[kictanet] IGF 2008 Highlights - Day 4
mwende njiraini
mwende.njiraini at gmail.com
Wed Dec 10 11:54:39 EAT 2008
*Day 4: 6th December 2008*
*Theme: Emerging Issues*
* *
*09:00 - 10:30 Workshop 84: The role and mandate of the IGF*
* *
*Main success of IGF*
- Success of multi-stakeholder forum that provides a informal and
flexible structure for engagement.
- Regional and national meetings such as the Kenya IGF, UK IGF and EAIGF
are creating more opportunities for exchange of information, focus on
development and issues in the governance realm. These meetings should be
fostered.
- Capacity building at an individual and national level
- Sharing of best practices
- Enabled participation on the demand side
- Multilingualism – local language use extends access
- Human rights advocacy– formation of the global network initiative (GNI)
- Formation of the multi-stakeholder advisory group (MAG) that is dynamic
and flexible
- Discussion of issues relating to the environment and sustainability
- Avenue for information sharing between different regions
*Criticisms of the IGF*
· Idea of IGF developed by the civil society – the forum when
established would not issue recommendations or guidelines (not a policy
conference) – consequently maintaining the status quo – this however is not
what the civil society had bargained for.
· The forum has not provided an equal footing of civil society
participants with government and business
· The GNI is not a multi-stakeholder in nature as governments do not
buy into its outputs
· Meaningful change is required in the MAG and secretariat – the MAG
should be more representative and accountable – representatives should be
nominated, while the secretariat should be accountable to the MAG
· The IGF should develop policy proposals as well as briefing
material to facilitators
· The plenary sessions are a waste of time – instead small group
discussions on specific issues should be organised to make policy
proposals/recommendations to the MAG for formalization.
· Recommendations approved by the MAG (which is representative of
all stakeholders)
· There is a need for a re-look of the mandate of the IGF as given
by the Working Group on Internet Governance (WGIG)
· Format of the IGF needs to be changed to increase interactive
between the audience and panel – sitting arrangements should be changed
· Remote participation and documentation needs to be improved
· Need for discussion on cross cutting theme of development
including issues such as
o Migration to digital technologies
o Frequency licensing/frequency policy
o Creating access
· The phrase workshop is a misnomer
· Need for a feedback mechanism
*Challenges*
- Continued support and funding – should be provided by all stakeholders
- Avoid capture by one stakeholder group
- Capacity building for new attendees and creation of advanced sessions
for more experienced participants
*1030 -1300 Diplo Session: IGF'08 Negotiation Simulation*
Facilitated by Ambassador Kishan S Rana and Dr. Jovan Kurbalija
*Importance... *
* *
*Objectives*
Issues of conflict
Common interest
Cannot be solved unilaterally
Commitment to issue
Willingness to compromise
Goal – concede to what you want and
* *
*Concepts*
* *
- *ZOPA* – zone of possible agreement - range within which agreement
possible
- *BATNA*– best alternative to a negotiated agreement – threshold below
which one will not go not worthwhile
- *Win-sets* same as zopa
- *Ripe moment* – in a complex negotiation – time when negotiation can be
concluded – time when there is a meeting of minds –
Negotiations* *implicitly involves trust
*Stages*
- preparation
- negotiation
- pre-negotiation
- follow
*Harvard method principle negotiation *
- project of negotiation power – Harvard university – whole range
of negotiations – Books recommended "Getting to yes: Negotiating Agreement
Without Giving In" by Roger Fisher and William L. Ury and "Getting past
no"
* *
*Four cardinal principles of negotiation *
- separate people from the problem – don't personalize an issue –
build trust – never be caught telling a lie – someone should not push you to
a corner
- behind adversarial position may lie common interest e.g. in the
case of the IGF – building a secure internet
- trying to share pie -only looks to one dimension - search
options – creativity encouraged - common search to secure agreement
- look to criteria that may offer solution
*Meetings and chairmanship*
- preparation – training everyone on how to chair a meeting for
example after the Chec republic Slovakia republic chairman ship of the
European
- every meeting has core group that runs the show – observe the
body language
- observe and identify them
- you want to join that core group gradually
- study body language dynamics listen
- join drafting group learn the rules procedure and how to
manipulate draft
- chair must constantly monitor mood meeting
- chair – authority and tact – should not offend but more move
along
- anticipate problems before they arise observe
- invest in relationships win trust esp of key problems = main
capital gained
- master the show
*Questions/Discussions*
- How do you separate people from the problem? – try create a
relationship through common interest e.g. music – make it clear that you
don't agree – don't take it personality – if you don't agree don't retaliate
personality – junior members of a delegation are invaluable in negotiations
– "float a balloon" – because they don't speak with authority.
- Negotiations largely take place in the corridors and during coffee –
its important to realize when negotiations are a formality – however each
case is unique – realize when you are at the end of the road.
- What happens when there is a stronger party in the negotiation process?
– Weakness and power are in the eye of the beholder – 'sufficient incentive'
–for small country apply leverage in a negotiation – the example of the
treaty between Mauritius and India on Foreign Direct Investment (FDI)
- How are cultural differences managed during negotiations?
- Cultural differences always exist, however negotiations utilise a
common language – English – Translation of negotiations in different
languages may be available – however the English text is considered the
authoritative version/definitive text/principle text.
- It is important to master the English language as an adjunct to your
skills – for example be involved in the drafting group
- There is usually an established common code of conduct during
negotiations.
- Chairmanship is a skill that is learnt – the chair has to be a member
of the group.
* *
*Simulation Exercise on Internet Governance *
Objective – reaching a zone of possible agreement (ZOPA) between the USA,
G77, India, China, Russia, the Business Community and Civil society before
2011 on key IG issues including:
- *The form/name of document *
- Press communiqué
- Chairman's statement
- Declaration of principles
- Code of practice
- Operational declaration
- Framework convention
- Substantive convention
- Formal treaty
- *Net neutrality*
- Single internet
- Mixed system
- Regular internet as public facility
- Private internet
- Multiple internet (no regulation; market driven)
- *Cyber security*
- Bilateral
- G8 framework
- G20 framework
- Regional
- Global
- *Jurisdiction/dispute resolution *
- Regular courts
- Public arbitrations
- Private arbitrations
- *Content policy *
- National
- Regional
- Global
*Main lesson learnt*: it is important to bargain/trade-off in order to reach
the ZOPA otherwise a negotiation that is not concluded could mean a win to
another participant.
*Closing ceremony*
Transcript available at http://igf.wgig.org/cms/index.php/hyderabadprogramme
On 12/10/08, mwende njiraini <mwende.njiraini at gmail.com> wrote:
>
> *Day 2: 4th December 2008*
>
> * *
>
> *Theme: Promoting Cybersecurity and Trust *
>
> * *
>
> *0930-1100 Panel discussions: Dimensions of Cybersecurity and Cybercrime*
>
> The internet was not originally designed with security features however
> with increased use of the internet security considerations arise.
>
>
>
> It is important to recognize regional, local and cultural issues that may
> affect cyber security and develop a relationship of trust in order to
> develop a framework that determines - what happens in a crisis, how to
> engage in law enforcement. This is important as security issues need to
> be addressed before there is a crisis and should be done at all levels.
>
>
>
> *Computer Emergency Response Team*
>
> * *
>
> The use of the Computer Emergency Response Team (CERT) at a regional and
> national level based on the framework developed by the Carnegie Mellon
> University (www.cert.org) as follows:
>
>
>
> 1. *Organisational *
>
> At an organisational level there should be a person responsible for
> security – the response to security threats need to be formalized – that is
> organizational incident response should be formalized.
>
>
>
> 1. *National*
>
> Formation of national CERT is necessary but not sufficient. Channels for
> relaying of information, mitigating threats need to be organised and tested
> on a regular basis. The national CERT should work with regional CERT as
> well as have links with law enforcement organisations.
>
> There is need for development of a strategy as well as testing of the
> system. Any incidents should be reviewed.
>
>
>
> The goals of CERT should include:
>
> - early detection,
> - short response time,
> - reduction of impact,
> - recognition of liability issues,
> - analysis techniques – which are forensically safe, need to be
> developed in advance not when time is of the essence
> - Alignment of with partners
>
>
>
> ITU-D study group 1 Q 22/1 is studying issues on: *Securing information
> and communication networks: best practices for developing a culture of
> Cybersecurity*
>
>
>
> The security should be implemented without damaging the nature of the
> internet, and protecting vulnerable groups
>
>
>
> *Introduction of cybercrime and terrorism*
>
> Traditional crime has moved online for example harassment and money
> laundering however there are new forms of crime in the virtual world
> including:
>
> - phishing, virus/malware, etc
>
> - Critical infrastructure threats – banking, transport, banking,
> energy, government and national security
>
> - Terrorist use of the internet to publish ideologies, raise
> funds, recruit new members
>
>
>
> The challenges in combating cybercrime and terrorism:
>
> - The crime scene and who is in charge with dealing with the
> threat.
>
> - Relevance of geographic distance
>
> - Investigative cost and the need to carry out real time
> investigations
>
> - Legal framework
>
> - Procedural legal problems
>
> - Complex search and seizure laws
>
> - Responsibility and data
>
> - It complex due to numerous operators involved
>
>
>
> *Questions and discussions*
>
> - Global issue – which needs coordinated effort and cooperation -
> in order to avoid the development of cyber havens.
>
>
>
> - Action, feedback and reaction necessary in order to update
> prevention mechanisms with regard to recent incidents
>
>
>
> - A relationship of trust important between the CERT and ISPs
> –ISPs need to provide data – this should a bottom up process
>
>
>
> - Organisations work in an eco-system –sharing of information –
> collecting statistics before, during and after an incident
>
>
>
> - Access (usage and querying) to the data base at the CERT should
> be controlled – because of privacy issues
>
>
>
> - A mutual Non-Disclosure Agreement (NDA) and formal structures
> should be created through a formal bottom-up process.
>
>
>
> - Network based crime raise issues associated with creating an
> appropriate balance between the needs of those investigating and prosecuting
> and rights and interests.
>
>
>
> - Need for coordination is a challenge to governments because of
> the lack of expertise – therefore have to rely on academia and private
> sector
>
>
>
> - The CERT should be an independent group of experts that should
> be fully empowered
>
>
>
> - Appropriate safeguards to protect the functioning of the
> organisation necessary as they give confidence and ensure business
> continuity during investigation
>
>
>
> - New institutional models based on hybrid frameworks – for
> example Sri-Lanka CERT was set up in June 2006 and involves government as
> well as skilled incident handlers (http://www.slcert.gov.lk/).
>
>
>
> - Need for increased cooperation as cyber crime is
> multi-jurisdiction issue – harmonization of enforcement processes and
> legislation approach such as that of the council of Europe.
>
>
>
> * *
>
> *Indian CERT*
>
> - The internet is used for numerous activities leading to an
> increase cyber attacks consequently there is a need for training on best
> practices and implementation.
>
> - India's legislation includes computer related offences and is
> currently being amended to be in line with the European cyber convention.
>
> - National CERT operates in partnership with Asia and pacific
> CERTs
>
> - The Indian CERT is a government lead industry initiative – that
> aims at creating awareness and compliance to best practices
>
> - Training of law enforcement officers on analysis of computer
> related crime a challenge and undertaken through PPP.
>
> - A secure national cyberspace – requires collaboration, research
> in technologies through a bottom-up process.
>
> - Areas of conflicting interest need to be addressed as
> cybercrime is a global phenomenal – these areas include conflict with
> individual rights, unnecessary censorship and society issues
>
> - Establishment of global alliances essential to ensure stability
> of internet
>
> - Sharing to data about cyber attacks is a challenge
>
> - Establishment of a CERT takes time – needs to include
> participation of private sector partners
>
>
>
> The ITU has identified five pillars with regard to internet security which
> include:
>
>
>
> 1. Legal issues
> 2. Technical procedural issues, Organisational structures including
> CERTs
> 3. Capacity building
> 4. International cooperation
>
>
>
> There is need for proactive approach to provide an early warning system for
> example that used in the event of natural disasters as well as need for
> organisation and cooperation between all stakeholders.
>
>
>
> With regard to initiating internet security measures – start with an issue
> where there is a common understanding for example child protection which was
> the basis of the launch of the child line protection.
>
>
>
> *Capacity building*
>
> *Issues*
>
> - Lack of capacity in of ISPs
>
> - Inter-south cooperation required as challenges and
> infrastructure similar
>
> - Retention of skilled human resources a challenge
>
> - Use of network operator groups for capacity building
>
> - Need to utilize the existing educational framework by
> integration of cybersecurity into curriculum – this creates sustainability
> in capacity building
>
> - Training should be relevant to the environment – appropriate
> use of technology, cost, concentrate on getting the maximum benefit –
> innovation in order to derive the maximum value will be based on training
> received
>
> - Need for collaboration platform – so as to continue sharing
> information
>
> - Need to focus on reality on the ground
>
>
>
> *Kind of training*
>
> - technical training
>
> - policy issues – IPv4/6
>
>
>
> *Technical challenges*
>
> - operators need to be profitable – environment liberalized –
> however still certain monopolized areas – international connectivity –
> imbalanced competition – therefore profitability issue- cant invest in new
> technologies – limited investment in training
>
>
>
> *My comment*: Urgent need create of culture of cybersecurity (end-users,
> at organisation level and nationally) and establishment of national,
> regional CERTs.
>
>
>
> *14:30 - 16:00 Workshop 76 Neutrality Debate Important for You? (Network
> Neutrality Debate: The Implications for Development) *
>
> * *
>
> *Technical issues*
>
> All networks need to be managed
>
>
>
> High broadband connectivity principles
>
> (
> http://www.tiaonline.org/gov_affairs/issues/internet_services_applications/documents/ConnectivityPrinciples.pdf
> )
>
>
>
> - transparency
>
> - ability to attach any device
>
> - right to access any legal content
>
> - right to download any legal content
>
>
>
> *Economic issues*
>
> Net neutrality has significant micro and macro implications. Broadband
> investment influenced by the broad economic environment because of the
> massive investment required
>
> - Regulation is viewed more beneficial in view of the current
> economic crisis
>
> - More users create value to the platform
>
> - Optimal pricing structure – a possibility - may not want to
> charge content providers to contribute to access
>
> - Mandatory net neutrality/unbundling expected to depress
> investment in broadband plus may have a significant negative effect on
> investment NGN.
>
> - Centre for European Policy Studies – research titled: "I own
> the pipes, you call the tune: The net neutrality debate and its (ir)
> relevance for Europe" available at
> http://shop.ceps.eu/BookDetail.php?item_id=1755 – argues that the internet
> is not neutral – pro-neutrality rules/changes being proposed should be
> evaluated
>
> - The analogy of the roads and vehicles was used to describe net
> neutrality – the roads represent the pipes while the cars represent the
> packets/traffic – which are not regulated and may be of any shape or size.
> However there is regulation with regard to speed.
>
> - issue of convergence – important for users
>
> - internet to drive innovation and economic growth
>
> - activism issues are important to understand the issues
>
> - slowing down the traffic and packets on internet has a
> consequence of slowing down the development internet
>
>
>
> *Issues from a user perspective*
>
> - no consensus on the issues exists
>
> - Users do not necessarily want free/unlimited control – however
> what they want is: what they access should not be controlled
>
> - They do not want to be forced to buy their store brands or
> services of preferred service providers of the broadband connectivity
> provider.
>
> - There is no value in packaging/bundling of services – rather it
> is designed to sell services at a high price
>
> - Users question whether a free market would help as suppliers
> are out to make money – there is an economic motivation to invest – which
> means there is no one to look out for consumers
>
> - Need for establish anti trust/anti monopoly regulations
>
> - ISPs must be made to know that users are not willing to give up
> their rights thus should develop internet usage plans that are favourable to
> the users - suppliers must listen to consumers
>
> - Users have the power to demand what we want if only they
> demanded it
>
> - The investment on the internet should be allowed in all areas –
> core and edges without fragmenting it - networks should be built using open
> interfaces - end to end principle protection is significant
>
> - Users want the internet to encourage innovation
>
> - Use of restaurant analogy where the chairs, tables and food are
> outsourced
>
> - Users should have the ability to have access to the content
> they want as long as it is connected to open interfaces
>
> - Users have concern on the future of the internet; content
> equality and its ability to deliver content in different ways thus
> encouraging local innovation
>
>
>
> *My comment:* significance of net neutrality with reference to developing
> countries was not addressed – taking into consideration that the motivation
> for investment in broadband connectivity is socio-economic development thus
> deployment of both local and international for example submarine cable is
> being done by governments rather than the private sector.
>
>
> On 12/8/08, mwende njiraini <mwende.njiraini at gmail.com> wrote:
>>
>> *5th December 2008*
>> *930-1100 Panel Discussion Transition from IPv4 to IPv6*
>> Based on several studies it is projected that IPv4 addresses will be
>> globally exhausted by 2011 however address space will still be available at
>> a local level. Seamless take up of IPv6 is expected with the exhaustion of
>> IPv4 and there is on going discussion – to define policy to facilitate
>> smooth transition for operators and ensure that new comers have minimum IPv6
>> address space allocation to start up business.
>>
>> The following issues were discussed from different perspectives:
>>
>> *Issues from operators' perspective*:
>> - Deployment of IPv6 enabled equipment in the core networks should be done
>> increment – however uptake is low because there is no extra revenue
>> generated with the implementation of IPv6 i.e. the lack of commercial
>> drivers. However this is expected to change with the as customer numbers
>> grow.
>>
>> - Need for upgrade – therefore operators from developed countries stand at
>> an advantage as they have the resources and are nearly exhausted their local
>> allocations.
>>
>> - Getting operational experience is a challenge – there is need to invest
>> in operational tools to run IPv6 in terms of software configuration
>> utilities management and trouble shooting
>>
>> - Participation in standardization – where users have equipment that
>> supports only IPv4 – how do they access services that are available only on
>> IPv6-based networks? The IETF is working on the transition mechanisms
>> however the co-existence of both protocols is expected for a long time
>>
>> - Operators are pushing for IPv6 support in customer premise equipment
>> (CPE) as well as software that supports the new protocol version. However it
>> is expected that legacy applications will be available in the foreseeable
>> future
>>
>> *Issues from a vendor perspective*
>> - Transition has been going on for some time in the vendor world. The
>> transition has been a long process for vendors and operators – in terms of
>> getting the technology and standards ready
>>
>> - As IP is the core of the internet – transition to ipv6 – is significant
>> particularly with the increase of IPv6 enabled devices connected to the
>> internet specifically mobile phones
>>
>> - need to understand technology and therefore need for operational and
>> implementation experience
>>
>> - managing customer demand/expectations for IPv6 enabled services and
>> devices
>>
>> - cost of staff training
>>
>> - there are mistakes that will be made – therefore need for mutual support
>> in the implementation of v6
>>
>> *Social and economic perspectives*-
>> - Transition should be cooperative endeavour with social and economic and
>> policy considerations
>>
>> - Gradual implementation and interoperability between IPv4 and v6 expected
>> so as to preserve the investment already made
>>
>> - There is a general understanding that IPv6 will compliment and
>> supplement the existing IPv4 as well as provide improved routing,
>> multicasting, efficient infrastructure. The following questions however
>> arise:
>>
>> o The advantages that IPv6 offer are good reasons to invest in the new IP
>> version.
>> o Would transition be transparent and would backward compatibility
>> required
>>
>> - Users want the stability of the internet to be maintained and hope that
>> IPv6 will offer opportunities for addition to personality features on the
>> internet – this is what makes the business case
>>
>> - In the India case there are a large number of service providers – and
>> there is only a 1/8 usage – therefore demand is low – the need to enhance
>> cultural diversity however provides opportunities to create demand through
>> local content development including E-government programme and Info-tainment
>>
>> - It is important to break the myth that IPv6 is a new internet - It is
>> not a new internet rather continuation of the internet
>>
>> - The main benefit is the address space addition- which may allow for
>> efficiency
>>
>> - There is no need to establish a deadline or regulate the implementation
>> of IPv6 – as it will be market driven. Additionally users should have rights
>> to use IPv4 and IETF is working on coexistence
>>
>> *Policy perspective*
>> - With the impending exhaustion of IPv4 – further implementation will be
>> problematic – as not all players will support transition therefore it is
>> important to examine measures – for continued use of IPv4 and possible
>> migration of users to private IPv4 address space
>>
>> - creation of action plan to be implemented by 2010 – for example offering
>> of incentives such as tax exemption and capacity building
>>
>> - examination of existing programmes and mechanisms
>>
>> - establishment of taskforce of IPv4 exhaustion
>>
>> - the messages of ISPs is that they must carry IPv6
>>
>> - IPv4 scarcity and demand for more security are the 2 major challenges
>> driving the uptake of IPv6
>>
>> - Institution of market transfer or reclamation mechanisms of IPv4
>> resources not required by local internet registries to the regional internet
>> registries when transition to IPv6 is implemented. However this would be a
>> challenge as RIRs have no contractual authority this may create a grey
>> market. This challenge may be overcome through a loose membership
>> association that allows others to use others resources
>>
>> - Institution of secure routing objects including PKI to authenticate
>> users raises governance/control issues – RIRs have centralized control which
>> may make it efficient and better able to address security issues this makes
>> an RIR an central governance institution. Membership of security/government
>> associations in the RIR would result in infiltration of technical, policy
>> agendas that may make the transition to IPv6 complicated
>>
>> - However it is argued that RIRs should remain neutral and trans-national
>> institutions which:
>> o maintain a homogenous technical group
>> o maintain a bottom-up approach in policy making
>> o guarantee the stability of the internet and business continuity of
>> members
>>
>> - main challenges in the deployment of IPv6 include:
>> o lack of public education, information and skill
>> o limited network policy decisions to make deployment happen
>> o lack of incentive to deploy ipv6
>>
>> *1100-1230 Workshop 59:Building a global capacity building curriculum
>> framework and premier*
>>
>> - Integration of IG capacity building in existing ICT and public policy
>> courses was advocated.
>>
>> - The training may be offered either online, offline or through short term
>> executive courses.
>>
>> - Collaboration between different stakeholders who have different needs is
>> imperative in order create an understanding of the issues arising from
>> increased used of the internet particularly those that transcend the
>> geographical, and cultural borders.
>>
>> - internet security awareness programme set up in India
>>
>> - Presentations on the Diplo IG capacity building programme (
>> www.diplomacy.edu/ig) – including a demonstration of the online platform.
>>
>> - The Diplo approach includes the training course (foundation and
>> advanced), policy research, policy immersion and community interaction.
>>
>> - The impact associated with the IG capacity building programme have been
>> varied and impressive including the establishment of IG governance masters
>> programme in Srilanka and the use of telecentres to disseminate IG related
>> information.
>>
>> - Diplo has successfully offered the training to professional worldwide
>> for the last 4 years leading to the establishment of national, regional and
>> global community
>>
>> *1400-1530 Workshop 29: Building confidence and security in the use and
>> security in the use of ICTs for African countries
>>
>> *Main challenges in Africa
>> - lack of infrastructure
>> - lack of services
>>
>> Therefore opportunity to learn from mistakes in developing countries and
>> establish of computer emergency response team currently there is only one
>> active CERT in Africa in Tunisia, South Africa is in the process of setting
>> up a CERT with the deadline of 2010 before the FIFA world cup. While
>> countries such as Morocco, Kenya and Ivory Coast are thinking about set in
>> up CERTs.
>>
>> The approach in dealing with Cybersecurity in developing countries
>>
>> Success of Cybersecurity is based on 3pillars
>>
>> 1. *Technology pillar* – ICT/security tools –including:
>> o PCs / networks, physical security tools, data tools (storage media and
>> cryptography), availability of infrastructure and application (redundant
>> servers and PKI)
>>
>> 2. *Methodology pillar* – policy, procedures and regulations on three
>> levels:
>> o managerial level (security policy, management procedures and capacity
>> building, audit) Legislative level (law and regulation)
>> o operational level (acces control rules, implementation plans,
>> monitoring, watch, incidence handling)
>> o continuity of services level ( business continuity plan, crisis
>> management, drill exercises)
>> - actors in this pillar include the government, security professionals and
>> users
>>
>> 3. *Social behaviour pillar* – creating a culture of cyber security
>> o cultivate culture of cyber security through continuous action of raising
>> awareness using diverse media/channels
>> o the target audience includes managers, decision makers, security,
>> children, parents, teachers
>>
>>
>> *Case study: CERT-TCC - Tunisia*
>>
>> *The functions of the CERT include*:
>>
>> - Watch- collect information from different sources eg CISCO, HP.
>> Microsoft, network of CERTs, community of hackers
>> - Training
>> - Coordination
>> - Response
>> - Incidence handling
>> - Incident analysis
>> - Awareness
>> - Warning alert
>>
>> *Key issues*:
>>
>> • Information, warning and alert – carried out to in collaboration with
>> ISPs, managers decision makers, internet community through mailing list,
>> call centre, media
>>
>> • Oriented campaign – utilizing prospectus, posters, email, radio,
>> cartoons, video, attack simulation and guides
>>
>> • Incident handling - training in new tools
>>
>> • Coordination important in the effective functioning of the CERT –
>> incident coordination procedures and information including regional CERTs,
>> other CERTs within the country (for example Brazil has more than one CERT),
>> ISPs and operators, vendors and integrators, and national authorities.
>>
>> Need for the formation of CERTs in Africa however the challenges of lack
>> of "know how" in IT security need to be overcome through:
>> - capacity building
>> - encouragement of the development of national solutions based on open
>> source components
>> - improved R&D capabilities and making it more responsive to urgent needs
>> - encouraging academic research in the important topics of security
>> (cryptography, methodologies…)
>>
>> *The following questions and comments were raised*:
>>
>> - the need for social engineering through the creation of a culture of
>> cyber security to be addressed specifically because of the increased
>> requirements by government to obligate to provide subscriber identification
>> information
>>
>> - how can African countries start up a cert- through collaboration for
>> example with existing CERTs
>>
>> - in establishing a culture of cybersecurity – consideration should be
>> given to the fact that there are different social cultures in different
>> countries however there is consensus on issues such as child pornography,
>> identity theft
>>
>> - how can a regional approach be developed where there are differences in
>> level of ICT infrastructure and use of infrastructure in the delivery of
>> services, what tools can be used to encourage decision makers to be involved
>> in the issues of cyber security?
>>
>> o It was recognised that funding and expertise was required for example
>> AFDB, World Bank and Islamic Bank while ITU have regional workshops on cyber
>> security
>>
>> o As African countries build on infrastructure and services – there is an
>> opportunity to learn from those that have already developed CERTs.
>>
>> - How does the CERT monitor traffic: with the collaboration of ISP and
>> operators as well as supporting legislation
>>
>> - Regulators need to advice the government to use ICT in development –
>> this is a manifestation of government commitment
>>
>> - The role of policy making was emphasized – as it provides government
>> commitment to using ICT for social economic development and governance and
>> consequently support for cyber security initiatives – including the
>> formulation of legislation.
>>
>> - There should not use a piece meal approach to cyber security to prevent
>> ineffectiveness for example Mauritius has electronic transaction act but PKI
>> not yet established
>>
>>
>>
>> On 12/5/08, mwende njiraini <mwende.njiraini at gmail.com> wrote:
>>>
>>> Following our recent online discussions on Internet governance issues in
>>> Kenya, the Kenya IGF and East African IGF; you may wish to follow the
>>> discussion currently ongoing at the global IGF 2008 in Hyderabad India at
>>> http://www.intgovforum.org.
>>>
>>> Below are highlights from workshops I attended on Day 1 December 3rd):
>>> *0930-1100 hrs Workshop 43: Legal aspects of governance critical
>>> internet Policy issues of public relevance*
>>> *1st presentation*
>>> The issues on that have legal implications include:
>>> • internet security intellectual property rights, infringement, privacy
>>> and protection mechanisms
>>> • IP domain name protection, conflicts arising out of data and content
>>> ownership privacy therefore increasing role of P2P in growth of internet 2
>>> • Consumer status and rights in relation to e-commerce cross border and
>>> domestic online trade
>>> • Telecom issue viz backbone deployment and interconnection costs
>>> • Freedom of expression – the extent of censorship and control on online
>>> content
>>>
>>> There is need for capacity building to create meaningful participation of
>>> individual and SMEs as well as increasing connectivity through building IXPs
>>> and local content development
>>>
>>> The question was raised as to whether there a need of alternative
>>> institutional mechanism.
>>> The salient features of the MOU between ICANN and the department of
>>> commerce (DoC) include:
>>> - The affirmation of the role of private sector leadership
>>> - The role of DoC in ensuring transparency and accountability and
>>> effective GAC participation
>>> - Ensure accountability and publish by-laws and strategic and operational
>>> plans
>>> - Agreement can be terminated in 120 days
>>>
>>> The MOU has been criticized because of the following reasons:
>>> - US governmental control on root server administration
>>> - Inconsistent with WSIS principle where no single government should have
>>> a pre-eminent role
>>> - Domain name allocation policies need better development
>>> - IPv4 address allocation have been imbalanced need to ensure IPv6
>>> address allocation does not suffer the same effects -This assertion was
>>> however refuted as IP addresses allocation based on need. The need for
>>> prudent management and keeping barriers low for the transition to IPv6 was
>>> emphasised.
>>>
>>> To overcome this WGIG proposed 4 models:
>>> - Global policy council
>>> - Intenational internet council with leading government role to fulfil
>>> the ICANN/IANA functions
>>> - GAC to be strengthened with enhanced coordination function
>>> - Replace US govt role by general internet council or with world ICANN
>>> (in lieu of GAC)
>>>
>>> The common features of these models were the overwhelming government lead
>>> and the presupposition of the possibility of international treaties. During
>>> the discussion the viability of these models was questioned given that speed
>>> is of essence in the management of internet resources. It normally takes a
>>> long time to negotiate international agreements; including treaties instead
>>> a set of principles should be endorsed.
>>>
>>> The speaker recommended on the management of critical internet
>>> infrastructure should take into consideration the following
>>> • Treatment of technical resources of the internet and global economic,
>>> social and legal aspects arising out the internet should be at par
>>> • The development and implementation of polices and standards and
>>> solutions to various internet issues should be done in a coordinated manner
>>> for example telecommunication standard development is done in a hierarchical
>>> and predictable way.
>>> • New structure would be a supreme authority over internet
>>>
>>> In conclusion the speaker asked: Does the internet as we know it need to
>>> be altered radically? Should the status quo be maintained? Should a Red
>>> Cross model of recognition by international community states be given to an
>>> international entity like ITU, INTELSAT. However fundamental change is not
>>> necessary as failure has not been identified.
>>>
>>> *My comment*: this presentation was descriptive and despite the fact
>>> that an alternative model was proposed the principles, mechanisms that would
>>> need to be put in place in order to make it work were not discussed
>>>
>>> *2nd presentation*
>>> The next speaker spoke about the ccTLDs in latin Amercia which are
>>> broadly organised into two main groups: non-governmental and governmental
>>> organisations. A contribution from the floor however clarified that the
>>> Brazilian ccTLD is a multi-stakeholder – coordinated by government – but on
>>> a day by day basis operates as a non-governmental organisation. The Indian
>>> ccTLD is managed by government and private sector – sovereign interest taken
>>> care of through government representation.
>>>
>>> The rules and regulations under which the institutions that manage the
>>> ccTLDs are managed determinate legal framework under which they operate.
>>> Consequently ccTLDs are regulated under national law while ICANN regulates
>>> gTLDs – The possibility of self regulation is based on the assumption that
>>> private sector would act in the public interest.
>>>
>>> In the discussions some felt that there was need for increased attention
>>> of government in the management of ccTLDs – as it was critical
>>> infrastructure while on the other hand other felt that there was the risk of
>>> excessive regulation with increased involvement of government.
>>>
>>> *1130 -1200 hrs Workshop 36: Strategies to prevent and fight child
>>> pornography in developing countries*
>>> Child pornography in Brazil has grown out of the popularity of social
>>> networking. However the main challenge has been issues related to
>>> jurisdiction as content is resident in ISP based in the USA and
>>> trans-national ISPs like Yahoo, Microsoft and Google which have branches in
>>> strategic markets and have tailored the services for these markets in terms
>>> of language and content.
>>>
>>> Brazil was therefore unable to deal with serious offences related to
>>> content – specifically child pornography - committed by Brazilians using
>>> Brazilian IP addresses. The government has been able to sign an agreement
>>> with Google to fight child pornography on Google's orkut social network.
>>>
>>> The following are consideration taken in drawing up the agreement
>>> 1. Which criteria should be used to define the ability of a particular
>>> country to legislate over and sanction conducts committed on the internet?
>>> - Where the data is located?
>>> - International law principles (territoriality or nationality) shall be
>>> used to define the sovereignty of a state regarding – cyber space – which is
>>> a network of networks
>>> - Define some reasonable standard – for example managed by Brazilians and
>>> is local content and local language
>>> - Access points in Brazil, harmful conduct felt in the country – taken
>>> obligation under international law to take offence – country of origin
>>> approach would force thousands of users to unfamiliar rules and travel –
>>> offence under human rights therefore apply local legislation
>>>
>>> 2. It is legitimate to enforce the conduct of local office –as it
>>> impracticable to send legal request to the US.
>>>
>>>
>>> New tools have been implement that have reduced number of images uploaded
>>> and increase in number of reported cases- subject to investigation. It was
>>> inspiring to listen to parliamentarian talk about the need to have
>>> legislators engaged in the process as they ultimately pass the laws. I
>>> appreciated the fact that in there is great cooperation between the
>>> parliament, government, police, civil society and private sector.
>>>
>>> The main challenges are:
>>> • Lack of awareness and participation by parliamentarians who are
>>> critical in the formulation of legislation
>>> • how to obligate ISPs to provide information without infringing on
>>> freedom of expression and privacy,
>>> • what criteria should be used to deal with these offences
>>> • the creation of awareness of ISPs in developing countries of the need
>>> for judicial cooperation as well as social initiatives to deal with cyber
>>> crime.
>>> • Insufficient infrastructure to deal with this issue – law enforcement
>>> does not have the human resources and technology
>>> • Material produced to fight child pornography are not evaluated – they
>>> should be inline with the demand
>>>
>>> *My comment*: I would have like to know if initiatives have reduced
>>> offences, what is the success rate registered in prosecution, ability of the
>>> law enforcement and judicial system to deal with offences. There was no
>>> mention of where initiatives had been launched to fight child pornography on
>>> the financial front.
>>>
>>>
>>> *1530-1700 Workshop 45: Opening to diversity and competition of the DNS
>>> system*
>>>
>>>
>>>
>>> There were 3 presentations in this session:
>>>
>>>
>>> - *1st presentation* - alternate DNS system used in library systems
>>>
>>>
>>> - *2nd presentation* - implementation of security in the Handle system
>>>
>>>
>>> - *3rd presentation –* discussed the Net4D
>>>
>>>
>>>
>>> Net4D- provides the technical solution to the political concern on the
>>> control of root servers. Net4D networks enable the following:
>>>
>>> • Empower the second generation of the web: the semantic web.
>>>
>>> • Multi-stakeholder governance of DNS
>>>
>>> • Net4D classes should be open and interoperable
>>>
>>> DNS 1.0 – was a monopoly of ICANN web 1.0 html with USA parentage and
>>> English only while DNS 2.0 is open allowing for competition including inter
>>> alia:
>>>
>>> • Net4D semantic web
>>>
>>> • Open coherent approach to linguistic diversity
>>>
>>> • Allow technological innovation with value added services
>>>
>>>
>>>
>>> Concern was however raised on the:
>>>
>>> • Investment/implementation cost required to implementation of different
>>> DNS systems depending on the BIND implemented and root servers enabled
>>>
>>> • relinquishing of the political control of root servers
>>>
>>> • Value to end users
>>>
>>> • Awareness and understanding of the issues by different stakeholders
>>> necessary – delivered in a way that they can understand
>>>
>>>
>>>
>>> *My comment*: the session was technical – I hope the techies on the
>>> mailing list can help us understand the governance issues associated with
>>> the introduction of DNS competition and the impact on developing countries
>>> :)!
>>>
>>>
>>>
>>> Kind regards
>>>
>>> mwende
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20081210/30274bed/attachment.htm>
More information about the KICTANet
mailing list