WS #106 Promoting Responsible Internet Practices in Infrastructure

Summary

This panel discussion, moderated by David Sneed from the Secure Hosting Alliance, focused on building trust and coordination among internet infrastructure providers to combat online abuse and improve security. The diverse panel included representatives from hosting companies, domain registries, software communities, government agencies, and brand protection services, representing different layers of the internet infrastructure stack.

A central theme emerged around the critical need for trust-building among infrastructure providers, as effective abuse mitigation requires coordinated action at appropriate levels by the right actors at the right time. Panelists emphasized that communication and understanding each other’s roles and capabilities are fundamental prerequisites for this trust. Several speakers highlighted the challenges of operating across multiple jurisdictions with incompatible legal frameworks, noting that hosting providers must navigate different national laws regarding content takedown, copyright, and abuse reporting.

The discussion revealed significant operational challenges, particularly for providers in developing regions who struggle with outdated infrastructure and limited resources for modern security equipment. Lawrence Olawale-Roberts from Nigeria described how end-of-life equipment creates security vulnerabilities and makes abuse tracking difficult. Meanwhile, Jacqueline van de Werken from LeaseWeb explained the burden on infrastructure providers who operate at the lowest technical layer but face pressure to make content decisions they’re not equipped to handle.

The tension between legitimate abuse mitigation and censorship was addressed through a question about domain takedowns in Nicaragua, with panelists agreeing that transparency and appeal mechanisms are essential. Government representative Ana Neves emphasized the need for harmonized international regulations and multi-stakeholder collaboration to address fragmentation in internet governance. The panel concluded that industry self-regulation, supported by appropriate government frameworks and inclusive dialogue, offers the most promising path forward for effective abuse mitigation while preserving internet openness.

Keypoints

## Major Discussion Points:

– **Trust and Communication Across Internet Infrastructure**: The panel emphasized the critical need for trust-building between different layers of internet infrastructure (DNS providers, hosting companies, ISPs, software providers) to effectively combat abuse. Participants discussed how lack of communication and understanding between stakeholders hampers coordinated responses to online threats.

– **Balancing Abuse Mitigation with Censorship Concerns**: A significant portion of the discussion focused on the tension between legitimate abuse takedown efforts and potential censorship, particularly highlighted by a question about Nicaragua’s CCTLD deleting news media domains. Panelists explored where to draw the line between necessary content removal and overreach.

– **Jurisdictional Challenges and Regulatory Fragmentation**: Multiple speakers addressed the complexity of operating across different legal frameworks globally, with hosting providers struggling to comply with varying national laws while maintaining consistent global policies. The fragmented regulatory landscape creates operational burdens and inconsistent enforcement.

– **Infrastructure Disparities in Developing Regions**: Lawrence from Nigeria highlighted how developing countries often rely on outdated, end-of-life equipment due to cost constraints, creating security vulnerabilities and limiting the ability to trace and address abuse effectively.

– **Role of Government vs. Self-Regulation**: The panel debated the effectiveness of industry self-regulation through codes of conduct versus government regulation, with discussions about how governments can better support infrastructure providers while ensuring public interest protection.

## Overall Purpose:

The discussion aimed to explore how different stakeholders across the internet infrastructure stack can better collaborate to address online abuse while maintaining trust, avoiding censorship, and navigating complex regulatory environments. The Secure Hosting Alliance panel sought to identify practical solutions for improving coordination between hosting providers, DNS operators, software developers, brand protection services, and government regulators.

## Overall Tone:

The discussion maintained a collaborative and constructive tone throughout, with participants showing mutual respect and genuine interest in finding solutions. While serious challenges were discussed—including censorship concerns and infrastructure limitations—the atmosphere remained professional and solution-oriented. The tone became slightly more technical when discussing specific regulatory frameworks but remained accessible. There was a notable sense of shared purpose among panelists despite representing different sectors and geographic regions.

Speakers

– **David Sneed** – Director of the Secure hosting Alliance, panel moderator

– **Benny Vasquez** – Representative from AlmaLinux, works in software (commercial and open source) and community building

– **Christian Dawson** – Online moderator, colleague of David Sneed

– **Ana Neves** – Head of the Internet Governance Office in Portugal, government stakeholder

– **Audience** – Valentina Guana from Venezuela (living in Spain), works for Conexión Segura y Libre (Secure and Free Connection), focuses on digital rights and investigating internet censorship

– **Lawrence Olawale-Roberts** – Chief Executive of MicroBoss (mid-sized tech firm operating out of Nigeria), infrastructure and tech space expert

– **Goyal Vivek** – Co-founder of L.R. (online brand protection company based in Mumbai, India)

– **Irina Daneliya** – Representative from the Coordination Center for .RU (country code top-level domain manager for Russia)

– **Jacqueline van de Werken** – General Counsel for LeaseWeb globally, represents Dutch cloud community and CISPI (Cloud Infrastructure Services Providers in Europe), President of CISPI

– **Julija Kalpokiene** – Policy consultant at Internet and Jurisdiction Policy Network, qualified practicing lawyer

**Additional speakers:**

None identified beyond the speakers names list provided.

# Panel Discussion Report: Building Trust and Coordination in Internet Infrastructure to Combat Online Abuse

## Executive Summary

This panel discussion, moderated by David Sneed from the Secure Hosting Alliance, brought together stakeholders from across the internet infrastructure ecosystem to explore challenges in combating online abuse while maintaining trust and avoiding censorship. The session was structured as a Q&A format rather than formal presentations, with Christian Dawson serving as online moderator.

The panel featured representatives from hosting companies, domain registries, software communities, government agencies, and brand protection services. Participants emphasized that effective abuse mitigation requires coordination built on trust, clear communication, and understanding of each stakeholder’s capabilities and limitations across the internet’s layered architecture.

## Panel Participants

– **David Sneed** (Moderator) – Secure Hosting Alliance

– **Julija Kalpokiene** – Internet and Jurisdiction Policy Network

– **Goyal Vivek** – L.R.

– **Benny Vasquez** – AlmaLinux

– **Irina Daneliya** – Coordination Center for .RU

– **Jacqueline van de Werken** – LeaseWeb

– **Lawrence Olawale-Roberts** – MicroBoss (Nigeria)

– **Ana Neves** – Portugal’s Internet Governance Office

## Key Discussion Points

### Trust as the Foundation for Coordination

Julija Kalpokiene established trust as fundamental to effective coordination, stating: “trust is very important for any work together. For effectiveness, trust is paramount. And when we look at responsible Internet practices, for example, it is very important in abuse mitigation that appropriate action or actions are taken by the appropriate actors or actor at the appropriate level of the infrastructure at appropriate time.”

Multiple panelists provided examples of trust-building mechanisms:

– **Goyal Vivek** explained that trust is built through response acknowledgment and action on complaints, which saves money for all parties

– **Benny Vasquez** emphasized that trust requires engagement and building connections between providers to establish known entities

– **Irina Daneliya** noted that trust involves clear responsibilities and willingness to solve problems when incorrect requests are made

– **Jacqueline van de Werken** highlighted sector-level codes of conduct and ethical business approaches as trust-building mechanisms

### Technical Infrastructure Challenges

The discussion revealed significant challenges facing infrastructure providers in their intermediary role. Jacqueline van de Werken explained the technical realities of hosting providers, describing how they handle DNS conversion to IP addresses but have limited content management capabilities.

Lawrence Olawale-Roberts brought crucial perspective on challenges in developing regions, describing how end-of-life equipment creates security vulnerabilities and makes abuse tracking difficult. He noted the particular challenges faced by regions using outdated technology and lacking adequate support infrastructure.

Irina Daneliya addressed challenges faced by DNS registries, explaining that they lack expertise to judge abuse content and must rely on trusted notifiers, which creates liability concerns. She raised the important question: “what if eventually this domain name turns out to be absolutely legitimate and the owner of the main name has lost some money because his web shop or his bank, for example, was not available? And who takes responsibility for this lost money?”

Benny Vasquez highlighted an often-overlooked aspect: the ubiquity of open source software in internet infrastructure. He mentioned examples like NTP (Network Time Protocol) and noted that while open source software is critical to internet infrastructure, it remains underrepresented in regulatory discussions.

### Abuse Mitigation Complexities

Panelists explored practical challenges of implementing effective abuse mitigation across different infrastructure layers. Goyal Vivek emphasized that effective abuse mitigation requires providing complete information and understanding what actions are justified. He provided specific examples of clearly problematic content, including CSAM and deep fakes used during conflicts.

Jacqueline van de Werken explained that global coordination faces different jurisdictional approaches, noting differences between DMCA procedures in the United States and the Digital Services Act in Europe. She mentioned working with organizations like CISP (34 members) and the Dutch Cloud Community.

The discussion revealed the complexity of distinguishing between managed and unmanaged hosting services, with different levels of control and responsibility for content management.

### Censorship Concerns and Content Control

A significant focus emerged around balancing legitimate abuse takedown efforts with potential censorship concerns. This was highlighted by an audience question from Valentina Guana about Nicaragua’s .ni ccTLD deleting news media domains, asking: “How can we trust CCDLDs, administrators, to not use their power for censorship in the name of abuse regulations?”

Responses revealed nuanced perspectives:

– **Irina Daneliya** emphasized that ccTLD actions require transparency, notification mechanisms, and complaint procedures to avoid censorship

– **Goyal Vivek** argued that some content restrictions are necessary and justified, particularly for clearly harmful content

– **Jacqueline van de Werken** highlighted the challenge infrastructure providers face in making complex content judgments

### Regulatory Coordination and Government Role

The discussion revealed different perspectives on the balance between government regulation and industry self-regulation:

**Ana Neves** argued that governments should harmonize regulations and provide incentives for responsible internet practices that extend beyond commercial interests, emphasizing the need for multi-stakeholder collaboration and government advocacy for underserved users.

**Julija Kalpokiene** suggested that self-regulation can be more effective than government regulation when proper incentives exist, as industry understands their capabilities better.

**Lawrence Olawale-Roberts** highlighted the need for government-private sector collaboration, particularly in setting equipment standards and providing funding support. He mentioned the Universal Access Fund (USSPF) and called for more effective partnerships, including bilateral agreements to target OEM providers for bringing modern equipment to developing regions.

### Multi-stakeholder Collaboration

The panel emphasized the importance of inclusive approaches to internet governance. Ana Neves stressed that governments must advocate for underserved users and ensure inclusive, multilingual internet access.

Julija Kalpokiene highlighted the role of forums like the Internet Infrastructure Forum in facilitating cross-stack industry dialogue in safe environments.

Benny Vasquez raised concerns about the exclusion of open source communities from regulatory discussions, arguing that regulators need technical education to make informed decisions about technology regulations.

## Key Challenges Identified

### Liability and Responsibility Distribution

The question of how to fairly distribute responsibility and liability between trusted notifiers and infrastructure providers when takedown requests prove incorrect remains unresolved.

### Global Regulatory Fragmentation

Multiple incompatible regulations across jurisdictions create compliance burdens, forcing companies to adopt the strictest global approach to ensure compliance everywhere they operate.

### Infrastructure Disparities

Developing regions face particular challenges with outdated equipment and limited resources, creating security vulnerabilities that can affect the broader internet ecosystem.

### Open Source Community Representation

The critical gap in open source community representation in regulatory discussions, despite the ubiquity of open source software in internet infrastructure.

## Practical Solutions Discussed

### Industry Self-Regulation

Sector-level codes of conduct were identified as promising approaches for establishing trust and ethical business practices while maintaining industry flexibility.

### Multi-Stakeholder Forums

The Internet Infrastructure Forum was highlighted as a successful model for facilitating dialogue between different infrastructure layers.

### Government-Private Partnerships

Suggestions included bilateral agreements between governments to improve infrastructure in underserved regions and better utilization of existing Universal Access Funds.

### Technical Education

The need for technical education programs for government officials was identified as critical for informed regulatory decision-making.

## Conclusion

The discussion demonstrated the complex, interconnected nature of internet infrastructure governance and the critical importance of trust-building in effective abuse mitigation. While significant challenges remain—including regulatory fragmentation, infrastructure disparities, and balancing security with freedom of expression—participants showed commitment to collaborative solutions.

The emphasis on trust as foundational for coordination provides a framework for moving forward despite technical and political complexities. The diverse global perspectives highlighted both challenges and opportunities in the internet’s multi-stakeholder governance model, suggesting that meaningful progress is possible through sustained dialogue and recognition of shared responsibility across the internet infrastructure ecosystem.

David Sneed: and all right good good afternoon everybody thanks so much for coming to our panel today I’m David Sneed and I’m director of the secure hosting Alliance the secure hosting Alliance is a global initiative that is focused on improving safety and accountability and trust in the hosting industry and we have a great panel for you today the panel this is actually going to be a typical panel presentation where we’re going to have folks receive questions and provide answers as opposed to providing presentations so on the dais here we have Jacqueline Vandewerken from LeaseWeb, Benny Vasquez from AlmaLinux, Ana Neves and she’s head of the Internet Governance Office in Portugal we have my colleague Christian Dawson who is going to be our online moderator online we have Vivek Goyal of L.R., Lawrence Orale-Roberts from MicroBoss, Irina Daniella from the .ru ccTLD and Julija Kalpokiene from the Internet and Jurisdiction Policy Network so we have a quite a number of people here what I would like to do though is if folks have questions please ask your questions during the presentation today as opposed to saving them for the end though if you would like to make statements about what folks are saying that are not questions if you could just save those to the end so that we don’t interrupt the flow here so what I’d like to do is start off with some warm-up questions so if people would raise their hands in answer to these questions who here has heard of the term infrastructure provider in the context of internet governance okay so raise your hand if your employer or you’re involved in relying on a third party for web hosting or DNS providing okay and have you ever worked on or reviewed policies relating to harmful content all right that gives me an idea of where people are and where their where their expertise lies what I’d like to do to start off with is have the panelists talk about where they are or where their orientation is in the internet infrastructure and I’d like to start off with Jacqueline to talk about hosting

Jacqueline van de Werken: yeah thank you so much so I’m Jacqueline I’m the general counsel for lease web globally we are a Dutch souffle rain undertaking we have our business all over the world and our leadership and and owners are from the Netherlands technology based so it means infrastructure as a service so that’s the lowest layer in the stack and I also am here not only representing Lisa but also the Dutch cloud community with all our members that are doing the same and also in Brussels it’s CISP it’s cloud infrastructure providers in Europe there we have 34 members and we all like to share with you our ethical approach and our private public corporation approach to combat abuse and also share with you what our problems are in explaining what is the proper approach for legislation so also David asked me what actually happens when a user wants to see a website and how does it relate to the lowest layer in the stack so that’s because of the experience that if you go to a website and you type in the name just any consumer or any user on the internet could do that and then you see obviously the name of the website so but the name through the DNA DNS machine of course the domain name server or system will be converted in the IP address and the IP address is the key to everything because typically the hosting providers the true EAS providers are the owners and the registered parties in ICANN, RIPE and also in of course in ARIN of the internet IP address and the ownership thereof gives a lot of responsibilities and a lot of accountability however it’s not always possible for the EAS provider to execute on it it’s the gatekeeper and the gate sort of the gateway to anti-abuse measures but on the other side there is no management on content and there is no awareness on any content it’s just the only step in the chain of many and many commercial parties in between before the website is demonstrated to the user maybe a CDN network for caching or other resellers and there are so many in between chain dependency really that it’s very beneficial to us to be here but also to speak to you but also to regulators to explain how technically it’s working and how regulation or private-public cooperation can be efficient and effective because most of the times is really not and so things maybe that

Benny Vasquez: helps. Great, Benny. Yeah so hi I’m Benny Vasquez I am here representing AlmaLinux as David said I primarily my time in this space is around software whether it’s commercial or open source and I have spent a lot of time building communities in those spaces those two things give me kind of a unique view for what the interactions between IGF and the infrastructure space in general.

Ana Neves: Great, thanks. Ana. I’m Ana Neves, I’m from Portugal and I’m from the government as a stakeholder and I’ll be here not to only talk about regulation but about other ways that governments could find as useful to better serve well the infrastructure providers and the holders of the cloud and how to better serve the

David Sneed: citizens. Thank you. Great, thanks. So I’d like to go to the folks online so Vivek would you just talk a little bit about what your position is in the internet?

Goyal Vivek: Sure, thank you David, glad to be here. My name is Vivek Goel, I’m talking to you from Mumbai, India. I am the co-founder of L.R which is an online brand protection company and on a daily basis we work with businesses and brands across the world and help them fight abuse. So when we are on a daily basis we identify abuse which harms not only brands but actually general public and we work with infrastructure providers in all manners of people that enable the whole chain that makes abuse happen and request for their help to take down that abuse. So I can share my views on how abuse is perpetuated and how infrastructure providers can do more to help take it down faster and quicker.

David Sneed: Great, thank you. Thanks. Yulia, how about you?

Julija Kalpokiene: Hello everyone, it’s a pleasure to be here and I’m a policy consultant at Internet and Jurisdiction Policy Network and I’m also a qualified practicing lawyer so I bring this additional angle, regulatory perspective. And at the Internet Infrastructure at Internet and Jurisdiction Policy Network at the moment with my colleague Bertrand de la Chapelle who is in person at the IGF, we work on facilitating the Internet Infrastructure Forum which is an effort to bridge the silos across the Internet infrastructure and this effort is facilitated by the Internet and Jurisdiction Policy Network and together in partnership with the industry associations ECHO and ITC and Clean DNS and also supported by the industry, VeriSign, PIR, Google Identity, Digital Cloudflare and Amazon. And the effort is to improve coordination and anti-abuse efforts among Internet infrastructure operators in their respective roles and capabilities. So I bring this perspective working with the industry on policy

Lawrence Olawale-Roberts: matters. Great, thanks Yulia. How about you Lawrence? Thank you Dave and good day to everyone. So my name is Lawrence Olale-Roberts. I happen to be the chief executive of Microboss which is a mid-sized tech firm operating out of Nigeria and my practice, in my practice, I’ve had opportunity of not just building out small networks in terms of infrastructure but have have also participated on a global project that interconnected Nigeria to Portugal and up to South Africa, so very much in the infrastructure and tech space. And what I have seen in terms of the local practice gives a good idea of what the challenges are, and definitely when we start the discussion, we can talk about means of mitigating this, but interesting perspective will cut across some challenges that funding and accessibility brings about in the local context. Back to you, Dave.

David Sneed: Great. Thanks, Lawrence. And finally, Irina.

Irina Daneliya: Thank you. Thank you. I’m Irina, and I’m joining you from Moscow, Russia, with the Coordination Center for .RU, which is the manager for country code top-level domain names, which means we are responsible for making people to be able to register domain names and to use them. We develop terms and conditions of the domain name registration. We together with our technical partners ensure the support of registry database and DNS service, but in addition to domain name registration, we also develop and support various projects aiming to ensure security of our domain name space and also social and educational projects in various areas. Back to you.

David Sneed: Okay. Super. So we have in the room today folks who represent pretty much the entire Internet stack, but one of the things that seems to be kind of difficult among folks in this industry and in this space is actually communication. So one thing to make a positive impact is the need for all the folks who are involved in this stack to trust each other. So you know, DNS providers need to trust hosts, hosts need to trust ISPs, hosts need to trust software providers. Why don’t we start off with Yulia. If you could just, if the folks on the panel could just talk a little bit about one step the industry could do to facilitate more trust in the environment.

Julija Kalpokiene: So Dave, really well spotted. Trust is very important for any work together. For effectiveness, trust is paramount. And when we look at responsible Internet practices, for example, it is very important in abuse mitigation that appropriate action or actions are taken by the appropriate actors or actor at the appropriate level of the infrastructure at appropriate time. So in order to ensure effectiveness, and it’s not just whack-a-mole where there is an abuse in one place, action is taken and it resurfaces elsewhere, it is important that there is this trust and coordination and concerted action at the right level, at the right time. And for that, many different things are very important, including trust, which is the foundation for that, but also then coordinating, exchanging information and so on. So exactly that we are trying to do and we started at the Internet Infrastructure Forum. And the first thing to ensure that everyone across the infrastructure are talking the same language, understand each other, know who is doing what and when and how is to bring people together. And so far, that’s not been a place where those discussions could happen in a safe environment. And that is the effort that we are currently undertaking to bring the actors that are ready to do more and take action to be able to build that trust, to talk to each other, which then can lead to coordination and more effective and efficient action.

David Sneed: Great. Thanks, Julia. So Jacqueline, let’s say Vivek is reaching out to you to talk about a brand protection matter. What is necessary to happen for you to trust his discussion with you about a brand protection matter?

Jacqueline van de Werken: Well, first of all, and also thanks, Julia, we know each other from the forum. And so in addition, also in country, but also on a European level, we build codes of conduct. So in order to increase our trust as a business and hosting industry or EOS industry, we really reach out in addition to our own company policies. That means that people using our services need to adhere and to comply and really to commit to what we expect from a proper user and for a clean internet, avoiding abuse, avoiding illegal content. All these items are in the fair use policies. You know that. But in addition, on the sector level, we make codes of conduct. So anybody that is doing business with us, selecting us or our sector as being the host and the cloud provider can make themselves known or orientate themselves how we work. Of course, not everybody is a member. And of course, there’s always parties that have a different opinion, but the majority. And I really want to emphasize that the majority of our business is really having a very ethical approach to this because we all want to have a clean internet without illegal content and without abuse. And for that matter, again, we are unmanaged hosting, so we don’t even have the operating key of the system. We do compute power, and there the story ends. On the other hand, we are having administrative burden, large compliance teams that have to work with regulations and, for example, brand protection. You can think of the USA, as you are here also representative of the USA, well, coming from Europe, we see that the DMCA is typically having a different approach for taking any action under the notice and takedown compared to what we used to have, like the e-commerce director or now the Digital Services Act. So it’s very difficult for a provider to have a global approach to any notice and takedown. And if we do, of course, we take always the highest, typically in doing all kinds of compliance policies, you take the strictest approach and you apply that globally. That’s the most safe approach. So and on the other hand, yeah, like I say, it’s a lot of administrative burden and cost. We have to have in-country also compliance teams because we could have a global approach, but brand protection also locally differs because local laws are very different. And so what is deemed illegal by law and when we can take action and when we can, yeah, sort of step forward to discuss the matter and after discussing the matter, see how we can take down any content. That has to go, first of all, in checks and balances, also, yeah, dependent very much on local law. So we look forward very much to sort of global framework because it’s criminal law, it’s data protection law, it’s also copyright law, everything is at stake. And if we don’t do that properly, we are ourselves, you know, we are being challenged. We could have lawsuits or we could have problems in our business. So I think that the discussion is very helpful to reach out what we can do to make this more efficient.

Christian Dawson: Vivek has a hand.

David Sneed: Thank you, Christian. So Vivek, before your statement, one of the, I was going to ask you anyways, what would it take for you to trust Jacqueline?

Goyal Vivek: I mean, having heard Jacqueline, I trust her absolutely right now, so that’s a great start.

David Sneed: That’s not what I wanted to hear.

Goyal Vivek: See, we act as an intermediary between brand owners, businesses, and infrastructure providers, right? And I completely agree here that, you know, every country has different jurisdictions that have to be followed. And that is a cost of doing business in every jurisdiction, right? The trust is built when we, as people who notify hosting providers about complaints or abuse is based on a few things. One, response. If we get an acknowledgement that, yes, we have received your complaint and we are working on it, that’s the first step. And you will be surprised how many times we do not get that, right? Second is action on the complaint. And when I… tell you from experience that this trust building actually saves money for everybody in the whole chain. Because we can educate the brand and businesses on what is possible through this means and what you’re asking is unjustified. Just because somebody has created a website saying your service is not good does not mean that we can take action on it and shut it down because the process just does not work like that. Right? We can make sure that when we file complaints to the hosting providers, we provide all the information in the manner in which they need so that they can evaluate it accurately and take action. So we improve the efficiency of that. So trust, while it helps the overall industry and the community, it is also a very commercially viable solution to running businesses, especially when you’re doing it across geographies. I hope I answered that.

David Sneed: Yeah. Very much so. Irina, I wanted to pivot to you a little bit because folks who are involved in the DNS and the domain name world are often pressured to take a lot of action on abuse. How does the issue of trust resonate with you?

Irina Daneliya: Well, there are a lot of discussions regarding DNS and domain names and abuse and what should be done and what should be done and to which extent domain name registries and registrars are responsible to contend, for example, or they should limit their attention only with such types of DNS abuse as phishing or botnet control or malware distribution. And the important aspect which had not regarding trust, which had not been mentioned yet, is actually responsibilities because registries and registrars mostly do not have expertise within their organization to judge whether this domain name is abusive or not. So we build relationship with so-called trusted notifiers or expert organizations who can identify abuse and inform us. They sometimes also can be called domain name reputation providers. And when having received information that this domain name is maliciously used, we are quite often expected to suspend it. And in most cases, we do. However, what if eventually this domain name turns out to be absolutely legitimate and the owner of the main name has lost some money because his web shop or his bank, for example, was not available? And who takes responsibility for this lost money and how we can split the responsibility between those who notifies and those who can actually take action? These are the recent discussions we had in my country, and I believe that in other countries there are similar discussions. And at the moment, we do not have a clear answer for how we best can solve this issue.

David Sneed: So thank you. So if I were to summarize what you’re saying is there needs to be a level of knowledge within the participants who are in the Internet infrastructure and the folks who are addressing abuse about the different aspects that make up the Internet infrastructure and where responsibility for the abuse might lie.

Irina Daneliya: Exactly, and not only knowledge, but also practical willingness to solve if there is a wrong request, the willingness to participate in solving this situation.

David Sneed: So you would say for the infrastructure provider to be proactive in trying to solve the problem themselves. Okay. Yeah. So one of the things that has come up is kind of how all these different infrastructure providers work together. On the software side, Benny, how would you address abuse issues?

Benny Vasquez: Sure. So I think the things that keep coming up, there’s two primary themes that I’m hearing. The first one is engagement, right? He said just reply and explain why you think something is or is not abuse, why you think we should react or shouldn’t react. Engagement, even at the base level, is the first step toward building a connection, which is the next thing that was brought up, right? We need to set connections or build connections between the different providers to make sure that you are a known entity when you walk into a room, right? When it comes to the software side, if there’s someone abusing the software that I am building or someone that is being abused by my software in some way, you have to have those two things in order to be able to address it at all, to even start a dialogue. So my community heart says it is the base of it is building a community like the IGF or something else that allows us to actually engage in a really deep way so we can understand the problems that we’re facing, understand, even define abuse, and then move from that into how we react collectively.

David Sneed: So this concept of a known entity, Lawrence, you’re from a part of the world where folks might not be known. How does that resonate with you?

Lawrence Olawale-Roberts: Yeah, so it’s actually a big challenge here because pretty much while we are all held by the same policies, the same laws, the infrastructure that we have locally also plays a limiting factor. So pretty much lots of the core equipments that we have in our networks here are equipments that have reached end of life, maybe in a company in the global not, and was replaced with a newer version, and because of the cost of setting up these networks, pretty much a lot of providers here are not looking to build a return on investment, you’re not looking to build a network that at the entry point is so expensive to roll out. You have to buy lots of licenses or pay hundreds of thousands for licenses to customize or integrate. You have to train new staff, I mean your engineering staff, to be able to deal, operate, manage, and support those equipments. So to a large extent, we just look at the base OEMs that are available in the market that you have a lot of engineers supporting locally, and you go for that equipment that is still working but has been pulled off the rack. The issues that that provides, yeah, we are able to build your network, but one, because those equipments no longer have a support, no longer receive support from the OEM, you end up with something that not only has reached end of life but no longer has support. Security becomes an issue because there are back doors, hackers, bugs that can creep into the system, and bottom line is that, I mean, when you have eventually, maybe you decide to do this just as a stopper to be able to get into the market and plan that when you have a subscriber base and enough revenue, you will upgrade or migrate to a more modern intelligent system, but the issue you now face at that point is the handshake. You find out that it’s broken, and you just have to build a new system altogether. So the issues that we face on our divide with this is where there are issues. the end point to the last mile such that you can trace where these issues are coming from. So where we don’t get feedback or get any action in terms of bad act or activity, cyber crimes and all that is not because there is no willingness or there is no trust to report such action back, but the hardware and the network topography just makes it difficult because this was something, technology that you should have been using a century ago.

David Sneed: Great. And I want to come back to this issue of outdated material, but someone I think in the, do you have a question? Would you mind going to the mic?

Audience: Hello, folks. Thank you for organizing this and for being here. Valentina Guana from Venezuela, but I live in Spain. I work for an organization called Conexión Segura y Libre, Secure and Free Connection, and we especially work on digital rights and investigating internet censorship, which of course aligns a lot with DNS and a lot of topics that we’re talking about. So since we’re talking about CCDLDs, et cetera, and trust, I want to ask, for example, earlier this year, a few months ago, the CCDLD of Nicaragua deleted five DNS records used by independent news media outlets from Nicaragua. This was made without any warning, and the now ex-domain owners haven’t received any official explanation from this, from the CCDLD of Nicaragua, the DOTNI, nor the government of Nicaragua itself. We members of the civil society organizations consider this as a form of censorship, of internet censorship. So now the question on trust. How can we trust CCDLDs, administrators, to not use their power for censorship in the name of abuse regulations? Where do we draw the line between what we and governments consider abuse and what can be considered censorship for the people living in that country or the international community as a whole? Thank you.

David Sneed: Okay. So thanks for your question, and what I’d like to do is ask Irina to maybe answer the question specifically and then broaden it a little bit to talk about censorship in general among the stack. Would that work for you?

Audience: I mean, yeah, I think that’s perfect. I agree with that. Thank you.

David Sneed: All right. Irina, would you talk a little bit about it in the DNS perspective?

Irina Daneliya: Happy to do so. It’s really hard to dig deeply in the details of this particular case, because there might be multiple reasons explaining what’s happened, and you need to investigate it better. But I fully agree that responsible behavior from either CCDLD registry or registrar is whether they take action to definitely inform the domain name holder on why the action is taken and also provide him the mechanism to complain and to restore domain name functionality if the action has been taken by mistake or if the reason is eliminated, the reason for the action is eliminated. In our own statistics, we see around 1% or 2% of total domain name takedowns when other people reach out back and say, okay, listen, we have solved an issue, and we want our domain name being functional again, and they get it. So there definitely should be a mechanism both to be informed and both to complain, and this mechanism should be publicly available.

David Sneed: Okay. Great. Thanks. Now, Anna, could you talk a little bit about censorship? And I have a follow-up question to that as well.

Ana Neves: Well, from the governmental perspective, it really depends on which government are you talking to or of. So it’s not easy to respond to that. In our case or in the European case, I think it will be very difficult to have this kind of censorship. As in Nicaragua, I think that it wouldn’t happen so far. You never know the future nowadays. But for the time being, we pay attention a lot on abuse mitigation and so many other things related with DNAs and not only, of course, with the websites and the social media applications, et cetera. But it’s, of course, a reason of concern. But again, governments, they deal totally different according with their kind of nature.

David Sneed: Okay. So does anybody else have any opinion about censorship or the censorship issue?

Jacqueline van de Werken: Yeah. So in addition to abuse, of course, it’s also the law enforcement. And we have to apply sanctions. Of course, that’s also sometimes debatable. But on the other hand, it’s pure criminal law. It’s a statute. So anything under that, yeah, sort of gives an instruction to us to adhere to that. But yeah, for us also, whether it’s law enforcement, there is less debate for any action. But if it’s like a notice, maybe have a complaint about a certain slogan or something. You know, we live in a very, yeah, diverse world these days. So any slogan or any complaints could be politically biased. And what to do? What to do then? Do you take action for a notice and take down or no? So we have, in addition to law enforcement, which is more strict under criminal law, it’s in this area, it’s for us the question. And I think still I repeat that it’s burdensome for infrastructure as a service providers to have the monkey on our shoulder, to have to assess this and take decisions. Because we are not responsible for content. There’s lots of other parties further down in the chain before you end at the cause, really. So then we have two principles. If it’s mistakenly unlawful, which resonates with the Digital Services Act that refers to illegal content. If it’s not that qualification, we need to think, is it harmful but not unlawful? And so what is the context? So yeah, for me as a lawyer, that is difficult. Because on the one hand, you could action the request. On the other hand, if it’s not unmistakenly unlawful or simply illegal, it leaves room for interpretation. And what we do as a private business globally is that we also, like I say, we have our acceptable use policies and we take the liberty, because we can do that based on free contracting. We take the liberty to have our own approach. So whatever we deem is not acceptable for our network and for use of our services, just put it in. And that gives me the power to act and to say, sorry, this is not acceptable to us. And we take further steps. And that’s, of course, continuously involvement. It’s continuous improvement.

David Sneed: Great. So Vivek, I see that you have a hand up.

Goyal Vivek: Yeah, very quickly. I especially like what was said at the very end, that if it’s not acceptable to you, you take action. And for example, I mean, censorship is not… always wrong, sometimes it is absolutely needed. For example, CSAM. I mean, you talk to any company and they’re against it, and they proactively take action to bring it down, right, because it’s universally accepted as something which is harmful to everybody around. I mean, governments also are required to sometimes act and do censorship. I mean, deep fakes are causing havoc. I mean, I know in India we were recently in a conflict with a neighboring country, and there was so much fake news that the government had to step in and avoid a situation of panic in the country, especially people living near border areas, to safeguard them from news that was not genuine. So censorship is needed, and again, you know, without knowing the detail, it’s hard for me to judge whether the actions of a government are right or wrong, but you know, every tool can be used for positive or negative. So I completely empathize with hosting providers. They have to comply with the government regulations, but I think everybody is working with the laws of the country in which they’re working in.

David Sneed: Thanks. Okay, great. Thanks. Did that give you information that you were looking for? Oh, yeah. Okay, good. All right. That’s good to hear. So one of the things that Jacqueline brought up initially was the concept of a code of conduct, and Ana, I wanted to ask you about that, because there is often tension between a code of conduct or self-regulation and governmental regulation, and in fact, quite a number of the workshops here have talked about the failure of self-regulation. How does that impact you as someone from the government?

Ana Neves: So I have some inputs that I would like to share with you today, and putting in context the governmental behavior in the global cooperation world. And the thing that local governments or at national level, they have their own rules, and then it jeopardizes a more common understanding of the situation at a worldwide level. So I think it’s interesting to raise here some of the main issues where I think, and I’m used to, work and to see as the role of governments, how they can help. Sometimes they don’t, but it should be their role. I believe that governments have a pivotal role in driving the global cooperation needed to address the challenges in the Internet infrastructure ecosystem, such as fragmented legal frameworks, lack of coordination, and cross-border inconsistencies. So governments must lead the way in harmonizing regulations and providing clear policies that encourage infrastructure providers to take proactive roles in abuse mitigation and security. I believe that governments can provide essential incentives and policies that support responsible Internet practices, going beyond the just domain name sister level actions. We need to address, sorry, I need some water. We all need water. So I was saying that governments should go beyond just the domain name system level action. We need to address not only commercial interests, but also the public good, fostering a balance that ensures an ethical and inclusive Internet. In doing so, collaboration is key. Trust building among stakeholders is crucial, as it was already said today. And governments are uniquely positioned to facilitate dialogue, bridge gaps in areas like data protection, competition concerns, legal fragmentation. So that’s where only through multi-stakeholder collaboration can we effectively address global challenges such as phishing, malware, data security. Another component that is very, very important is inclusivity, which remains a core issue. Governments must advocate for the representation of underserved users, ensuring that Internet remains open, accessible, and inclusive. By supporting multilingual domains and prioritizing accessibility for all, we are all creating an Internet that reflects global diversity and ensures equitable participation in decision-making processes, which currently tends to be dominated by commercially driven entities. So my key takeaways at the heart of Internet government and as a government stakeholder are as follows. National governments are essential in driving a unified global approach to address the challenge presented by fragmented Internet infrastructure ecosystem. Governments must take an active role in promoting inclusive, ethical, and responsible Internet practices through collective action, particularly by fostering multi-stakeholder collaboration, implementing clear regulations and or governance actions, and ensuring always security and inclusivity. So national governments in partnership with international governmental organizations and other stakeholders need to drive efforts toward consistent regulations that foster collaboration and minimize fragmentation, one of the major barriers to Internet governance, of course.

David Sneed: Great. Okay. Thank you. So Lawrence, one of the things that Anna brought up is the use of governments to help focus on underserved or underdeveloped areas. What can governments and the private sector do to address the problems that you brought up about outdated infrastructure, about the expense of purchasing software? Thank you. So I believe that a collaborative

Lawrence Olawale-Roberts: effort between government and some organized private sector promoters can ensure that the required piece types of equipment or rather set a standard for certain equipments that should be at the core of each network if you were to provide some particular service. Now we understand that the major barrier for this is the cost. And we have different funds across African countries. Nigeria, for instance, has the Universal Access Fund, USSPF it’s called. But these funds are not and these are funds that should be deployed to these kinds of interventions. But this isn’t so. Rather, they are used for other means, for other political means, so to say. And so we end up leaving private sector to fend for itself. Yes, they are doing it at a commercial level to be able to make some profit at the end of the day. But the fact still remains that to be able to do it right, certain government-backed interventions might be necessary. We have governments that go into bilateral agreements with other countries. They can as well decide to target OEM providers in those countries and float some kind of support wherein they can bring in this equipment, identify local partners to onboard and take up this equipment and pay when they become serviceable with some form of government guarantee. So there definitely has to be a lot more handshake between governments and the private sector to ensure that standards, minimum standards that are set by government can also be met by the local operators. Where this is done, then it reduces to a large extent. It reduces to a large extent issues of abuse, bad dog criminality, and even where it happens, you know you have the right tools to be able to not only effectively monitor but identify where the bad actors are and you can go for them, either bringing down their service or shutting down whatever it is that they’re using perpetrating the crime that they do.

David Sneed: Thanks. So we’ve talked a lot about commercial and governmental, but Benny, we haven’t talked about how the kind of, I don’t know, what would I classify the open source community as? It is its own beast. The red-headed stepchild of the software industry?

Benny Vasquez: I mean it depends, right? The people who are in open source really feel strongly about the ideals that open source holds and pushes forward. Honestly, every single and many more. So, if there’s a single thing that any of you touch has some amount of open-source software involved in it, or it relies on it, there’s an application called NTP that we all are absolutely, every day, relying on, and it is not most commonly known, but it keeps time synced between devices. But it is not engaged in as often as it should be by any of us. It’s not thought of as often as it should be. When we are coming together to try to set up regulations of any kind, or expectations, or guidelines, or anything like that, there’s such a huge audience that needs to be considered, whether or not they know that IGF exists. They need to be considered in the decisions that are made at the government level. Educating government officials on technology as a whole is a huge challenge. And so, if you get to the point where you, which is also a challenge in its own, if you get to a point where a government says, okay, we want to engage in regulations here, making sure that they are educated enough to make intelligent decisions about the regulations is so critical. Because it’s not, I mean, we’ve seen it even recently, where open source software isn’t understood strongly, and then there’s regulation made about it, and it has the potential to shut down applications and open source communities that we all rely on. It’s a very difficult position to be in with regard to like, we want our regulators and our people who are setting up or even advising the people who make regulations to be experts in all of these things, and that’s really hard. But you do have to bring in experts to make sure that all of the voices are heard.

David Sneed: So, you’re talking a little bit about coordination. Yulia, I was wondering if you could talk a little bit about how that coordination looks to you and the IIF, particularly since Ana was talking about the need for governments to talk to the private sector, to talk to whatever the open source community is.

Julija Kalpokiene: Exactly. Yeah, talking and communicating and understanding each other is very important, and was rightly noted before that, of course, there is this tension between self-regulation and regulation, but I think that if the right incentives exist, then self-regulation could be much better because the industry know what they’re able to do, so it can be more effective and better focused than the government approach, because as other speakers have already said, governments have to understand what they’re regulating, how it functions, so they need to be educated, so it’s a longer process and it’s not as targeted. So, at the IIF, the first step is to bring the industry across the stack to be able to talk to each other and understand who is able to do what, and then it is easier to also talk or involve different relevant stakeholders and also have this dialogue with regulators and governments, but also to help each other to understand what are the requirements, what are the challenges and how those can be overcome in different jurisdictions, because internet is global, as it was rightly noted, but we see increasingly a lot of fragmentation and off-regulation that is within the borders of a country, and it’s not really compatible.

David Sneed: Okay, yeah, so Jacqueline, would you talk a little bit about this, kind of to wrap this up, about this incompatibility? How at LeaseWeb do you deal with incompatible regulations in the different jurisdictions that you work?

Jacqueline van de Werken: Yeah, so, well, first of all, of course, as a company, and typically it was different in the telecom and datacom sector. I think we are, from an internet perspective and technical focus, as entrepreneurs, we were less focused on regulations in the beginning. I mean, we did everything, I think, already starting like 20, 30 years ago, anti-abuse. So, yes, there was like a focus on anti-abuse, and even the founders for LeaseWeb, they were the first to have this private public sector approach, even when before the word was really sort of emerging, and because they just didn’t like it, they wanted to combat like CSIRM and everything that was just emerging on the internet. So that was then, and now gradually, of course, in addition to private public initiatives and self-regulation, we had that for many, many years, we got regulations, and it’s a challenge indeed, because what I’m talking about, typically unmanaged hosting infrastructure, the lowest compute power type of service we deliver, and for that purpose we are selected, yeah, it’s difficult. It’s actually mere conduits. It’s not having the key, it’s the building, but without the capacity to regulate what’s inside it. Yeah, so that’s a challenge, but also an opportunity to keep explaining and clarifying to governments how to do that. And like I was saying, as a private company, you just need to work together, and so we are happy to work with you and also with the forum, and therefore we are also united in the Dutch Cloud Coalition and the community, but also in Brussels with CISPI. I’m the president of CISPI, and we are very active there to be the spokespersons for our sector, to explain about the Digital Services Act or the Data Act, while now for abuse typically the Digital Services Act, and the terrorist content online. These are all directives and regulation that want to just clean our networks and address this topic. So we have made videos, we try to do everything that is possible to explain how we effectively explain this, and that regulation meets its purpose, really, because I think the goal is very clear, and we embrace the same goal, but the way towards resolving it is not always that effective, that’s true, and creates a problem for us.

David Sneed: Great. Okay. So we’re out of time here. I’d like to thank all of my panelists, both here and online, and if you would join me in giving them a round of applause. Thank you. Thank you. Thank you. Thank you. Thank you.

Agreement points

Trust building requires engagement, response, and clear communication mechanisms

Speakers

– Goyal Vivek
– Benny Vasquez
– Irina Daneliya

Arguments

Trust is built through response acknowledgment and action on complaints, which saves money for all parties

Trust requires engagement and building connections between providers to establish known entities

Trust involves clear responsibilities and willingness to solve problems when wrong requests are made

Summary

All three speakers agree that trust in internet infrastructure requires active engagement, acknowledgment of communications, and clear mechanisms for resolving issues when they arise.

Topics

Infrastructure | Legal and regulatory | Economic

Need for coordination and collaboration across internet infrastructure stack

Speakers

– Julija Kalpokiene
– Ana Neves
– Jacqueline van de Werken

Arguments

Internet Infrastructure Forum facilitates cross-stack industry dialogue in safe environments

Governments should harmonize regulations and provide incentives for responsible Internet practices beyond commercial interests

Trust is established through sector-level codes of conduct and ethical business approaches

Summary

These speakers agree that effective internet governance requires coordinated efforts across different levels of infrastructure, whether through industry forums, government harmonization, or sector codes of conduct.

Topics

Infrastructure | Legal and regulatory | Sociocultural

Regulatory complexity and jurisdictional challenges create compliance burdens

Speakers

– Jacqueline van de Werken
– Ana Neves

Arguments

Multiple incompatible regulations create compliance burdens, requiring companies to adopt the strictest global approach

Governments should harmonize regulations and provide incentives for responsible Internet practices beyond commercial interests

Summary

Both speakers acknowledge that fragmented regulatory approaches across jurisdictions create significant challenges and agree on the need for harmonized approaches.

Topics

Legal and regulatory | Jurisdiction | Economic

Similar viewpoints

Both speakers recognize that some content restrictions are necessary and justified, particularly for universally harmful content like CSAM, while acknowledging the complexity of distinguishing between illegal and merely harmful content.

Speakers

– Goyal Vivek
– Jacqueline van de Werken

Arguments

Some censorship is necessary and justified, such as for CSAM or preventing panic during conflicts

Infrastructure providers must distinguish between clearly illegal content and potentially harmful but lawful content

Topics

Legal and regulatory | Human rights | Cybersecurity

Both speakers emphasize the importance of inclusive approaches – Benny focusing on including open source communities in regulatory discussions, and Ana focusing on including underserved users in internet governance.

Speakers

– Benny Vasquez
– Ana Neves

Arguments

Regulators need technical education to make intelligent decisions about technology regulations

Governments must advocate for underserved users and ensure inclusive, multilingual Internet access

Topics

Legal and regulatory | Development | Human rights

Both speakers advocate for active government involvement in supporting internet infrastructure development, with Lawrence focusing on equipment standards and funding, and Ana on broader regulatory harmonization.

Speakers

– Lawrence Olawale-Roberts
– Ana Neves

Arguments

Government-private sector collaboration is needed to set equipment standards and provide funding support

Governments should harmonize regulations and provide incentives for responsible Internet practices beyond commercial interests

Topics

Development | Infrastructure | Legal and regulatory

Unexpected consensus

Self-regulation can be more effective than government regulation under right conditions

Speakers

– Julija Kalpokiene
– Jacqueline van de Werken

Arguments

Self-regulation can be more effective than government regulation when proper incentives exist and industry understands capabilities

Trust is established through sector-level codes of conduct and ethical business approaches

Explanation

This consensus is unexpected because it comes from both a policy consultant working with regulatory frameworks and a hosting provider who deals with compliance burdens. Both agree that industry self-regulation can be more effective when properly structured.

Topics

Legal and regulatory | Infrastructure | Economic

Open source software needs greater representation in regulatory discussions

Speakers

– Benny Vasquez
– Julija Kalpokiene

Arguments

Open source software is ubiquitous but underrepresented in regulatory discussions despite critical importance

Internet Infrastructure Forum facilitates cross-stack industry dialogue in safe environments

Explanation

This consensus is unexpected because it shows alignment between an open source advocate and a policy consultant on the need to include often-overlooked technical communities in governance discussions.

Topics

Infrastructure | Legal and regulatory | Digital standards

Overall assessment

Summary

The speakers demonstrated strong consensus on the need for better communication, trust-building, and coordination across internet infrastructure. There was broad agreement on the challenges posed by regulatory fragmentation and the importance of multi-stakeholder collaboration.

Consensus level

High level of consensus on fundamental principles with constructive disagreement on implementation approaches. This suggests a mature understanding of internet governance challenges and potential for collaborative solutions across different stakeholder groups.

Different viewpoints

Self-regulation versus government regulation effectiveness

Speakers

– Julija Kalpokiene
– Ana Neves

Arguments

Self-regulation can be more effective than government regulation when proper incentives exist and industry understands capabilities

Governments should harmonize regulations and provide incentives for responsible Internet practices beyond commercial interests

Summary

Julija argues that self-regulation is superior when proper incentives exist because industry knows their capabilities better, while Ana emphasizes that governments must lead in harmonizing regulations and providing clear policies that go beyond commercial interests to serve the public good.

Topics

Legal and regulatory | Infrastructure | Economic

Scope of acceptable censorship

Speakers

– Goyal Vivek
– Audience

Arguments

Some censorship is necessary and justified, such as for CSAM or preventing panic during conflicts

CCTLD censorship without due process represents a form of internet censorship that undermines trust

Summary

Vivek argues that censorship is sometimes absolutely needed and justified (citing CSAM and preventing panic during conflicts), while the audience member emphasizes concerns about censorship abuse and the need for due process, particularly in cases like Nicaragua’s actions against independent media.

Topics

Human rights | Legal and regulatory | Freedom of expression

Primary responsibility for content decisions

Speakers

– Jacqueline van de Werken
– Ana Neves

Arguments

Infrastructure providers must distinguish between clearly illegal content and potentially harmful but lawful content

Governments should harmonize regulations and provide incentives for responsible Internet practices beyond commercial interests

Summary

Jacqueline emphasizes the burden placed on infrastructure providers to make content decisions despite being ‘mere conduits’ without content management capabilities, while Ana argues that governments should take the lead in providing clear policies and harmonizing regulations rather than leaving these decisions to private companies.

Topics

Legal and regulatory | Infrastructure | Content policy

Unexpected differences

Open source community representation in regulatory processes

Speakers

– Benny Vasquez
– Ana Neves

Arguments

Open source software is ubiquitous but underrepresented in regulatory discussions despite critical importance

Governments must advocate for underserved users and ensure inclusive, multilingual Internet access

Explanation

While both speakers advocate for inclusivity, Benny specifically highlights the critical gap in open source representation in regulatory discussions, whereas Ana focuses on geographic and linguistic underrepresentation. This reveals an unexpected divide in how inclusivity is conceptualized – technical community representation versus user demographic representation.

Topics

Legal and regulatory | Infrastructure | Development

Infrastructure investment responsibility in developing regions

Speakers

– Lawrence Olawale-Roberts
– Ana Neves

Arguments

Government-private sector collaboration is needed to set equipment standards and provide funding support

Governments must advocate for underserved users and ensure inclusive, multilingual Internet access

Explanation

Both speakers address development needs, but Lawrence focuses on the practical infrastructure hardware challenges and criticizes government fund misuse, while Ana emphasizes policy-level inclusivity measures. This unexpected disagreement reveals different priorities in addressing digital divides – technical infrastructure versus policy frameworks.

Topics

Development | Infrastructure | Economic

Overall assessment

Summary

The main areas of disagreement center around the balance between self-regulation and government regulation, the acceptable scope of censorship, and where primary responsibility should lie for content decisions. Additionally, there are nuanced differences in approaches to inclusivity and development priorities.

Disagreement level

Moderate disagreement with significant implications. While speakers generally agree on goals (clean internet, abuse mitigation, trust-building), they have substantive differences on implementation approaches. The disagreements reflect fundamental tensions in internet governance between industry autonomy and government oversight, between security and freedom of expression, and between different conceptualizations of inclusivity. These disagreements could impact the effectiveness of collaborative efforts and policy development in the internet infrastructure space.

Partial agreements

Similar viewpoints

Both speakers recognize that some content restrictions are necessary and justified, particularly for universally harmful content like CSAM, while acknowledging the complexity of distinguishing between illegal and merely harmful content.

Speakers

– Goyal Vivek
– Jacqueline van de Werken

Arguments

Some censorship is necessary and justified, such as for CSAM or preventing panic during conflicts

Infrastructure providers must distinguish between clearly illegal content and potentially harmful but lawful content

Topics

Legal and regulatory | Human rights | Cybersecurity

Both speakers emphasize the importance of inclusive approaches – Benny focusing on including open source communities in regulatory discussions, and Ana focusing on including underserved users in internet governance.

Speakers

– Benny Vasquez
– Ana Neves

Arguments

Regulators need technical education to make intelligent decisions about technology regulations

Governments must advocate for underserved users and ensure inclusive, multilingual Internet access

Topics

Legal and regulatory | Development | Human rights

Both speakers advocate for active government involvement in supporting internet infrastructure development, with Lawrence focusing on equipment standards and funding, and Ana on broader regulatory harmonization.

Speakers

– Lawrence Olawale-Roberts
– Ana Neves

Arguments

Government-private sector collaboration is needed to set equipment standards and provide funding support

Governments should harmonize regulations and provide incentives for responsible Internet practices beyond commercial interests

Topics

Development | Infrastructure | Legal and regulatory

Key takeaways

Trust is the foundation for effective Internet infrastructure coordination and abuse mitigation, requiring engagement, response acknowledgment, and building connections between providers

Infrastructure providers face significant challenges in content moderation due to their technical role as ‘mere conduits’ without content management capabilities or keys to systems they host

Global regulatory fragmentation creates compliance burdens, forcing companies to adopt the strictest approach across all jurisdictions they operate in

Developing regions face infrastructure challenges with outdated equipment and lack of support, creating security vulnerabilities and limiting abuse traceability

Self-regulation through codes of conduct can be more effective than government regulation when proper incentives exist, as industry understands their capabilities better

Clear notification mechanisms, complaint procedures, and transparency are essential for responsible domain and infrastructure management to avoid censorship concerns

Multi-stakeholder collaboration is crucial, with governments needing to harmonize regulations while being educated about technical realities of Internet infrastructure

Open source software is ubiquitous in Internet infrastructure but underrepresented in regulatory discussions despite its critical importance

Resolutions and action items

Continue development of the Internet Infrastructure Forum to facilitate cross-stack industry dialogue in safe environments

Develop sector-level codes of conduct to increase trust and establish ethical approaches to abuse mitigation

Create clear mechanisms for notification and complaint resolution in domain management

Establish trusted notifier relationships between infrastructure providers and expert organizations for abuse identification

Provide technical education to government regulators to ensure informed decision-making about technology regulations

Unresolved issues

How to fairly distribute responsibility and liability between trusted notifiers and infrastructure providers when takedown requests are incorrect

How to address the fundamental tension between infrastructure providers’ technical limitations and regulatory expectations for content control

How to achieve global regulatory harmonization while respecting national sovereignty and different legal frameworks

How to ensure adequate representation of open source communities in regulatory discussions and policy-making

How to distinguish between legitimate abuse mitigation and censorship, particularly for politically sensitive content

How to provide adequate funding and support for infrastructure development in underserved regions

How to balance commercial interests with public good in Internet infrastructure governance

Suggested compromises

Infrastructure providers can use acceptable use policies and free contracting principles to take action on content they deem unacceptable, even when not clearly illegal

Government-private sector partnerships could provide equipment standards and funding support through existing universal access funds

Bilateral agreements between governments could target OEM providers to bring modern equipment to developing regions with payment guarantees

Multi-stakeholder forums can bridge the gap between self-regulation and government regulation by facilitating dialogue and mutual understanding

Companies can adopt the strictest global regulatory approach to ensure compliance across all jurisdictions while working with industry associations to advocate for more effective regulations

Trust is very important for any work together. For effectiveness, trust is paramount. And when we look at responsible Internet practices, for example, it is very important in abuse mitigation that appropriate action or actions are taken by the appropriate actors or actor at the appropriate level of the infrastructure at appropriate time.

Speaker

Julija Kalpokiene

Reason

This comment reframed the entire discussion by identifying trust as the foundational element for effective internet governance. It moved beyond technical solutions to highlight the human and organizational dynamics that make coordination possible. The emphasis on ‘appropriate actors at appropriate level at appropriate time’ introduced a sophisticated understanding of layered responsibility.

Impact

This comment established trust as the central theme for the remainder of the discussion. It prompted David Sneed to ask specific questions about trust-building between different stakeholders, leading to concrete examples from Vivek about response acknowledgment and from Jacqueline about codes of conduct. It elevated the conversation from technical problem-solving to relationship-building.

However, what if eventually this domain name turns out to be absolutely legitimate and the owner of the main name has lost some money because his web shop or his bank, for example, was not available? And who takes responsibility for this lost money and how we can split the responsibility between those who notifies and those who can actually take action?

Speaker

Irina Daneliya

Reason

This comment introduced the critical issue of accountability and liability in abuse mitigation. It highlighted the real-world consequences of false positives and the complex question of who bears responsibility when well-intentioned actions cause harm. This moved the discussion beyond just identifying and stopping abuse to considering the collateral damage of enforcement actions.

Impact

This comment shifted the discussion toward the practical challenges of implementation and the need for balanced approaches. It led David to summarize the need for knowledge and understanding across infrastructure participants, and prompted discussion about proactive problem-solving. It added nuance to the abuse mitigation conversation by highlighting unintended consequences.

How can we trust CCDLDs, administrators, to not use their power for censorship in the name of abuse regulations? Where do we draw the line between what we and governments consider abuse and what can be considered censorship for the people living in that country or the international community as a whole?

Speaker

Valentina Guana (Audience member)

Reason

This question, based on a real-world example from Nicaragua, introduced the tension between abuse mitigation and censorship. It challenged the panel to address how legitimate governance mechanisms can be misused for political purposes, adding a critical human rights dimension to the technical discussion.

Impact

This question fundamentally shifted the conversation from technical coordination to political and ethical considerations. It prompted responses from multiple panelists about the differences between legitimate law enforcement, commercial policies, and potential government overreach. It introduced the concept that censorship isn’t always wrong (as Vivek noted with CSAM examples) while acknowledging the real risks of abuse of power.

The issues that we face on our divide with this is where there are issues… where we don’t get feedback or get any action in terms of bad act or activity, cyber crimes and all that is not because there is no willingness or there is no trust to report such action back, but the hardware and the network topography just makes it difficult because this was something, technology that you should have been using a century ago.

Speaker

Lawrence Olawale-Roberts

Reason

This comment brought a crucial global equity perspective to the discussion, highlighting how infrastructure limitations in developing regions create security vulnerabilities not by choice but by economic necessity. It challenged the assumption that all infrastructure providers operate with similar capabilities and resources.

Impact

This comment introduced the global digital divide as a security issue, prompting Ana Neves to discuss government roles in supporting underserved areas. It shifted the conversation from assuming universal technical capabilities to recognizing that effective global internet governance must account for vastly different resource levels and infrastructure maturity across regions.

Educating government officials on technology as a whole is a huge challenge… making sure that they are educated enough to make intelligent decisions about the regulations is so critical. Because it’s not, I mean, we’ve seen it even recently, where open source software isn’t understood strongly, and then there’s regulation made about it, and it has the potential to shut down applications and open source communities that we all rely on.

Speaker

Benny Vasquez

Reason

This comment highlighted a fundamental challenge in internet governance: the gap between technical complexity and regulatory understanding. It brought attention to the often-overlooked open source ecosystem that underpins much of internet infrastructure, and the risks of uninformed regulation.

Impact

This comment broadened the stakeholder discussion to include the open source community as a critical but often invisible participant. It reinforced Ana’s points about the need for multi-stakeholder collaboration and government education, while highlighting the potential for regulatory overreach when technical understanding is lacking.

Overall assessment

These key comments transformed what could have been a technical discussion about internet infrastructure into a nuanced exploration of trust, accountability, equity, and governance. The progression moved from establishing trust as foundational (Julija), through practical implementation challenges (Irina), to political and ethical considerations (Valentina), global equity issues (Lawrence), and regulatory complexity (Benny). Together, these comments created a comprehensive framework that acknowledged the internet infrastructure ecosystem as not just a technical challenge, but a complex socio-political system requiring careful balance between security, rights, equity, and innovation. The discussion evolved from ‘how do we coordinate?’ to ‘how do we coordinate responsibly while accounting for diverse global contexts and preventing abuse of power?’ This progression demonstrated the maturity of internet governance discussions, moving beyond purely technical solutions to embrace the full complexity of governing a global, multi-stakeholder system.

How can we better define what constitutes ‘abuse’ across different infrastructure layers and jurisdictions?

Speaker

Benny Vasquez

Explanation

This is fundamental to effective coordination as different stakeholders may have varying definitions of abuse, making unified response difficult

How can responsibility be split between trusted notifiers and infrastructure providers when domain takedown actions result in financial losses for legitimate domain owners?

Speaker

Irina Daneliya

Explanation

This addresses liability concerns when anti-abuse actions affect legitimate businesses, requiring clear frameworks for responsibility allocation

What mechanisms can be established to ensure domain name holders are properly informed about takedown actions and have effective complaint procedures?

Speaker

Irina Daneliya

Explanation

This relates to due process and transparency in abuse mitigation, ensuring fair treatment of domain owners

How can governments and private sector collaborate to establish minimum technical standards for network infrastructure in developing regions?

Speaker

Lawrence Olawale-Roberts

Explanation

This addresses the infrastructure gap that makes abuse detection and mitigation difficult in underserved areas

What specific government-backed intervention models could help local operators acquire modern equipment through bilateral agreements with OEM providers?

Speaker

Lawrence Olawale-Roberts

Explanation

This explores practical solutions for upgrading outdated infrastructure that currently hampers abuse detection capabilities

How can open source communities be better integrated into regulatory discussions and policy-making processes?

Speaker

Benny Vasquez

Explanation

This addresses the gap in representation of open source software, which underlies much of internet infrastructure but is often overlooked in policy discussions

What educational frameworks are needed to ensure government officials understand technology sufficiently to make informed regulatory decisions?

Speaker

Benny Vasquez

Explanation

This is critical for effective regulation that doesn’t inadvertently harm essential open source projects and infrastructure

How can a global framework be developed to harmonize different jurisdictional approaches to notice and takedown procedures?

Speaker

Jacqueline van de Werken

Explanation

This addresses the operational burden on global infrastructure providers who must comply with varying legal requirements across jurisdictions

Where should the line be drawn between harmful but lawful content and illegal content in terms of infrastructure provider responsibilities?

Speaker

Jacqueline van de Werken

Explanation

This is crucial for determining when infrastructure providers should take action, especially for content that may be harmful but not clearly illegal

How can trust-building mechanisms be scaled across the global internet infrastructure ecosystem?

Speaker

Julija Kalpokiene

Explanation

This addresses the foundational need for coordination and effective abuse mitigation across different infrastructure layers

What specific incentive structures could make self-regulation more effective than government regulation in the infrastructure space?

Speaker

Julija Kalpokiene

Explanation

This explores how to leverage industry expertise while ensuring public interest protection

How can Universal Access Funds and similar government resources be better utilized to support infrastructure security improvements?

Speaker

Lawrence Olawale-Roberts

Explanation

This addresses the misallocation of resources intended for infrastructure development that could improve abuse mitigation capabilities