The Internet Governance Forum (IGF) brings together participants from around the world to discuss public policy issues related to the Internet. This year's overarching theme is "The Internet We Want - Empowering All People". We will keep updating this article over the course of the IGF on the issues, arguments and opinions discussed at the meeting.
This is the 18th iteration of the IGF and it runs from 8 to 12 October in Kyoto and online. This time around you will hear about topics in eight sub-themes:
- AI and emerging technologies;
- Avoiding Internet fragmentation;
- Cybersecurity, cybercrime and online safety;
- Data governance and trust;
- Digital divides and inclusion;
- Global digital governance and cooperation;
- Human rights and freedoms;
- And sustainability and environment.
Throughout the week, we'll be sharing key moments and takeaways from the sessions we attend.
As we head towards the Summit of the Future that will take place during the UN General Assembly in New York in 2024, now is a crucial time to make the voice of the technical community heard. Don't miss this opportunity to get involved. It's still not too late to register and participate online. Check out the interactive program and if you've missed any interesting session, take a look at the video recordings.
Day 4: Wrap up
With over 8500 stakeholders from 175 countries participating on-site and online, this year's IGF was certainly a formidable gathering. The Japanese host did a fantastic job of accommodating the smooth running of such a big event, with over 300 sessions. On this page you can check out a list of specific outputs of the IGF, among which the draft of the Key Messages, which is open for feedback until 31 October.
Thank you for reading this blog and see you next year, when the IGF will take place in the RIPE NCC service region - in Riyadh, Saudi Arabia.
- Gergana Petrova (12 October 2023, 10:30 UTC)
Day 4: Kizuna: The Bonds that Connect Us
The 18th Internet Governance Forum closed with a live calligraphy performance. He drew the Japanese kanji of “kizuna” which refers to the eternal bonds between people, as symbolising the spirit of the IGF 2023.
Sylvia Cadena, Acting CEO of the APNIC Foundation delivered one of the closing addresses on behalf of the Internet technical community, stating that the Internet technical community "shares a history of seeking alignment with different stakeholders". She called on stakeholders "to renew their commitment once more and to show their support for the institutions and processes that keep the Internet working."
To show you the spirit of the IGF, we share voices from different participants. Watch what they have to say:
Dulcé Soares is a water engineer, and her company, Simile, uses IoT-driven water management systems for communities in Timor-Leste, and additionally, is a recipient of the ISIF Asia grant. Dulcé talks about why it’s important to have different voices at the IGF.
Edmon Chung, CEO of DotAsia, shares why his organisation is involved in the IGF.
Why should the technical community participate in IGF? Katsuyasu Toyama, Chairperson of APIX, shares his perspective.
Dr. Maiike Luiken of IEEE talks about the importance of getting diverse perspectives and the growing need for the dual transitions of digitalisation and sustainable practices.
Day 4: Minimising risks from ICT vulnerabilities
Discovering vulnerabilities in software and digital devices is not a matter of if, but when. What is important is how we, as society deal with it and try to minimise the risks and the damage done by the inevitable. Unsurprisingly, the question was discussed at a session at the IGF.
The discussion first led us to the need for more precise definitions of the roles and responsibilities of each stakeholder, which would facilitate more effective collaboration and communication. Another helpful tool would be an (internationally recognised) categorisation of digital products based on their importance, impact and level of criticality. Next, we should create a framework for effective norm implementation. In this light, Diplo, the organisers of the session, are working on a Geneva Manual that would provide practical tools and strategies to reduce vulnerabilities in digital products.
Next, we talked about how the integrity of the supply chain affects the quality and reliability of digital devices and services. We need universally accepted rules and standards for supply chain security and responsible handling of vulnerabilities, followed by accountability framework and guaranteed consequences. Speaking of the latter, there is currently not much understanding on how liability applies to digital products and improving that would lead to much more effective measures.
Some in the audience questioned the effectiveness of product security labeling. They argued for the need for rigorous assessments, comprehensive security measures, and consequences for not following security norms.
- Gergana Petrova (12 October 2023, 09:00 UTC)
Day 4: Sharing Best Practices on Internet Standards
How can the adoption of open Internet standards be encouraged? The session on procuring modern security standards showcased the efforts of the Dutch Internet Standards Platform through its testing website Internet.nl and discussed efforts in other countries on including open standards in government procurement.
According to the Internet Standards Platform, the adoption of standards often goes slowly, so they advised other governments to focus on public-private cooperation. The tool was developed in partnership with multiple organisations (including the RIPE NCC) and recently added a function to check for RPKI adoption.
The Trusted India Internet Initiative shared their experience of running bulk tests for Indian websites using the open source Internet.nl code. The initial results did not look good in terms of adoption, although India is very focused on offering public services online (‘India stack’). The Initiative intends to add Indian requirements to the code, for instance to test universal acceptance.
Nic.br from Brazil spoke about testing the adoption of standards using the internet.nl code with a Portuguese frontend as part of the ‘Programme for a Safer Internet’ in Brazil which focuses on reducing DDoS attacks, improving routing security (based on MANRS, roughly 20% of their members are from Brazil), spreading best practices for DNS and email, and encouraging the use of IPv6.
- Bastiaan Goslings (12 October, 06:00 UTC)
Day 4: (Un)Fair Share and Zero Rating
The Dynamic Coalition on Net Neutrality held a session on the “fair share” debate, which has spread beyond the EU to South Korea and Latin America as well. ETNO in Europe has argued that their telco members are unable to make necessary investments into infrastructure as their revenues are falling, and their “must carry” obligation to bring traffic to their end users gives them limited room to optimise traffic. Therefore, they believe that a “fair contribution” is necessary.
On the other hand, it is argued that net neutrality is one of the cornerstones of how the open Internet has developed and is inherently incompatible with the “fair share” proposal. As Konstantinos Komaitis, from the Atlantic Council, pointed out, on the Internet no network is more important than the other, greater interconnection adds value for everyone. The open Internet is an outcome of this cooperation.
The OECD’s scoping report shows that investment in infrastructure is not limited to telcos (contrary to what telcos might assert), but CDNs, data centres, cloud services, municipalities, pension funds, and hedge funds also invest heavily in developing infrastructure.
Google pointed out that content and application providers do contribute to infrastructure as well, such as developing private undersea cables, thereby allowing ISPs to focus on the last mile. They also pointed out content and applications provide incentives for ISPs’ customers to interconnect and upgrade their subscriptions.
Paid peering was also discussed, as well as the risk that a mandatory ‘fair share’ can’t actually be enforced in case certain content providers do not want to pay and might choose to no longer interconnect with telcos. Another concern raised was of the potential for the corporate capture of the EU, with the EU Commissioner for the Internal Market, Thierry Breton, being a former Orange executive.
While there are almost as many opinions on this topic as networks on the Internet, one thing attendees did agree on was the need to improve regulatory frameworks based on evidence.
- Bastiaan Goslings (12 October, 01:00 UTC)
Day 3: High Ambitions at a High Level Panel
The IGF Leadership Panel is a high-level group of leaders (including Vint Cerf and Nobel Peace Prize winner Maria Ressa) appointed by the UN Secretary-General to shape the strategic direction of the IGF. They published a paper titled "The Internet We Want" outlining their vision for an Internet that is: whole and open; universal and inclusive; free-flowing and trustworthy; safe and secure; and rights-respecting ahead of this IGF.
During the IGF, they held an open dialogue to hear about how the IGF can be improved along with discussing broader concerns. Some members of the audience suggested improving the meeting structure and reducing overlaps between topics. Others called for more interaction with national and regional Internet Governance Initiatives (NRIs). Suggestions were made to better promote remote participation, have a simpler registration process and provide additional resources and accessible tools. Finally, some more thought needs to be put into making it easier for smaller or developing countries to host the event.
Some of the broader issues the Leadership Panel will focus on are:
- The increasing consolidation of the Internet industry
- The dynamics of political participation and democracy
- The need for standards to reduce the Internet's environmental footprint
- The role of the Internet in empowering vulnerable groups
The Leadership Panel also committed to creating a feedback loop to hear more about local contexts and solutions and agreed that they would need to set clearer, measurable goals to achieve the ambitions set out in their paper. Whether the Leadership Panel will be able to live up to these expectations (their own and those of their audience) remains to be seen.
- Gergana Petrova (11 October 2023, 08:00 UTC)
Day 3: Connecting Rural Areas
Many sessions at the IGF discussed the connectivity gap between urban and rural areas and the urgent need to do something about it. It was widely agreed that significant efforts and funding are needed to improve Internet access in remote areas. But there was no concrete agreement on the best way forward.
While most participants agreed that governments should do something, there were many different suggestions as to what exactly that “something” involved.
Some argued that they should provide support, tax-relief or subsidies, insisting that it is important to acknowledge the financial strain on telcos when expanding coverage in rural areas and that they should not be expected to be solely responsible for making such investments. They argued telcos should receive additional support, such as tax relief, to invest sustainably in rural areas.
Others suggested governments should intervene and gave the example of universal service funds, generated through taxation imposed on telcos, which are then reinvested into initiatives for expanding coverage in rural regions. One suggestion asked for direct government involvement in deploying infrastructure. Another possibility way forward for governments was to support new technologies, for example non-terrestrial networks, that have a high potential of to enhance Internet connectivity especially in remote areas.
- Gergana Petrova (11 October 2023, 06:00 UTC)
Day 3: The Internet and the Environment
The topic of the interaction between the Internet (and ICT) and the environment has been discussed in the RIPE community and many other forums. Unsurprisingly, it was also discussed at the IGF.
We saw how important the Internet was when dealing with global catastrophes like the COVID-19 pandemic. However, only about half the world's population uses the Internet, with the connectivity gap between rural and urban areas and a lack of know-how being a major cause of this. Whatever the reasons, one thing is clear - we are not yet tapping the full potential of ICT.
A panel on this topic identified key strategies for achieving better results for both digital systems and our planet:
- To integrate Internet governance and environmental policymaking
- To increase collaboration between stakeholders, including grassroots organisations and the private sector and well as increase cross-sector and cross-industry efforts
- To make possible collective data collection and sharing
- To develop accountability frameworks, especially for large companies
Panellists brought up the need to make substantial changes to current business models (the status quo won't lead to treating the environment and society better). They also discussed the need to develop international standards for environmental and social responsibility in the global digital system. The European product tagging initiative was mentioned, which allows people to "vote with their wallets", as well as the fact that standards for sustainable infrastructure and the integration of microgrids into larger grids are already being developed. Additionally, the social solidarity economic movement which advocates for responsible consumption and balance in technology usage was mentioned as a positive development. Interestingly panellists called for the need to make sure policymakers have up-to-date information for evidence-based decisions, but also that this information should be communicated in a simpler and clearer manner.
- Gergana Petrova (11 October 2023, 04:00 UTC)
Day 2: A Short Note on Our RPKI Workshop
The RIPE NCC organised a workshop on routing security and RPKI featuring speakers from the Netherlands Standardisation Forum, JPNAP and the OECD. Our goal was to explain the need for routing security and look into what could be done to incentivise the adoption of RPKI.
An OECD study shows that governments are increasingly starting to look into routing security. Verena Weber of the OECD listed four instances:
- United States: Notice of Inquiry into Internet Routing Vulnerabilities (2022) and
- United States: Mentioned in the National Cybersecurity Strategy (2023)
- Sweden: Review of key stakeholders’ treatment of Border Gateway Protocol vulnerabilities (2020-2022)
- EU: ENISA’s “7 Steps to shore up the Border Gateway Protocol” (2019)
The discussion also turned to issues such as who keeps track of routing incidents, what can be done to promote the uptake of RPKI, the need for training and how that helps and ultimately the need to invest more in routing security.
- Ulka Athale (10 October 2023, 08:00 UTC)
Day 2: The Global Digital Compact Process - Multilateral or Multistakeholder?
The Global Digital Compact, a framework outlining shared principles for “an open, free and secure digital future for all”, is expected to be one of the major outcomes of the UN Summit of the Future to be held in New York in September 2024. The session on the GDC brought together panellists to review the work so far and what lies ahead.
The consultation phase of the GDC received input from more than 7000 entities but many felt that stakeholders from civil society and the private sector (SMEs in particular) could have been given more space to be involved. Incidentally, the RIPE NCC did contribute to the GDC.
Some also pointed out that stakeholders should be involved beyond the consultation phase – which is a big ask for the United Nations. The UN is used to managing multilateral negotiations (i.e., negotiations between governments/Member States, but not involving other stakeholders). Amandeep Singh Gill, the UN Envoy for Technology, urged the audience to get involved with the Member States that they live in - probably not the answer that most of the audience was hoping to hear. Some participants asked instead for the IGF to play a more central role in this process.
Some other interesting takeaways from this session:
Amandeep Singh Gill, the UN Envoy for Technology, remarked that the GDC should be seen as part of a larger picture of other issues the Summit of the Future is tackling, such as the debt crisis, the need to reform global financial architecture, the need to progress on the Sustainable Development Goals (SDGs) and the need to build new frameworks for peace among others. He also pointed out that the GDC is the starting point, the commitments it makes will need to be followed up on.
Paul Wilson, CEO, APNIC, pointed out that regardless of the outcome of the GDC, the Internet can only continue to thrive with the continuing cooperation of all stakeholders. He reminded the room that the multistakeholder Internet governance was not an invention of the World Summit on Information Society (WSIS) in 2005, but something that has been key for the Internet's success long before.
- Gergana Petrova (10 October 2023, 04:00 UTC)
Day 1: A Layered Approach to Fragmentation
One of the many dialogues on Internet fragmentation (which we've written about quite extensively) took place in a workshop proposing a layered policy approach. Simply put, the Internet consists of seven layers with applications on top of those. Governments intend for sanctions to be used against parties that infringe human rights, but overall Internet connectivity can be affected as an unintentional consequence of sanctions. So how can we maintain a global and interoperable Internet while allowing for the imposition of sanctions?
A panel consisting of the Ministry of Internal Affairs of Japan, Cloudflare and the IO Foundation attempted to unravel the nuances involved. The representative of the Japanese government said that they seek to respect the global interconnected Internet and would prefer to avoid introducing legislation with a potentially detrimental impact. This can indeed be the case, as the Cloudflare spokesperson pointed out, because as more and more encryption is implemented, multiple domains can end up being affected by blocking a single IP address. Government intervention can unintentionally lead to further fragmentation; therefore, they need to be able to identify the different layers and also know who to speak to. The Dutch government representative stated that they use the concept of the “public core” of the Internet to distinguish between governance of the Internet and governance on the Internet and that this could be useful for others as well.
As the IGF continues its discussions on avoiding Internet fragmentation, these conversations will continue.
- Bastiaan Goslings (9 October 2023, 12:00 UTC)
Day 1: Generative AI and Legislation Under Generation
AI and emerging technologies are one of the eight themes of this year’s IGF. Unsurprisingly, a number of high-level speakers spoke about the balancing the risks and possibilities of generative AI.
Where there’s emerging technology, there’s inevitably emerging legislation. Fumio Kishida, the Prime Minister of Japan, spoke about the G7’s Hiroshima AI Process to develop the international guiding principles for all AI actors for the realisation of trustworthy AI.
Bjørn Berge, Deputy Secretary General of the Council of Europe, mentioned that the Council is currently working on negotiating an international treaty on the design, development, and use of AI, which it aims to finalise by May 2024. This is part of the Council's ongoing efforts to address the ethical and legal implications of AI and to ensure that AI technologies are developed and used in a responsible and accountable manner.
Vera Jourova, EU Commissioner, mentioned the Declaration of the Future of the Internet. She also highlighted the EU’s work on the AI Act, the Anti-Disinformation Code of Practice and the Digital Services Act.
Eliamani Laltaika, a High Court Judge in Tanzania, made an interesting point about judicial involvement in Internet governance. Parliamentarians have a dedicated track at the IGF, and efforts are made to involve policy makers and legislators in Internet governance. Once laws are passed however, their implementation depends on how judges interpret them. He pointed out that judges, magistrates and prosecutors also need to have a sound understanding of the Internet and Internet governance to make more effective rulings. This is an area of engagement that the technical community should consider as the volume of legislation related to the Internet grows.
Day 1: High-level Addresses
During the Opening Ceremony António Guterres, Secretary General of the UN, delivered a video address in which he thanked the IGF for bringing together governments, the private sector, civil society and the technical community. (Some of you might be relieved to hear that the technical community was mentioned separately.)
He remarked that for nearly two decades (counting from WSIS in 2005 when the current model of Internet governance was established) multi-stakeholder cooperation has proven remarkably productive and resilient in the face of geopolitical tensions and divisions. He saw three areas for action:
- Closing the connectivity gap and bringing the remaining 2.6 billion people online, in particular women and girls from the least developed countries.
- Closing the governance gap by elevating and better aligning the work of the IGF and other digital bodies across the UN system and beyond.
- Reinforcing a human-rights-centred approach to digital cooperation and keeping the Internet and the physical infrastructure that underpins it open, secure and accessible to all.
Mr. Guterres is also appointing a high-level advisory board on AI which will provide preliminary recommendations by end of the year. He is also looking forward to the adoption of the Global Digital Compact (expected to take place at the Summit of the Future in 2024) which will set out principles, objectives and actions to secure a human-centred digital future.
Another high-level address came from Fumio Kishida, the Prime Minister of Japan. He recognised the Internet as an engine of economic development, a free and diverse forum for expression that enables access to information and services and a critical foundation for democratic societies. He spoke about the dual nature of the Internet - on the one hand it is essential for solving humanity's challenges such as communication, health and security, but has also given rise to a proliferation of unlawful or harmful information, cyberattacks etc. He praised the multi-stakeholder approach for bringing participants from all over the world to share their views and expressed the willingness of the Japanese government to contribute to this process.
- Gergana Petrova (9 October 2023, 3:30 UTC)
Day 0: Setting the Scene
A lot of the discussions at this IGF are likely to revolve around the Summit of the Future scheduled for 2024 and the planned review of the World Summit on the Information Society (WSIS) that will take place in 2025. The original WSIS held in 2005 established the Internet Governance Forum as a multi-stakeholder platform, and this charter was renewed in 2015 for another 10 years. As the second decade draws to a close, the successes, failures and challenges of this process are being discussed. IGF received its mandate through WSIS two decades ago. In 2025, this mandate will be reviewed and UN member states will consider the impacts and outcomes of the forum and determine its future.
In light of this, it is all the more important for all stakeholders (not just member states of the UN) to ensure that they continue to have a seat at the table in the years ahead. My colleague Suzanne Taylor published a more detailed RIPE Labs article discussing the context in which these conversations are taking place, and why the technical community’s participation matters.
One of the panel discussions on Day 0 discussed the role played by multi-stakeholder partnerships in ICT in achieving the UN Sustainable Development Goals. The WSIS model of inclusion was repeatedly held up as a functioning model of cooperation across sectors. Anriette Esterhuysen, Senior Advisor on Internet governance, policy advocacy and strategic planning, Association for Progressive Communications, pointed out, although this is not a perfect model, it doesn’t mean that we need to build everything from scratch again. It would be better to put more energy into improving existing forums for cooperation. She also warned against tokenism, saying that “multistakeholder” should be an approach and not a brand.
Speaking of sustainable development, Internet and infrastructural resilience was also discussed in a session on disaster recovery. The World Bank estimates that climate change will push 130 million people into poverty by 2030 and push another 200 million people to migrate by 2050. However, investing in resilient infrastructure can provide solid returns, with their report estimating a return of $4 on each dollar invested in resilient infrastructure.
There were several presentations that might be of interest to network operators and governments dealing with disaster recovery. A Japanese government representative presented on new policies that operators, mobile carriers in particular, will be required to comply with for resilience. Further, they are carrying out a study on inter-carrier roaming that is likely to be completed in 2025, so that in case of a disaster, customers of an affected carrier can be served by available networks. Speakers from NTT and the KDDI Corporation shared details on how they changed their disaster recovery processes following the earthquake and tsunami of March 2011.
- Ulka Athale (8 October 2023, 6:00 UTC)
Day 0: Jawboning, Congestion in Outer Space and Other Research
GigaNet is the network of researchers focusing on Internet governance, and their session included presentations on a range of topics. Prof. Jan Aart Scholte, whom you might remember from a RACI presentation at RIPE 72, presented the preliminary findings of research examining how the three RIRs from the global South (AFRINIC, APNIC and LACNIC) attract legitimacy, i.e. how they create confidence and win the mandate to formulate and administer rules for the global Internet. According to the initial analysis of the 300 plus interviews they conducted, institutional drivers such as people's perceptions of the purpose, procedure and performance of institutions are the main drivers of confidence and legitimacy beliefs, along with individual and societal drivers. He expects the findings to be published next year.
A paper by Nicola Palladino raised the alarm that different data protection regulations (for instance GDPR in the EU, the Cloud Act in the US, and the National Intelligence Law in China) could lead to tensions between countries and make it more difficult to include privacy and data protection principles in international treaties. Competing legislation between countries is not only detrimental to reaching a global agreement on human rights and also comes at an environmental cost.
Research by Berna Akcali Gur and another former RACI presenter, Joanna Kulesza, demonstrates how countries have developed mega satellite constellations in their pursuit of greater presence in space and greater control over critical Internet infrastructure. This in turn amplifies the environmental footprint associated with Internet connectivity and further congests Earth's orbit.
Another interesting paper examines "jawboning", which is the threat of regulation, such as issuing formal opinions, reports or other pre-regulatory steps, as a governance mechanism on its own. It has a significant effect on the Internet world, but the authors caution that this mechanism can be dangerous as it is less transparent and can escape some of the constraints of the rule of law.
- Gergana Petrova (8 October 2023, 5:00 UTC)
Day 0: The Declaration for the Future of the Internet (DFI)
The United States launched the Declaration for the Future of the Internet along with partners from 70 countries in April 2022. The declaration commits to:
- Protect human rights and fundamental freedoms of all people;
- Promote a global Internet that advances the free flow of information;
- Advance inclusive and affordable connectivity so that all people can benefit from the digital economy;
- Promote trust in the global digital ecosystem, including through protection of privacy; and
- Protect and strengthen the multi-stakeholder approach to governance that keeps the Internet running for the benefit of all.
The US Department of Commerce organised a workshop on the Declaration for the Future of the Internet (DFI) to look at how governments can work with the multistakeholder community to implement the DFI’s principles. The discussion centred around how this document can be operationalised, with some asserting that although it was signed by governments, it needs the involvement of all stakeholders, the principles contained in the document cannot be implemented by governments alone. Pearse O’Donohue from the European Commission commented that it is an open call for coordinated action through specific actions, in a bottom up multistakeholder process.
The workshop included breakout sessions for the different stakeholder groups, with the RIPE NCC participating in a breakout session for the technical community. The goal was to come up with recommendations towards implementing the DFI. While there were many conversations that took place (which probably merit a full article of their own), here are some of the key issues that the technical community stakeholder group discussed:
First, that the critical role of the technical community is to provide a sound technical foundation of the Internet with an unbiased technical layer that everything else depends on. This is essential to provide a free flow of information. The group further agreed that end-to-end encryption should not be interfered with in order to promote trust and protect privacy.
A concern that was raised is that the technical community seems less coordinated than a decade ago, when it came together to make the Montevideo statement on the future of Internet cooperation. Greater coordination should help create a bigger impact, but also requires more funding, which is a practical constraint.
And finally, there appear to be multiple declarations in the making – the DIF and the Global Digital Compact – but they all ultimately refer to and rely on the technical infrastructure of the Internet, and that if Principle 2 of the Declaration is not upheld, the remaining are moot.
- Bastiaan Goslings (8 October 2023, 5:00 UTC)