[kictanet] Fwd: [Internet Policy] Report of the GCIG

Barrack Otieno otieno.barrack at gmail.com
Wed Jun 22 18:44:06 EAT 2016


Listers,

This might be usefull to some.

Regards

---------- Forwarded message ----------
From: Richard Hill <rhill at hill-a.ch>
Date: Wed, 22 Jun 2016 15:01:48 +0200
Subject: [Internet Policy] Report of the GCIG
To: "Internetpolicy at Elists. Isoc. Org" <internetpolicy at elists.isoc.org>


The Global Commission on Internet Governance has released its report, see:

  http://ourinternet.org/report

I found this report to be well researched and well written, and worth
reading carefully.  As far as I can tell, it is well aligned with ISOC's
positions and priorities.

For what it is worth, I reproduce below some portions that I found worth
singling out.  There are no page numbers in the report, so I could not
include page references.

Best,
Richard

=======================

CORE ELEMENTS OF A SOCIAL COMPACT FOR A DIGITAL SOCIETY

There must be a mutual understanding between citizens and their state that
the state takes responsibility to keep its citizens safe and secure under
the law while, in turn, citizens agree to empower the authorities to carry
out that mission, under a clear, accessible legal framework that includes
sufficient safeguards and checks and balances against abuses. Business must
be assured that the state respects the confidentiality of its data and they
must, in turn, provide their customers the assurance that their data is not
misused. There is an urgent need to achieve consensus on a social compact
for the digital age in all countries. Just how urgent is shown by current
levels of concern over allegations of intrusive state-sponsored activities
ranging from weakening of encryption to large-scale criminal activity to
digital surveillance to misuse of personal data, and even to damaging cyber
attacks and disruption.

-----

Governments should not create or require third parties to build back doors
or compromise encryption standards, as these efforts would weaken the
Internet and fundamentally undermine trust. Efforts by the technical
community to incorporate privacy-and-security-enhancing solutions into all
standards and protocols of the Internet should be encouraged.

The Commission urges member states of the United Nations to agree not to use
cyber technology to attack the core infrastructure of the Internet.

Governments seeking a peaceful and sustainable Internet should adopt and
respect norms that help to reduce the incentive for states to use cyber
weapons. Governments should agree on infrastructure assets and services that
must not be targeted by cyber attacks.

Businesses should purchase cyber insurance to cover the liability costs of
breaches of their systems. Cyber liability insurance vendors can be
persuasive in promoting best practices in the corporate sector. Cyber
premiums should be higher if best practices are not followed. Insurers need
to have better data to appropriately identify and price cyber risk and to
develop appropriate products. Government regulations should require routine,
transparent reporting of technological problems to provide the data required
for a transparent market-based cyber-insurance industry.

There is a need to reverse the erosion of trust in the Internet brought
about by indiscriminate and non-transparent private practices such as the
collection, integration and analysis of vast amounts of private information
about individuals, companies and organizations. Private surveillance based
on "big data" is often conducted under the guise of a free service. ...

Users should not be excluded from the use of software or services that allow
them to participate in the information age, and they should be offered the
option of purchasing a service without having to agree to give the provider
access to their personal information. International rules are also required
to ensure that the holders of large repositories of data are transparent
about how they collect, use and share user-generated data.

Interception of communications, collection, analysis and use of data over
the Internet by law enforcement and government intelligence agencies should
be for purposes that are openly specified in advance, authorized by law
(including international human rights law) and consistent with the
principles of necessity and proportionality.

... governments should use competition as a tool to expand Internet access
facilities to the maximum extent possible, while investing to ensure
availability when market forces prove insufficient.

The disruption to traditional jobs and skill requirements can create
economic hardship and civil discontent. Rather than attempting to preserve
old jobs by stifling innovation, governments should help workers adapt to
the new economic reality via skills training and educational programs.

The Internet has indeed reached a crossroads. Choices need to be made - and
making no choice is itself a choice. It is all about who should have what
power to control the future of the Internet.

Our advice is based on the belief that only a normative approach can address
the myriad challenges facing Internet governance. We call on governments,
private corporations, civil society, the technical community and individuals
together to create a new social compact for the digital age.

There is a growing concern about the market power and data collection
capabilities and practices of the large Internet platform companies as well
as other private data intermediaries.

The failure to incorporate security as an essential design feature by
vendors and larger customers of the IoT raises concerns that its explosive
growth could result in the "weaponization of everything."

Legal thresholds for lawfully authorized access to communications data must
be redefined to ensure that the aggregated collection of metadata - such as
an individual's full browsing history - are treated with the same respect
for privacy as access to the actual content of a communication, and should
only be made under judicial authority. In all cases, the principles of
necessity and proportionality must be applied.

Governments should not compromise or require third parties to weaken or
compromise encryption standards, for example, through hidden "backdoors"
into the technology as such efforts would weaken the overall security of
digital data flows and transactions.

Individual users of paid or so-called "free services" provided on the
Internet should know about and have some choice over the full range of ways
in which their data will be deployed for commercial purposes. They should
not be excluded from the use of software or services customary for
participation in the information age, and should be offered the option of
purchasing the service without having to agree to give the provider access
to their personal information. Terms of use agreements should be written in
a clear and accessible manner and should not be subject to change without
the user's consent. Businesses should demonstrate accountability and provide
redress in the case of a security breach or a breach of contract.

To assure the public that their data is being appropriately protected,
states that do not already have comprehensive personal data protection
legislation and a privacy enforcement authority with legal enforcement
powers should take steps to create such regimes.

Governments should initiate efforts to develop international consensus on
norms about how to deal with cases where the goal of protecting data comes
into conflict with the requirements of law enforcement or security agencies
to investigate terrorist activity or attacks in an emergency situation. At a
minimum, any solutions should be derived through a multi-stakeholder
process, broadly agreed, and must be subject to legal oversight, governed by
principles of necessity, proportionality and avoidance of unintended
consequences.

Businesses should purchase cyber insurance to cover the liability costs of
successful breaches of their systems.

The market for cyber insurance is immature in comparison to the seriousness
of the threats, and the capital available to the industry is currently
inadequate to underwrite the full risk. Pricing the risk is difficult in the
absence of reliable time series data, making it difficult for insurers to
put a reliable figure on the likely losses from breaches.

More research is urgently needed to support greater accuracy when pricing
risk.

To assist the public to understand and practice the essentials of cyber
hygiene, governments should undertake significant campaigns to raise
awareness and develop the needed skills. Cyber-security awareness programs
should start early, for example, by incorporating cyber hygiene into primary
and secondary education curriculums.

Consistent with the recognition that parts of the Internet constitute a
global public good, the commission urges member states of the United Nations
to agree not to use cyber weapons against core infrastructure of the
Internet.

The disruptions resulting from the rapid spread of the sharing economy are
already being felt.

All levels of government (national, subnational, local), industry, civil
society and the technical community, need to be engaged on the new
regulatory challenges posed by the sharing economy.


_______________________________________________
To manage your ISOC subscriptions or unsubscribe,
please log into the ISOC Member Portal:
https://portal.isoc.org/
Then choose Interests & Subscriptions from the My Account menu.



-- 
Barrack O. Otieno
+254721325277
+254733206359
Skype: barrack.otieno
PGP ID: 0x2611D86A




More information about the KICTANet mailing list