18 December 2017
The twelfth Internet Governance Forum held this morning its first main session entitled: Local Interventions, Global Impacts: How Can International Multi-Stakeholder Cooperation Address Internet Disruptions, Encryption and Data Flows.
After Thomas Schneider, Head of the International Relations Service of the Federal Office of Communications of Switzerland, opened the main session and welcomed the participants, discussion moderator Tereza Horejsova, of the Geneva Internet Platform and Diplo Foundation, opened the floor to panellists from the private sector, civil society, Governments, intergovernmental and international organizations, the technical community and academia.
Speaking in the first segment were Anriette Esterhuysen, Executive Director of the Association for Progress in Communications from South Africa; Melody Patry, Advocacy Director at Access Now in the United Kingdom; Farida Dwi Cahyarini, Secretary-General of the Ministry of Communication and Information Technology of Indonesia; Demi Getschko, from NIC.br in Brazil; and Christoph Steck, Director of Public Policy and Internet at Telefonica Spain.
Speaking in the second segment were Rianna Pfefferkorn, Cryptography Fellow at the Stanford Center for Internet and Society in the United States; Raúl Echeberría, Executive Director of the Internet Address Registry for Latin America and the Caribbean (LACNIC); Moctar Yedaly, Head of the Information Society Division at the African Union Commission; Luis Fernando García, of the R3D from Mexico; and Paul Nicholas, Senior Director at Microsoft.
Speaking in the third segment were Vint Cerf, Vice President of Google; André Laperrière, Global Open Data for Agriculture and Nutrition in the United Kingdom; Stefania Milan, Associate Professor of New Media and Digital Culture at the University of Amsterdam in the Netherlands; Fiona Asonga, CEO of the Kenya Internet Exchange Point and the Telecommunications Service Providers Association of Kenya; and Stefan Schnorr, Head of the Department of Digital and Innovation Policy at the Federal Ministry of Economic Affairs and Energy of Germany.
In the first segment of the discussion devoted to Internet disruptions, panellists warned of increasing Internet shutdowns. Melody Patry, Advocacy Director at Access Now in the United Kingdom, reminded that in 2015 some 18 instances of shutdowns had been recorded, compared with 77 in 2017, mainly upon the order of States. Ms. Patry outlined activities of civil society in addressing intentional Internet disruptions via national and regional policies, such as providing solutions to affected populations, raising awareness, and engaging with the authorities and Internet providers who enforced orders to shut down the Internet and restrict access. Anriette Esterhuysen, Executive Director of the Association for Progress in Communications from South Africa, warned that the multi-stakeholder approach to Internet governance was undermined by the fact that it was within the power of the State to order operators to shut down the Internet.
Farida Dwi Cahyarini, Secretary-General of the Ministry of Communication and Information Technology of Indonesia, noted that most developing countries experienced Internet disruptions because they were facing a digital divide, but also due to difficult geography and natural disasters. Demi Getschko, from NIC.br in Brazil, reminded that the aim to block access to websites had a very negative net impact on the overall society, calling attention to the neutrality of the Internet and openness to all. For Christoph Steck, Director of Public Policy and Internet at Telefonica Spain, Internet disruptions represented a lose-lose situation. Service shutdowns were not sustainable because of the high dependency of the economy on the Internet and the fact that all kinds of services depended on it. Shutdowns took place to limit policy engagement, and not only in undemocratic countries, most commonly under the pretext of national security. The solution to Internet shutdowns was to work together, raise awareness about the problem of shutdowns, demand transparency from governments, and come up with adequate oversight and redress mechanisms, Mr. Steck explained.
In the ensuing exchange with in-person and online participants, the panellists acknowledged the recent statement by the Global Commission for Stability of the Cyberspace on the protection of the so-called public core of the Internet, and stressed that it showed that different stakeholders could come together and develop normative guidelines that could be adopted and adhered to. Additionally, accountability could be demanded for non-adherence to those norms. There was no business interest in shutting down the Internet, several panellists agreed, and added that many service providers had to comply with such requests from governments in order to keep their license. They suggested developing a legal framework on shutdowns which would govern their legality and justifiability, put in place a redress mechanism, and ensure accountability. The Internet shutdown, although often discussed in the context of authoritarian countries and regimes, was also a reality in well-established democracies; for example, Internet slowdown had been recorded in Spain during the recent elections in Catalonia.
In the second segment of the discussion devoted to encryption, panellists emphasised that it was vital for the world’s democracies to respect and support the use of strong encryption for both communications and stored data in order to guarantee human rights. Strong encryption protected activists, dissidents, journalists and minorities. If one country banned strong encryption, that undermined the security of all of the users worldwide, not just the users in jurisdiction, because information security was a global matter, underlined Rianna Pfefferkorn, Cryptography Fellow at the Stanford Centre for Internet and Society in the United States. Encryption should be the norm, but it was important to question the misconception that the tools for encryption should only be available to the “good guys,” warned Raúl Echeberría, former Executive Director of the Internet Address Registry for Latin America and the Caribbean (LACNIC). There were plenty of examples of encryption technology being available to hackers. The real dilemma was how to provide encryption tools to law enforcement without negatively affecting trust, Mr. Echeberría noted.
Turning to risks of encryption, Luis Fernando García, of the R3D from Mexico, stressed that encryption provided a certain degree of protection, particularly to digital journalists and their sources. Notwithstanding important progress, there were worrying trends of some governments, such as Mexico or Ethiopia, purchasing software to circumvent encryption in order to control the work of the media and human rights defenders. Speaking about international cooperation on encryption, Paul Nicholas, Senior Director at Microsoft, reminded that the world was going through a profound diffusion of power of an unprecedented scale, which was making some governments nervous, leading them to block encryption in order to control the flow of ideas. Encryption saved lives and it was important to find ways to strike a balance between the need to protect the people and the needs of different jurisdictions. It was here that a multi-stakeholder approach was essential to finding a solution, Mr. Nicholas emphasised. Moctar Yedaly, Head of the Information Society Division at the African Union Commission, reminded of the adoption by the Commission of the Convention on Cybersecurity and Transactions in 2010, which was the only treaty in the world which dealt with personal data protection, and which also addressed electronic transactions, the promotion of cybersecurity and combatting cybercrime.
In the ensuing debate with in-person and online participants, the panellists said that governments should be open about their challenges in cyber security. It was important to discuss the so-called “lawful hacking” by governments and identify vulnerabilities. The fundamental question was to decide when governments had the legitimate right to weaken encryption. There was a lack of research in the risks of governments’ “lawful hacking” and it was difficult to find a solution that would satisfy everyone. However, if governments were gathering so much power to conduct surveillance, they should also accept the power of people to conduct oversight. Much more needed to be done to protect and advance open-source encryption tools. Governments should put their money where their mouth was: namely, support freedom of open-source software solutions. There was a race to achieve cyber dominance, which was why it was important to develop norms of behaviour both for the private and public sector in the cyber space.
In the third segment of the discussion devoted to data flows, panellists stressed the importance of the free flow of data which ensured their replication and protected them from being lost. Freedom to move data around the world was a very important feature, but data integrity was just as important as its ability to cross borders. The ability to inter-connect was a core element of the organic expansion of the Internet, as it allowed the development of applications which otherwise would not have been possible, explained Vint Cerf, Vice-President of Google. Open data was a key tool to promoting innovation in many sectors, said André Laperrière, Global Open Data for Agriculture and Nutrition in the United Kingdom, stressing the importance of combining skills and data at different levels – local, regional and global.
For Stefania Milan, Associate Professor of Media and Digital Communication at Amsterdam University in the Netherlands, the “platformization of the Web” and the extension of the social media platforms, which were regulating an increasing number and kind of transactions, including economic, was an important issue today, and a reality for which the multi-stakeholder Internet governance was not a fit model. More transparency by the companies was needed, more literacy, and ultimately, more accountability mechanisms. Fiona Asonga, CEO of the Kenya Internet Exchange Point and the Telecommunications Service Providers Association of Kenya, offered an example of data flow management from the national perspective. In Kenya the Government and the private sector looked at how they could work together to gather public data, such as birth registration, civil status, land titles, and car registration, and to access them through an online platform. The role of the private sector was to ensure the application of adequate handling of that data. Public servants needed to be authorized to access such data, Ms. Asonga explained. Stefan Schnorr, Head of the Department of Digital and Innovation Policy at the Federal Ministry of Economic Affairs and Energy of Germany, noted that German companies and various facets of the German society depended on the free flow of data and the exchange of information. The Government of Germany therefore supported the free movement of data, but it also had to protect its citizens’ legitimate right to data protection. The high level of data protection was a precondition for a free flow of data and not the opposite.
In the ensuing debate with in-person and online participants, speakers raised the issues of metadata and government responsibilities in protecting personal data; and the responsibilities of governments in relation to the regulation of Internet service providers, especially in the context of net neutrality. Panellists stressed the importance of applying an ethic code for the protection of data and individual privacy, particularly the health data. In the United States, net neutrality aimed to inhibit competitive behaviour between broadband providers; the recent decision by the Federal Communication Commission to repeal net neutrality was far from over, as lawsuits were being filed and there were moves to adopt new legislation on the matter. In Europe, it was clear that net neutrality was key to the freedom on the Internet, thus in 2016 the first net neutrality regulation had been adopted and it guaranteed equal treatment of all data in Europe.
Anne Carblanc, Principal Administrator in the Information Computer and Communications Policy Division of the Organization for Economic Co-operation and Development, said that international organizations were often working in multi-stakeholder environments and as such could help in effectively addressing digitalization challenges. The Internet was designed to be open and global, and to become an engine of economic and social benefits, growth and innovation. Collaborative security was a way forward and this should be added as a recommendation for the way forward, said Ms. Carblanc.
Reflecting on the solutions and steps forward in multi-stakeholder cooperation, Bertrand de la Chapelle, Director of the Internet and Jurisdiction Policy Network, France, said that the multiplicity of actors that needed to be engaged on the issues under discussion was what made them complex in the first place. It was imperative to address those issues in a holistic manner from various perspectives, and to increase cooperation on the competing priorities; this was the main justification for a multi-stakeholder approach to those common challenges. The growing legal uncertainty, another main challenge, could only be tackled with more and not less cooperation and collaboration, with different actors working together.
The Internet Governance Forum will hold an opening ceremony today at 3 p.m. in the Assembly Hall of the Palais des Nations, to be followed by a high-level opening session entitled “Shaping Our Digital Global Governance.”
For use of the information media; not an official record