IGF 2014

Evolving Internet technologies, including the cloud, big data, and data analytics hold the promise to bring us profound benefits by addressing important societal issues in healthcare, education, transportation, energy and security, to name a few. But the power of these and related tools also raise important societal and legal concerns, including privacy, data security, and issues of jurisdiction and competition.

All stakeholders in the Internet ecosystem have an expectation of data protection and privacy of their communications. Businesses, governments, civil society and users are all presently engaged in dialogues that aim to restore and ensure trust in evolving Internet technologies through technical measures, legal developments, and policy advocacy.

The workshop participants will discuss key elements of these dialogues including but not limited to encryption and other privacy enhancements; the rule of law; the interplay of innovation, data use and societal benefits with risk analysis and mitigation; and the need to facilitate cross-border data flows, while ensuring data privacy and security.

This a follow up to session 202 from 2013 where we explored the conflict between child protection and child rights. Now it's time to move on to show how both rights and safety can be protected. It is relevant to Internet governance because children are stakeholders who are often left out of discussions.

The UN Convention on the Rights of the Child requires that children "shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds." Yet, it is generally agreed that some information, such as pornography, can be harmful to some children. But some efforts to protect children may go too far, such as blocking access to social media as is the case in many schools and some entire countries. This workshop will explore how governments, schools, NGOs and companies can find way to protect children from harm while also protecting their civil rights and right of free expression.

What makes protecting the public from cybersecurity risks such a challenge for governments, private sector and civil society? The governance frameworks and diversity of interest that comprise the Internet infrastructure are complex and no one institution, agency or organization can solve these issues on their own and every digital citizen plays a role in protecting themselves and the Internet. The sheer breadth and depth of these issues can be daunting because of the ever-changing nature of the threats. As a result, no one entity has “the answer.”

The session will discuss the multistakeholder approach to addressing cybersecurity issues: Why should a multistakeholder approach be used and what are the elements of a successful public private governance model. The damage done to the culture of trust that had been developing among governments, private sector and civil society - key players in cyber security and the question becomes - Can multistakeholder efforts continue to succeed in a post Snowden World?

These questions lend themselves to a more interactive session with lots of discussion.

The anticipated participants, NCSA, NorSIS and DSCI will add perspectives of successful programs from both the developing and developed worlds. Microsoft will add the private-sector perspective and government representatives from India and Australia will share their unique insights.

Our goal for this workshop is to have industry, governments and civil society come together in countries where the multistakeholder approach is not present and look at ways to replicate and implement these program. Agenda is as follows:

·Introduction

·Two Brief Scene Setting Presentations

·Short Responses from Discussant

·Audience Q&A/Discussion

The economic and public policy impacts of Internet blocking by state actors has been well studied. Receiving less study to date are the economic and public policy impacts of Internet policing by third party non-state actors. The systemic impossibility of a common definition of “due process” or a common policy framework has led to occasional collateral damage that undermines the security and stability of the Internet. This is a form of “digital culture clash”

This workshop will explore the state of play in third party Internet blockades and boycotts by non-state actors such as Internet reputation systems, whether commercially motivated or not. Examples of collateral damage will be drawn from the record, including the impact of SPAMHAUS’s blockade of Sweden in early 2014. We will engage leading experts from both the technology and policy arenas to debate and discuss questions like “at what limit does a blockade or boycott do more harm than good to the organizer’s own values, due to foreseeable collateral damage, lack of care, or lack of investigatory resources?”

The panel hopes to reach a common understanding and brief set of recommendations for those who might organize Internet blockades and boycotts, for those who might participate in such events – perhaps by subscribing to an Internet reputation system, for those who might be targeted by such moves, and also for policy makers and shapers who need to know the powers and risks of collective third party action in Cyberspace.

Privacy is in this workshop viewed as an area of opportunity and innovation. The success of new innovative services and applications that provide users with control over personal data and social contexts and mounting trends in user strategies to navigate safely and anonymously online, all suggest that a paradigm shift is on its way. This shift entails a shift in focus where protection of privacy rather than being described solely as an area of governance, or as an obstacle to innovation and sharing, can be viewed as the foundation for the evolution of digital media business models that more critically understand digital media as an evolving architecture of human social relations, and privacy as a new basic market demand and an area worth investing in for businesses and society at large.

Privacy as innovation II: The practical principles and implementation

The first “Privacy as Innovation” workshop was held at IGF in Bali 2013 with a general discussion of the discourses concerning privacy and innovation. The follow up workshop “Privacy as Innovation II” will constitute a discussion of the challenges as well as the opportunities of the privacy innovations today and will include innovative ideas from the tech community, civil society, policymakers and youth. It will critically assess the solutions available today and also evaluate present day alternatives. The core aim is to discuss key practical principles for innovations in privacy technologies looking at privacy technologies as an economic and social investment.

The youth perspective:

Youth’s heavy media user demand represents the emerging demand for development and innovation in policy and technical tools that guarantee a contemporary, evolving, fluid and personalized definition of privacy. Their interests and demands provide an insight in the future demands of the market and a fundamental indication of the forthcoming essential drivers for innovation. The youth perspective will thus present a core contribution to the discussions of this workshop.


Agenda:

1.Short introduction to debate by moderator: “Privacy as innovation”

2.Moderated round table discussion

3. Questions from and discussion with remote and onsite participants

In previous years our workshops have looked at data flows, surveillance, and freedom of expression. As the world embraces the cloud business model, we look at the cloud world 18 months after revelations alleging mass-government surveillance. We propose looking at how policy makers, regulator, cloud businesses, and users have responded to potential government access to user data in the cloud. What has been the resulting policy? What has the business world done to address concerns? What has worked and what hasn’t? Has there been an impact? We’ll address how these measures have affected cloud adoption, and explore potential solutions for addressing multi-stakeholder concerns in the post-revelation era.

More consumers now use their mobiles to go online to access information and services. Mobile plays a central role in driving economic growth and social opportunities. However, it is important that people can interact and access services in a trusted and secure environment that protects their online privacy.
Increasingly, mobile ecosystems acquire consumers’ data by default, while smartphones broadcast data by default. These ‘default’ positions challenge current data protection and privacy legal frameworks, and consumers’ ability to manage their privacy and online identities.
A key ingredient for strengthening trust in a mobile connected world is a user-centred privacy framework that applies to all digital and identity services whether in retail, healthcare, government, banking or any other sector.
The GSMA recently published global research showing trust matters and that mobile users want better transparency and choice over how their personal data are used. They also expect all companies accessing their data to treat their privacy consistently.
This workshop aims to bring together leading representatives from a broad spectrum of stakeholder groups to discuss privacy-related issues and ways to enhance mobile users’ trust.
Questions to address include:
• How can citizens – in both developed and developing countries – benefit from the responsible use of mobile-derived data?
• What are the key emerging issues and challenges of a mobile hyper-connected world?
• How can we ensure secure and trusted identities online?
• eds to be done to ensure consumers are able to access services in private, trusted and secure ways?
• What are the respective roles of law and industry self-regulation in enhancing trust?

Fostering trust: How can developing countries achieve international cooperation against cybercrime through legal frameworks

Developing Countries face serious challenges with respect to the investigation and prosecution of cybercrime especially obtaining evidence admissible in legal proceedings from Developed Countries where much of the data and services reside which is exacerbated by a lack of knowledge and misconceptions regarding efficacy of existing legal frameworks.

This capacity building workshop will:

a) Address specific questions from participants, clarify misconceptions regarding existing legal frameworks and provide substantive factual and legal responses based on the practical experience of experts regarding issues eg. transborder access to data, mutual legal assistance, 24/7 points of contact etc.

b) Demonstrate how joining and implementing legal frameworks can help build trust not only between governments but also the private sector and it can help mobilise resources for technical assistance and capacity building.

c) Address concerns of participants regarding legal frameworks for international cooperation at the previous IGF 2013 workshop by Developing Countries' Centre for Cyber Crime Law: 'Cybercrime Treaties: Advantages for Developing Countries'.

This capacity building workshop would effectively be the first of its kind for Developing Countries at the IGF since last year when all governments at the UN reached a unanimous consensus on the importance of cyber crime capacity building, a consensus echoed by business and civil society in a national context.

The interactive format would facilitate the transfer of knowledge and best practices rather than presentations or generic panel discussions.

Agenda

Presentation to set scene - capacity building:
- Means of obtaining data and cooperation from developed countries
- Value of legal vs non-binding/informal
- Elements of cooperation
Panel responses
Audience feedback and discussion
Recommendations for next interaction

Different actors have different responsibilities when it comes to establishing trust in the digital world. In government, trust is what you have, or do not have towards other governments. It is also how well you protect your citizens from threats (both foreign and domestic), and maintain rule of law. Establishing trust in the digital world is a complex task for states because national borders become indistinct.

When the state seeks to enforce its jurisdiction within its own borders, that exercise (at least in liberal democracies) is constrained by human rights, reasonable limits and judicial oversight – all of these taken together to be the rule of law. However, difficulties arise when states exercise their jurisdiction extraterritoriality by intercepting communications taking place within the territory of other states, or by combating cybercrime.

Most actors would articulate a view that the NSA went too far in their pursuit of national security; however, large scale cybercrime activities demonstrate a need for states to exercise jurisdiction extraterritoriality, to secure evidence and punish offenders located in different states. This creates a paradox: if states do too much in the digital world (i.e. overly aggressive bulk data collection) it can erode digital trust, and if they do too little (i.e. cooperation on cybercrime) it also erodes digital trust.

This panel seeks to address this paradox by asking: how we, as a digital society, should draw the lines around what activities should be permitted by states in name of national security and those that should be considered offensive? This panel hopes to identify principles that guide how lines are drawn around surveillance. These principles will reflect the diverse range of views in the Internet community.


Agenda
Panel introduction by the moderator
Introductory remarks by each panelist
Panel moderator to pose a set of questions to the panel
Moderator will open the floor to questions from attendees and remote participants
Concluding remarks by the panelists
Moderator to conclude the panel

Where there is governance, there are citizens. No Internet governance discussion is complete without discussion among citizens about digital citizenship. On today's highly participatory Internet, many of the citizens are youth. This workshop follows our successful Baku workshop in which more than 30 participants spoke, nearly all of them youth from multiple countries. It will be a highly participatory, multidirectional discussion rather than a one-way panel presentation.

Our goal is to move from discussing the concept of digital citizenship to understanding its practices from youth perspectives – how they use digital tools and spaces to promote and support causes, make change and participate in civil society or even political life. With questions from the organizers and other participants, we will uncover how youth use connected media and whether that's changing how they view citizenship; hear the perspectives of those who are advancing digital literacy, participation and citizenship for youth; and examine the effectiveness of current online safety approaches and the role of digital citizenship in them. The workshop will include a roundtable of youth and other experts asking and answering questions such as:

• What are the Internet Governance issues or questions that should be addressed going forward?

• What are young people's approaches to developing a safe digital society that upholds participants' rights?

• Can bullying prevention in the form of respectful treatment of others and standing up for their rights contribute to citizenship online as well as offline?

• What are the most effective ways to teach and model good digital citizenship?

• What role does digital inclusion – supporting and enlisting the support of marginalized and disadvantaged populations – play in digital citizenship?

• Are "trolling" and other forms of anti-social online behavior affecting youth civic engagement and understanding among youth, government, industry, and other communities?

AGENDA:

1. Introductions: 5 min.
2. Overview & Background: 10 min.
3. Open discussion: 60 min.
4. Summarize & wrap up: 15 min.

BIBLIOGRAPHY:

* "Changing Citizenship in the Digital Age," by W. Lance Bennett, University of Washington (http://www.oecd.org/edu/ceri/38360794.pdf)
* "What Makes You Tweet?: Young People's Perspectives on Social Media as an Engagement Tool," by Jen Rose and Lisa Morstyn, Youth Affairs Council of Victoria, Australia (http://apo.org.au/research/what-makes-you-tweet-young-peoples-perspectives-use-social-media-engagement-tool)
* "Youth & Citizenship in the Digital Age: A View from Egypt," by Lisa Herrera of University of Illinois in Harvard Educational Review (http://her.hepg.org/content/88267r117u710300/?p=cac083d7a05044e2a5cf9ac8d57102ae&pi=0)
* From the workshop co-organizer: "Digital citizenship, a lived curriculum," Part 1 (http://www.netfamilynews.org/digital-citizenship-a-lived-curriculum-part-1) and Part 2 (http://www.netfamilynews.org/the-lived-curriculum-part-2-what-that-looks-like); "Digital citizenship in process: Notes from the Baku IGF" (http://www.netfamilynews.org/digital-citizenship-in-process-notes-from-the-baku-igf), by Anne Collier

The transnational Internet is instrumental in helping people exercise their universal human rights, irrespective of where they are located. However, there is a growing tension between the cross-border nature of the Internet and the territorial conception of national sovereignty. Concerns are legitimately rising about a “fragmentation” of cyberspace along national jurisdictions.

The session will address the following issues:
- What is actually meant by “fragmentation of cyberspace”?
- Do we really observe trends towards fragmentation?
- Is this voluntary or an unintended consequence of unrelated decisions?
- What would be the long-term impacts on the ecology of cyberspace?

If we collectively believe that cyberspace fragmentation would be detrimental to the benefits the Internet has brought to mankind, new collaborative multi-stakeholder frameworks are needed to diffuse tensions and enable the coexistence of different laws and norms in shared online spaces.

Launched in 2012, the Internet & Jurisdiction Project is a multi-stakeholder effort to develop a due process framework to deal with transborder tensions around online content.

The roundtable discussion is intended to frame the broader debate and solicit feedback. It will also update IGF participants about the progress of the global multi-stakeholder dialogue process facilitated by the Internet & Jurisdiction Project and engage them in the way forward.

Country code top level domains (ccTLDs) are vital for countries’ national interests; they provide an economic and social platform, a focal point for the development and dissemination of ICT expertise, a platform – and therefore potential single point of failure - for the provision of government online services, and a catalyst for local and diaspora content development and communication. ccTLDs have the potential to be a target of vulnerability across all of these activities. Their cyber security is therefore of critical national importance.
As ccTLDs can attract malicious attacks from non-state and state-associated actors, they also raise critical questions for global Internet governance. This workshop poses and aims to provide globally sourced answers to the question:

How can the over 250 country code top level domains around the world, each with its own governance and operational model and challenges, address and improve national and global cyber security in a sustainable way?

Using the Oxford University Global Cyber Security Capacity Centre’s ‘ccTLD Cyber Security Best Practices and Metrics’ as a jumping off point, this workshop will ask the experts, policymakers and practitioners how to address critical Internet governance issues in the ccTLD context: DNS security and national sovereignty, data privacy and law enforcement access, intellectual property rights protection, malicious activities and attacks.