Security, Openness and Privacy

(No.163) Governing identity on the Internet

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Emerging Issues (Question 1); Security, Openness and Privacy (Question 1, 2, 3)

Concise Description of Workshop: 

From single-sign-on to federated systems to Whois data associated with Internet resources, countless individuals, business and government organizations have a stake in Internet identity information and its governance. While territorially-based governments have historically played a central role in their citizens' identity, it is private service providers and individual users that might be considered the de facto managers of Internet identity information.

Organiser(s) Name: 
  • Brenden Kuerbis, Citizen Lab, Munk School of Global Affairs, University of Toronto and Internet Governance Project, Syracuse University
  • Christine Runnegar, Internet Society
Submitted Workshop Panelists: 

The following panelists have been confirmed for participation:

  • Naomi Lefkovitz, Senior Privacy Advisor, National Strategy for Trusted Identities in Cyberspace National Program Office, NIST, United States Dept of Commerce (government) (bio [1])
  • Andrea Servida, Head of Task Force "Legislation Team (eIDAS)", European Commission (government) (bio [2])
  • Robin Wilton, Technical Outreach for Identity and Privacy, Internet Society (technical) (bio [3])
  • Malavika Jayaram, Fellow, Centre for Internet & Society
  • Mawaki Chango, Africa Internet Policy Coordinator, Association for Progressive Communications (academic/civil society) (bio [4])
  • Marc Crandall, Google (business)
  • Bill Smith, Technology Evangelist, Paypal (business) (bio [5])
  • Brenden Kuerbis, Postdoctoral Fellow, Citizen Lab, University of Toronto and Internet Governance Project (academic/civil society) (bio [6])

 
[1] http://www.linkedin.com/pub/naomi-lefkovitz/47/788/a88 [2] http://www.linkedin.com/pub/andrea-servida/0/47a/a70 [3] http://www.internetsociety.org/who-we-are/staff/mr-robin-wilton [4] http://www.linkedin.com/in/touchwithmawaki [5] http://www.linkedin.com/pub/bill-smith/1/a0b/3a6 [6] http://www.linkedin.com/in/brendenkuerbis

Name of Remote Moderator(s): 
Frédéric Donck, European Regional Bureau Director, Internet Society
Gender Report Card
Please estimate the overall number of women participants present at the session: 
There were very few women participants
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Report
Reported by: 
Brenden Kuerbis, Postdoctoral Fellow in Internet Security Governance at the Citizen Lab
A brief substantive summary and the main issues that were raised: 

This workshop was co-organized by the Citizen Lab, at the University of Toronto and the Internet Society and was moderated by Brenden Kuerbis, Postdoctoral Fellow in Internet Security Governance at the Citizen Lab.  Panelists included Andrea Servida (European Commission), Robin Wilton (ISOC), Mawaki Chango (Association for Progressive Communications), Marc Crandall (Google), Bill Smith (Paypal), Malavika Jayaram (Centre for Internet & Society) and a pre-recorded interview with Naomi Lefkovitz (U.S. Dept of Commerce).

Setting the Stage
The governance of identifiers underlies many debates at the Internet Governance Forum. How unique network identifiers like new gTLDs or IP addresses are governed impacts a range of issues from access, privacy and free expression, to copyright enforcement and cybersecurity. The premise of Workshop #163 is that we are in the formative stages of governance for a new set of identifiers, those associated with individual persons.  Governing individual identity on the Internet presents enormous challenges with respect to 1) differing views on the roles and responsibility of public and private sector, 2) developing mechanisms to govern Internet identity, and 3) the incorporation of fundamental rights in the governance of Internet identity.

Governments and Internet identity
The United States government and the European Commission have initiated governance activities pertaining to identity on the Internet. Numerous other governments are pursuing national identity initiatives, e.g., India’s Aadhaar identity cards that incorporates biometric information. However, the USG and European Commission efforts are explicitly about governing identity on the Internet. Naomi Lefkovitz reviewed the USG’s National Strategy for Trusted Identities in Cyberspace (NSTIC) and subsequently created governance body, the Identity Ecosystem Steering Group (IDESG).  In June 2012, the Department awarded a two-year grant to Trusted Federal Systems, Inc. to provide secretariat functions for the IDESG and facilitate the convening of stakeholders with the goal of achieving agreement on the standards, policies and a unifying accreditation system that would underpin consumer identity on the Internet. It also awarded $9 million in grants to organizations to develop Internet identity solutions consistent with the goals outlined in the NSTIC. In the spring of 2012, the European Commission, building on several European identity efforts (e.g., STORK), published a legislative framework for interoperable electronic identification and trust services that “empowers citizens and companies” and recognizes “legitimate government interests around public safety and policy.”

These domestic or regional initiatives belie the transnational nature of the Internet and raise questions as to why governments are active in this space.  The relationship between identity and authority was noted. The state has traditionally presumed the authority to issue identification, but on the Internet “there’s no one unifying [governmental] authority”, nor does private actor authority traditionally extend beyond organizational boundaries. Therefore, there is a “natural call” for some kind of authority to “link the different spaces [of the Internet] together in a way that...recognizes [an] entity as being the authority.”  It is efforts like USG’s and the European Commission’s that are attempting to fill this perceived vacuum.  

Mechanisms for governing Internet identity
Contractual regimes as a mechanism for governing Internet identifiers are familiar territory and can have global reach, e.g., having occurred with domain names.  Private actors in the numerous industries (e.g. credit card, education, health, defense) have created contractual agreements to federate identity usage across borders (e.g., Liberty Alliance). While nominally a national strategy, the USG’s effort represents an attempt to create federated identity at Internet scale.  However, arriving at a set of baseline rules, policies or standards that all parties can abide by will be difficult. As much flexibility as possible must be provided to organizations managing users’ identities in order to allow compliance with various regulatory requirements and jurisdictions. It was also noted that, in the case of the financial industry, some companies don’t see themselves as providers of identity used for authentication, rather as providers of a credential used to authorize a transaction.  Nonetheless, it is quite possible (perhaps likely) for the use of an identity credential to be extended beyond its original intention.  E.g., passports have become a de facto credential for identification and authorizing activities in addition to their original purpose to identity citizens and facilitate crossing of borders.  An important area to watch will be the voluntary nature of government-initiated efforts, and how the credentials that these initiatives foster may become de facto forms of identity via their widespread adoption (e.g., for access to e-government services).  Another important area is the assignment of liability.  Governments assume no liability for the repurposing of a passport credential. Managing the commercial liability associated with reliance on federated credentials will be a critical issue going forward.  E.g, if a party is relying on another organization's assertion of a user's identity in support of transaction, how will identity-related risks be separated and managed distinctly from other risks?

Identity models and implications for rights
The classic model of providing identity, e.g., a government issuing a passport, can be surmised as a single authority issuing a trustworthy credential.  This high level of assurance credential and its associated authentication process and liability models are relatively mature. However, the emerging model of Internet identity relies on lower level of assurance data from multiple sources with different levels of reliability.  These data convey individual and contextual (e.g., location) attributes concerning a transaction and allow a relying party to make a determination regarding authorization. It allows systems to look for patterns and anomalies rather than rely on a single trusted source of identity.  Such a model allows the relying party to apply dynamic risk management techniques to any transaction, as opposed to determining liability ex ante.  

The two models can be merged, where a trusted identity from a recognized authority is supplemented with attribute data. Arguably, this reflects what is proposed by the USG’s NSTIC, with its recognition of both public and private identity and attribute providers as IDESG stakeholders, and the European Commission, which builds “on the initial element of trusted identity as they are to some extent hooked into the legal system of individual Member States...on top of which private sector is called to provide much richer authorization credential-based on authentication or reputation based type services that will make the disclosure of identity to be the last resort instead of the practice.”   

The notion that attribute data from a variety of Internet-based transactions can be associated with an individual’s identity obviously raises privacy concerns. It raises questions of data management and the obligations of identity and attribute providers to protect personal data E.g., the Article 29 Working Party issued guidance in July 2012 with respect to enterprises use of cloud services to store personal data, the absence of legal frameworks to protect privacy in some countries was also noted. It is true that such a system can be designed to provide transaction authorization without revealing identity information and thereby be privacy preserving. However, it is a policy choice whether such systems and transactions are anonymous, pseudonymous, or identifiable, which makes the governance regime foundational documents and participation of all stakeholders, including individual users, important.  To this point, the IDESG has institutionalized review by a privacy committee of any policies or standards recommended for adoption.

Conclusions and further comments: 

See full report above.

(No.162) DEVELOPING COUNTRIES’ CCTLDS, SPAM AND ITS IMPACT ON INTERNET SECURITY AND GOVERNANCE?

Go to Report
Status: 
Rejected
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Question 1

Concise Description of Workshop: 

Today, increasingly, we are seeing that Country Code Top-Level Domains of different developing countries are being used for the purposes of spamming. Such prevalent is the phenomenon that it has becoming as a universal trend. Spammers are using every tricks available to exploit the vulnerabilities of ccTLDs. The absence of specific law on spam has further complicated the scenario. Very few ccTLDs are doing anything substantive in this regard. Consequently, the said emerging phenomenon of spam is a great threat to furthering the growth of Internet security and governance.

Backgroung Paper: 
Organiser(s) Name: 

Cyberlaw Asia

Previous Workshop(s): 

Yes, the President of Cyberlaw Asia, Mr. Pavan Duggal has organized various workshops and addresses various workshops including IGF held at Athens, Rio De Janerio, Hyderabad and Sharm-El-Sheikh.

Submitted Workshop Panelists: 

Dr. Govind, CEO, National Internet Exchange of IndiaRam Mohan, Senior Vice President and CTO, AfiliasArutro Servin, Chief Technology Officer in the Latin American and Caribbean Internet Addresses Registry (LACNIC)Ms. Tulika Pandey, Ministry of Communications and Information Technology, Government of IndiaPavan Duggal, President, Cyberlaw Asia

Name of Remote Moderator(s): 
urvashi

(No.161) Operationalizing cybersecurity nationally and trans-nationally

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Question 5

Concise Description of Workshop: 

 

Organiser(s) Name: 

Liesyl Franz, Consultant (business)

Submitted Workshop Panelists: 

 

  • Moderator
    • Ms. Liesyl Franz, Consultant (USA)
  • Representatives from governments:
    • Ms. Jordana Siegel, US Department of Homeland Security (USA)
    • Mr. Gokhan Evren, Department of ICT, Turkey (EMEA)
    • Mr. Robert Flaim, US Federal Bureau of Investigation (USA)
  • Representative(s) from Internet infrastructure provider/technical community:
    • Mr. Michuki Mwangi, ISOC (Africa)
    • Mr. Bevil Wooding, PCH (Caribbean)
  • Representative from global business
    • Mr. Jeff Brueggeman, AT&T (USA)
  • Representative from Civil Society
    • Mr. Kevin Bankston, Center for Democracy and Technology (USA)
  • Expert(s) on international cybersecurity efforts:
    • Mr. Andrea Rigoni, Global Cyber Security Center, Italy (Europe)
    • Ms. Yurie Ito, JP-CERT, Japan (Asia)
  • Name of Remote Moderator(s):
    • Mr. Anders Halvorsen, WITSA (USA/Europe)

 

Name of Remote Moderator(s): 
Anders Halvorsen, WITSA

(No.155) LEGAL ISSUES OF CLOUD COMPUTING- IMPACT UPON INTERNET GOVERNANCE.

Go to Report
Status: 
Rejected
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Question 2

Concise Description of Workshop: 

The advent of cloud computing has brought forward various new benefits for the stakeholders. Yet the concerns pertaining to security of the cloud have raised some fundamental challenges . Further cybercrime is going to tremendously increase in the context of cloud computing. Various jurisdictional questions that are arising in the context of cloud computing are increasingly becoming important challenges in the discussion on cloud computing. Which country or court would have jurisdiction in the event of disputes, is one question, which has not yet been answered.

Organiser(s) Name: 

Cyberlaws.Net

Previous Workshop(s): 

Yes, the President of Cyberlaws.Net, Mr. Pavan Duggal has organized various workshops and addresses various workshops including IGF held at Athens, Rio De Janerio, Hyderabad and Sharm-El-Sheikh.

Submitted Workshop Panelists: 

Prof Garend, South Africa Judge Stein Scholberg, Norway Pavan Duggal, President, Cyberlaws.Net CEO, Apple CIO, IBM

Name of Remote Moderator(s): 
sheffali

(No.153) CYBER SECURITY VERSUS PRIVACY - HOW TO BALANCE BOTH FOR FURTHERING INTERNET GOVERNANCE IN THE DIGITAL/MOBILE ECOSYSTEM?

Go to Report
Status: 
Rejected
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Question 2

Concise Description of Workshop: 

The proposed workshop will look at the various legal frameworks, regulations and principles impacting cyber security over the Internet and also those pertaining to privacy, in the digital/mobile ecosystem. The traditional conflict that has been perceived between cyber security on the one hand and privacy on the other hand, in the digital age will be examined. The coming of mobiles have further poised new challenges in this direction.

Backgroung Paper: 
Organiser(s) Name: 

Mobilelaw.Net

Previous Workshop(s): 

Yes, the President of MobileLaw.Net, Mr. Pavan Duggal has organized various workshops and addresses various workshops including IGF held at Athens, Rio De Janerio, Hyderabad and Sharm-El-Sheikh.

Submitted Workshop Panelists: 

Dr. Gulshan Rai, Director General, iCERT(CERT-IN) Sunil Abraham, Centre for Internet and Society Prof Pauline Reich, Waseda University, Japan Prof Linda Spedding Pavan Duggal, President, Mobilelaw.Net

Name of Remote Moderator(s): 
lalit

(No.97) Concepts of acceptable behaviour to protect and enhance trust

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

3: What risks do law enforcement, information suppression and surveillance have ...

Concise Description of Workshop: 
Organiser(s) Name: 

Martin Boyle, Nominet, on behalf of the UK-IGF.  Nominet is a technical and a business entity. The UK-IGF is a multi-stakeholder partnership.

Previous Workshop(s): 

130 Protecting the most vulnerable users in society: The roles of different actors in helping the new user survive in an on-line world: http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W... 129 Media in mutation: what is the future of the news and media industry in a world of social networking? http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W... 125 Parliamentarian Challenge: a Round Table between Parliamentarians and other Stakeholders http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W...

Submitted Workshop Panelists: 

 

  • Jamie Saunders, Director, International Cyber Policy, Foreign & Commonwealth Office, UK (Government);

  • Mary Uduma, CEO of the .ng ccTLD registry, Nigeria (Industry);

  • Dixie Hawtin, Global Partners & Associates, Chair of the Dynamic Coalition on Internet Rights & Principles, UK (Civil Society);

  • Robert Shlegel, MP, member of the Committee on the information policy, information technology and communication, the State Duma, Russia (Parliamentarian);

  • Professor Flávio Rech Wagner, University Professor at the Federal University of Rio Grande do Sul, Member of the multi-stakeholder Brazilian Internet Steering Committee, Brazil (Academic);

  • Lesley Cowley, CEO Nominet (the .uk ccTLD, which has been working with local stakeholders on responses to criminal behaviour), UK (Industry).    

  • Moderator:  Roelof Meijer, CEO, SIDN (the .nl Internet domainname registry), The Netherlands (Industry)

 

Name of Remote Moderator(s): 
Kieren McCarthy
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Please include any comments or recommendations you have on how to improve the inclusion of issues related to gender equality and: 

The discussion was gender neutral and gender was not raised by the panel or by the audience in the open discussion.  The panel was reasonably balanced - four male (including the moderator) and three female.  By sector:
* Industry:  2 women, 1 man (the moderator)
* Civil Society:  1 woman, 1 man
* Government:  2 men

Report
Reported by: 
Martin Boyle
A brief substantive summary and the main issues that were raised: 

Roelof Meijer, the moderator (CEO of SIDN, the .nl Internet domain name registry)  introduced the session:  the development of the Internet has made it crucial to the economy and to society in general.  Lack of trust limits the full potential.  The concept of acceptable behaviour was introduced in the London International Cyber Conference in November 2011 and developed further in the recent Budapest Cyber Conference
Jamie Saunders, Director, International Cyber Policy, in the UK Foreign & Commonwealth Office, identified the pressures on governments:

  • Governments have to develop domestic policies on the internet which ensure security. They have to do that in a way that respects fundamental human rights, but there are some difficult trade-offs in that space.
  • We can't divorce cyberspace entirely from the reality of state-on-state conflict.  States do act in cyberspace to protect national security interests.
  • States recognise the need to collaborate and tackle threats in cyberspace and they also respect national borders.  The challenge in terms of agreeing norms of acceptable behaviour is key.

He believed there were significant reasons for optimism that something could be achieved:

  1. There are standards that exist and which could be used to help regulare behaviour and responses;
  2. Few want to see any breakdown of the Internet or fragmentation;
  3. The benefits of the Internet provide an important incentive to work together to tackle threats – cooperation and confidence building will help reduce the risk of escalation of incidents.

The process initiated at the London International Cyber Conference has been heavily dominated by governments.  However, business involvement is important as it operates the networks and provides the services.  Civil society has an important role in holding governments to account and can often help break through entrenched government position.
Mary Uduma, President of the Executive Board, Nigeria Internet Registration Association described how bad actors in Nigeria had had serious consequences for the country.  She noted that this is the same for both on and off line action:  in this case Nigeria’s reputation for housing bad traffic led to an economic downturn, the blocking of universities’ IP addresses and a lack of consumer trust in the use of systems – including in the ATM network – limiting the development of e-commerce.  There had even been a case where a young woman had been lured to an hotel room and murdered.
There is good news:  Nigeria is cooperating with other governments to address issues, in particular with EU training for Law Enforcement Agencies on security and responses.  There has been some success in bringing criminals to court, but there is a problem in the lack of a definition of cybercrime and the use of “e-evidence” in courts.  There is work on developing a cybercrime bill to provide the legal framework that recognises cybercrime and electronic evidence.
Nigeria has set up a working group led by Law Enforcement Agencies and the national CERT to provide a reporting system.
The Nigerian IGF looked at this issue at its national meeting.  One of the things discussed was what you need to do to influence the behaviour of users.  Nigeria is ready to co-operate between government, civil society and industry and is ready to communicate with other organisations to see how to tackle bad behaviour. There is a correlation between people who have signed up. We have had consultation on the Bill. We agree with others on how to co-operate and tackle the bad behaviour on the internet.
Dixie Hawtin, Global Partners & Associates, Chair of the Dynamic Coalition on Internet Rights & Principles talked about how the dynamic coalition’s work on key rights and principles (http://irpcharter.org/campaign/) had developed.  The coalition was a network of individuals and groups from around the world and included wide consultation.  It recognised the contribution the Internet had made to enabling rights – freedom of expression and of assembly, for example.  The work recognised dangers on line for users companies, governments and the harm that can be caused:  mass surveillance, censorship and infringing national laws, international treaties and ignoring appropriate safeguards, for example.
The coalition adopted an approach to protecting public rights and Dixie considered it important to base Internet policy decisions on clear human rights’ standards.
The Charter of Human Rights & Principles on the Internet is an evolving document.  It is a long document and it has been hard to get agreement on this level of detail.  The 10 Internet Rights and Principles document is a higher level approach that did benefit from wide consensus, distilling out the key ideas from the work.
The process used in the work gives the document a lot of legitimacy.  It is based on existing statements on human rights standards.  The process was open and the coalition went out for input and consultations.  It used an approach that was multi-stakeholder and global (every country was invited to feed in).
She agreed that any work on Internet governance needed to be based on agreed principles – in addition to the Internet Rights & Principles Coalition’s work, the Council of Europe and the OECD have produced statements of principles that should also be drawn on.  She noted that civil society had also called for the IGF to develop a set of principles.
As a final comment, she expressed concern about the terminology of acceptable behaviour, with connotations of a paternalistic and sanitised approach to the Internet, and suggested that addressing unacceptable would be a better approach. 
The Honourable Robert Shlegel, Member of the Russian State Duma and a member of its Information Policy, Information Technology & Communications Committee, noted that Russia is one of fastest growing Internet economies in the world and in the top ten for development of broadband access with rapidly reducing costs and increasing speeds, including with growth in the number of older users.  While there has been a focus on enabling Internet users, thought has been given to protecting users.  There is work in Russia on developing rights and responsibilities for Internet service providers.
He noted a need for globally-recognised principles which could include rules on which the Internet could be developed:  principles should oppose controlling or blocking content and underline the need to ensure open access for adults while protecting children from harmful content.  The three principles of management which could probably be attained in the near future are:

  • Equality of access
  • Complete privacy and anonymity (and he expressed concern that this was under threat because of abuse through cybercrime)
  • The right to free flow of information for political purposes

A new law was introduced on 1 November 2012 that creates Internet “blacklists” preventing access to child abuse, drugs and suicide websites.  This has quite wide support (87%) in Russia.
Russia has submitted a proposal for a UN Convention on International Information Security aimed at developing cooperation in the fight against cybercrime, looking for wide applicability over the Internet but without violating national sovereignty.  Such action is needed because of the importance of the Internet in accessing services, e-government, social interaction and information, education and medical care as well as in assisting in responding to natural disasters:  the Russian Federation had significant on-going work to help develop these applications.
In response to a question from the moderator, Robert Shlegel noted the need to put a lot of effort to develop and act on rules agreed at international level.  However, he was concerned that the dialogue was not working because the focus of much of the disn was on why ideas were not being considered and why they are not considering idea.  We need to listen to what others are saying about how to define unacceptable behaviour.
Professor Flávio Rech Wagner, Federal University of Rio Grande do Sul and a Member of the multi-stakeholder Brazilian Internet Steering Committee said that Brazil strongly supported a worldwide multi-stakeholder approach for the development of a framework of acceptable behaviour. Brazil has been following this multi-stakeholder approach for many years at a national level with success, involving all the various stakeholder groups in the country.
The internet steering committee has 12 members from civil society and nine members from the government and it has a particular responsibility for enhancing trust.  It has an important political role as it proposes policy affecting the operation of the Internet in the country.   It is not a regulatory agency, but produces non-binding recommendations to enhance trust, working together with society, government and the Congress by education and outreach to put those policies forward.   As examples, it has identified policies for fighting spam (its resolutions have been followed by all Internet service and telecom providers in the country);  and a dialogue on policies on privacy and the protection of personal data (actions by the different stakeholders and their respective responsibilities).
Of particular note is that the committee has developed 10 fundamental principles for the use of the Internet, which includes issues of acceptable behaviour on the net, privacy, data retention, net neutrality and the responsibilities of content providers.  This has been discussed in the Brazilian Congress.  This has led to a draft Internet Bill of Rights which will be voted on imminently.  
Flávio thought that Brazil would be very interested in engaging with a multi-stakeholder initiative to work on the concepts of behaviour, but starting with principles and rights, before we looking at what is acceptable or unacceptable behaviour.
Lesley Cowley, CEO, Nominet, the .uk Internet domain name registry started by looking at the work that Nominet has done in enhancing trust, which has been working with law enforcement agencies where activity breaches our terms and conditions.  This is a blunt instrument for dealing with some of the undesirable behaviours that damage trust. 
It has been working through a multi-stakeholder process on policy around how to respond to criminal behaviours.  It is difficult to develop policy in such a contentious area through a multi-stakeholder process, but it will shortly be able to finalise a policy approach on responding to criminal activity.  
It is a difficult issue because Nominet should not act for law enforcement or become a law enforcement agency.  However, it does need to meet its responsibilities, particularly to end users, and to ensure that people retain trust in the .uk space.
One concern is about how to scale up to respond quickly:  criminal activity can be happen incredibly quickly, but often the processes for dealing with it is incredibly slow.   
Lesley questioned the concept of a trusted Internet.  We teach people how to keep safe in an unsafe world.  However, when it comes to cyberspace, we try and protect and cocoon people and perhaps more effort needs to be put into helping users and businesses keep themselves and their systems safe.  Any discussion about rights is missing the other half of the picture which is the individual’s or the organisation’s responsibilities to protect themselves or to other users.
Finally, Lesley referred to the discussion in the UK IGF.  There was consensus that the work should be well based in human rights.  Where there was disagreement was on the balance with privacy.  It was also recognised that it would be hard to get full agreement between different countries on what is acceptable (or unacceptable).  It probably is not realistic to reach consensus, but there might be a way of benchmarking between countries to help define national approaches.
In response to a question, Lesley noted that unacceptable behaviour could range from the obviously unacceptable, such as criminal activity to that which might be unacceptable to an individual – for example, re-posting personal images or content.
In the discussion:

  • One questioner from the floor noted that the view from Russia did not make any reference to civil society.  It sounded like the model of an omnipresent state taking care of each and every citizen.  Is this a weakness of the system which might hamper the development of the open Internet in Russia?  Robert Shlegel responded that he agreed with the role of civil society, but noted that in Russia the development of democratic expression is happening:  civil society is developing, but this cannot be achieved very quickly.
  • A second questioner asked what the ultimate objective is – is it about reducing cybercrime or fraud?  Without that clarity, it is hard to be clear about what can be the best output from the process.  Jamie Saunders suggested that part of the work was to establish a framework for international cooperation for responding to cybercrime – including on what cybercrime is.  He noted that some work was going on the UK to identify the scale of investigations that stop because there is no framework for international cooperation.  A second objective was economic and to make it easier for trading across borders.  And a third objective was to try to avoid international security incidents escalating into uncontrollable real-world conflicts.
  • A questioner was concerned about references to morality because of differences in culture.  Individuals in different countries need to have the same rights.  Mary Uduma noted the similarity between the on and off-line worlds in gauging morality or criminality and governments sets the laws for this.
  • There was a concern that scalability might lead to stronger action against individuals than against large criminal organisations.  Lesley Cowley clarified that she was referring to how to respond to a large number of complaints (even if a small percentage of actual users of services).

The Chair asked how the discussion could be moved forward internationally.
Ideas included:

  • Same rights / behaviour principles online as offline
  • There was widespread agreement for the need for multi-stakeholder engagement to establish principles, rights & responsibilities.  Multi-stakeholder-defined principles and then stakeholders implementing the concepts as appropriate for their separate roles.  This engagement could take place in an IGF model, working regionally and nationally.
  •  You cannot legislate for trust – it is more to do with the cultural environment in which you are working.  How do you get the concepts to stick if there is no binding agreement?  Self regulation depends on society and values.
  • Is it easier to focus on the major issues where every country agrees it is wrong – child abuse, drugs etc.
  • We do need have government-to-government debate and agree things and have treaties because that is what makes things binding.   However, international legislation is too slow for speed of development on Internet and it might be premature to try to look for agreements at that level until we are clear about the principles of rights and responsibilities.
  • One view was that a convention between a small group of countries (like the Council of Europe) is not a recipe for success.  But this does happen successfully – smaller groups of countries (and it happens a lot in Europe) do strive to come to an agreement because it makes trade and the economy work so much easier.
Conclusions and further comments: 

The chair summed up that there had been examples and statements supporting the position that (other than in the more serious issues of cybercrime) we will need laws to be able to enforce.  However, there is support for an international discussion in a multi-stakeholder environment on a set of principles based on human rights looking at rights and principles and also at responsibilities.
The IGF might be a good environment to start this discussion.  There is doubt about whether this could to lead to something that we can use in a relatively short time.  It is not an alternative to international legislation, but that is time consuming:  already at a national level we sometimes have to make an arrangement before the legislation is in place.  From a discussion at an international level, we need to bring the discussion down to the national level for a national discussion and implementation based on its own cultural and legal framework.
It is encouraging to have a government reaching out to other stakeholders to engage in that discussion and this is welcomed.  It recognises that this is a difficult conversation and one which needs civil society input.
Session feedback:
This workshop has flagged that there are important discussions on security and cybercrime and,  as this affects states, this is discussed in inter-governmental fora like the UN.  However, we need to have a multi-stakeholder input to underpin the technology and end user concerns so we invited multi-stakeholders to have a debate on what the issues were.  Any discussion needs to be grounded on human rights principles.  We weren't sure about exactly how to go about that, but we thought it would be good to encourage national and regional level discussions and the various panellists all agreed to take that idea back to their own country and region to develop the ideas.  Hopefully we will have something to report back next year.

Additional documents: 

(No.96) The Internet of Humans: Online Human Behaviour and IG Policy Impacts

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

What measures can be taken to ensure freedom of expression, access to knowledge and privacy, including for children?

Concise Description of Workshop: 

vIf IG and ICT policy are to be effective, we must cultivate a keen understanding of the ever-evolving human behaviours that accompany an Internet of individuals and communities; a human internet that shapes global society in ever more pervasive ways. This workshop is an intersection between research on emerging sociological and psychological trends in Global Human behavior on the Internet, and Internet Governance Policy and Practice.

Backgroung Paper: 
Organiser(s) Name: 

Ms. Sheba Mohammid, DiploFoundation, Academia, GRULAC

Previous Workshop(s): 

No

Submitted Workshop Panelists: 

Ms. Anju Mangal (Secretariat of the Pacific Community (SPC) and member of Pacific ISOC Chapter (PICISOC) (Pacific, NGO, Confirmed), Ms. Judith Okite (Free Software and Open Source Foundation for Africa, NGO, Africa, Confirmed), Mr.Pedro Less Andrade (Google, GRULAC, Confirmed),Ms. Olga Cavalli (Government of Argentina, Government, GRULAC, Confirmed), Ms. Sheba Mohammid (DiploFoundation, Academia, GRULAC, Confirmed), Mr. Alex Comninos (Association for Progressive Communications and Doctoral Candidate at Justus Liebig University Giessen), Ms. Valeria Betancourt (Association of Progressive Communications, NGO, GRULAC ),Ms.Nicola Douglas and Mr.Matthew Jackman (Youth IGF Project Delegates),Mr Tim Pilgrim, Youth Representative from the COMNET WireUP! Project (Confirmed), Trevor Phipps (St Kitts and Nevis, Rapporteur), Grace Githaiga Kenya, Rapporteur), Deidre Williams (St Lucia, Rapporteur)

Name of Remote Moderator(s): 
Jose Arce
Gender Report Card
Please estimate the overall number of women participants present at the session: 
The majority of participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was mentioned briefly in the presentations and discussions
Report
Reported by: 
Sheba Mohammid
A brief substantive summary and the main issues that were raised: 

 
The Internet Governance Forum (IGF) 2012
 
WS 96 - The Internet of Humans:  Online Human Behaviour and IG Policy Impacts
 
Workshop Report
 

If IG and ICT policy are to be effective, we must cultivate a keen understanding of the ever-evolving human behaviours that accompany an Internet of individuals and communities; a human internet that shapes global society in ever more pervasive ways. This workshop is an intersection between research on emerging sociological and psychological trends in Global Human behaviour on the Internet, and Internet Governance Policy and Practice.

Panellists
Ms Anju Mangal (Secretariat of the Pacific Community (SPC) and member of Pacific ISOC Chapter (PICISOC) (Pacific, NGO)
Mr Pedro Less Andrade (Google, GRULAC)
Ms Olga Cavalli (Government of Argentina, Government, GRULAC)
Mr  Alex Comninos (Association for Progressive Communications and Doctoral Candidate at Justus Liebig University Giessen)
Ms Nicola Douglas and Mr Matthew Jackman (Youth IGF Project Delegates)
Mr Tim Pilgrim, Youth Representative from the COMNET WireUP! Project (Confirmed)

Moderator
Mr Tracy Hackshaw (GRULAC, ISOC)

Rapporteurs:
Mr Trevor Phipps (GRULAC)
Ms Grace Githaiga (Africa)
Ms Deidre Williams (GRULAC)

Organiser
Ms. Sheba Mohammid (DiploFoundation, ISOC, GRULAC, Confirmed)

This was an interactive workshop where panellists and the audience discussed some of the key contemporary issues surrounding human behaviour and the Internet.

Some of the themes raised include:
 

  • Human Behaviour and Virtual Spaces- Consideration needs to be given for how ICTs have changed our respective behaviours. Constant use of email and social media, impact on interpersonal communication skills (face to face). There needs to be more research into understanding the implications of these new social aspects of virtual behaviour and the policy implications.

 

  • Anonymity and Use of Real Identities- Anonymity is essential in many circumstances for freedom of association: for example activists under repressive regimes, LGBT communities in societies where they are persecuted, people discussing and seeking advice for personal and medical problems, and many others all need anonymity. In the offline world we have the right to form private associations and not to have our associations revealed, why should we be forced to reveal our identities and associations just because our activities are conducted online. If people are stripped of their anonymity online they may be afraid to express their true opinion. Anonymity also allows people to express their points of view without others judging it by where they came from (e.g. age, gender, level of education etc.). Anonymity provides an enabling environment for open and sincere debate online. Anonymity and Freedom of Expression online are desirable and from a human rights perspective must be protected, but we must be responsible and accountable. Use of real names online can be a useful factor in some situations but we need to be careful of what is posted online.

 

  • Freedom of Assembly and Freedom of Expression-Two rights that are neglected online are freedom of assembly and freedom of association. These rights are threatened by surveillance, censorship and erosion of anonymity. In the offline world, we can be be ensured privacy in our associations, in the online world however these associations are often laid bare, for all to see. Corporations are setting norms whereby people are forced to use their real names online, this was not a norm during the beginning of the popular growth of the internet.

 

  • Privacy is an issue completely related to security: users’ concerns revolves around non-authorized access to their systems or devices, identity theft, hijacked of their accounts, access to their financial information and unauthorized use of payment instruments. Google underscored that keeping user information safe and available is one of their top priorities. It is important to ensure strong security and privacy protection by providing easy-to-use security and privacy tools to help users to protect themselves against spam, phishing and malware and to avoid unauthorized access to their accounts and personal information.

 

  • Accountability- Need for greater accountability by all stakeholders in what is shared online and generally how one behaves online. As well as the need for governments to understand the issues from a multi-disciplinary, multi stakeholder approach.

 

  • Youth- Research presented based on a survey of 800 youths on 6 different continents Key emerging research issues were Anonymity, Audience size, Emotions, Confidence and Reputation. Key findings included:

·         Youth were more inclined to be open if they were anonymous; Anonymity provides security, protection and allows them to be more expressive.
·         One drawback was that aspects of communication (body language) are lost, found it difficult to identify emotions even with the use of emoticons.
·         Sometimes their own freedom of expression had to be curtailed out of concern for their reputation.
·         The type of communication and the openness of it depends on the target audience.

 

  • Policy Impacts- There is a large population of users that see the internet as a source of information, but are unaware of the risks associated with the use of the internet. There is a need for greater awareness and capacity building in the area of privacy, security and ethics.

 

  • Legislation applied to “Real World” and Virtual spaces- The law should be balanced in dispensing justice related to speech online and in the physical world. Users’ behaviour alters traditional legal institutions: for example the raising need for users to have content available on demand, when, where and in the format they want is affecting traditional models of copyright and there is an increasing need that those models start to become more resilient to users’ new demands. Laws need to be in place address cyber crime, however as the same law for crimes applies online as do offline, often new legislation will not be needed, but rather online enforcement.

 

  • Research on Human Behaviour and the Internet- Some questions raised include what steps are being taken by Policymakers /regulators to understand the behaviours that are taking place on line and how do regulators determine what policies need to be implemented to address online behaviour?

There is a gap in research that focuses on the understanding the positive impacts of the internet and what it is contributing to our social world and there is a need to cultivate more of this research.
It was recommended that a variety of specialists need to collaborate to analyse this issue (i.e. experts on behaviour, sociologist, technologist in addition to lawyers).
 
 

  • Recommendations for a Way Forward- The session agreed that there is a need to have diversity in this kind of discussion and get experiences of different groups e.g. disabled, policymakers and ordinary end users. This will show the different perspectives of how we behave online and allow for the creation of more informed policies. There was a call for collaboration for the research to be expanded. The group recommends a research agenda targeted at understanding the online behaviour and needs of a range of stakeholders.

 

(No.94) Social media, young people and freedom of expression

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

What measures can be taken to ensure freedom of expression, access to knowledge and privacy, including for children?

Concise Description of Workshop: 

This workshop will seek to explore the relationship between social media, young people and freedom of expression.
It will consider the challenges to both service providers and young people alike and seek to engage the panelists in a debate about the challenges they face and to discuss the practicalities of resolving these.

Organiser(s) Name: 

Lucinda Fell – Childnet International

Submitted Workshop Panelists: 

Patrick Ryan, Google (Private Sector, WEOG, Confirmed)
Richard Allan, Facebook (Private Sector, WEOG, Confirmed)
Ellen Blackler, Walt Disney (Private Sector, WEOG, Confirmed)
Council of Europe Delegate (WEOG, Confirmed) 
Matthew Jackman, Youth Delegate, Member of the UK Youth IGF Project (Civil Society, WEOG, Confirmed)
Jack Passmore, Youth Delegate, Member of the UK Youth IGF Project  (Civil Society, WEOG, Confirmed)
Rebecca Cawthorne, Youth Delegate, Member of the UK Youth IGF Project   (Civil Society, WEOG, Confirmed)
Nicola Douglas, Youth Delegate, Member of the UK Youth IGF Project (Civil Society, WEOG, Confirmed)
Bianco Ho, NetMission (Civil Society, Asia Pacific, Confirmed)
Members of the NetMission Youth Delegation (Civil Society, Asia Pacific, Confirmed)
Members of the Nordic Youth IGF Delegation (Civil Society, WEOG, Confirmed)
Victor Neufeld, eNACSO youth participant (Denmark) confirmed
Anna Fogh Gransoe, eNACSO youth participant (Denmark), confirmed
Dixie Hawtin, Global Partners and Associates (Civil Society, WEOG, Confirmed)
Janice Richardson, Insafe Network (Civil Society, WEOG, Confirmed)
Ken Corish, South West Grid for Learning and UK Safer Internet Centre (Civil Society, WEOG, Confirmed)
Philippa Green, Childnet International and UK Safer Internet Centre (Civil Society, WEOG, Confirmed)
Larry Magid, ConnectSafely.org (Civil Society, WEOG, Confirmed)
 
 

Name of Remote Moderator(s): 
Hannah Broadbent – Childnet International
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Please include any comments or recommendations you have on how to improve the inclusion of issues related to gender equality and: 

 
Info for Gender report:
Gender – 9 male, 9 female
Youth – 9 youth, 9 adults
5 women (Pippa, Ellen, Bianca, Dixie, Janice), 4 girls (Becca, Nicola, Nathalie, Anna)
4 men (John, Richard, Ken, Larry), 5 boys (Jack, Matt, Victor, Wayne, Elmo)
 

Report
Reported by: 
Lucinda Fell
A brief substantive summary and the main issues that were raised: 

Workshop 94 write up
 
Social media, young people and freedom of expression.
 
This workshop was convened as the issue of Social media, young people and freedom of expression is particularly pertinent to the experience of young people.
Background:
Question 4 of Security, Openness and Privacy taken from the programme for the 2012 meeting, sought to question what measures could be taken to ensure freedom of expression, access to knowledge and privacy, including for children.  It specifically asked  what are the challenges to protect freedom of expression online and what measures can be taken to better empower citizen’s access to information and participation in digital age, alongside considering the roles and responsibilities of user as they relate to openness, privacy and security.
 
At Childnet, we know from our work in schools in the UK that children and young people are very often among the first adopters of technology and internet services.  Social networking services are a key example of this. The Ofcom UK children’s media literacy report highlighted that younger children are increasingly using social networking sites. (http://stakeholders.ofcom.org.uk/binaries/research/media-literacy/media-lit11/childrens.pdf) Indeed, the percentage of 5-7 year olds using social networking sites in the UK increased from 7% in 2009 to 23% in 2010. This is largely driven by sites like Club Penguin and Moshi Monsters rather than age-restricted sites like Facebook. However, Facebook remains enormously popular.  96% of 8-15s with an active social networking site profile use Facebook, and there are a significant number of underage users accessing sites like Facebook which have a minimum user age of 13.  In the UK, it seems that starting secondary school at the age of 11 is a key trigger for underage social networking:  28% of 9-10s have an SNS profile compared to 59% of 11-12s.( Livingstone, S., Haddon, L., Görzig, A., and Ólafsson, K. (2011). Risks and safety on the internet: the UK report. LSE, London: EU Kids Online. Summary available at  bit.ly/M7J4Qy)
 
As part of workshop 76 (http://bit.ly/WhMfbg) which Childnet chaired at the IGF 2011, the youth panellists were asked whether being online gave them a voice, and if so, how.  Their responses included the fact that being online gave them as young people a platform to share their opinions with people who they wouldn’t usually be able to communicate with and the ability to publish their own opinions.  The point was also raised that being online itself doesn’t give a person a voice, rather it would give them the opportunity to use their voice, and for a vast number of users who already use their voices, in terms of stating their thoughts and opinions offline, the internet would merely facilitate in a greater way their desire to speak out on matters causing them concern. The internet provides the means for these people, to contact others who are concerned about similar issues, via chat rooms, comment facilities and social networking.  It was additionally recognised that the internet also gives a voice to those who are otherwise unable to exercise it including victims of abuse and oppression, those who are house bound due to illness and those who don’t feel confident talking about their opinions to others face to face. For these groups the internet may provide a haven where, perhaps for the first time, they too can discuss their opinions, or seek help from others in similar positions.
 
Workshop:
 
At the IGF 2012, the Youth IGF Project’s workshop, further explored the relationship between social media, young people and freedom of expression.  This workshop set out to consider what freedom of expression means to young people before considering and the what limitations they find themselves under, be it from the rules/community guidelines set by the service providers, social norms or the rules of schools where many young people access the internet.
 
The workshop was planned and delivered by four young people.  They decided that their focus would be on the measures that can be taken to ensure freedom of expression and privacy for children and young people, particularly on social media sites. At the beginning of the workshop they clarified that as four teenagers from the UK “We feel it's important to expression at beginning that we will on the whole be talking about our experiences and those of our direct peers.”  In preparation for the workshop, the Youth IGF Project team designed and developed a survey to find out from young people across the world how they felt about freedom of expression and social media.
 
The online survey was open between 12 September and 12 October and was disseminated internationally through youth networks. The survey was only available in English. 874 young people aged 11-18 from across 40 countries completed the survey. Closed questions were used to aggregate answers for statistical purposes. Open questions were posed to allow respondents to express themselves and elaborate on the answers provided.
 
The four co-chairs of the workshop, Rebecca Cawthorne, Nicola Douglas, Matthew Jackman and Jack Passmore  were joined by a range other panellists.
 
Youth panellists :
 
     ·    Victor Neufeld, eNACSO, Denmark
·    Anna Gransoe, eNACSO, Denmark
·    Wayne Choi, Net Y Ambassador, Hong Kong
·    Natalie Chong, Net Y Ambassador, Hong Kong
·    Elmo Kusima, Nordic Youth IGF Delegate, Finland  
     
Industry panellists:
 
·    Richard Alan, Facebook
·    Ellen Blackler, Walt Disney
·    John Kampfner, on behalf of Google and YouTube.
           
Civil Society panellists:
 
·    Ken Corish, UK Safer Internet Centre, UK
·    Philippa Green, Childnet and U.K. Safer Internet Center,
·    Dixie Hawtin, Global Partners and Associates,
·    Bianca Ho, Net Mission, Hong King
·    Larry Magid, Connect Safely, USA
·    Janice Richardson, Insafe Network, Brussels
 
The discussion began with a consideration of different understandings of freedom of expression and reflected a consensus from the co-chairs that they felt their freedom of expression ended where someone else's freedom starts, and that there were limitations to what they would freely expression online and also offline.
 
The results from the global survey were integrated throughout the session and informed the conversations that were used.  At the outset, the co-chairs clarified that 96% of those asked said they used social networks.
 
The youth panellists were asked what limits their freedom of expression online.  Responses included the fact that audience size changes how young people express themselves, particularly a consideration of who is viewing their posts and how this could impact their reputation.   Peer Censorship was also raised as a limit to young people freely expressing themselves online, but it was also mentioned that peer censorship can be an effective way for young people to maintain a healthy involvement in freedom of expression.  More negatively, verbal attacks and cyberbullying were also mentioned as limits to young people freely expressing themselves online.
 
The panellists considered whether they acted differently online and offline.  Drawing on the results of the global youth survey, the co-chair revealed that of those who responded to the survey 45% percent said that they didn’t act differently online, but 41% said they were more careful about what they say on line, with one in five agreeing that they were more confident online.  One of the survey results stated “Everybody acts differently on line” (18 year old male, Sweden) and the co-chair cited this as an example that everyone looking for something different out of the Internet.  The co-chair revealed that 41% of respondents to the survey said that they were more likely to say what they want on line if they were anonymous, and questioned whether the Internet changing the way people including young people think, making us more vocal in society and changing persona?       
 
The responses revealed that many young people do act differently online to how they do online. “For me I think I act differently online. Actually, no one can see my face and track with me face to face on the Internet so we don't have direct contact such as eye contact or direct discuss in the Internet …. so I think the online platform without any direct contact with me [lets me] act differently on line.”
 
Anonymity was an important theme throughout the session. The question was posed in the global youth survey, “are you more likely to say what you want online if you are anonymous?”  The results revealed that of those who responded, 41 % felt they were more likely to say what they wanted if they were anonymous but 42% said they were not more likely to say what they want if anonymous.  Discussion between the youth panellists revealed that they agreed that anonymity gives power, but that this could be both negative and positive. It could be negative in the sense that people can offend more easily because they don't have to worry about what people will think about them, but positively, it could afford people a voice who previously would be victimized for their opinion.  One panellist state, “assuming anonymity contradicts the purpose of most social networks, the purpose being exposure, like sharing who you are to the world. And I also believe that to form a proper ground for debate, you need to know who it is you are talking to. In that way it also contradicts the purpose with debate, which is the two primary reasons I use the Internet.”  Another stated, “I'm going take a middle ground  … To be anonymous is important indeed because exclusion can make people feel less scared of exclusion because they can say what they want, and don't have to worry about what people say. Also I do totally agree that you need to stick with your opinions. If you say something, you should say it with who you are and really show who you are and don't be afraid of it as well. To an extent, being anonymous is very important on the Internet, especially in Finland where we have many forums, for example, which have mainly anonymous users. These forums have been growing in popularity in Finland especially.  The younger people can talk more freely without being scared of what elders think on these forums.”
 
The themes discussed in the first section of the session continued with the discussion with the industry panellists, who defined their understanding as service providers of freedom of expression similarly, “Freedom of express for us is being able to share things with people that you want to share them with.  It's as simple as that, obviously within constraints of the rulings for that platform, I think we'll get on to discuss that.” And “it is the right to express yourself, and it is the right to receive opinions from others including opinions and information that you do not like and that you find difficult as well.”
 
The discussions here included the parameters and means that different service providers set and provide for users, in addition to the need to ensure that users are aware of and properly informed about community guidelines, terms of services and how to use a service.  There is a role of service providers to help ensure that they are presenting these in an accessible way.
 
Continuing the discussions with the civil society panellists, the workshop considered the role of social media in education.  The audience heard that it was the experience of the panelists that currently there is a reluctance to embrace social media in education.  In the UK this was often due to concerns surrounding the financial, technical and cultural barriers.  There were also concerns for schools regarding their duty of care and social media was blocked in many schools.  The experience in the US was similar, but different across Europe, particularly in previously communist countries where there was a historical fear of blocking.
 
The session heard from that users need to be more self‑aware when expressing themselves on‑line and that especially among youth there needs to be education about how to be considerate and a discerning user when both expressing and receiving information.
 
In parallel with the youth panellists, who earlier agreed that there is a role for schools in educating young people about freedom of expression, alongside the need for social media education, there was agreement that schools have a role to play in this. “We need to teach children how to understand the subtleties, not to ban it and create a generation where everybody is so perfect they would never say anything that could never possibly offend anyone, but to help people understand how they can have freedom of express, and at the same time not offend or violate the rights of others as one of our youth panellists said.  I think schools have responsibility to do that and in order to do that they have to adopt social media.”
 
It was also agreed that all users need to be educated as to their rights and how their rights have meaning in practice, rather than being high level principles, and the importance self awareness was reiterated here.
The co-chairs of the session concluded that moving forwards, dialogue and conversation including all stakeholders is vitally important.  All stakeholders need support and all have an important role to play in ensuring that users are educated.  The survey showed that young people see that schools, parents and service providers all have a role to play in helping to educate young people, but the session revealed that it is important to ensure there is ongoing dialogue between service providers and their users, as well as highlighting the fact that teachers also need support in teaching young people both about social media and freedom of expression.
 

Conclusions and further comments: 

The Youth IGF Project team is keen to develop some of the themes highlighted in this discussion in further discussions at the IGF 2013.  They have identified speakers from other sessions who they have already spoken with and who we hope to work with next year.  We are open to being contacted by any other youth delegations who are keen to work with us.

Additional documents: 

(No.90) iFreedom and cyber security in the balance

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

SO&P: Question 3: What risks do law enforcement, information suppression and surveillance have on security, privacy and openness and how can public and private sector cooperate to conform and observe human rights?

Concise Description of Workshop: 

Companies and government institutions across the globe are increasingly under attack from hackers, criminals and hactivists, while non-democratic countries, governments increasingly turn to digital surveillance tools to monitor their citizens online. Human rights activists and NGO’s fight for fundamental rights on the web, including data protection, while Web 2.0 developers declare privacy as something of the 20th century . This workshop will look at the merit of these assumptions.

Organiser(s) Name: 

- ECP on behalf of the IGF-NL (ECP | Platform for the Information Society) wants to take barriers for the implementation and acceptance of ICT away to the benefit of our economy and society, and in order to strengthen our international competitive position. In addition, ECP (also at a political-governmental level) draws attention to a number of specific themes such as growth of productivity, strengthening of competitiveness and the European Digital Agenda. One of it programs is the public-private partnership NL IGF. NL IGF prepairs for the IGF and provides good embedding of the results of the IGF in national policy.
- Dutch Ministry of Economic Affairs, Agriculture & innovation
- Dutch Ministry of Foreign Affairs

Previous Workshop(s): 

NL IGF organized :
2010: Public-private cooperation on Internet safety/cybercrime
http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=WSProposalsReports2010View&wspid=172

2011: Parliamentarian Challenge: a Round Table between Parliamentarians and other Stakeholders
http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=Workshops2011View&wspid=125

 

Submitted Workshop Panelists: 

Ivo Ivanov, AC/DC, EU project on botnet mitigation and cooperation (confirmed)
Milton Mueller, Privacy advocate (confirmed)
Katitza Rodriguez, EFF (confirmed)
Cornelia Kutterer, Microsoft (confirmed)

Name of Remote Moderator(s): 
Sophie Veraart, NL IGF - ECP
Report
Reported by: 
Sophie Veraart
A brief substantive summary and the main issues that were raised: 

Over 80 participants gathered in this workshop to talk about the balancing act between security and law enforcement on the one hand and individual rights to freedom of speech, to having a free flow of information, and rights to privacy on the other hand.
 
Panelists were Milton Mueller (privacy advocate and professor at Syracuse University), Katitza Rodrigues (EFF, international rights director), Cornelia Kutterer (Microsoft), Iarla Flynn (Google's Head of Public Policy for Australia and New Zealand) and Alexander Seeger (head of Cybercrime Division in the CoE). Moderator was Emily Taylor (independent consultant in Internet Law and Governance).

Companies and government institutions across the globe are increasingly under attack from hackers, criminals and hactivists, while non-democratic countries and governments increasingly turn to digital surveillance tools to monitor their citizens online. Human rights activists and NGO’s fight for fundamental rights on the web, including data protection, while Web 2.0 developers declare privacy as something of the 20th century . This workshop  looked at the merit of these assumptions.

Cornelia Kutterer began by setting out that times in  European politics are exciting, because in many countries governmental policy is currently being  revised. Think of the draft privacy regulation and the intermediary liability that are currently discussed, the new child safety strategy that is put in place, and the forthcoming European cyber security strategy to be issued by the European Commission. She has also noticed that similar developments are taking place in other member states and that they actually refer to each other, which Cornelia thinks is a good thing. Most of the European national cyber security strategies that are emerging in member states do actually include openness and freedom as well as cyber security.
But the devil is in the detail, Cornelia warned. For example, in order to secure accounts of customers, sometimes information needs to be shared.  And that is now recognized in the draft privacy regulation. But only in a short recital. It must be  clearer that information in particular circumstances may have to be shared. 
Milton Mueller  approached the question from a social scientist point of view, who study basically  science technology and society. He explained the ins and outs of Deep Packet Inspection (DPI) and what went wrong there. Deep Packet Inspection was meant to manage and control band width.  Many of the Internet service providers made the mistake of simply implementing this, just because they had the unilateral power to do so, without notifying their customers, and without having any kind of permission, which you would  normally expect them to do, when implementing new technologies. But when these technologies are disruptive and mix up power in relationships among actors, that's when things go wrong, he said.
Milton also calls for  activists, activist organizations, net neutrality activists, privacy activists to constantly monitor, survey the survey users, and to actively make a statement when something happens that they think is rebalancing or unbalancing rights. Because usually the government in terms of traditional data protection regulation is not very thorough with new technologies until a problem arises. According to Miltons research  ‘digital referees’ will have quite an important role to play.
Katitza Rodrigues said the role of society is very important for actually monitoring and seeing to what companies and governments do, how they collect and access our data, whether or not they  use them and whether or not they have legal grounds to access it. Not only governments but also companies should notify users when particular data are in demand more than usual. Katitza thinks there is a lack of transparency and secrecy within governments and she pleads for principles that determine how governments have to deal with data.
 
Iarla Flynn thinks that privacy must be underpinned by good security. He agrees with Katitza that one of the key things is transparency. Google actually launched a report in 2010, the Google Transparency Report, which lists and shows in table and map format all the requests that they get from governments around the world for access to user data. Iarla admits that in many cases it is important to provide such data, because they believe they are valid requests. However, they check them all nonetheless. 
It is also about proportion and balance, Iarla said. He thought there's a proportionality principle.  The police does need some powers to fight crime, but we need to get the balance right between the risks and costs that those powers might create versus the benefit for society and successfully tackling crime. 

Alexander Seeger disagreed as he thought it is not a question of balance. He said governments have positive obligations to protect citizens, society, against crimes because crime affects the rights of individuals.  He pleaded for better justification if governments wanted to interfere in the rights of people. There is a need for rules that respect fundamental rights, rule of law, Human Rights issues but also data protection issues. Therefore Microsoft, ISP organizations and police agencies together developed guidelines on how law enforcement and ISPs could cooperate  in a constructive manner while respecting those principles, he concluded.
Cornelia Kutterer reacted by saying that those recommendations do not sufficiently cover how service providers should implement guidelines and that those recommendations do help companies to actually implement in a corporate social responsibility way. She also mentioned the Global Network Initiative (GNI) , which Microsoft and Google participate in. GNI is a non-governmental organization with the dual goal of preventing Internet censorship by authoritarian governments and protecting the Internet privacy rights of individuals.
Katitza added that cooperation of companies is sometimes not so much voluntary  but that it is rather political pressure which makes them comply with certain obligations. She pleads for the discussion to focus more on granularity, to create more obligations for this kind of conduct.
 
Iarla reacted by remarking that a lot of good principles  are being developed. They may have some overlap but that’s not really a problem. The good thing is that a lot of work is going on that helps guide the development of good public policy in this field. Next he started a debate about something that was happening in Australia  right then, where they wanted to implement legislation which requires the retention of various types of data for two years.
Someone in the audience emphasized that retention of data is important because sometimes crimes are not discovered on the spot or directly after the deed has been committed, so it's very important to find proof, he said.
 

Conclusions and further comments: 

No further comments

(No.89) Civil rights in the digital age, about the impact the Internet has on civil rights

Go to Report
Status: 
Accepted
Workshop Theme: 
Security, Openness and Privacy
Theme Question: 

Question 3

Concise Description of Workshop: 

The freedom of internet is increasingly causing heated debate . On the one hand the internet is the embodiment of freedom literally crossing all borders, on the other hand governments more and more think of curtailing e.g. social media when these are used to organize criminal activities. Governments in some countries restrict access to the internet or censor information even before their citizens go online. As a matter of fact the internet in Iran and China has already become an ‘intranet’.

Organiser(s) Name: 

ECP on behalf of the IGF-NL (ECP | Platform for the Information Society wants to take barriers for the implementation and acceptance of ICT away to the benefit of our economy and society, and in order to strengthen our international competitive position. In addition, ECP (also at a political-governmental level) draws attention to a number of specific themes such as growth of productivity, strengthening of competitiveness and the European Digital Agenda. One of it programs is the public-private partnership NL IGF. NL IGF prepairs for the IGF and provides good embedding of the results of the IGF in national policy) Dutch Ministry of Economic Affairs, Agriculture & innovation Dutch Ministry of Foreign Affairs Hivos, the Humanist Institute for Development Cooperation

Previous Workshop(s): 

NL IGF organized : 2010: Public-private cooperation on Internet safety/cybercrime http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W... 2011: Parliamentarian Challenge: a Round Table between Parliamentarians and other Stakeholders http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W...

Submitted Workshop Panelists: 

Marietje Schaake (Euro parliamentarian D66)
Lionel Veer (Dutch Human Rights Ambassador)
Hanane Boujemi (Diplo Foundation and upward of this autumn she will work for Hivos on it’s  program 'Internet Govenance for the Mena region'.)
Malavika Jayaram (Fellow of the Centre for Internet and Society, Bangalore (India), assisting on projects and matters relating to IT law, data protection and privacy. She is also working on a Ph.D. on data protection and privacy laws, with a special focus on the new identity project launched in India. Malavika has over 15 years experience as a lawyer with a focus on technology and intellectual property.)
Emin Milli (an Azerbaijani writer)
Moderator: Robert Guerra (a Canadian independent consultant specializing in issues of Internet Freedom, Internet Governance and Human Rights)
Front row: two Dutch students (ms. Annemarie Rullens and Mr. Floris Pas)

All speakers mentioned above have confirmed their participation.
 

Name of Remote Moderator(s): 
Sophie Veraart, NL IGF – ECP
Gender Report Card
Please estimate the overall number of women participants present at the session: 
About half of the participants were women
Report
Reported by: 
NL IGF (Dutch Internet Governance Forum)
A brief substantive summary and the main issues that were raised: 

In this workshop the struggle between a free and open internet and a government who want to control the internet was being discussed. Panelists were Lionel Veer (Dutch Human Rights Ambassador), Hanane Boujemi (coordinator for the Diplo Foundation and Program manager of Hivos  program 'Internet Governance for the Mena region'), Malavika Jayaram (practicing lawyer and a fellow of the Centre for Internet and Society and working on a Ph.D. on data protection and privacy laws), Emin Milli (an Azerbaijani writer) and Marietje Schaake (Dutch Member of European Parliament). Moderator was Robert Guerra (an independent consultant specializing in issues of Internet Freedom, Internet Governance and Human Rights).

The freedom of internet is increasingly causing heated debate . On the one hand the internet is the embodiment of freedom literally crossing all borders, on the other hand governments more and more think of curtailing e.g. social media when these are used to organize criminal activities. Governments in some countries restrict access to the internet or censor information even before their citizens go online. As a matter of fact the internet in Iran and China has already become an ‘intranet’. But also in the UK there is a growing body of public opinion that is in favor of more supervision of social media. When will the influence of this medium have become so strong that it, in certain situations,  could be considered a danger to society? Will supervision then be a solution?
In this workshop several panelists led by Robert Guerra sought for the answer to the key question: What risks do information suppression and surveillance have on security, privacy and openness and how can public and private sectors cooperate to support  and observe human rights?
Hanane Boujemi opened the workshop. She spoke about the impact of the Internet on civil liberties in the Middle East. In terms of freedom of expression, she said, the Internet has become one of the main channels for the Arab citizens to express themselves and their views more freely, specifically about political issues.  The Internet helped as well engaging people at the larger scale to advocate for the rights to free expression, access to information, citizen involvement and the policy making process at the local level and regional level as well.  According to Hanane, students, activists and journalists manage somehow to find a common point that is the Internet where they could share ideas. She saw the  government realized much later the Internet is inevitably a pressure tool that they were facing.  They realized they finally have to fulfill the citizens' demand for more inclusion.  Hanane stated out the Internet provided the basic platform for this course to occur for civil rights, like freedom of expression to be guaranteed.

Social media happened to be one of the channels where everybody had synchronous thinking of what is the concern of each citizen.”
Hanane then focuses on another important civil liberty that is enhanced because of the Internet in the Arab region, freedom of association. Because in some Arab countries it's difficult to gather in groups and discuss issues that are political.  The Internet managed to give these people a platform.  So it was revolutionized, the freedom of expression. The Internet gave those people an alternative to meet for discussion, said Hanane. the Internet constitutes an alternative for these people to meet to share their views in case it was not possible to do it physically.  Obviously the Internet limited governments, clamped down, had discussions about sensitive issues.  There were no barriers anymore to discuss things. 
Finally, Hanane tells these freedoms have a downside, because social media channels like Facebook and Twitter made it easier for authorities to track down freedom of expression advocates, which resulted in arrests, activists, physical abuse, force and more oppression. 
Malavika Najaram focused on the situation in India where the use of internet grows fast en the expectations are high.
I think we use technology as a tool to solve everything but in a lot of respects it's literally a way to crack open a wall.”
Malavika is critical about the usage of the Internet, without a framework of privacy and data protection laws, technology is not going to be an enabler and greatly transformative, she said. In India there is a huge trend towards transparency, which leads to very interesting tension between transparency on one hand and privacy on the other, it might reveal confidential information and sensitive data about individuals, which is an unintended consequence.

Another thing Malavika stated out is the way the Indian government handles social media.
She tells they had a little Twittergate episode in India recently. There was misinformation on Twitter and the government decided to block about 300 websites and Twitter accounts. In doing so it showed how badly the government handles technology.  There were people complaining on Twitter how the Indian government was trying to sensor the Internet. Malavika was fascinated by this happening and is skeptical about the approach of the government.
Lastly, Malavika focuses on surveillance which is increasing because the amount of data is also increasing (big data) she said. With data being more visible, people are being more accountable than ever. In the same way that post 9/11 you had the Patriot Act and a lot of invasions, it's the same situation we're facing in India now, she concluded.

Emin Mili spoke about his experience as an Azeri writer, mostly online, with his government. The Azeri government is claiming to have free Internet in Azerbaijan, which is quite hard  to argue against.  Because basically technically you can go on Facebook, on Twitter, any social media and write whatever you want in Azerbaijan and it will be online.  However, the problem comes after that, Emin said. The government reacts to that with a lot of repression and from time to time punish some people for being outspoken online. A natural result of that is that the rest are afraid to lose jobs, people get the message and live in fear, Emin said.
I think that we can have, and what we observe is yes we have democracy 2.0 but also autocracy 2.0”
Emin is afraid that Azerbaijan is unpopular by media, because as a case for Azerbaijan it's not so bad as other places, but it's not great either. If we don't pay attention to this, autocracy could become acceptable as a global standard, Emin concluded.
Marietje Schaake approached the subject from a more political point of view. Marietje is now carrying out a unique research into internet freedom all over the world. The research should lead to a resolution on civil rights in our digital era. Subjects treated are trade, human rights, development, safety and the like. The report will contain a number of concrete suggestions both for businesses and for governments, so as on the one hand to expand opportunities with the help of technology, but also to limit possible risks.
On the one hand, Marietje said, I think one of the most urgent issues we need to deal with in Europe is we stop the export of technologies that are used for mass surveillance, censorship, monitoring, tracking and tracing when it comes to violating universal human rights.  It is a largely unregulated sphere where EU based companies can go ahead and export to all kinds of countries in the world which we know systematic civil rights abuses are taking place.  It cannot be in today's day and age that there is such unregulated trade of digital arms when they're used for human rights violations, she said. 
“I think it's essential for the leaders in the world that we step up our policies, but also our projects to defend people's universal human rights in the context of technologies.”

Secondly, Marietje tells she has been pushing for an EU strategy on digital freedom in the EU external actions, because digital freedom does not exist in a vacuum.  This applies to rather large trade policies but also with the EU when they deal with candidate member states as well as development programs, Internet Governance and an appropriate balance between security and freedom.  Because I'm afraid that the more important digital technologies are and access to Internet becomes easier, the more ambitious also will be those seeking to regain control, she concluded.

Finally, Lionel Veer spoke about his concerns regarding seeing the internet as whole different world than the offline, physical world we are living in. He is concerned about the fact that people that are on the Internet are exposed to physical abuse in the real world and not in the virtual world. These are concrete violations of human rights, he said.
Lionel emphasis to be careful not to make too many separations between the offline rights and the online rights.  The Dutch government, for example, takes a start point that any rights you are guaranteed offline should also be guaranteed online. So take caution not to go on the part of introducing new rights or new restrictions, because often what could start out as a debate with good intentions ends up restricting the Internet without any good cause, he said. Also regarding to cyber security, Lionel emphasis to put freedom first and only limit when you think it is really necessary and serves as a very practical purpose. 

Lionel thinks it is very crucial to have what you call a multi-stakeholder approach.  Talking about Internet, it's not just a matter of government to government it's a multi-stakeholder dialogue, including many public and private debates and engagements.

Lastly, Lionel focuses on the so-called technical debates we're having. He thinks the underlying current, is that there is a certain wish in many countries who violate human rights who are not so keen on having freedom of expression that they want to introduce the notion of control, of restriction, and  bring it as a technical matter.  Or they tell it is for protection of the children.  Lionel says we have to be careful with those debates. 

“Because in the end if you are not careful, you end up restricting much more freedom than we would like to do”
After these statement Robert Guerra emphasis the evolution in the change of the Internet and how free or closed it's becoming now.  More and more countries a blocking websites these days, from just several about 10 years ago to more than 42 countries today that are blocking websites.  And this is introducing a variety of different types of policy controls and other types of initiatives. 
Questions

Is too much expression a bad thing?  Are there justifiable limits to civil rights online or is it the wild west and anything should be able to happen and be expressed online? 
Hanane Boujemi reacts to this question and begins with saying  it's quite a dangerous field.  Se stated out that we need to be very specific about what are the rights we want to advocate for.  If we want people to have freedom of expression we have to disassociate ourselves from our cultural, religious background, ideas, and stick to human rights and civil liberties and all the concepts recognized at the international level.

What do we need to watch over the next year or two?
This time Marietje Schaake responded: where to start!  She thinks it's significant to see how technologies have empowered individuals and how they've actually enabled them to break through traditional monopolies of power, but also information. According to Marietje we must ensure that we are aware that digital freedoms or technological developments do not exist in a vacuum.  We should continue to push for the development of the rule of law and rights, regardless technologies or if we're talking about technologies at all. 
She also emphasis we should be very much aware of the global context within which we're operating. Marietje wants to take it a step further, start thinking of human rights when it comes to design. Do scenarios and human rights impact assessments in the Research and Development phase where we actually think much more deeply and sort of preventively about what a certain technology that may make sense in one society could actually mean for the lives of people and freedoms of people in a very different society.  To develop the thinking about this, to bring together political leadership as well as technological knowledge, as well as willingness on the part of companies and expertise on defenders is going to be a major challenge going forward, she said.  
 
How do we make sure that the countries that are committing themselves to protection of human rights online is the same offline or actually holding themselves to the commitment? Should we just be watching developing countries or should developed democracies also be monitored to see how they are internationally? 

Lionel Veer responded to this question:  I think the biggest challenge is to prevent the Internet and the online to prevent producing a tool for oppression.  On the other side, in the free world the biggest challenge is to prevent it from being only exploited as a commercial asset.  Somewhere in between human rights activists are struggling for their priorities. 

In the context of India, the role of intermediaries, for example, research and motion, are they the ones that should also be trying to strive for protection of civil liberties or acquiesce to all government requests? 
Malavika Najaram responded and said in India they have both ends of the spectrum.  When there is offensive content posted online and the governments go after the intermediaries, a lot of India websites cave because they don't have legal council. But on the other hand we have a weird situation where the Googles and Facebooks are usually the suspects to take information and data mine it and invade privacy.  They're in a weird way safeguarding freedom of speech and expression because they turn around and say we're not going to take this down.  We've not done it anywhere else.  We're not starting in India.  They have the resources, deep pockets, skills, legal expertise to actually push back and litigate these things and say, you know what, we're in Delaware, we don't really care. 

This workshop is organized by:
- Dutch Internet Governance Forum (NL IGF)
- Dutch Ministry of Foreign Affairs
- Hivos, the Humanist Institute for Development Cooperation

Additional documents: 
Syndicate content