Cybersecurity, cybercrime, and online safety

Peterking Quaye

According to the analysis, it was found that only 39 out of the 54 countries in Africa have implemented cybersecurity legislation. This indicates that a considerable number of countries in the region still lack comprehensive laws to address cybersecurity threats and protect their digital infrastructure.

One speaker in the analysis argues that it is not sufficient for countries to merely have cybersecurity strategies outlined in literature. It is crucial for these strategies to be translated into actionable laws and for countries to adhere to them. This stance highlights the importance of putting cybersecurity measures into practice rather than just documenting them.

Supporting this argument, it is stated that some cybersecurity strategies exist only in literature and are not effectively enforced. These strategies may be in the form of policies or plans that are discussed and debated within national assemblies but do not progress beyond that stage. This lack of implementation can leave countries vulnerable to cyber threats, as they are not adequately prepared to tackle issues related to cybercrime and online safety.

Both speakers in the analysis share a neutral sentiment and agree on the need to push countries in Africa to implement cybersecurity legislation. It is suggested that increasing awareness about the importance of cybersecurity and its impact on various sectors, such as industry, innovation, and peace and justice, can help drive the adoption of legislation in this domain.

In conclusion, the analysis highlights the gap in cybersecurity legislation implementation among African countries. The argument that cybersecurity strategies should not be limited to literature but should be transformed into laws and adhered to is supported by the evidence provided. Increasing efforts to promote the adoption of cybersecurity legislation in Africa is crucial for ensuring the safety and security of digital infrastructure and countering cyber threats effectively.

Audience

The Internet Governance Forum covered a wide range of cybersecurity topics, including the role of public-private partnerships in ensuring cybersecurity and fighting cybercrime. For instance, a representative from Kaspersky, a global cybersecurity company, emphasized the importance of collaboration between government and industry in securing digital networks and combatting cyber threats.

Another speaker discussed the challenges faced by the global south in enabling cybersecurity. This involved examining cases of surveillance by countries in the global north on policies and activities in the global south. The speaker called for inclusive cybersecurity measures that address the specific needs of developing countries.

The forum also addressed the need for a more secure internet that includes the LGBTQI community. A speaker from Brazil highlighted ongoing research on internet security to protect the lives of LGBTQI individuals. This highlighted the importance of creating a safe and inclusive online environment for all communities.

The forum also tackled the security of elections and the threat of cyberattacks. Participants discussed initiatives mentioned by the Italian IGF representative and emphasized the importance of robust cybersecurity measures to safeguard the integrity of electoral processes.

The low ratification of the Malabo Convention on cyber security by African Union countries was also a concern. The forum raised awareness about the limited number of countries, around 14 or 15 out of 55, that have ratified the convention. This highlights the need for greater commitment to cybersecurity measures in the region.

In addition, the compatibility of cybersecurity strategies with artificial intelligence was explored. While details of the discussion were not provided, it addressed the potential challenges and opportunities arising from the intersection of these two domains.

A major topic of discussion was the trade-off between internet usability and security. The forum highlighted the need to strike a balance between these aspects to ensure internet freedom while implementing adequate safeguards against cyber threats.

On a global scale, the forum considered the idea of establishing common regulations applicable to all countries. This would help address cybersecurity challenges, recognizing that cybersecurity is a global issue, not a localized one.

The implementation of cyber security legislation in African countries was also emphasized. The forum highlighted the importance of legal frameworks that promote online safety, prevent cybercrime, and uphold cybersecurity.

The issue of online harassment and gender-based violence was another area of concern. An audience member highlighted the prevalence of online violence, harassment, and fraud targeting women in Bangladesh. The role of the Internet Governance Forum in addressing this issue globally was also discussed.

The potential of using the internet for elections and the need for stable cyber tools were also explored. The forum acknowledged the negative aspects of internet usage during elections but also recognized the positive potential of utilizing the internet for the electoral process.

Lastly, the forum stressed the need for a secure cyber space for youth, women, and children. An audience member representing the Bangladesh Youth IGF advocated for a cyber space that prioritizes the safety of these specific groups. The role of the Bangladesh Internet Governance Forum (BAGF), which includes communities dedicated to kids, women, and youth, was highlighted.

In summary, the Internet Governance Forum covered a wide range of cybersecurity topics, including public-private partnerships, challenges faced by the global south, inclusivity for the LGBTQI community, security of elections, ratification of the Malabo Convention, compatibility with artificial intelligence, trade-offs between usability and security, global regulations, implementation of cyber security legislation in Africa, online harassment and gender-based violence, the potential of internet usage in elections, and the need for a secure cyber space for specific demographics. The discussions aimed to strengthen cybersecurity measures, promote collaboration, and ensure the safety and inclusivity of digital ecosystems.

Giovanni Zanni

The discussion revolves around the crucial importance of addressing cybersecurity and misinformation in the electoral process. Concerns are raised about the risks that disinformation poses to public debates during elections. It is noted that the next European Parliament election is scheduled for June 2024, and there is growing recognition of the impact disinformation can have on the electoral process.

The European Digital Media Observatory (EDMO) is presented as a key tool in combating misinformation and improving public debates. Funded by the European Union, EDMO brings together researchers, media literacy experts, journalists, policy experts, and fact-checkers. It plays a vital role in facilitating communication and collaboration between public and private stakeholders involved in monitoring electoral efforts. The speakers highlight the importance of EDMO in tackling misinformation and improving the quality of public debates.

The discussion also emphasizes the significance of addressing foreign interference and ensuring the quality of information as part of electoral process cybersecurity. The COVID-19 pandemic is used as an example to demonstrate how disinformation can directly impact public health. The war in Ukraine is mentioned to highlight how false and misleading information can be weaponized in conflicts. The speakers argue that cybersecurity measures should focus on preventing foreign interference and ensuring the accuracy and reliability of information.

Monitoring election narratives and misinformation across Europe is another critical aspect discussed. A task force is mentioned, which engages various hubs responsible for covering specific nation states in Europe. The task force aims to identify and address the risks specific to each region. Additionally, a planned report on the main narratives of misinformation during recent elections indicates a commitment to comprehensive analysis and understanding of the issue.

Collaboration, fact-checking, and sharing of best practices are considered essential in the fight against misinformation. The speakers highlight successful collaborations with large fact-checking organizations and the emergence of networks in different parts of the world. They stress the importance of these collaborations and the sharing of best practices for effective fact-checking efforts.

The significance of media and information literacy is also emphasized. The speakers note that a significant portion of the population struggles to identify fraudulent or misleading content online, indicating a failure in current media literacy education. They argue for prioritizing media and information literacy education in order to effectively address this issue. Furthermore, establishing a global standard for teaching these skills is seen as a necessary step forward.

In conclusion, the discussion sheds light on the critical aspects of cybersecurity and misinformation in the electoral process. The speakers highlight the need for robust measures to address disinformation, with particular attention to foreign interference and information accuracy. The role of the European Digital Media Observatory is emphasized, along with the importance of collaboration, fact-checking, and sharing best practices. Media and information literacy education is identified as a priority, with a call for establishing global standards. Overall, these insights underscore the significance of addressing cybersecurity and misinformation to maintain the integrity of democratic processes.

Dai Mochinaga

The analysis presented covers several important aspects related to data and cybersecurity, with a specific focus on the role of big data in economic development and the challenges faced in maintaining data security. It recognises that big data plays a significant role in driving economic growth, enabling the sharing of data between companies and creating new opportunities for generating economic value. Furthermore, it emphasises that data is crucial for the development of infrastructure and the overall economy.

However, the analysis also highlights the challenges posed by data security. It acknowledges that as data becomes more vital for economic and infrastructure purposes, ensuring its security becomes a critical issue. The impact of cybersecurity breaches on critical infrastructure can have serious consequences that extend to other sectors, potentially hampering economic development.

The concept of data localisation, which refers to the practice of countries asserting control over data generated and stored within their territories, is also discussed. It notes that this trend has gained global traction as countries consider data as a vital source of economic value. One reason for this phenomenon could be the economic systems’ reliance on data, prompting governments to enact measures such as domestic data storage obligations and restrictions on cross-border data transfers and access.

Another important aspect addressed in the analysis is the significance of cybersecurity for critical infrastructure and other sectors that depend on data. The mention of a cyber attack on a hospital in Japan, affecting thousands of patients’ data, highlights the potential vulnerabilities and the need to strengthen cybersecurity measures across various industries.

The discussion also raises concerns about the fragmentation of data regulations and its adverse effects on cybersecurity. By providing examples from the Asia-Pacific region, where each country has different data regulations, the analysis demonstrates how variations in cross-border data transfers and data localisation can impact cybersecurity. The existence of differing data regulations makes it challenging to establish unified cybersecurity measures.

The analysis acknowledges the primary responsibility of governments in harmonising data regulations. It recognises that harmonised government regulations are essential for cybersecurity service providers who rely on cross-border data transfers to operate effectively in cloud environments. This highlights the need for governments to work together to establish cohesive data regulations to ensure cybersecurity.

Public-private partnerships in cybersecurity are also discussed, noting that their scope differs from country to country. The analysis acknowledges the collaboration between companies, particularly those in critical infrastructure, and the government in Japan to secure their infrastructure. It also recognises that other countries have strong regulations with government enforcement to ensure infrastructure security.

However, the need for a common understanding of cybersecurity in public-private partnerships is stressed. The analysis suggests that establishing this common understanding can help ensure that both companies and the government are working towards the same goal of securing cyberspace.

The importance of international cooperation and effective application of knowledge is also highlighted. The analysis notes that despite the ongoing discussion about these topics, there seems to be a lack of progress in their implementation. It emphasises the need to move beyond knowledge acquisition and focus on effectively applying knowledge through collaboration and action.

In conclusion, the analysis highlights the significant role of big data in economic development and the challenges posed by data security. It discusses the concept of data localisation and its impact on the economy, emphasising the importance of cybersecurity for critical infrastructure and other sectors. The adverse effects of fragmented data regulations on cybersecurity are recognised, and the responsibilities of governments and the need for public-private partnerships to establish a common understanding are addressed. The importance of international cooperation and effective application of knowledge is also stressed.

Veronica Ferrari

The analysis reveals several important insights regarding gender perspectives in cybersecurity policies and the need for a human rights-based approach. It points out that traditionally, cybersecurity debates have primarily focused on national security and the security of systems, neglecting gender considerations. Few countries have integrated gender perspectives into their national cybersecurity policies, resulting in policies that fail to adequately protect vulnerable groups and could potentially threaten their human rights.

Veronica, one of the proponents highlighted in the analysis, emphasises the lack of gender perspective in cybersecurity and advocates for a human rights-based approach. She argues that since humans are the ones directly impacted by cyber threats, there is an increased consensus in favour of adopting a human rights-based approach and bridging the digital gender gap to promote diversity. APC (Association for Progressive Communications) has developed a framework that provides recommendations for integrating gender into cyber policy.

The analysis also recognises the importance of multistakeholder governance in ensuring a safer cybersecurity environment. It asserts that a clear and strong commitment to multistakeholder governance is crucial. This involves involving various stakeholders such as civil society companies, the technical sector, academics, and different state agencies and departments in the development of cyber policies. This broader participation helps to create inclusive and well-rounded policies.

Another key observation is the role of civil society organizations in policy development. The analysis points out that these organizations play a substantial role in supporting the implementation of norms and policies by coordinating and convening other stakeholders. Additionally, they increase awareness of these policies and norms, mobilize marginalized groups, including excluded communities and grassroots groups, and ensure that their voices are heard in the policy-making process.

Moreover, it is recommended that capacity building and security trainings should be tailored to the specific needs and risks of different communities. Generic security trainings may not be beneficial for everyone, and it is important for organizations to understand the unique challenges faced by different groups.

The analysis also stresses the need for accountability in the implementation of norms regarding cybersecurity policies. A specific framework should be adopted to ensure that policies are effectively implemented. The involvement of the United Nations and its first committee is mentioned in relation to discussions on accountability.

Furthermore, it is highlighted that international human rights law should serve as the guiding framework for any policy or new law related to cybersecurity. This ensures that the rights of individuals are protected and respected in the cyber realm.

Lastly, the analysis emphasizes the crucial role of broad stakeholder participation in international discussions and policy development. It argues that by mapping out stakeholders and ensuring a full range of stakeholder involvement, it becomes possible to create cybersecurity policies that effectively address human rights and gender aspects in each country and region.

In conclusion, the analysis calls for gender perspectives and a human rights-based approach to be integrated into cybersecurity policies. It emphasizes the importance of multistakeholder governance, civil society organizations, tailored capacity building and security trainings, accountability, and the adoption of international human rights law. The involvement of a diverse range of stakeholders is also vital for the development of inclusive and effective cybersecurity policies.

Igonor Oshoke Samson

Countries in the Global South, such as Nigeria, are actively working towards enhancing cybersecurity. One approach they are taking is collaborating with the private sector to develop effective strategies. By joining forces, the government and private companies can combine their expertise and resources to tackle cyber threats more effectively. This collaboration ensures that efforts to strengthen cybersecurity are comprehensive and inclusive.

To raise awareness among the general public, particularly young people, targeted school programs have been launched. These programs use child-friendly animations, music, movies, and educational interventions to educate students about the importance of cybersecurity. By making this information accessible and engaging, they aim to instill good cyber hygiene practices early on.

The main argument is that countries in the Global South have the potential to control the influence of cybersecurity from social, cultural, and educational perspectives. By prioritising these aspects, they can build resilience against cyber threats. Culturally relevant approaches that take into account the specific socio-cultural contexts of these countries can be highly effective in encouraging individuals and communities to adopt safe online practices.

In addition, it is suggested that countries in the Global South should use the resources available to them and gradually transition towards tech-focused interventions. This approach recognises that financial and technological limitations may exist in these regions. Therefore, it is recommended to start with what can be controlled and gradually work towards more advanced solutions. This can be achieved through a multi-stakeholder and bottom-up approach, involving various actors from government, private sector, civil society, academia, and the technical community.

Noteworthy observations from the analysis highlight the importance of collaboration and the need for tailored interventions in the Global South. By harnessing the expertise of multiple stakeholders and considering socio-cultural factors, cybersecurity initiatives in these countries can become more effective and sustainable. Furthermore, the gradual transition towards tech-focused interventions acknowledges the diverse challenges faced by these regions and ensures that efforts to enhance cybersecurity are both realistic and progressive.

In conclusion, countries in the Global South are actively working towards enhancing cybersecurity through collaborations with the private sector and targeted school programs. By leveraging cultural relevance and educational interventions, they aim to raise awareness and promote safe cyber practices. Additionally, the recommendation to gradually transition towards tech-focused interventions using a multi-stakeholder approach ensures a comprehensive and sustainable approach to cybersecurity in these regions.

Lucien Castex

During the discussion, the speakers explored various dimensions of cybersecurity and its implications. They emphasized the need for a global resilience approach to tackle cyber threats effectively. This approach involves not only protecting critical infrastructure but also safeguarding the integrity of elections to prevent interference.

A key aspect addressed during the session was the importance of regulation in maintaining a safer cyberspace. The speakers acknowledged the dilemma between combating hate speech and disinformation and ensuring the preservation of digital freedoms. They underscored the need to find a balance between the two, creating regulations that effectively counter these issues while still respecting fundamental human rights and freedoms.

Another significant point raised was the integration of cybersecurity into educational curricula. The speakers highlighted the pressing need to build capacity in this area by incorporating cybersecurity principles and knowledge into schools, universities, and lifelong learning programmes. By doing so, individuals can become more informed about the risks and countermeasures associated with cyber threats, enhancing their ability to protect themselves and their communities.

The session also focused on bridging the gap to foster a safer cyberspace for all. This bridging involves addressing the inequalities in access to cybersecurity measures and knowledge. By ensuring that everyone, regardless of background or circumstances, has access to the necessary resources and information, a more inclusive and secure digital environment can be created.

A noteworthy observation from the session was the value of the International Governance Forum (IGF) in facilitating knowledge sharing, collaboration, and learning. The speakers emphasised that through open discussions and exchanges of ideas at IGF sessions, diverse perspectives can be brought together, enabling a better understanding of global and multidimensional phenomena related to cybersecurity.

In conclusion, the speakers highlighted the importance of a comprehensive and balanced approach to cybersecurity that takes into account global resilience, regulatory measures, capacity building through education, and bridging the gap to ensure a safer cyberspace for everyone. They also emphasised the role of platforms like the IGF in promoting collaboration and knowledge sharing among stakeholders. By addressing these issues, the speakers suggested that it is possible to mitigate cyber threats effectively while upholding human rights and fundamental freedoms.

Eliamani Laltaika

Cybersecurity plays a crucial role in ensuring safety in the cyberspace, encompassing a wide range of tools and strategies. It involves technological, legal, ethical, economic, and diplomatic approaches to protect individuals, organizations, and nations from cyber threats and attacks. Multiple layers of protection, including hardware, protocol, and content, are implemented to safeguard against vulnerabilities and regulate the information shared online. Raising cybersecurity awareness is essential, and individuals, organizations, and governments must all contribute to educating others and promoting safe online behavior. Deepfake technology is a growing concern, posing significant threats and requiring increased vigilance and technological tools to combat. Public-private partnership is crucial in implementing effective cybersecurity measures, and there is a need for global South engagement to shape cybersecurity policies and regulations. Expert consultations, like Laltaika’s involvement in crafting cybercrime legislation for Lesotho, strengthen institutions and cybersecurity frameworks. Analogies to African Maasai traditions provide practical insights for cybersecurity, making the concepts more relatable. Emphasizing awareness and proactive measures in online activities, such as using protective software and exercising caution when sharing personal data, is vital. Overall, the goal is to create a secure online environment for individuals, organizations, and nations.

Lucien Castex:
You You You Dear colleagues, we are about to start. We are waiting for the last people to connect online and we are starting the session. Let me first introduce quickly the topic and obviously the speakers of that session. And we will dig in quite quickly. So bonjour à toutes et à tous. Hello everyone and welcome to the workshop, bringing the gaps for a safer cyberspace. I am Lucien Castex, I am the representative for public policy of AFNIC, the French CCC. and I will be moderating this session. A colleague online, Denia Dennis, from the South Sudan IGF, will be moderating online, and we’ll also be collecting questions along with Anja Gangel from IGF Secretariat. I invite the virtual participants to ask questions on Zoom, and we will have a Q&A session as well after the stage setting. As you know, our topic today is cyber security, bridging the gaps for a safer cyberspace, which is, let’s be honest, a quite broad topic. It can be analysed from a global resilience perspective when talking, for example, about infrastructures or awareness strategies, and it can also be tackled from a regulatory angle. Balancing rights from trying to ensure a safer cyberspace while preserving human rights and fundamental freedom, such as privacy, data protection, freedom of speech. Regulation as well, government addressing cyber security, which wide-lens fighting cyber crime and anticipating new challenging, for example, new cyber threats, as many as there are, AI, chatboots, and so on. Combating hate speech and disinformation while protecting digital freedoms. Ignorantia iuris non excusat. The ignorance of the law does not allow one to escape liability, one should say. Protecting critical infrastructure is also quite a topic, as well as the integrity, for example, of elections to avoid interferences. There is also a need to build capacity and integrate cyber security in curriculums, schools, obviously universities, lifelong education. In that mix, what should be the role of regional and international instruments? And basically reflecting on the title of the session, how to bridge the gap to foster a safer cyber space for all. But enough talking. These NRI sessions are at the heart of the IGF, allowing for an exchange of ideas to facilitate knowledge sharing, collaboration, and first and foremost, learning from diverse perspectives to comprehend a global and multidimensional phenomenon. We have around the table, both on slide. site here in Kyoto, Japan, and online, excellent experts bringing inputs from national and regional IGFs throughout the world to help us grasp that complexity. So the flow of the session, really quickly, is the 30-minute stage setting. Then we will have open floor exchange. So I invite you to reflect on what you want to ask to discuss for that session. And then a 15-minute conclusive remark and voluntary commitment, if any. And we’ll close the session. So around the table, we have first, from Africa, Mr. Eliamani Laltaika from the Tanzanian IGF, a judge at the High Court of Tanzania. We have also, from Europe, Giovanni Zani from the Italian IGF. Giovanni is the director of the Italian fact-checking project Pagela Politica and Facta News. We also have, from the Gulag region and from Argentina, Ms. Veronica Ferrari. She’s a global policy advocacy coordinator for the Association for Progressive Communication. From the MENA region, and it should be online, we have Mr. Mohamed Barahat from the North African IGF from Egypt. He’s an Egyptian lawyer and legal researcher on digital rights and cybercrime. And he’s the vice chairman of MAG of North African IGF. And lastly, from Asia-Pacific, we have Dai Mochinaga, an associate professor at Sheikh Jaber Institute of Technology here on site. So with this excellent speaker, let me first welcome them all, welcome you, and give the floor first to my colleague from Africa. Africa, Mr. Eliamani Laltaika. You have the floor. Thank you very much.

Eliamani Laltaika:
Very good morning, colleagues and fellow panelists. As I’ve been introduced, I come from Africa. And it’s such a pleasure to talk about cybersecurity in October. Because as you all know, since 2004, October was set as the Cybersecurity Awareness Month. And throughout this month, leaders at all levels are supposed to raise awareness on the topic of cybersecurity as it touches various aspects of life and different demographies. And also in its very, very cross-cutting nature. Some of you might have traveled to Africa and might have seen the Maasai heading their cattle in the same place with lions, actually. So you see a small boy with nothing, no weapon, and lions are somewhere there, buffaloes. Has anyone seen something like that? Yes, I can see some people nodding that they have seen. Now, how do they keep themselves secure? Can we learn something from the Maasai indigenous communities who assist us to make our policies for cybersecurity better and more inclusive? Later, during my closing, I’ll take the liberty to give you our community or ethnic, our indigenous people’s secrets or code of how we can work in. the park in the Serengeti along Lyons and still keep ourselves secure. And those five hints will assist you in taking your cybersecurity further. But for now, as I have been tasked by the moderator, my task is to introduce the concept and then see how all of us are coming in. Cybersecurity is a topic that I’m passionate about, like I said, because before I was appointed a judge, I took note at Nelson Mandela Institute of Science and Technology and my subject was cybersecurity law. And so I was halfway writing a book, then I left everything because I got busy with judgments. And I like this definition by the ITU, which is extremely broad on what cybersecurity is. To paraphrase it, cybersecurity are the tools and processes aimed at making the cyberspace safe for all. And these tools can be technological, legal, ethical, economic, and even diplomatic tools. For example, if someone from a very big country, big technologically, hacks systems in a not so big country, you cannot flex your muscles. You need a diplomat to go and say, kindly assist us to make sure that our banks come back to operation because we have been hacked. So cybersecurity is moving from the computer science to many other aspects, to include school teachers teaching their kids how to avoid cyber bullying, sociologists teaching how you can. can avoid losing your minds because you are being pulled right, left and the center in the internet. So cyber security is for everyone. Cyber security law is kind of the center because law in this context is a management tool. And when you talk about cyber security law you include issues of data protection. You include issues of privacy. You include issues of protecting intellectual property online. For example, avoiding counterfeits which are sold online. You include issues of electronic transactions and e-banking. And finally, you include issues of fighting obscene, obscenity, issues of hate crime and issues of cyber terrorism. To conclude my first part and allow my colleagues to come in because I’m aware that they are going much, much deeper in the cyber crime which is a part of the cyber security law known by many because many people want to enforce those criminal aspects instead of going broadly to facilitate. Cyber security may be divided into three layers. To have a comprehensive cyber security policy or law you must cater for three layers. And these are one, hardware layer or hardware level. Two, protocol layer. Three, content layer. The hardware layer is the security of the infrastructure. You need to have infrastructure which is secure and which. is resilient, you cannot deploy substandard machines, laptops, and then expect it to be secure. So in Tanzania, for example, we have the Tanzania Communication Regulatory Authority, which checks the standards of every gadget that is deployed or is imported into the country. Protocol layer is now the software that we use. You find that we have companies, I have my colleague Ginni will probably chip in later, to explain how a huge industry is dedicated to developing antivirus and all these protection gears. And lastly is the content layer. Content layer is where you post things. Many people agree that as much as we promote freedom in the internet, we also need to make sure that it is not abused. So what goes into the internet in terms of the content should be respectful of people and dignity. The Honorable Member of Parliament Sara from Uganda talked passionately yesterday about how bloggers and users of the social media go invade privacy and spread lies and things like that. Many judges are prepared to make sure that personality rights are respected. And by personality rights, this is German terminology. In Europe, Germany, France, Europe in general have a more comprehensive approach compared to to Anglo-American legal system, which does not have this very rich concept of privacy. And if you see the GDPR is built upon this Germanic French culture, which has a much more deep philosophy of respecting personalities rather than just allow anyone to invade. With those few remarks, thank you very much.

Lucien Castex:
Thank you, dear colleague, for a great presentation and for reminding us of the definition of cybersecurity by the ITU, and as well of the need to bring together legal and policy aspects with technology, as well as sociology or philosophy of the internet. I propose to give the floor to Mr. Giovanni Zanni.

Giovanni Zanni:
Giovanni, you have the floor. Now it works, I think. Yes, that’s great. Thank you. Thank you for the previous presenters and the moderator. The previous presentation was really useful in setting the frame for this discussion. And I think as far as I’m concerned, this is already kind of a success because I’ve never been on such a big screen in my life. It’s like being at the movie theater with a movie of myself. And what I’m trying to, in the frame that was exposed before, I think that my few remarks will be squarely on the content side, because I’ll be talking about cybersecurity in terms of the electoral process. And cybersecurity of the electoral process is a crucial part of today’s democratic proceedings, as well as a recurring theme in the public debate. The next European Parliament election is scheduled to be held on six to nine. June 2024. According to many commentators, next year’s election is going to be especially contentious and crucial for the political future of the Union. The numbers of this democratic exercise are massive. 27 states with a population of roughly 450 million people will be called to the polls in order to elect more than 700 representatives in the only directly elected body of the Union. Especially after 2016, the momentous year when British citizens voted to leave the European Union and Donald Trump was elected to the White House, there have been growing concerns about the risk posed to the public debate by the issues of disinformation and the influence this can have on the electoral process. In the years since, many examples have emerged of coordinated campaigns and foreign interference by malicious actors with the aim of influencing the public opinion of states around the world, including Europe. The COVID-19 pandemic has given us a clear example of how disinformation can have a direct impact on public health, while the war in Ukraine has shown us how false and misleading information is one of the weapons in a conflict, especially in the battle for winning over international hearts and minds that often runs in parallel with the one on the field. With this background, we can safely say that our public debate at the European level is not very healthy, and we know that one of the premises for free and fair election is a free and informed public debate. So free from external attacks, free from foreign interference, free as much as possible from information of bad quality. The experience I would like to present today is the one of the European Digital Media Observatory, also known as EDMO. EDMO is a project funded by the European Union that brings together a large community of researchers, media literacy experts, journalists, policy experts, and fact-checkers. Its governance is independent from public authorities, including the European Commission, and its ambitious scope is coordinating and promoting many activities in media and policy analysis, media and information literacy, as well as academic research around the issues of mis- and disinformation. AdMob has established a network of European fact-checkers who collaborate in transnational investigations and publish every month an overview of detected disinformation across the continent. In this context, at the beginning of this year, the European Media Observatory has decided to establish a task force ahead of the 2024 European elections. The idea is to monitor what happens in the EU information ecosystem ahead of the elections and highlight the risks connected with it. The task force wants to facilitate communications in research, media and information literacy, as well as fact-checking initiatives. It wants to bridge the gap and exchange information also with other stakeholders, both public and private, that are monitoring the electoral efforts. In order to have a collective assessment of the risks posed to the security of the elections from the perspective of the media ecosystem, we need to identify both common trends that regard the whole Union and critical challenges that involve maybe just one country. Every country and every region in Europe is exposed to different risks, and the ambition of the task force is to provide an overview of all that. For example, during a recent AdMob event a couple of weeks ago, we heard that the AdMob Spanish community did not detect a significant amount of disinformation originating from other countries during the parliamentary elections that took place in Spain at the end of July. On the contrary, in central Europe. in Central Europe, for example, in Slovakia or in Czech Republic, this is very much an issue. And it is at the top of the list for the local EDMO representatives. I mentioned these regional differences because the task force gives from the beginning a strong responsibility to the EDMO chapters in the various regions and countries of Europe. The so-called EDMO hubs. There are currently 14 of them and they cover almost all the states, regions and linguistic communities in the union. In fact, the task force is composed of one representative from each hub plus three members from the advisory council. And it relies on them for collecting and sharing information about what they see on the ground. The task force built on a similar previous experience that happened a couple of years ago when the same EDMO established a similar initiative at the beginning of the war in Ukraine. The first output of the current task force on the European elections will be hopefully a risk assessment report that tries to foresee what are the main areas of concern across the 27 states and 24 languages of the union. To conclude, part of the strategy of European union ahead of next year’s elections is to delegate at least part of its responsibilities for ensuring the security of the elections to a multi-stakeholder group of experts chaired by a fact checker. The idea is to tackle the issue in a democratic and inclusive way, giving proper representation to the diversity of issues on the ground and at the same time, avoiding any censorship or exercising oppression. We hope that this experience can serve as a useful inspiration for future elections in Europe and beyond, especially in those places with a high degree of diversity and difference among geographical region and communities. Thank you for your attention and I welcome your questions and remarks in the following discussion. Thank you.

Lucien Castex:
Thank you a lot for bringing light to the importance of. election and of balancing cybersecurity with fundamental freedoms. I propose to give the floor now to Veronica Ferrari from the Gulag region. Veronica, you have the floor.

Veronica Ferrari :
Thank you. Thanks so much. I’m glad to be here. Good morning. Thanks so much for the invitation and it’s great to be here to discuss how to bridge the gaps for a safer cyberspace. So, for those who don’t know the Association for Progressive Communications, the organization I work with, we’re an international civil society organization and a network of members from over 40 countries, mainly in the global south, working on gender, social and environmental justice issues and the intersections with digital technologies. So, in my intervention today, I wanted to talk briefly about the need to adopt gender perspectives to cybersecurity to have a safer cyberspace for everyone. Because we all know that traditionally, cybersecurity debates have been centered on national security and the security of systems, but we also see that it’s an increased consensus and attention about the need for a human rights-based approach to cybersecurity since, as we argue from APC, humans are the ones impacted by cyber threats, incidents and operations. And also, there is more and more consensus in global, regional and national spaces that different groups are in different positions when dealing with cybersecurity threats, such as surveillance, hacking, censorship, disinformation campaigns, data breaches, internet shutdowns. So, some populations are more vulnerable than others. So, this is referred to as differential vulnerabilities. And cyber incidents have shown to disproportionately impact and harm individuals and groups in society on the basis of their race, gender, sexual orientation, and also because of their profession, such as journalists and human rights defenders. or people in other situations of vulnerability. So as I was saying, at national, regional, and international cyber policy discussions, we see these issues gaining more space, but also we are seeing policies that threaten the cyber security for all. For example, like some cyber crimes laws around the world that we mapped in research at APC that instead of protecting these vulnerable groups could in fact threaten their human rights. So in terms of a regional perspective, so few countries have fully integrated gender considerations into their national cyber security policies. In Latin America, for example, it’s still difficult to find explicit references to gender or gender equality in cyber policies and strategies. Some examples that I can think about is like Chile and Costa Rica with the new strategy they are discussing are some of the countries that have incorporated gender considerations in some way. And at the global level, at some, for example, UN discussions connected with cyber security, there is more consensus about the need to bridge the digital gender gap to promote more diversity and women’s participation in the cyber security field and also in cyber security policy, but still clear guidance on how to mainstream gender into cyber norms is still lacking. So I wanted to briefly mention that to contribute to these discussions at APC, we have developed a framework that seeks to provide the recommendations to integrate gender to cyber policy, both at the national and also in international discussions. So really quickly, with the project, we try to debunk some misconceptions on gender and cyber security. The idea is not to think gender only as a women’s issue because we think that incorporating a gender perspective seeks to impact in a positive way to a lot of groups in situations of vulnerability and also to impact in a positive way the majority of the people. It’s not also a technical issue, cyber security only, and cyber security policies should not be gender neutral, should be, as we propose, be in fact gender aware to try to address and tackle these inequalities. So basically a gender approach for us to start concluding is about understanding and addressing the differentiated risks, but also the needs faced by complex subjects in the context of cyber security, should also recognize the importance of being active subjects who have agency in the process of creating a more secure online environment and also questions and work to overcome this lack of diversity in the cyber security field. So again, why is important? Because we think that without the more systemic approach, a human rights and a gender approach to cyber security, large segments of the population are left vulnerable to cyber threats. So basically, this framework that I can discuss further maybe later in the discussion is thought as a starting point with general recommendations that we recognize should be adapted to regional and national context. It is mainly intended for policymakers working in national cyber security strategies but also for the civil society advocating for these perspectives into policies and also the ideas for this framework to be useful for international discussions. So I will stop here for now. I’m happy to share more about this later and looking forward to learn more from colleagues and to the discussion. Thank you.

Lucien Castex:
Thank you. Thank you very much, Veronika. It’s indeed quite important to bring a gender perspective to cyber security policy and the lack of diversity in the field is to be tackled. So discussions are indeed numerous from the first committee discussions in New York at the UN as well as the starting negotiations of the Global Digital Compact. Our colleague Mohamed Farah does problem connecting, so we will get back to him. I propose to give the floor to Dai Mochinaga. Dai, you have the floor.

Dai Mochinaga:
Thank you for the introduction. I am Dai Mochinaga from Shibata Institute of Technology and also affiliated with JPCert. I would like for the stage setting to choose the topic of the economic development and the data protection and the impact of them on the cyber security. From the regional perspective, I would like to point out the fragmentation of the regulation. First of all, the big data has the enormous role in the economic development recently and the sharing of data generated by individual companies has created new opportunities for making economic values. Also, the big data is essential for infrastructure and the economy. In order to maximize the economic and social value generated by such data, it is important to ensure cross-border data flow. However, there are challenges in security and availability of data. Cyber security becomes a critical issue for our business. It is not only critical infrastructure but also other business domains. If there is a serious impact on the critical infrastructure, it spreads to other sectors and slows down our economic development because trade, finance, people, and data connect to the world economy. Recently, countries strengthened the control over data generated and stored in their territories, such as domestic data storage obligations and other restrictions on cross-border transfers, government access, and data sovereignty, which are generally referred to as data localization. Data localization has begun to spread internationally in response to these moves from the viewpoints of the economic system that rely on data as a source of economic value. On the other hand, cyber attacks take advantage of attacking the data. A hospital in Japan was hit by a ransomware. It impacts on about 85,000 patients’ data, and the hospital does not work. I’d like to point out that these types of infrastructure, not only critical infrastructure, but also our healthcare system depends on that data. I’d like to mention that these types of examples are expanding, not only hospitals, but also other sectors. Transportation in Ukraine saved millions of people. That kind of example shows that cybersecurity saves people. Lastly, I’d like to point out the fragmentation of the data regulations. Recently, the Asia-Pacific region has that kind of fragmentation. Each country took a different approach, as these many reports pointed out. For example, Southeast Asian countries have a different scope or perspective in cross-border transfer or data localization or regulating sectors. For example, Vietnam regulates cross-border transfer of personal data, requires data localization for online service. And Thailand and Singapore These countries only regulate the cross-border transfer of the personal data, but the Indonesia regulates both and its data localization requires different sectors. So, as I said, data regulation is now fragmented in this region. This situation is heavily impact on the cybersecurity situation because the cybersecurity service providers collect the stored data from the computers and servers. So, it’s used for the detection or analysis of prevention of the service impacts and crowd environments. These types of services depends on the cross-border data transfers. So, I’d like to point out these types of situation makes us to secure our internet. So, I’d like to point out the primary responsibility of governments because this session has some kind of these topics. These kinds of governments has a responsibility harmonize these types of regulations along with some kind of principle, setting the principle, something like that. I will stop here. Thank you.

Lucien Castex:
Thanks a lot, Dai, for that presentation. It’s indeed shedding light on data fragmentation of regulation worldwide and in the Asia Pacific region from Vietnam to Singapore, as you said, as well as concrete use cases and the need for government to harmonize such legislation. We have already online. I see the online moderating and thanks to Anya for helping out on that. A question from the Bangladesh Remote Hub. As a question reads as following, how can individuals raise awareness about online scams and educate other about how to protect themselves? Is there anyone from the speakers that wants to answer that? Sure, go ahead. Thank you.

Eliamani Laltaika:
Thank you very much for that great question from Bangladesh for the online. Yes, he was right, Bangladesh. And it’s wonderful that we are communicating virtually across the world. Like I started my remarks by reminding everyone that we are in October, which is the month, the UN month of cyber security awareness. And there is a role that each one of us can play to raise awareness, not only on the scams online and on the internet. those abuses, but also in raising the next generation of responsible citizens who use the most powerful tool on their hands, namely the internet, responsibly by going to talk to school children during their break. You ask their teacher, I want to talk to them about cyber security. What is it when somebody that you don’t know asks you to tell them about your mother, what you have eaten for lunch today, and all those kind of things. So we expect that as the month of October is advancing, everyone will find their own niche. If it’s going to a radio station and talk about technological ways of knowing that this email is not genuine because this is not the kind of address that you expect from a bank, or showing that these photos have been doctored. That is a terminology used nowadays because with the coming of deep fake, it is no longer that a picture is just being faked. The word fake is no longer sufficient. It’s actually to doctor it, to go so much deep into making them. So kindly look for something that

Lucien Castex:
suits your environment in Bangladesh and make sure October is used effectively to raise awareness on how we can be safe online. Thank you. Thank you indeed. We are in October and this is a good moment to actually act on it. So I propose to now open the floor. We have, as you know, an open floor exchange between speakers and all NRI and interested participants. participants that wants to take the floor on the issue. And thanks for the speakers from presenting is setting the stage for the discussions and will conclude with quick concluding remarks from the speakers. And we’ll be off to another session. So is there any anyone in the room or online that wants to take the floor? Let me check. You can take the floor on the mics. Directly in the room, you have one on the left and one other on the right. And thank you.

Audience:
All right, if I may, and of course, thank you, Justice Eliamani for mentioning me and my my organization during his opening remarks, so I think I should sort of make a quick intervention in this space. Thank you very much. I’m Jeannie from Kaspersky. Of course, our global cybersecurity company. I just wanted to sort of pose this question to the entire panel. I think we’re very happy to listen to such esteemed speakers. And it’s open for anyone to answer this. I just wanted to know what your view is when it comes to partnership between partnerships between the public and the private sectors. So I’m talking about public private partnerships. What is the role of private companies and the industry in this ecosystem to ensure that the fights against cybercrime and in ensuring cybersecurity and proper, especially in the critical information infrastructure sectors is robust and continues to to to be to to reach out to to more countries and to benefit the regions and internationally as well, the role of public private partnerships. Thank you. Hi, my name is Wilson. Let me I’m from the youth program in Brazil and I’m. Research Institute for Research on Internet Society, IRIS, in Brazil. We research cyber security and we are currently developing research on the protection of infants and cryptos. But we previously conducted research on government hacking. There we have an point to alter the risks of using techniques such as government hacking and the client-side scanning in public security. My research includes cases of surveillance from countries in the global north on policies and the activities from the global south. And my question goes through this place. How to build the ability of cyber security from the perspectives of the global south when the north still holds the basis to develop the technologies and the economic power to accurate them? Thank you. Hello. Okay. Hello. My name is Arnaldo. I’m from Brazil as well. And I followed the previous subscription. Like we are researching about security and how do we develop a more secure internet to safeguard our lives. We from global south have kind of some measures that are applied by the global north and especially to the LGBTQI community. We face some difficulties on this theme specifically. So is it possible? will be, is it possible for us to discuss and implement all the perspectives that include and also here’s our perspectives on this development? Thank you. Giacomo Mazzone, a question for the representative of the Italian IGF. You mentioned about the initiatives or security of elections. I would like to know if there are already examples that you have monitored before the next year European elections. There has been a bunch of elections already in Europe this last month in Spain and Slovakia etc. Have you seen cyber attacks on the integrity of the elections? Can you explain what you did? Thank you. Thank you Giacomo. You can say a word of presentation of course and remarks and do not hesitate also to take the floor online just for those not in the room. Okay, thank you Lucia and thank you the speakers. I have two questions. Number one, I think my number one question will be inclined towards the African Union. We have what we call the Malabo Convention that took place way back in 2014 and of the 55 countries that make up the African Union, only a few around 14 or 15 according to the data I have, have actually been able to ratify the Malabo Convention on cyber security. My question to the panel is, I mean what is making countries not being able to ratify this very important convention on cyber security? And question number two is about the issue of as to whether you know the cyber security strategies in countries are incompatible with or compatible with what is happening now given the issues of access. artificial intelligence, you know, generative AI. And where do these two, where do these two meet? The artificial intelligence and cyber security. Thank you. Thank you.

Lucien Castex:
Before giving the floor to the on-site room in Kyoto, let me read you a question again from the Bangladesh Remote Hub. And thanks you for the question. Second question is, how can cyber crime be controlled as so many innocent people are victims across the world, including Bangladesh? All right, thank you. As we know, the cyber security and safer internet issues are global phenomena. So the action should be global. So we see that UK, Sri Lanka kind of local activities and laws policies are implemented within these countries. So it shows that there is a lack of these issues in the global activities. So my first comment is regarding the, that we need to make global actions against the cyber security more accurately. Then second thing is there is roles and responsibilities of users, platforms, technology companies, as well as organizations, civil society. So advocating on these roles and responsibilities, there is lack of space for those areas. So my comment is on that. Thank you. Hi, everyone. My name is Moho. I’m from Lesotho. I work for Vodacom Lesotho. I was inspired by the lady from Kapersky when she asked her question. So adding on to her question, I want to know what advice do you have for countries like Lesotho where the cyber security and cyber crime law has not yet been passed in parliament? So for companies like Vodacom Lesotho, what advice do you have for us to continue making an impactful cyber security awareness in our society, even though the law has not yet been passed? Thank you. Thank you.

Igonor Oshoke Samson:
Hello, my name is Igono Oshike from the Nigeria IGF. I just wanted to pass some comments concerning the questions from my friends here from Brazil and also concerning our friends from Bangladesh, so there’s this question about the global south and the business of technology being all coming from the global north. So I’d like to just point out that the IGF, just like the structure we have, we are multi-stakeholder and we know we come from a bottom-up approach. So I would just say that, using an example from Nigeria, what the Nigerian government is doing in conjunction with the private sector, it is very important to take stuff from what you can control and then take it to what you cannot control, and that’s where you need a global intervention. So for Nigeria, for example, we know that we do not have like 100% access to making those changes on a technological level, so we focus on making those changes from a people level and from what we can control. So for example, we looked at, for example, what the speaker said, we looked at other areas that are intertwined with cyber security, such as sociology, entertainment, so we target the children using animations, using cyber security treaties that are child-friendly, using music, using movies, using targeted school programs. So it’s taking it from those aspects that we can control. So from the global south, there’s so much resources that we can tap into that are intertwined with cyber security and we can start to secure our internet from there, and I think that would help us to bridge the gap between what we cannot control from the global north, and then over time, we take it up to the level, such as the IGF, and then we can start to have a more concise, tech-focused intervention for cyber security. Yeah, thanks.

Lucien Castex:
Thank you. Just looking around in the room, I see no question on the virtual room.

Audience:
Hello everyone, this is Narayan from Nepal. As we all know that there is trade-off between usability and security. The more secure our internet is, the less usable they will be and vice versa. We all know that. When we talk about data protection, social media regulation, hate speech control, misadvice, and malinformation control, we all know that it will lose concern about the security concerns and internet freedom is impacted on this part. So my question is how IGF shall deal this issue to achieve its principle of internet freedom as well as trusted ecosystem achieving and cyber security issues? Thank you. Thanks a lot. Thanks a lot for the

Lucien Castex:
question. I propose to give a round to our colleagues and honorable speakers in the room. We had a lot of questions. Elections, cyber security, sharing best practices, new threats such as AI, who wants to go first. Okay, I’d like to try to answer the first question

Dai Mochinaga:
about the private partnership. There are so many public-private partnerships in many countries, these types of work has different scope. For example, in Japan, so many companies, especially in the critical infrastructure, has deeply collaborated with the government about how to secure their infrastructure and not only share information but also sharing practices and how to how to work with them. But the other countries have some kind of strong regulations about the country has some strong power and they are forcing to regulate these types of infrastructure. So the types of collaboration is different, but the goal of securing cyberspace is common. The biggest success, I think the easy way to success these types of collaborations is defining the bad things is a very easy one. For example, cyber crimes is bad things. This is a common understanding in global. But how to secure cyberspace, what is defining a secure is very different from each country. So probably from the perspective of private partnership, public-private partnership. The company has what is good, but the government doesn’t think it is not bad. So the bad things, for example, stopping or stopping the operation of critical infrastructure is a bad thing, but the good things for the private sector is different from the good thing from the government. For example, the private sector doesn’t want to interfere with the government or something like that. So this type of collaboration needs a common understanding about the good things and the bad things. So this is a very difficult thing, but the solution is to share that kind of perspective with the companies and the government sectors. Thank you. Veronica, do you want to take the floor?

Veronica Ferrari :
Yeah, sure. There were a lot of really good questions, but I think that some issues that came up are connected also with some of the issues we care about when we work on cyber security issues. So about the questions about the issue of the global majority and the technologies being developed in the global north, and also how to engage other actors in the discussions of the laws. For example, in the case of one of the colleagues that raised that issue, talking specifically about companies, but as a civil society speaker, the point that I wanted to raise is this idea, also being in the IGF, like the symbol of multistakeholder participation, is reminding us that promoting a safer cyberspace is not the responsibility only of states. So a clear and strong commitment to multistakeholder governance is essential for a safer cyber security environment at national, regional, and also international levels. So civil society companies, but also the technical sector, academics, and different state agencies and departments should be involved in cyber policy development. And in particular, we believe that civil society has an important role in, for example, bringing this idea of a human-centric understanding of cyber security, and also in helping to implement these approaches. So civil society organizations play a key role in supporting the implementation of norms and policies by coordinating and convening other stakeholders to increase the awareness of these policies and norms, to increasing capacity of different actors. And also, as there were questions about marginalized groups and groups from the global majority, civil society mobilizes and brings perspectives of these marginalized groups, including excluded communities and grassroots groups, and also pushes and advocates for policy processes and the legislative discussions to be more bottom-up, more people-centered and more inclusive. In terms of how to do that, how to engage other stakeholders in cyber discussions, in this framework that I mentioned, we have some concrete recommendations, but some basic things are maybe, like doing a mapping of stakeholders and a full range of a stakeholder that can be contributing to cybersecurity policies. It’s critical to find the voices that can help understand, in particularly, the human rights and gender aspects in each country and in each region.

Lucien Castex:
So those were some of the points that I wanted to raise, addressing some of the questions. But thanks so much for the questions on the conversation. Thank you. Giovanni, do you want to go next?

Giovanni Zanni:
Thanks. Yes, there was specifically a question about what has been done in monitoring previous elections across Europe. So right now we are working on, so the task force has started these activities in the past few months. And the first thing that we have been doing is to ask the hubs that cover the single nation states in Europe and the regions to present a brief overview of the risks in their specific country and region. And right now we are working on putting together all those inputs. And so this is very much a question that probably we will be able to answer comprehensively next month. And parallel to that, we’ve been carrying on an exercise in checking what were the main narratives of this information that were circulating. in all the states that went to the elections over last year. And we are planning to publish a report about that also very soon. So for example, different countries as have very different narratives of this information that varies a lot between them. And then you can see that there are a few that are similar across the region. So you have this double path, so to say, where you can see really that the issue of mis and disinformation is both country-specific, region-specific, and also overall similar across the whole European Union. Aside from that, a quick note on the private-public partnership question. I think that there are two main issues here when you want to go into a private-public partnership. And I think those are pretty widespread. So for example, in Europe, those are more or less one of the common ways to do business in this field. But there are two issues. One is about independence, and the other one is about governance. Because there is clearly a balance of power between the two sectors, in the sense that the private sector usually has the money, and the public sector usually has the regulatory authority. So we have to ensure a governance that makes possible to keep separate these two interests and not influence, have a way not to have the money influencing the regulatory authority, so to say. Sorry to put that too brutally, maybe. Finally, on the north-south imbalance, there are, what I find particularly useful is that there are a few, I think, positive examples of cooperation. For example, I’m quoting again a European example. We’ve been working with a big African fact-checking organization to carry on an investigation about disinformation narratives in the continent. And the interesting thing there is that we are seeing in other parts of the world coming up basically networks of fact-checking organizations that are in some ways maybe inspired by the global and European examples. So from my point of view, I see a lot of potential in positive collaboration in bringing out the best practices. Of course, this is just looking at the positive side. I know there are also a lot of negative issues around this topic, but these are just my two cents about it. Thanks.

Lucien Castex:
Thanks a lot, Giovanni. It’s indeed quite an issue. And for example, a quick remark in France, we passed a law on combating the manipulation of information in 2018 and well, dating back to quite, well, it’s an old law. It’s 1881, Article 77, if I remember correctly, on the topic, which is obviously quite an issue since massive campaigns of false information can modify the course of elections. Thank you. Thank you a lot. I propose to give the floor last to Eliamani, if you want to react to the different questions.

Eliamani Laltaika:
Yes. Thank you very much. Many of them have been answered. But quickly to add to Ginni from Kaspersky, I know Ginni is working to reach out to some countries, including some African countries, and I’m sure that there are laws. In Tanzania, there is the Public-Private Partnership Act of 2015. which explains the parameters in which the private sector can cooperate with the government and areas have been identified and ICT is one of those areas because most of the infrastructure belong to the private sector actually. So it is a matter of right that the government needs to collaborate. Very quickly to the young lady from Lesotho, I think I can be your consultant. Invite me to Lesotho and we will discuss. Before I became a judge I was doing consultancy with different countries on how to develop their cybercrimes act and related laws and conduct workshops. Now that I’m a judge I don’t have that luxury but if a request comes from the king in Lesotho who can avoid going or otherwise I can be arrested by the king. So we’ll talk to the honorable member of parliament from Lesotho and we’ll see how we can push each other in the continent. The north-south issue has been addressed very quickly but I can only say that we must push ourselves into the center. We cannot stay and complain and say these issues are from the north and they are putting regulations. Get in. There are many avenues where the global south can be ahead. Only that we cannot sit down and complain and say things are not moving. In Kiswahili they say if things are not moving you move them. Thank you.

Lucien Castex:
Thanks a lot. I would like to give a last chance if somebody has a remark or a question. Go take the floor and then we’ll give the speakers time to conclude and basically to, well, to point to action points, to try to find what could be good to do, what’s next, what could NRIs do. You have the floor.

Audience:
My name is Sajid Latif. I’m working for a public sector organisation in Pakistan. We all are living in a global village and cybersecurity is not a local phenomenon, it’s a global issue. In my point of view, for creating a safer cyberspace, a basic set of common regulations should be framed for all countries to follow. I think this will be very good for all countries and this will be a common regulation that could easily solve a lot of problems related to cybersecurity. Thank you.

Lucien Castex:
Thank you.

Peterking Quaye:
My name is Peter Kin from Liberia IGF. I would like to ask this question that to date only 39 countries out of 54 in Africa have implemented cybersecurity legislation. My question is, what efforts can you suggest or can you make to countries that have strategies that are just in the literature, some decks of legislatures in our national assemblies, what suggestions can you give to push them to ensure that these laws are made or these are passed to ensure that our safety online, issues of cybercrime, issues of cybersecurity have been adhered to from our local perspectives, please. Thank you. I take the floor a minute before giving the floor to

Audience:
last colleague. We have a third question from Bangladesh, which I read, 67% of women are victims of violence, harassment and fraudulent online in Bangladesh. How we can ensure cyber security for them and how IGF can play a significant role in elimination of the problem across the world. And now, Sébastien, you have the floor. Thank you, Lucien. Sébastien Bachelet from Internet Society France. I was in another session where we were talking about the shutdown before, during and after elections. And there was a question about the election. It seems to me that work could be done at the cyber action against the trouble before, during and after election could be a good way. But the other point is that it seems to me that we are talking about how to use internet or how internet is closed during election, but we did never talk about how we can use internet to help for the election, eventually to be used as a tool for election. And for that, we need cyber tools strong to be able to do that. Maybe you have something to say about this topic. Thank you. Thank you very much.

Lucien Castex:
Since we are at the Internet Governance Forum in a hybrid session, you know, it might be a good idea, even if we had some quirks, you know, and then with digital technologies. Colleagues from Bangladesh, if you want to take the floor, you’re welcome to do it. We’ll see. You can still do it. And the next part, basically, we have 15 minutes, which is perfect, basically, to have our speakers conclude with action points, voluntary commitments. What’s next in your mind? What could we do either as individuals or in collaborating between local and regional Internet Governance Forum, French IGF, Nigeria IGF, Brazil IGF, and so on and so forth? What could we do? How do you feel about it? Who wants to go? you first. Thank you very much.

Eliamani Laltaika:
In concluding, I will take you to the savannas in Africa, like I promised to give you hints. So next time you find yourself in the jungle and you don’t know how to work with animals and be safe, these are five secrets of the Maasai people. Number one, carry something taller than you. You will always see the Maasai carrying a spear like this because animals know the structure of a human being. If you have something different, they will not attack you. Its application in cybersecurity, always go to Gini and Kapaski and have your cybersecurity or antivirus or anything to protect you online. If you are not protected, you are vulnerable to all malware and stuff like that. The second secret of the Maasai is to avoid where animals have babies. Or because if you find a very friendly animal, when they are protecting their babies, they will very much attack you. And also to avoid where there are watering spots for the animals. In the middle of the Serengeti, if you see some green place, that’s where animals drink water. If you go there, they will attack you. Its application in the cybersecurity world, avoid those websites which are not verified. If you get something that your logic is telling you it’s not safe, please don’t go there. The third secrets of the Maasai… The Maasai is walk like a Maasai. The Maasai have their particular way of walking. They always look confident. If you show online that you are not confident, you will be attacked. And number four secret of the Maasai, tell the truth, but not the whole truth. Tell the truth, but not the whole truth. Spare some things. It’s application online, don’t share all your data. There are things that you can use to anonymize because those people are looking for your information. And if you give everything, then you will very much be more vulnerable. Lastly, the last, which seems to be very unique to the Maasai people actually. If you are not a Maasai, this room is very hard for you to even comprehend. For us, we talk to things. We don’t restrict our wisdom and philosophy to talking to human beings. You can talk to a mountain. You can talk to a tree. You can tell a lion, Mr. Lion, I don’t have any trouble with you. Can you allow me to go home? And the lion will actually escort you to your place. And this is applicable in the cyberspace also. We need now to be able to interact with machines, machine learning, AI. You should know that when you’re online there, it’s like you have a human being with you. These things are becoming extremely personal. Throwing away your used computer is like throwing away a part of you. Someone can use that, take it in a forensic lab and retrieve everything. So make sure that your gap, the gap between you and the online space is as close as possible for you to be safe. Thank you very much.

Lucien Castex:
Thanks a lot. Thanks Eliamani, Laila Taika.

Giovanni Zanni:
Dear colleague, I would like to give the floor now to Giovanni. Any last remarks, comments, next steps, or reaction to the last questions? Yes, thank you. So, from my experience, I would say that one of the most useful things is collaboration. Collaboration across borders and sharing of best practices and sharing what works. So, a very concrete action point is to talk to similar experiences that are doing what you are doing in your country and see what works with them and then simply steal it. And this is really something that we have learned from working with the fact-checking community in Europe is that those are pretty similar organizations in terms of how old they are, what they do, the fact that they are usually pretty young staff. And everybody is constantly trying to find new things, trying to find what works, trying to find what is the best way to teach fact-checking to people, to teach media literacy. And there are a ton of best practices of good things that work in Spain or in Finland or in the UK. And what we do, what I do at least, is I simply try to do the same in my country. So, I would say that the simple sharing of information and best practices among similar initiatives is something really concrete, incredibly helpful. And on the other hand, I think that we really need to, after the discussion we have today, we really need to focus our efforts a lot in media and information literacy, in trying to really understand which is the best way to teach people how to make a good use of technology. Because one of the things that strikes me, for example, when we talk about online fraud or scams, is that those are usually pretty easy things to recognize and to avoid if you know how to do that. So, the fact that a large part of the population is still not able to find out an obvious scam when they see it, it is clearly a failure of the way in which we teach how to use those devices, how to use those programs, how to use those websites. So, I think we have to collectively try and find out what is the baseline for teaching media literacy across the world, literally. Because there are very few… do very simple things that you can do that can actually save you from an online scam. So yeah, those are my main two issues, yes. Thanks a lot, Giovanni, Giovanni Zanni, Director of Padgela Politica, Anja is telling me that

Lucien Castex:
our colleague from Bangladesh might be able to speak now. Let’s try.

Audience:
Yeah, thank you, sir, for a nice opportunity to ask. I’m Riyad Hassan Badshah, Vice-Chair of the Bangladesh Youth IGF. My questions are totally youth and women centric right now. This is how we can ensure a secure cyber space for youth, women and children. For your kind information, Bangladesh Internet Governance Forum, BAGF, is three communities strongly bounded, so kids IGF, women IGF and youth IGFs. Thank you. Thank you a lot.

Lucien Castex:
Veronica, do you want to go next?

Veronica Ferrari :
Okay, yeah, now it’s working, I think. Yeah, sure. I think I just want to build on some of the previous recommendations in terms of capacity building and security trainings. I think those are important steps. Those initiatives, our recommendation is that they should be especially tailored and built with the groups, the security trainings and capacity building activities with the communities they seek to benefit, right? So not adopting generic security trainings could be beneficial for certain groups. So this is an approach that a lot of organizations implement to actually know what are the needs or the risks that these communities you want to benefit and what is actually useful for them. Other, like, really… like broad recommendations are more connected with the idea of applying existing agreed norms. You mentioned at the beginning, like the discussions of the UN and the first committee, so there is a framework that should be adopted and also at the national level in policies regarding cyber security is more accountability about the implementation of those norms is needed. And international human rights law from a human rights perspective should be the guiding framework to any policy or new law connected with cyber security, with cyber crime. So basically, those were the points that I wanted to raise. So the need for really tailored capacity building in terms of cyber security, understanding the risks and the needs of the groups and the communities, the need to apply the norms and the international human rights framework, and also to ensure broad participation of different stakeholders when crafting policies and also cyber norms discussions at the international level. So yeah, thanks so much.

Lucien Castex:
Thank you a lot, Veronica Ferrari, Global Policy Advocates, Coordinators from the APC. Lastly, I would like to give the floor to Dai Mochinaga, you have the floor.

Dai Mochinaga:
Oh, thank you. I have been thinking about some kind of topics, but there are so many topics in this session, so I’d like to just point out one thing. So international conferences or other types of conferences says how can we level up the capacity building or information sharing. And we continue to discuss about this topic over the decades, but I think we need more something new. I think in something new, for example, how can we act more effectively? after we know about the practice, after we know some kind of information shared with colleagues or partners. So that kind of action is very difficult for us to act, to collaborate, react with, act with some partners of the other organizations is a key things in this, in our decades. So I think the most point in the future we have to discuss about the things is how can we act based on the information sharing or capacitor building? I’ll stop here, thank you.

Lucien Castex:
Thanks a lot, Professor Moshinaga. Well, we have about one minute left. So let me thanks everyone online and on site here in Kyoto, Japan. Merci. A tootsie a toots. D’avoir été présent. Arigato gozaimasu. Thank you all. Thank you.