Posts Tagged ‘Internet governance’
IGF-USA 2012 Afternoon Plenary Discussion: Defining the Future for Internet Governance – Meeting Evolving Challenges
Brief session description:
Thursday, July 26, 2012 – This major session of the opening plenary of IGF-USA discussed the current state of play with various proposals ranging from the WCIT, the UN Commission on Science and Technology and Enhanced Cooperation, areas where more government may be called for from their perspective or strong improvements in “governance.” Panelists offered a range of perspectives about government and governance.
Featured participants in this special session included Jeff Brueggeman, vice president for public policy, AT&T; Chris Wolf, partner and Internet law expert from Hogans Lovells; Danny Weitzner, Office of Science and Technology Policy, The White House.
Details of the session:
As Chris Wolf of Hogans Lovells said, the ghosts of Internet past, present and future were part of the final plenary discussion on “Defining the Future for Internet Governance: Meeting Evolving Challenges” at IGF-USA Thursday at Georgetown Law Center.
Wolf dubbed himself the “the past guy” and remembered a time he was considered a pioneer in knowledge of the Internet and how it was evolving in its early years. The trio of panelists defined the future for Internet governance and the evolving challenges citizens face.
There’s been an enormous amount of growth and development during the Internet’s short life, noted Jeff Brueggeman, vice president of public policy at AT&T.
“I think the true strength of the IGF, as we talk about every year, is its ability to self-improve,” he said. “And, for all of us, from a bottom-up way, to help innovate and change the process each and every year.”
IGF introduces new topics and builds on those addressed the year before. The IGF is not just a “talk shop” that meets once a year, Brueggeman added.
IGF needs to keep broadening the participation and the process, including peers in more developing countries. More remote participation and adding numbers has been a success in the meetings, Brueggeman said. The discussion needs to keep evolving at IGF-USA and on a global basis. Pressure is growing to show that it doesn’t have the same discussion year after year.
Brueggeman said those involved in IGF should do a better job of capturing the impact of the multi-stakeholder process and show the value of it to those who don’t come to the meetings and those who will never come.
Sustainability is a real challenge, though he has seen an enormous amount of progress. A few years ago, organizers and attendees were debating whether there would be an IGF the following year. Now, they debate what to build around the one-day conference.
Danny Weitzner of The White House Office of Science and Technology Policy – Wolf called him the “ghost of Internet future” – highlighted three things that are already happening.
“We are at the middle of a multi-stakeholder explosion and the question is how to actually help make sure it’s directed and productive and doing the right things,” Weitzner said,
The second thing: He said Vint Cerf has eloquently pointed out that the Internet is now being actively used by more than 2 billion of the 7 billion people in the world, adding: “Attending to that is going to tremendously important in the future.”
And his final point: “We are in an era of just inevitable and irresistible transparency. Sometimes even governments, sometimes companies, sometimes even civil society groups take refuge in un-transparent un-institutional activities because it’s often easier, it’s often safer. But I think we’re learning over and over again in a variety of different institutions that we’ve got to learn to embrace transparency, we’ve got to learn to make it work for us and that resisting it is a mistake.”
Top-down rule-making does not always lead to innovative solutions. The Internet keys into collective intelligence and is best served by the multistakeholder model of governance, Weitzner said.
Although there are many important issues to address as the Internet evolves, Weitzner said he thinks the real discussion that’s going on is to make sure the Internet’s open environment can raise its accessibility to move from 2 billion users to 7 billion.
— Ashley Barnas
Brief session description:
Thursday, July 26, 2012 – Larry Strickling, assistant secretary for communications and information and administrator of the National Telecommunications and Information Administration of the US Department of Commerce, spoke about the United States and the global Internet.
Details of the session:
Larry Strickling, assistant secretary for communications and information and administrator of the National Telecommunications and Information Administration (NTIA) of the US Department of Commerce, highlighted the importance of the multistakeholder model in his afternoon keynote talk at IGF-USA Thursday at Georgetown Law Center.
The NTIA has long been integral in the operation of the Internet Corporation of Assigned Names and Numbers (ICANN), which regulates global domain name policy. While NTIA, on behalf of the US Department of Commerce, reached an agreement with ICANN in 2009to transition the technical coordination of the DNS to a new setting in ICANN under conditions that protect the interests of global Internet users, NTIA represents the US government on ICANN’s Governmental Advisory Committee and it is still an influential force.
Given the near-infinite reach of Internet services, Strickling emphasized the need to include more global representatives in the process of domain name regulation and the discussion of related issues.
“We have focused on enhanced cooperation and finding ways for the global Internet community to have a more direct say in matters of Internet governance,” he said. “This issue is one of great importance as we head into the World Conference on International Telecommunications (WCIT) and World Trade Forum conferences over the next year, where some countries will attempt to justify greater governmental control over the Internet.”
Strickling said the NTIA has made a concerted effort to dissolve the illusion of US control over the Internet infrastructure by showing a heightened respect for the laws of individual countries and finding new ways to address conflicts of interest.
He also expressed his support of greater transparency in all organizations involved in Internet governance, including the International Telecommunication Union, and forcefully restated that the US position on Internet governance is to appropriately limit the role of the government in policymaking.
“Those of us in the US government will work to be as inclusive and transparent as we can be,” he said. “We will push back against calls for more control. Limiting ourselves to the role of facilitator is absolutely key to the ultimate success of the (multistakeholder model). We will press ahead.”
— Katie Blunt
Brief session description:
Thursday, July 26, 2012 – The US House of Representatives has passed four cybersecurity bills, and the US Senate has indicated an intent to consider cybersecurity legislation in the current session. The US Department of State is working with its global partners to develope relationships, collaborative action and norms of behavior for cyberspace. The US Department of Commerce has spearheaded a government initiative on botnets and is working with industry on botnet mitigation measures. The Department of Homeland Security is increasing its cybersecurity staffing for strategic and operational concerns. And the White House is transitioning its team on cybersecurity policy with a second cybersecurity adviser to the president. Stuxnet and Flame attacks have captured international attention. Cybersecurity remains a key theme in discussions in the United Nations, the International Telecommunications Union, the Organization for Economic Cooperation and Development, the Asia-Pacific Economic Cooperation, ICANN and the annual Global Internet Governance Forum. This workshop addressed questions such as: What are businesses, countries, and the technical community doing in this heightened era of cyber security concern? What should they be doing? What are the considerations for individual users here in the U.S. and around the world? How can all these pockets of activity help protect – and not hamper the protection of – the very medium that provides for productivity, communications, efficiencies, innovation, and expression?
Details of the session:
The session was moderated by Audrey Plonk, global security and Internet policy specialist at Intel Corporation. Panelists were:
- Tom Dukes, senior advisor, Office of the Coordinator for Cyber Issues, US Department of State
- Jeff Greene, senior policy counsel, Cyber Security and Identity, Symantec
- Kendall Burman, senior national security fellow, Center for Democracy and Technology
- Patrick Jones, senior director of security, ICANN
Panelists from the government and private sectors gathered at IGF-USA’s cybersecurity workshop to discuss how these entities are collaborating to deal with domestic cybersecurity threats and international cybersecurity issues.
This issue is especially pertinent right now. There have been a number of high-level conferences and meetings in Washington and other locales over the summer of 2012 on this topic, and, as moderator Audrey Plonk, global security and Internet policy specialist for the Intel Corporation, puts it, “Cybersecurity is the new black.”
Jeff Greene, panelist and senior policy counsel of cybersecurity and identity at Symantec, agreed. “At this time three years ago, cybersecurity was something that was mentioned in passing,” he commented. “Now the interest is exponential.”
Symantec’s business is centered on protecting enterprises from cyberthreats. Greene, who until recently worked with the Department of Homeland Security, said that according to this year’s Symantec Internet Security Threat Report, 75 percent of the enterprises Symantec deals with were threatened with a cyber attack in 2011.
He added that while the incidence of spam decreased in 2011, there has been a shift to web-based attacks. Greene also said the government and private sector are working together to reduce such threats.
“It is remarkable how much of the threat dynamic in both sectors is the same,” Greene said. “We see criminal and other malicious activity largely the same as the government does, so this is all work through government, private and international cooperation.”
Panelist Kendall Burman had a different view on government access to private sector and citizen information in terms of cybersecurity. As a senior national security fellow for the Center for Democracy and Technology, she has spent time exploring security and surveillance from the perspective of a member of a group focused on consumer privacy.
“I think that the tricky area from a civil liberties perspective is when the government is in a position of receiving that information, making sure that that information is limited to cybersecurity threats, and what the government can then do then once it receives it,” Burman said.
Panelist Tom Dukes, senior adviser for the Office of the Coordinator for Cyber Issues at the US Department of State, weighed in from a government standpoint on cybersecurity issues, including the important role of the US government in pushing other countries to increase their outreach and share their perspectives on cybersecurity issues.
“Obviously what the US says, the positions we take, are highly influential and they are certainly looked at by a great many other countries,” Dukes said.
“One thing that the US has been trying to do for the last couple years in terms of addressing cyberpolicy issues in general, cybersecurity included, is to try to take sort of a leadership role in helping shape the world debate on how we think about these issues.”
Dukes said that the US has also made progress in terms of leading a global discussion on reaching a consensus about cyber security norms. Greene said that while the U.S. would like to set its own cybersecurity policies, this could cause global problems.
“If everyone has a different set of rules, (global policymaking)’s going to be pretty difficult,” Greene said.
Panelist Patrick Jones, senior director of security for ICANN, shared his view that while US policymaking is important in terms of cybersecurity, politicians should be aware of the effects that any laws they make may have globally.
“It’s helpful for policymakers, when they’re coming up with legislation, that they think of the Internet as global and consider that the decisions they make may have technical impacts that they’re not considering that impact the way people are using the Internet today – give those a thorough understanding before decisions are made about a particular legislation,” Jones said.
One of the final points of discussion during the workshop was the differences between cybersecurity and information security.
In the discussion it was noted that cybersecurity, in the US view on Internet governance, deals primarily with protection from Internet threats. Information security, in the Russian and Chinese view, also includes censoring the civic sector and content from many Western media and knowledge organizations.
Dukes said there are two considerations for openness and freedom of information that convince most leaders in the world to find common ground in the fairly liberal US position on cybersecurity issues.
First is the basic human rights aspect of the argument; many countries accept that people should, whenever possible within the bounds of public safety, have certain rights of free speech, communication and assembly. Most countries agree that this should apply online.
Dukes’ second point is the economic benefit of keeping the Internet as open and free-flowing as possible. “Many evolving world countries are really desperate to find ways that they can harness the power of the Internet to increase economic opportunity, to increase GDP, to increase development and growth,” he said. “Those arguments seem to be very pragmatic, but it’s hard for countries to disagree with that.”
— Mary Kate Brogan
Brief session description:
Thursday, July 26, 2012 – People under the age of 30 constitute the largest population of Internet users in the US and worldwide. This generation, many of whom grew up with mobile networks and the Internet, is the primary driver of the cultural, political and economic activity online. Yet, they are also mostly absent from the Internet governance debates. This workshop brought together a group of college-age young adults to talk about how they experience the online world, how they think about online information and what is important for them within a broad range of Internet-related policy areas. The session was organized and led by the young people themselves.
Details of the session:
Session moderators were Ali Hamed and Morgan Beller, graduate students at Cornell University. Youth participants were:
- Chris Higgens, University of Wisconsin – Madison
- Dan Spector, Cornell University
- Kimberly Wong, Cornell University
- Kyle Simms, Morgan State University
- Lindsey Bohl, Georgetown University Law School
- James Day, Christopher Newport University
- Mary Delcamp, University of Miami Law School
- Rebecca Charen, University of Michigan
- Samantha Smyers
- Reed Semcken, University of Southern California
The title of the forum may have been youth-centric, but it was the adults in the audience who got the last word.
Ali Hamed, a facilitator of the discussion from Cornell University, addressed the significance of the young people’s perspective in Internet governance, noting that the policies being created by today’s leaders are directly affecting youth and the future of everyone.
“It’s pretty valid that we actually have input,” Hamed said.
Morgan Beller, a second facilitator of the panel, also from Cornell, iasked each youth panelist to discuss his or her greatest fear regarding the Internet.
Mary Delcamp from the University of Miami Law School began the conversation by addressing the perils of online information collection. “Information is collected about us all the time and there are completely legitimate uses, but at the end of the day, privacy belongs in the hands of the individual,” Delcamp said.
Lindsey Bohl of the Georgetown University Law Center said she also has concerns about information disclosure. She worries that her credit card information could get leaked. “What would happen if that information were disclosed to the wrong people?” Bohl asked.
Chris Higgens, a student at the University of Wisconsin-Madison, added that collected information is stored and users simply don’t know how far back that record spans. “How much of that information should be liable to your personal character?” Higgens asked.
James Day of Christopher Newport University said he has a similar fear about the “digital footprints” everyone leaves behind when viewing and sharing information on the Internet. He said he worries about how the decisions he makes today will affect his future employment opportunities. “What are we doing now that’s gonna hurt us down the road?” he asked.
Reed Semcken of the University of Southern California said he once took Internet privacy for granted but then noticed that people had gathered information about him that he would have rather kept private.
“The majority of Americans don’t understand what kind of information they’re giving up,” Semcken said.
Dan Spector, a panelist from Cornell University, said he and most other young people can probably relate to these points – you never know the impact you might have through your actions. He used the example of the website Klout, a site that essentially reveals your influence on social media platforms. Spector willingly released his Twitter account to the website in order to gain information about his reputation via social media, but it wasn’t until after he handed over his information that he thought about the implications of sharing that data with a large company that makes its profit by selling your personal information to second and third parties.
Kyle Simms of Morgan State University said his biggest fear is a lack of democracy on the Internet.
Rebecca Charen of the University of MIchigan said she worries that policymakers who do not understand the Internet’s influence and effects won’t turn to youth for help understanding social media before they begin to make decisions that influence everyone’s future.
Facilitator Beller changed the subject with another prompt. She asked what motivated panelists to change their privacy settings from “public” to “private” on social media websites.
Semcken said it was not a natural progression for him. He changed his Facebook settings when he became aware that people he didn’t want to see his information were willing to access it.
Day said he changed his privacy settings because he didn’t want his own extended family members seeing his information. “I don’t really want you looking at that info,” Day said. “You’re like my aunt’s second cousin.”
Delcamp elaborated on the issue of privacy settings. “I think it’s ridiculous to have to adjust privacy settings for each individual aspect,” Delcamp said.
Samantha Smyers spoke up to say that there are ways to circumvent the privacy settings on most sites, and people may be able to access your information even when you think you have added some layers of secrecy – anything you post, no matter how you set your privacy settings may be revealed. “It’s hard because anything you put on the Internet isn’t private, even if you want it to be,” Smyers said.
Facilitator Hamed asked if any of the panelists could give a definition of online privacy. Facilitator Beller chimed in and asked if the panelists if any of them don’t have a problem with releasing their information.
Delcamp said she believes that before information is collected, the consumer should know what exactly is being collected and the consumer should be informed about what is being done with that information.
Charen took a liberal view of information dispersal. “As long as the Internet is working efficiently, I don’t have a problem with it,” Charen said.
Day had a similar perspective. “I don’t care what anyone knows about me as long as they don’t use it against me,” he said.
Beller said she is more selective about the information she divulges. “I’m happy giving Spotify my music preferences but not access to my Facebook page,” she said.
Hamed proposed that Internet governance discussions should emphasize finding a balance between innovation and regulation. Delcamp offered remarks in favor of innovation but with a stipulation. “The last thing you want to do is stifle innovation,” Delcamp said. “But there needs to be some sort of consequence if damage is done to you.”
Jim Prendergast, an audience member, told the youth participants he was at a youth conference earlier this year where the word “safety” came up. The students at the conference treated the person who brought it up as a pariah. Prendergast wanted to know if these youth participants felt the same way.
Charen offered his explanation. “Your average high school or college student isn’t concerned with privacy,” he said. “Our generation is the generation of wanting things simple, fast and free. I feel like they’re willing to sacrifice things and not even thinking about [the fact that they’re] sacrificing those things.”
George Britt, another adult audience member, said he is a teacher, and his students do worry about the “bad stuff” on the Internet. He said he encourages them to consider the value in Internet innovation, speaking to the importance of incorporating innovation as an ideal rather than a peril via the education system.
The forum worked to gather a small sampling of youth perspectives and prompted a discussion between adults and youth about youth perspectives of the online realm.
— Audrey Horwitz
IGF-USA 2012: Critical Internet Resources (CIRs) – Evolution of the Internet’s Technical Foundations
Brief session description:
Thursday, July 26, 2012 – Since the initiation of the Internet Governance Forum (IGF), Critical Internet Resources (CIR) and the evolution of the Internet’s technical foundations have been a central focus of ongoing Internet governance debates. Varied views can engender misunderstandings that influence the opinions of global stakeholders, and different views exist about how to advance CIRs. International governmental approaches are proposed by some, while others strongly support the present bottom-up, consensus-driven models. Three foundational technological changes – IPv6, secure Domain Name System (DNSsec) and secure routing – framed the discussion in this workshop. Deployment of these new technical and organizational approaches raises significant challenges to stakeholders, operations and governance arrangements.
Details of the session:
The moderator for the session was Walda Roseman, chief operating officer of the Internet Society. Panelists included:
- Steve Crocker, chair of the board of the Internet Corporation for Assigned Names and Numbers
- John Curran, president and CEO of the American Registry of Internet Numbers
- Richard Jimmerson, director for deployment and operationalization, Internet Society
- Vernita Harris, deputy associate administrator in the Office of International Affairs of NTIA, US Department of Commerce
Thursday’s IGF-USA conference at Georgetown Law Center featured an assembled panel of government and corporate experts who addressed the controversial issues concerning the control of critical Internet resources.
Walda Roseman, chief operating officer of the Internet Society (ISOC), chaired the discussion on the implementation and security of CIRs.
CIRs include IP addresses, domain names, routing tables and telecommunications, or what Steve Crocker, CEO and co-founder of Shinkuro Inc., Internet Hall of Fame member and chair of the board of ICANN, called the base of Internet architecture upon which everything else is built.
Moving from Internet Protocol Version 4 to IPv6
One of the most pressing concerns regarding CIRs is the revision of Internet Protocol (commonly referred to as IP) from version 4 to version 6, now the most dominant protocol for Internet traffic.
IPv4 used 32-bit addresses, allowing for approximately 4.2 billion unique IP addresses, but the growth of the Internet has exceeded those limits. IPv6 uses 128-bit addresses, allowing for about 3.4×1038 unique addresses. This number is equal to approximately 4.8×1028 addresses for each of the seven billion people alive in 2012.
Because headers on IPv4 packets and IPv6 packets are quite different, the two protocols are not interoperable and thus they are both being run in what is called a “double stack.”
However, IPv6 is, in general, seen to be a conservative extension of IPv4. Most transport and application-layer protocols need little or no change to operate over IPv6. The exceptions to this are the application protocols that embed internet-layer addresses, such as FTP and NTPv3. In these, the new address format may cause conflicts with existing protocol syntax.
Internet service providers, the Internet Society and many large Internet-based enterprises worked to support a World IPv6 Launch on June 6 this year to help accelerate the adoption of IPv6.
John Curran, president and CEO of the American Registry for Internet Numbers, said upgrading to IPv6 is a necessary step for “any enterprise that wants to still be in business in five years,” because it enables them to continue to reach new customers and grow.
When asked about the costs or burdens of upgrading to IPv6 for small businesses, Curran explained that in most cases the burden would fall on the hosting company through which they run their website.
Chris Griffiths, director of high-speed Internet and new business engineering for Comcast, confirmed this, stating his company would have to upgrade to continue to attract new clients.
Security issues always loom large in Internet evolution
The development of the Internet has led to a need for Domain Name System Security, or DNSSEC. Curran explained that DNSSEC maintains the integrity of the Internet by ensuring the information users obtain is from the source they believe they are corresponding with, essentially preventing redirection to fraudulent websites.
Redirection could come from hackers, hijackers and phishers, but also the US government, should initiatives such as SOPA or PIPA pass.
“My primary interest is keeping the open Internet alive,” said Richard Jimmerson, director of deployment and operationalization for ISOC. “Somebody in this room will want to invent the next Facebook or Yahoo! Today, that is possible, but if we do not pay attention to certain things, that may not be possible anymore.”
Griffiths said Comcast and other Internet technology companies work together through governance processes now in place to address, for example, the types of security vulnerabilities that can drive action to work to avoid future risk, and in making adjustments in infrastructure and dealing with other emerging challenges.
Conflicts arise over the management of CIRs
The US government currently maintains the most control globally over CIRs. This is not well received by some critics around the world, as they fear that the United States may abuse its power. Some have also proposed that they would like to see a roadmap of the Internet for the next 20 years.
Curran addressed these concerns by stating that the US government has a positive track record regarding the respectful and neutral administration of its responsibility for CIRs, mostly leaving all of the operational details to multistakeholder global governance bodies such as the Internet Engineering Task Force and ICANN, and added that roadmap would not likely be effective as there are too many unknowns moving forward.
Vernita Harris, deputy associate administrator of the National Telecommunications and Information Administration, explained that the newest Internet Assigned Numbers Authority (IANA) contract indicates it expects that ICANN and aspects of control over the Internet architecture “will be multi-stakeholder driven, addressing the concerns of all users both domestic and international.”
— Brennan McGovern
IGF-USA 2012 Case Vignettes: Turning Principles into Practice – Or Not: Internet Governance/ICANN; Consumer Privacy; Cyber Security; Dialogues about Lessons Learned
Brief session description:
Thursday, July 26, 2012 – This workshop was aimed at examining the role principles are playing in framing debates, achieving consensus and influencing change – or not. Proposals for Internet principles are popping up everywhere, from national to regional and global discussions, on a wide range of issues. In 2011, IGF-USA examined a number of principles in a session titled “A Plethora of Principles.” This session follows on that one. Session planners noted that it’s not enough to simply develop a set of principles, the question is: how are principles actually implemented how are they inspiring change? Are they new voluntary codes of conduct, new regulations, new laws? Principles can become a baseline for gaining high-level agreements. They may go beyond the expectations possible through legislation or regulation, so some argue that principles should be written to be aspirational. Some argue for legislation, regulation or enforcement mechanisms to ‘hold industry accountable’ to promises made in principles designed as sets of commitments. This workshop examined three case vignettes: 1) How the principles of a white paper were incorporated into ICANN’s formation and what the status of these principles are today within ICANN’s mission and core activities; 2) how consumer privacy principles have fared in global and national settings in terms of these points ‘turning into practice’; and 3) how cybersecurity/botnet principles are faring.
Details of the session:
The moderator for this session was Shane Tews, vice president for global public policy and government relations at Verisign. Panelists included:
- Becky Burr, chief privacy officer, Neustar Inc.: Turning White Paper Principles into actuality in ICANN
- Menessha Mithal, associate director of the division of privacy and identity protection, Federal Trade Commission: Consumer privacy principles
- Eric Burger, director of the Georgetown University Center for Secure Communications: Cybersecurity and botnets
- Carl Kalapesi, co-author of the World Economic Forum’s report Rethinking Personal Data: Strengthening Trust: the World Economic Forum perspective
Before an informal agreement, policy or formal regulation is adopted, passed or approved it takes its initial steps as an idea. The trick lies in bringing it from a formative state to something actionable, otherwise it may languish as a suggested goal, followed by and adhered to by no one.
During the IGF-USA panel titled “Turning Principles into Practice – or Not” participants shared successful case studies as examples of how to create actionable practices out of ethereal goals. Citing processes ranging from US efforts to counteract botnets to domain name system governance and to consumer privacy, three panelists and one respondent drew from their own experiences in discussing ways in which people might successfully bridge the gap between idea and action.
Meneesha Mithal, associate director of the Federal Trade Commission’s Division of Privacy and Identity Protection, weighed in on the efficacy of principles versus regulation by offering a series method to act on a problem.
“It’s not really a binary thing – I think there’s a sliding scale here in how you implement principles and regulation,” she said. She cited corporate self-regulatory codes, the work of international standard-setting bodies, multistakeholder processes, safe harbors and legislation as possible means for action.
Mithal highlighted online privacy policies as an example of the need for a sliding scale. The status quo has been to adhere to the concepts of notice and choice on the part of consumers; this has resulted in corporations’ creation of lengthy, complicated privacy policies that go unread by the consumers they are meant to inform. Recently, pressure has been placed on companies to provide more transparent, effective means of informing customers about privacy policies.
“If it had been in a legislative context, it would have been difficult for us to amend laws,” Mithal said, though she admitted that such flexible agreements are “sometimes not enough when you talk about having rights that are enforceable.”
And Mithal did note that, given the current climate surrounding the discussion of online privacy, it’s still the time for a degree of broad-based privacy legislation in America.
Eric Burger, a professor of computer science at Georgetown University, spoke on the topic of botnets, those dangerous cyber networks that secretly invade and wrest control of computers from consumers, leaving them subservient to the whims of hackers looking for a challenge, or criminals looking for the power to distribute sizable amounts of malware.
Given the sheer number of stakeholders – ISPs concerned about the drain on their profits and the liability problems the strain of illegal information shared by the botnets, individual users concerned over whether their computers have been compromised and government agencies searching for a solution – Burger said that the swift adoption of principles is the ideal response.
Among those principles are sharing responsibility for the response to botnets, admitting that it’s a global problem, reporting and sharing lessons learned from deployed countermeasures, educating users on the problem and the preservation of flexibility to ensure innovation. But Burger did admit the process of arriving at this set of principles wasn’t without its faults. “Very few of the users were involved in this,” he said, citing “heavy government and industry involvement, but very little on the user side,” creating a need to look back in a year or two to examine whether the principles had been met and whether they had been effective in responding to the swarm of botnets.
Becky Burr, chief privacy officer and deputy general counsel at Neustar, previously served as the director of the Office of International Affairs at the National Telecommunications and Information Administration, where she had a hands-on role in the US recognition of ICANN (NTIA). She issued a play-by-play of the lengthy series of efforts to turn ICANN from a series of proposed responses into a legitimate governing entity, which was largely aided by a single paragraph in a framework issued by President Bill Clinton’s administration in 1997.
Written as a response to the growing need for the establishment of groundwork on Internet commerce and domain names, the paper called for a global, competitive, market-based system for registering domain names, which would encourage Internet governance to move from the bottom-up. The next day, the NTIA issued the so-called “Green Paper” which echoed many of the principles of the administration’s framework and drew extensive feedback from around the world, including negative feedback over the suggestion that the US government add up to five gTLDs during the transitional period.
After reflection on the feedback to both the white and green papers, and a series of workshops among multiple stakeholders to flesh out the principles of stability, competition, private-sector leadership, bottom-up governance and realistic representation of the affect communities, ICANN held its first public meeting Nov. 14, 1998, underwent several reforms in 2002, and ever since, in Burr’s words, “is still the best idea, or at least no one’s figured out a better idea.”
“The bottom line is to iterate, make sure you articulate your principles and try to find some built-in self-correcting model,” Burr said.
While Burr’s play-by-play described how a relatively independent, formal institution was formed to offer DNS governance, Carl Kalapesi, a project manager at the World Economic Forum, offered a more informal approach, relying on the informal obligations tied to agreeing with principles to enforce adherence.
“Legislative approaches by their nature take a very, very long time,” Kalapesi said. He vigorously supported the importance of principles in offering “a common vision of where we want to get to,” which leaders can sign onto in order to get the ball rolling.
He offered the example of the “Principles of Cyber Resilience,” offered to CEOs at last year’s World Economic Forum with the goal of making them more accountable for the protection of their own networks and sites while still allowing them flexibility to combat problems in a way that best suited their own work-flow and supply chains.
Central to Kalapesi’s argument in favor of principle-based solutions is their flexibility.
“Half of the uses of data didn’t exist when the data was collected – we didn’t know what they were going to do with it,” he said, alluding to the concerns over the use of private data by the likes of Google and Facebook, which accelerate and evolve at a rate with which formal legislation could never keep up.
Burr later echoed this point in theorizing that 1998′s Child Online Protection Act might soon be obsolete, but Mithal remained firm that a “government backstop” should be in place to ensure that there’s something other than the vague notion of “market forces” to respond to companies who step back from their agreements.
— Morgan Little
Brief session description:
Thursday, July 26, 2012 – The dramatic reduction in the cost of computing and storage made possible by cloud computing services, the spread of easy-to-use, open-source analytic tools, and the growing availability of massive data services from governments and the private sector (e.g. Google Maps) have enabled thousands of start-ups, hackers and others to create exciting new tools for business, entertainment, government and other sectors. Government policies can help or hinder development of new databases and Big Data apps. Issues covered in this session included: 1) open government data policy; 2) Intellectual Property Rights protection; 3) IT research; 4) technology test beds; 5) education; 6) law enforcement access; and 7) privacy regulations.
Details of the session:
The moderator for the session was Mike Nelson, a professor at Georgetown University and research associate at CSC Leading Edge Forum. Panelists included:
- Jeff Brueggeman, vice president of public policy for AT&T
- Paul Mitchell, senior director and general manager, Microsoft TV Division
- Lillie Coney, associate director, Electronic Privacy Information Center
- Jules Polonetsky, director and co-chair, Future of Privacy Forum
- John Morris, director of Internet policy, NTIA/US Department of Commerce
- Katherine Race Brin, attorney, bureau of consumer protection, Federal Trade Commission
Mike Nelson, an Internet policy expert from Georgetown University, shared some reassuring remarks as he introduced a panel session that concentrated upon the complexities of managing what has become known as “Big Data.”
“These issues are not new,” he said. “We’ve been dealing with them for 20 or 30 years, but they are a lot more important now.”
Nelson explained in a workshop at IGF-USA Thursday at Georgetown Law Center that it’s not just about data that are big. It’s about data that are changing so quickly and need innovative tools of management.
He introduced the following questions:
- How will privacy concerns impact the development of large databases (or will they have any significant impact)?
- What are the liability issues of Big Data in the cloud?
- How do we deal with the shortage of data experts?
- How do we handle issues concerning control and access to data?
Jeff Brueggeman, a global public policy executive with AT&T and a longtime participant in Internet governance discussion in many fora, began the conversation by addressing a few of these issues.
First, he noted the importance of working with businesses as well as policymakers to come up with tools to manage the data. He also addressed the significance of maintaining security in cloud data.
“The more data that’s being collected and retained, the more that data could be used as a target,” Brueggeman said.
Brueggeman introduced some issues for the other panelists to contest, inquiring about best practices for dealing with data sets, types of controls over what users should expect, what uses of data are legitimate without that control and international components.
Jules Polonetsky of the Future of Privacy Forum followed with a look at the long-term perspective, offering some insight about the impacts of cloud technology.
“I’ve always had a hard time getting my head around clouds,” Polonetsky said. “But the best we can do is make sure we’re a bit of a gatekeeper.”
He argued that a formalized procedure should be established for the release of private information to law enforcement officials and others seeking information. But he also elaborated on the risks of such technology, which he illustrated by telling a story about his friend, a rabbi, who watched a racy video, unaware that Facebook would automatically share the link on his Facebook page, proving how easy it is to inadvertently share online activity with the greater digital community.
Polonetsky champions the benefits of data use, but he also urges people to consider the implications of such sharing and storing of data. He said he believes there should be a debate in which people weigh the risks and benefits.
Katherine Race Brin continued the conversation, citing some of her experiences dealing with these issues in her job with the Federal Trade Commission.
She said the FTC has studied the implications of cloud computing for a number of years and has also considered how, or if, a cloud is different than any other uses of data transfer in regard to privacy.
She said her work at the FTC has led her to believe that the companies that are storing data in the cloud are often in the best position to assess the risks of that data sharing.
“We’ve always said, in relation to personal data, the businesses remain accountable for the personal data of their customers,” Brin said.
She said that while the FTC holds businesses responsible, it also provides a framework to ensure consumer privacy.
Brin explained the three key aspects of this framework:
- Privacy by design – Companies should build in privacy protection at every stage from the product development to the product implementation phases. This includes reasonable security for consumer data, limited collection and retention of such data and resonable procedures to promote data accuracy.
- Simplified consumer choice – Companies should give consumers the option to decide what information is shared about them and with whom. This should include a “do-not-track” mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
- Transparency – Companies should disclose details about their collection and use of consumers’ information and provide consumers with access to the data collected about them.
Lille Coney, associate director of the Electronic Privacy Information Center, offered her insights as an expert on big data. (To see a video posted by The Economist about Big Data that is based on EPIC-supplied information, click here.)
“Governance is not easy,” Coney said. “But we do learn mechanisms for creating accountability, transparency and oversight.”
She noted that the difficulty lies in creating guidelines that have currency and legitimacy. In regard to cloud computing, Coney suggests that people are not only consumers; they themselves – or at least the sets of the private information they share – are actually products.
“Our online activity alone generates revenue, and many consumers don’t understand that,” Coney said.
She said she strongly believes in the importance of the public’s engagement in the conversation. With all these privacy concerns, Coney said the consumer cannot afford to leave it up to businesses or government.
Microsoft executive Paul Mitchell, added some perspective to the conversation in terms of how to go about tackling the issue of how to manage Big Data. “I think the big challenge here is figuring out whats’ first when we’re talking about big data,” Mitchell said, noting the overwhelming amount of data being created and databased. “What we have here is not a new problem. What we have here is a problem of scale.”
Mitchell said we can look at the separate desires of people, businesses and society, and consider a philosophy based on each group’s needs. He explained that the people-first philosophy would ensure that data that could be harmful isn’t allowed to be. The business-first philosophy would be about maximizing the potential economic return for the use of data. The society-first philosophy would optimize the value for society as a whole based on what can be done with the data.
“From an operating perspective, the challenges we face involve how to govern against these three axises,” said Mitchell. “The policymakers’ choice is how to balance the three appropriately.”
Nelson then asked a question directed at the panelists about the future of the cloud and whether there would be one cloud in an interconnected world or a world of separate clouds run by different companies.
Session moderator Nelson then asked the panelists about the future of the cloud -whether there will be one cloud in an interconnectedworld or a world of separate clouds run by different companies.
Mitchell argued that there are circumstances that will require a private set of services.
Coney expressed concern over that model. “Consumer’s control over their data in a cloud-driven environment will require the ability to move their data from Cloud A to Cloud B. Making that a reality in this environment is going to be the challenge,” she said.
Polonetsky had a slightly different viewpoint. He considered the business-platforms perspective, questioning how easy it should be to move consumers’ data.
“Yes, it is your data, but did the platform add some value to it by organizing it in a certain way?” he asked, adding that the platforms may make a legitimate contribution by organizing consumers’ data. For example, your Facebook friends belong to you, but Facebook created a platform in which you interact with and share information, photographs and other things with them.
To conclude, Nelson took a few questions from the audience and asked each panelist for a recommendation regarding the future management of Big Data. Brueggeman suggested there should be a set of commonly accepted practices for managing Big Data. Polonetsky added there should be more navigable digital data. Brin supported the strong need for transparency. Coney proposed that cloud providers and Big Data companies must show their respect for a diverse group of stakeholders. Mitchell recommended that we should all work toward greater harmony between business, personal and societal values.
— Audrey Horwitz