[kictanet] Fwd: IGF 2008 Highlights - Reminder
John Walubengo
jwalu at yahoo.com
Tue Apr 14 14:56:35 EAT 2009
Thanx Mwende on the highlights of the Internet Governance Forum (IGF) meeting at Hyderabad, India 2008. Quite an overload I must say - buffer overflow in technical terms ;-)
Hope u will be there tmrw morning @Jacaranda to verbalize all these in simpler terms and within 10-15mins...
Regards.
walu.
--- On Tue, 4/14/09, mwende njiraini <mwende.njiraini at gmail.com> wrote:
> From: mwende njiraini <mwende.njiraini at gmail.com>
> Subject: [kictanet] Fwd: IGF 2008 Highlights - Reminder
> To: jwalu at yahoo.com
> Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
> Date: Tuesday, April 14, 2009, 3:31 PM
> Dear all
> Below are Highlights of the IGF held in Hyderabad sent to
> the mailing list
> last year.
> regards
> Mwende
>
> ---------- Forwarded message ----------
> From: mwende njiraini <mwende.njiraini at gmail.com>
> Date: Dec 10, 2008 11:49 AM
> Subject: Re: IGF 2008 Highlights - Day 2
> To: KICTAnet ICT Policy Discussions
> <kictanet at lists.kictanet.or.ke>
>
>
>
> *Day 2: 4th December 2008*
>
> * *
>
> *Theme: Promoting Cybersecurity and Trust *
>
> * *
>
> *0930-1100 Panel discussions: Dimensions of Cybersecurity
> and Cybercrime*
>
> The internet was not originally designed with security
> features however with
> increased use of the internet security considerations
> arise.
>
>
>
> It is important to recognize regional, local and cultural
> issues that may
> affect cyber security and develop a relationship of trust
> in order to
> develop a framework that determines - what happens in a
> crisis, how to
> engage in law enforcement. This is important as security
> issues need to be
> addressed before there is a crisis and should be done at
> all levels.
>
>
>
> *Computer Emergency Response Team*
>
> * *
>
> The use of the Computer Emergency Response Team (CERT) at a
> regional and
> national level based on the framework developed by the
> Carnegie Mellon
> University (www.cert.org) as follows:
>
>
>
> 1. *Organisational *
>
> At an organisational level there should be a person
> responsible for security
> – the response to security threats need to be formalized
> – that is
> organizational incident response should be formalized.
>
>
>
> 1. *National*
>
> Formation of national CERT is necessary but not sufficient.
> Channels for
> relaying of information, mitigating threats need to be
> organised and tested
> on a regular basis. The national CERT should work with
> regional CERT as
> well as have links with law enforcement organisations.
>
> There is need for development of a strategy as well as
> testing of the
> system. Any incidents should be reviewed.
>
>
>
> The goals of CERT should include:
>
> - early detection,
> - short response time,
> - reduction of impact,
> - recognition of liability issues,
> - analysis techniques – which are forensically safe,
> need to be developed
> in advance not when time is of the essence
> - Alignment of with partners
>
>
>
> ITU-D study group 1 Q 22/1 is studying issues on: *Securing
> information and
> communication networks: best practices for developing a
> culture of
> Cybersecurity*
>
>
>
> The security should be implemented without damaging the
> nature of the
> internet, and protecting vulnerable groups
>
>
>
> *Introduction of cybercrime and terrorism*
>
> Traditional crime has moved online for example harassment
> and money
> laundering however there are new forms of crime in the
> virtual world
> including:
>
> - phishing, virus/malware, etc
>
> - Critical infrastructure threats – banking,
> transport, banking,
> energy, government and national security
>
> - Terrorist use of the internet to publish
> ideologies, raise funds,
> recruit new members
>
>
>
> The challenges in combating cybercrime and terrorism:
>
> - The crime scene and who is in charge with
> dealing with the
> threat.
>
> - Relevance of geographic distance
>
> - Investigative cost and the need to carry out
> real time
> investigations
>
> - Legal framework
>
> - Procedural legal problems
>
> - Complex search and seizure laws
>
> - Responsibility and data
>
> - It complex due to numerous operators involved
>
>
>
> *Questions and discussions*
>
> - Global issue – which needs coordinated effort
> and cooperation -
> in order to avoid the development of cyber havens.
>
>
>
> - Action, feedback and reaction necessary in order
> to update
> prevention mechanisms with regard to recent incidents
>
>
>
> - A relationship of trust important between the
> CERT and ISPs –ISPs
> need to provide data – this should a bottom up process
>
>
>
> - Organisations work in an eco-system –sharing
> of information –
> collecting statistics before, during and after an incident
>
>
>
> - Access (usage and querying) to the data base at
> the CERT should
> be controlled – because of privacy issues
>
>
>
> - A mutual Non-Disclosure Agreement (NDA) and
> formal structures
> should be created through a formal bottom-up process.
>
>
>
> - Network based crime raise issues associated with
> creating an
> appropriate balance between the needs of those
> investigating and prosecuting
> and rights and interests.
>
>
>
> - Need for coordination is a challenge to
> governments because of
> the lack of expertise – therefore have to rely on
> academia and private
> sector
>
>
>
> - The CERT should be an independent group of
> experts that should be
> fully empowered
>
>
>
> - Appropriate safeguards to protect the
> functioning of the
> organisation necessary as they give confidence and ensure
> business
> continuity during investigation
>
>
>
> - New institutional models based on hybrid
> frameworks – for example
> Sri-Lanka CERT was set up in June 2006 and involves
> government as well as
> skilled incident handlers (http://www.slcert.gov.lk/).
>
>
>
> - Need for increased cooperation as cyber crime is
> multi-jurisdiction issue – harmonization of enforcement
> processes and
> legislation approach such as that of the council of Europe.
>
>
>
> * *
>
> *Indian CERT*
>
> - The internet is used for numerous activities
> leading to an
> increase cyber attacks consequently there is a need for
> training on best
> practices and implementation.
>
> - India's legislation includes computer
> related offences and is
> currently being amended to be in line with the European
> cyber convention.
>
> - National CERT operates in partnership with Asia
> and pacific CERTs
>
> - The Indian CERT is a government lead industry
> initiative – that
> aims at creating awareness and compliance to best practices
>
> - Training of law enforcement officers on analysis
> of computer
> related crime a challenge and undertaken through PPP.
>
> - A secure national cyberspace – requires
> collaboration, research
> in technologies through a bottom-up process.
>
> - Areas of conflicting interest need to be
> addressed as cybercrime
> is a global phenomenal – these areas include conflict
> with individual
> rights, unnecessary censorship and society issues
>
> - Establishment of global alliances essential to
> ensure stability
> of internet
>
> - Sharing to data about cyber attacks is a
> challenge
>
> - Establishment of a CERT takes time – needs to
> include
> participation of private sector partners
>
>
>
> The ITU has identified five pillars with regard to internet
> security which
> include:
>
>
>
> 1. Legal issues
> 2. Technical procedural issues, Organisational
> structures including
> CERTs
> 3. Capacity building
> 4. International cooperation
>
>
>
> There is need for proactive approach to provide an early
> warning system for
> example that used in the event of natural disasters as well
> as need for
> organisation and cooperation between all stakeholders.
>
>
>
> With regard to initiating internet security measures –
> start with an issue
> where there is a common understanding for example child
> protection which was
> the basis of the launch of the child line protection.
>
>
>
> *Capacity building*
>
> *Issues*
>
> - Lack of capacity in of ISPs
>
> - Inter-south cooperation required as challenges
> and infrastructure
> similar
>
> - Retention of skilled human resources a challenge
>
> - Use of network operator groups for capacity
> building
>
> - Need to utilize the existing educational
> framework by integration
> of cybersecurity into curriculum – this creates
> sustainability in capacity
> building
>
> - Training should be relevant to the environment
> – appropriate use
> of technology, cost, concentrate on getting the maximum
> benefit – innovation
> in order to derive the maximum value will be based on
> training received
>
> - Need for collaboration platform – so as to
> continue sharing
> information
>
> - Need to focus on reality on the ground
>
>
>
> *Kind of training*
>
> - technical training
>
> - policy issues – IPv4/6
>
>
>
> *Technical challenges*
>
> - operators need to be profitable – environment
> liberalized –
> however still certain monopolized areas – international
> connectivity –
> imbalanced competition – therefore profitability issue-
> cant invest in new
> technologies – limited investment in training
>
>
>
> *My comment*: Urgent need create of culture of
> cybersecurity (end-users, at
> organisation level and nationally) and establishment of
> national, regional
> CERTs.
>
>
>
> *14:30 - 16:00 Workshop 76 Neutrality Debate Important for
> You? (Network
> Neutrality Debate: The Implications for Development) *
>
> * *
>
> *Technical issues*
>
> All networks need to be managed
>
>
>
> High broadband connectivity principles
>
> (
> http://www.tiaonline.org/gov_affairs/issues/internet_services_applications/documents/ConnectivityPrinciples.pdf
> )
>
>
>
> - transparency
>
> - ability to attach any device
>
> - right to access any legal content
>
> - right to download any legal content
>
>
>
> *Economic issues*
>
> Net neutrality has significant micro and macro
> implications. Broadband
> investment influenced by the broad economic environment
> because of the
> massive investment required
>
> - Regulation is viewed more beneficial in view of
> the current
> economic crisis
>
> - More users create value to the platform
>
> - Optimal pricing structure – a possibility -
> may not want to
> charge content providers to contribute to access
>
> - Mandatory net neutrality/unbundling expected to
> depress
> investment in broadband plus may have a significant
> negative effect on
> investment NGN.
>
> - Centre for European Policy Studies – research
> titled: "I own the
> pipes, you call the tune: The net neutrality debate and its
> (ir) relevance
> for Europe" available at
> http://shop.ceps.eu/BookDetail.php?item_id=1755 –
> argues that the internet is not neutral – pro-neutrality
> rules/changes being
> proposed should be evaluated
>
> - The analogy of the roads and vehicles was used
> to describe net
> neutrality – the roads represent the pipes while the cars
> represent the
> packets/traffic – which are not regulated and may be of
> any shape or
> size. However
> there is regulation with regard to speed.
>
> - issue of convergence – important for users
>
> - internet to drive innovation and economic growth
>
> - activism issues are important to understand the
> issues
>
> - slowing down the traffic and packets on internet
> has a
> consequence of slowing down the development internet
>
>
>
> *Issues from a user perspective*
>
> - no consensus on the issues exists
>
> - Users do not necessarily want free/unlimited
> control – however
> what they want is: what they access should not be
> controlled
>
> - They do not want to be forced to buy their store
> brands or
> services of preferred service providers of the broadband
> connectivity
> provider.
>
> - There is no value in packaging/bundling of
> services – rather it
> is designed to sell services at a high price
>
> - Users question whether a free market would help
> as suppliers are
> out to make money – there is an economic motivation to
> invest – which means
> there is no one to look out for consumers
>
> - Need for establish anti trust/anti monopoly
> regulations
>
> - ISPs must be made to know that users are not
> willing to give up
> their rights thus should develop internet usage plans that
> are favourable to
> the users - suppliers must listen to consumers
>
> - Users have the power to demand what we want if
> only they demanded
> it
>
> - The investment on the internet should be allowed
> in all areas –
> core and edges without fragmenting it - networks should be
> built using open
> interfaces - end to end principle protection is significant
>
> - Users want the internet to encourage innovation
>
> - Use of restaurant analogy where the chairs,
> tables and food are
> outsourced
>
> - Users should have the ability to have access to
> the content they
> want as long as it is connected to open interfaces
>
> - Users have concern on the future of the
> internet; content
> equality and its ability to deliver content in different
> ways thus
> encouraging local innovation
>
>
>
> *My comment:* significance of net neutrality with reference
> to developing
> countries was not addressed – taking into consideration
> that the motivation
> for investment in broadband connectivity is socio-economic
> development thus
> deployment of both local and international for example
> submarine cable is
> being done by governments rather than the private sector.
>
>
> On 12/8/08, mwende njiraini
> <mwende.njiraini at gmail.com> wrote:
> >
> > *5th December 2008*
> > *930-1100 Panel Discussion Transition from IPv4 to
> IPv6*
> > Based on several studies it is projected that IPv4
> addresses will be
> > globally exhausted by 2011 however address space will
> still be available at
> > a local level. Seamless take up of IPv6 is expected
> with the exhaustion of
> > IPv4 and there is on going discussion – to define
> policy to facilitate
> > smooth transition for operators and ensure that new
> comers have minimum IPv6
> > address space allocation to start up business.
> >
> > The following issues were discussed from different
> perspectives:
> >
> > *Issues from operators' perspective*:
> > - Deployment of IPv6 enabled equipment in the core
> networks should be done
> > increment – however uptake is low because there is
> no extra revenue
> > generated with the implementation of IPv6 i.e. the
> lack of commercial
> > drivers. However this is expected to change with the
> as customer numbers
> > grow.
> >
> > - Need for upgrade – therefore operators from
> developed countries stand at
> > an advantage as they have the resources and are nearly
> exhausted their local
> > allocations.
> >
> > - Getting operational experience is a challenge –
> there is need to invest
> > in operational tools to run IPv6 in terms of software
> configuration
> > utilities management and trouble shooting
> >
> > - Participation in standardization – where users
> have equipment that
> > supports only IPv4 – how do they access services
> that are available only on
> > IPv6-based networks? The IETF is working on the
> transition mechanisms
> > however the co-existence of both protocols is expected
> for a long time
> >
> > - Operators are pushing for IPv6 support in customer
> premise equipment
> > (CPE) as well as software that supports the new
> protocol version. However it
> > is expected that legacy applications will be available
> in the foreseeable
> > future
> >
> > *Issues from a vendor perspective*
> > - Transition has been going on for some time in the
> vendor world. The
> > transition has been a long process for vendors and
> operators – in terms of
> > getting the technology and standards ready
> >
> > - As IP is the core of the internet – transition to
> ipv6 – is significant
> > particularly with the increase of IPv6 enabled devices
> connected to the
> > internet specifically mobile phones
> >
> > - need to understand technology and therefore need for
> operational and
> > implementation experience
> >
> > - managing customer demand/expectations for IPv6
> enabled services and
> > devices
> >
> > - cost of staff training
> >
> > - there are mistakes that will be made – therefore
> need for mutual support
> > in the implementation of v6
> >
> > *Social and economic perspectives*-
> > - Transition should be cooperative endeavour with
> social and economic and
> > policy considerations
> >
> > - Gradual implementation and interoperability between
> IPv4 and v6 expected
> > so as to preserve the investment already made
> >
> > - There is a general understanding that IPv6 will
> compliment and supplement
> > the existing IPv4 as well as provide improved routing,
> multicasting,
> > efficient infrastructure. The following questions
> however arise:
> >
> > o The advantages that IPv6 offer are good reasons to
> invest in the new IP
> > version.
> > o Would transition be transparent and would backward
> compatibility required
> >
> > - Users want the stability of the internet to be
> maintained and hope that
> > IPv6 will offer opportunities for addition to
> personality features on the
> > internet – this is what makes the business case
> >
> > - In the India case there are a large number of
> service providers – and
> > there is only a 1/8 usage – therefore demand is low
> – the need to enhance
> > cultural diversity however provides opportunities to
> create demand through
> > local content development including E-government
> programme and Info-tainment
> >
> > - It is important to break the myth that IPv6 is a new
> internet - It is not
> > a new internet rather continuation of the internet
> >
> > - The main benefit is the address space addition-
> which may allow for
> > efficiency
> >
> > - There is no need to establish a deadline or regulate
> the implementation
> > of IPv6 – as it will be market driven. Additionally
> users should have rights
> > to use IPv4 and IETF is working on coexistence
> >
> > *Policy perspective*
> > - With the impending exhaustion of IPv4 – further
> implementation will be
> > problematic – as not all players will support
> transition therefore it is
> > important to examine measures – for continued use of
> IPv4 and possible
> > migration of users to private IPv4 address space
> >
> > - creation of action plan to be implemented by 2010
> – for example offering
> > of incentives such as tax exemption and capacity
> building
> >
> > - examination of existing programmes and mechanisms
> >
> > - establishment of taskforce of IPv4 exhaustion
> >
> > - the messages of ISPs is that they must carry IPv6
> >
> > - IPv4 scarcity and demand for more security are the 2
> major challenges
> > driving the uptake of IPv6
> >
> > - Institution of market transfer or reclamation
> mechanisms of IPv4
> > resources not required by local internet registries to
> the regional internet
> > registries when transition to IPv6 is implemented.
> However this would be a
> > challenge as RIRs have no contractual authority this
> may create a grey
> > market. This challenge may be overcome through a loose
> membership
> > association that allows others to use others resources
> >
> > - Institution of secure routing objects including PKI
> to authenticate users
> > raises governance/control issues – RIRs have
> centralized control which may
> > make it efficient and better able to address security
> issues this makes an
> > RIR an central governance institution. Membership of
> security/government
> > associations in the RIR would result in infiltration
> of technical, policy
> > agendas that may make the transition to IPv6
> complicated
> >
> > - However it is argued that RIRs should remain neutral
> and trans-national
> > institutions which:
> > o maintain a homogenous technical group
> > o maintain a bottom-up approach in policy making
> > o guarantee the stability of the internet and business
> continuity of
> > members
> >
> > - main challenges in the deployment of IPv6 include:
> > o lack of public education, information and skill
> > o limited network policy decisions to make deployment
> happen
> > o lack of incentive to deploy ipv6
> >
> > *1100-1230 Workshop 59:Building a global capacity
> building curriculum
> > framework and premier*
> >
> > - Integration of IG capacity building in existing ICT
> and public policy
> > courses was advocated.
> >
> > - The training may be offered either online, offline
> or through short term
> > executive courses.
> >
> > - Collaboration between different stakeholders who
> have different needs is
> > imperative in order create an understanding of the
> issues arising from
> > increased used of the internet particularly those that
> transcend the
> > geographical, and cultural borders.
> >
> > - internet security awareness programme set up in
> India
> >
> > - Presentations on the Diplo IG capacity building
> programme (
> > www.diplomacy.edu/ig) – including a demonstration of
> the online platform.
> >
> > - The Diplo approach includes the training course
> (foundation and
> > advanced), policy research, policy immersion and
> community interaction.
> >
> > - The impact associated with the IG capacity building
> programme have been
> > varied and impressive including the establishment of
> IG governance masters
> > programme in Srilanka and the use of telecentres to
> disseminate IG related
> > information.
> >
> > - Diplo has successfully offered the training to
> professional worldwide for
> > the last 4 years leading to the establishment of
> national, regional and
> > global community
> >
> > *1400-1530 Workshop 29: Building confidence and
> security in the use and
> > security in the use of ICTs for African countries
> >
> > *Main challenges in Africa
> > - lack of infrastructure
> > - lack of services
> >
> > Therefore opportunity to learn from mistakes in
> developing countries and
> > establish of computer emergency response team
> currently there is only one
> > active CERT in Africa in Tunisia, South Africa is in
> the process of setting
> > up a CERT with the deadline of 2010 before the FIFA
> world cup. While
> > countries such as Morocco, Kenya and Ivory Coast are
> thinking about set in
> > up CERTs.
> >
> > The approach in dealing with Cybersecurity in
> developing countries
> >
> > Success of Cybersecurity is based on 3pillars
> >
> > 1. *Technology pillar* – ICT/security tools
> –including:
> > o PCs / networks, physical security tools, data tools
> (storage media and
> > cryptography), availability of infrastructure and
> application (redundant
> > servers and PKI)
> >
> > 2. *Methodology pillar* – policy, procedures and
> regulations on three
> > levels:
> > o managerial level (security policy, management
> procedures and capacity
> > building, audit) Legislative level (law and
> regulation)
> > o operational level (acces control rules,
> implementation plans, monitoring,
> > watch, incidence handling)
> > o continuity of services level ( business continuity
> plan, crisis
> > management, drill exercises)
> > - actors in this pillar include the government,
> security professionals and
> > users
> >
> > 3. *Social behaviour pillar* – creating a culture of
> cyber security
> > o cultivate culture of cyber security through
> continuous action of raising
> > awareness using diverse media/channels
> > o the target audience includes managers, decision
> makers, security,
> > children, parents, teachers
> >
> >
> > *Case study: CERT-TCC - Tunisia*
> >
> > *The functions of the CERT include*:
> >
> > - Watch- collect information from different sources eg
> CISCO, HP.
> > Microsoft, network of CERTs, community of hackers
> > - Training
> > - Coordination
> > - Response
> > - Incidence handling
> > - Incident analysis
> > - Awareness
> > - Warning alert
> >
> > *Key issues*:
> >
> > • Information, warning and alert – carried out to
> in collaboration with
> > ISPs, managers decision makers, internet community
> through mailing list,
> > call centre, media
> >
> > • Oriented campaign – utilizing prospectus,
> posters, email, radio,
> > cartoons, video, attack simulation and guides
> >
> > • Incident handling - training in new tools
> >
> > • Coordination important in the effective
> functioning of the CERT –
> > incident coordination procedures and information
> including regional CERTs,
> > other CERTs within the country (for example Brazil has
> more than one CERT),
> > ISPs and operators, vendors and integrators, and
> national authorities.
> >
> > Need for the formation of CERTs in Africa however the
> challenges of lack of
> > "know how" in IT security need to be
> overcome through:
> > - capacity building
> > - encouragement of the development of national
> solutions based on open
> > source components
> > - improved R&D capabilities and making it more
> responsive to urgent needs
> > - encouraging academic research in the important
> topics of security
> > (cryptography, methodologies…)
> >
> > *The following questions and comments were raised*:
> >
> > - the need for social engineering through the creation
> of a culture of
> > cyber security to be addressed specifically because of
> the increased
> > requirements by government to obligate to provide
> subscriber identification
> > information
> >
> > - how can African countries start up a cert- through
> collaboration for
> > example with existing CERTs
> >
> > - in establishing a culture of cybersecurity –
> consideration should be
> > given to the fact that there are different social
> cultures in different
> > countries however there is consensus on issues such as
> child pornography,
> > identity theft
> >
> > - how can a regional approach be developed where there
> are differences in
> > level of ICT infrastructure and use of infrastructure
> in the delivery of
> > services, what tools can be used to encourage decision
> makers to be involved
> > in the issues of cyber security?
> >
> > o It was recognised that funding and expertise was
> required for example
> > AFDB, World Bank and Islamic Bank while ITU have
> regional workshops on cyber
> > security
> >
> > o As African countries build on infrastructure and
> services – there is an
> > opportunity to learn from those that have already
> developed CERTs.
> >
> > - How does the CERT monitor traffic: with the
> collaboration of ISP and
> > operators as well as supporting legislation
> >
> > - Regulators need to advice the government to use ICT
> in development – this
> > is a manifestation of government commitment
> >
> > - The role of policy making was emphasized – as it
> provides government
> > commitment to using ICT for social economic
> development and governance and
> > consequently support for cyber security initiatives
> – including the
> > formulation of legislation.
> >
> > - There should not use a piece meal approach to cyber
> security to prevent
> > ineffectiveness for example Mauritius has electronic
> transaction act but PKI
> > not yet established
> >
> >
> >
> > On 12/5/08, mwende njiraini
> <mwende.njiraini at gmail.com> wrote:
> >>
> >> Following our recent online discussions on
> Internet governance issues in
> >> Kenya, the Kenya IGF and East African IGF; you may
> wish to follow the
> >> discussion currently ongoing at the global IGF
> 2008 in Hyderabad India at
> >> http://www.intgovforum.org.
> >>
> >> Below are highlights from workshops I attended on
> Day 1 December 3rd):
> >> *0930-1100 hrs Workshop 43: Legal aspects of
> governance critical
> >> internet Policy issues of public relevance*
> >> *1st presentation*
> >> The issues on that have legal implications
> include:
> >> • internet security intellectual property
> rights, infringement, privacy
> >> and protection mechanisms
> >> • IP domain name protection, conflicts arising
> out of data and content
> >> ownership privacy therefore increasing role of P2P
> in growth of internet 2
> >> • Consumer status and rights in relation to
> e-commerce cross border and
> >> domestic online trade
> >> • Telecom issue viz backbone deployment and
> interconnection costs
> >> • Freedom of expression – the extent of
> censorship and control on online
> >> content
> >>
> >> There is need for capacity building to create
> meaningful participation of
> >> individual and SMEs as well as increasing
> connectivity through building IXPs
> >> and local content development
> >>
> >> The question was raised as to whether there a need
> of alternative
> >> institutional mechanism.
> >> The salient features of the MOU between ICANN and
> the department of
> >> commerce (DoC) include:
> >> - The affirmation of the role of private sector
> leadership
> >> - The role of DoC in ensuring transparency and
> accountability and
> >> effective GAC participation
> >> - Ensure accountability and publish by-laws and
> strategic and operational
> >> plans
> >> - Agreement can be terminated in 120 days
> >>
> >> The MOU has been criticized because of the
> following reasons:
> >> - US governmental control on root server
> administration
> >> - Inconsistent with WSIS principle where no single
> government should have
> >> a pre-eminent role
> >> - Domain name allocation policies need better
> development
> >> - IPv4 address allocation have been imbalanced
> need to ensure IPv6 address
> >> allocation does not suffer the same effects -This
> assertion was however
> >> refuted as IP addresses allocation based on need.
> The need for prudent
> >> management and keeping barriers low for the
> transition to IPv6 was
> >> emphasised.
> >>
> >> To overcome this WGIG proposed 4 models:
> >> - Global policy council
> >> - Intenational internet council with leading
> government role to fulfil the
> >> ICANN/IANA functions
> >> - GAC to be strengthened with enhanced
> coordination function
> >> - Replace US govt role by general internet council
> or with world ICANN (in
> >> lieu of GAC)
> >>
> >> The common features of these models were the
> overwhelming government lead
> >> and the presupposition of the possibility of
> international treaties. During
> >> the discussion the viability of these models was
> questioned given that speed
> >> is of essence in the management of internet
> resources. It normally takes a
> >> long time to negotiate international agreements;
> including treaties instead
> >> a set of principles should be endorsed.
> >>
> >> The speaker recommended on the management of
> critical internet
> >> infrastructure should take into consideration the
> following
> >> • Treatment of technical resources of the
> internet and global economic,
> >> social and legal aspects arising out the internet
> should be at par
> >> • The development and implementation of polices
> and standards and
> >> solutions to various internet issues should be
> done in a coordinated manner
> >> for example telecommunication standard development
> is done in a hierarchical
> >> and predictable way.
> >> • New structure would be a supreme authority
> over internet
> >>
> >> In conclusion the speaker asked: Does the internet
> as we know it need to
> >> be altered radically? Should the status quo be
> maintained? Should a Red
> >> Cross model of recognition by international
> community states be given to an
> >> international entity like ITU, INTELSAT. However
> fundamental change is not
> >> necessary as failure has not been identified.
> >>
> >> *My comment*: this presentation was descriptive
> and despite the fact that
> >> an alternative model was proposed the principles,
> mechanisms that would need
> >> to be put in place in order to make it work were
> not discussed
> >>
> >> *2nd presentation*
> >> The next speaker spoke about the ccTLDs in latin
> Amercia which are broadly
> >> organised into two main groups: non-governmental
> and governmental
> >> organisations. A contribution from the floor
> however clarified that the
> >> Brazilian ccTLD is a multi-stakeholder –
> coordinated by government – but on
> >> a day by day basis operates as a non-governmental
> organisation. The Indian
> >> ccTLD is managed by government and private sector
> – sovereign interest taken
> >> care of through government representation.
> >>
> >> The rules and regulations under which the
> institutions that manage the
> >> ccTLDs are managed determinate legal framework
> under which they operate.
> >> Consequently ccTLDs are regulated under national
> law while ICANN regulates
> >> gTLDs – The possibility of self regulation is
> based on the assumption that
> >> private sector would act in the public interest.
> >>
> >> In the discussions some felt that there was need
> for increased attention
> >> of government in the management of ccTLDs – as
> it was critical
> >> infrastructure while on the other hand other felt
> that there was the risk of
> >> excessive regulation with increased involvement of
> government.
> >>
> >> *1130 -1200 hrs Workshop 36: Strategies to
> prevent and fight child
> >> pornography in developing countries*
> >> Child pornography in Brazil has grown out of the
> popularity of social
> >> networking. However the main challenge has been
> issues related to
> >> jurisdiction as content is resident in ISP based
> in the USA and
> >> trans-national ISPs like Yahoo, Microsoft and
> Google which have branches in
> >> strategic markets and have tailored the services
> for these markets in terms
> >> of language and content.
> >>
> >> Brazil was therefore unable to deal with serious
> offences related to
> >> content – specifically child pornography -
> committed by Brazilians using
> >> Brazilian IP addresses. The government has been
> able to sign an agreement
> >> with Google to fight child pornography on
> Google's orkut social network.
> >>
> >> The following are consideration taken in drawing
> up the agreement
> >> 1. Which criteria should be used to define the
> ability of a particular
> >> country to legislate over and sanction conducts
> committed on the internet?
> >> - Where the data is located?
> >> - International law principles (territoriality or
> nationality) shall be
> >> used to define the sovereignty of a state
> regarding – cyber space – which is
> >> a network of networks
> >> - Define some reasonable standard – for example
> managed by Brazilians and
> >> is local content and local language
> >> - Access points in Brazil, harmful conduct felt in
> the country – taken
> >> obligation under international law to take offence
> – country of origin
> >> approach would force thousands of users to
> unfamiliar rules and travel –
> >> offence under human rights therefore apply local
> legislation
> >>
> >> 2. It is legitimate to enforce the conduct of
> local office –as it
> >> impracticable to send legal request to the US.
> >>
> >>
> >> New tools have been implement that have reduced
> number of images uploaded
> >> and increase in number of reported cases- subject
> to investigation. It was
> >> inspiring to listen to parliamentarian talk about
> the need to have
> >> legislators engaged in the process as they
> ultimately pass the laws. I
> >> appreciated the fact that in there is great
> cooperation between the
> >> parliament, government, police, civil society and
> private sector.
> >>
> >> The main challenges are:
> >> • Lack of awareness and participation by
> parliamentarians who are critical
> >> in the formulation of legislation
> >> • how to obligate ISPs to provide information
> without infringing on
> >> freedom of expression and privacy,
> >> • what criteria should be used to deal with
> these offences
> >> • the creation of awareness of ISPs in
> developing countries of the need
> >> for judicial cooperation as well as social
> initiatives to deal with cyber
> >> crime.
> >> • Insufficient infrastructure to deal with this
> issue – law enforcement
> >> does not have the human resources and technology
> >> • Material produced to fight child pornography
> are not evaluated – they
> >> should be inline with the demand
> >>
> >> *My comment*: I would have like to know if
> initiatives have reduced
> >> offences, what is the success rate registered in
> prosecution, ability of the
> >> law enforcement and judicial system to deal with
> offences. There was no
> >> mention of where initiatives had been launched to
> fight child pornography on
> >> the financial front.
> >>
> >>
> >> *1530-1700 Workshop 45: Opening to diversity and
> competition of the DNS
> >> system*
> >>
> >>
> >>
> >> There were 3 presentations in this session:
> >>
> >>
> >> - *1st presentation* - alternate DNS system used
> in library systems
> >>
> >>
> >> - *2nd presentation* - implementation of security
> in the Handle system
> >>
> >>
> >> - *3rd presentation –* discussed the Net4D
> >>
> >>
> >>
> >> Net4D- provides the technical solution to the
> political concern on the
> >> control of root servers. Net4D networks enable the
> following:
> >>
> >> • Empower the second generation of the web: the
> semantic web.
> >>
> >> • Multi-stakeholder governance of DNS
> >>
> >> • Net4D classes should be open and interoperable
> >>
> >> DNS 1.0 – was a monopoly of ICANN web 1.0 html
> with USA parentage and
> >> English only while DNS 2.0 is open allowing for
> competition including inter
> >> alia:
> >>
> >> • Net4D semantic web
> >>
> >> • Open coherent approach to linguistic diversity
> >>
> >> • Allow technological innovation with value
> added services
> >>
> >>
> >>
> >> Concern was however raised on the:
> >>
> >> • Investment/implementation cost required to
> implementation of different
> >> DNS systems depending on the BIND implemented and
> root servers enabled
> >>
> >> • relinquishing of the political control of root
> servers
> >>
> >> • Value to end users
> >>
> >> • Awareness and understanding of the issues by
> different stakeholders
> >> necessary – delivered in a way that they can
> understand
> >>
> >>
> >>
> >> *My comment*: the session was technical – I hope
> the techies on the
> >> mailing list can help us understand the governance
> issues associated with
> >> the introduction of DNS competition and the impact
> on developing countries
> >> :)!
> >>
> >>
> >>
> >> Kind regards
> >>
> >> mwende
> >>
> >
> >
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> This message was sent to: jwalu at yahoo.com
> Unsubscribe or change your options at
> http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
More information about the KICTANet
mailing list