IGF-USA 2012 Afternoon Plenary Discussion: Defining the Future for Internet Governance – Meeting Evolving Challenges
Brief session description:
Thursday, July 26, 2012 – This major session of the opening plenary of IGF-USA discussed the current state of play with various proposals ranging from the WCIT, the UN Commission on Science and Technology and Enhanced Cooperation, areas where more government may be called for from their perspective or strong improvements in “governance.” Panelists offered a range of perspectives about government and governance.
Featured participants in this special session included Jeff Brueggeman, vice president for public policy, AT&T; Chris Wolf, partner and Internet law expert from Hogans Lovells; Danny Weitzner, Office of Science and Technology Policy, The White House.
Details of the session:
As Chris Wolf of Hogans Lovells said, the ghosts of Internet past, present and future were part of the final plenary discussion on “Defining the Future for Internet Governance: Meeting Evolving Challenges” at IGF-USA Thursday at Georgetown Law Center.
Wolf dubbed himself the “the past guy” and remembered a time he was considered a pioneer in knowledge of the Internet and how it was evolving in its early years. The trio of panelists defined the future for Internet governance and the evolving challenges citizens face.
There’s been an enormous amount of growth and development during the Internet’s short life, noted Jeff Brueggeman, vice president of public policy at AT&T.
“I think the true strength of the IGF, as we talk about every year, is its ability to self-improve,” he said. “And, for all of us, from a bottom-up way, to help innovate and change the process each and every year.”
IGF introduces new topics and builds on those addressed the year before. The IGF is not just a “talk shop” that meets once a year, Brueggeman added.
IGF needs to keep broadening the participation and the process, including peers in more developing countries. More remote participation and adding numbers has been a success in the meetings, Brueggeman said. The discussion needs to keep evolving at IGF-USA and on a global basis. Pressure is growing to show that it doesn’t have the same discussion year after year.
Brueggeman said those involved in IGF should do a better job of capturing the impact of the multi-stakeholder process and show the value of it to those who don’t come to the meetings and those who will never come.
Sustainability is a real challenge, though he has seen an enormous amount of progress. A few years ago, organizers and attendees were debating whether there would be an IGF the following year. Now, they debate what to build around the one-day conference.
Danny Weitzner of The White House Office of Science and Technology Policy – Wolf called him the “ghost of Internet future” – highlighted three things that are already happening.
“We are at the middle of a multi-stakeholder explosion and the question is how to actually help make sure it’s directed and productive and doing the right things,” Weitzner said,
The second thing: He said Vint Cerf has eloquently pointed out that the Internet is now being actively used by more than 2 billion of the 7 billion people in the world, adding: “Attending to that is going to tremendously important in the future.”
And his final point: “We are in an era of just inevitable and irresistible transparency. Sometimes even governments, sometimes companies, sometimes even civil society groups take refuge in un-transparent un-institutional activities because it’s often easier, it’s often safer. But I think we’re learning over and over again in a variety of different institutions that we’ve got to learn to embrace transparency, we’ve got to learn to make it work for us and that resisting it is a mistake.”
Top-down rule-making does not always lead to innovative solutions. The Internet keys into collective intelligence and is best served by the multistakeholder model of governance, Weitzner said.
Although there are many important issues to address as the Internet evolves, Weitzner said he thinks the real discussion that’s going on is to make sure the Internet’s open environment can raise its accessibility to move from 2 billion users to 7 billion.
– Ashley Barnas
Brief session description:
Thursday, July 26, 2012 – Larry Strickling, assistant secretary for communications and information and administrator of the National Telecommunications and Information Administration of the US Department of Commerce, spoke about the United States and the global Internet.
Details of the session:
Larry Strickling, assistant secretary for communications and information and administrator of the National Telecommunications and Information Administration (NTIA) of the US Department of Commerce, highlighted the importance of the multistakeholder model in his afternoon keynote talk at IGF-USA Thursday at Georgetown Law Center.
The NTIA has long been integral in the operation of the Internet Corporation of Assigned Names and Numbers (ICANN), which regulates global domain name policy. While NTIA, on behalf of the US Department of Commerce, reached an agreement with ICANN in 2009to transition the technical coordination of the DNS to a new setting in ICANN under conditions that protect the interests of global Internet users, NTIA represents the US government on ICANN’s Governmental Advisory Committee and it is still an influential force.
Given the near-infinite reach of Internet services, Strickling emphasized the need to include more global representatives in the process of domain name regulation and the discussion of related issues.
“We have focused on enhanced cooperation and finding ways for the global Internet community to have a more direct say in matters of Internet governance,” he said. “This issue is one of great importance as we head into the World Conference on International Telecommunications (WCIT) and World Trade Forum conferences over the next year, where some countries will attempt to justify greater governmental control over the Internet.”
Strickling said the NTIA has made a concerted effort to dissolve the illusion of US control over the Internet infrastructure by showing a heightened respect for the laws of individual countries and finding new ways to address conflicts of interest.
He also expressed his support of greater transparency in all organizations involved in Internet governance, including the International Telecommunication Union, and forcefully restated that the US position on Internet governance is to appropriately limit the role of the government in policymaking.
“Those of us in the US government will work to be as inclusive and transparent as we can be,” he said. “We will push back against calls for more control. Limiting ourselves to the role of facilitator is absolutely key to the ultimate success of the (multistakeholder model). We will press ahead.”
– Katie Blunt
Brief session description:
Thursday, July 26, 2012 – The moderators and organizers of the day’s workshops, best practices and case studies sessions presented reports rounding up the key details of the day’s discussions.
Details of the session:
From big data to youth online, policy must evolve with the Internet. Nine workshops were held at today’s IGF-USA concerning topics from gTLDs and big data to cybersecurity and youth online. Moderators or organizers reported the main takeaways from each workshop or best practice forum.
Workshop: Next challenge – How to handle data in the cloud
- The idea of big data confuses policymakers, who tend to interpret the data as numbers as opposed to actual text, image and video content. The term “big data” is often confused with politically charged rhetoric like “big government,” “big business” and “big tobacco,” joked moderator Mike Nelson, a professor at Georgetown University and research associate at CSC Leading Edge Forum.
- The panel concurred that the European Union idea of a digital “right to be forgotten” is impractical for the majority of Internet users. Because of the interconnected nature of the Internet, erasing one user’s published content could cause a domino effect and compromise the content of other users.
- The policies instituted thus far have created layers upon layers of future problems for policymakers, according to Nelson.
Workshop: The changing landscape of the Domain Name System – New generic top level domains (gLTDs) and their implications for users
- A multi-stakeholder model for the Internet will continue to exist but needs to be refined, moderator Ron Andruff, president and CEO of DotSport, LLC., said of the panel’s conclusions.
- A healthy criticism of ICANN can only make it a better organization, Andruff said. Domain names may continue to seem irrelevant based on the continued use of external links and search engines, but they will always play a critical role on the Web.
- There are “more questions than answers about the changing landscape,” Andruff said. “While we know the changes are coming, none of us know what those are.”
A scenario story: Two possible futures for copyright: anarchy or totalitarianism
- This workshop focused on two possible extremes regarding copyright laws: total removal of all copyright law or complete enforcement of copyright online. A panel of three students discussed the economic and creative implications of each, led by organizer Pablo Molina, information systems technology professor at Georgetown University Law Center.
- If a regime of anarchy concerning copyright laws ensued, creativity would flourish at an individual level, but companies would be hindered from investing in creativity at an organized level, Molina said. If a regime of totalitarianism concerning copyright laws developed, money would constantly be changing hands at the business level, but individual creativity would suffer for fear of persecution for the use of copyrighted materials.
- Based on a survey of the panel’s audience, one third of the audience believed U.S. would most likely adopt an anarchic copyright policy, while two thirds believed the U.S. would favor copyright totalitarianism.
- The panel concluded laws are only one part of the copyright struggle, and other important aspects include social norms and efforts for more innovative business model solutions, Molina said.
- “One of the principal takeaways was that communication and information flows to evolve to the point of being an essential service in international disaster response,” said panelist Garland McCoy, founder and president of the Technology Education Institute.
- Considering that citizens are often the first at a scene of an emergency, social networking sites are transforming the way that the public becomes aware of emergency situations, McCoy said.
Workshop: Can an open Internet survive – Challenges and issues
- Main challenges in maintaining an open Internet include protecting intellectual property, privacy and freedom of access simultaneously, according to moderator Robert Guerra, Privaterra founder.
- Important measures required to maintain an open Internet is to embrace the multi-stakeholder effort and consider different global points of view, Guerra said.
Critical Internet Resources (CIRs): Evolution of the Internet’s technical foundations
- In order to keep the Internet alive, it is necessary to continue to develop policies and adopt standards for the future of CIRs, said panel co-organizer Paul Brigner, the regional bureau director of the North American Bureau at the Internet Society.
- Perception that the US government is in control of Internet governance has exponentially decreased as multiple stakeholders continue to actively participate in the policymaking process.
Workshop: Cybersecurity – Channeling the momentum at home and abroad
- Unlike debates concerning healthcare and economic policy, panelists agree that Internet policy has not evolved to have a common understanding by the public, according to Patrick Jones, senior director of security for ICANN.
- There is a long way to go before policymakers can fully understand the technical implications of policies when there is legislation being developed concerning Internet governance, Jones said.
Turning principles into practice, or not: Case vignettes – Internet Governance/ICANN, consumer privacy, cyber security, dialogues about lessons learned
- Principles are good for guidance in hard legislation, but when Internet actors do not follow legislation guidelines, principles alone are not enough to govern the Web, said moderator Shane Tews of Verisign.
- Soft laws have the flexibility to update and change as the Internet evolves, Tews said.
Youth forum: Youth in an online world – Views and perspectives of youth as users
- The majority of college students 20 and older are most concerned about privacy online, specifically on social networking sites, said moderator Dmitry Epstein, a post-doctoral fellow at Cornell University Law School.
- Youth’s main worries about the future of Internet policy is that they will continue to have to worry about privacy settings if they want to enjoy the free and personalized services online, Epstein said.
- One solution Epstein proposed was a policy to make all social networking sites private by default and allow for simple ways to configure privacy, such as a switch or opt-out of personal information disclosure.
– Madison Margeson
Brief session description:
Thursday, July 26, 2012 – The US House of Representatives has passed four cybersecurity bills, and the US Senate has indicated an intent to consider cybersecurity legislation in the current session. The US Department of State is working with its global partners to develope relationships, collaborative action and norms of behavior for cyberspace. The US Department of Commerce has spearheaded a government initiative on botnets and is working with industry on botnet mitigation measures. The Department of Homeland Security is increasing its cybersecurity staffing for strategic and operational concerns. And the White House is transitioning its team on cybersecurity policy with a second cybersecurity adviser to the president. Stuxnet and Flame attacks have captured international attention. Cybersecurity remains a key theme in discussions in the United Nations, the International Telecommunications Union, the Organization for Economic Cooperation and Development, the Asia-Pacific Economic Cooperation, ICANN and the annual Global Internet Governance Forum. This workshop addressed questions such as: What are businesses, countries, and the technical community doing in this heightened era of cyber security concern? What should they be doing? What are the considerations for individual users here in the U.S. and around the world? How can all these pockets of activity help protect – and not hamper the protection of – the very medium that provides for productivity, communications, efficiencies, innovation, and expression?
Details of the session:
The session was moderated by Audrey Plonk, global security and Internet policy specialist at Intel Corporation. Panelists were:
- Tom Dukes, senior advisor, Office of the Coordinator for Cyber Issues, US Department of State
- Jeff Greene, senior policy counsel, Cyber Security and Identity, Symantec
- Kendall Burman, senior national security fellow, Center for Democracy and Technology
- Patrick Jones, senior director of security, ICANN
Panelists from the government and private sectors gathered at IGF-USA’s cybersecurity workshop to discuss how these entities are collaborating to deal with domestic cybersecurity threats and international cybersecurity issues.
This issue is especially pertinent right now. There have been a number of high-level conferences and meetings in Washington and other locales over the summer of 2012 on this topic, and, as moderator Audrey Plonk, global security and Internet policy specialist for the Intel Corporation, puts it, “Cybersecurity is the new black.”
Jeff Greene, panelist and senior policy counsel of cybersecurity and identity at Symantec, agreed. “At this time three years ago, cybersecurity was something that was mentioned in passing,” he commented. “Now the interest is exponential.”
Symantec’s business is centered on protecting enterprises from cyberthreats. Greene, who until recently worked with the Department of Homeland Security, said that according to this year’s Symantec Internet Security Threat Report, 75 percent of the enterprises Symantec deals with were threatened with a cyber attack in 2011.
He added that while the incidence of spam decreased in 2011, there has been a shift to web-based attacks. Greene also said the government and private sector are working together to reduce such threats.
“It is remarkable how much of the threat dynamic in both sectors is the same,” Greene said. “We see criminal and other malicious activity largely the same as the government does, so this is all work through government, private and international cooperation.”
Panelist Kendall Burman had a different view on government access to private sector and citizen information in terms of cybersecurity. As a senior national security fellow for the Center for Democracy and Technology, she has spent time exploring security and surveillance from the perspective of a member of a group focused on consumer privacy.
“I think that the tricky area from a civil liberties perspective is when the government is in a position of receiving that information, making sure that that information is limited to cybersecurity threats, and what the government can then do then once it receives it,” Burman said.
Panelist Tom Dukes, senior adviser for the Office of the Coordinator for Cyber Issues at the US Department of State, weighed in from a government standpoint on cybersecurity issues, including the important role of the US government in pushing other countries to increase their outreach and share their perspectives on cybersecurity issues.
“Obviously what the US says, the positions we take, are highly influential and they are certainly looked at by a great many other countries,” Dukes said.
“One thing that the US has been trying to do for the last couple years in terms of addressing cyberpolicy issues in general, cybersecurity included, is to try to take sort of a leadership role in helping shape the world debate on how we think about these issues.”
Dukes said that the US has also made progress in terms of leading a global discussion on reaching a consensus about cyber security norms. Greene said that while the U.S. would like to set its own cybersecurity policies, this could cause global problems.
“If everyone has a different set of rules, (global policymaking)’s going to be pretty difficult,” Greene said.
Panelist Patrick Jones, senior director of security for ICANN, shared his view that while US policymaking is important in terms of cybersecurity, politicians should be aware of the effects that any laws they make may have globally.
“It’s helpful for policymakers, when they’re coming up with legislation, that they think of the Internet as global and consider that the decisions they make may have technical impacts that they’re not considering that impact the way people are using the Internet today – give those a thorough understanding before decisions are made about a particular legislation,” Jones said.
One of the final points of discussion during the workshop was the differences between cybersecurity and information security.
In the discussion it was noted that cybersecurity, in the US view on Internet governance, deals primarily with protection from Internet threats. Information security, in the Russian and Chinese view, also includes censoring the civic sector and content from many Western media and knowledge organizations.
Dukes said there are two considerations for openness and freedom of information that convince most leaders in the world to find common ground in the fairly liberal US position on cybersecurity issues.
First is the basic human rights aspect of the argument; many countries accept that people should, whenever possible within the bounds of public safety, have certain rights of free speech, communication and assembly. Most countries agree that this should apply online.
Dukes’ second point is the economic benefit of keeping the Internet as open and free-flowing as possible. “Many evolving world countries are really desperate to find ways that they can harness the power of the Internet to increase economic opportunity, to increase GDP, to increase development and growth,” he said. “Those arguments seem to be very pragmatic, but it’s hard for countries to disagree with that.”
– Mary Kate Brogan
Brief session description:
Thursday, July 26, 2012 – People under the age of 30 constitute the largest population of Internet users in the US and worldwide. This generation, many of whom grew up with mobile networks and the Internet, is the primary driver of the cultural, political and economic activity online. Yet, they are also mostly absent from the Internet governance debates. This workshop brought together a group of college-age young adults to talk about how they experience the online world, how they think about online information and what is important for them within a broad range of Internet-related policy areas. The session was organized and led by the young people themselves.
Details of the session:
Session moderators were Ali Hamed and Morgan Beller, graduate students at Cornell University. Youth participants were:
- Chris Higgens, University of Wisconsin – Madison
- Dan Spector, Cornell University
- Kimberly Wong, Cornell University
- Kyle Simms, Morgan State University
- Lindsey Bohl, Georgetown University Law School
- James Day, Christopher Newport University
- Mary Delcamp, University of Miami Law School
- Rebecca Charen, University of Michigan
- Samantha Smyers
- Reed Semcken, University of Southern California
The title of the forum may have been youth-centric, but it was the adults in the audience who got the last word.
Ali Hamed, a facilitator of the discussion from Cornell University, addressed the significance of the young people’s perspective in Internet governance, noting that the policies being created by today’s leaders are directly affecting youth and the future of everyone.
“It’s pretty valid that we actually have input,” Hamed said.
Morgan Beller, a second facilitator of the panel, also from Cornell, iasked each youth panelist to discuss his or her greatest fear regarding the Internet.
Mary Delcamp from the University of Miami Law School began the conversation by addressing the perils of online information collection. “Information is collected about us all the time and there are completely legitimate uses, but at the end of the day, privacy belongs in the hands of the individual,” Delcamp said.
Lindsey Bohl of the Georgetown University Law Center said she also has concerns about information disclosure. She worries that her credit card information could get leaked. “What would happen if that information were disclosed to the wrong people?” Bohl asked.
Chris Higgens, a student at the University of Wisconsin-Madison, added that collected information is stored and users simply don’t know how far back that record spans. “How much of that information should be liable to your personal character?” Higgens asked.
James Day of Christopher Newport University said he has a similar fear about the “digital footprints” everyone leaves behind when viewing and sharing information on the Internet. He said he worries about how the decisions he makes today will affect his future employment opportunities. “What are we doing now that’s gonna hurt us down the road?” he asked.
Reed Semcken of the University of Southern California said he once took Internet privacy for granted but then noticed that people had gathered information about him that he would have rather kept private.
“The majority of Americans don’t understand what kind of information they’re giving up,” Semcken said.
Dan Spector, a panelist from Cornell University, said he and most other young people can probably relate to these points – you never know the impact you might have through your actions. He used the example of the website Klout, a site that essentially reveals your influence on social media platforms. Spector willingly released his Twitter account to the website in order to gain information about his reputation via social media, but it wasn’t until after he handed over his information that he thought about the implications of sharing that data with a large company that makes its profit by selling your personal information to second and third parties.
Kyle Simms of Morgan State University said his biggest fear is a lack of democracy on the Internet.
Rebecca Charen of the University of MIchigan said she worries that policymakers who do not understand the Internet’s influence and effects won’t turn to youth for help understanding social media before they begin to make decisions that influence everyone’s future.
Facilitator Beller changed the subject with another prompt. She asked what motivated panelists to change their privacy settings from “public” to “private” on social media websites.
Semcken said it was not a natural progression for him. He changed his Facebook settings when he became aware that people he didn’t want to see his information were willing to access it.
Day said he changed his privacy settings because he didn’t want his own extended family members seeing his information. “I don’t really want you looking at that info,” Day said. “You’re like my aunt’s second cousin.”
Delcamp elaborated on the issue of privacy settings. “I think it’s ridiculous to have to adjust privacy settings for each individual aspect,” Delcamp said.
Samantha Smyers spoke up to say that there are ways to circumvent the privacy settings on most sites, and people may be able to access your information even when you think you have added some layers of secrecy – anything you post, no matter how you set your privacy settings may be revealed. “It’s hard because anything you put on the Internet isn’t private, even if you want it to be,” Smyers said.
Facilitator Hamed asked if any of the panelists could give a definition of online privacy. Facilitator Beller chimed in and asked if the panelists if any of them don’t have a problem with releasing their information.
Delcamp said she believes that before information is collected, the consumer should know what exactly is being collected and the consumer should be informed about what is being done with that information.
Charen took a liberal view of information dispersal. “As long as the Internet is working efficiently, I don’t have a problem with it,” Charen said.
Day had a similar perspective. “I don’t care what anyone knows about me as long as they don’t use it against me,” he said.
Beller said she is more selective about the information she divulges. “I’m happy giving Spotify my music preferences but not access to my Facebook page,” she said.
Hamed proposed that Internet governance discussions should emphasize finding a balance between innovation and regulation. Delcamp offered remarks in favor of innovation but with a stipulation. “The last thing you want to do is stifle innovation,” Delcamp said. “But there needs to be some sort of consequence if damage is done to you.”
Jim Prendergast, an audience member, told the youth participants he was at a youth conference earlier this year where the word “safety” came up. The students at the conference treated the person who brought it up as a pariah. Prendergast wanted to know if these youth participants felt the same way.
Charen offered his explanation. “Your average high school or college student isn’t concerned with privacy,” he said. “Our generation is the generation of wanting things simple, fast and free. I feel like they’re willing to sacrifice things and not even thinking about [the fact that they’re] sacrificing those things.”
George Britt, another adult audience member, said he is a teacher, and his students do worry about the “bad stuff” on the Internet. He said he encourages them to consider the value in Internet innovation, speaking to the importance of incorporating innovation as an ideal rather than a peril via the education system.
The forum worked to gather a small sampling of youth perspectives and prompted a discussion between adults and youth about youth perspectives of the online realm.
– Audrey Horwitz
IGF-USA 2012: Critical Internet Resources (CIRs) – Evolution of the Internet’s Technical Foundations
Brief session description:
Thursday, July 26, 2012 - Since the initiation of the Internet Governance Forum (IGF), Critical Internet Resources (CIR) and the evolution of the Internet’s technical foundations have been a central focus of ongoing Internet governance debates. Varied views can engender misunderstandings that influence the opinions of global stakeholders, and different views exist about how to advance CIRs. International governmental approaches are proposed by some, while others strongly support the present bottom-up, consensus-driven models. Three foundational technological changes – IPv6, secure Domain Name System (DNSsec) and secure routing – framed the discussion in this workshop. Deployment of these new technical and organizational approaches raises significant challenges to stakeholders, operations and governance arrangements.
Details of the session:
The moderator for the session was Walda Roseman, chief operating officer of the Internet Society. Panelists included:
- Steve Crocker, chair of the board of the Internet Corporation for Assigned Names and Numbers
- John Curran, president and CEO of the American Registry of Internet Numbers
- Richard Jimmerson, director for deployment and operationalization, Internet Society
- Vernita Harris, deputy associate administrator in the Office of International Affairs of NTIA, US Department of Commerce
Thursday’s IGF-USA conference at Georgetown Law Center featured an assembled panel of government and corporate experts who addressed the controversial issues concerning the control of critical Internet resources.
Walda Roseman, chief operating officer of the Internet Society (ISOC), chaired the discussion on the implementation and security of CIRs.
CIRs include IP addresses, domain names, routing tables and telecommunications, or what Steve Crocker, CEO and co-founder of Shinkuro Inc., Internet Hall of Fame member and chair of the board of ICANN, called the base of Internet architecture upon which everything else is built.
Moving from Internet Protocol Version 4 to IPv6
One of the most pressing concerns regarding CIRs is the revision of Internet Protocol (commonly referred to as IP) from version 4 to version 6, now the most dominant protocol for Internet traffic.
IPv4 used 32-bit addresses, allowing for approximately 4.2 billion unique IP addresses, but the growth of the Internet has exceeded those limits. IPv6 uses 128-bit addresses, allowing for about 3.4×1038 unique addresses. This number is equal to approximately 4.8×1028 addresses for each of the seven billion people alive in 2012.
Because headers on IPv4 packets and IPv6 packets are quite different, the two protocols are not interoperable and thus they are both being run in what is called a “double stack.”
However, IPv6 is, in general, seen to be a conservative extension of IPv4. Most transport and application-layer protocols need little or no change to operate over IPv6. The exceptions to this are the application protocols that embed internet-layer addresses, such as FTP and NTPv3. In these, the new address format may cause conflicts with existing protocol syntax.
Internet service providers, the Internet Society and many large Internet-based enterprises worked to support a World IPv6 Launch on June 6 this year to help accelerate the adoption of IPv6.
John Curran, president and CEO of the American Registry for Internet Numbers, said upgrading to IPv6 is a necessary step for “any enterprise that wants to still be in business in five years,” because it enables them to continue to reach new customers and grow.
When asked about the costs or burdens of upgrading to IPv6 for small businesses, Curran explained that in most cases the burden would fall on the hosting company through which they run their website.
Chris Griffiths, director of high-speed Internet and new business engineering for Comcast, confirmed this, stating his company would have to upgrade to continue to attract new clients.
Security issues always loom large in Internet evolution
The development of the Internet has led to a need for Domain Name System Security, or DNSSEC. Curran explained that DNSSEC maintains the integrity of the Internet by ensuring the information users obtain is from the source they believe they are corresponding with, essentially preventing redirection to fraudulent websites.
Redirection could come from hackers, hijackers and phishers, but also the US government, should initiatives such as SOPA or PIPA pass.
“My primary interest is keeping the open Internet alive,” said Richard Jimmerson, director of deployment and operationalization for ISOC. “Somebody in this room will want to invent the next Facebook or Yahoo! Today, that is possible, but if we do not pay attention to certain things, that may not be possible anymore.”
Griffiths said Comcast and other Internet technology companies work together through governance processes now in place to address, for example, the types of security vulnerabilities that can drive action to work to avoid future risk, and in making adjustments in infrastructure and dealing with other emerging challenges.
Conflicts arise over the management of CIRs
The US government currently maintains the most control globally over CIRs. This is not well received by some critics around the world, as they fear that the United States may abuse its power. Some have also proposed that they would like to see a roadmap of the Internet for the next 20 years.
Curran addressed these concerns by stating that the US government has a positive track record regarding the respectful and neutral administration of its responsibility for CIRs, mostly leaving all of the operational details to multistakeholder global governance bodies such as the Internet Engineering Task Force and ICANN, and added that roadmap would not likely be effective as there are too many unknowns moving forward.
Vernita Harris, deputy associate administrator of the National Telecommunications and Information Administration, explained that the newest Internet Assigned Numbers Authority (IANA) contract indicates it expects that ICANN and aspects of control over the Internet architecture “will be multi-stakeholder driven, addressing the concerns of all users both domestic and international.”
– Brennan McGovern
IGF-USA 2012 Case Vignettes: Turning Principles into Practice – Or Not: Internet Governance/ICANN; Consumer Privacy; Cyber Security; Dialogues about Lessons Learned
Brief session description:
Thursday, July 26, 2012 – This workshop was aimed at examining the role principles are playing in framing debates, achieving consensus and influencing change – or not. Proposals for Internet principles are popping up everywhere, from national to regional and global discussions, on a wide range of issues. In 2011, IGF-USA examined a number of principles in a session titled “A Plethora of Principles.” This session follows on that one. Session planners noted that it’s not enough to simply develop a set of principles, the question is: how are principles actually implemented how are they inspiring change? Are they new voluntary codes of conduct, new regulations, new laws? Principles can become a baseline for gaining high-level agreements. They may go beyond the expectations possible through legislation or regulation, so some argue that principles should be written to be aspirational. Some argue for legislation, regulation or enforcement mechanisms to ‘hold industry accountable’ to promises made in principles designed as sets of commitments. This workshop examined three case vignettes: 1) How the principles of a white paper were incorporated into ICANN’s formation and what the status of these principles are today within ICANN’s mission and core activities; 2) how consumer privacy principles have fared in global and national settings in terms of these points ‘turning into practice’; and 3) how cybersecurity/botnet principles are faring.
Details of the session:
The moderator for this session was Shane Tews, vice president for global public policy and government relations at Verisign. Panelists included:
- Becky Burr, chief privacy officer, Neustar Inc.: Turning White Paper Principles into actuality in ICANN
- Menessha Mithal, associate director of the division of privacy and identity protection, Federal Trade Commission: Consumer privacy principles
- Eric Burger, director of the Georgetown University Center for Secure Communications: Cybersecurity and botnets
- Carl Kalapesi, co-author of the World Economic Forum’s report Rethinking Personal Data: Strengthening Trust: the World Economic Forum perspective
Before an informal agreement, policy or formal regulation is adopted, passed or approved it takes its initial steps as an idea. The trick lies in bringing it from a formative state to something actionable, otherwise it may languish as a suggested goal, followed by and adhered to by no one.
During the IGF-USA panel titled “Turning Principles into Practice – or Not” participants shared successful case studies as examples of how to create actionable practices out of ethereal goals. Citing processes ranging from US efforts to counteract botnets to domain name system governance and to consumer privacy, three panelists and one respondent drew from their own experiences in discussing ways in which people might successfully bridge the gap between idea and action.
Meneesha Mithal, associate director of the Federal Trade Commission’s Division of Privacy and Identity Protection, weighed in on the efficacy of principles versus regulation by offering a series method to act on a problem.
“It’s not really a binary thing – I think there’s a sliding scale here in how you implement principles and regulation,” she said. She cited corporate self-regulatory codes, the work of international standard-setting bodies, multistakeholder processes, safe harbors and legislation as possible means for action.
Mithal highlighted online privacy policies as an example of the need for a sliding scale. The status quo has been to adhere to the concepts of notice and choice on the part of consumers; this has resulted in corporations’ creation of lengthy, complicated privacy policies that go unread by the consumers they are meant to inform. Recently, pressure has been placed on companies to provide more transparent, effective means of informing customers about privacy policies.
“If it had been in a legislative context, it would have been difficult for us to amend laws,” Mithal said, though she admitted that such flexible agreements are “sometimes not enough when you talk about having rights that are enforceable.”
And Mithal did note that, given the current climate surrounding the discussion of online privacy, it’s still the time for a degree of broad-based privacy legislation in America.
Eric Burger, a professor of computer science at Georgetown University, spoke on the topic of botnets, those dangerous cyber networks that secretly invade and wrest control of computers from consumers, leaving them subservient to the whims of hackers looking for a challenge, or criminals looking for the power to distribute sizable amounts of malware.
Given the sheer number of stakeholders – ISPs concerned about the drain on their profits and the liability problems the strain of illegal information shared by the botnets, individual users concerned over whether their computers have been compromised and government agencies searching for a solution – Burger said that the swift adoption of principles is the ideal response.
Among those principles are sharing responsibility for the response to botnets, admitting that it’s a global problem, reporting and sharing lessons learned from deployed countermeasures, educating users on the problem and the preservation of flexibility to ensure innovation. But Burger did admit the process of arriving at this set of principles wasn’t without its faults. “Very few of the users were involved in this,” he said, citing “heavy government and industry involvement, but very little on the user side,” creating a need to look back in a year or two to examine whether the principles had been met and whether they had been effective in responding to the swarm of botnets.
Becky Burr, chief privacy officer and deputy general counsel at Neustar, previously served as the director of the Office of International Affairs at the National Telecommunications and Information Administration, where she had a hands-on role in the US recognition of ICANN (NTIA). She issued a play-by-play of the lengthy series of efforts to turn ICANN from a series of proposed responses into a legitimate governing entity, which was largely aided by a single paragraph in a framework issued by President Bill Clinton’s administration in 1997.
Written as a response to the growing need for the establishment of groundwork on Internet commerce and domain names, the paper called for a global, competitive, market-based system for registering domain names, which would encourage Internet governance to move from the bottom-up. The next day, the NTIA issued the so-called “Green Paper” which echoed many of the principles of the administration’s framework and drew extensive feedback from around the world, including negative feedback over the suggestion that the US government add up to five gTLDs during the transitional period.
After reflection on the feedback to both the white and green papers, and a series of workshops among multiple stakeholders to flesh out the principles of stability, competition, private-sector leadership, bottom-up governance and realistic representation of the affect communities, ICANN held its first public meeting Nov. 14, 1998, underwent several reforms in 2002, and ever since, in Burr’s words, “is still the best idea, or at least no one’s figured out a better idea.”
“The bottom line is to iterate, make sure you articulate your principles and try to find some built-in self-correcting model,” Burr said.
While Burr’s play-by-play described how a relatively independent, formal institution was formed to offer DNS governance, Carl Kalapesi, a project manager at the World Economic Forum, offered a more informal approach, relying on the informal obligations tied to agreeing with principles to enforce adherence.
“Legislative approaches by their nature take a very, very long time,” Kalapesi said. He vigorously supported the importance of principles in offering “a common vision of where we want to get to,” which leaders can sign onto in order to get the ball rolling.
He offered the example of the “Principles of Cyber Resilience,” offered to CEOs at last year’s World Economic Forum with the goal of making them more accountable for the protection of their own networks and sites while still allowing them flexibility to combat problems in a way that best suited their own work-flow and supply chains.
Central to Kalapesi’s argument in favor of principle-based solutions is their flexibility.
“Half of the uses of data didn’t exist when the data was collected – we didn’t know what they were going to do with it,” he said, alluding to the concerns over the use of private data by the likes of Google and Facebook, which accelerate and evolve at a rate with which formal legislation could never keep up.
Burr later echoed this point in theorizing that 1998′s Child Online Protection Act might soon be obsolete, but Mithal remained firm that a “government backstop” should be in place to ensure that there’s something other than the vague notion of “market forces” to respond to companies who step back from their agreements.
– Morgan Little