Security, Openness and Privacy

(No.204) Best IXP Internet Governance practices: how to handle the increasing governance task without harming human rights

Go to Report
Status: 
Rejected
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Question 3 and 5

Concise Description of Workshop: 

Governments increasingly look towards IXPs for governance, policing and surveillance tasks. The following results can be observed:

Organiser(s) Name: 

 

  • XS4ALL

  • Greenhost

  • Free Press Unlimited
     

 

Previous Workshop(s): 

No

Submitted Workshop Panelists: 

 

  • Margreth Verhulst XS4all

  • Sacha van Geffen Greenhost

  • Tarik Nesh-Nash www.reforme.ma

  • Katherine Maher Access Now

  • Marietje Schaake MEP
     

 

Name of Remote Moderator(s): 
TBC

(No.195) Citizenship in the digital era - meeting the challenges, empowering children

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Concise Description of Workshop: 

In the real world parents and teachers help children understand the importance of being kind to others, of accepting difference and engaging constructively with wider society, including its political and social institutions. In the 21st century that also means teaching children how to engage with the Internet because of the integral part it plays in the modern world.

Backgroung Paper: 
Organiser(s) Name: 

European NGO Alliance for Child Safety Online (eNACSO)

Submitted Workshop Panelists: 

 

  • Moderator: Anjan Bose, ECPAT International, Thailand (confirmed)

  • John Carr, eNACSO (European Network), confirmed

  • Susie Hendrie, GSMA, (UK), confirmed

  • Sevinj Muradova, NUR Children and Youth Public Union (Azerbaijan), confirmed
  • Fidan Karimli, NUR youth participant, (Azerbaijan), confirmed
  • Luca Kyllesbeck, eNACSO youth participant (Denmark) confirmed
  • Olivia Bang Brinck, eNACSO youth participant (Denmark), confirmed
  • Larry Magid, Connect Safely (USA) confirmed  

  • Matthew Jackman, Youth Delegate, Member of the UK Youth IGF Project (Civil Society, WEOG, Confirmed)
  • Rebecca Cawthorne, Youth Delegate, Member of the UK Youth IGF Project   (Civil Society, WEOG, Confirmed)
     

 

Name of Remote Moderator(s): 
Marie Bach Drivsholm
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Report
Reported by: 
Marie Bach Drivsholm
A brief substantive summary and the main issues that were raised: 

The five youth panelists started with presentations on their views on what being a citizen in a digital era means to them. They had different opinions on whether or not there is a difference between who you are and how you behave when you are online or offline. The theme of parental control was touched upon and it was expressed that there is a significant difference in dealing with children online when they are very young and when they are teenagers. The Azerbaijani youth delegate explained about the situation in the Azerbaijani society where there is a big difference between the rural and the urban areas as to how children use the Internet and how parents are prepared to teach their children about it.
 
After having opened the discussion to the floor, the adult panelists did their presentations.
Sevinj Muradova presented the situation in Azerbaijan pointing out the groups of vulnerable children that are not easily reached by the usual initiatives and educative approaches. She explained about her organization’s projects producing sustainable and comprehensive educational material. Finally she pointed out that children need to be heard when making policies concerning them.
 
Larry Magid from Connect Safely had two points: to stop patronizing children and to stop giving misinformation. He pointed out that education per se is not what is needed. Education needs to be accurate and up-to-date. He presented an idea to how Internet safety could be managed by using the American health model with primary, secondary and tertiary levels of protection.
 
Susie Hendrie represented the mobile phone industry and gave examples of how they see that innovation comes from children. She stressed the importance the mobile phone plays today as the mobile is empowering social engagement system, mentioning the Arab spring. Susie Hendrie explained how they have done a lot of research around the world outside of the developed countries. The findings are that kids are using smartphones there too and that it is not just about privileged kids who have access to this technology. This technology is impacting children in all parts of the world. Furthermore she stressed how they, in order to take responsibility, have developed guidelines for apps' developers. Developing an app for an adult shouldn't be the same as for a child. They have given guidance for a default off location and using different language and taking age verification into account as well.
 
John Carr from eNACSO stressed that there might be fewer cases of assaults, suicides and bullying, but the consequences when these things are happening on the Internet are immeasurable. They become global. The point is that even though the gran majority of children online don’t experience inappropriate things, the 2% that do is still a lot of children. On the Internet little percentages matter.
 

Conclusions and further comments: 

To children and youth the Internet is a source of information, communication, education and a great deal of fun. The vast majority never encounters any problems when online. But on the Internet small percentages matter, so if 2% are being harrased or assaulted measures must be taken into use in order to prevent and stop that. Therefore, the main conclusion of the workshop was that "one size doesn't fit all".

(No.188) Growing up and living in a society with censorship – challenges and lessons

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Security, Openess and Privacy: questions 1,3,4,5. Access abd diversity: questions 1,2,4

Concise Description of Workshop: 

 
There are countries where the state is heavily restricting the people's access to information and limiting means of private and public communications. Some countries are universally understood to be under heavy censorship while many, either in truth or in defense, claim there is no problematic state intervention. The purpose of this workshop is to discuss deeply the social consequences censorship has based on moderator's question set and later audience discussion where we share our experiences.
 

Organiser(s) Name: 

Joonas "JoonasD6" Mäkinen Board member, Electronic Frontier Finland

Previous Workshop(s): 

I have been organizing the Youth Coalition on Internet Governance Dynamic Coalition and related workshops. IGF11 workshop Challenging Myths about Young People and the Internet: http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W... A general statement about YCIG-related events at IGF2011 can be found here: http://www.ycig.org/index.php/2011/10/2011-ycig-statement/

Submitted Workshop Panelists: 

Slim Amamou, civil society, TN (ex Secretary of State for Youth and Sport) (confirmed)
Maiju Perälä, civil society, lawyer, FI
Birgitta Jónsdóttir, government, MP, IS
Tapani Tarvainen, academia, FI (confirmed)
Amelia Andersdotter, government, MEP, SE (confirmed)
<in talks with several resource people and YCIG members to address gender and geographic balance>
 

Name of Remote Moderator(s): 
Yrjö Länsipuro

(No.185) Criminal law and the free and open Internet: tensions and ways forward in democratic societies

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

SOP: question 2, 3, 5, 6 and 7. Emerging issues: question 1 and 3. Taking stock: question 4 and 5 of 1st topic.

Concise Description of Workshop: 

In recent years, Internet governance has come to face a paradox that some argue threatens the free, open and global nature of the Internet: this paradox lies in the tension between States' sovereign right to legislate the Internet on the one hand and the existence in many countries of criminal law that, when applied strictly, may run counter to freedom and openness on the other. While the presence of this tension in authoritarian countries has been acknowledged for long, it is increasingly clear that such situations are prevalent in democratic societies across the world as well.

Organiser(s) Name: 

Anja Kovacs, Internet Democracy Project, India

Submitted Workshop Panelists: 

Moez Chakchouk, Agence Tunisienne d'Internet, Tunesia
Iarla Flynn, Head of Public Policy, Google, Australia 
Jillian C. York, Director International Freedom of Expression, Electronic Frontier Foundation, US
Carlos Cortés, Researcher, Center for Studies on Freedom of Expression and Access to Information, University of Palermo, Argentina
Paul Fehlinger, Program Manager, Internet and Jurisdiction Project, International Diplomatic Academy
Moderator: Anja Kovacs, Project Director, Internet Democracy Project, India 

Name of Remote Moderator(s): 
Babu Ram Aryal, ISOC Nepal
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Please include any comments or recommendations you have on how to improve the inclusion of issues related to gender equality and: 

While gender issues were not raised in the session, this was not because they were not seen as related to the session theme, but simply because they weren't given sufficient thought. The above question in the Gender Report Card made me realise that we should have at least mentioned the importance of gender issues in our discussions, as they are clearly related to the topic of the session, as criminal law is frequently used to regulate, for example, the distinction between obscenen and non-obscene content and how each category is treated.

Report
Reported by: 
Anja Kovacs
A brief substantive summary and the main issues that were raised: 

The workshop was divided in three parts. In the first part, we tried to set the broader context and to show that even in democratic societies, which the workshop focused on, there is great variety in our understanding of what the appropriate ways to, for example, protect freedom of expression, are. The debate started with a discussion of the Innocence of Muslims video, with Iarla Flynn from Google explaining how Google handled the controversy surrounding the video in different countries.
 
Interestingly, and somewhat unexpectedly, we soon found ourselves in a situation where, on the one hand, a staunch pro-free speech activist from Pakistan asked Mr. Flynn why Google didn't take down the video in her country, where several people died in related protests, while on the other hand, Moez Chakchouk from the Tunesian government's Internet Agency argued that Google should not take down such content even where it has received a court order. The setting of the scene thus brought out very clearly how complex the issues involved are, so much so that different actors at times are lead to take positions contrary to those that one might perhaps have expected from them.
 
In the second part of the workshop, we went into the challenges that exist due to the tension between the application of criminal law online and the free and open Internet. Carlos Cortes noted that increasingly, the desire on the part of governments to implement criminal law online as well is leading to the emergence of architectures of control in which criminal law becomes embedded in the internet at various layers, including the content layer.
 
Further, businesses play into this desire to regulate users more and more according to criminal law at least in part by creating terms of service that, as Paul Fehling noted, have increasingly come to resemble “accidental constitutions”, in that they have become a new level of regulation that more and more of us have to abide by if we want to be able to express ourselves.
 
These two elements together – the way criminal law is implemented in the architecture of the internet and in the terms of services of businesses – lead to new behaviours online, a forced acceptance of new kinds of behaviours. How we have to give up our privacy on certain platforms is one prominent example.
 
We also spoke of the co-operation of businesses with law enforcement leading to the privatisation of law enforcement, a system under which citizens often find it considerably more challenging to get recourse. It was pointed out that it sometimes is difficult to understand what the principles are that intermediaries in particular apply in cases of controversial content, and sometimes, one participant in the workshop remarked, it seems they are pragmatic in their decisions rather than principled, making it particularly challenging for users to understand what exactly is going on.
 
Where challenges from the point of view of States are concerned, we discussed the issue of cross boundary harm at considerable length. There have been instances, for example, in which the government of State X has seized a domain in State Y, even though the activities of that domain were legal in State Y. What such instances make clear is that a State asserting its sovereignty online in the same way as it would off line can harm the rights of users in another State. As Mr. Fehlinger pointed out: in the online sphere, “sovereignty kills sovereignty”.
 
A final set of challenges that received attention in the workshop was that of how the patchwork of laws has lead to an increased risk of forum shopping. In Latin America, Mr. Cortes pointed out, defamation is treated very differently in different countries: while some countries have it on their books as a civil offence, in other countries it is criminalised. There is a risk that journalists who publish online will now be persecuted according to where punishments for defamation are likely to include jail terms.
 
The third part of the workshop, finally, looked at ways in which the tension between the application of criminal law and the free and open Internet can possible be eased, even if perhaps not entirely resolved. A first set of arguments related to the point that both users and governments need to attain a much better understanding both of how the Internet works and what the issues in the debate surrounding the application of criminal law online are exactly.
 
Secondly, it was argued that both governments and businesses also need to be far more transparent and adopt far better and stronger processes. Where governments are concerned, the point was further made that there is a need to be more clear about the different steps involved in making good policy, and the need not to skip any of these steps. At the moment, there was a sense, a lot of action taken with regard to the online sphere seems to be about “doing politics” rather than about “making policy”.
 
Mr. Chakchouk gave the example of his own country's current policy as a third way to ease the tension. In Tunisia, the development of the Internet and control over the Internet are two aspects of power that are kept separate. Moreover, the Tunisian Internet Agency is a staunch advocate against any kind of Internet censorship. However, Mr. Chakchouk argued, governments should have the opportunity and ability to go after those who commit crimes online. In this scenario, in other words, surveillance thus becomes an antidote against censorship.
 
Finally, there was discussion around the value of instruments such as the Inter American human rights system and the need to identify shared norms and standards that can be applied as a way to move forward collectively.

Conclusions and further comments: 

The above is only a brief overview of the most important issues raised in the workshop, which was marked by extremely rich discussions, with a wealth of ideas to make progress in what is emerging as one of the most challenging areas in Internet governance. The organisers are very grateful to the speakers and audience for their engaged and extremely valuable participation.
 
(Ms. York unfortunately was not able to participate in the event, due to an emergency)

(No.181) Who is following me : tracking the trackers

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

privacy/data protection

Concise Description of Workshop: 

Interest in online tracking as a policy issue spiked with the release of the Preliminary Federal Trade Commission Staff Report in December 2010 entitled Protecting Consumer Privacy in an Era of Rapid Change – A Proposed Framework for Businesses and Policymakers calling for a “do not track” mechanism, the launch of the W3C Tracking Protection WG and the recent entry into force of the European “Cookie Directive”. However, the actual and potential observation of individuals’ interactions online has long been a concern for privacy advocates and others.

Organiser(s) Name: 

Christine Runnegar (Internet Society) and Sophie Kwasny (Council of Europe)

Submitted Workshop Panelists: 

Wendy Seltzer, Policy Council, World Wide Web Consortium (W3C) [confirmed]
Kimon Zorbas, Vice President, Interactive Advertising Bureau (IAB) Europe [confirmed]
Cornelia Kutterer, Director of Regulatory Policy, Corporate Affairs, LCA, Microsoft EMEA [confirmed]
Malavika Jayaram, partner at Jayaram & Jayaram, Bangalore [confirmed]
Rob van Eijk, PhD student at Leiden University, Council of Europe expert [confirmed]
Shaundra Watson - Counsel for international consumer protection, USA Federal Trade Commission [cancelled]
 

Name of Remote Moderator(s): 
James Lawson (Council of Europe)
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Report
Reported by: 
Christine Runnegar and Sophie Kwasny
A brief substantive summary and the main issues that were raised: 

 
IGF2012  WORKSHOP 181 - Who is following me? Tracking the trackers
 
A report of the workshop co-organised on 8 November 2012 by the Council of Europe and the Internet Society (ISOC) at the 7th Internet Governance Forum (IGF), held in Baku, Azerbaijan (6-9 November 2012).
 
Introduction
 
The objective of this workshop was to explore:
 
► Current and emerging trends in online tracking and their purposes
► How to give individuals full knowledge of the tracking that occurs when they go online and mechanisms to exercise greater control over tracking and data use
► The respective roles of all actors (government, law enforcement, businesses, browser vendors, advertisers, data brokers, users, etc)
► Whether effective data protection online can be ensured solely by law and how to develop laws that accommodate different tracking scenarios
► Whether a traditional consent model is sufficient and effective
► Whether self-regulation and voluntary consensus standards offer better options for adapting privacy choice to the rapidly advancing technology environment
► How to deal with less-observable tracking (e.g. browser and/or device fingerprinting, monitoring of publicly disclosed information)
► How to ensure transparency, particularly on small mobile devices
 
Organisers and moderators
 
The Internet Society is the trusted independent source for Internet information and thought leadership from around the world. With its principled vision and substantial technological foundation, the Internet Society promotes open dialogue on Internet policy, technology, and future development among users, companies, governments, and other organizations. Working with its members and Chapters around the world, the Internet Society enables the continued evolution and growth of the Internet for everyone.
 
The Council of Europe is an intergovernmental political organisation that brings together 47 countries, making up an entire democratic continent. Its key objectives are promoting democracy, the rule of law and human rights. Its headquarters are in Strasbourg (France). 
 
For more information on the organisers, visit www.internetsociety.org and www.coe.int
 
The workshop was co-moderated by Christine Runnegar (Internet Society) and Sophie Kwasny (Council of Europe).
 
 
 
 
Panellists
 
Wendy Seltzer, Policy Council, World Wide Web Consortium (W3C)
Kimon Zorbas, Vice-President, Interactive Advertising Bureau (IAB) Europe
Cornelia Kutterer, Director of Regulatory Policy, Corporate Affairs, LCA, Microsoft EMEA
Malavika Jayaram, Partner at Jayaram & Jayaram, Bangalore
Rob van Eijk, PhD student at Leiden University, Council of Europe expert
 
Background documents
 
The following background paper and related update were made available prior to the workshop:
 
http://www.internetsociety.org/sites/default/files/Tracking%20-%20Background%20paper%2020120711_0.pdf
 
http://www.internetsociety.org/sites/default/files/Tracking%20-%20Background%20paper%202%2020121030.pdf
 
Participants
 
The workshop was attended by circa 50 participants in the room, plus remote participation.
  
Thank you
 
The Council of Europe and the Internet Society (ISOC) would like to express our sincere thanks to the IGF Secretariat, our expert panellists, remote moderator and participants for making this a very successful workshop.

Conclusions and further comments: 

 
Some perspectives from the workshop
 
Tracking: setting the scene
 
The discussion started with the panellists’ definitions of online “tracking” and the way it is performed, ranging from a tool to follow users online and build profiles, to the fact of attaching a unique identification number (‘micro tag’) to an online activity in order to follow a digital footprint. Panellists also raised the specific issues of the interest of the users in being ‘tracked’ and the general lack of awareness of the ‘tracking’. 
 
A key question which was then addressed by the panellists was how users might avoid, or reduce, online tracking. Various existing technical tools were mentioned by the panel, such as: the Tactical Technology Collective initiative ‘me and my shadow’ aimed at helping raise users’ awareness of their digital ‘shadow’ and reducing it; the Electronic Frontier Foundation ‘Panopticlick’ test for users’ browsers and tools such as Collusion, and Tor which enables anonymised surfing. The limits of such tools, including that they can only catch a small part of the data in real time, was also pointed out.
 
It was reported that in the USA, the Federal Trade Commission encouraged industry to implement a universal, one-stop choice mechanism for online behavioural tracking (Do Not Track) that would provide a simple and easy way for users to control the tracking of their online activities.
 
The purpose of the proposed Do Not Track policy, and more specifically the Do Not Track HTTP header, was underlined precisely as being another tool aimed at enabling users to exercise better control over their online tracking.
 
The European data protection position regarding online tracking highlights the importance of the unambiguous nature of the consent of the user (see in particular WP29 opinions on consent and on cookie consent exemption) and the application of the e-privacy Directive to both first and third parties.
 
The Indian perspective regarding online tracking was presented as one generally favourable to technology, which is seen as positive, and the fact that no rules on online tracking currently regulate the matter was pointed out.
 
For the advertising industry, tracking is a means to better understand what products a user might want, relating to enabling services to fund high quality content, while being privacy-friendly through its “anonymous nature” and self-regulated practices.
 
Do Not Track (DNT)
 
DNT is a technology and policy proposal aimed at universally enabling users to opt-out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.
 
For the USA Federal Trade Commission, to be effective, a DNT system should include the following key principles: it should be implemented universally, it should be easy to find, easy to understand, and easy to use, the choices offered to the users should be persistent, it should be comprehensive, effective, and enforceable and should opt out consumers of behavioural tracking (both targeted advertisements and collection of behavioural data for all purposes other than those that would be consistent with the context of the interaction).
 
From a European perspective, it was underlined that DNT is a complementary tool but cannot be considered as the sole compliance element in respect of the e-privacy Directive.
 
The W3C Tracking Protection Working Group is trying to standardise the meaning and technology of DNT with a view to improving users’ privacy and control, by defining mechanisms for expressing user preferences around tracking and for blocking or allowing tracking elements.
 
Microsoft decided to enable DNT by default in Internet Explorer 10 on the basis of its consumers’ expectations (default ‘on’ supported by 75% of the users, with higher percentages when children are the online users) and gives a clear explanation to its consumers of what DNT by default means, who have the choice to leave it on or switch it off.
 
Discussions are still underway in the W3C Working Group which is being followed by several entities represented on the panel. The panellists expressed the hope that the Working Group would reach consensus soon and provide agreed recommendations.
 
It was also noted by one panellist that for the online behavioural advertising model, the prevalence of the expression of a DNT preference could entail hard limitations which may lead to the concentration of the business with bigger entities.
 
The panellists also exchanged views on the ways to ensure that the user’s choice to opt-in (EU) or opt-out of tracking will be complied with. Various enforcement and compliance instruments (regulatory framework, self-regulation, consumers’ organisations) were mentioned.
 
Finally, the undisclosed tracking and collection of data carried out by governments was also mentioned as an illustration of a lack of transparency and potential privacy infringement. 
 

Additional documents: 

(No.180) Blocking and Filtering Internet DNS Content

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Emerging Issues: #1, #2; Security/Openness: #2, #3.

Concise Description of Workshop: 

The Internet Domain Name System (DNS) is the world's first distributed, reliable, autonomous, heirarchical, coherent database, and it is the authoritative map and guide to the Internet -- which is in turn humanity's global commons. Control of DNS is seen by many as control of the Internet itself, with the additional prospect of influencing global commerce and culture. For others, filtering of DNS content is an essential element of network and end-user security.

Backgroung Paper: 
Organiser(s) Name: 

confirmed - Paul Vixie, ICANN SSAC & RSSAC, ARIN Board, ISC
confirmed - Andrei Robachevsky, ISOC [remote participant]

Submitted Workshop Panelists: 
  • Dmitry Burkov - confirmed, FAITID, RIPE NCC [DNS and registry operator]
  • Robert Guerra - confirmed, Citizen Lab [research]
  • Ram Mohan - confirmed, Afilias [DNS and registry operator]
  • David Hughes - confirmed, RIAA [Business, content, IPR holders]
  • John Carr - confirmed, BT Internet [DNS policy and technology]
  • Xiaodong Lee - confirmed, ICANN [DNS policy and technology]
  • Karen Reilly - confirmed, EFF/Tor [Technology policy]

 

Name of Remote Moderator(s): 
Kurtis Lindqvist
Gender Report Card
Please estimate the overall number of women participants present at the session: 
There were very few women participants
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Please include any comments or recommendations you have on how to improve the inclusion of issues related to gender equality and: 

Internet Content Filtering via DNS Blocking is not a gender-specific matter.

Report
Reported by: 
Dr. Paul Vixie, ICANN SSAC
A brief substantive summary and the main issues that were raised: 

IGF 2012: Workshop 180
Blocking and Filtering Internet DNS Content
Concise Description of Workshop: 
The Internet Domain Name System (DNS) is the world's first distributed, reliable, autonomous, heirarchical, coherent database, and it is the authoritative map and guide to the Internet -- which is in turn humanity's global commons. Control of DNS is seen by many as control of the Internet itself, with the additional prospect of influencing global commerce and culture. For others, filtering of DNS content is an essential element of network and end-user security. This workshop will explore the state of the art of blocking or filtering the content of the DNS as it is seen by some population -- whether an entire country, an enterprise or university, or just the customers of an Internet Service Provider.

Discussion topics include:

  • Current methods for implementing DNS filters
  • Cultural motivations such as blocking controversial top level domains
  • Commercial motivations such as blocking lookups for web sites trafficking in counterfeit or pirated goods
  • Security motivations such as blocking lookups for malicious web sites
  • Impact of government-mandated DNS filtering
  • Current methods for bypassing or circumventing DNS filters
  • Likely future innovations and developments in this area

 
Brief substantive summary and the main issues that were raised:
This workshop focused on the collateral effects of various kinds of DNS filtering/blocking, as recently highlighted by ICANN SSAC report #056, “Advisory on Impacts of Content Blocking via the Domain Name System.” Panelists described both the inevitability of content filtering via the DNS, and the inevitability of evasion of such content filtering by mainstream and otherwise law abiding citizens of countries where such filtering is or will be practiced. Government policies can support filtering in law as practiced by ISP’s or parents; or can mandate some type of content filtering to protect online content.
In Western democracies, content filtering of content deemed illegal occurs in a variety of jurisdictions. In some countries blocking is mandated, whereas in others it is voluntary. Technical measures have evolved the space where content is distributed has changed over time. The panelist who took Interpol’s place on the panel spoke about the experience of the Internet Watch Foundation (IWF) in the UK. He gave a detailed description of the history of  blocking in the U.K. It evolved from banning USENET newsgroups, which started in 2001, to URL blocking in 2004 when the web became the dominant means of information sharing and dissemination.
When it was first established in 1996 the Internet Watch Foundation (IWF) responded to complaints from the public but any response could be short-lived since demised content could be quickly re-posted over and over, where each takedown event would have to begin with a new complaint. A decision was made by IWF to behave more proactively. Today IWF maintains a list of “bad URLs” (not bad domains, just specific web URL’s, to avoid collateral damage). This is complicated and expensive compared to DNS based filtering or IP address based filtering. The blueprint for this URL-based system is available from British Telecom, free of charge, to responsible network operators.
Disrupting the trade is the real goal of government policy in this area; not stopping committed abusers. In the case of online child abuse materials, the dignity and peace-of-mind of the victims is a priority.
Political, economic, or cultural motives are often not subject to useful debate outside a country where the policy is made and enforced. In practical terms, each country absolutely will exercise self-determination in this matter. It’s also important for each country to pay attention to its CCTLD and to avoid criminal domain registrations, for example domains used for phishing and other electronic crime. ICANN’s slogan, “One world, one Internet” does not mean “One world, one network, one set of rules.”
Collateral impact by policy blocking is inevitable. The continuity and spirit of the Internet asks any nation who mandates Internet filtering to inform Internet users both inside and outside that nation as to the exact nature and method of blocking to be used. Otherwise the Internet operations community could accidentally work around the filtering.
The power of states is greatly reduced online. Blocking DNS while also cutting funding for child protections and failing to investigate corrupt government officials is at best a losing proposition. No technical measures can circumvent good traditional law enforcement.

Conclusions and further comments: 

Conclusions and further comments:
We are concerned about the effects on Internet infrastructure development, for example unforeseen technical constraints on the future usability or total size of the Internet due to government policies made for present day reasons.
Policy makers with a content filtering problem often look at the DNS as a simple solution to that problem, but simply filtering the DNS is both unlikely to succeed and likely to cause other problems.
An example of collateral damage is “balkanization” where the Internet namespace becomes noticeably non-universal and we lose the ability to reach out globally based on a single set of names that mostly just work everywhere. This is an example of “countermeasure overshoot”.
Article 19 of the Universal Declaration on Human Rights requires that communications blockage be described and declared. Article 29 lists some exeptions.
The technical community owes the world’s governments some choices as to how they enforce their laws in the context of the Internet. Simply saying “the Internet must not be blocked” is unrealistic and unhelpful. An IETF RFC BCP (Best Current Practices) document and an ICANN SSAC Advisory, each authored by a team of peers in the technical community, would provide welcome guidance to the world’s governments.
The inaccuracies in “whois” are indirectly responsible for much Internet related government action, since the Internet does not support the kind of recourse and accountability that is present in the real world. ICANN has responsibilities in this area, recently reiterated in the Affirmation of Commitments document, and the ICANN Board knows that it has work to do in this area.
 
Panelists included:

  • Paul Vixie
  • Dmitry Burkov
  • Robert Guerra
  • Ram Mohan
  • David Hughes
  • John Carr
  • Xiaodong Lee 
  • Karen Reilly

 
References mentioned during the workshop
 
SAC 056 : SSAC Advisory on Impacts of Content Blocking  via the Domain Name System
http://www.icann.org/en/groups/ssac/documents/sac-056-en.pdf
 
Internet Watch Foundation (IWF) - http://www.iwf.org.uk/
Open Net Initiative - http://opennet.net/
 
Access contested: Security, Identity, and Resistance in Asian Cyberspace (2001), Edited by Ronald DeibertJohn PalfreyRafal Rohozinski and Jonathan Zittrain
http://mitpress.mit.edu/books/access-contested

(No.179) Segregation in Internet Communications and Online Social Networking: Causes, Consequences, and Potential Solutions

Go to Report
Status: 
Withdrawn
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

What impact can security and governance issues have on the Internet and human rights?

Concise Description of Workshop: 

Proposal: This workshop will provide an opportunity for representatives from the various stakeholder groups to analyze implications of the current phenomena that online social networking sites have actually replicated class and racial segregations that are observed in physical space. These representatives will then collaborate to determine whether or not action should be taken to interfere in this trend, and if so, which of the stakeholders should interfere and how they could do so.

Backgroung Paper: 
Organiser(s) Name: 

1) RedIdeas.org -- Civil Society -- US – a non-profit organization committed to “improving the human condition” by funding young social entrepreneurs’ innovative and socially conscious start-up business proposals. 2) Social Business Consulting Group -- NGO -- US – a non-profit consulting firm for socially conscious businesses throughout the world. Committed to promoting business use of internet technology and social media. 

Previous Workshop(s): 

No

Submitted Workshop Panelists: 

Ali Hamed, Mr: Private Sector, US President at All Things Go; Managing Partner at C&C Consulting Invited Scott Murphy, Mr: Government, US Former US Congressman, Co-founder of Small World Software Invited Emily Sutanto, Ms: Private Sector, Indonesia BloomAgro Invited Jeremy Malcolm, Mr: Civil Society, Malaysia Consumers International Not Invited Dana Boyd, Ms: Private Sector, US Microsoft Invited Joonas Mäkinen, Mr: Civil Socity, Finland Electronic Frontier Finland, Pirate Youth of Finland Confirmed Chanida Susumpow, Ms: Academia, Thailand Red Ideas Invited

Name of Remote Moderator(s): 
Carolyn Krupski

(No.173) Cybersecurity that achieves privacy and civil liberties

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Question 1

Concise Description of Workshop: 

 
This workshop will look at cybersecurity from a public policy perspective, including the synergistic relationship between cybersecurity, privacy and civil liberties by highlighting measures that achieve all three objectives. In many ways, privacy and civil liberties are enhanced by cybersecurity measures that protect networks and ensure the reliability, resiliency, and integrity of the Internet. The discussion with experts and participants in this workshop will look at the key issues and most significant policy challenges in cybersecurity including, among others:

Organiser(s) Name: 

Liesyl Franz, Consultant (business)
Packet Clearing House (technical community)

Submitted Workshop Panelists: 

 

  • Moderator
    • Ms. Liesyl Franz, Consultant (USA)
  • Representative from global business
    • Ms. Audrey Plonk, Intel Corporation (USA)
    • Mr. Nizar Zakka, Union of Arab ICT Associations – IJMA-3 (Lebanon)
  • Representative(s) from Civil Society
    • Mr. Robert Guerra, Citizen Lab, Monk School, University of Toronto (Canada)
    • Ms. Joy Liddicoat, APC (New Zealand)
  • Representatives from governments:
    • Mr. Bobby Flaim, Federal Bureau of Investigation (USA)
    • Mr. Jimmy Schulz, Member of European Parliament (Germany)
    • Representative, European Commission (Europe)
  • Representative from technical community
    • Representative, CERT-Br (Brazil)
  • Name of Remote Moderator(s):
    • Mr. Anders Halvorsen, WITSA (USA/Europe)
Name of Remote Moderator(s): 
Anders Halvorsen, WITSA

(No.172) Cloudy Jurisdiction: Addressing the thirst for Cloud Data in Domestic Legeal Processes

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Question 1, 4 and 5

Concise Description of Workshop: 

The use of cloud services is rising globally. Cloud computing and storage are uniquely tailored to take full advantage of our increasingly networked environment. However, a move to the cloud also entails tangible challenges as vast repositories of information once kept within the sacrosanct safety of the home computer are placed on a remote server in the control of a third party. While the protections of home storage and processing can be replicated in the cloud, legal norms have been slow to adopt.

Organiser(s) Name: 
  • Katitza Rodriguez, International Rights Director, Electronic Frontier Foundation (Peru)
  • Tamir Israel, Staff Lawyer, Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC), University of Ottawa (Canada)
Submitted Workshop Panelists: 

Chair: Katitza Rodriguez, International Rights Director, Electronic Frontier Foundation; (US/Peru) (Civil Society) / Confirmed

  • Ian Brown, Senior Research Fellow, Oxford Internet Institute (EU) (Academic) / Confirmed
  • Bertrand de la Chapelle, Program Director at International Diplomatic Academy (EU) (Civil Society) / Confirmed
  • Marc Crandall, Global Compliance, Google (US) (Private Sector)
  • Elonnai Hickok, Policy Associate, Centre for Internet & Society (India) (Civil Society) /Confirmed
  • Sophie Kwasny, Head of Data Protection Unit, Data Protection & Cybercrime Division, Council of Europe (IGO) / Confirmed
  • Bruce Schneier, Chief Security Technology Officer of BT (US) (Private Sector) / Confirmed
  • Wendy Seltzer, Policy Counsel, W3C (US) (Technical Community) / Confirmed
Name of Remote Moderator(s): 
Paul Muchene, iHub Nairobi (Kenya) (Private Sector)
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Please include any comments or recommendations you have on how to improve the inclusion of issues related to gender equality and: 

This is a great initiative. While gender issues were not directly implicated by our topic, we will seek ways to include a gender angle in future panels, even where it is not directly implicated.

Report
Reported by: 
Tamir Israel
A brief substantive summary and the main issues that were raised: 

A PDF of this Report is available at: https://www.eff.org/document/cloudy-jurisdiction-addressing-thirst-cloud-data-domestic-legal-processes
The objective of this panel was to discuss the means by which privacy protection can be assured in an environment that exists in many jurisdictions at once and, hence, is subject to legal access by a wide variety of state entities. The panel was divided into two parts, the first focused on highlighting challenges to surveillance problems posed by the cloud, while the second focused on solutions. The hope was to adopt a practical, problem-solving attitude to these issues.
Part I: Privacy Challenges in the Cloud
Many lines are blurring in a manner that confounds traditional privacy protections while exposing increasing amounts of data.

  • The Jurisdictional Challenge. While the Internet is technically borderless, in reality, state actors impose their sovereignty onto online environments with increasing frequency. The operating of sovereignty over shared spaces can subject individuals to the laws of another country without any realization of having done so. This in effect transforms the surveillance efforts of one country into privacy risks for all the world’s citizens, as an interconnected network places their personal data at the whims of many states. The cloud, which by its nature exists in multiple jurisdictions at once, exacerbates these jurisdictional problems which are generally inherent in online interactions.
  • Lawful Intercept.Governments appear to be in a race to outdo each other in terms of increasing surveillance capacity. Legislative efforts focus on Internet intermediaries and aim to maximize intercept capability and mandate retention of transactional data. The latter, in particular, is problematic as ‘transactional’ data is presumed to be less private. In reality, however, online transactional data can provide a very rich and broad picture individuals lives, activities and preferences. Yet on the basis of a false ‘content/metadata’ dichotomy, states do not offer this type of transactional data the same level of protection as is offered to ‘real’ content. As activities move to the cloud this becomes increasingly problematic, as each cloud interaction generates its additional metadata.
  • Voluntary Lawful Assistance. The move to the cloud places a significant amount of personal data in the hands of third party entities – data that historically resided on the home computer now sits on a company’s servers. At the same time, companies are increasingly facing political and legal pressures to assist governments in their surveillance efforts. Internet intermediaries can be pressured to domestically locate servers in order to bypass in-transit encryption or to hand over personal information of their customers upon request. There is minimal oversight over such voluntary cooperation, and, hence, its scope is not well-documented. The problem is worse in some developing countries, where there are minimal incentives for online intermediaries to fight government pressures and potentially rigorous penalties for not doing so.
  • Updated Surveillance Powers Meet Antiquated Privacy Protections. Absent a few exceptions (such as encryption of communications), governments are in a rush to update surveillance laws. At the same time, they do not seem to approach the need to update privacy protections with equal determination and zeal. Many legal regimes intended to safeguard privacy against the state’s overriding interest in surveilling its citizens are premised on space-based distinctions that simply do not apply in an online/cloud environment. Government surveillance regimes treat the same data that was once stored at home with far less respect simply because it is in the ‘cloud’. Nor have privacy laws evolved to account for the increasing comprehensiveness with which it is now possible to monitor information such as real-time location, contact networks and other types of information. This lack of interest in updating privacy and due process protections occurs in spite of the fact that there are many benefits to ensuring such protections are in place. Some service providers may, for example, wish to avoid jurisdictions which impose heavy-handed and costly surveillance obligations altogether.
  • Lost Individual Control. Another feature of evolving data ecosystem is that individuals have increasingly lower levels of control over their data. This has legal and technical implications. Legally, it challenges privacy norms that closely link protection with ongoing control over access to data. Technically, individuals are prevented from safeguarding their data with encryption and other techniques, or even from understanding how or to what extent their data is being secured by the third parties who control it. These two sets of implications combine to pose a serious threat to privacy as individual data is increasingly vulnerable on both a technical and legal basis. Worse – lawmakers seek to obligate technology to develop in a manner that facilitates greater surveillance, often minimal understanding of the broader technical and social implications.
  • Intelligence vs. Law Enforcement. It is becoming increasingly difficult to separate intelligence efforts from law enforcement. Most of our privacy protections are most effective in a law enforcement context, but the line between the two is blurring. The increasing availability of ‘public’ data is a further challenge. It permits law enforcement to sweep up immense amounts of data and undertake forward-looking analysis, whereas our legal system seeks to check law enforcement powers primarily by preventing access to data expected to be private. No reasonable expectations apply to public data.
  • Difficulty Establishing User Trust. Cloud-based companies attempt to take steps to safeguard customer data. These range from adopting security standards, to challenging legal data requests. However, while some mechanisms have developed to certify some of these safeguards in the enterprise context, it remains a challenge to convey these efforts to individual users. While there are legal limits to what providers can do in terms of protecting against state access, many cloud providers recognize the need to take these steps to secure customer trust. This is particularly important when asking people to invest their data in a new ecosystem such as that represented by cloud computing.
  • Data Minimization is Strained. In this context, data minimization is strained in its attempt to limit state surveillance. The nature and utility of the online tools in question envisions users storing their data in the hands of another. Indeed, they should be able to do so – they should be able to trust online services – without needing to worry about exposing themselves to state surveillance.
  • Need Security and Privacy. The real challenge is to facilitate legitimate and necessary security investigations while ensuring privacy protections. Security faces challenges as well in technological ecosystems, where encryption and anonymity are sometimes easier to achieve. It would be helpful to better integrate security and privacy policy-making. The challenge is that the balance we have established over centuries in the brick and mortar context is not easily grafted onto cyberspace.
Conclusions and further comments: 

Part II: How do we Secure Privacy in a Transborder Cloud?

  • New Governance Norms. New legal and extra-legal paradigms that are tailored to the rapidly evolving online environment must be developed. Outdated laws must be updated so Courts can play their role in securing civil liberties, but more flexible approaches should be explored. Cooperative mechanisms that bring together representatives of responsible governments from over the world, platform operators and civil society and give them the capacity to monitor what surveillance is happening on an ongoing basis. However, it is not clear whether this type of multi-stakeholder auditing is enough on its own. While policymakers are often disproportionately susceptible to intelligence/law enforcement voices, and courts and legislatures struggle with the technical impacts of their policies and typically show up retroactively to clean up the mess, these institutions still have an important role to play in ensuring surveillance remains proportional and legitimate.
  • Multi-Lateral Treaties & Governance Instruments. The use of regional or multi-lateral agreements might form a preferable basis for instilling some control over transborder access to cloud data. Mechanisms such as MLATs can be used to place restrictions on surveillance mechanisms. The Council of Europe’s Cybercrime Convention, if bolstered with more robust human rights protections, can provide a legal framework that states can rely upon as a substitute for the application of political pressure to share information directly to private companies. Private parties are not well-placed to assess the legality or legitimacy of data requests. Often, they are not even given sufficient information to attempt such assessments. In this sense, strong legal protections and objective mechanisms for ensuring compliance are not only necessary, but once in place,
  • Transparency. Transparency must be approached in a balanced manner. User notification is important, but should not be undertaken in a way that prematurely exposes and, hence, undermines legitimate investigations. Aggregate transparency, however, has no capacity to threaten an investigation and is necessary for informed policy making, and so that individuals can understand how their data is at risk from state access.
  • Cross-Pollination of Stakeholders. It would be useful for businesses to increase hiring trends from civil society and law enforcement and for governments to increase hiring from civil society and from business. Additionally, more multi-stakeholder dialogue is useful to reach a common understanding of the issues and challenges involved.
  • Technologically Informed & Neutral Policies. It is critical to ensure laws and practices are not technology specific but, at the same time, they need to be greatly informed by a thorough understanding of their broader technical implications.

(No.139) To Protect and Respect: The Intersection of Public and Private Sector Responsibilities for Human Rights in the ICT Sector

Go to Report
Status: 
Withdrawn
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Question 1

Concise Description of Workshop: 

Building on last year’s workshop on the business of human rights in the ICT sector, the Global Network Initiative (GNI) will present a new research study on the roles and responsibilities of governments and companies in the ICT sector, from Internet service providers, to mobile networks to telecommunications.

Organiser(s) Name: 

Ms. Susan Morgan, Executive Director, Global Network Initiative (multi-stakeholder initiative) The GNI is a multi-stakeholder group of companies, civil society organizations, investors and academics, who work together to protect and advance freedom of expression and privacy in the ICT sector. www.globalnetworkinitiative.org

Submitted Workshop Panelists: 

• Sunil Abraham, Center for Internet & Society • Susan Morgan, Global Network Initiative • Chris Tuppen, Founder and Senior Partner, Advancing Sustainability LLP • Cynthia Wong, Center for Democracy & Technology • Government representative to be confirmed • Industry representative to be confirmed

Name of Remote Moderator(s): 
David Sullivan, Global Network Initiative
Syndicate content