[kictanet] IGF 2008 Highlights - Day 2

mwende njiraini mwende.njiraini at gmail.com
Wed Dec 10 11:49:40 EAT 2008


*Day 2: 4th December 2008*

* *

*Theme: Promoting Cybersecurity and Trust *

* *

*0930-1100 Panel discussions: Dimensions of Cybersecurity and Cybercrime*

The internet was not originally designed with security features however with
increased use of the internet security considerations arise.



It is important to recognize regional, local and cultural issues that may
affect cyber security and develop a relationship of trust in order to
develop a framework that determines - what happens in a crisis, how to
engage in law enforcement.  This is important as security issues need to be
addressed before there is a crisis and should be done at all levels.



*Computer Emergency Response Team*

* *

The use of the Computer Emergency Response Team (CERT) at a regional and
national level based on the framework developed by the Carnegie Mellon
University (www.cert.org)  as follows:



   1. *Organisational *

At an organisational level there should be a person responsible for security
– the response to security threats need to be formalized – that is
organizational incident response should be formalized.



   1. *National*

Formation of national CERT is necessary but not sufficient.  Channels for
relaying of information, mitigating threats need to be organised and tested
on a regular basis.  The national CERT should work with regional CERT as
well as have links with law enforcement organisations.

There is need for development of a strategy as well as testing of the
system.  Any incidents should be reviewed.



The goals of CERT should include:

   - early detection,
   - short response time,
   - reduction of impact,
   - recognition of liability issues,
   - analysis techniques – which are forensically safe, need to be developed
   in advance not when time is of the essence
   - Alignment of with partners



ITU-D study group 1 Q 22/1 is studying issues on: *Securing information and
communication networks: best practices for developing a culture of
Cybersecurity*



The security should be implemented without damaging the nature of the
internet, and protecting vulnerable groups



*Introduction of cybercrime and terrorism*

Traditional crime has moved online for example harassment and money
laundering however there are new forms of crime in the virtual world
including:

-          phishing, virus/malware, etc

-          Critical infrastructure threats – banking, transport, banking,
energy, government and national security

-          Terrorist use of the internet to publish ideologies, raise funds,
recruit new members



The challenges in combating cybercrime and terrorism:

-          The crime scene and who is in charge with dealing with the
threat.

-          Relevance of geographic distance

-          Investigative cost and the need to carry out real time
investigations

-          Legal framework

-          Procedural legal problems

-          Complex search and seizure laws

-          Responsibility and data

-          It complex due to numerous operators involved



*Questions and discussions*

-          Global issue – which needs coordinated effort and cooperation -
in order to avoid the development of cyber havens.



-          Action, feedback and reaction necessary in order to update
prevention mechanisms with regard to recent incidents



-          A relationship of trust important between the CERT and ISPs –ISPs
need to provide data – this should a bottom up process



-          Organisations work in an eco-system –sharing of information –
collecting statistics before, during and after an incident



-          Access (usage and querying) to the data base at the CERT should
be controlled – because of privacy issues



-          A mutual Non-Disclosure Agreement (NDA) and formal structures
should be created through a formal bottom-up process.



-          Network based crime raise issues associated with creating an
appropriate balance between the needs of those investigating and prosecuting
and rights and interests.



-          Need for coordination is a challenge to governments because of
the lack of expertise – therefore have to rely on academia and private
sector



-          The CERT should be an independent group of experts that should be
fully empowered



-          Appropriate safeguards to protect the functioning of the
organisation necessary as they give confidence and ensure business
continuity during investigation



-          New institutional models based on hybrid frameworks – for example
Sri-Lanka CERT was set up in June 2006 and involves government as well as
skilled incident handlers (http://www.slcert.gov.lk/).



-          Need for increased cooperation as cyber crime is
multi-jurisdiction issue – harmonization of enforcement processes and
legislation approach such as that of the council of Europe.



* *

*Indian CERT*

-          The internet is used for numerous activities leading to an
increase cyber attacks consequently there is a need for training on best
practices and implementation.

-          India's legislation includes computer related offences and is
currently being amended to be in line with the European cyber convention.

-          National CERT operates in partnership with Asia and pacific CERTs

-          The Indian CERT is a government lead industry initiative – that
aims at creating awareness and compliance to best practices

-          Training of law enforcement officers on analysis of computer
related crime a challenge and undertaken through PPP.

-          A secure national cyberspace – requires collaboration, research
in technologies through a bottom-up process.

-          Areas of conflicting interest need to be addressed  as cybercrime
is a global phenomenal – these areas include conflict with individual
rights, unnecessary censorship and society issues

-          Establishment of global alliances essential to ensure stability
of internet

-          Sharing to data about cyber attacks is a challenge

-          Establishment of a CERT takes time – needs to include
participation of private sector partners



The ITU has identified five pillars with regard to internet security which
include:



   1. Legal issues
   2. Technical procedural issues,  Organisational structures including
   CERTs
   3. Capacity building
   4. International cooperation



There is need for proactive approach to provide an early warning system for
example that used in the event of natural disasters as well as need for
organisation and cooperation between all stakeholders.



With regard to initiating internet security measures – start with an issue
where there is a common understanding for example child protection which was
the basis of the launch of the child line protection.



*Capacity building*

*Issues*

-          Lack of capacity in of ISPs

-          Inter-south cooperation required as challenges and infrastructure
similar

-          Retention of skilled human resources a challenge

-          Use of network operator groups for capacity building

-          Need to utilize the existing educational framework by integration
of cybersecurity into curriculum – this creates sustainability in capacity
building

-          Training should be relevant to the environment – appropriate use
of technology, cost, concentrate on getting the maximum benefit – innovation
in order to derive the maximum value will be based on training received

-          Need for collaboration platform – so as to continue sharing
information

-          Need to focus on reality on the ground



*Kind of training*

-          technical training

-          policy issues – IPv4/6



*Technical challenges*

-          operators need to be profitable – environment liberalized –
however still certain monopolized areas – international connectivity –
imbalanced competition – therefore profitability issue- cant invest in new
technologies – limited investment in training



*My comment*:  Urgent need create of culture of cybersecurity (end-users, at
organisation level and nationally) and establishment of national, regional
CERTs.



*14:30 - 16:00 Workshop 76 Neutrality Debate Important for You? (Network
Neutrality Debate: The Implications for Development) *

* *

*Technical issues*

All networks need to be managed



High broadband connectivity principles

(
http://www.tiaonline.org/gov_affairs/issues/internet_services_applications/documents/ConnectivityPrinciples.pdf
)



-          transparency

-          ability to attach any device

-          right to access any legal content

-          right to download any legal content



*Economic issues*

Net neutrality has significant micro and macro implications.  Broadband
investment influenced by the broad economic environment because of the
massive investment required

-          Regulation is viewed more beneficial in view of the current
economic crisis

-          More users create value to the platform

-          Optimal pricing structure – a possibility - may not want to
charge content providers to contribute to access

-          Mandatory net neutrality/unbundling expected to depress
investment in broadband plus may have a significant negative effect on
investment NGN.

-          Centre for European Policy Studies – research titled: "I own the
pipes, you call the tune: The net neutrality debate and its (ir) relevance
for Europe" available at http://shop.ceps.eu/BookDetail.php?item_id=1755 –
argues that the internet is not neutral – pro-neutrality rules/changes being
proposed should be evaluated

-          The analogy of the roads and vehicles was used to describe net
neutrality – the roads represent the pipes while the cars represent the
packets/traffic – which are not regulated and may be of any shape or
size.  However
there is regulation with regard to speed.

-          issue of convergence – important for users

-          internet to drive innovation and economic growth

-          activism issues are important to understand the issues

-          slowing down the traffic and packets on internet has a
consequence of slowing down the development internet



*Issues from a user perspective*

-          no consensus on the issues exists

-          Users do not necessarily want free/unlimited control – however
what they want is: what they access should not be controlled

-          They do not want to be forced to buy their store brands or
services of preferred service providers of the broadband connectivity
provider.

-          There is no value in packaging/bundling of services – rather it
is designed to sell services at a high price

-          Users question whether a free market would help as suppliers are
out to make money – there is an economic motivation to invest – which means
there is no one to look out for consumers

-          Need for establish anti trust/anti monopoly regulations

-          ISPs must be made to know that users are not willing to give up
their rights thus should develop internet usage plans that are favourable to
the users - suppliers must listen to consumers

-          Users have the power to demand what we want if only they demanded
it

-          The investment on the internet should be allowed in all areas –
core and edges without fragmenting it - networks should be built using open
interfaces - end to end principle protection is significant

-          Users want the internet to encourage innovation

-          Use of restaurant analogy where the chairs, tables and food are
outsourced

-          Users should have the ability to have access to the content they
want as long as it is connected to open interfaces

-          Users have concern on the future of the internet; content
equality and its ability to deliver content in different ways thus
encouraging local innovation



*My comment:* significance of net neutrality with reference to developing
countries was not addressed – taking into consideration that the motivation
for investment in broadband connectivity is socio-economic development thus
deployment of both local and international for example submarine cable is
being done by governments rather than the private sector.


On 12/8/08, mwende njiraini <mwende.njiraini at gmail.com> wrote:
>
> *5th December 2008*
> *930-1100 Panel Discussion Transition from IPv4 to IPv6*
> Based on several studies it is projected that IPv4 addresses will be
> globally exhausted by 2011 however address space will still be available at
> a local level. Seamless take up of IPv6 is expected with the exhaustion of
> IPv4 and there is on going discussion – to define policy to facilitate
> smooth transition for operators and ensure that new comers have minimum IPv6
> address space allocation to start up business.
>
> The following issues were discussed from different perspectives:
>
> *Issues from operators' perspective*:
> - Deployment of IPv6 enabled equipment in the core networks should be done
> increment – however uptake is low because there is no extra revenue
> generated with the implementation of IPv6 i.e. the lack of commercial
> drivers. However this is expected to change with the as customer numbers
> grow.
>
> - Need for upgrade – therefore operators from developed countries stand at
> an advantage as they have the resources and are nearly exhausted their local
> allocations.
>
> - Getting operational experience is a challenge – there is need to invest
> in operational tools to run IPv6 in terms of software configuration
> utilities management and trouble shooting
>
> - Participation in standardization – where users have equipment that
> supports only IPv4 – how do they access services that are available only on
> IPv6-based networks? The IETF is working on the transition mechanisms
> however the co-existence of both protocols is expected for a long time
>
> - Operators are pushing for IPv6 support in customer premise equipment
> (CPE) as well as software that supports the new protocol version. However it
> is expected that legacy applications will be available in the foreseeable
> future
>
> *Issues from a vendor perspective*
> - Transition has been going on for some time in the vendor world. The
> transition has been a long process for vendors and operators – in terms of
> getting the technology and standards ready
>
> - As IP is the core of the internet – transition to ipv6 – is significant
> particularly with the increase of IPv6 enabled devices connected to the
> internet specifically mobile phones
>
> - need to understand technology and therefore need for operational and
> implementation experience
>
> - managing customer demand/expectations for IPv6 enabled services and
> devices
>
> - cost of staff training
>
> - there are mistakes that will be made – therefore need for mutual support
> in the implementation of v6
>
> *Social and economic perspectives*-
> - Transition should be cooperative endeavour with social and economic and
> policy considerations
>
> - Gradual implementation and interoperability between IPv4 and v6 expected
> so as to preserve the investment already made
>
> - There is a general understanding that IPv6 will compliment and supplement
> the existing IPv4 as well as provide improved routing, multicasting,
> efficient infrastructure. The following questions however arise:
>
> o The advantages that IPv6 offer are good reasons to invest in the new IP
> version.
> o Would transition be transparent and would backward compatibility required
>
> - Users want the stability of the internet to be maintained and hope that
> IPv6 will offer opportunities for addition to personality features on the
> internet – this is what makes the business case
>
> - In the India case there are a large number of service providers – and
> there is only a 1/8 usage – therefore demand is low – the need to enhance
> cultural diversity however provides opportunities to create demand through
> local content development including E-government programme and Info-tainment
>
> - It is important to break the myth that IPv6 is a new internet - It is not
> a new internet rather continuation of the internet
>
> - The main benefit is the address space addition- which may allow for
> efficiency
>
> - There is no need to establish a deadline or regulate the implementation
> of IPv6 – as it will be market driven. Additionally users should have rights
> to use IPv4 and IETF is working on coexistence
>
> *Policy perspective*
> - With the impending exhaustion of IPv4 – further implementation will be
> problematic – as not all players will support transition therefore it is
> important to examine measures – for continued use of IPv4 and possible
> migration of users to private IPv4 address space
>
> - creation of action plan to be implemented by 2010 – for example offering
> of incentives such as tax exemption and capacity building
>
> - examination of existing programmes and mechanisms
>
> - establishment of taskforce of IPv4 exhaustion
>
> - the messages of ISPs is that they must carry IPv6
>
> - IPv4 scarcity and demand for more security are the 2 major challenges
> driving the uptake of IPv6
>
> - Institution of market transfer or reclamation mechanisms of IPv4
> resources not required by local internet registries to the regional internet
> registries when transition to IPv6 is implemented. However this would be a
> challenge as RIRs have no contractual authority this may create a grey
> market. This challenge may be overcome through a loose membership
> association that allows others to use others resources
>
> - Institution of secure routing objects including PKI to authenticate users
> raises governance/control issues – RIRs have centralized control which may
> make it efficient and better able to address security issues this makes an
> RIR an central governance institution. Membership of security/government
> associations in the RIR would result in infiltration of technical, policy
> agendas that may make the transition to IPv6 complicated
>
> - However it is argued that RIRs should remain neutral and trans-national
> institutions which:
> o maintain a homogenous technical group
> o maintain a bottom-up approach in policy making
> o guarantee the stability of the internet and business continuity of
> members
>
> - main challenges in the deployment of IPv6 include:
> o lack of public education, information and skill
> o limited network policy decisions to make deployment happen
> o lack of incentive to deploy ipv6
>
> *1100-1230 Workshop 59:Building a global capacity building curriculum
> framework and premier*
>
> - Integration of IG capacity building in existing ICT and public policy
> courses was advocated.
>
> - The training may be offered either online, offline or through short term
> executive courses.
>
> - Collaboration between different stakeholders who have different needs is
> imperative in order create an understanding of the issues arising from
> increased used of the internet particularly those that transcend the
> geographical, and cultural borders.
>
> - internet security awareness programme set up in India
>
> - Presentations on the Diplo IG capacity building programme (
> www.diplomacy.edu/ig) – including a demonstration of the online platform.
>
> - The Diplo approach includes the training course (foundation and
> advanced), policy research, policy immersion and community interaction.
>
> - The impact associated with the IG capacity building programme have been
> varied and impressive including the establishment of IG governance masters
> programme in Srilanka and the use of telecentres to disseminate IG related
> information.
>
> - Diplo has successfully offered the training to professional worldwide for
> the last 4 years leading to the establishment of national, regional and
> global community
>
> *1400-1530 Workshop 29: Building confidence and security in the use and
> security in the use of ICTs for African countries
>
> *Main challenges in Africa
> - lack of infrastructure
> - lack of services
>
> Therefore opportunity to learn from mistakes in developing countries and
> establish of computer emergency response team currently there is only one
> active CERT in Africa in Tunisia, South Africa is in the process of setting
> up a CERT with the deadline of 2010 before the FIFA world cup. While
> countries such as Morocco, Kenya and Ivory Coast are thinking about set in
> up CERTs.
>
> The approach in dealing with Cybersecurity in developing countries
>
> Success of Cybersecurity is based on 3pillars
>
> 1. *Technology pillar* – ICT/security tools –including:
> o PCs / networks, physical security tools, data tools (storage media and
> cryptography), availability of infrastructure and application (redundant
> servers and PKI)
>
> 2. *Methodology pillar* – policy, procedures and regulations on three
> levels:
> o managerial level (security policy, management procedures and capacity
> building, audit) Legislative level (law and regulation)
> o operational level (acces control rules, implementation plans, monitoring,
> watch, incidence handling)
> o continuity of services level ( business continuity plan, crisis
> management, drill exercises)
> - actors in this pillar include the government, security professionals and
> users
>
> 3. *Social behaviour pillar* – creating a culture of cyber security
> o cultivate culture of cyber security through continuous action of raising
> awareness using diverse media/channels
> o the target audience includes managers, decision makers, security,
> children, parents, teachers
>
>
> *Case study: CERT-TCC - Tunisia*
>
> *The functions of the CERT include*:
>
> - Watch- collect information from different sources eg CISCO, HP.
> Microsoft, network of CERTs, community of hackers
> - Training
> - Coordination
> - Response
> - Incidence handling
> - Incident analysis
> - Awareness
> - Warning alert
>
> *Key issues*:
>
> • Information, warning and alert – carried out to in collaboration with
> ISPs, managers decision makers, internet community through mailing list,
> call centre, media
>
> • Oriented campaign – utilizing prospectus, posters, email, radio,
> cartoons, video, attack simulation and guides
>
> • Incident handling - training in new tools
>
> • Coordination important in the effective functioning of the CERT –
> incident coordination procedures and information including regional CERTs,
> other CERTs within the country (for example Brazil has more than one CERT),
> ISPs and operators, vendors and integrators, and national authorities.
>
> Need for the formation of CERTs in Africa however the challenges of lack of
> "know how" in IT security need to be overcome through:
> - capacity building
> - encouragement of the development of national solutions based on open
> source components
> - improved R&D capabilities and making it more responsive to urgent needs
> - encouraging academic research in the important topics of security
> (cryptography, methodologies…)
>
> *The following questions and comments were raised*:
>
> - the need for social engineering through the creation of a culture of
> cyber security to be addressed specifically because of the increased
> requirements by government to obligate to provide subscriber identification
> information
>
> - how can African countries start up a cert- through collaboration for
> example with existing CERTs
>
> - in establishing a culture of cybersecurity – consideration should be
> given to the fact that there are different social cultures in different
> countries however there is consensus on issues such as child pornography,
> identity theft
>
> - how can a regional approach be developed where there are differences in
> level of ICT infrastructure and use of infrastructure in the delivery of
> services, what tools can be used to encourage decision makers to be involved
> in the issues of cyber security?
>
> o It was recognised that funding and expertise was required for example
> AFDB, World Bank and Islamic Bank while ITU have regional workshops on cyber
> security
>
> o As African countries build on infrastructure and services – there is an
> opportunity to learn from those that have already developed CERTs.
>
> - How does the CERT monitor traffic: with the collaboration of ISP and
> operators as well as supporting legislation
>
> - Regulators need to advice the government to use ICT in development – this
> is a manifestation of government commitment
>
> - The role of policy making was emphasized – as it provides government
> commitment to using ICT for social economic development and governance and
> consequently support for cyber security initiatives – including the
> formulation of legislation.
>
> - There should not use a piece meal approach to cyber security to prevent
> ineffectiveness for example Mauritius has electronic transaction act but PKI
> not yet established
>
>
>
> On 12/5/08, mwende njiraini <mwende.njiraini at gmail.com> wrote:
>>
>> Following our recent online discussions on Internet governance issues in
>> Kenya, the Kenya IGF and East African IGF; you may wish to follow the
>> discussion currently ongoing at the global IGF 2008 in Hyderabad India at
>> http://www.intgovforum.org.
>>
>> Below are highlights from workshops I attended on Day 1  December 3rd):
>>  *0930-1100 hrs Workshop 43: Legal aspects of governance critical
>> internet Policy issues of public relevance*
>> *1st presentation*
>> The issues on that have legal implications include:
>> • internet security intellectual property rights, infringement, privacy
>> and protection mechanisms
>> • IP domain name protection, conflicts arising out of data and content
>> ownership privacy therefore increasing role of P2P in growth of internet 2
>> • Consumer status and rights in relation to e-commerce cross border and
>> domestic online trade
>> • Telecom issue viz backbone deployment and interconnection costs
>> • Freedom of expression – the extent of censorship and control on online
>> content
>>
>> There is need for capacity building to create meaningful participation of
>> individual and SMEs as well as increasing connectivity through building IXPs
>> and local content development
>>
>> The question was raised as to whether there a need of alternative
>> institutional mechanism.
>> The salient features of the MOU between ICANN and the department of
>> commerce (DoC) include:
>> - The affirmation of the role of private sector leadership
>> - The role of DoC in ensuring transparency and accountability and
>> effective GAC participation
>> - Ensure accountability and publish by-laws and strategic and operational
>> plans
>> - Agreement can be terminated in 120 days
>>
>> The MOU has been criticized because of the following reasons:
>> - US governmental control on root server administration
>> - Inconsistent with WSIS principle where no single government should have
>> a pre-eminent role
>> - Domain name allocation policies need better development
>> - IPv4 address allocation have been imbalanced need to ensure IPv6 address
>> allocation does not suffer the same effects -This assertion was however
>> refuted as IP addresses allocation based on need. The need for prudent
>> management and keeping barriers low for the transition to IPv6 was
>> emphasised.
>>
>> To overcome this WGIG proposed 4 models:
>> - Global policy council
>> - Intenational internet council with leading government role to fulfil the
>> ICANN/IANA functions
>> - GAC to be strengthened with enhanced coordination function
>> - Replace US govt role by general internet council or with world ICANN (in
>> lieu of GAC)
>>
>> The common features of these models were the overwhelming government lead
>> and the presupposition of the possibility of international treaties. During
>> the discussion the viability of these models was questioned given that speed
>> is of essence in the management of internet resources. It normally takes a
>> long time to negotiate international agreements; including treaties instead
>> a set of principles should be endorsed.
>>
>> The speaker recommended on the management of critical internet
>> infrastructure should take into consideration the following
>> • Treatment of technical resources of the internet and global economic,
>> social and legal aspects arising out the internet should be at par
>> • The development and implementation of polices and standards and
>> solutions to various internet issues should be done in a coordinated manner
>> for example telecommunication standard development is done in a hierarchical
>> and predictable way.
>> • New structure would be a supreme authority over internet
>>
>> In conclusion the speaker asked: Does the internet as we know it need to
>> be altered radically? Should the status quo be maintained? Should a Red
>> Cross model of recognition by international community states be given to an
>> international entity like ITU, INTELSAT. However fundamental change is not
>> necessary as failure has not been identified.
>>
>> *My comment*: this presentation was descriptive and despite the fact that
>> an alternative model was proposed the principles, mechanisms that would need
>> to be put in place in order to make it work were not discussed
>>
>> *2nd presentation*
>> The next speaker spoke about the ccTLDs in latin Amercia which are broadly
>> organised into two main groups: non-governmental and governmental
>> organisations. A contribution from the floor however clarified that the
>> Brazilian ccTLD is a multi-stakeholder – coordinated by government – but on
>> a day by day basis operates as a non-governmental organisation. The Indian
>> ccTLD is managed by government and private sector – sovereign interest taken
>> care of through government representation.
>>
>> The rules and regulations under which the institutions that manage the
>> ccTLDs are managed determinate legal framework under which they operate.
>> Consequently ccTLDs are regulated under national law while ICANN regulates
>> gTLDs – The possibility of self regulation is based on the assumption that
>> private sector would act in the public interest.
>>
>> In the discussions some felt that there was need for increased attention
>> of government in the management of ccTLDs – as it was critical
>> infrastructure while on the other hand other felt that there was the risk of
>> excessive regulation with increased involvement of government.
>>
>>  *1130 -1200 hrs Workshop 36: Strategies to prevent and fight child
>> pornography in developing countries*
>> Child pornography in Brazil has grown out of the popularity of social
>> networking. However the main challenge has been issues related to
>> jurisdiction as content is resident in ISP based in the USA and
>> trans-national ISPs like Yahoo, Microsoft and Google which have branches in
>> strategic markets and have tailored the services for these markets in terms
>> of language and content.
>>
>> Brazil was therefore unable to deal with serious offences related to
>> content – specifically child pornography - committed by Brazilians using
>> Brazilian IP addresses. The government has been able to sign an agreement
>> with Google to fight child pornography on Google's orkut social network.
>>
>> The following are consideration taken in drawing up the agreement
>> 1. Which criteria should be used to define the ability of a particular
>> country to legislate over and sanction conducts committed on the internet?
>> - Where the data is located?
>> - International law principles (territoriality or nationality) shall be
>> used to define the sovereignty of a state regarding – cyber space – which is
>> a network of networks
>> - Define some reasonable standard – for example managed by Brazilians and
>> is local content and local language
>> - Access points in Brazil, harmful conduct felt in the country – taken
>> obligation under international law to take offence – country of origin
>> approach would force thousands of users to unfamiliar rules and travel –
>> offence under human rights therefore apply local legislation
>>
>> 2. It is legitimate to enforce the conduct of local office –as it
>> impracticable to send legal request to the US.
>>
>>
>> New tools have been implement that have reduced number of images uploaded
>> and increase in number of reported cases- subject to investigation. It was
>> inspiring to listen to parliamentarian talk about the need to have
>> legislators engaged in the process as they ultimately pass the laws. I
>> appreciated the fact that in there is great cooperation between the
>> parliament, government, police, civil society and private sector.
>>
>> The main challenges are:
>> • Lack of awareness and participation by parliamentarians who are critical
>> in the formulation of legislation
>> • how to obligate ISPs to provide information without infringing on
>> freedom of expression and privacy,
>> • what criteria should be used to deal with these offences
>> • the creation of awareness of ISPs in developing countries of the need
>> for judicial cooperation as well as social initiatives to deal with cyber
>> crime.
>> • Insufficient infrastructure to deal with this issue – law enforcement
>> does not have the human resources and technology
>> • Material produced to fight child pornography are not evaluated – they
>> should be inline with the demand
>>
>> *My comment*: I would have like to know if initiatives have reduced
>> offences, what is the success rate registered in prosecution, ability of the
>> law enforcement and judicial system to deal with offences. There was no
>> mention of where initiatives had been launched to fight child pornography on
>> the financial front.
>>
>>
>> *1530-1700 Workshop 45: Opening to diversity and competition of the DNS
>> system*
>>
>>
>>
>> There were 3 presentations in this session:
>>
>>
>> - *1st presentation* - alternate DNS system used in library systems
>>
>>
>> - *2nd presentation* - implementation of security in the Handle system
>>
>>
>> - *3rd presentation –* discussed the Net4D
>>
>>
>>
>> Net4D- provides the technical solution to the political concern on the
>> control of root servers. Net4D networks enable the following:
>>
>> • Empower the second generation of the web: the semantic web.
>>
>> • Multi-stakeholder governance of DNS
>>
>> • Net4D classes should be open and interoperable
>>
>> DNS 1.0 – was a monopoly of ICANN web 1.0 html with USA parentage and
>> English only while DNS 2.0 is open allowing for competition including inter
>> alia:
>>
>> • Net4D semantic web
>>
>> • Open coherent approach to linguistic diversity
>>
>> • Allow technological innovation with value added services
>>
>>
>>
>> Concern was however raised on the:
>>
>> • Investment/implementation cost required to implementation of different
>> DNS systems depending on the BIND implemented and root servers enabled
>>
>> • relinquishing of the political control of root servers
>>
>> • Value to end users
>>
>> • Awareness and understanding of the issues by different stakeholders
>> necessary – delivered in a way that they can understand
>>
>>
>>
>> *My comment*: the session was technical – I hope the techies on the
>> mailing list can help us understand the governance issues associated with
>> the introduction of DNS competition and the impact on developing countries
>> :)!
>>
>>
>>
>> Kind regards
>>
>> mwende
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20081210/4a5757b6/attachment.htm>


More information about the KICTANet mailing list