<div class="description"><b>5th December 2008</b></div>
<div class="description"><b>930-1100 Panel Discussion Transition from IPv4 to IPv6</b><br>Based on several studies it is projected that IPv4 addresses will be globally exhausted by 2011 however address space will still be available at a local level. Seamless take up of IPv6 is expected with the exhaustion of IPv4 and there is on going discussion to define policy to facilitate smooth transition for operators and ensure that new comers have minimum IPv6 address space allocation to start up business.<br>
<br>The following issues were discussed from different perspectives:<br><br><i>Issues from operators' perspective</i>:<br>- Deployment of IPv6 enabled equipment in the core networks should be done increment however uptake is low because there is no extra revenue generated with the implementation of IPv6 i.e. the lack of commercial drivers. However this is expected to change with the as customer numbers grow.<br>
<br>- Need for upgrade therefore operators from developed countries stand at an advantage as they have the resources and are nearly exhausted their local allocations.<br><br>- Getting operational experience is a challenge there is need to invest in operational tools to run IPv6 in terms of software configuration utilities management and trouble shooting<br>
<br>- Participation in standardization where users have equipment that supports only IPv4 how do they access services that are available only on IPv6-based networks? The IETF is working on the transition mechanisms however the co-existence of both protocols is expected for a long time<br>
<br>- Operators are pushing for IPv6 support in customer premise equipment (CPE) as well as software that supports the new protocol version. However it is expected that legacy applications will be available in the foreseeable future<br>
<br><i>Issues from a vendor perspective</i><br>- Transition has been going on for some time in the vendor world. The transition has been a long process for vendors and operators in terms of getting the technology and standards ready<br>
<br>- As IP is the core of the internet transition to ipv6 is significant particularly with the increase of IPv6 enabled devices connected to the internet specifically mobile phones<br><br>- need to understand technology and therefore need for operational and implementation experience<br>
<br>- managing customer demand/expectations for IPv6 enabled services and devices<br><br>- cost of staff training<br><br>- there are mistakes that will be made therefore need for mutual support in the implementation of v6<br>
<br><i>Social and economic perspectives</i>-<br>- Transition should be cooperative endeavour with social and economic and policy considerations<br><br>- Gradual implementation and interoperability between IPv4 and v6 expected so as to preserve the investment already made<br>
<br>- There is a general understanding that IPv6 will compliment and supplement the existing IPv4 as well as provide improved routing, multicasting, efficient infrastructure. The following questions however arise:<br><br>
o The advantages that IPv6 offer are good reasons to invest in the new IP version.<br>o Would transition be transparent and would backward compatibility required<br><br>- Users want the stability of the internet to be maintained and hope that IPv6 will offer opportunities for addition to personality features on the internet this is what makes the business case<br>
<br>- In the India case there are a large number of service providers and there is only a 1/8 usage therefore demand is low the need to enhance cultural diversity however provides opportunities to create demand through local content development including E-government programme and Info-tainment<br>
<br>- It is important to break the myth that IPv6 is a new internet - It is not a new internet rather continuation of the internet<br><br>- The main benefit is the address space addition- which may allow for efficiency<br>
<br>- There is no need to establish a deadline or regulate the implementation of IPv6 as it will be market driven. Additionally users should have rights to use IPv4 and IETF is working on coexistence<br><br><i>Policy perspective</i><br>
- With the impending exhaustion of IPv4 further implementation will be problematic as not all players will support transition therefore it is important to examine measures for continued use of IPv4 and possible migration of users to private IPv4 address space<br>
<br>- creation of action plan to be implemented by 2010 for example offering of incentives such as tax exemption and capacity building<br><br>- examination of existing programmes and mechanisms<br><br>- establishment of taskforce of IPv4 exhaustion<br>
<br>- the messages of ISPs is that they must carry IPv6<br><br>- IPv4 scarcity and demand for more security are the 2 major challenges driving the uptake of IPv6<br><br>- Institution of market transfer or reclamation mechanisms of IPv4 resources not required by local internet registries to the regional internet registries when transition to IPv6 is implemented. However this would be a challenge as RIRs have no contractual authority this may create a grey market. This challenge may be overcome through a loose membership association that allows others to use others resources<br>
<br>- Institution of secure routing objects including PKI to authenticate users raises governance/control issues RIRs have centralized control which may make it efficient and better able to address security issues this makes an RIR an central governance institution. Membership of security/government associations in the RIR would result in infiltration of technical, policy agendas that may make the transition to IPv6 complicated<br>
<br>- However it is argued that RIRs should remain neutral and trans-national institutions which:<br>o maintain a homogenous technical group<br>o maintain a bottom-up approach in policy making<br>o guarantee the stability of the internet and business continuity of members<br>
<br>- main challenges in the deployment of IPv6 include:<br>o lack of public education, information and skill<br>o limited network policy decisions to make deployment happen<br>o lack of incentive to deploy ipv6</div><br>
<div class="description" id="desc_2332551Comment6557"><b>1100-1230 Workshop 59:Building a global capacity building curriculum framework and premier</b><br><br>- Integration of IG capacity building in existing ICT and public policy courses was advocated.<br>
<br>- The training may be offered either online, offline or through short term executive courses.<br><br>- Collaboration between different stakeholders who have different needs is imperative in order create an understanding of the issues arising from increased used of the internet particularly those that transcend the geographical, and cultural borders.<br>
<br>- internet security awareness programme set up in India<br><br>- Presentations on the Diplo IG capacity building programme (<a href="http://www.diplomacy.edu/ig">www.diplomacy.edu/ig</a>) including a demonstration of the online platform.<br>
<br>- The Diplo approach includes the training course (foundation and advanced), policy research, policy immersion and community interaction.<br><br>- The impact associated with the IG capacity building programme have been varied and impressive including the establishment of IG governance masters programme in Srilanka and the use of telecentres to disseminate IG related information.<br>
<br>- Diplo has successfully offered the training to professional worldwide for the last 4 years leading to the establishment of national, regional and global community</div>
<div class="description"> </div>
<div><strong>1400-1530 Workshop 29: Building confidence and security in the use and security in the use of ICTs for African countries<br><br></strong>Main challenges in Africa<br>- lack of infrastructure<br>- lack of services<br>
<br>Therefore opportunity to learn from mistakes in developing countries and establish of computer emergency response team currently there is only one active CERT in Africa in Tunisia, South Africa is in the process of setting up a CERT with the deadline of 2010 before the FIFA world cup. While countries such as Morocco, Kenya and Ivory Coast are thinking about set in up CERTs.<br>
<br>The approach in dealing with Cybersecurity in developing countries<br><br>Success of Cybersecurity is based on 3pillars<br><br>1. <strong>Technology pillar</strong> ICT/security tools including:<br>o PCs / networks, physical security tools, data tools (storage media and cryptography), availability of infrastructure and application (redundant servers and PKI)<br>
<br>2. <strong>Methodology pillar</strong> policy, procedures and regulations on three levels:<br>o managerial level (security policy, management procedures and capacity building, audit) Legislative level (law and regulation)<br>
o operational level (acces control rules, implementation plans, monitoring, watch, incidence handling)<br>o continuity of services level ( business continuity plan, crisis management, drill exercises)<br>- actors in this pillar include the government, security professionals and users<br>
<br>3. <strong>Social behaviour pillar</strong> creating a culture of cyber security<br>o cultivate culture of cyber security through continuous action of raising awareness using diverse media/channels<br>o the target audience includes managers, decision makers, security, children, parents, teachers<br>
<br><br><u><b>Case study: CERT-TCC - Tunisia</b></u><br><br><em>The functions of the CERT include</em>:</div>
<div><br>- Watch- collect information from different sources eg CISCO, HP. Microsoft, network of CERTs, community of hackers<br>- Training<br>- Coordination<br>- Response<br>- Incidence handling<br>- Incident analysis<br>
- Awareness<br>- Warning alert<br><br><em>Key issues</em>:</div>
<div><br> Information, warning and alert carried out to in collaboration with ISPs, managers decision makers, internet community through mailing list, call centre, media<br><br> Oriented campaign utilizing prospectus, posters, email, radio, cartoons, video, attack simulation and guides<br>
<br> Incident handling - training in new tools<br><br> Coordination important in the effective functioning of the CERT incident coordination procedures and information including regional CERTs, other CERTs within the country (for example Brazil has more than one CERT), ISPs and operators, vendors and integrators, and national authorities.<br>
<br>Need for the formation of CERTs in Africa however the challenges of lack of "know how" in IT security need to be overcome through:<br>- capacity building<br>- encouragement of the development of national solutions based on open source components<br>
- improved R&D capabilities and making it more responsive to urgent needs<br>- encouraging academic research in the important topics of security (cryptography, methodologies
)<br><br><em>The following questions and comments were raised</em>:</div>
<div><br>- the need for social engineering through the creation of a culture of cyber security to be addressed specifically because of the increased requirements by government to obligate to provide subscriber identification information<br>
<br>- how can African countries start up a cert- through collaboration for example with existing CERTs<br><br>- in establishing a culture of cybersecurity consideration should be given to the fact that there are different social cultures in different countries however there is consensus on issues such as child pornography, identity theft<br>
<br>- how can a regional approach be developed where there are differences in level of ICT infrastructure and use of infrastructure in the delivery of services, what tools can be used to encourage decision makers to be involved in the issues of cyber security?<br>
<br>o It was recognised that funding and expertise was required for example AFDB, World Bank and Islamic Bank while ITU have regional workshops on cyber security</div>
<div><br>o As African countries build on infrastructure and services there is an opportunity to learn from those that have already developed CERTs.<br><br>- How does the CERT monitor traffic: with the collaboration of ISP and operators as well as supporting legislation<br>
<br>- Regulators need to advice the government to use ICT in development this is a manifestation of government commitment<br><br>- The role of policy making was emphasized as it provides government commitment to using ICT for social economic development and governance and consequently support for cyber security initiatives including the formulation of legislation.<br>
<br>- There should not use a piece meal approach to cyber security to prevent ineffectiveness for example Mauritius has electronic transaction act but PKI not yet established</div>
<p><br> </p>
<div><span class="gmail_quote">On 12/5/08, <b class="gmail_sendername">mwende njiraini</b> <<a href="mailto:mwende.njiraini@gmail.com">mwende.njiraini@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>Following our recent online discussions on Internet governance issues in Kenya, the Kenya IGF and East African IGF; you may wish to follow the discussion currently ongoing at the global IGF 2008 in Hyderabad India at <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.intgovforum.org/" target="_blank">http://www.intgovforum.org</a>.</div>
<div> </div>
<div>Below are highlights from workshops I attended on Day 1 December 3rd):</div>
<div>
<div><b>0930-1100 hrs Workshop 43: Legal aspects of governance critical internet Policy issues of public relevance</b><br><u>1st presentation</u><br>The issues on that have legal implications include:<br> internet security intellectual property rights, infringement, privacy and protection mechanisms<br>
IP domain name protection, conflicts arising out of data and content ownership privacy therefore increasing role of P2P in growth of internet 2<br> Consumer status and rights in relation to e-commerce cross border and domestic online trade<br>
Telecom issue viz backbone deployment and interconnection costs<br> Freedom of expression the extent of censorship and control on online content<br><br>There is need for capacity building to create meaningful participation of individual and SMEs as well as increasing connectivity through building IXPs and local content development<br>
<br>The question was raised as to whether there a need of alternative institutional mechanism.<br>The salient features of the MOU between ICANN and the department of commerce (DoC) include:<br>- The affirmation of the role of private sector leadership<br>
- The role of DoC in ensuring transparency and accountability and effective GAC participation<br>- Ensure accountability and publish by-laws and strategic and operational plans<br>- Agreement can be terminated in 120 days<br>
<br>The MOU has been criticized because of the following reasons:<br>- US governmental control on root server administration<br>- Inconsistent with WSIS principle where no single government should have a pre-eminent role<br>
- Domain name allocation policies need better development<br>- IPv4 address allocation have been imbalanced need to ensure IPv6 address allocation does not suffer the same effects -This assertion was however refuted as IP addresses allocation based on need. The need for prudent management and keeping barriers low for the transition to IPv6 was emphasised.<br>
<br>To overcome this WGIG proposed 4 models:<br>- Global policy council<br>- Intenational internet council with leading government role to fulfil the ICANN/IANA functions<br>- GAC to be strengthened with enhanced coordination function<br>
- Replace US govt role by general internet council or with world ICANN (in lieu of GAC)<br><br>The common features of these models were the overwhelming government lead and the presupposition of the possibility of international treaties. During the discussion the viability of these models was questioned given that speed is of essence in the management of internet resources. It normally takes a long time to negotiate international agreements; including treaties instead a set of principles should be endorsed.<br>
<br>The speaker recommended on the management of critical internet infrastructure should take into consideration the following<br> Treatment of technical resources of the internet and global economic, social and legal aspects arising out the internet should be at par<br>
The development and implementation of polices and standards and solutions to various internet issues should be done in a coordinated manner for example telecommunication standard development is done in a hierarchical and predictable way.<br>
New structure would be a supreme authority over internet<br><br>In conclusion the speaker asked: Does the internet as we know it need to be altered radically? Should the status quo be maintained? Should a Red Cross model of recognition by international community states be given to an international entity like ITU, INTELSAT. However fundamental change is not necessary as failure has not been identified.<br>
<br><i>My comment</i>: this presentation was descriptive and despite the fact that an alternative model was proposed the principles, mechanisms that would need to be put in place in order to make it work were not discussed<br>
<br><u>2nd presentation</u><br>The next speaker spoke about the ccTLDs in latin Amercia which are broadly organised into two main groups: non-governmental and governmental organisations. A contribution from the floor however clarified that the Brazilian ccTLD is a multi-stakeholder coordinated by government but on a day by day basis operates as a non-governmental organisation. The Indian ccTLD is managed by government and private sector sovereign interest taken care of through government representation.<br>
<br>The rules and regulations under which the institutions that manage the ccTLDs are managed determinate legal framework under which they operate. Consequently ccTLDs are regulated under national law while ICANN regulates gTLDs The possibility of self regulation is based on the assumption that private sector would act in the public interest.<br>
<br>In the discussions some felt that there was need for increased attention of government in the management of ccTLDs as it was critical infrastructure while on the other hand other felt that there was the risk of excessive regulation with increased involvement of government.</div>
<div> </div>
<div>
<div><u><b>1130 -1200 hrs Workshop 36: Strategies to prevent and fight child pornography in developing countries</b></u><br>Child pornography in Brazil has grown out of the popularity of social networking. However the main challenge has been issues related to jurisdiction as content is resident in ISP based in the USA and trans-national ISPs like Yahoo, Microsoft and Google which have branches in strategic markets and have tailored the services for these markets in terms of language and content.<br>
<br>Brazil was therefore unable to deal with serious offences related to content specifically child pornography - committed by Brazilians using Brazilian IP addresses. The government has been able to sign an agreement with Google to fight child pornography on Google's orkut social network.<br>
<br>The following are consideration taken in drawing up the agreement<br>1. Which criteria should be used to define the ability of a particular country to legislate over and sanction conducts committed on the internet?<br>
- Where the data is located?<br>- International law principles (territoriality or nationality) shall be used to define the sovereignty of a state regarding cyber space which is a network of networks<br>- Define some reasonable standard for example managed by Brazilians and is local content and local language<br>
- Access points in Brazil, harmful conduct felt in the country taken obligation under international law to take offence country of origin approach would force thousands of users to unfamiliar rules and travel offence under human rights therefore apply local legislation<br>
<br>2. It is legitimate to enforce the conduct of local office as it impracticable to send legal request to the US.<br><br><br>New tools have been implement that have reduced number of images uploaded and increase in number of reported cases- subject to investigation. It was inspiring to listen to parliamentarian talk about the need to have legislators engaged in the process as they ultimately pass the laws. I appreciated the fact that in there is great cooperation between the parliament, government, police, civil society and private sector.<br>
<br>The main challenges are:<br> Lack of awareness and participation by parliamentarians who are critical in the formulation of legislation<br> how to obligate ISPs to provide information without infringing on freedom of expression and privacy,<br>
what criteria should be used to deal with these offences<br> the creation of awareness of ISPs in developing countries of the need for judicial cooperation as well as social initiatives to deal with cyber crime.<br> Insufficient infrastructure to deal with this issue law enforcement does not have the human resources and technology<br>
Material produced to fight child pornography are not evaluated they should be inline with the demand<br><br><i>My comment</i>: I would have like to know if initiatives have reduced offences, what is the success rate registered in prosecution, ability of the law enforcement and judicial system to deal with offences. There was no mention of where initiatives had been launched to fight child pornography on the financial front.</div>
<div> </div>
<div>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><b><span lang="EN-GB"><font size="3"><font face="Times New Roman">1530-1700 Workshop 45: Opening to diversity and competition of the DNS system</font></font></span></b></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3">There were 3 presentations in this session:</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><br><font face="Times New Roman" size="3">- <u>1st presentation</u> - alternate DNS system used in library systems</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><br><font face="Times New Roman" size="3">- <u>2nd presentation</u> - implementation of security in the Handle system</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><br><font face="Times New Roman" size="3">- <u>3rd presentation </u> discussed the Net4D</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3">Net4D- provides the technical solution to the political concern on the control of root servers. Net4D networks enable the following:</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> Empower the second generation of the web: the semantic web.</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> Multi-stakeholder governance of DNS</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> Net4D classes should be open and interoperable</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3">DNS 1.0 was a monopoly of ICANN web 1.0 html with USA parentage and English only while DNS 2.0 is open allowing for competition including inter alia:</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> Net4D semantic web</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> Open coherent approach to linguistic diversity</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> Allow technological innovation with value added services</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3">Concern was however raised on the:</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> Investment/implementation cost required to implementation of different DNS systems depending on the BIND implemented and root servers enabled</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> relinquishing of the political control of root servers</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> Value to end users</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> Awareness and understanding of the issues by different stakeholders necessary delivered in a way that they can understand</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><span lang="EN-GB"><font face="Times New Roman" size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><font size="3"><font face="Times New Roman"><i><span lang="EN-GB">My comment</span></i><span lang="EN-GB">: the session was technical I hope the techies on the mailing list can help us understand the governance issues associated with the introduction of DNS competition and the impact on developing countries :)!</span></font></font></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><font size="3"><font face="Times New Roman"><span lang="EN-GB"></span></font></font> </p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><font size="3"><font face="Times New Roman"><span lang="EN-GB">Kind regards</span></font></font></p>
<p style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><font size="3"><font face="Times New Roman"><span lang="EN-GB">mwende</span></font></font></p></div></div></div></blockquote></div><br>