The RIPE NCC is liveblogging from the European Dialogue on Internet Governance (EuroDIG) from 4-6 June. Check back for updates!
Day 2: Closing, and Looking Ahead (for EuroDIG and the IGF)
The closing session of EuroDIG 2018 was a chance to take stock of the event and consider what lessons it might have to teach for future Internet governance events and processes, at the regional and global level.
The good? The engagement of youth in the event is an important success, with past youth participants now developing the content for the YouthDIG event, and helping young newcomers to make active contributions to the main EuroDIG discussions (including the development of “Youth Messages”). And as several speakers noted, the EuroDIG program itself continues to explore emerging governance issues, including artificial intelligence and blockchain technologies.
The not-so-good? Some business sector participants were blunt in describing the EuroDIG program as “irrelevant” to their interests and concerns - bringing back participants from the private sector (and rejuvenating declining government attendance will be vital to the legitimacy of EuroDIG and the global IGF going forward, but it may require both events to look more closely at how they construct their agendas and reach out to stakeholders in the private and public sectors (also a topic of intense discussion during the annual General Meeting of the EuroDIG Association, which took place during lunch on Day 2).
With the 2018 IGF now set to take place in Paris this November, and the 2019 EuroDIG announced to take place in The Netherlands (not to mention the Central Asia IGF coming up later this month, and the myriad national IGF events around the RIPE NCC service region), the future of such bottom-up, multistakeholder Internet governance events relies on everyone involved building on past successes and figuring out how to overcome the ongoing challenges.
Before we sign off this blog, a salute to the EuroDIG team, including the Georgian hosts, who pulled together an interesting, well-attended, and vibrant event!
7 June 2018, 12:00 UTC (...so I'm a little late!)
Day 2: Non-state Actors in Europe and Beyond: True Shapers of Cyber Security Norms?
This session revolved around determining the roles of different actors in norm-setting, how that fits within the current government and business approaches, and the implications this has for human rights. The session understandably saw many positions that were often in polar opposition.
We started by trying to understand what the difference is between a norm, a law, standards and self-regulation.
Some participants were skeptical about private companies dictating legal frameworks and setting binding norms, and felt that companies should not be responsible for building laws. Others believed that governments should not regulate cyberspace or should do it only in a very limited capacity, leaving it to the private sector, technical communities, and civil society. In response to these two positions, it was noted that civil society, for example, does not have much muscle to enforce norms, unlike governments and the private sector. Thus civil society has to partner either with the government or corporates to achieve results. It was also noted that the government has a role in developing and preserving the digital economy and digital human rights.
The session then moved on to discussing if norms are appropriate tools to regulate international relations and to provide stability and security. The opinion in the room was divided, with almost half agreeing that norms are indeed appropriate, while the other half believed they are inappropriate and international legal frameworks and other tools are better. One position was that since we, as the whole world, cannot agree on legally binding tools in many cases, we must rely on norms, set by communities, otherwise there is a vacuum, which can be dangerous. The Council of Europe representative thought norms do not fit the task when it comes to cybercrime, for example, which is an area that really needs other tools. There were few who believed that there must be a middle-solution, a mix of international law and regulation and norms, which appears to be the only scalable solution.
No actors can be left behind, seemed to be the general line in the final part of the discussion. The different stakeholders reiterated how his or her area plays a crucial role in ensuring cyber space is safe and valuable to users. It is all about checks and balances in the general opinion of the room. There were many examples of cases when a certain stakeholder believed that it alone was capable of ‘fixing’ everything alone, and it always proved to be counterproductive, thus giving birth to the multi-stakeholder approach. Another point here was that such cooperation of different sectors needs to be institutional and not sporadic, as is mostly is now.
However the key challenge still remains - what do you do in case some countries or stakeholders do not follow the norms? The devil is always in details - how norms are implemented locally, whether there are mechanisms to enforce them, and finally how can you hold accountable the norm-setting actors?
6 June 2018, 14:00 UTC
Day 2: And the winning buzzword for today is ... blockchain!
“The blockchain technology promises trust that is independent from government or business institutions […] Will governments become obsolete?” The description of this session poses some bold questions and I came in not knowing what to expect. And indeed, some suggested that blockchain can eradicate many world ills – from fake news through bureaucracy to corruption (although I wish they elaborated a bit more on the practicalities).
Other panellists were more cautious about making such sweeping statements. They suggested that far from making governments obsolete, the use of blockchain might help them restore trust and expand opportunities.
Georgia, the host of EuroDIG, was one of the first countries that started using blockchain in their public registries. One of the speakers gave the example of the Georgian private property registry, where after receiving the digitally signed document, NAPR (the National Agency of Public Registry) generates hash codes, and sends them to blockchain. Doing things this way reduces financial risk and the possibility of wrongful manipulation and simplifies the registration process, while not costing that much (at the moment). Next, they are planning to integrate blockchain in Georgia's business registry.
Panellists agreed that regulating such a young technology without fully understanding it and letting it develop might stifle innovation. A better course of action would be to fund projects on ensuring that blockchain is secure, scalable, that it does not use an unsustainable amount of energy.
6 June 2018, 13:30 UTC
Day 2: IoT Opportunities and Challenges
A workshop this morning focused on discussing the economic opportunities and security challenges in the emerging IoT landscape. In an innovative approach that involved a bit of role play, the audience was challenged to come up with arguments from different stakeholders: the consumers, the manufacturers and the governments.
The discussion that followed was a great opportunity to weigh those arguments against each other and further to test those against reality. Is it, for instance, true that consumers are willing to pay more for a more secure product. Or is the majority of the market still focused on the price, with customers preferring a lower cost and manufacturers aiming to maximise profit, essentially an environment where something has to give and that is usually quality, often in the form of security.
What also surfaced in this discussion was the question of whether there is a difference between retail consumer products and institutionalised buyers such as large companies and the states themselves. Personally, I don’t think there is much difference in that price still dominates, but as others argued, on the industrial side, the ‘customer’ also has clearer specifications on what the product should do and those often also involve quality and security. Thus when it comes to building capacity to create an informed customer, we are likelier to find an easier path towards the institutional consumers. What is more, while not brought to the table this time, there is probably a role for the governments to lead by example and provide incentives to industry work on security and privacy by design.
When it comes to solutions, there seems to be a rough consensus that something needs to be done. Its also good to see that in this context, several governments such as the UK and The Netherlands are now seeking out voluntary measures to be taken by the industry, based on norms defined in an open dialogue with all stakeholders.
Unfortunately a lot of these norms still focus on the point and moment of sales. While it’s great that there is an effort to check and certify products before they hit the shelves, we need to remain aware that security is not a static thing. What is secure today, might no longer be secure tomorrow. And especially with expected lifecycles of 10 to 20 years, it could become a challenge.
It is a bit of the elephant in the room; we all of course hope companies will prosper and stay around, but in the current start-up culture, some are likely to fail or fade away. What happens when 15 years from now a critical vulnerability surfaces on an install base of millions of sensors and the manufacturer or the people who designed it, are no longer around?
We’ll probably turn to our governments for help, but what should they do to prepare for that day? In the hallways you hear suggestions such as mandatory escrow of designs and intellectual property, ensuring that if there is a need, we can look back at those to find a solution. Or should we start thinking about building some sort of last resort fund to provide the necessary continuity to those that we feel are “too big to fail”?
I hope that we can help the discussion move forward and think about these things a bit more, before it is too late.
6 June 2018, 11:00 UTC
Day 2: What do manufacturers, users and policy makers think about IoT security?
After an engaging session on global data flows, I found myself in the “users” breakout group discussing IoT security. Early on in the discussion participants agreed that information on the security of IoT devices should be clear, concise and intelligible. However, while young people are more likely to trust the manufacturer or not care about the security implications of an IoT device, older generations tend to pay more attention to security issues and look for a stamp or trademark.
A discussion arose whether people are willing to pay more for a more secure device. It was agreed that people at this event are much more conscious about security issues than the average Tom, Dick and Harry. Alas, most consumers are still making decisions based on how it would affect their wallet. Parents are, in general, a group willing to pay extra for a secure device. However often they are not even aware about the security vulnerabilities of the IoT devices they buy. This loops back to the importance of a minimum level of awareness and understanding amongst the general population. Security can only be a competitive advantage for a business if the awareness level amongst consumers is high.
How can we improve that? Plenty of websites offer reviews of the security of (IoT and other) devices. This is similar to offline services, where people don’t research the health and safety of hotels for example, but check the online reviews of others’ experiences. On the one hand this raises awareness of security issues at the consumers level, on the other hand, it is questionable to what extent users have the qualifications to review the security of a device.
And what do manufacturers think? Manufacturers traditionally push IoT products regardless of security. In the competitive IoT space, it’s all about market share and first-mover advantage. Security is a feeling to be sold to a customer. However recently, GDPR has turned privacy and security into an economic consideration for manufacturers.
Lastly - governments. Governments see the importance of IoT devices in multiple public sector areas, such as healthcare and transport. This is why smart governments support IoT research and development programs, engage with business, standards bodies, public authorities and smart city planners to understand how the technology is developing and the challengers that technology developers are facing.
Governments should not lose sight of further developing broadband network infrastructure to sustain the growth of IoT as well as the importance of ensuring people have the skills necessary to use this technology and make informed decisions.
6 June 2018, 08:30 UTC
Day 2: Multistakeholder (no "-ism")
What better time than the morning after a gala dinner to discuss the future of the multistakeholder model? And who better to lead the discussion than Lawrence Strickling, former head of the US National Telecommunications and Information Administration (NTIA), who led that organisation through the process to transition away from stewardship of the IANA functions?
During a keynote speech in the first session of Day 2, Strickling discussed his work since leaving the NTIA, studying, refining and developing multistakeholder approaches to policy challenges. His advice: identify specific goals, be sure to have a process to carry through any solution to full implementation, and beware of multilateral processes posing as multistakeholder - a government consultation in which government alone is responsible for the final decision is not a multistakeholder process. He also warned against too philosophical aproach to the multistakeholder approach (making it an "-ism") - better to simply see it as a tool to be developed and deployed as the situation requires.
The session also allowed for some discussion with audience participants, including a question about Strickling’s opinion on the recently issued NTIA Notice of Inquiry, which asks, among other questions, “should the IANA Stewardship Transition be unwound?” His view: such a Notice of Inquiry is common and you shouldn’t read too much into it - but the IANA stewardship transition cannot be unwound.
6 June 2018, 07:30 UTC
Day 2: Interview with Kristina Hakobyan
What do you do?
I am an executive of a registrar company in Armenia (Global AM LLC). Currently I am working on a platform which will get together all ccTLDs in on place: globalr.com.
I’m also involved with the ISOC Armenia chapter, have been a fellow at SEEDIG and volunteer for ICANN’s Guideline Review Committee.
Is this your first EuroDIG?
Yes, and so far it has been a great experience!
Is EuroDIG important and why?
EuroDIG brings together participants from all over Europe. The sessions concern a lot of high-level issues. Participants can bring many key messages and insights back home and start working on implementing them.
The DNS infrastructure session was particularly useful for my line of work. GDPR still remains a mystery even after attending the session. Hearing the summary of the SEEDIG messages was also great. I am curious and very much looking forward to the artificial intelligence session later today.
What outcomes are you personally looking for out of this event?
This is my first EuroDIG and second DIG event overall (I attended SEEDIG in Ljublana in May 2018). I’m hoping to develop a good understanding of where Internet governance is developing as a field.
The event will also help me develop my network further. The are a lot of ccTLD representatives here, so the next step for me when I go home would be to start cooperating with them.
6 June 2018, 07:00 UTC
Day 1: The Challenges of Rural Broadband
The topic of ‘rural broadband’ is one of the recurring discussions in Internet Governance and also EuroDIG. This is also sometimes brought up under questions of digital inclusion, universal service obligation or “the right to access.” What this addresses is the basic question of how can we connect people in remote villages and settlements, especially in areas with a very low population density to the Internet. And equally importantly, provide them with sufficient speed at a price that makes it feasible for them to use the Internet and benefit from all things digital.
This is however much easier said than done, especially in areas that also pose geographical or environmental challenges, such as here in Georgia. Wireless technology, of course, plays an important role, but it also has limitations in speed and range, and there is a significant cost associated. This morning, the Georgian community showcased the Tusheki project, which is sponsored by the World Bank. In this project, they installed some 4G antennas on very hard-to-reach mountain tops, using helicopters. The discussion that followed made it clear that projects like these can only succeed when different stakeholders work together. An important element is receiving the required funding. As the business sector pointed out, for many of these connections, the required investments far exceed the expected return in revenue. But there are also other factors that can act as enablers, such as removing administrative barriers, making it easier and faster to get the required building permits and so on. As the dialogue continues, it is clear that this is not an easy problem to fix and certainly requires a custom-made solution. But it is heartening to see that there is progress, not only in Georgia, but also many other countries, with efforts underway to make sure the Internet is available to everybody.
5 June 2018, 14:20 UTC
Day 1: The Inevitable GDPR Discussion
No Internet governance discussion in 2018 would be complete without devoting considerable time to the European Union’s General Data Protection Regulation, or GDPR. The RIPE NCC has already been quite active in communicating how this new law (in force from 25 May) will affect our operations and services (see our series of RIPE Labs articles and presentations at the recent meetings of the RIPE Database Working Group and the RIPE NCC Services Working Group). However, for many other groups and organisations, the implementation of GDPR has proved confusing and problematic.
The workshop session, “Is GDPR still a mystery?” illustrated just how broadly the GDPR’s effects are being felt - the large group of attendees broke off into smaller groups to discuss the issue from a wide variety of perspectives, including the impact on ICANN’s Whois service, the difficulties surrounding “consent”, and the responsibility of social media platforms and services. Once reunited, there seemed to be common ground around concerns that, despite its implementation, neither data protection authorities nor operators and businesses seemed well prepared for the outcome, and that this confusion seems bound to hang around for the foreseeable future.
5 June 2018, 11:00 UTC
Day 1: Open Mic, and Whither Internet Governance?
An open discussion session has become a standard feature of the EuroDIG opening, and 2018 was no different. Following keynotes from the Georgian Vice Prime Minister, the European Commissioner for Digital Economy and Society, and the EuroDIG Secretariat, the open call to the microphone prompted a diverse range of comments, but coalesced around a few key themes. Specifically, the future of Internet governance discussions (Chair of the Multistakeholder Advisory Group for the global Internet Governance Forum, Lynn St. Amour, took the opportunity to confirm that this year’s IGF will take place at the UNESCO Headquarters in Paris from 12-14 November) and perhaps more importantly, how forums such as EuroDIG and the output from those discussions could actually influence public policy. Mark Carvell, of the UK government, presented a strong argument for greater government engagement in these processes, but maintaining the level of government involvement seen in earlier EuroDIG (and IGF) events has clearly been a challenge (one reason that the RIPE NCC has prioritised our direct engagement with governments across the service region).
5 June 2018, 10:00 UTC
Day 0: Dynamic Coalition on IoT
As with other Internet governance events, EuroDIG is also preceded by a "Day 0", where a lot of side meetings and events are scheduled that, while not officially part of the agenda, certainly feed into the debate.
One of those regular side meetings is the Dynamic Coalition for the Internet of Things. This coalition originated from the global Internet Governance Forum (IGF) and seeks to discuss and document global good practices for the IoT. So far the group has drafted a paper that outlines some of the basic principles regarding security and privacy that the participants felt should apply to the IoT. The question on the table today was how to continue, with preparations underway for the 2018 IGF, and what we, as part of the dynamic coalition, want from this activity going further.
During the discussion it was recognised that many organisations and stakeholders are producing their own guidelines, but that a global group such as this dynamic coalition could offer a way for people to come together and exchange experience and knowledge across the different verticals - this is something that the RIPE NCC has also been actively advocating for: we can strengthen the IoT by working together and learning from each other.
An area that was flagged as in need of more attention is the ethical arena. While many projects, papers and code of conducts focus on security and privacy, the question of who is ultimately accountable for making sure the machines behave correctly remains unclear. This may be an area where the coalition could bring value, combining the joined experience and knowledge of the different stakeholders. How this would shape up and whether it should be included in the current paper remains to be decided.
Which brings you, dear reader, into this as well - we would love to hear from people involved in IoT on where you think the DC IoT could contribute and in what form that could be. Please let us or the dynamic coalition know.
4 June 2018, 13:15 UTC
Day 0: Startups at YouthDig 2018
A recurring element of EuroDIG is the engagement with youth stakeholders, formalised for the past two events under the YouthDIG umbrella. A new element of this programme at the 2018 event has been the engagement with the startup community in Georgia. A session on “Day 0” (actually, the third day of YouthDIG activities, but before the start of the formal EuroDIG programme), moderated by eco’s Michael Rotert, featured representatives from three Georgian startup companies in the data analytics and finance industries, as well as a participant from GITA, Georgia's Innovation and Technology Agency, under the Ministry of Economy and Sustainable Development.
While the initial discussion centred around the challenges of startup life and the Georgian startup scene (which provides a strong environment for start-up activity, even as many of the beneficiaries look to build their businesses in the larger neighbouring economies), the topic of regulation soon came up, revealing some diverse opinions. While some saw connections between Georgia’s history and an aversion to heavy-handed government intervention, others saw regulation as a necessity and a risk to be managed. As one participant put it, if you can’t adapt to regulation, then you shouldn’t call yourself a startup!
The close relationship between the government and its agencies and the startup community is clearly a source of strength for the country, with the GITA-sponsored Tech Park providing premises for many startups, as well as an opportunity for startups and government to communicate easily. But with many pointing to the impact of EU regulations, it wasn’t clear that good mechanisms exist to give all those affected by such rules a voice in their development.
4 June 2018, 13:00 UTC
Welcome to EuroDIG 2018
The 11th annual European Dialogue on Internet Governance finds itself farther east than ever before, with EuroDIG 2018 running from 5-6 June in Tbilisi, Georgia. And it comes at a critical moment in Internet governance discussions - while the recent GDPR implementation is highlighting the challenges of regulating in the Internet space, there is still (at the time of writing) no official host for a global Internet Governance Forum in 2018. Questions of how “multistakeholder” approaches to Internet governance could/should work are still very much open to debate… but perhaps the greater concern is that those debates will not happen, and the goal of open and inclusive governance processes will be abandoned.
EuroDIG 2018 boasts a quite diverse agenda (as with previous events), and the RIPE NCC will be coordinating this live blog over the coming days to highlight some issues of interest to our membership, community and organisation.