commercial approach to ICANN’s activities. Other concern is that it could lead to a interpretation that would expand ICANN’s mandate far beyond its reach.
On the hard task to find balance among rights, panelists commented about the protection of trademarks in the new generic top level domains program. The live question on the table was whether that would be an implementation of the compromise that was struck among a multi-stakeholder group of trademark holders, registries, registrars and non-commercials representatives, all working together to agree that there are some areas where trademarks need to be protected against infringement and some others where the rights of others to register generic terms need to be respected and balanced.
Still on the issue of new generic top level domains, Hong Xue raised the question of the community-based registrations and how they can be important to give voice to some groups, but at the same could impose some questions of representation and legitimacy that could challenge the new domain policy as drafted by ICANN.
Another topic that has been addressed by the panelists was the WHOIS policy. Apart from the usual discussion on the balance between privacy and security concerns related to the information disclosure provided by the WHOIS, panelists debated how the availability of such information may hinder online speech as registrants may feel reluctant to provide accurate information in countries in which such information may be used to locate the speaker and enforce measures to hinder opposing political views.
Focusing on the way ICANN functions and how it can be responsive to human rights concerns arising out of its activities, Kuo-Wei mentioned that such task is two-folded: first it is necessary to listen to all stakeholders on the topic and then implement a procedure when needed.
Franklin Netto mentioned that the topic of human rights and internet governance is welcomed not only for the purpose of discussing if access to internet is a human right, but as well as to provide room for the debate over a number of other human rights from the first, second and third generation such as the right to expression, to assembly and to development, all being reflected, in some degree, in the Affirmation of Commitments (AOC). The AOC, as the panelist mentioned, states that ICANN should act in the benefit of the public, and the human rights debate is a driver for the fulfillment of such task.
Privacy concerns were also raised, as it is an issue with the renegotiation of the registrar’s accreditation agreement with ICANN. In this regard there are concerns over the demands presented by law enforcement agents on data verification and validation and data retention.
On a more practical level, on the new GTLDs program there have been a proposed change in the policy development process to require a rights impact analysis on the crafting on ICANN’s policies, opening space for this debate to foster in the forthcoming years.

Conclusions and further comments: 

The discussion about rights in ICANN has matured. Not only between the multi-stakeholder groups, but in the organization as a whole. One of the main goals of the workshop was to think about ways this debate will evolve, continuing a process that has begun in recent NCUC’s Policy Summits. The organizers expect that the issue of human rights will get increasingly relevant in the making of ICANN’s public policy and therefore the existence of multistakeholders spaces for debate on what has been done and what are the ways forward with the issue will be key to guarantee that a rights assessment in ICANN’s policy will be an instrument to improve the legitimacy, transparency and accountability of the organization in the global internet governance scenario.

(No.113) DNSSEC for ccTLDs: Securing National Domains

Go to Report
Status: 
Accepted
Workshop Theme: 
Managing Critical Internet Resources
Theme Question: 

Question 5

Concise Description of Workshop: 

This workshop is the result of the merger of workshop 107, “DNSSEC for ccTLDs: Securing National Domains”, and workshop 113, “The Economic and Security Benefits of Securing the Internet’s Unique Identifiers: DNSSEC”.
 

Backgroung Paper: 
Organiser(s) Name: 

 

  • Bill Woodcock, Packet Clearing House

  • Dr. Richard Lamb, ICANN

 

Submitted Workshop Panelists: 
  • Emil Askerbeyli, Moderator, representing .AZ
  • Ondrej Filip, CEO, CZ NIC, Czech Republic
  • Dr. Demi Getschko, CEO, NIC BR, Brazil
  • Svitlana Tkachenko/Dmitry Kohmanyuk, Hostmaster Ltd, .UA ccTLD administrator, Ukraine
  • Charles Musisi, .UG ccTLD administrator, Uganda
  • Roelof Meijer, CEO, SIDN, .NL ccTLD administrator, Netherlands
  • Bevil Wooding, root-signing Trusted Community Representative, .TT Trinidad and Tobago 
  • Eduardo Santoyo, .CO ccTLD administrator, Colombia
  • Bill Woodcock, Packet Clearing House
  • Dr. Richard Lamb, ICANN

 

Name of Remote Moderator(s): 
Baher Esmat, ICANN
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Report
Reported by: 
Bill Woodcock
A brief substantive summary and the main issues that were raised: 

This panel was moderated by Richard Lamb, DNSSEC program manager at ICANN,
and speakers included Demi Getschko, CEO of the Brazilian national registry;
Eduardo Santoyo, administrator of the Colombian national registry; Svitlana
Tkachenko and Dmitry Kohmanyuk of the Ukrainian national registry; Roelof
Meijer, CEO, of the Dutch national registry; Ondrej Filip, CEO of the Czech
national registry; Bill Woodcock, director of Packet Clearing House; and
Bevil Wooding, root-signing Trusted Community Representative from Trinidad
and Tobago.  Dr. Lamb gave an overview of the state of DNSSEC technology.
The national registry representatives each described the state of DNSSEC
deployment within the ccTLDs they administer, and each mentioned one or two
unique or unexpected challenges or accomplishments. Mr. Woodcock spoke on
the topic of high-security DNSSEC practices and operation, and the future of
DNSSEC as a cybersecurity building-block. Mr. Wooding described the state of
DNSSEC deployment within the Caribbean region.

Conclusions and further comments: 

DNSSEC has become an ever more critical cybersecurity building-block, in the
wake of attacks on the DNS, problems with the Certificate Authority system
and the increasing importance of authentication.  DANE, which helps secure
web sites, is the first major follow-on protocol, and we hope to see similar
efforts to secure email and real-time text, audio, and video protocols soon.

Large payloads of DNSSEC responses have opened the door to more severe DNS
reflection DDoS attacks, which in turn has required that new DNS response
rate-limiting software be developed.

DNSSEC penetration has been very successful in countries with national
registries that have pushed it aggressively, while countries without serious
national-level buy-in generally have implementation and support lag at the
registrar level.   

Although not a primary barrier, implementation and maintenance costs and
complexity were cited by audience members as hindering deployment.

Comprehensive awareness, education and training efforts are underway to
address these and other deployment barriers by the same collaborative
international multi-stakeholder community that developed DNSSEC and together
manage and operate various parts of the Internet's DNS/DNSSEC infrastructure
including the root.

These efforts include everything from sharing knowledge on best practices
and lessons learned to providing free training to expanding free DNSSEC
hosting offerings, e.g., with AFNIC joining PCH as the third operator of a
FIPS 140-2 Level 4 DNSSEC signing infrastructure, and Brazil intending to be
fourth. Together these organizations plan to work on a high-security DNSSEC
implementation Best Current Practices document.

(No.100) Internet Governance and RPKI

Go to Report
Status: 
Accepted
Workshop Theme: 
Managing Critical Internet Resources
Theme Question: 

Questions 3,4,5 and 6

Concise Description of Workshop: 

 
Resource Public Key Infrastructure (RPKI) is a technology developed by the Internet Engineering Task Force (IETF) to validate the registration of Internet number resources, including IP addresses (IPv4 and IPv6). The use of RPKI will help to ensure the long-term stability of Internet routing by preventing route hijacking and leaking. This means a safer online environment for Internet users.

Organiser(s) Name: 

Mr Chris Buckridge <chrisb@ripe.net> - RIPE - RIR - Europe
Mr German Valdez <german@apnic.net> NRO - Technical Community - Global

Previous Workshop(s): 

- Understanding IPv6 Deployment and Transition - NRO
http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W...
- Enhancing Understanding: Facilitating Internet Governance Through Openness and Transparency - NRO
http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W...

Submitted Workshop Panelists: 

Mr Hisham Ibrahim – AFRINIC – Global - NRO [confirmed]
Mr Geoff Huston - APNIC - Asia Pacific - Technical Community [confirmed]
Mr Malcolm Hutty – LINX – Europe – Internet Operators
Ms Heather Dryden - Canadaian Government, ICANN GAC - Public sector
Mr Sebastian Bellagamba - Internet Society – Latin America – Civil Society

Name of Remote Moderator(s): 
Adam Gosling (adam@apnic.net)
Gender Report Card
Please estimate the overall number of women participants present at the session: 
There were very few women participants
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Report
Reported by: 
Chris Buckridge, RIPE NCC
A brief substantive summary and the main issues that were raised: 

This workshop discussed some of the internet governance-related issues raised by the adoption of Resource Public Key Infrastructure (RPKI), a technology developed by the Internet Engineering Task Force (IETF) to validate the registration of Internet number resources, including IP addresses (IPv4 and IPv6). RPKI is intended to help ensure the long-term stability of Internet routing by preventing route hijacking and leaking, resulting in a safer online environment for Internet users. The Regional Internet Registries (RIRs) are taking the lead role in deploying this technology to their members, in consultation with the multi-stakeholder Internet community.

The session was moderated by Hisham Ibrahim of AFRINIC.

Geoff Huston, of APNIC, gave a technical description of the Internet routing system and the role that RPKI, also known as Internet resource certification, can play in making this system more secure. He outlined the activities that the Internet Engineering Task Force (IETF) and the Regional Internet Registries (RIRs) have been undertaking to develop and deploy a global system of RPKI.

Heather Dryden, of the Canadian Government, outlined the interest of government, particularly the Canadian government, in the development of RPKI. She noted that this is clearly an area being led by the technical community, but noted the interest the public sector has in seeing a more secure routing system (including the financial cost incurred by bad routing incidents). She also noted the assistance that government could provide, in terms of encouraging uptake by vendors and other relevant stakeholders.

Malcolm Hutty, of LINX (the London Internet Exchange), raised the issue of overlap between policy and technical development. He suggested that the RPKI system may have unintended consequences that actually detract from the defined goals. Specifically, he noted that with widespread adoption of the system (and people basing their routing decisions on RPKI information), revocation of a certificate could equate to disconnecting the resource holder from the Internet. This would mark a significant change, as RIRs currently have no ability to reclaim the number resources that they have allocated, and there are questions about whether the RIRs should have this power. RIRs are organisations that operate in specific national jurisdictions, which means that the power to revoke certificates would be dependent on that national legal system and its authorities. Malcolm argued that policymaking in this area therefore needs to consider not only existing law, but laws that may yet be made.

Sebastian Bellagamba, of the Internet Society (ISOC), approached the issue from a freedom of expression perspective, and noted that he comes from a region (South America) which has a history of instability in terms of legal systems. However, he argued that the risks associated with the deployment of RPKI would be outweighed by the benefits that it would bestow.

Paul Wilson expanded on the problems already being caused by insecure routing, including the squatting of unused addresses, which are then used to facilitate problematic activities such as "mail bombing" and phishing. He also noted that APNIC already revokes address space, which means removing records from the whois database and routing registry. More often they use the threat of revocation to ensure policy compliance. He suggested that RPKI would primarily result in a more automated process for doing this. He also agreed with Malcolm that the issues Malcolm had raised would only present themselves with wide adoption, and this remains a very long way off. Paul suggested it will be a long time before network operators are willing to trust their routing decisions to an RPKI system, but in the meantime RPKI will serve a useful role in triggering alerts for uncertified space etc.

Marco Hogewoning and Chris Buckridge of the RIPE NCC clarified the situation noted by Malcolm regarding the RIPE NCC's interaction with Dutch authorities and a recent legal request to freeze certain resource registrations in the RIPE Database. They also noted the importance of involvement by law authorities in multi-stakeholder discussions in this area.

Dmitry Kohmanyuk, of .UA (Ukraine) asked about the APNIC transition to five trust anchors. Paul Wilson clarified that while a single, interim trust anchor had initially been deployed, this has now been replaced with a different strategy, with each RIR deploying their own trust anchor. He noted that this reflects what each RIR community wanted to see, but it also means some more complexity.

Adiel Akplogan, of AFRINIC, argued that RPKI should not be seen as giving any more power to the RIRs than they already have, and argued that the issue must be considered objectively on its merits.

Alain Bidron, of FT/Orange, asked about the provision of RPKI for legacy IPv4 address space. Paul Wilson noted that the legacy space has transferred to respective RIRs, based on the original registrant, and could therefore be certified by those RIRS, according to the relevant policies. Brenden Kuerbis, of the Internet Governance Project, sought clarification in this point, and it was confirmed that the RIRs are not certifying those resources registered only in the IANA database.

Baher Esmat, of ICANN, asked if RPKI would require additional expertise or additional cost for operators. Marco Hogewooning noted that there may be a cost involved, as with any new technology, but in terms of specific deployment costs, RPKI is becoming a standard feature in routers produced by many vendors.

Paul Wilson and Adiel Akplogan noted examples of when both APNIC and AFRINIC have had to revoke number resources. This generally occurs when the RIR loses its business relationship with the address holder, but has also been done, in some cases, on the basis of requests from legal authorities due to legitimate cases of misuse.

Malcolm Hutty made a concluding statement, expressing his belief that we should widen the technical scope of the problem and address or mitigate the concerns he raised. Sebastian Bellagamba agreed, arguing that this is the best solution so far, but it is important to keep investigating and be aware of the problems that remain or are raised by RPKI.

Conclusions and further comments: 

The workshop identified a number of perspectives on this issue.

(No.159) Strategies for expanding IXPs and other Internet/cloud infrastructure

Go to Report
Status: 
Accepted
Workshop Theme: 
Managing Critical Internet Resources
Theme Question: 

Managing Critical Infrastructure Question 1: What is the role and importance of IXPs in localizing content, including ensuring easier connectivity in cases of disasters?

Concise Description of Workshop: 

Infrastructure investment and deployment is a prerequisite to enabling the social and economic benefits of the Internet and cloud services. This underlying infrastructure includes communications networks, DNS servers and Internet Exchange Points (IXPs). While much progress has been made, there continue to be challenges in continuing the expansion of infrastructure in terms of reach and capabilities.

Organiser(s) Name: 

Jeff Brueggeman - AT&T - Business
Paul Wilson - APNIC - Internet Operator
Karen Rose - ISOC - Multistakeholder Organization

Previous Workshop(s): 

APNIC and ISOC have organized various IGF workshops.  This is the first workshop that AT&T has helped to co-organize.

Submitted Workshop Panelists: 

• Dr. Bitange Ndemo, Permanent Secretary in the Ministry of Information and Communications, Government of Kenya • Michael Kende, Partner, Analysys Mason Group (Switzerland) (Confirmed) • Fiona Asonga, CEO, Telecommunications Service Providers Association of Kenya/Kenya Internet Exchange Point (Confirmed) • Jimson Olufuye, CEO, KontemporaryTM (Nigeria) (Confirmed) • Karen Rose, Sr. Director of Strategic Planning and Business Development, ISOC (Confirmed) • Guarab Upadhaya, Sr. Technical Director, Limelight (Singapore) • Bill Woodcock, Research Director, Packet Clearing House (Confirmed) • Paul Wilson, Director-General, APNIC (Confirmed) 

Name of Remote Moderator(s): 
Claudia Selli, AT&T
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Please include any comments or recommendations you have on how to improve the inclusion of issues related to gender equality and: 

An important aspect of gender equality is ensuring that women have an opportunity to fully participate in the IGF as business and technical experts.  A concerted effort should be made to include women with applicable business and technical expertise on all types of IGF workshops and discussions.

Report
Reported by: 
Jeff Brueggeman
A brief substantive summary and the main issues that were raised: 

The workshop explored infrastructure deployment from a range of perspectives and highlighted successful case studies and strategies for expanding Internet and cloud infrastructure, with a particular focus on emerging markets.
 
Participants
 
The workshop was moderated by Karen Rose, Sr. Director of Strategic Development and Business Planning, ISOC
 
The panelists were:
Michael Kende, Partner, Analysys Mason Group (Switzerland)
Fiona Asonga, CEO, Telecommunications Service Providers Association of Kenya/Kenya Internet Exchange Point
Bill Woodcock, Research Director, Packet Clearing House
Paul Wilson, Director-General, APNIC
Martin Levy, Director of IPv6 Strategy, Hurricane Electric
 
Discussion
 
Karen Rose introduced the workshop and the panel of experts.  She described the goal of the workshop discussion as progressing beyond the technical issues associated with the deployment of Internet Exchange Points (IXPs), which had been addressed in prior IGF workshops.  She noted previous IGF workshops on IXP issues had produced significant outcomes.  Among these included connecting together those looking for how to establish IXPs with those willing to help, and spurring partnerships and collaborations that helped local communities to build technical capacity and set up IXPs.  Karen noted that this should be considered a success of the IGF’s multi-stakeholder process.  She further explained that this panel would extend that work, and in particular, the discussion would encompass issues such as the remaining infrastructure gaps, the economic impact of IXPs and the legal/policy environment that is needed to promote further infrastructure investment.
 
Michael Kende summarized recent economic papers he has published on the evolution of Internet traffic arrangements and the growth of Internet Exchange Points (IXPs).  These recent papers, talking about the benefits of an IXP in terms of reducing “tromboning” (transiting traffic to distant IXPs and back again), lowering costs, developing a regional IXP, and increasing revenues from more content use that can be locally accessed.  The challenges include having the incumbent join, and getting the infrastructure to bring capacity into the country and between ISPs and across borders.
 
Bill Woodcock discussed the importance of IXPs as bandwidth producers.  He noted how AMS-IX is one of the greatest producers in absolute terms, because it creates much more traffic than the Netherlands consumes, in comparison to Germany where consumption and production is more balanced.  At the same time, the fastest growth is coming from the newer IXPs that have relatively low amounts of traffic, in Latin America and Africa.  He noted that most growth now is in the Caribbean, which clearly was tired of ‘exporting’ money to the US and the UK by buying capacity to those countries, while the least growth is in the Middle East where the expenditure is considered negligible.  Finally he spoke about the recent paper he published with Dennis Weller showing that most commercial agreements facilitating the exchange of Internet are not even written on paper.  He observed that government regulation would not produce similar results.
 
Fiona Asonga spoke about the growth of the Kenya IXPs (KIXP), which now has 38 members.  They have been able to expand, so there is now redundant exchange in Nairobi and an exchange in Mombasa to take advantage of the undersea cable.  The exchange provides value-added services for operators, such as network measurement tools and security services.  In addition, the exchange has worked with Google and Akamai to cache content locally, and with local content providers to host Internet content.  Fiona described the benefits that have resulted from lower costs, latency, government use of the exchange for e-government services (through the Kenya Revenue Authority), and more regional traffic.  The ongoing challenges in Kenya are infrastructure deployment, especially in rural areas and with respect to regional backhaul.
 
Paul Wilson discussed how ISPs compete in retail markets, but must collaborate in technical terms to peer and create the network.  He gave a figure of $20,000 to set up the new exchange in Nepal and how the start can be very low tech.  He also noted that APIX has recently emerged to exchange information, and that one of the large intangible benefits of an IXP was community building and understanding of the ecosystem and the interconnections of the companies.  Paul noted that the best ecosystem needs low barriers, such as no telecom-style licensing and few bureaucratic hurdles, in order to deliver low cost of using the IXP to promote usage and to end tromboning, which should be more expensive than using the IXP.  He sees an opportunity for IXPs to help facilitate the development of CDN and cloud services.  Paul also noted that the non-profit association model for IXPs, where members and participants work together to establish and manage the exchange, has been highly successful around the world.  He added that human factors, including as the willingness of prospective participants to collaborate, are more determinative of IXPs success than technical issues.
 
Finally, Martin Levy presented the viewpoint of an infrastructure provider deciding to invest in a country.  He noted the positive impact of the IXP on the expertise of the local engineers and requirement that cooperate in creating the peering, and in so doing also gain expertise in buying capacity domestically and internationally.  Further, the IXP will lead to the development of a better data center than otherwise needed for just serving the local IT industry.  He indicated that countries that have strong growth of bandwidth and infrastructure, including data centers, are the same countries that have well functioning IXPs.  Martin said that when global network operators are considering where to next expand to next, the presence of an IXP provides an incentive and is a good indicator of a country’s potential for market growth.
 
The questions and discussion with the audience focused on the challenges for landlocked countries, and incenting incumbent providers to join an IXP in getting an incumbent to join in an environment without regulation.  Questions from the audience also prompted a discussion of whether it was useful to connect IXPs together in an attempt to foster greater connectivity.  Bill Woodcock explained that this model has not been successful, and can actually add costs and create bottlenecks.  Fiona Asonga noted that some governments have been encouraging IXPs to interconnect and have even offered to provide subsidized links.  She noted, however, that consistent with Bill’s comments, operators in the region find more value in connecting directly to different IXPs rather than through a link between IXPs.   

Conclusions and further comments: 

The workshop discussion identified a range of tangible and intangible benefits of deploying IXPs.  The tangible benefits include additional bandwidth and lower costs, but also improved quality of service and more capabilities to host local content in a country.  The intangible benefits include building expertise and a community of stakeholders to collaborate on building and maintaining Internet infrastructure.  These broader benefits should be explored further in future discussions.  A necessary pre-condition for these positive impacts are government policies that open markets to competition and international gateways, and that promote investment and innovation in new content and services.

(No.99) Moving to IPv6: Challenges for Internet Governance

Go to Report
Status: 
Accepted
Workshop Theme: 
Managing Critical Internet Resources
Theme Question: 

Questions 3,4,5 and 6

Concise Description of Workshop: 

In February 2011 IANA officially announced the exhaustion of its IPv4 addresses pool. This represented that there were no more space IPv4 available for the Regional Internet Registries. Two months later, in April 2011 APNIC announced the implementation of his last /8 policy. This APNIC policy officially started a period of tight management of IPv4 resources allowing only a final limited space allocation to current Asia Pacific operators and guarantee a small IPv4 block for newcomers focusing in allow them to have a smooth transition to IPv6.

Backgroung Paper: 
Organiser(s) Name: 

German Valdez (german@apnic.net) - NRO - Technical Community - Global
Hisham Ibrahim <hisham@afrinic.net> - AFRINIC - Technical Community - Africa

Previous Workshop(s): 

- Understanding IPv6 Deployment and Transition - NRO http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W... - Enhancing Understanding: Facilitating Internet Governance Through Openness and Transparency - NRO http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W...

Submitted Workshop Panelists: 

- Hisham Ibrahim - technical community - IPv6 Program Manager, Afrinic - (Session Moderator) - "Confirmed"   
- Martin Levy - technical community - Hurricane Electric - "Confirmed"  
- Salanieta Tamanikaiwaimaro aka Sala - Legal / Governance - Chair of Fiji Cyber Crime workgroup - "Confirmed"  
- Geoff Huston - Technical community  - Chief Scientist, APNIC  - "Confirmed"   
- Salam Yamout - Government - National ICT Strategy Coordinator at the Presidency of the Council of Ministers as part of a UNDP program, Lebanon - "Confirmed"  
- Salma Jalife - Academic - Advisor of Mexican Gov and ITU. Former Cofetel in Mexico  - "to be confirmed

Name of Remote Moderator(s): 
Adam Gosling (adam@apnic.net)
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Please include any comments or recommendations you have on how to improve the inclusion of issues related to gender equality and: 

The session had a full room of attendees with a 40 – 60 female-to-male ratio. Although there were limited interventions from the female audience on the presentations, the show of hand survey the moderator conducted at the end on the level of IPv6 readiness in home and office networks indicated that over 80% of them have IPv6 either at the office or at home or both.

Report
Reported by: 
Hisham Ibrahim
A brief substantive summary and the main issues that were raised: 

 
This workshop discussed some of the Internet governance-related issues raised by the adoption and uptake of Internet Protocol version 6 (IPv6), a technology developed by the Internet Engineering Task Force (IETF) to supplement (and eventually replace) IPv4, the version that underpins the Internet today.
The session was moderated by Hisham Ibrahim of AFRINIC.
Geoff Huston, of APNIC, set the scene on the need for IPv6, by taking the workshop participants through a journey through time 20 years back to 1992 and monitored the evolution of several technologies such as the computer industry, main frames, mobile devices and of course the Internet.
Huston made that point that currently 700 million new devices are connected to the Internet per year; translating into the demand for 200 million addresses for IPv4, address space that does not exist.
Huston jumped with his predictions 20 years into the future to 2032 and warned that if we do not deploy IPv6 we will end up with a number of networks that are not able to talk to each other, giving the example of electric voltages and power sockets that work on different voltages and outlets on a country by country basis.
Martin Levy, of Hurricane Electric, showed a single slide that had 5 different real life statistics from the 5 major “geographic / cultural” regions in the world all indicating the same thing. IPv6 is being deployed world wide, the corves are all going up and to the right, with an obvious spike during IPv6 day in 2011, and a clear jump after IPv6 world launch in 2012.
Demi Getko, of NIC.br, gave an overview of what his happening in Latin America, and more specifically in Brazil.
Getko echoed the previous speakers concern on splitting the Internet into people that do not want to move to IPv4 and continue to NAT everything and limit the amount of ports available for different serveries and the ones that move on to IPv6 and leave the first camp behind.
Getko ended his talking saying that while it is easy to get IPv6 deployed at the core level, there still are some obvious last mile and equipment issues that need to be addressed to get a full IPv6 service to house holds and end sites.
There were two other speakers on the panel that were supposed to intervene with their experiences Salam Yamout, of Lebanon and Salanieta Tamanikaiwaimaro from Fiji, however due to last minute apologies they were not on the panel and could not participate.
At this point the moderator opened the floor for comments.
Marco Hogewoning, of the RIPE NCC, discussed the point made by Getko mentioning that many CPEs now support IPv6 and that a survey has shown that 50+ different models have IPv6 support on them.
 A question from the floor from the Swiss systems user group was addressed to the panel on how to get the national regulator to do something to promote the transition. The panelists pointed out some of the issues that the regulator can get involved with however there was somewhat of a disagreement of the level of regulation there should be when it comes to technology related issues.
Paul Vixey gave his experinces with IPv6 and DNS.
 

Conclusions and further comments: 

To conclude the session the moderator asked the floor, several questions on the various networks they use at their homes, offices and daily life, the questions revolved around the level of IPv6 readiness these networks have and the level of awareness within the different communities of the need to move to IPv6, from the room responses it was clear that a lot of effort has happened over the past few years and more will be deployed in the near future.

(No.144) Deploying IPv6 in Public Administrations: Issues and Best Practices

Go to Report
Status: 
Rejected
Workshop Theme: 
Managing Critical Internet Resources
Theme Question: 

Managing Critical Internet Resources, Question 5 (IPv4 & IPv6). Emerging Issues, Question 1.

Concise Description of Workshop: 

This Workshop will examine the global technical and political challenges and solutions, associated with the exhaustion of IPv4 addresses and the integration/migration/co-existence of IPv6.

Organiser(s) Name: 

Martin Potts, Co-ordinator of the EC project 6DEPLOY (which has been awarded the IPv6 Forum Gold Certificate for its training courses).Jordi Palet, Technical Manager of the project GEN6 (who holds a "Gold Certificate IPv6 Trainer" award from the IPv6 Forum).

Previous Workshop(s): 

IGF Hyderabad: Workshop: "IPv6: The solution for the future of Internet"IGF Sharm el Sheikh: Workshop: e-infrastructure with IPv6 for Global socio-economics promotion

Submitted Workshop Panelists: 

Representatives of the EC (eg. Jacques Babot, Jorge Pereira)Representatives of all the RIRs (eg. AfriNIC - Adiel Akplogan, LACNIC - Raul Acheberria, APNIC - Geoff Huston, RIPE-NCC, ARIN)Representatives of Public Authorities who are at the forefront of deploying IPv6 (eg. from Germany, Slovenia, Spain, ...)Latif Ladid: President of the IPv6 Forum

Name of Remote Moderator(s): 
TBC

(No.87) Cross border cooperation in incidents involving (Internet) Critical Infrastructure

Go to Report
Status: 
Accepted
Workshop Theme: 
Managing Critical Internet Resources
Theme Question: 

Question1: What are the effects of jurisdiction and territoriality on the ongoing discussions about

Concise Description of Workshop: 

The Internet is main driving force of the modern economy. Economic growth is sustained by availability of a secure Internet. As a consequence the daily lives of more and more institutions, companies and people have become even more dependent on the Internet. With this dependency safe use and a secure Internet access as such have become a necessity for all involved in order to sustain future development and growth. Trust in this critical infrastructure is an important asset.

Organiser(s) Name: 

ECP on behalf of the IGF-NL, (ECP | Platform for the Information Society wants to take barriers for the implementation and acceptance of ICT away to the benefit of our economy and society, and in order to strengthen our international competitive position. In addition, ECP (also at a political-governmental level) draws attention to a number of specific themes such as growth of productivity, strengthening of competitiveness and the European Digital Agenda. One of it programs is the public-private partnership NL IGF. NL IGF prepairs for the IGF and provides good embedding of the results of the IGF in national policy) Dutch Ministry of Economic Affairs, Agriculture & innovation

Previous Workshop(s): 

NL IGF organized : 2010: Public-private cooperation on Internet safety/cybercrime http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W... 2011: Parliamentarian Challenge: a Round Table between Parliamentarians and other Stakeholders http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W...

Submitted Workshop Panelists: 

Moderator: Wout de Natris, expert on national and international cooperation on spam enforcement and cybercrime
Panelists:
- Mr. Timo Lehtimaki, Ficora, Finland. CERT, botnet mitigation centre
- Mr. Gaurab Upadhaya from Nepal, Limelight Industries, Singapore
- Mr. Maarten van Horenbeek, FIRST, global leader in incident response
- Mr. Ivo Ivanov, AC/DC
- Mr. Christopher Painter, Coordinator for Cyber Issues at US State Department
- Mr. Michael Niebel, former HoU of the Internet Governance and Cybersecurity Unit
- Mr. Roelof Meijer, CEO of SIDN, the registry for .nl
- Mrs. Sarah Falvey Policy Manager, Google

Name of Remote Moderator(s): 
Sophie Veraart, NL IGF - ECP
Gender Report Card
Please estimate the overall number of women participants present at the session: 
There were very few women participants
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Report
Reported by: 
NL IGF (Dutch Internet Governance Forum)
A brief substantive summary and the main issues that were raised: 

International cooperation is a subject which is often mentioned when talked about cyber safety, -security and –crime. This is fundamental for the fight against crime and increasing the online safety.
Yet research shows that it is hard to put forward. In workshop 87 'Cross-border cooperation in Incidents Involving (Internet) Critical Infrastructure’ the topic is discussed by nine panelists from different backgrounds around a central question: ‘Does the world need a comprehensive cyber treaty?’. The background of the panelists were divided as follows: three participants from the Internet industry, two government officials, a supervisor, an interest organization, a supranational government organization and an international partnership. A list of participants can be found below.
 
Highlights
Collaboration and partnerships

The industry participants seek for cooperation, structurally in partnerships and on an ad hoc basis depending on the type of threat. They actively exchange knowledge. Also with governments.

Governments are advised to establish a cyber security strategy. In this way a country will focus on priorities. This could led for example to a national cyber security center or one CERT that the main players in the country binds, but also several administrations in one place binds. (SIDN (Dutch .nl registree) underlines this with an example of how they, as an industry participant, within the Dutch national cyber security centre cooperate and have putted a part-time employee into the centre). An incident response plan prepares governments for incidents and clears up who with whom should be in contact. To successfully combat incidents, a 'level playing field' is necessary. Outreach and capacity building are necessary elements to accomplish this. The EU is working on this for years and will soon present a new strategy that should lead to a level playing field, then they have to work together. The Council of Europe notes that they offer these programs and perform under the regime of the Budapest Treaty on cyber crime.
From the perspective of a supervisor, CERT and botnet center cooperation in a structured manner is a must. Now this is still insufficient structural and too much focused on known, trusted people. That should and could be better.
eco, the German association of ISPs, announces a large, EU-wide project, ACDC, that should lead to a public - private partnership to detect botnets, disabling command and control servers and clean up PCs of end users. If everything goes according to plan, the project will start on February 1, 2013 with the establishment of pilot projects in 14 countries.
FIRST is an organization of computer incident response teams from public, private and academic world, which actively shares knowledge, for example about attacks and provides contacts to cooperate. FIRST also mentioned that they actively assist new countries and participants after registration as a member by sharing knowledge and experience.
The Dutch initiative, Abuse Information Exchange, is currently still a relatively closed circuit, but this may change after the startup phase. A unique feature is that ISPs cooperate with SIDN (the.nl registree) and collect and process information about botnet infections centrally. Finland has an active botnet center. The cooperation between FICORA and the Finnish telcos and ISPs is regulated by law. The collaboration was so successful, that Finland is one of the least affected countries in the world. It is striking that almost all data on infected PCs in Finland comes from abroad. In Asia / Pacific are some good CERTs, but there is still much work necessary like capacity building. Cooperation is also not common there.
Capacity building in Africa
An online question from Cameroon focuses the discussion on capacity building in the developing world. The adoption of the Convention on Cybercrime by Cameroon is a first step, but there is much work needed beyond that. The U.S. has organized sessions in parts of Africa. FIRST does this too, focused on training and awareness of possibilities.
The treaty or rather not?
There is no need for a new all comprehensive treaty. There is plenty of that already applies, online and offline, while the Budapest convention offers enough grip for (cross-border) cooperation. An important observation is that a treaty exists between states and on this topic everyone has a role. It is important to finance capacity building initiatives. Programs that help protect critical infrastructure and building resilience also brings legislative standards to developing countries. This builds the necessary level playing field. The industry noted that it is now tremendously trying to reach a higher standard of safety and that they continue to develop this. Regulation can lead that one is satisfied with the limit set by the government.
On the direct question "does the world need an all comprehensive web treaty?" voted the dived panel 8 ½ vs. ½. The finest ruling against a treaty was this: "It is a song of a siren." In other words, very beautiful but fatal.
Sharing information
In the area of ​​cooperation, SIDN suggests that standardization of information requests from investigative agenvies, would make it easier for his organization. The government can play a leading role in his. Google stated out that transparency and cooperation with the investigative agencies are delicate, because the correct information must be provided without delivering privacy-sensitive data, unless there is a court order to do so. Around the Cybercrime Convention a code for cooperation between ISPs and LEAs is drawn. In case of an incident it are the ISPs that report that. They do not have to seek actively for crime.
There was asked whether a digital 112 or 911 number for reporting online (security) incidents can help to make reporting as normal as in the offline world. It shows that in South Korea such a number already exists. The EU is providing a proposal, whereas in the U.S. there are features that make this possible. However, the reaction side needs more capacity and knowledge.

 

Conclusions and further comments: 

The main goals
- Enabling data sharing between public and private, also across borders, without violating privacy laws.
- Disposal of botnets.
- Report on responsible parties how urgent this subject is.
- Maintaining the use of the Internet and trust .
- Governments, do something now, because every year we wait, the more difficult is becomes for regulators to keep the problem manageable.
Recommendations for the mainsession "Managing Critical Internet Resources"
- Use the laws that are already there and work actively together.
- All countries have to establish an active cyber capacity.
- Develop a standard behavior on the Internet, without curtailing the openness.
- Establishing in a structural manner cooperation between industry, government and investigative agencies.
- Capacity building (repeated by many) in developing countries.
- Develop yourself into a "connector". Only by actively working within the imposed limits, someone can stop or change developments.
- Expand an organization like the G8 24/7 network, as well as other existing institutions.
- A new development is that the Internet threats have developed at the level of states. It is therefore political now.
- It is no longer just technical. Many issues must be resolved through policy.
- This can be through building a broad consensus on norms and values​​.
- Outreach is important. So look if Pan-EU projects are possible.
- "Capacity building" costs money and therefore requires resources. The Cybercrime Convention collaborates actively on this.
- Ensure that regulators and investigative agencies play an active role in Internet governance, because they are part of the solution.

Additional documents: 
Syndicate content